Posts

Showing posts from November, 2018

sshesame: A fake SSH server that lets everyone in and logs their activity

Image
sshesame A fake SSH server that lets everyone in and logs their activity.




Warning This software, just like any other, might contain bugs. Given the popular nature of SSH, you probably shouldn’t run it unsupervised as root on a production server on port 22. Use common sense.
sshesame accepts and logs
every password authentication request,every SSH channel open request andevery SSH request Installinggo get -u github.com/jaksi/sshesame or
snap install sshesame Usage$ sshesame -h Usage of sshesame: -host_key string a file containing a private key to use -json_logging enable logging in JSON -listen_address string the local address to listen on (default "localhost") -port uint the port number to listen on (default 2022) -server_version string The version identification of the server (RFC 4253 section 4.2 requires that this string start with "SSH-2.0-") (default "SSH-2.0-sshesame")
Consider creating a private key to use with sshes…

Wireshark Analyzer 2.6.5 released: Open source network protocol analyzer

Image
Wireshark Analyzer is a fantastic multi-platform open source network protocol analyzer. It can be used to check the analysis of data from the network host to survive, but also look to capture files from the disk. You can interactively browse the capture data, just capture details of the package, you need to analyze. Wireshark has some powerful features, including the ability to rich display filter language and view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. It includes a similar tcpdump named tshark the console version. Note that Wireshark emergence of a few dozens of remotely exploitable vulnerabilities, and thus needs to be updated to the latest version, and do not run in an insecure network environment.




Wireshark Analyzer 2.6.5 released.
Changelog v2.6.5
What’s NewThe Windows installers now ship with Qt 5.9.7. Previously they shipped with Qt 5.9.5. Bug Fixes The following vulnerabilities have been fixed: wnpa-sec-2018-…

Online Ethical Hacking Course

Image
hacker computer school provide online ethical hacking course. this school provide advance label ethical hacking training.



The Certified Expert Ethical Hacker program is the pinnacle of the most desired information security training program any information security professional will ever want to be in. To master the hacking technologies, you will need to become one, but an ethical one! The accredited course provides the advanced hacking tools and techniques used by hackers and information security professionals alike to break into an organization. As we put it, To beat a hacker, you need to think like a hacker . This course will immerse you into the Hacker Mindset so that you will be able to defend against future attacks. The security mindset in any organization must not be limited to the silos of a certain vendor, technologies or pieces of equipment.


This ethical hacking course puts you in the driver s seat of a hands-on environment with a systematic process. Here, you wi…

Online Ethical Hacking Training

Image
Hacker Computer School provide online world most advance ceeh -certified expert ethical hacker course. this school challenge to ec-council course cehv10 because ec-council provide only security training not a hacking moreover all practical is old but our school always provide new update hacking practicals. You join a online ceeh -certified expert ethical hacker training and become a expert ethical hacker.


This Ethical Hacking Course on online will train you on the advanced step-by-step methodologies that hackers actually use, such as writing virus codes, and reverse engineering, so you can better protect corporate infrastructure from data breaches. You’ll master advanced network packet analysis, securing web servers, malware threats, and advanced system penetration testing techniques to build your network security skillset and beat hackers at their own game.

www.hackercomputerschool.com  WhatsApp - IMO - Telegram +91 -7988285508

evilginx2 v2.2 releases: MITM attack framework that allow to bypass 2-factor authentication

Image
evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.
This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide man-in-the-middle functionality to act as a proxy between a browser and phished website. The present version is fully written in GO as a standalone application, which implements its own HTTP and DNS server, making it extremely easy to set up and use.

I am very much aware that Evilginx can be used for nefarious purposes. This work is merely a demonstration of what adept attackers can do. It is the defender’s responsibility to take such attacks into consideration and find ways to protect their users against this type of phishing attacks. Evilginx should be used only in legitimate penetration testing assignments with written permission from to-be-phished parties.

Changelog v2.2
Added opti…

WebMap v2.2 releases: Nmap Web Dashboard and Reporting

Image
WebMap

FeaturesImport and parse Nmap XML filesRun and Schedule Nmap Scan from dashboardStatistics and Charts on discovered services, ports, OS, etc…Inspect a single host by clicking on its IP addressAttach labels on a hostInsert notes for a specific hostCreate a PDF Report with charts, details, labels and notesCopy to clipboard as Nikto, Curl or Telnet commandsSearch for CVE and Exploits based on CPE collected by NmapRESTful APIXML Filenames When creating the PDF version of the Nmap XML Report, the XML filename is used as document title on the first page. WebMap will replace some parts of the filename as follows:
_ will be replaced by a space ( ).xml will be removed Example: ACME_Ltd..xml
PDF title: ACME Ltd.
CVE and Exploits thanks to the amazing API services by circl.lu, WebMap is able to look for CVE and Exploits for each CPE collected by Nmap. Not all CPE are checked over the circl.lu API, but only when a specific version is specified (for example: cpe:/a:microsoft:iis:7.5 an…

