Tuesday, July 30, 2013

Kali C.I.A V3 Wheezy 7.1


Kali C.I.A V3 Wheezy 7.1

Description
System: Debian Wheezy 7.1 Stable
Kernel: 3.7-trunk-amd64 x86_64 (64 bit)
Multiarch
Desktop: Gnome
Distro: Wheezy 7.1 Kali GNU/Linux 1.0
User name: root/Pass: toor

FOR IMPORTANT FIXES AND TIPS: VISIT TICKETS AND FILES SECTION
To install the distro start with ‘Default’ or ‘live’ mode, and go to System tools >Live Installer [ Application menu ]

The project has keep Update all the time, there is always ways to further improve.

This is the Third Updated version the distro with code name C.I.A Version 3 (Custom Improvement Arsenal). This effort would not have been successfully completed in such a short period of time without the invaluable help of D4rk-50ld13r and Gh0std0g. Thanks to TOP-HAT-SEC Forum. Thanks to everyone who built the scripts.

Features
  • Full Pentest Firefox, chrome, Tor browser, OWASP Mantra
  • Arsenal HackPack (Scripts Categorized by reaperz73)
  • Full Customizing menou Kali tools
  • Full Update and Upgrate system
  • Skype
  • pyCryptocat
  • Multiarch enabled
  • YAMAS in menu
  • Easy greds in menu
  • Recon-ng in menu
  • PwnSTAR in menu
  • Slowloris in menu
  • Darkstar fix
  • Aircrack-GUI-M4 in menu
  • Conky start with system
  • Conky start-Stop button
  • KaliLazy script installed
  • Inxi (Advance System Information) A.I.S menu
  • unicornscan
  • Climber (UNIX/Linux systems for privilege escalation) in menu
  • uniscan
  • Editing menu (creating by TH3CR@CK3R)
  • System Update menu (creating by TH3CR@CK3R)
  • nettool https://sourceforge.net/p/netoolsh/wiki/netool.sh%20script%20project/
  • WiFu in menu
  • Record your terminal with ascii.io (http://ascii.io/a/3833)
CLICK IN THE LINK BELOW TO DOWNLOAD THE ISO.
Code Name C.I.A V3 Wheezy 7.1 Kali-Linux Web Site

Source-

at 2 comments:

SSLsplit 0.4.7 – tool for man-in-the-middle attacks against SSL/TLS encrypted network connections

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. SSLsplit can also use existing certificates of which the private key is available, instead of generating forged ones. SSLsplit supports NULL-prefix CN certificates and can deny OCSP requests in a generic way. SSLsplit removes HPKP response headers in order to prevent public key pinning.
Latest release: sslsplit-0.4.7.tar.bz2 (sslsplit(1))

Usage

% sslsplit -h
Usage: sslsplit [options...] [proxyspecs...]
  -c pemfile  use CA cert (and key) from pemfile to sign forged certs
  -k pemfile  use CA key (and cert) from pemfile to sign forged certs
  -C pemfile  use CA chain from pemfile (intermediate and root CA certs)
  -K pemfile  use key from pemfile for leaf certs (default: generate)
  -t certdir  use cert+chain+key PEM files from certdir to target all sites
              matching the common names (non-matching: generate if CA)
  -O          deny all OCSP requests on all proxyspecs
  -P          passthrough SSL connections if they cannot be split because of
              client cert auth or no matching cert and no CA (default: drop)
  -g pemfile  use DH group params from pemfile (default: keyfiles or auto)
  -G curve    use ECDH named curve (default: secp160r2 for non-RSA leafkey)
  -Z          disable SSL/TLS compression on all connections
  -s ciphers  use the given OpenSSL cipher suite spec (default: ALL:-aNULL)
  -e engine   specify default NAT engine to use (default: ipfw)
  -E          list available NAT engines and exit
  -u user     drop privileges to user (default if run as root: nobody)
  -j jaildir  chroot() to jaildir (default if run as root: /var/empty)
  -p pidfile  write pid to pidfile (default: no pid file)
  -l logfile  connect log: log one line summary per connection to logfile
  -L logfile  content log: full data to file or named pipe (excludes -S)
  -S logdir   content log: full data to separate files in dir (excludes -L)
  -d          daemon mode: run in background, log error messages to syslog
  -D          debug mode: run in foreground, log debug messages on stderr
  -V          print version information and exit
  -h          print usage information and exit
  proxyspec = type listenaddr+port [natengine|targetaddr+port|"sni"+port]
  e.g.        http 0.0.0.0 8080 www.roe.ch 80  # http/4; static hostname dst
              https ::1 8443 2001:db8::1 443   # https/6; static address dst
              https 127.0.0.1 9443 sni 443     # https/4; SNI DNS lookups
              tcp 127.0.0.1 10025              # tcp/4; default NAT engine
              ssl 2001:db8::2 9999 pf          # ssl/6; NAT engine 'pf'
Example:
  sslsplit -k ca.key -c ca.pem -P  https 127.0.0.1 8443  https ::1 8443
See the manual page sslsplit(1) for details on using SSLsplit and setting up the various NAT engines.

Requirements

SSLsplit depends on the OpenSSL and libevent 2.x libraries. The build depends on GNU make and a POSIX.2 environment in PATH. The (optional) unit tests depend on check.
SSLsplit currently supports the following operating systems and NAT engines:
  • FreeBSD: pf rdr, ipfw fwd, ipfilter rdr
  • OpenBSD: pf rdr
  • Linux: netfilter REDIRECT and TPROXY
  • Mac OS X: ipfw fwd

Installation

SSLsplit is or will be available as a package or port on the following systems:
To install from source:
make
make test       # optional unit tests
make install    # optional install
Dependencies are autoconfigured using pkg-config. If dependencies are not picked up and fixing PKG_CONFIG_PATH does not help, you can specify their respective locations manually by setting OPENSSL_BASELIBEVENT_BASEand/or CHECK_BASE to the respective prefixes.
You can override the default install prefix (/usr/local) by setting PREFIX.

Development

SSLsplit is being developed on Github. For bug reports, please use the Github issue tracker. For patch submissions, please send pull requests.
Source-
http://www.roe.ch/SSLsplit

Screenshot -

at No comments:

Suricata 1.4.5 - Network intrusion detection and prevention engine

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

 Get the new release here: suricata-1.4.5.tar.gz
Released on 26/07/2013
Fixes
Bug #908: ipv6 extension header parsing issue causing Suricata to hang
Bug #906: icmp_seq and icmp_id keyword with icmpv6 traffic FP & FN


Source-

Documentation

at No comments:

Monday, July 29, 2013

Nmap 6.40 released

Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).
Nmap was named “Security Product of the Year” by Linux Journal, Info World, LinuxQuestions.Org, and Codetalker Digest. It was even featured in twelve movies, including The Matrix ReloadedDie Hard 4Girl With the Dragon Tattoo, and The Bourne Ultimatum.
Nmap is ...
  • Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), OS detectionversion detection, ping sweeps, and more. See the documentation page.
  • Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines.
  • Portable: Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.
  • Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source.
  • Free: The primary goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/auditors/hackers with an advanced tool for exploring their networks. Nmap is available for free download, and also comes with full source code that you may modify and redistribute under the terms of the license.
  • Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, tutorials, and even a whole book! Find them in multiple languages here.
  • Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-traffic nmap-hackers announcement list. You can also find Nmap on Facebook and Twitter. For real-time chat, join the #nmap channel on Freenode or EFNet.
  • Acclaimed: Nmap has won numerous awards, including "Information Security Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles, several movies, dozens of books, and one comic book series. Visit the press page for further details.
  • Popular: Thousands of people download Nmap every day, and it is included with many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc). It is among the top ten (out of 30,000) programs at the Freshmeat.Net repository. This is important because it lends Nmap its vibrant development and user support communities.
Nmap 6.40 [2013-07-28]

 o For logistical reasons, we had to do the 6.40 builds before we
  finished writing the change log.  Rather than include something
  incomplete here, we have removed it.  Please view it instead at
  http://nmap.org/changelog.html.  For just the changes in this
  release, search for the "Nmap 6.40" line and read down from there to the "Nmap 6.25" line.

