netool.sh is a script in bash to automate frameworks like Nmap,Driftnet,SSLstrip and ettercap MITM attacks
this script makes it easy tasks such as SNIFFING, MITM, SSLsniff, retrieve metadata, and DoS attacks inside the local network can also perform TCP/UDP packets manipulation using etter.filters also as the hability of capture pictures of web-browser surfing on the target machine uneder MITM attack and preforms a vuln scan to target web-site using websecurify addon…

Features

• ping target
• Show Local Connections
• Show my Ip address
• Scan Local network
• Scan remote host
• execute Nmap command
• Open router config
• Ip tracer whois
• WebCrawler
• DDoS java Script
• Retrieve metadata
• Config ettercap
• Launch MITM
• show URLs visited
• Sniff remote pics
• Sniff SSL passwords
• Dns-Spoofing
• DoS attack {local}
• Compile etter.filters
• execute ettercap filter

d. delete lock folders
q. quit

INSTALL ON LINUX
1.extract “opensource.tar.gz” to home folder
2.execute privs:
sudo chmod +x opensource/netool.sh
sudo chmod +x opensource/sslstrip-0.9/sslstrip.py
sudo chmod +x opensource/sslstrip-0.9/setup.py
3.you need to install the follow dependencies:
sudo apt-get install nmap
sudo apt-get install zenmap
sudo apt-get install ettercap
sudo apt-get install ettercap-gtk
sudo apt-get install driftnet
{or execute the script with sudo to auto-install of dependencies}
example: sudo opensource/netool.sh
run netool.sh
sudo opensource/netool.sh

INSTALL ON BACKTRACK
1.extract “opensource.tar.gz” to home folder
2.execute privs:
chmod +x opensource/netool.sh
chmod +x opensource/sslstrip-0.9/sslstrip.py
chmod +x opensource/sslstrip-0.9/setup.py
config netool.sh
edit netool.sh script and look for the rigth path were frameworks
are installed then replace the paths for the rigth ones…
(open terminal and write “locate zenmap” copy path and replace in script)
Path to instalations
(you are going to replace the paths for the rigth ones)
find=”/usr/share/zenmap”
find2=”/usr/share/ettercap”
confE=”/etc/etter.conf”
confD=”/usr/share/ettercap/etter.dns”
confP=”/usr/share/ettercap/etter.services”
confW=”/usr/share/doc/driftnet”
run netool.sh
opensource/netool.sh

Download :  opensource.tar.gz (37.9 kB)
Find Other Version |
Read more in here :  http://sourceforge.net/p/netoolsh/wiki/netool.sh%20script%20project/
Our post before : http://seclist.us/2012/10/netool-sh-bash-script-v1-7-released.html

Penbang is a collection of tools aimed at the openbox environment. It includes Network Exploits, Vulnerability Assessment/Exploits, Network Analysis, Social Engineering tools, I.G.C, dsniff suite, and irpas. As well as a simple way of launching them.

[Openbox(Debian)]

#####################Update Version 0.0.2#####################
#
# ADDED
# Metasploit/Armitage
# sqlninja
# sqlsus
# wfuzz
# hydra
# hydra-gtk
# findmyhash
# etherape
# SMITM
# log_ex
# ParseLog
# Message of the day(Anything launched by Scripts.py)
# History interpreter(Arrow up shows last enrty)

###############################Pack List#########################
Network Exploits:

• aircrack-ng
• airmon-ng
• airodump-ng
• sslstrip
• sslsniff
• reaver
• ettercap
• subterfuge
• yamas
• SMITM —–0.0.2 Update

Vulnerability Assessment/Exploits —–0.0.2 Update

• Metasploit/Armitage
• sqlninja
• sqlsus
• wfuzz
• hydra
• hydra-gtk

Network Analysis:

• scapy
• kismet
• nmap
• zenmap
• tcpdump
• tshark
• wireshark
• etherape

Social Engineering:

• Maltego
• I.G.C:
• crunch
• john
• Hash-ID
• findmyhash —–0.0.2 Update
• log_ex —–0.0.2 Update
• ParseLog —–0.0.2 Update

dsniff suite:

dsniff
filesnarf
mailsnarf
msgsnarf
urlsnarf
webspy
arpspoof
dnsspoof
macof
sshmitm
webmitm

irpas: #Not all tools from irpas are used

• dfkaa
• protos
• netenum
• tctrace
• itrace
• irdpresponder
• irdp
• ass
• igrp
• file2cable
• cdp

########################################################################

Download : penbang_0.0.2.zip (6.4 MB) 
Find Other Version |
sources : http://penbang.sysbase.org/

