terça-feira, 5 de julho de 2011
PTES - The Penetration Testing Execution Standard:
http://www.pentest-standard.org/index.php/Main_Page
segunda-feira, 4 de julho de 2011
Wi-fEye is designed to help with network penetration testing (wireless - python)
Wi-fEye is designed to help with network penetration testing, Wi-fEye will allow you to perform a number of powerful attacks Automatically, all you have to do is to lunch Wi-fEye, choose which attack to perform, select your target and let Wi-fEye do the magic !!.
Wi-fEye is divided to four main menus:
Cracking menu: This menu will allow you to:
Enable monitor mode
View avalale Wireless Networks
Launch Airodump-ng on a specific AP
WEP cracking: this will allow you to perform the following attacks automatically:
Interactive packet replay.
Fake Authentication Attack.
Korek Chopchop Attack.
Fragmentation Attack.
Hirte Attack (cfrag attack).
Wesside-ng.
WPA Cracking: This contains the following attacks:
Wordlist Attack
Rouge AP Attack.
2. Mapping: this menu will allow you to do the following:
Scan the network and view the connected hosts.
Use Nmap Automatically.
3. MITM: this menu will allow you to do the following Automatically:
Enable IP forwarding.
ARP Spoof.
Launch ettercap (Text mode).
Sniff SSL/HTTPS traffic.
Sniff URLs and send them to browser.
Sniff messengers from instant messengers.
Sniff images.
DNS Spoof.
HTTP Session Hijacking (using Hamster).
4. Others: this menu will allow you to o the following automatically:
Change MAC Address.
Hijack software updates (using Evilgrade).
Wi-fEye is divided to four main menus:
Cracking menu: This menu will allow you to:
Enable monitor mode
View avalale Wireless Networks
Launch Airodump-ng on a specific AP
WEP cracking: this will allow you to perform the following attacks automatically:
Interactive packet replay.
Fake Authentication Attack.
Korek Chopchop Attack.
Fragmentation Attack.
Hirte Attack (cfrag attack).
Wesside-ng.
WPA Cracking: This contains the following attacks:
Wordlist Attack
Rouge AP Attack.
2. Mapping: this menu will allow you to do the following:
Scan the network and view the connected hosts.
Use Nmap Automatically.
3. MITM: this menu will allow you to do the following Automatically:
Enable IP forwarding.
ARP Spoof.
Launch ettercap (Text mode).
Sniff SSL/HTTPS traffic.
Sniff URLs and send them to browser.
Sniff messengers from instant messengers.
Sniff images.
DNS Spoof.
HTTP Session Hijacking (using Hamster).
4. Others: this menu will allow you to o the following automatically:
Change MAC Address.
Hijack software updates (using Evilgrade).
fern-wifi-cracker
This is a wireless security auditing application that is written in python and uses python-qt4. This application uses the aircrack-ng suite of tools.
It should work on any version of linux running the following:
Requirements:
python
python-qt4
macchanger
aircrack-ng
xterm
To install simply run the following command in terminal after changing directory to the path were the downloaded package is:
dpkg -i Fern-Wifi-Cracker_1.1_all.deb
Software Icon can be found at the application Menu of the GNOME desktop interfaces
Icon can also be found at /usr/share/applications for KDE and also GNOME:
There you find "Fern_Wifi_Cracker.desktop"
Downloads:
http://code.google.com/p/fern-wifi-cracker/downloads/list
Elegant Gnome Pack on Ubuntu
This is a project that provides an automatic configuration of your GNOME desktop just in one click, with the backup and restoring support.
The main goal of this projects is to create the most complete dark theme for the GNOME desktop with easy installation experience.