 Download latest version 6.40 from here

Nmap 6.40 ( http://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
  Can pass hostnames, IP addresses, networks, etc.
  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
  -iL <inputfilename>: Input from list of hosts/networks
  -iR <num hosts>: Choose random targets
  --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
  --excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
  -sL: List Scan - simply list targets to scan
  -sn: Ping Scan - disable port scan
  -Pn: Treat all hosts as online -- skip host discovery
  -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
  -PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
  -PO[protocol list]: IP Protocol Ping
  -n/-R: Never do DNS resolution/Always resolve [default: sometimes]
  --dns-servers <serv1[,serv2],...>: Specify custom DNS servers
  --system-dns: Use OS's DNS resolver
  --traceroute: Trace hop path to each host
SCAN TECHNIQUES:
  -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
  -sU: UDP Scan
  -sN/sF/sX: TCP Null, FIN, and Xmas scans
  --scanflags <flags>: Customize TCP scan flags
  -sI <zombie host[:probeport]>: Idle scan
  -sY/sZ: SCTP INIT/COOKIE-ECHO scans
  -sO: IP protocol scan
  -b <FTP relay host>: FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
  -p <port ranges>: Only scan specified ports
    Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
  -F: Fast mode - Scan fewer ports than the default scan
  -r: Scan ports consecutively - don't randomize
  --top-ports <number>: Scan <number> most common ports
  --port-ratio <ratio>: Scan ports more common than <ratio>
SERVICE/VERSION DETECTION:
  -sV: Probe open ports to determine service/version info
  --version-intensity <level>: Set from 0 (light) to 9 (try all probes)
  --version-light: Limit to most likely probes (intensity 2)
  --version-all: Try every single probe (intensity 9)
  --version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
  -sC: equivalent to --script=default
  --script=<Lua scripts>: <Lua scripts> is a comma separated list of 
           directories, script-files or script-categories
  --script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
  --script-args-file=filename: provide NSE script args in a file
  --script-trace: Show all data sent and received
  --script-updatedb: Update the script database.
  --script-help=<Lua scripts>: Show help about scripts.
           <Lua scripts> is a comma separted list of script-files or
           script-categories.
OS DETECTION:
  -O: Enable OS detection
  --osscan-limit: Limit OS detection to promising targets
  --osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
  Options which take <time> are in seconds, or append 'ms' (milliseconds),
  's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
  -T<0-5>: Set timing template (higher is faster)
  --min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
  --min-parallelism/max-parallelism <numprobes>: Probe parallelization
  --min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
      probe round trip time.
  --max-retries <tries>: Caps number of port scan probe retransmissions.
  --host-timeout <time>: Give up on target after this long
  --scan-delay/--max-scan-delay <time>: Adjust delay between probes
  --min-rate <number>: Send packets no slower than <number> per second
  --max-rate <number>: Send packets no faster than <number> per second
FIREWALL/IDS EVASION AND SPOOFING:
  -f; --mtu <val>: fragment packets (optionally w/given MTU)
  -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
  -S <IP_Address>: Spoof source address
  -e <iface>: Use specified interface
  -g/--source-port <portnum>: Use given port number
  --data-length <num>: Append random data to sent packets
  --ip-options <options>: Send packets with specified ip options
  --ttl <val>: Set IP time-to-live field
  --spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
  --badsum: Send packets with a bogus TCP/UDP/SCTP checksum
OUTPUT:
  -oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
     and Grepable format, respectively, to the given filename.
  -oA <basename>: Output in the three major formats at once
  -v: Increase verbosity level (use -vv or more for greater effect)
  -d: Increase debugging level (use -dd or more for greater effect)
  --reason: Display the reason a port is in a particular state
  --open: Only show open (or possibly open) ports
  --packet-trace: Show all packets sent and received
  --iflist: Print host interfaces and routes (for debugging)
  --log-errors: Log errors/warnings to the normal-format output file
  --append-output: Append to rather than clobber specified output files
  --resume <filename>: Resume an aborted scan
  --stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
  --webxml: Reference stylesheet from Nmap.Org for more portable XML
  --no-stylesheet: Prevent associating of XSL stylesheet w/XML output
MISC:
  -6: Enable IPv6 scanning
  -A: Enable OS detection, version detection, script scanning, and traceroute
  --datadir <dirname>: Specify custom Nmap data file location
  --send-eth/--send-ip: Send using raw ethernet frames or IP packets
  --privileged: Assume that the user is fully privileged
  --unprivileged: Assume the user lacks raw socket privileges
  -V: Print version number
  -h: Print this help summary page.
EXAMPLES:
  nmap -v -A scanme.nmap.org
  nmap -v -sn 192.168.0.0/16 10.0.0.0/8
  nmap -v -iR 10000 -Pn -p 80
SEE THE MAN PAGE (http://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES

 Source-
http://www.insecure.org/nmap/

at No comments:

Sunday, July 28, 2013

Vega - free and open source scanner and testing platform to test the security of web applications

Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on LinuxOS X, and Windows

Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web:Javascript

Vega was developed by Subgraph in Montreal.

 Download from Here 
Latest release: 1.0 Build 97
Released on  July 19, 2013
Current build: 97 Jul 19, 2013
 Source-
http://subgraph.com/products.html

 For More information -
http://subgraph.com/products.html
at No comments:

Friday, July 26, 2013

Kali Linux 1.0.4 Released

Tradition of publishing new releases during the annual Black Hat and DEF CON conferences, we are pleased to announce the availability of Kali Linux 1.0.4. The last few months since the initial release of Kali have seen a large number of changes, upgrades, and improvements in the distribution, all of which are included in version 1.0.4.

Thanks to numerous requests from the Kali Linux community on the Kali Bug Tracker, they have added many new tools to Kali’s arsenal, including:

Winexe
Pass the Hash Toolkit
enum4linux
RegRipper

rfcat
Unicornscan
jSQL
JD-GUI

Ubertooth
Ghost Phisher
Uniscan
Arachni
Bully

In addition to the new tools that we have added to the distribution, version 1.04 of Kali Linux also contains many upgraded packages. Some of the more notable updates are:

OpenVAS
Volatility
Durandal’s Backdoor

Maltego
OWASP ZAP
Armitage

DNSrecon
Vega
WPScan

Our quest to get Kali Linux running on popular ARM hardware is going strong and our trusted contributor, Offensive Security, has provided new ARM images for the BeagleBone Black, CuBox, and Efika MX to our growing collection.

As usual, you do not need to re-download Kali Linux 1.0.4 if you already have it installed. A regular “apt-get update && apt-get dist-upgrade” will do the job of getting you to the latest and greatest!

Source-
at No comments:

Wednesday, July 17, 2013

Patator Brute Forcer 0.5 - multi-purpose brute-forcer 

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

Currently it supports the following modules:
  - ftp_login     : Brute-force FTP
  - ssh_login     : Brute-force SSH
  - telnet_login  : Brute-force Telnet
  - smtp_login    : Brute-force SMTP
  - smtp_vrfy     : Enumerate valid users using the SMTP 'VRFY' command
  - smtp_rcpt     : Enumerate valid users using the SMTP 'RCPT TO' command
  - finger_lookup : Enumerate valid users using Finger
  - http_fuzz     : Brute-force HTTP
  - pop_login     : Brute-force POP3
  - pop_passd     : Brute-force poppassd (http://netwinsite.com/poppassd/)
  - imap_login    : Brute-force IMAP4
  - ldap_login    : Brute-force LDAP
  - smb_login     : Brute-force SMB
  - smb_lookupsid : Brute-force SMB SID-lookup
  - vmauthd_login : Brute-force VMware Authentication Daemon
  - mssql_login   : Brute-force MSSQL
  - oracle_login  : Brute-force Oracle
  - mysql_login   : Brute-force MySQL
  - mysql_queries : Brute-force MySQL queries
  - pgsql_login   : Brute-force PostgreSQL
  - vnc_login     : Brute-force VNC
  - dns_forward   : Brute-force DNS
  - dns_reverse   : Brute-force DNS (reverse lookup subnets)
  - snmp_login    : Brute-force SNMPv1/2 and SNMPv3

  - unzip_pass    : Brute-force the password of encrypted ZIP files
  - keystore_pass : Brute-force the password of Java keystore files

Future modules to be implemented:
  - rdp_login

The name "Patator" comes from http://www.youtube.com/watch?v=xoBkBvnTTjo
"Whatever the payload to fire, always use the same cannon"

* Why ?