#################### Update 3/6/2013 Version 0.0.3 #####################

#
# ADDED
# Slowloris
# Argus
# Arping
# Ntop
# Tor Browser
# Fragroute
# Snort
# Nikto –
# There is no menu link for replay.pl due to missing
# #!/usr/bin/perl. cd to /nikto-2.1.5 and exec perl replay.pl
# Ophcrack
# callerpy
# Spike
#
# Note:
# Tor Borwser from menu
########################################################################

Penbang is a collection of tools aimed at the openbox environment. It includes Network Exploits, Vulnerability Assessment/Exploits, Network Analysis, Social Engineering tools, I.G.C, dsniff suite, and irpas. As well as a simple way of launching them.

############################## Pack List ###############################

Network Exploits:

• aircrack-ng
• airmon-ng
• airodump-ng
• sslstrip
• sslsniff
• reaver
• ettercap
• subterfuge
• yamas
• SMITM
• Slowloris —–0.0.3 Update

Vulnerability Assessment/Exploits

• Metasploit/Armitage
• sqlninja
• sqlsus
• wfuzz
• hydra
• hydra-gtk
• Ntop —–0.0.3 Update
• Fragroute —–0.0.3 Update
• Snort —–0.0.3 Update

Network Analysis:

• scapy
• kismet
• nmap
• zenmap
• tcpdump
• tshark
• wireshark
• etherape
• Argus —–0.0.3 Update
• Spike —–0.0.3 Update
• Nikto —–0.0.3 Update

Social Engineering:

Maltego
callerpy —–0.0.3 Update

I.G.C: BTW, it stands for Identifiers, Generators, and Crackers

• crunch
• john
• Hash-ID
• findmyhash
• log_ex
• ParseLog
• Arping —–0.0.3 Update
• Ophcrack —–0.0.3 Update

dsniff suite:

• dsniff
• filesnarf
• mailsnarf
• msgsnarf
• urlsnarf
• webspy
• arpspoof
• dnsspoof
• macof
• sshmitm
• webmitm

irpas: #Not all tools from irpas are used

• dfkaa
• protos
• netenum
• tctrace
• itrace
• irdpresponder
• irdp
• ass
• igrp
• file2cable
• cdp

########################################################################

################# Downloading install_tool.sh Manually #################
#
# Change the path after -P in wget to your required path
#
# Example:
# wget -P /home/$(whoami)/penbang/netkit/slowloris/
# TO
# wget -P /tmp
#
########################################################################

############################ HOW TO INSTALL ############################
#
# penbang must be in your /home/$(whomai) dir; where $(whoami) != root
#
# cd /home/USER/penbang
#
# do not run it as root
#
# python install.py
#
########################################################################

############################ HOW TO UPDATE #############################
#
# Assuming a fresh install of penbang 0.0.2
# Download penbang_0.0.3_update.py
# python penbang_0.0.3_update.py -check
# If all is well
# python penbang_0.0.3_update.py -update
#
########################################################################

Dowbload manualy : http://penbang.sysbase.org/install_tools/0.0.3/

Our Post before : http://seclist.us/2013/05/penbang-v-2-0-released-penetration-testing-collection-for-crunchbang.html

Description:
While Subterfuge itself is no longer in beta, some of its vectors/modules still are. Below is a list of Subterfuge’s major packages and their current status. Please note that this may affect your use of the framework. Finally, if you have any questions about the direction of the project, the extent of current issues with the framework, or any suggestions, please see the developer’s page at: http://kinozoa.com/blog/development/

Vectors:

• ARP Cache Poisoning: Stable
• WPAD Hijacking: Beta
• Rogue DHCP: Beta
• Wireless AP Gen: Beta

Modules:

• Credential Harvester: Stable
• HTTP Code Injection: Stable
• Session Hijacking: Beta
• Tunnel Block: Stable
• Denial of Service: Beta

Installation Instructions:
dpkg -i subterfuge_1.0-1_all.deb
apt-get update && apt-get -f install

Download : subterfuge_1.0-1_all.deb (4.0 MB)
Find other version |
Sources : https://code.google.com/p/subterfuge/ | http://kinozoa.com/
our post before : http://seclist.us/2013/03/update-subterfuge-v-5-0-automated-man-in-the-middle-attack-framework.html