You must have this stuff installed on your system before you'll start:
Murrine GTK engine 0.98.0 or higher
Droid Sans Font
Nautilus Elementary (optional)
The pack contains the following stuff :
GUI utility to configure your desktop
Icon theme: Elegant-AwOken based on the AwOken icon set by alecive
GTK+ theme: Elegant GTK theme v 4.0
Cursor Theme: Neutral++ by ducakar
Wallpaper: gDIGE by *Muscarr
Keyboard layout indicator flags
Firefox theme
Google Chrome theme by Jorge Carrillo
Google Chrome scrollbar extension
Google Chrome selection extension
Smplayer theme
Pidgin buddy list theme by Szabo Istvan
Ubuntu Lucid/Maverick and Linux Mint 9/10 installation instructions:
1. Install Elegant GNOME:
sudo add-apt-repository ppa:elegant-gnome/ppa
sudo apt-get update && sudo apt-get upgrade
a)sudo apt-get install elegant-gnome
or
b)sudo apt-get install elegant-gnome-mint
2. Go to "Applications -> Accessories -> Elegant GNOME"
1. Install Nautilus Elementary: (optional)
sudo add-apt-repository ppa:am-monkeyd/nautilus-elementary-ppa
sudo apt-get update && sudo apt-get upgrade 2. Run Elegant GNOME app
3. Choose Configure Nautilus -> Nautilus Elementary
To install the pack from sources:
1. Download the archive and extract it
2. Open the terminal and cd to the extracted directory.
3. Run the command "make "(e.g. "make ubuntu").
run "make help" to see the available variants.
4. Run the command "sudo make install".
5. Go to "Applications -> Accessories -> Elegant GNOME".
6. Optional step. If you use the Nautilus Elementary:
a) Go to Applications -> Accessories -> Elegant GNOME
b) Choose "Configure Nautilus"
c) Select "Nautilus Elementary"
To remove the pack:(installed from sources)
1. Open the terminal and cd to the extracted directory.
2. Run the command "sudo make uninstall"
To install the Google Chrome theme:
1. Download and extract the "Google Chrome" archive
2. Drag and drop the *.crx files into the Google Chrome window.
Install Gerix Wifi/Wireless Cracker Ubuntu 10.04
Here we are to present the new version of Gerix Wifi Cracker NG (New Generation), a really complete GUI for Aircrack-NG which includes useful extras.
Completely re-written in Python + QT, automates all the different techniques to attack Access Points and Wireless Routers (but not only ..)
Currently Gerix Wifi Cracker NG is available and supported natively by BackTrack (pre-installed on the BT4 Final version) and available on all the different Debian Based distributions (Ubuntu, etc..).
The software requires: aircrack-ng, xterm, machchanger, zenity and obviously python-qt3. The version 1.0 is publicly released for the last tests and to collect opinions from users.
To install, open terminal and type
wget http://www.clshack.it/nopaste/gerix-wifi-cracker-ng-2.0-bt7.deb
sudo dpkg -i gerix-wifi-cracker-ng-2.0-bt7.deb
If cannot install then creates the directory
mkdir / pentest / wireless / wifi-gerix-cracker-ng
Well, once installed, can open it from here:
sudo python /usr/share/gerix-wifi-cracker-ng/gerix.py
or
sudo python /pentest/wireless/gerix-wifi-cracker-ng/gerix.py
BackTrack 5 Tools in Ubuntu 10.04 LTS
I wanted to use the new repository for Backtrack 5 to install some of the awesome sauce on Ubuntu. But to do so you need the repo links and key which is no where to be found on the intraweb... however if you already have a BT5 up and running all the info is there, just look under /etc/apt/ and you will see a file called trusted.gpg, you can import the key on Ubuntu using Software Sources under the Authentication tab and for Gnome 32bit the repository on my BT are:
deb http://all.repository.backtrack-linux.org revolution main microverse non-free testing
deb http://32.repository.backtrack-linux.org revolution main microverse non-free testing
deb http://source.repository.backtrack-linux.org revolution main microverse non-free testing
I would image 64bit is the same just change the 32 to 64.. maybe I don't know.. Just use software sources to put them in. Note, its not recommended. A lot of the packages are patched and optimized for BackTrack. "We cannot more strongly recommend against this action because BackTrack tools are built with many custom features and libraries. We have no way of knowing how they will preform on a non Backtrack distribution. If you decide on this course of action you do so at your own risk and the BackTrack team will not offer any support." You've been warned. Doesn't matter to me, I usually bork mine atleast once a month doing something dumb, but that's the fun part, trying to fix it.