amass v2.8.4 releases: In-depth subdomain

Online CEEH - Certified Expert Ethical Hacking Training  enumeration written in Go Amass is the subdomain enumeration tool with the greatest number of disparate data sources that performs analysis of the resolved names in order to deliver the largest number of quality results.
Amass performs scraping of data sources, recursive brute forcing, crawling of web archives, permuting and altering of names, reverse DNS sweeping, and machine learning to obtain additional subdomain names. The architecture makes it easy to add new subdomain enumeration techniques as they are developed.
DNS name resolution is performed across many public servers so the authoritative server will see traffic coming from different locations.
Changelogv2.8.4
enhanced the engine architecture to address #40 and #47 Download Use The most basic use of the tool, which includes reverse DNS lookups and name alterations:
$ amass -d example.com Add some additional domains to the enumeration:
$ amass -d example1.com,example…

exploitable: The ‘exploitable’ GDB plugin

Online Ethical Hacking/CEH/CEHv10/CEEH (Certified Expert Ethical Hacker) Training  GDB ‘exploitable’ plugin The ‘exploitable’ plugin (exploitable/exploitable.py) ‘exploitable’ is a GDB extension that classifies Linux application bugs by severity. The extension inspects the state of a Linux application that has crashed and outputs a summary of how difficult it might be for an attacker to exploit the underlying software bug to gain control of the system. The extension can be used to prioritize bugs for software developers so that they can address the most severe ones first.
The extension implements a GDB command called ‘exploitable’. The command uses heuristics to describe the exploitability of the state of the application that is currently being debugged in GDB. The command is designed to be used on Linux platforms and versions of GDB that include the GDB Python API. Note that the command will not operate correctly on core file targets at this time.
WARNING: This is an engi…

ropgenerator v1.2 releases: building ROP exploits

Image
Online Penetration Testing Training ROPGenerator ROPGenerator is a tool that makes ROP exploits easy. It enables you to automatically find gadgets or build ROP chains. The current version supports x86 and x64 binaries.
It uses the tool ROPgadget to extract gadgets from binaries and the barf-project to disassemble them. After gadgets are extracted, it analyzes them in order to compute their semantic and stores them according to their usefulness. Once the analysis is done, you can request ROPGenerator to automatically find gadgets or ROP chains by supplying semantic queries.
It is written in python. The tool has python2-only dependencies so it runs under python2 so far.
The tool is developed to achieve two main tasks:
Find gadgets easily: you can specify a semantic operation you want to perform and ROPGenerator will automatically find suitable gadgets and/or ropchainsBuild exploits automatically: you can use different strategies to create a full exploit by using built-in exploit…

trape v2.0 releases: People tracker on the Internet

Image
trape (open source)
People tracker on the Internet: Learn to track the world, to avoid being traced.
Trape is an OSINTanalysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their websites or services and control over their users through the browser, without them knowing, but It evolves with the aim of helping government organizations, companies and researchers to track the cyber criminals

LOCATOR OPTIMIZATION: Trace the path between you and the target you’re tracking. Each time you make a move, the path will be updated, by means of this the location of the target is obtained silently through a bypass made in the browsers, allowing you not to skip the location request permit on the victim’s side , objective or person and at the same time maintain a precision of 99%

MCExtractor v1.24.2 r92 releases: Intel, AMD, VIA & Freescale Microcode Extraction Tool

Image
MC Extractor is a tool which parses Intel, AMD, VIA and Freescale processor microcode binaries. It can be used by end-users who are looking for all relevant microcode information such as CPUID, Platform, Version, Date, Release, Size, Checksum etc. It is capable of converting Intel microcode containers (dat, inc, h, txt) to binary images for BIOS integration, detecting new/unknown microcodes, checking microcode health, Updated/Outdated status and more. MC Extractor can be also used as a research analysis tool with multiple structures which allow, among others, full parsing & information display of all documented or not microcode Headers. Moreover, with the help of its extensive database, MC Extractor is capable of uniquely categorizing all supported microcodes as well as check for any microcodes which have not been stored at the Microcode Repositories yet.

A1. MC Extractor Features
Supports all current & legacy Microcodes from 1995 and onwardScans for all Intel, AMD,…