Changelog netool.sh v-4.3:
* INSTALL.sh => “added” installer of netool.sh toolkit
* netool.sh => “improved” running scanner inurlbr.php from toolkit
* netool.sh => “improved” better displays and small bugs fixed
* netool.sh => “added” MIGRATE_TO:wininit.exe “toolkit_config file” Using the option ‘post-exploitation’ in rootsector module, we now have                                   the ability to chose a proccess to migrate.
* priv8.sh => “improved” generate shellcode “new output -> shellcode.txt”
* priv8.sh => “Improved” host a file attack “added fake java update webpage”
* priv8.sh => “Improved” host a file attack “added fake missing plugin webpage”
* priv8.sh => “Improved” Website keylooger “no need to edit index.html”
* priv8.sh => “Improved” Clone WebSite > browser_autopwn “no need to edit index.html”
* priv8.sh => “Improved” Clone website > java_applet “no need to edit index.html”
* priv8.sh => “Improved” backdooring EXE files “keep template working” keep template working (executable) OR just use the icon (.ico) of the executable to be displayed in backdoor.exe generated.

netool.sh is a script in bash to automate frameworks like Nmap,Driftnet,SSLstrip and ettercap MITM attacks
this script makes it easy tasks such as SNIFFING, MITM, SSLsniff, retrieve metadata, and DoS attacks inside the local network can also perform TCP/UDP packets manipulation using etter.filters also as the hability of capture pictures of web-browser surfing on the target machine uneder MITM attack and preforms a vuln scan to target web-site using websecurify addon…

Features:

• ping target
• Show Local Connections
• Show my Ip address
• Scan Local network
• Scan remote host
• execute Nmap command
• Open router config
• Ip tracer whois
• WebCrawler
• DDoS java Script
• Retrieve metadata
• Config ettercap
• Launch MITM
• show URLs visited
• Sniff remote pics
• Sniff SSL passwords
• Dns-Spoofing
• DoS attack {local}
• Compile etter.filters
• execute ettercap filter

d. delete lock folders
q. quit

INSTALL ON LINUX
1.extract “opensource.tar.gz” to home folder
2.execute privs:
sudo chmod +x opensource/netool.sh
sudo chmod +x opensource/sslstrip-0.9/sslstrip.py
sudo chmod +x opensource/sslstrip-0.9/setup.py
3.you need to install the follow dependencies:
sudo apt-get install nmap
sudo apt-get install zenmap
sudo apt-get install ettercap
sudo apt-get install ettercap-gtk
sudo apt-get install driftnet
{or execute the script with sudo to auto-install of dependencies}
example: sudo opensource/netool.sh
run netool.sh
sudo opensource/netool.sh

INSTALL ON BACKTRACK
1.extract “opensource.tar.gz” to home folder
2.execute privs:
chmod +x opensource/netool.sh
chmod +x opensource/sslstrip-0.9/sslstrip.py
chmod +x opensource/sslstrip-0.9/setup.py
config netool.sh
edit netool.sh script and look for the rigth path were frameworks
are installed then replace the paths for the rigth ones…
(open terminal and write “locate zenmap” copy path and replace in script)
Path to instalations
(you are going to replace the paths for the rigth ones)
find=”/usr/share/zenmap”
find2=”/usr/share/ettercap”
confE=”/etc/etter.conf”
confD=”/usr/share/ettercap/etter.dns”
confP=”/usr/share/ettercap/etter.services”
confW=”/usr/share/doc/driftnet”
run netool.sh
opensource/netool.sh

Download : opensource.tar.gz (20.1MB) Kali Linux : opensource[Kali].tar.gz (20.1 MB)
Find Other Version |

Read more in here :  http://sourceforge.net/p/netoolsh/wiki/netool.sh%20script%20project/
Our post before : http://seclist.us/update-script-bash-netool-sh-stable-version-4-2.html

Changes v-0.9.1 : Made user_agent lib optional for Kali & Minor Fixed

Framework for Man-In-The-Middle attacks

Framework for Man-In-The-Middle attacks
This tool is completely based on sergio-proxy https://code.google.com/p/sergio-proxy/ and is an attempt to revive and update the project.
Availible plugins:
– Spoof – Redirect traffic using ARP Spoofing, ICMP Redirects or DHCP Spoofing and modify DNS queries
– BeEFAutorun – Autoruns BeEF modules based on clients OS or browser type
– AppCachePoison – Perform app cache poison attacks
– AirPwn – Monitor traffic on an 802.11 network and respond with arbitrary content as configured
– BrowserProfiler – Attempts to enumerate all browser plugins of connected clients
– CacheKill – Kills page caching by modifying headers
– FilePwn – Backdoor executables being sent over http using bdfactory
– Inject – Inject arbitrary content into HTML content
– JavaPwn – Performs drive-by attacks on clients with out-of-date java browser plugins
– jskeylogger – Injects a javascript keylogger into clients webpages
– Replace – Replace arbitary content in HTML content
– SMBAuth – Evoke SMB challenge-response auth attempts
– Upsidedownternet – Flips images 180 degrees