If you want a list of all the packages installed on BackTrack, just run "dpkg -l > bt5.txt" from the Backtrack terminal, or just download mine from here, it's BT5 Gnome 32bit package list. It's not the default however, I made this list after I had added a few things like bleachbit, synaptic package manager, and some gnome utils..
@firebitsbr
deb http://all.repository.backtrack-linux.org revolution main microverse non-free testing
deb http://32.repository.backtrack-linux.org revolution main microverse non-free testing
deb http://source.repository.backtrack-linux.org revolution main microverse non-free testing
I would image 64bit is the same just change the 32 to 64.. maybe I don't know.. Just use software sources to put them in. Note, its not recommended. A lot of the packages are patched and optimized for BackTrack. "We cannot more strongly recommend against this action because BackTrack tools are built with many custom features and libraries. We have no way of knowing how they will preform on a non Backtrack distribution. If you decide on this course of action you do so at your own risk and the BackTrack team will not offer any support." You've been warned. Doesn't matter to me, I usually bork mine atleast once a month doing something dumb, but that's the fun part, trying to fix it.
If you want a list of all the packages installed on BackTrack, just run "dpkg -l > bt5.txt" from the Backtrack terminal, or just download mine from here, it's BT5 Gnome 32bit package list. It's not the default however, I made this list after I had added a few things like bleachbit, synaptic package manager, and some gnome utils..
@firebitsbr
Script Crawler Python - Web Crawler Security Tool
The web Crawler is a python based tool that automatically spider a web site. This tool also look for directory indexing and crawl the directories with indexing again to list all files in it. There is also an option that allows download the files found and it can be used with FOCA or other software to extract metadata from files.
Current stable version is 0.4 and the main features are:
Crawl http and https web sites.
Crawl http and https web sites not using common ports.
Uses regular expressions to find ‘href’ and ‘src’ html tag. Also content links.
Identifies relative links.
Identifies domain related emails.
Identifies directory indexing.
Detects references to URLs like ‘file:’, ‘feed=’, ‘mailto:’, ‘javascript:’ and others.
Uses CTRL-C to stop current crawler stages and continue working.
Identifies file extensions (zip, swf, sql, rar, etc.)
Download files to a directory:
Download every important file (images, documents, compressed files, etc)
Or download specified files types.
Or download a predefined set of files (like ‘document’ files: .doc, .xls, .pdf, .odt, .gnumeric, etc.).
Maximum amount of links to crawl. A default value of 5000 URLs is set.
Follows redirections using HTML and JavaScript Location tag and HTTP response codes.
Note: This crawler can be used with Domain Analyzer Security Tool. (See Domain Analyzer)
http://sourceforge.net/projects/webcrawler-py/
Current stable version is 0.4 and the main features are:
Crawl http and https web sites.
Crawl http and https web sites not using common ports.
Uses regular expressions to find ‘href’ and ‘src’ html tag. Also content links.
Identifies relative links.
Identifies domain related emails.
Identifies directory indexing.
Detects references to URLs like ‘file:’, ‘feed=’, ‘mailto:’, ‘javascript:’ and others.
Uses CTRL-C to stop current crawler stages and continue working.
Identifies file extensions (zip, swf, sql, rar, etc.)
Download files to a directory:
Download every important file (images, documents, compressed files, etc)
Or download specified files types.
Or download a predefined set of files (like ‘document’ files: .doc, .xls, .pdf, .odt, .gnumeric, etc.).
Maximum amount of links to crawl. A default value of 5000 URLs is set.
Follows redirections using HTML and JavaScript Location tag and HTTP response codes.
Note: This crawler can be used with Domain Analyzer Security Tool. (See Domain Analyzer)
http://sourceforge.net/projects/webcrawler-py/
Assinar:
Postagens (Atom)