Aerosol

SpiderFoot is a free, open-source footprinting tool, enabling you to perform various scans against a given domain name in order to obtain information such as sub-domains, e-mail addresses, owned netblocks, web server versions and so on. The main objective of SpiderFoot is to automate the footprinting process to the greatest extent possible, freeing up a penetration tester’s time to focus their efforts on the security testing itself. SpiderFoot has written in Python and runs on Linux, *BSD and Windows. Download: SpiderFoot - Browse Files at SourceForge.net

w3af, is a Web Application Attack and Audit Framework. The w3af core and it’s plugins are fully written in python, it identifies more than 200 vulnerabilities and reduce your site’s overall risk exposure. Identify vulnerabilities like SQL Injection, Cross-Site Scripting, Guessable credentials, Unhandled application errors and PHP misconfigurations. Download: https://github.com/andresriancho/w3af

Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost* any powered on machine you have physical access to. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces. Download: https://github.com/carmaa/inception

Depdep is a merciless sentinel which will seek sensitive files containing critical info leaking through your network. Download: https://github.com/galkan/depdep

Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information. Argus is composed of an advanced comprehensive network flow data generator, the Argus sensor, which processes packets (either capture files or live packet data) and generates detailed network flow status reports of all the flows in the packet stream. Argus captures much of the packet dynamics and semantics of each flow, with a great deal of data reduction, so you can store, process, inspect and analyze large amounts of network data efficiently. Argus provides reachability, availability, connectivity, duration, rate, load, good-put, loss, jitter, retransmission, and delay metrics for all network flows, and captures most attributes that are available from the packet contents, such as L2 addresses, tunnel identifiers (MPLS, GRE, ESP, etc…), protocol ids, SAP’s, hop-count, options, L4 transport identification (RTP, RTCP detection), host flow control indications, etc. Argus is used by many sites to generate network activity reports for every network transaction on their networks. The network audit data that Argus generates is great for security, operations and performance management. The data is used for network forensics, non-repudiation, network asset and service inventory, behavioral baselining of server and client relationships, detecting covert channels, and analyzing Zero day events. Argus is an Open Source project, currently running on Mac OS X, Linux, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, IRIX, Windows (under Cygwin) and OpenWrt, and has been ported to many hardware accelerated platforms, such as Bivio, Pluribus, Arista, and Tilera. The software should be portable to many other environments with littleor no modifications. Performance is such that auditing an entire enterprise’s Internet activity can be accomplished using modest computing resources. Download: ARGUS- Auditing Network Activity - Getting Argus

iosForensic is a python tool to help in forensics analysis on iOS. It get files, logs, extract sqlite3 databases and uncompress .plist files in xml. It is licensed under the GNU GPL v3 License. How to use Options -h --help : show help message -a --about : show informations -v --verbose : verbose mode -i --ip : local ip address of the iOS terminal -p --port : ssh port of the iOS terminal (default 22) -P --password : root password of the iOS terminal (default alpine) Tot ce vrei sa stii gasesti aici: https://www.owasp.org/index.php/Projects/OWASP_iOSForensic ( puteai sa dai si tu un search pe google )

apk_binder_script allows us to unify two apk’s in one or add a service apk smali code to the target. This copy smali code, active and manifest. Implements a receiver acting loader loading the class specified as a parameter (a service). The original application is normally run in parallel, the service is invoked by the loader based on two events: android.intent.action.BOOT_COMPLETED android.intent.action.ACTION_POWER_CONNECTED You can add actions and permissions as desired. In short, allows us to “extend” the functionality of a apk, doors implement “administrative” etc. Download: https://github.com/funsecurity/apk_binder_script

Webfwlog is a flexible web-based firewall log analyzer and reporting tool. It supports standard system logs for linux, FreeBSD, OpenBSD, NetBSD, Solaris, Irix, OS X, etc. as well as Windows XP®. Supported log file formats are netfilter, ipfilter, ipfw, ipchains and Windows XP®. Webfwlog also supports logs saved in a database using the ULOG or NFLOG targets of the linux netfilter project, or any other database logs mapped with a view to the ulogd schema. Versions 1 and 2 of ulogd database schemas are supported. Webfwlog is licensed under the GNU GPL. Webfwlog fully supports IPv6 for database logs, and netfilter and ipfilter system logs. With Webfwlog you can design reports to use on your logged data in whatever configuration you desire. Included are example reports as a starting point. You can sort a report with a single click, “drill-down” on the reports all the way to the packet level, and save your reports for later use. Download: Web-based Firewall Log Analyzer - Browse Files at SourceForge.net