Framework for Man-In-The-Middle attacks

So far the most significant changes have been:

+ Integrated Responder (https://github.com/SpiderLabs/Responder) to poison LLMNR, NBT-NS and MDNS, and act as a WPAD rogue server.
+ Integrated SSLstrip+ (https://github.com/LeonardoNve/sslstrip2) by Leonardo Nve to partially bypass HSTS as demonstrated at BlackHat Asia 2014
+ Addition of the SessionHijacking plugin, which uses code from FireLamb (https://github.com/sensepost/mana/tree/master/firelamb) to store cookies in a Firefox profile
+ Spoof plugin now supports ICMP, ARP and DHCP spoofing along with DNS tampering (DNS tampering code was stolen from https://github.com/DanMcInerney/dnsspoof/)
+ Spoof plugin can now exploit the ‘ShellShock’ bug when DHCP spoofing!
+ Usage of third party tools has been completely removed (e.g. ettercap)
+ FilePwn plugin re-written to backdoor executables and zip files on the fly by using the-backdoor-factory https://github.com/secretsquirrel/the-backdoor-factory and code from BDFProxy https://github.com/secretsquirrel/BDFProxy
+ Added msfrpc.py for interfacing with Metasploits rpc server
+ Added beefapi.py for interfacing with BeEF’s RESTfulAPI
+ Addition of the app-cache poisoning attack by Krzysztof Kotowicz

Install on Kali:
Run setup.sh as root to install all submodules and python libraries.

Download zipball :

MITMf-0.9.1.tar.gz (178 KB)
MITMf-0.9.1.zip (211 KB) 

Or Clone Url
Source and Quickly Tutorial : http://sign0f4.blogspot.it/ | Our Post Before :http://seclist.us/updates-mitmf-v-0-9-framework-for-man-in-the-middle-attacks.html

3vilTiwnAttacker : This tool create an rogue Wi-Fi access point , purporting to provide wireless Internet services, but snooping on the traffic.
Software dependencies:
+ Recommended to use Kali linux.
+ Ettercap.
+ Sslstrip.
+ Airbase-ng include in aircrack-ng.
+ DHCP.

Changelog update 02/05/2015 : Update 3vilTiwn.py

[install DHCP in Debian-based]

Ubuntu

$ sudo apt-get install isc-dhcp-server

Kali linux

$ echo "deb http://ftp.de.debian.org/debian wheezy main " >> /etc/apt/sources.list
$ apt-get update && apt-get install isc-dhcp-server

[install DHCP in redhat-based]

Fedora

$ sudo yum install dhcp

This tool create an rogue Wi-Fi access point , purporting to provide wireless Internet services, but snooping on the traffic.

Etter.dns: Edit etter.dns to loading module dns spoof.

Dns Spoof: Start dns spoof attack in interface ath0 fake AP.

Ettercap: Start ettercap attack in host connected AP fake Capturing login credentials.

Sslstrip: The sslstrip listen the traffic on port 10000.

Driftnet: The driftnet sniffs and decodes any JPEG TCP sessions, then displays in an window.

Download : Master.zip  | Clone Url
Source : https://github.com/P0cL4bs

FakeDns is A regular-expression based python MITM DNS server with correct DNS request passthrough and “Not Found” responses.
Change 13.02.2015; fakedns.py : Added MX to TYPE enum, perfected the proxing algorithm, should work for DNS types it does not know about now.
A python regular-expression based DNS server!

USAGE:
./fakedns.py [config file]

The dns.conf should be set the following way:

[RECORD TYPE CODE] [python regular expression] [answer]

The answer could be a ip address or string self, the self syntax sugar will be translated to your current machine’s local ip address, such as 192.168.1.100.
If a match is not made, the DNS server will attempt to resolve the request using whatever you have your DNS server set to on your local machine and will proxy the request to that server on behalf of the requesting user.
Supported Request Types