Basically, I got tired of using Medusa, Hydra, Ncrack, Metasploit auxiliary modules, Nmap NSE scripts and the like because:
  - they either do not work or are not reliable (got me false negatives several times in the past)
  - they are not flexible enough (how to iterate over all wordlists, fuzz any module parameter)
  - they lack useful features (display progress or pause during execution)

FEATURES
--------
  * No false negatives, as it is the user that decides what results to ignore based on:
      + status code of response
      + size of response
      + matching string or regex in response data
      + ... see --help

  * Modular design
      + not limited to network modules (eg. the unzip_pass module)
      + not limited to brute-forcing (eg. remote exploit testing, or vulnerable version probing)

  * Interactive runtime
      + show progress during execution (press Enter)
      + pause/unpause execution (press p)
      + increase/decrease verbosity
      + add new actions & conditions during runtime (eg. to exclude more types of response from showing)
      + ... press h to see all available interactive commands

  * Use persistent connections (ie. will test several passwords until the server disconnects)

  * Multi-threaded

  * Flexible user input
    - Any module parameter can be fuzzed:
      + use the FILE keyword to iterate over a file
      + use the COMBO keyword to iterate over a combo file
      + use the NET keyword to iterate over every hosts of a network subnet
      + use the RANGE keyword to iterate over hexadecimal, decimal or alphabetical ranges
      + use the PROG keyword to iterage over the output of an external program

    - Iteration over the joined wordlists can be done in any order

  * Save every response (along with request) to seperate log files for later reviewing


INSTALL

* Dependencies (best tested versions)

                 |  Required for  |                        URL                         | Version |
--------------------------------------------------------------------------------------------------
paramiko         | SSH            | http://www.lag.net/paramiko/                       | 1.7.7.1 |
--------------------------------------------------------------------------------------------------
pycurl           | HTTP           | http://pycurl.sourceforge.net/                     |  7.19.0 |
--------------------------------------------------------------------------------------------------
openldap         | LDAP           | http://www.openldap.org/                           |  2.4.24 |
--------------------------------------------------------------------------------------------------
impacket         | SMB            | http://code.google.com/p/impacket/                 | svn#765 |
--------------------------------------------------------------------------------------------------
cx_Oracle        | Oracle         | http://cx-oracle.sourceforge.net/                  |   5.1.1 |
--------------------------------------------------------------------------------------------------
mysql-python     | MySQL          | http://sourceforge.net/projects/mysql-python/      |   1.2.3 |
--------------------------------------------------------------------------------------------------
psycopg          | PostgreSQL     | http://initd.org/psycopg/                          |   2.4.5 |
--------------------------------------------------------------------------------------------------
pycrypto         | VNC            | http://www.dlitz.net/software/pycrypto/            |     2.3 |
--------------------------------------------------------------------------------------------------
dnspython        | DNS            | http://www.dnspython.org/                          |  1.10.0 |
--------------------------------------------------------------------------------------------------
pysnmp           | SNMP           | http://pysnmp.sourceforge.net/                     |   4.2.1 |
--------------------------------------------------------------------------------------------------
pyasn1           | SNMP           | http://sourceforge.net/projects/pyasn1/            |   0.1.2 |
--------------------------------------------------------------------------------------------------
IPy              | NETx keywords  | https://github.com/haypo/python-ipy                |    0.75 |
--------------------------------------------------------------------------------------------------
unzip            | ZIP passwords  | http://www.info-zip.org/                           |     6.0 |
--------------------------------------------------------------------------------------------------
Java             | keystore files | http://www.oracle.com/technetwork/java/javase/     |       6 |
--------------------------------------------------------------------------------------------------
python           |                | http://www.python.org/                             |     2.7 |
--------------------------------------------------------------------------------------------------

* Shortcuts (optionnal)
ln -s path/to/patator.py /usr/bin/ftp_login
ln -s path/to/patator.py /usr/bin/http_fuzz
so on ...


USAGE
-----

$ python patator.py <module> -h
or
$ <module> -h  (if you created the shortcuts)

There are global options and module options:
  - all global options start with - or --
  - all module options are of the form option=value

All module options are fuzzable:
---------
./module host=FILE0 port=FILE1 foobar=FILE2.google.FILE3 0=hosts.txt 1=ports.txt 2=foo.txt 3=bar.txt

The keywords (FILE, COMBO, NET, ...) act as place-holders. They indicate the type of wordlist
and where to replace themselves with the actual words to test.

Each keyword is numbered in order to:
  - match the corresponding wordlist
  - and indicate in what order to iterate over all the wordlists

For instance, this would be the classic order:
---------
$ ./module host=FILE0 user=FILE1 password=FILE2 0=hosts.txt 1=logins.txt 2=passwords.txt
10.0.0.1 root password
10.0.0.1 root 123456
10.0.0.1 root qsdfghj
... (trying all passwords before testing next login)
10.0.0.1 admin password
10.0.0.1 admin 123456
10.0.0.1 admin qsdfghj
... (trying all logins before testing next host)
10.0.0.2 root password
...

While a smarter way might be:
---------
$ ./module host=FILE2 user=FILE1 password=FILE0 2=hosts.txt 1=logins.txt 0=passwords.txt
10.0.0.1 root password
10.0.0.2 root password
10.0.0.1 admin password
10.0.0.2 admin password
10.0.0.1 root 123456
10.0.0.2 root 123456
10.0.0.1 admin 123456
...

* Keywords

Brute-force a list of hosts with a file containing combo entries (each line := login:password).
---------
./module host=FILE0 user=COMBO10 password=COMBO11 0=hosts.txt 1=combos.txt

Scan subnets to just grab version banners.
---------
./module host=NET0 0=10.0.1.0/24,10.0.2.0/24,10.0.3.128-10.0.3.255

Fuzzing a parameter by iterating over a range of values.
---------
./module param=RANGE0 0=hex:0x00-0xffff
./module param=RANGE0 0=int:0-500
./module param=RANGE0 0=lower:a-zzz

* Actions & Conditions

Use the -x option to do specific actions upon receiving expected results. For instance:

To ignore responses with status code 200 *AND* a size within a range.
---------
./module host=10.0.0.1 user=FILE0 -x ignore:code=200,size=57-74

To ignore responses with status code 500 *OR* containing "Internal error".
---------
./module host=10.0.0.1 user=FILE0 -x ignore:code=500 -x ignore:fgrep='Internal error'

Remember that conditions are ANDed within the same -x option, use multiple -x options to
specify ORed conditions.

* Failures

During execution, failures may happen, such as a TCP connect timeout for
instance. A failure is actually an exception that the module does not expect,
and as a result the exception is caught upstream by the controller.

Such exceptions, or failures, are not immediately reported to the user, the
controller will retry 4 more times (see --max-retries) before reporting the
failed payload with logging level "FAIL".


* Read carefully the following examples to get a good understanding of how patator works.
{{{ FTP

* Brute-force authentication. Do not report wrong passwords.
---------
ftp_login host=10.0.0.1 user=FILE0 password=FILE1 0=logins.txt 1=passwords.txt -x ignore:mesg='Login incorrect.'

NB0. If you get errors like "500 OOPS: priv_sock_get_cmd", use -x ignore,reset,retry:code=500
     in order to retry the last login/password using a new TCP connection. Odd servers like vsftpd
     return this when they shut down the TCP connection (ie. max login attempts reached).

NB1. If you get errors like "too many connections from your IP address", try decreasing the number of
     threads, the server may be enforcing a maximum number of concurrent connections.

* Same as before, but stop testing a user after his password is found.
---------
ftp_login ... -x free=user:code=0


* Find anonymous FTP servers on a subnet.
---------
ftp_login host=NET0 user=anonymous password=test@example.com 0=10.0.0.0/24

}}}
{{{ SSH
* Brute-force authentication with password same as login (aka single mode). Do not report wrong passwords.
---------
ssh_login host=10.0.0.1 user=FILE0 password=FILE0 0=logins.txt -x ignore:mesg='Authentication failed.'

NB. If you get errors like "Error reading SSH protocol banner ... Connection reset by peer",
    try decreasing the number of threads, the server may be enforcing a maximum
    number of concurrent connections (eg. MaxStartups in OpenSSH).


* Brute-force several hosts and stop testing a host after a valid password is found.
---------
ssh_login host=FILE0 user=FILE1 password=FILE2 0=hosts.txt 1=logins.txt 2=passwords.txt -x free=host:code=0


* Same as previous, but stop testing a user on a host after his password is found.
---------
ssh_login host=FILE0 user=FILE1 password=FILE2 0=hosts.txt 1=logins.txt 2=passwords.txt -x free=host+user:code=0

}}}
{{{ Telnet

* Brute-force authentication.
  (a) Enter login after first prompt is detected, enter password after second prompt.
  (b) The regex to detect the login and password prompts.
  (c) Reconnect when we get no login prompt back (max number of tries reached or successful login).
                 (a)
telnet_login host=10.0.0.1 inputs='FILE0\nFILE1' 0=logins.txt 1=passwords.txt
 prompt_re='tux login:|Password:' -x reset:egrep!='Login incorrect.+tux login:'
 (b)                             (c)
 
NB. If you get errors like "telnet connection closed", try decreasing the number of threads,
    the server may be enforcing a maximum number of concurrent connections.