ByWaf is a Web Application Penetration Testing Framework (WAPTF). It consists of a command-line interpreter and a set of plugins. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License. ....____ _ __ ____ .../ __ ) __ __| | / / ____ _ / __/ ../ __ | / / / /| | /| / / / __ `/ / /_ ./ /_/ / / /_/ / | |/ |/ / / /_/ / / __/ /_____/ \__, / |__/|__/ \__,_/ /_/ /____/ The Bywaf application is built on Python’s built-in cmd.Cmd class. Cmd is a lightweight command interpreter loop that provides several useful facilities for the developer, including overridable hook methods and easy addition of commands and help. For the user, it offers commandline editing with readline, including automatic tab completion of commands, command options and filenames. Bywaf contains a sub-classed version of Cmd called Wafterpreter, which adds some important additions, including: Loading and selecting plugins. Getting and setting global and per-plugin options. Additional methods exposing functionality to the plugins. Backgrounding jobs, ending running jobs and querying job status. Loading scripts from the the command-line or within the interpreter. Loading, saving, showing and clearing the command history. Wafterpreter API and utility methods: The Wafterpreter API encompasses methods used by both the plugins as well as the Wafterpreter’s own methods; this allows for plugins to refining its behavior by assigning their own methods in their place. Utility methods are time-saving shortcuts; while the API methods are the preferred way to change the interpreter’s behavior and to perform queries for jobs. filename_completer(): a utility method and API that when given a set of starting and ending indices of the current word under the command-line cursor, returns the available filenames the word matches. This parameters to this method are supplied to completion methods, which can in turn pass them to this method. get_job(): this utility method retrieves a Futures instace from the Wafterpreter’s internal list of completed and running jobs, given its job ID. This is useful in querying information about individual jobs (see do_kill() for an example). finished_job_callback(): This overridable method is called upon the completion of a backgrounded job. It is used by the onecmd() method to notify the user when a backgrounded job has finished. set_prompt(): an API method for setting the prompt to reflect a new plugin name. get_history_item(): an API method returning the command history. save_history(): an API method for saving the command history to a file. load_history(): an API method for loading the command history from a file. clear_history(): an API method for clearing the command history. load_module(): a private low-level method for loading modules. Gets called by do_use(). There should not be a reason for its use outside that method. Download: https://github.com/depasonico/OWASP-ByWaf

YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool. Its goal is to be as simple as possible with minimum binary dependencies (only sed, grep and cut). Second goal is to document each test with maximum information and links to official documentation. It do many tests for checking security configuration issue or others good practice. YASAT is licensed under GPLv3. It checks many software configurations like: Apache Bind DNS CUPS PHP kernel configuration mysql network configuration openvpn Packages update samba snmpd squid syslog tomcat user accounting vsftpd xinetd Download: yasat - Browse Files at SourceForge.net

PEStudio is a unique tool that performs the static investigation of 32-bit and 64-bit executable. PEStudio is free for private non-commercial use only. Malicious executable often attempts to hide its malicious behavior and to evade detection. In doing so, it generally presents anomalies and suspicious patterns. The goal of PEStudio is to detect these anomalies, provide Indicators and score the Trust for the executable being analyzed. Since the executable file being analyzed is never started, you can inspect any unknown or malicious executable with no risk. Download: Index of /tools

Automater is a tool that I originally created to automate the OSINT analysis of IP addresses. It quickly grew and became a tool to do analysis of IP Addresses, URLs, and Hashes. Unfortunately though, this was my first python project and I made a lot of mistakes, and as the project grew it bacame VERY hard for me to maintain. Download: https://github.com/1aN0rmus/TekDefense-Automater