- A
- TXT
- AAAA

In-Progress Request Types 

- MX
- PTR
- CNAME

Download : Master.zip  | Clone Url
Source : https://github.com/Crypt0s 

Changelog v-4.4:
* netool.sh => “improved” added zenity “Displays”
* netool.sh => “improved” nmap scanner menu “Redesign/Improved”
* netool.sh => “improved” scan WAN for hosts “port nmap.xml to msf db ”
* netool.sh => “added” access t00lkit database “store scans or notes”
* netool.sh => “added” CLEAN_LOGS:YES “toolkit_config”
* netool.sh => “added” CLEAN_HANDLERS:NO “toolkit_config”
* netool.sh => “added” CLEAN_DATABASE:NO “toolkit_config”
* priv8.sh => “improved” all listenners “post-exploitation module added”
* priv8.sh => “added” handler.rc “store listenner settings”
* priv8.sh => “added” C-Injector “Inject shellcode using C”
* priv8.sh => “added” 3 new multi-handlers “listenners”
“‘Default Listenner, Post-auto.rc, AutoRunScript, Resource_files'”
* INSTALL.sh => “improved” netool toolkit “Installer (Ubuntu|Kali)”

“Scanning – Sniffing – Social Engeneering”

Netool: its a toolkit written using ‘bash, python, ruby’ that allows you to automate frameworks like Nmap, Driftnet, Sslstrip, Metasploit and Ettercap MitM attacks. this toolkit makes it easy tasks such as SNIFFING tcp/udp traffic, Man-In-The-Middle attacks, SSL-sniff, DNS-spoofing, D0S attacks in wan/lan networks, TCP/UDP packet manipulation using etter-filters, and gives you the ability to capture pictures of target webbrowser surfing (driftnet) also uses macchanger to decoy scans changing the mac address.

Rootsector: module allows you to automate some attacks over DNS_SPOOF + MitM(phishing – social engineering) using metasploit, apache2 and ettercap frameworks. like the generation of payloads,shellcode,backdoors delivered using dns_spoof and MitM method to redirect a target to your phishing webpage.

Recently was introduced “inurlbr” webscanner (by cleiton) that allow us to search SQL related bugs, using severeal search engines, also this framework can be used in conjunction with other frameworks like nmap, (using the flag –comand-vul)
Example: 

inurlbr.php -q 1,2,10 --dork 'inurl:index.php?id=' --exploit-get ?´0x27
-s report.log --comand-vul 'nmap -Pn -p 1-8080 --script http-enum --open _TARGET_'

Operative Systems Supported:
Linux-Ubuntu | Linux-kali | Parrot security OS | blackbox OS | Linux-backtrack (un-continued) | Mac osx (un-continued).

“TOOLKIT DEPENDENCIES”
zenity | Nmap | Ettercap | Macchanger | Metasploit | Driftnet | Apache2 | sslstrip

“SCANNER INURLBR.php”
curl | libcurl3 | libcurl3-dev | php5 | php5-cli | php5-curl

Features (Modules) :

"1-Show Local Connections"
  "2-Nmap Scanner menu"
        ->
        Ping target
        Show my Ip address
        See/change mac address
        change my PC hostname
        Scan Local network 
        Scan external lan for hosts
        Scan a list of targets (list.txt)          
        Scan remote host for vulns          
        Execute Nmap command
        Search for target geolocation
        ping of dead (DoS)
        Norse (cyber attacks map)
        nmap Nse vuln modules
        nmap Nse discovery modules
        <-
  "3-Open router config"       
  "4-Ip tracer whois"
  "5-firefox webcrawler addon"                           
  "6-Retrieve metadata"
        ->
        retrieve metadata from target website
        retrieve using a fake user-agent
        retrieve only certain file types
        <-
  "7-INURLBR.php (webcrawler)"
        -> 
        scanner inurlbr.php -> Advanced search with multiple engines, provided
        analysis enables to exploit GET/POST capturing emails/urls & internal
        custom validation for each target/url found. also the ability to use
        external frameworks in conjuction with the scanner like nmap,sqlmap,etc
        or simple the use of external scripts.
        <-
  "8-r00tsect0r automated exploits (phishing - social engeneering)"
        ->
        package.deb backdoor [Binary linux trojan]
        Backdooring EXE Files [Backdooring EXE Files]
        fakeupdate.exe [dns-spoof phishing backdoor]
        meterpreter powershell invocation payload [by ReL1K]
        host a file attack [dns_spoof+mitm-hosted file]
        clone website [dns-spoof phishing keylooger]
        Java.jar phishing [dns-spoof+java.jar+phishing]
        clone website [dns-spoof + java-applet]
        clone website [browser_autopwn phishing Iframe]
        Block network access [dns-spoof]
        Samsung TV DoS [Plasma TV DoS attack]
        RDP DoS attack [Dos attack against target RDP]
        website D0S flood [Dos attack using syn packets]
        firefox_xpi_bootstarpped_addon automated exploit
        PDF backdoor [insert a payload into a PDF file]
        Winrar backdoor (file spoofing)
        VBScript injection [embedded a payload into a world document]
        ".::[ normal payloads ]::."
        windows.exe payload
        mac osx payload
        linux payload
        java signed applet [multi-operative systems]
        android-meterpreter [android smartphone payload]
        webshell.php [webshell.php backdoor]
        generate shellcode [C,Perl,Ruby,Python,exe,war,vbs,Dll,js]
        Session hijacking [cookie hijacking]
        start a lisenner [multi-handler]
        <-
  "9-Config ettercap"         
  "10-Launch MitM"            
  "11-Show URLs visited"       
  "12-Sniff remote pics"
  "13-Sniff SSL passwords"      
  "14-Dns-Spoofing"
  "15-Share files on lan"   
  "16-DoS attack {local}"      
  "17-Compile etter.filters"    
  "18-execute ettercap filter"
  "19-Common user password profiler [cupp.py]"