}}}
{{{ SMTP

* Enumerate valid users using the VRFY command.
  (a) Do not report invalid recipients.
  (b) Do not report when the server shuts us down with "421 too many errors",
      reconnect and resume testing.
                                              (a)
smtp_vrfy host=10.0.0.1 user=FILE0 0=logins.txt -x ignore:fgrep='User unknown in local
 recipient table' -x ignore,reset,retry:code=421
                             (b)

* Use the RCPT TO command in case the VRFY command is not available.

smtp_rcpt host=10.0.0.1 user=FILE0@localhost 0=logins.txt helo='ehlo mx.fb.com' mail_from=root

* Brute-force authentication.
  (a) Send a fake hostname (by default your host fqdn is sent)
          (a)
smtp_login host=10.0.0.1 helo='ehlo its.me.com' user=FILE0@dom.com password=FILE1 0=logins.txt 1=passwords.txt 

}}}
{{{ HTTP

* Find hidden web resources.
  (a) Use a specific header.
  (b) Follow redirects.
  (c) Do not report 404 errors.
  (d) Retry on 500 errors.
---------                                             (a)
http_fuzz url=http://localhost/FILE0 0=words.txt header='Cookie: SESSID=A2FD8B2DA4'
 follow=1 -x ignore:code=404 -x ignore,retry:code=500
 (b)            (c)                  (d)

NB. You may be able to go 10 times faster using webef (http://www.hsc.fr/ressources/outils/webef/).
    It is the fastest HTTP brute-forcer I know, yet at the moment it still lacks useful features
    that will prevent you from performing the following attacks.

* Brute-force phpMyAdmin logon.
  (a) Use POST requests.
  (b) Follow redirects using cookies sent by server.
  (c) Ignore failed authentications.
                                           (a)         (b)        (b)
http_fuzz url=http://10.0.0.1/phpmyadmin/index.php method=POST follow=1 accept_cookie=1 
 body='pma_username=root&pma_password=FILE0&server=1&lang=en' 0=passwords.txt
 -x ignore:fgrep='Cannot log in to the MySQL server'
             (c)

* Scan subnet for directory listings.
  (a) Ignore not matching reponses.
  (b) Save matching responses into directory.

http_fuzz url=http://NET0/FILE1 0=10.0.0.0/24 1=dirs.txt -x ignore:fgrep!='Index of'
 -l /tmp/directory_listings                                             (a)
      (b)  

* Brute-force Basic authentication.
  (a) Single mode (login == password).
  (b) Do not report failed login attempts.

http_fuzz url=http://10.0.0.1/manager/html user_pass=FILE0:FILE0 0=logins.txt -x ignore:code=401
                                                   (a)                                (b)

* Find hidden virtual hosts.
  (a) Read template from file.
  (b) Fuzz both the Host and User-Agent headers.

echo -e 'Host: FILE0\nUser-Agent: FILE1' > headers.txt
http_fuzz url=http://10.0.0.1/ header=@headers.txt 0=vhosts.txt 1=agents.txt
                                    (a)                       (b)

* Brute-force logon using GET requests.
  (a) Encode everything surrounded by the two tags _@@_ in hexadecimal.
  (b) Ignore HTTP 200 responses with a content size (header+body) within given range
      and that also contain the given string.
  (c) Use a different delimiter string because the comma cannot be escaped.
                                                        (a)             (a)
http_fuzz url='http://10.0.0.1/login?username=admin&password=_@@_FILE0_@@_' -e _@@_:hex
 0=words.txt -x ignore:'code=200|size=1500-|fgrep=Welcome, unauthenticated user' -X '|'
                (b)                                                              (c)

* Brute-force logon that enforces two random nonces to be submitted along every POST.
  (a) First, request the page that provides the nonces as hidden input fields.
  (b) Use regular expressions to extract the nonces that are to be submitted along the main request.

http_fuzz url=http://10.0.0.1/login method=POST body='user=admin&pass=FILE0&nonce1=_N1_&nonce2=_N2_' 0=passwords.txt accept_cookie=1
 before_urls=http://10.0.0.1/index before_egrep='_N1_:<input type="hidden" name="nonce1" value="(\w+)"|_N2_:name="nonce2" value="(\w+)"'
           (a)                                (b)

* Test the OPTIONS method against a list of URLs.
  (a) Ignore URLs that only allow the HEAD and GET methods.
  (b) Header end of line is '\r\n'.
  (c) Use a different delimiter string because the comma cannot be escaped.

http_fuzz url=FILE0 0=urls.txt method=OPTIONS -x ignore:egrep='^Allow: HEAD, GET\r$' -X '|'
                                                            (a)                 (b)  (c)
}}}
{{{ LDAP

* Brute-force authentication.
  (a) Do not report wrong passwords.
  (b) Talk SSL/TLS to port 636.

ldap_login host=10.0.0.1 binddn='cn=FILE0,dc=example,dc=com' 0=logins.txt bindpw=FILE1 1=passwords.txt
 -x ignore:mesg='ldap_bind: Invalid credentials (49)' ssl=1 port=636
         (a)                                              (b)
}}}
{{{ SMB

* Brute-force authentication.

smb_login host=10.0.0.1 user=FILE0 password=FILE1 0=logins.txt 1=passwords.txt -x ignore:fgrep=STATUS_LOGON_FAILURE

NB. If you suddenly get STATUS_ACCOUNT_LOCKED_OUT errors for an account
    although it is not the first password you test on this account, then you must
    have locked it.

* Pass-the-hash.
  (a) Test a list of hosts.
  (b) Test every user (each line := login:rid:LM hash:NT hash).

smb_login host=FILE0 0=hosts.txt user=COMBO10 password_hash=COMBO12:COMBO13 1=pwdump.txt -x ...
             (a)                                         (b)
}}}
{{{ MSSQL

* Brute-force authentication.

mssql_login host=10.0.0.1 user=sa password=FILE0 0=passwords.txt -x ignore:fgrep='Login failed for user'

}}}
{{{ Oracle
Beware, by default in Oracle, accounts are permanently locked out after 10 wrong passwords,
except for the SYS account.

* Brute-force authentication.

oracle_login host=10.0.0.1 user=SYS password=FILE0 0=passwords.txt sid=ORCL -x ignore:code=ORA-01017

NB0. With Oracle 10g XE (Express Edition), you do not need to pass a SID.

NB1. If you get ORA-12516 errors, it may be because you reached the limit of
     concurrent connections or db processes, try using "--rate-limit 0.5 -t 2" to be
     more polite. Also you can run "alter system set processes=150 scope=spfile;"
     and restart your database to get rid of this.

* Brute-force SID.

oracle_login host=10.0.0.1 sid=FILE0 0=sids.txt -x ignore:code=ORA-12505

NB. Against Oracle9, it may crash (Segmentation fault) as soon as a valid SID is
    found (cx_Oracle bug). Sometimes, the SID gets printed out before the crash,
    so try running the same command again if it did not.

}}}
{{{ MySQL

* Brute-force authentication.

mysql_login host=10.0.0.1 user=FILE0 password=FILE0 0=logins.txt -x ignore:fgrep='Access denied for user'

}}}
{{{ PostgresSQL

* Brute-force authentication.
-----------
pgsql_login host=10.0.0.1 user=postgres password=FILE0 0=passwords.txt -x ignore:fgrep='password authentication failed'

}}}
{{{ VNC
Some VNC servers have built-in anti-bruteforce functionnality that temporarily
blacklists the attacker IP address after too many wrong passwords.
 - RealVNC-4.1.3 or TightVNC-1.3.10 for example, allow 5 failed attempts and
   then enforce a 10 second delay. For each subsequent failed attempt that
   delay is doubled.
 - RealVNC-3.3.7 or UltraVNC allow 6 failed attempts and then enforce a 10
   second delay between each following attempt.