Download: https://github.com/Flo354/iOSForensic/releases/tag/1.0

Readme.txt This file is used to list a few config items and recommendation. Also some basic Praeda syntax Required perl modules: LWP::Simple LWP::UserAgent HTML::TagParser URI::Fetch HTTP::Cookies IO::Socket HTML::TableExtract Getopt::Std Net::SSL Net::SNMP NetAddr::IP; Quick CPAN command to make this happen: cpan -i LWP::Simple LWP::UserAgent HTML::TagParser URI::Fetch HTTP::Cookies IO::Socket HTML::TableExtract Getopt::Std Net::SSL Net::SNMP NetAddr::IP ----------------------------------------------------------------- Note: If running on Windows host and having issues install Net:SSL with cpan. 1.Change line 47 in praeda.pl from “use Net::SSL; to use Net::SSLeay; 2. Run following install for Net-SSLeay.ppd: ppm install http://www.sisyphusion.tk/ppm/Net-SSLeay.ppd ----------------------------------------------------------------- set root of praeda install in praeda.pl under my $dirpath ="."; Praeda version 0.02.3.109b syntax: first part of version 0.02.3 represent the core product version the Last 3 digits represent the number of product versions tested. PRAEDA OPTIONS: -g GNMAP_FILE -n CIDR or CIDR_FILE -t TARGET_FILE -p TCP_PORT -j PTOJECT_NAME -l OUTPUT_LOG_FILE -S SSL GNMAP_FILE = This is a .gnmap file output by a nmap scan. CIDR & CIDR_FILE = Subnet CIDR "192.168.1.0/24" or file containing list of CIDRs TARGET_FILE = List of IP addresses or Host names to enumerated TCP_PORT = port address of targets to scan " At present only one port can be specified. This is expected to be modified in future version" PROJECT_NAME = the name for this project. This will create a folder under the folder where Praeda was executed to contain logs and export info. OUTPUT_LOG_FILE = name of log file for data output SYNTAX FOR GNMAP FILE INPUT: praeda.pl -g GNMAP_FILE -j PROJECT_NAME -l OUTPUT_LOG_FILE SYNTAX FOR IP CIDR/CIDR FILE LIST: praeda.pl -t CIDR or CIDR_FILE -p TCP_PORT -j PROJECT_NAME -l OUTPUT_LOG_FILE -s SSL SYNTAX FOR IP TARGET FILE LIST: praeda.pl -t TARGET_FILE -p TCP_PORT -j PROJECT_NAME -l OUTPUT_LOG_FILE -s SSL Examples: ./praeda.pl -g scan1.gnmap -j acmewidget -l results ./praeda.pl -n 10.10.10.0/24 -p 80 -j project1 -l data-file ./praeda.pl -n cidrs.txt -p 80 -j project1 -l data-file ./praeda.pl -t target.txt -p 80 -j project1 -l data-file ./praeda.pl -t target.txt -p 443 -j project1 -l data-file -s SSL NOTE: The -n option has a limit on networks of 65535 so cidr mask less the /16 will error out with "netmask error: overrange". This is a limitation of the module NetAddr::IP. The results will create a folder called project1 and save all information in that folder. Also this will write out the following data. targetdata.txt : This is the parsed results of .gnmap file $LOGFILE-WebHost.txt : This is an output of all webservers querried listing IP:PORT:TITLE:SERVER $LOGFILE.log : This file will contain the results of the modules executed. RAW extract data including: Clones, Backups, Address Books ect... ****WARNING**** Also insure that your local firewall is turned off. Certain modules that require connection back to host system for the module to run correctly. Download: https://github.com/percx/Praeda

Spotlight is name of Apple OSX’s desktop search functionality. It indexes all the files on a volume storing metadata about filesystem object (e.g. file, directory) in an effort to provide fast and extensive file searching capabilities. The metadata stored includes familiar filesystem metadata, as in MAC times as well as file-internal metadata like image dimensions and color model. Spotlight allows users to search for documents with the Author tag “Snowden,” for example. These databases are created by OSX on each volume the machine can access, including flash drives. They can be found at the path: /.Spotlight-V100/Store-V2/<SomeHash>/store.db for each volume; we have also provided access to some sample databases with the tool download. 504ensics is proud to introduce our newest forensic tool, Spotlight Inspector (SI). This is a brand new tool we’re developing for the analysis of OSX Spotlight databases. It parses Spotlight metadata databases and provides functionality to work with the internal data in a clean and useful way. On to some features! Download: Spotlight Inspector Digital Forensics Tool Announced | 504ENSICS Labs

Shellter is a dynamic shellcode injection tool, and probably the first dynamic PE infector ever created. It can be used in order to inject shellcode into native Windows applications (currently 32-bit apps only). The shellcode can be something yours or something generated through a framework, such as Metasploit. Shellter takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing memory access permissions in sections (unless the user wants), adding an extra section with RWE access,and whatever would look dodgy under an AV scan. Shellter uses a unique dynamic approach which is based on the execution flow of the target application. Download: https://www.shellterproject.com/download/

What is HAKA Haka is a collection of tool that allows capturing TCP/IP packets and filtering them based on Lua policy files. Required Toolchain (GCC, Make, ...) cmake (>= 2.8) swig tshark check rsync libpcap gawk libedit libpcre Optional Git Cppcheck Netfilter Queue Valgrind Sphinx (>= 2) Doxygen Inkscape python-blockdiag python-seqdiag Download: https://github.com/haka-security/haka