  d. delete lock folders
  a. about netool
  u. check for updates
  c. config toolkit
 db. access database
  q. quit

Download :
opensource.tar.gz (20.1 MB)
opensource[kali].tar.gz (20.1 MB)
Our Post Before  | Source : http://sourceforge.net/projects/netoolsh/

Tools Adding and Changes:
+ Add metadata-only attack logging with CLI option default
+ Fix attack loggers
+ Add unit tests for multi-goroutine page cache Pager
+ Fix pcap logger and tests for reals this time
+ Add unit tests for multi-goroutine page cache Pager
+ Added more unit tests and fixed some existing tests
+ Add teach TCP FSM to use OrderedCoalesce and do stream logging, add max page cache cli
+ Distinguish between hijack and retransmitted SYN/ACK
+ Fix Timeout

HoneyBadger is a comprehensive TCP stream analysis tool for detecting and recording TCP attacks. HoneyBadger includes a variety of TCP stream injections attacks which will prove that the TCP attack detection is reliable.

project goals:
– HoneyBadger will primarily be a comprehensive TCP stream analysis tool for detecting and recording TCP attacks. Perhaps it can assist in discovering 0-days and botnets.
– HoneyBadger will include a variety of TCP stream injections attacks which will prove that the TCP attack detection is reliable.

manual “integration test” with netcat
abstract
This manual testing procedure proves that HoneyBadger’s TCP injection detection is solid! It only takes a few minutes to perform… and thus I highly recommend it to new users for two reasons
– to raise awareness about how insecure TCP is
– to give you confidence that HoneyBadger has reliable TCP attack detection functionality

procedure
1. build honey_badger.go and spray_injector.go (located in the tools directory in the source repository)
2. run honey_badger with these arguments… Note we are telling honey_badger to write log files to the current working directory.

./honey_badger -i=lo -f="tcp port 9666"  -l="."

3. run spray_injector with these arguments

./spray_injector -d=127.0.0.1 -e=9666 -f="tcp" -i=lo

4. start the netcat server

nc -l -p 9666

5. start the netcat client

nc 127.0.0.1 9666

6. In this next step we enter some data on the netcat server so that it will send it to the netcat client that is connected until the spray_injector prints a log message containing “packet spray sent!” In that cause the TCP connection will have been sloppily injected.

7. Look for the log files in honey_badger’s working directory. You should see two files beginning with “127.0.0.1”; the pcap file is a full packet log of that TCP connection which you can easily view in Wireshark et al. The JSON file contains attack reports. This is various peices of information relevant to each TCP injection attack. The spray_injector tends to produce several injections… and does so sloppily in regards to keeping the client and server synchronized.

$ ls 127*
127.0.0.1:43716-127.0.0.1:9666.pcap  127.0.0.1:9666-127.0.0.1:43716.attackreport.json

It’s what you’d expect… the pcap file can be viewed and analyzed in Wireshark and other similar tools. The 127.0.0.1:9666-127.0.0.1:43716.attackreport.json file contains JSON report structures. The attack reports contains important information that is highly relevant to your interests such as:

– type of TCP injection attack
– flow of attack (meaning srcip:srcport-dstip:dstport)
– time of attack
– payload of packet with overlaping stream segment (in base64 format)
– previously assembled stream segment that overlaps with packet payload (in base64 format)
– TCP sequence of packet
– end sequence of packet
– overlap start offset is the number of bytes from the beginning of the packet payload that we have available among the reassembled stream segments for retrospective analysis
– overlap end offset is the number of bytes from the end of the packet payload that we have in our reassembled stream segments…

Sample Output :