* Brute-force authentication.
  (a) No need to use more than one thread.
  (b) Keep retrying the same password when we are blacklisted by the server.
  (c) Exit execution as soon as a valid password is found.
---------                                               (a)
vnc_login host=10.0.0.1 password=FILE0 0=passwords.txt --threads 1
 -x retry:fgrep!='Authentication failure' --max-retries -1 -x quit:code=0
        (b)                                 (b)                 (c)
}}}
{{{ DNS

* Brute-force subdomains.
  (a) Ignore NXDOMAIN responses (rcode 3).

dns_forward name=FILE0.google.com 0=names.txt -x ignore:code=3
                                              (a)
* Brute-force domain with every possible TLDs.

dns_forward name=google.MOD0 0=TLD -x ignore:code=3

* Brute-force SRV records.

dns_forward name=MOD0.microsoft.com 0=SRV qtype=SRV -x ignore:code=3

* Grab the version of several hosts.

dns_forward server=FILE0 0=hosts.txt name=version.bind qtype=txt qclass=ch

* Reverse lookup several networks.
  (a) Ignore names that do not contain 'google.com'.

dns_reverse host=NET0 0=216.239.32.0-216.239.47.255,8.8.8.0/24 -x ignore:code=3 -x ignore:fgrep!=google.com -x ignore:fgrep=216-239-
                                                                                (a)                         (b)
}}}
{{{ SNMP

* SNMPv1/2 : Find valid community names.
----------
snmp_login host=10.0.0.1 community=FILE0 1=names.txt -x ignore:mesg='No SNMP response received before timeout'

* SNMPv3 : Find valid usernames.
----------
snmp_login host=10.0.0.1 version=3 user=FILE0 0=logins.txt -x ignore:mesg=unknownUserName

* SNMPv3 : Find valid passwords.
----------
snmp_login host=10.0.0.1 version=3 user=myuser auth_key=FILE0 0=passwords.txt -x ignore:mesg=wrongDigest

NB0. If you get "notInTimeWindow" error messages, increase the retries option.
NB1. SNMPv3 requires passphrases to be at least 8 characters long.

}}}
{{{ Unzip

* Brute-force the ZIP file password (cracking older pkzip encryption used to be not supported in JtR).
----------
unzip_pass zipfile=path/to/file.zip password=FILE0 0=passwords.txt -x ignore:code!=0

}}}

CHANGELOG

* v0.5 2013/07/05
  - new modules: mysql_query, tcp_fuzz
  - new RANGE and PROG keywords (supersedes the reading from stdin feature)
  - switched to impacket for mssql_login
  - output more intuitive
  - fixed connection cache
  - minor bug fixes


Source-
http://packetstormsecurity.com/files/122392/Patator-Brute-Forcer-0.5.html


Website-
https://code.google.com/p/patator/


Screenshot -
at No comments:

Packet Fence 4.0.2 released - Network access control (NAC) system

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.Changes: This release adds many bugfixes and enhancements. bind has been replaced by pfdns (PF's own DNS server), Oauth2 support has been greatly improved, line graphs of reports have new counters, simple searching of nodes has been extended to match MAC, owner, and computer name, each portal profile can now use a list of authentication sources, and a switch definition can now be easily cloned.
Released under the GPL, PacketFence is built using trusted open source components that allows it to offer an impressive amount of features
.Download PacketFenceVersion 4.0.2
Released on 2013-07-12
PacketFence Administration Guide
Last updated on 2013-07-12 for PacketFence version 4.0.2
PacketFence Network Devices Configuration Guide
Last updated on 2013-07-12 for PacketFence version 4.0.2
PacketFence Developer's Guide
Last updated on 2013-07-12 for PacketFence version 4.0.2
PacketFenceZEN_Installation_Guide
Last updated: 2013-07-12 for PacketFence ZEN version 4.0.2
Source-http://www.packetfence.org/download/releases.html

at No comments:

Tuesday, July 16, 2013

DEFT Linux 8 public beta & DART 2 stable released

It is a very professional and stable system that includes an excellent hardware detection and the best free and open source applications dedicated to Incident Response, Cyber Intelligence and Computer Forensics.

DEFT is meant to be used by:
Military
Police
Investigators
IT Auditors
Individuals

What’s new?

64 bit 3.5.0-30 Gnu Linux Kernel – brought down the limit of 4GB, Now you can use DEFT Linux on systems that have up to 25t6 TB of ram
The Sleuthkit 4 (the stable version of DEFT 8 will include The Sleuthkit 4.1) and Autopsy 2 – Ready for Autopsy 3 on Linux (only for Law Enforcement)
Digital Forensics Framework 1.3
Libewf and AFFlib full support
Xmount and Mount Ewf
Guymager 0.7.1, Cyclone 0.2 and Esximager
Recoll 1.19.5, software for indexing
Bulk extractor 1.3.1 with Bulk extractor GUI 1.3
Dumpy 0.2, an intelligence parsing tool to extract sensible data from anonymous dump – many thanks to Gianni Amato (guelfoweb) for the exclusive right
Skype extractor
Log2timeline 0.65
iPBA 2 and Lib iMobile device 1.1.5 (full iOS 6.* support)
Fastboot - re-flash Android partition tool
Google Chrome Open Source INTelligence browser and TOR
Maltego Radium (here there is a problem, we are waiting the Paterva support to fix it, sorry for that)
Xplico 1.0.1 and CapAnalysis

Download now DEFT Linux 8 beta!
Download now DART 2 stable!

Source-
http://www.deftlinux.net/2013/07/01/deft-linux-8-public-beta-dart-2-stable-ready-for-download/

For More information -
at No comments:

Ssiscan - ssi injection scanner

SSI-Scan is a basic PoC tool that helps facilitate the discovery of SSI injection vulnerabilities, a fairly rare and underdocumented code injection vulnerability where Server Side Includes directives are executed without proper validation and may lead to a system compromise or complete server enumeration.

At this point, SSI-Scan tests for injection by sending a POST request encapsulated with a hardcoded payload or through injecting forms specified by the user with a payload and looking for environment variable matches in the page source.

SSI-Scan requires BeautifulSoup4 and mechanize.

Example usage: -
python ssi-scan.py -u http://example.com
python ssi-scan.py -u http://example.com –form_uname username –form_passwd password

For more information on SSI injection:

https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection
http://capec.mitre.org/data/definitions/101.html

Source-
at No comments:

Netsparker Community Edition version 3.0.2.0 released

Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built, simulating a real attacker. It can identify vulnerabilities in web applications such as SQL Injection, Cross-site Scripting (XSS), remote code execution, and many more.Through the resources, it is possible to get a reverse shell of a SQL injection or extraction of data through execution of SQL queries handled.

Some new features in version 3.0.2.0

• Scan Policy Editor, which allows you to build policies for own scanner security checks web applications more efficient.
• Encode and Decode Oracle Encoder CHR
• New model of PCI Compliance Report
• Ruby on Rails (remote code execution vulnerability of code)
• Detection of known security issues (such as WordPress, Joomla and Drupal)
• Analysis disclosure version for Apache module mod_ssl, and Ruby WEBrick
• Identification of phpMyAdmin and Webalizer
• Detection of error messages that could disclose information SHTML sensitive
WebDAV • New engine that detects security problems of implementing WebDAV vulnerable
Injection • Server-Side Includes (SSI)

Full Changelog 
at No comments:

400 commands for GNU / Linux you should know

System Information

  1. arch : show the architecture of the machine (1).
  2. uname-m : show the architecture of the machine (2).
  3. uname-r : show the kernel version used.
  4. dmidecode-q : display the components (hardware) system.
  5. hdparm-i / dev / hda : show the characteristics of a hard disk.
  6. hdparm-tT / dev / sda : make reading test on a hard disk.
  7. cat / proc / cpuinfo : CPU information show.
  8. cat / proc / interrupts : interrupts show.
  9. cat / proc / meminfo : verify memory usage.
  10. cat / proc / swaps : swap files show.
  11. cat / proc / version : display the version of the kernel.
  12. cat / proc / net / dev : network adapters and display statistics.
  13. cat / proc / mounts : display the mounted file system.
  14. lspci-tv : show PCI devices.
  15. lsusb-tv -Display USB devices.
  16. date : display the system date.
  17. cal 2011 : show calendar 2011.
  18. Lime July 2011 : show the calendar for the month July 2011.
  19. 041217002011.00 date : place (declare, set) date and time.
  20. clock-w : save changes to the BIOS date.

Turn off (Reset System or Log out)

  1. shutdown-h now : Shut down system (1).
  2. init 0 : Shut down system (2).
  3. telinit 0 : Shut down system (3).
  4. halt : shutdown the system (4).
  5. shutdown-h hours: minutes & : planned shutdown of the system.
  6. shutdown-c : cancel a planned shutdown of the system.
  7. shutdown-r now : Restart (1).
  8. reboot : Reboot (2).
  9. logout : Logout.