The iOS Reverse Engineering Toolkit is a toolkit designed to automate many of the common tasks associated with iOS penetration testing. It automates a many common tasks including: binary analysis using otool keychain analysis using keychain_dumper reading database content using sqlite reading log and plist files binary decryption using dumpdecrypted dumping binary headers using class_dump_z creating, editing, installing theos tweaks Installation: You can download the files and build the debian package yourself or you can simply install the iRET.deb package onto any jailbroken device using dpkg -i on the command line or by using iFile, which is available from Cydia. After it is installed, respring the device and you should see a new "iRET" icon on the device. Usage: Must be connected to a wireless network. Launch the application, click the "Start" button. It will then show the ip address and port number you should navigate to on your computer (computer must be connected to same wireless network as device). On first run, it will take a bit of time for the iRET tool to identify all of the required tools. Dependencies: The following apps are required to be installed on the device (in addition to the tools required on the main page) Python (2.5.1 or 2.7) (Need to be Cydia ‘Developer’) coreutils Erica Utilities file adv-cmds Bourne-Again Shell iOS Toolchain (coolstar version) Darwin CC Tools (coolstar version) An iOS SDK (presumably iOS 6.1 or 7.x) installed to $THEOS/sdks Landing Page: Functionality Tabs: Issue of keeping a selected file in the dropdown, when the name contains a space in it. Download: https://github.com/S3Jensen/iRET

Rainbow Maker is a python based tool for Cracking hash signatures & Creating Rainbow Table. Introduction OWASP Rainbow Maker is a tool aimed to break hash signatures. It allows testers to insert a hash value and possible keywords and values that might used by the application to create it, then it tried multiple combinations to find the format used to generate the hash value. Description give it a hash value, and a possible words that might led to create this value - the tool has a delimiter list (){} ;,'[]"~, etc. and it goes over all the words inserted and tries all possible combinations... for example: if you entered: password, pass, Pass, Password, secret123 it will try all kind of combinations such as: [password:secret123] "Pass";"secret12" {Password,secret123} etc. etc. Its other use is to produce a Rainbow Table out of the given word-list. Download: https://www.owasp.org/index.php/OWASP_Rainbow_Maker_Project

The OWASP WebSpa Project is a Java web knocking tool for sending a single HTTP/S request to your web server in order to authorize the execution of a premeditated Operating System (O/S) command. It provides a cryptographically protected "open sesame" mechanism on the web application layer, comparable to well-known port-knocking techniques Download: https://www.owasp.org/index.php/OWASP_WebSpa_Project

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tool. Download: Mobius Forensic Toolkit - Summary [savannah]

WPHardening fortification is a security tool for WordPress Usage $ python wphardening.py -h Options: --version show program's version number and exit -h, --help show this help message and exit -v, --verbose Active verbose mode output results --update Check for WPHardening latest stable version Target: This option must be specified to modify the package WordPress. -d DIRECTORY, --dir=DIRECTORY **REQUIRED** - Working Directory. --load-conf=FILE Load file configuration. Hardening: Different tools to hardening WordPress. -c, --chmod Chmod 755 in directory and 644 in files. -r, --remove Remove files and directory. -b, --robots Create file robots.txt -f, --fingerprinting Deleted fingerprinting WordPress. -t, --timthumb Find the library TimThumb. --wp-config Wizard generated wp-config.php --delete-version Deleted version WordPress. --plugins Download Plugins Security. --proxy=PROXY Use a HTTP proxy to connect to the target url for --plugins and --wp-config. --indexes It allows you to display the contents of directories. --malware-scan Malware Scan in WordPress project. Miscellaneous: -o FILE, --output=FILE Write log report to FILE.log Examples Check a WordPress Project $ python wphardening.py -d /home/path/wordpress -v Change permissions $ python wphardening.py -d /home/path/wordpress --chmod -v Remove files that are not used $ python wphardening.py -d /home/path/wordpress --remove -v Create your robots.txt file $ python wphardening.py -d /home/path/wordpress --robots -v Remove all fingerprinting $ python wphardening.py -d /home/path/wordpress --fingerprinting -v Check a TimThumb library $ python wphardening.py -d /home/path/wordpress --timthumb -v Create Index file $ python wphardening.py -d /home/path/wordpress --indexes -v Download Plugins security $ python wphardening.py -d /home/path/wordpress --plugins Wizard generated wp-config.php $ python wphardening.py -d /home/path/wordpress --wp-config Deleted version WordPress $ python wphardening.py -d /home/path/wordpress --delete-version -v WPHardening update $ python wphardening.py --update Use all options $ python wphardening.py -d /home/user/wordpress -c -r -f -t --wp-config --delete-version --indexes --plugins -o /home/user/wphardening.log Download: https://github.com/elcodigok/wphardening