$ cat 127.0.0.1:9666-127.0.0.1:43716.attackreport.json
{"Type":"injection","Flow":"127.0.0.1:9666-127.0.0.1:43716","Time":"2015-01-30T08:38:14.378603859Z","Payload":"bWVvd21lb3dtZW93","Overlap":"aHJzCg==","StartSequence":831278445,"EndSequence":831278456,"OverlapStart":0,"OverlapEnd":4}
{"Type":"injection","Flow":"127.0.0.1:9666-127.0.0.1:43716","Time":"2015-01-30T08:38:14.379005763Z","Payload":"bWVvd21lb3dtZW93","Overlap":"cnMK","StartSequence":831278446,"EndSequence":831278457,"OverlapStart":0,"OverlapEnd":3}
...

Download : Master.Zip  | Clone Url | Our post before
Source : https://honeybadger.readthedocs.org/en/latest/ | Github

This section offers a selection of our fully featured security and hacking tools from NullSecurity.
+ Automation :
This section includes automation tools and wrapper scripts for well-known and public security tools to make your life easier. You can adjust the scripts fast and easily according to your own needs. Mostly written in bourne shell.
+ Backdoor :
Backdoors and rootkits for kernel and userland, network, hardware and software. Once you have gone through all the hard work making sure you can get on the system. Make sure you can always get back in.
+ Binary :
ELF and PE binary related tools. This section includes packers, runtime crypters, including our famous (thanks trusted sec team) hyperion tool from our very own belial and other stuff.
+ Cracker :
Tools for cracking network and software login masks. Not been able to find an exploit to give you RCE? Too lazy to SE? So go smash down the front doors and rummage around with our cracking and brute force tools.
+ Cryptography :
Encrypt all the things! With privacy issues moving up most people agenda with items like PRISM in the news cryptography it one of todays hot topics. It’s also pretty useful for exfiltrating data from your target environment, connecting to that C2 box and keeping your loot away from prying eyes.
+ DDoS :
(D)DoS tools if you wanna by like those n00bs at anonymous or simulate everyones favourite underground extortionists.
+ Exploit :
Proof of Concept tools and, if we are feeling particularly generous, fully working exploits because there is nothing more fun that RCE, except dinner with noptrix of course.
+ Fuzzer :
Didn’t find the exploit you wanted in our exploit section well try one of our fuzzers and write you own god damn code.
+ Keylogger :
When you really need to know those credentials you keep seeing the user enter or are too lazy to go searching for every new piece of useful information just try one of our keyloggers and get the user to do the hard work for you!
+ LogCleaner :
Just because our mothers raised us right, we always clean up after ourselves and pwnage is no exception. These logcleaners also help in not getting caught on that important engagement.
+ Misc :
This section includes miscellanous files. Often, you will find non-security related stuff here.
+ Resersing :
Whether figuring out how that new piece of malware you just discovered works or hunting for the next 0day from $vendor, our reversing toolz will help you on your way.
+ Scanner
Can’t find any useful hints on shodan? Google dorks not dishing up the goods? Hell get one of our scanners out and track down your targets in 2 shakes of a lol-cat’s tail.
+ Shellcode
Just because our fuzzer worked or the PoC was fantastic doesn’t mean that running calc is gonna put a smile on your face. If you got RCE try our shellcodes to actually do something useful.
+ Wireless
Why wireless? It works and you don’t have to wear your favorite nullsecurity hoody to hide you face from the camera in reception. Hack all the thingz!

Downlaod : Master.zip  | Clone Url
Source : http://nullsecurity.net/

Change v-0.5.3 beta :
– Bug Fixes 3vilTwin.py
– Deauth Attack: kill all devices connected in AP (wireless network) or the attacker can Also put the Mac-address in the Client field, Then only one client disconnects the access point.
– Probe Request: Probe request capture the clients trying to connect to AP,Probe requests can be sent by anyone with a legitimate Media Access Control (MAC) address, as association to the network is not required at this stage.
– Mac Changer: you can now easily spoof the MAC address. With a few clicks, users will be able to change their MAC addresses.
– Device FingerPrint: list devices connected the network mini fingerprint, is information collected about a local computing device.

3vilTiwnAttacker : This tool create an rogue Wi-Fi access point , purporting to provide wireless Internet services, but snooping on the traffic.
Software dependencies:
+ Recommended to use Kali linux.
+ Ettercap.
+ Sslstrip.
+ Airbase-ng include in aircrack-ng.
+ DHCP.