Files and Directories

  1. cd / home : enter the "home" directory.
  2. cd .. : go back one level.
  3. cd .. / .. : back 2 levels.
  4. cd: go to the root directory.
  5. cd ~ user1 : user1 directory go.
  6. cd - : go (back) to the previous directory.
  7. pwd : show the path of the working directory.
  8. ls : see the files in a directory.
  9. ls-F : see the files in a directory.
  10. ls-l : show details of files and folders in a directory.
  11. ls-a : show hidden files.
  12. ls * [0-9] *: show the files and folders that contain numbers.
  13. tree : display files and folders in a tree starting from the root. (1)
  14. lstree : display files and folders in a tree starting from the root. (2)
  15. mkdir dir1 : create a folder or directory called 'dir1?.
  16. mkdir dir1 dir2 : create two folders or directories simultaneously (Create two directories at once).
  17. mkdir-p / tmp/dir1/dir2 : create a directory tree.
  18. rm-f file1 : delete the file called 'file1?.
  19. rmdir dir1 : delete the folder called 'dir1?.
  20. rm-rf dir1 : delete a folder called 'dir1? with its contents recursively. (If I delete recursive'm saying it with contents).
  21. rm-rf dir1 dir2 : delete two folders (directories) with its contents recursively.
  22. new_dir dir1 mv : rename or move a file or folder (directory).
  23. file1 cp : copy a file.
  24. cp file1 file2 : copy two files together.
  25. cp dir / *. : copy all the files in a directory within the current working directory.
  26. cp-a / tmp/dir1. : copy a directory within the current working directory.
  27. cp-a dir1 : copy a directory.
  28. cp-a dir1 dir2 : copy two unison directory.
  29. ln-s file1 lnk1 : create a symbolic link to the file or directory.
  30. lnk1 file1 ln : creating a physical link to the file or directory.
  31. touch-t 0712250000 file1 : modify the real time (time of creation) of a file or directory.
  32. file1 file : output (screen dump) the mime type of a text file.
  33. iconv-l : lists of known ciphers.
  34. iconv-f-t toEncoding fromEncoding inputFile> outputFile : creates a new form of the input file is encoded in assuming and making a ToEncoding fromEncoding.
  35. find. -Maxdepth 1-name *. Jpg-print-exec convert "{}"-resize 80 × 60 "thumbs / {}" \; : grouping resized files in the current directory and send them to directories in thumbnail view (requires converting from ImageMagick).

Find files

  1. find /-name file1 : file and directory search from the root of the system.
  2. find /-user user1 : find files and directories belonging to user 'user1?.
  3. find / home/user1-name \ *. bin : search files with '. bin 'in the directory' / home/user1?.
  4. find / usr / bin-type f-atime +100 : search binary files not used in the last 100 days.
  5. find / usr / bin-type f-mtime -10 : search files created or changed within the last 10 days.
  6. find /-name \ *. rpm-exec chmod 755 '{}' \; : search files with '. rpm' and modify permissions.
  7. find /-xdev-name \ *. rpm : Search files with '. rpm' extension ignoring removable devices such as cdrom, pen-drive, etc. ....
  8. locate \ *. ps : find files with '. ps' executed first with the command 'updatedb'.
  9. whereis halt : show location of a binary file, help, or source. In this case asks where the command 'halt'.
  10. Which halt : to show the full path (full path) to a binary / executable.

Mounting a file system

  1. mount / dev/hda2 / mnt/hda2 : mount a disk called hda2. Check first the existence of the directory '/ mnt/hda2?, If not, create it.
  2. umount / dev/hda2 : removing a disk called hda2. Out first from point '/ mnt/hda2.
  3. fuser-km / mnt/hda2 : force umount when the device is busy.
  4. umount-n / mnt/hda2 : running disassembly without reading the file / etc / mtab. Useful when the file is read-only or the hard drive is full.
  5. mount / dev/fd0 / mnt / floppy : mount a floppy disk (floppy).
  6. mount / dev / cdrom / mnt / cdrom : mount a cdrom / dvdrom.
  7. mount / dev / hdc / mnt / cdrecorder : mount a rewritable cd or dvdrom.
  8. mount / dev / hdb / mnt / cdrecorder : mount a rewritable cd / dvdrom (a dvd).
  9. file.iso mount-o loop / mnt / cdrom : mount a file or iso image.
  10. mount-t vfat / dev/hda5 / mnt/hda5 : mount a FAT32 file system.
  11. mount / dev/sda1 / mnt / usbdisk : mount a usb thumb drive or a memory (without specifying the filesystem type).

Disk Space

  1. df-h : display a list of mounted partitions.
  2. ls-LSR | more : show the size of the files and directories sorted by size.
  3. du-sh dir1 : Estimate the space used by the directory 'dir1?.
  4. du-sk * | sort-rn : show the size of the files and directories sorted by size.
  5. rpm-q-a-qf '% 10 {SIZE} t% {NAME} n' | sort-k1, 1n : show space used by the installed rpm packages organized by size (Fedora, Redhat and others).
  6. dpkg-query-W-f = '$ {Installed-Size; 10} t $ {Package} n' | sort-k1, 1n : show space used by the packages installed, organized by size (Ubuntu, Debian and others) .

Users and Groups

  1. groupadd nombre_del_grupo : create a new group.
  2. groupdel nombre_del_grupo : delete a group.
  3. groupmod-n nuevo_nombre_del_grupo viejo_nombre_del_grupo : rename a group.
  4. useradd-c "Name Surname"-g admin-d / home/user1-s / bin / bash user1 : Create a new user belonging to the "admin".
  5. useradd user1 : create a new user.
  6. userdel-r user1 : delete a user ('-r' eliminates home directory).
  7. usermod-c "User FTP "-g system-d / ftp/user1-s / bin / nologin user1 : change user attributes.
  8. passwd : Changing password.
  9. user1 passwd : change the password of a user (only root).
  10. chage-E 2011-12-31 user1 : place a time limit for the user's password. In this case says that the key expires on December 31, 2011.
  11. pwck : correct syntax check the file format of '/ etc / passwd' and the existence of users.
  12. grpck : check correct syntax and format of the file '/ etc / group' and the existence of groups.
  13. newgrp group_name : Registers a new group to change the default group of newly created files.

File Permissions (Use "+" to place permissions and "-" to remove)

  1. ls-lh : Show permissions.
  2. ls / tmp | pr-T5-W $ COLUMNS : terminal split into 5 columns.
  3. chmod ugo + rwx directory1 : ® readable place, write (w) and execute (x) to the owner (u) group (g) and others (o) on the directory 'directory1?.
  4. chmod go-rwx directory1 : ® remove read permission, write (w) and (x) running the group (g) and others (o) on the directory 'directory1?.
  5. user1 file1 chown : change owner of a file.
  6. chown-R user1 directory1 : change the owner of a directory and all files and directories contained within.
  7. file1 group1 chgrp : changing group of files.
  8. chown user1: group1 file1 : change user and group ownership of a file.
  9. find /-perm-u + s : display all system files with SUID configured.
  10. chmod u + s / bin/file1 : set the SUID bit on a binary file. The user that running that file takes the same privileges as the owner.
  11. chmod us / bin/file1 : disable SUID bit on a binary file.
  12. chmod g+ s / home / public : place a SGID bit on a directory-similar to SUID but for directory.
  13. chmod gs / home / public : disable SGID bit on a directory.
  14. chmod o + t / home / public : place a bit STIKY in a directory. Allows deletion of files only rightful owners.
  15. ot chmod / home / public : STIKY disable bit in a directory.

Special Attributes on files (Use "+" to place permissions and "-" to remove)

  1. chattr + a file1 : enter by opening a file only append mode.
  2. chattr + c file1 : allows a file to be compressed / decompressed automatically.
  3. chattr + d file1 : ensures that the program ignore delete files during backup.
  4. chattr + i file1 : convert the file unchanged, so it can not be removed, altered, renamed, or bound.
  5. chattr + s file1 : allows a file to be deleted safely.
  6. chattr + S file1 : ensures that a file is modified, the changes are written in synchronous mode as with sync.
  7. chattr + u file1 : allows you to retrieve the contents of a file even if it is canceled.
  8. lsattr : show special attributes.

Archives and compressed files

  1. bunzip2 file1.bz2 : decompress in file called 'file1.bz2?.
  2. bzip2 file1 : compress a file called 'file1?.
  3. gunzip file1.gz : decompress a file called 'file1.gz'.
  4. gzip file1 : compress a file called 'file1?.
  5. gzip -9 file1 : compress with maximum compression.
  6. rar to file1.rar TEST_FILE : create a zip file called 'file1.rar'.
  7. rar to file1.rar file1 file2 dir1 : compress 'file1?,' file2? and 'dir1? simultaneously.
  8. rar x file1.rar : unpack rar file.
  9. unrar x file1.rar : unpack rar file.
  10. tar-cvf archive.tar file1 : create an uncompressed tarball.
  11. tar-cvf archive.tar file1 file2 dir1 : create an archive containing 'file1?,' file2? y'dir1?.
  12. tar-tf archive.tar : display the contents of a file.
  13. tar-xvf archive.tar : extract a tarball.
  14. archive.tar tar-xvf-C / tmp : extract a tarball in / tmp.
  15. archive.tar.bz2 dir1 tar-cvfj : create a tarball compressed into bzip2.
  16. tar-xvfj archive.tar.bz2 : decompress a bzip2 compressed tar file
  17. archive.tar.gz dir1 tar-cvfz : create a gzipped tarball.
  18. tar-xvfz archive.tar.gz : decompress a gzip compressed tar archive.
  19. file1.zip zip file1 : create a zipped file.
  20. zip-r dir1 file1 file2 file1.zip : compress in zip several files and directories simultaneously.
  21. file1.zip unzip : unzip a zip file.

Packages RPM (Red Hat, Fedora and the like)

  1. rpm-ivh package.rpm : installing an rpm package.
  2. rpm-ivh-nodeeps package.rpm : installing an rpm package ignoring dependencies requests.
  3. rpm-U package.rpm : upgrade a rpm package without changing configuration files.
  4. rpm-F package.rpm : upgrade a rpm package only if it is installed.
  5. rpm-e package_name.rpm : remove a rpm package.
  6. rpm-qa : show all rpm packages installed on the system.
  7. rpm-qa | grep httpd : show all rpm packages with the name "httpd".
  8. rpm-qi package_name : get information on a specific package installed.
  9. rpm-qg "System Environment / Daemons" : mostar rpm packages of a software group.
  10. rpm-ql package_name : show list of files given by a rpm package installed.
  11. rpm-qc package_name : show configuration files list given by a rpm package installed.
  12. rpm-q package_name-whatrequires : show list of dependencies required for a rpm package.
  13. rpm-q package_name-whatprovides : mostar the ability given by a rpm package.
  14. rpm-q package_name-scripts : scripts show started during installation / removal.
  15. rpm-q package_name-changelog : mostar history revisions of a rpm package.
  16. rpm-qf / etc / httpd / conf / httpd.conf : check which rpm package belongs to a given file.
  17. rpm-qp package.rpm-l : show list of files given by a rpm package not yet been installed.
  18. rpm-import / media / cdrom / RPM-GPG-KEY : Import digital signature public key.
  19. rpm-checksig package.rpm : verify rpm package integrity.
  20. rpm-qa gpg-pubkey : verify the integrity of all rpm packages installed.
  21. rpm-V package_name : check the file size, licenses, rates, owner, group, check MD5 digest and last modified.
  22. rpm-Va : check all rpm packages installed on the system. Use with caution.
  23. rpm-Vp package.rpm : verify a rpm package not yet installed.
  24. rpm2cpio package.rpm | cpio-extract-make-directories * bin *: extracting executable file from a rpm package.
  25. rpm-ivh / usr / src / redhat / RPMS / `arch` / package.rpm : install a package built from a source rpm.
  26. rpmbuild-rebuild package_name.src.rpm : build a rpm package from a source rpm.

YUM packages updater (Red Hat, Fedora and the like)

  1. yum install package_name : download and install a rpm package.
  2. package_name.rpm localinstall yum : This will install an RPM and attempt to resolve all dependencies for you, using your repositories.
  3. package_name.rpm yum update : update all rpm packages installed on the system.
  4. yum update package_name : modernize / upgrade a rpm package.
  5. yum remove package_name : remove a rpm package.
  6. yum list : list all packages installed on the system.
  7. yum search package_name : Find a package repository rpm.
  8. yum clean packages : rpm clean a cache erasing downloaded packages.
  9. yum clean headers : remove all header files that the system uses to resolve the dependency.
  10. yum clean all : delete from the cache packages and header files.

Deb packages (Debian, Ubuntu and derivatives)

  1. dpkg-i package.deb : install / upgrade a deb package.
  2. dpkg-r package_name : remove a deb package system.
  3. dpkg-l : show all deb packages installed on the system.
  4. dpkg-l | grep httpd : show all deb packages with the name "httpd"
  5. package_name dpkg-s : to obtain information on a specific package installed on the system.
  6. dpkg-L package_name : mostar list of files given by a package installed on the system.
  7. dpkg-contents package.deb : show list of files given by a package not yet installed.
  8. dpkg-S / bin / ping : check which package owns a given file.

APT packages updater (Debian, Ubuntu and derivatives)

  1. apt-get install package_name : install / upgrade a deb package.
  2. apt-cdrom install package_name : install / upgrade a deb package from cdrom.
  3. apt-get update : update the package list.
  4. apt-get upgrade : update all installed packages.
  5. apt-get remove package_name : remove a deb package system.
  6. apt-get check : check the correct resolution of dependencies.
  7. apt-get clean : clean up cache from packages downloaded.
  8. apt-cache search searched-package : returns list of packages that corresponds to the series' wanted packages. "

View the contents of a file

  1. cat file1 : view the contents of a file starting from the first row.
  2. tac file1 : view the contents of a file starting from the last line.
  3. more file1 : view the contents along a.
  4. less file1 : commando-like 'more' but can save the file movement and backward movement.
  5. -2 file1 head : see the first two lines of a file.
  6. tail -2 file1 : see the last two lines of a file.
  7. tail-f / var / log / messages : see in real time what has been added to the file.

Manipulating text

  1. cat file1 file2 .. | Command <> file1_in.txt_or_file1_out.txt : general syntax for text manipulation using PIPE, STDIN and STDOUT.
  2. cat file1 | command (sed, grep, awk, grep, etc ...)> result.txt : general syntax to manipulate a text from a file and write the output to a new file.
  3. cat file1 | command (sed, grep, awk, grep, etc ...) »result.txt : general syntax to manipulate a text from a file and add result in an existing file.
  4. Aug grep / var / log / messages : search words "Aug" on file '/ var / log / messages'.
  5. grep ^ Aug / var / log / messages : look for words that begin with "Aug" on file '/ var / log / messages'
  6. grep [0-9] / var / log / messages : select all lines in the file '/ var / log / messages' that contain numbers.
  7. Aug grep-R / var / log / *: search for the string "Aug" in directory '/ var / log' and below.
  8. sed 's/stringa1/stringa2/g' example.txt : relocate "string1" with "string2" in sample.txt
  9. sed '/ ^ $ / d' example.txt : delete all blank lines from the sample.txt
  10. sed '/ * # / d, / ^ $ / d' example.txt : Remove comments and blank lines sample.txt
  11. echo 'esempio' | tr '[: lower:]' '[: upper:]' : convert lowercase to uppercase.
  12. sed-e '1 d 'result.txt : deletes the first line of the file sample.txt
  13. sed-n '/ stringa1 / p' : display only lines that contain the word "string1".

Character set and file conversion

  1. fileunix.txt filedos.txt dos2unix : converting a text file format from MSDOS to UNIX.
  2. fileunix.txt unix2dos filedos.txt : convert a text file format from UNIX to MSDOS.
  3. recode .. HTML <page.txt> page.html : convert a text file to html.
  4. recode-l | more : show all available format conversions.

Analysis of the file system

  1. badblocks-v / dev/hda1 : Check for bad blocks on disk hda1.
  2. fsck / dev/hda1 : repair / check integrity Linux system file on disk hda1.
  3. fsck.ext2 / dev/hda1 : repair / check integrity ext 2 file system on disk hda1.
  4. e2fsck / dev/hda1 : repair / check integrity ext 2 file system on disk hda1.
  5. e2fsck-j / dev/hda1 : repair / check integrity ext 3 file system on disk hda1.
  6. fsck.ext3 / dev/hda1 : repair / check integrity ext 3 file system on disk hda1.
  7. fsck.vfat / dev/hda1 : repair / check integrity of the file system on disk hda1 fat.
  8. fsck.msdos / dev/hda1 : repair / check integrity of a file system on disk hda1 two.
  9. dosfsck / dev/hda1 : repair / check integrity of a file system on disk hda1 two.

Format a filesystem

  1. mkfs / dev/hda1 : create a Linux file system on the partition type hda1.
  2. mke2fs / dev/hda1 : create a system file type hda1 Linux ext 2.
  3. mke2fs-j / dev/hda1 : create a Linux file system type ext3 (journal) on hda1 partition.
  4. mkfs-t vfat 32-F / dev/hda1 : create a FAT32 file system on hda1.
  5. fdformat-n / dev/fd0 : flooply format a disk.
  6. mkswap / dev/hda3 : create a swap file system.

Working with SWAP

  1. mkswap / dev/hda3 : create file system swap.
  2. swapon / dev/hda3 : activating a new swap partition.
  3. swapon / dev/hda2 / dev/hdb3 : activate two swap partitions.