Changelog update 02/05/2015 : Update 3vilTiwn.py

[install DHCP in Debian-based]

Ubuntu

$ sudo apt-get install isc-dhcp-server

Kali linux

$ echo "deb http://ftp.de.debian.org/debian wheezy main " >> /etc/apt/sources.list
$ apt-get update && apt-get install isc-dhcp-server

[install DHCP in redhat-based]

Fedora

$ sudo yum install dhcp

This tool create an rogue Wi-Fi access point , purporting to provide wireless Internet services, but snooping on the traffic.

Etter.dns: Edit etter.dns to loading module dns spoof.

Dns Spoof: Start dns spoof attack in interface ath0 fake AP.

Ettercap: Start ettercap attack in host connected AP fake Capturing login credentials.

Sslstrip: The sslstrip listen the traffic on port 10000.

Driftnet: The driftnet sniffs and decodes any JPEG TCP sessions, then displays in an window.

Download : Master.zip  | Clone Url
Source : https://github.com/P0cL4bs | Our Post Before

Framework for Man-In-The-Middle attacks
Mitmf v-0.9.5:
– Addition of the SessionHijacking plugin, which uses code from FireLamb (https://github.com/sensepost/mana/tree/master/firelamb) to store cookies in a Firefox profile
– Spoof plugin now supports ICMP, ARP and DHCP spoofing along with DNS tampering
– Spoof plugin can now exploit the ‘ShellShock’ bug when DHCP spoofing!

Framework for Man-In-The-Middle attacks

Framework for Man-In-The-Middle attacks
This tool is completely based on sergio-proxy https://code.google.com/p/sergio-proxy/ and is an attempt to revive and update the project.
Availible plugins:
+ Responder – LLMNR, NBT-NS and MDNS poisoner
+ SSLstrip+ – Partially bypass HSTS
+ Spoof – Redirect traffic using ARP Spoofing, ICMP Redirects or DHCP Spoofing and modify DNS queries
+ Sniffer – Sniffs for various protocol login and auth attempts
+ BeEFAutorun – Autoruns BeEF modules based on clients OS or browser type
+ AppCachePoison – Perform app cache poison attacks
+ SessionHijacking – Performs session hijacking attacks, and stores cookies in a firefox profile
+ BrowserProfiler – Attempts to enumerate all browser plugins of connected clients
+ CacheKill – Kills page caching by modifying headers
+ FilePwn – Backdoor executables being sent over http using bdfactory
+ Inject – Inject arbitrary content into HTML content
+ JavaPwn – Performs drive-by attacks on clients with out-of-date java browser plugins
+ jskeylogger – Injects a javascript keylogger into clients webpages
+ Replace – Replace arbitary content in HTML content
+ SMBAuth – Evoke SMB challenge-response auth attempts
+ Upsidedownternet – Flips images 180 degrees

Framework for Man-In-The-Middle attacks

So far the most significant changes have been:
– Addition of the Sniffer plugin which integrates Net-Creds (https://github.com/DanMcInerney/net-creds) currently supported protocols are: FTP, IRC, POP, IMAP, Telnet, SMTP, SNMP (community strings), NTLMv1/v2 (all supported protocols like HTTP, SMB, LDAP etc..) and Kerberos
– Integrated Responder (https://github.com/SpiderLabs/Responder) to poison LLMNR, NBT-NS and MDNS, and act as a WPAD rogue server.
– Integrated SSLstrip+ (https://github.com/LeonardoNve/sslstrip2) by Leonardo Nve to partially bypass HSTS as demonstrated at BlackHat Asia 2014
– Addition of the SessionHijacking plugin, which uses code from FireLamb (https://github.com/sensepost/mana/tree/master/firelamb) to store cookies in a Firefox profile
– Spoof plugin now supports ICMP, ARP and DHCP spoofing along with DNS tampering
– Spoof plugin can now exploit the ‘ShellShock’ bug when DHCP spoofing!
– Usage of third party tools has been completely removed (e.g. ettercap)
– FilePwn plugin re-written to backdoor executables and zip files on the fly by using the-backdoor-factory https://github.com/secretsquirrel/the-backdoor-factory and code from BDFProxy https://github.com/secretsquirrel/BDFProxy
– Added msfrpc.py for interfacing with Metasploits rpc server
– Added beefapi.py for interfacing with BeEF’s RESTfulAPI
– Addition of the app-cache poisoning attack by Krzysztof Kotowicz

How to install on Kali
MITMf is now in tha kali linux repositories!
apt-get install mitmf

Download : Master.zip | Clone Url
Source : http://sign0f4.blogspot.it/ | Github
Our Post before: http://seclist.us/updates-mitmf-v-0-9-1-framework-for-man-in-the-middle-attacks.html