You save (Backup)

  1. dump-0AJ-f / tmp/home0.bak / home : make a complete saves directory '/ home'.
  2. dump-1aj-f / tmp/home0.bak / home : make incremental saves directory '/ home'.
  3. restore-if / tmp/home0.bak : restoring a saved interactively.
  4. rsync-rogpav-delete / home / tmp : synchronization between directories.
  5. -rogpav rsync-e ssh-delete / home ip_address :/ tmp : tunnel rsync through SSH .
  6. rsync-az-e ssh-delete ip_addr :/ home / public / home / local : synchronize a local directory with a remote directory via ssh and compression.
  7. rsync-az-e ssh-delete / home / local ip_addr :/ home / public : Synchronize a remote directory with a local directory via ssh and compression.
  8. dd bs = 1M if = / dev / hda | gzip | ssh user @ ip_addr 'dd of = hda.gz' : make a save on a hard disk on a remote host via ssh.
  9. dd if = / dev / sda of = / tmp/file1 : save the contents of a hard drive to a file. (In this case the hard drive is "sda" and the file "file1").
  10. tar-Puf backup.tar / home / user : make incremental saves directory '/ home / user'.
  11. (Cd / tmp / local / && tar c.) | Ssh-C user @ ip_addr 'cd / home / share / && tar x-p' : copy the contents of a directory on a remote directory via ssh.
  12. (Tar c / home) | ssh-C user @ ip_addr 'cd / home / backup-home && tar x-p' : copy a local directory on a remote directory via ssh.
  13. tar cf -. | (Cd / tmp / backup, tar xf -) : local copy preserving permits and links from one directory to another.
  14. find / home/user1-name '*. txt' | xargs cp-av-target-directory = / home / backup /-parents : find and copy all files with '. txt' from one directory to another.
  15. find / var / log-name '*. log' | tar cv-files-from = - | bzip2> log.tar.bz2 : find all files with '. log' and make a bzip file.
  16. dd if = / dev / hda of = / dev/fd0 bs = 512 count = 1 : make a copy of MRB (Master Boot Record) to floppy.
  17. dd if = / dev/fd0 of = / dev / hda bs = 512 count = 1 : restore the backup of the MBR (Master Boot Record) saved on a floppy.

CD-ROM

  1. gracetime cdrecord-v = 2 dev = / dev / cdrom-eject blank = fast-force : clean or erase a rewritable cd.
  2. mkisofs / dev / cdrom> cd.iso : create an iso image of cdrom on disk.
  3. mkisofs / dev / cdrom | gzip> cd_iso.gz : create a compressed iso image of cdrom on disk.
  4. mkisofs-J-allow-leading-dots-R-V "CD Label"-iso-level 4-o. / cd.iso data_cd : create an iso image from a directory.
  5. cdrecord-v dev = / dev / cdrom cd.iso : burn an iso image.
  6. gzip-dc cd_iso.gz | cdrecord dev = / dev / cdrom - : burn an iso image compression.
  7. cd.iso mount-o loop / mnt / iso : mount an iso image.
  8. cd-paranoia-B : take songs from a cd to wav files.
  9. cd-paranoia - "-3" : take the first 3 songs from a CD to wav files.
  10. cdrecord-scanbus : scan bus to identify the channel scsi.
  11. dd if = / dev / hdc | md5sum : md5sum operating a device such as a CD.

Working with the Network ( LAN and Wi-Fi)

  1. ifconfig eth0 : show the configuration of an Ethernet network card.
  2. ifup eth0 : activate an interface 'eth0?.
  3. ifdown eth0 : disable an interface 'eth0?.
  4. ifconfig eth0 192.168.1.1 netmask 255.255.255.0 : set an IP address.
  5. ifconfig eth0 promisc : configure 'eth0? common mode for packets (sniffing).
  6. dhclient eth0 : active interface 'eth0? dhcp mode.
  7. route-n : show route table.
  8. route add-net 0/0 gw ip_gateway : default input configuration.
  9. route add-net 255.255.0.0 netmask 192.168.0.0 gw 192.168.1.1 : Configure static route for network search '192 .168.0.0/16?.
  10. route of 0/0 gw ip_gateway : remove the static route.
  11. echo "1"> / proc/sys/net/ipv4/ip_forward : enable ip route.
  12. hostname : display the system hostname.
  13. host www.example.com : find the host name to resolve the name to an IP address (1).
  14. nslookup www.example.com : find the host name to resolve the name to an IP direccióm and vice versa (2).
  15. ip link show : mostar the link status of all interfaces.
  16. mii-tool eth0 : mostar the link status of 'eth0?.
  17. ethtool eth0 : card display statistics for 'eth0?.
  18. netstat-tup : show all active network connections and their PID.
  19. netstat-tupl : show all network services listening on the system and its PID.
  20. tcp port 80 tcpdump : show all traffic HTTP .
  21. iwlist scan : show wireless networks.
  22. iwconfig eth1 : show the configuration of a wireless network card.
  23. whois www.example.com : search Whois database.

Microsoft Windows Networking (SAMBA)

  1. nbtscan ip_addr : network name resolution changes.
  2. nmblookup-A ip_addr : network name resolution changes.
  3. smbclient-L ip_addr / hostname : remote actions show a windows host.

IP Tables (FIRE)

  1. iptables-t filter-L : show all chains of the filter table.
  2. iptables-t nat-L : show all chains of the nat table.
  3. iptables-t filter-F : clear all rules from the filter table.
  4. iptables-t nat-F : clean all nat table rules.
  5. iptables-t filter-X : delete any user-created chain.
  6. iptables-t filter-A INPUT-p tcp-dport telnet-j ACCEPT : allow telnet connections to ent.
  7. iptables-t filter-A OUTPUT-p tcp-dport http-j DROP : block connections HTTP to exit.
  8. iptables-t filter-A FORWARD-p tcp-dport pop3-j ACCEPT : connections allow POP to a front chain.
  9. iptables-t filter-A INPUT-j LOG-log-prefix "DROP INPUT" : recording an input string.
  10. iptables-t nat-A POSTROUTING-o eth0-j MASQUERADE : configure a PAT (Port Address Translation) on eth0, hiding the forced departure packages.
  11. iptables-t nat-A PREROUTING-d 192.168.0.1-p tcp-m tcp-dport 22-j DNAT-to-destination 10.0.0.2:22 : diriguidos redirect packets from one host to another.

Monitoring and debugging

  1. top : show tasks using most cpu linux.
  2. ps-eafw : Linux displays tasks.
  3. ps-e-o pid, args-forest : shows Linux tasks in a hierarchical fashion.
  4. pstree : show system processes tree.
  5. kill -9 ID_Processo : force close and finish process.
  6. kill -1 ID_Processo : force a process to reload the configuration.
  7. lsof-p $ $ : display a list of files opened by processes.
  8. lsof / home/user1 : lists open files on a given road system.
  9. strace-c ls> / dev / null : show system calls made ​​and received by a process.
  10. strace-f-e open ls> / dev / null : display library calls.
  11. watch-n1 'cat / proc / interrupts' : show interruptions in real time.
  12. last reboot : reboot show history.
  13. lsmod : display the loaded kernel.
  14. free-m : Displays the status of RAM in megabytes.
  15. smartctl-A / dev / hda : monitor the reliability of a hard drive via SMART.
  16. smartctl-i / dev / hda : check if SMART is enabled on a hard disk.
  17. tail / var / log / dmesg : show events inherent in the charging process of the kernel.
  18. tail / var / log / messages : show system events.

Other useful commands

  1. apropos ... keyword : display a list of commands that belong to the keywords of a program, are useful when you know what makes your program, but sconoces the command name.
  2. man ping : display manual pages on-line, for example, in a ping command, use the '-k' to find any related command.
  3. whatis ... keyword : Displays the description of what the program does.
  4. mkbootdisk-device / dev/fd0 `uname-r` : create a floppy boteable.
  5. gpg-c file1 : encrypt a file with GNU security guard.
  6. file1.gpg gpg : decode a file with GNU Security Guard.
  7. wget-r www.example.com : download an entire website.
  8. wget-c www.example.com / file.iso : download a file with the possibility to stop the download and resume later.
  9. echo 'wget-c www.example.com / files.iso '| at 9:00 : Start a download at any time. In this case begin at 9 am.
  10. ldd / usr / bin / ssh : display the shared libraries required by ssh.
  11. hh alias = 'history' : place an alias for a commando-hh = history.
  12. chsh : change the command Shell.
  13. chsh-list-shells : it is an appropriate command to find out if you have to remote into another terminal.
  14. who-to : show who is registered, and print time of last import system, dead processes, system logging processes, active processes produced by init, current and past performance of the system clock changes
Source-
at No comments: