Termux ID: GNU

Home / GNU

hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable distributed password cracking.

Installation

Download the latest release and unpack it in the desired location. Please remember to use 7z x when unpacking the archive from the command line to ensure full file paths remain intact.

GPU Driver requirements:

AMD GPUs on Windows require "AMD Radeon Software Crimson Edition" (15.12 or later)
AMD GPUs on Linux require "AMDGPU-PRO Driver" (16.40 or later)
Intel CPUs require "OpenCL Runtime for Intel Core and Intel Xeon Processors" (16.1.1 or later)
Intel GPUs on Windows require "OpenCL Driver for Intel Iris and Intel HD Graphics"
Intel GPUs on Linux require "OpenCL 2.0 GPU Driver Package for Linux" (2.0 or later)
NVIDIA GPUs require "NVIDIA Driver" (367.x or later)

Features

World's fastest password cracker
World's first and only in-kernel rule engine
Free
Open-Source (MIT License)
Multi-OS (Linux, Windows and OSX)
Multi-Platform (CPU, GPU, DSP, FPGA, etc., everything that comes with an OpenCL runtime)
Multi-Hash (Cracking multiple hashes at the same time)
Multi-Devices (Utilizing multiple devices in same system)
Multi-Device-Types (Utilizing mixed device types in same system)
Supports distributed cracking networks (using overlay)
Supports interactive pause / resume
Supports sessions
Supports restore
Supports reading password candidates from file and stdin
Supports hex-salt and hex-charset
Supports automatic performance tuning
Supports automatic keyspace ordering markov-chains
Built-in benchmarking system
Integrated thermal watchdog
200+ Hash-types implemented with performance in mind
... and much more

Algorithms

MD4
MD5
Half MD5 (left, mid, right)
SHA1
SHA-224
SHA-256
SHA-384
SHA-512
SHA-3 (Keccak)
BLAKE2b-512
SipHash
Skip32
RIPEMD-160
Whirlpool
DES (PT = $salt, key = $pass)
3DES (PT = $salt, key = $pass)
ChaCha20
GOST R 34.11-94
GOST R 34.11-2012 (Streebog) 256-bit
GOST R 34.11-2012 (Streebog) 512-bit
md5($pass.$salt)
md5($salt.$pass)
md5(unicode($pass).$salt)
md5($salt.unicode($pass))
md5($salt.$pass.$salt)
md5($salt.md5($pass))
md5($salt.md5($salt.$pass))
md5($salt.md5($pass.$salt))
md5(md5($pass))
md5(md5($pass).md5($salt))
md5(strtoupper(md5($pass)))
md5(sha1($pass))
sha1($pass.$salt)
sha1($salt.$pass)
sha1(unicode($pass).$salt)
sha1($salt.unicode($pass))
sha1(sha1($pass))
sha1($salt.sha1($pass))
sha1(md5($pass))
sha1($salt.$pass.$salt)
sha1(CX)
sha256($pass.$salt)
sha256($salt.$pass)
sha256(unicode($pass).$salt)
sha256($salt.unicode($pass))
sha512($pass.$salt)
sha512($salt.$pass)
sha512(unicode($pass).$salt)
sha512($salt.unicode($pass))
HMAC-MD5 (key = $pass)
HMAC-MD5 (key = $salt)
HMAC-SHA1 (key = $pass)
HMAC-SHA1 (key = $salt)
HMAC-SHA256 (key = $pass)
HMAC-SHA256 (key = $salt)
HMAC-SHA512 (key = $pass)
HMAC-SHA512 (key = $salt)
PBKDF2-HMAC-MD5
PBKDF2-HMAC-SHA1
PBKDF2-HMAC-SHA256
PBKDF2-HMAC-SHA512
MyBB
phpBB3
SMF (Simple Machines Forum)
vBulletin
IPB (Invision Power Board)
WBB (Woltlab Burning Board)
osCommerce
xt:Commerce
PrestaShop
MediaWiki B type
WordPress
Drupal 7
Joomla
PHPS
Django (SHA-1)
Django (PBKDF2-SHA256)
Episerver
ColdFusion 10+
Apache MD5-APR
MySQL
PostgreSQL
MSSQL
Oracle H: Type (Oracle 7+)
Oracle S: Type (Oracle 11+)
Oracle T: Type (Oracle 12+)
Sybase
hMailServer
DNSSEC (NSEC3)
IKE-PSK
IPMI2 RAKP
iSCSI CHAP
CRAM-MD5
MySQL CRAM (SHA1)
PostgreSQL CRAM (MD5)
SIP digest authentication (MD5)
WPA/WPA2
WPA/WPA2 PMK
NetNTLMv1
NetNTLMv1+ESS
NetNTLMv2
Kerberos 5 AS-REQ Pre-Auth etype 23
Kerberos 5 TGS-REP etype 23
Netscape LDAP SHA/SSHA
FileZilla Server
LM
NTLM
Domain Cached Credentials (DCC), MS Cache
Domain Cached Credentials 2 (DCC2), MS Cache 2
DPAPI masterkey file v1 and v2
MS-AzureSync PBKDF2-HMAC-SHA256
descrypt
bsdicrypt
md5crypt
sha256crypt
sha512crypt
bcrypt
scrypt
macOS v10.4
macOS v10.5
macOS v10.6
macOS v10.7
macOS v10.8
macOS v10.9
macOS v10.10
iTunes backup < 10.0
iTunes backup >= 10.0
AIX {smd5}
AIX {ssha1}
AIX {ssha256}
AIX {ssha512}
Cisco-ASA MD5
Cisco-PIX MD5
Cisco-IOS $1$ (MD5)
Cisco-IOS type 4 (SHA256)
Cisco $8$ (PBKDF2-SHA256)
Cisco $9$ (scrypt)
Juniper IVE
Juniper NetScreen/SSG (ScreenOS)
Juniper/NetBSD sha1crypt
Fortigate (FortiOS)
Samsung Android Password/PIN
Windows Phone 8+ PIN/password
GRUB 2
CRC32
RACF
Radmin2
Redmine
PunBB
OpenCart
Atlassian (PBKDF2-HMAC-SHA1)
Citrix NetScaler
SAP CODVN B (BCODE)
SAP CODVN F/G (PASSCODE)
SAP CODVN H (PWDSALTEDHASH) iSSHA-1
PeopleSoft
PeopleSoft PS_TOKEN
Skype
WinZip
7-Zip
RAR3-hp
RAR5
AxCrypt
AxCrypt in-memory SHA1
PDF 1.1 - 1.3 (Acrobat 2 - 4)
PDF 1.4 - 1.6 (Acrobat 5 - 8)
PDF 1.7 Level 3 (Acrobat 9)
PDF 1.7 Level 8 (Acrobat 10 - 11)
MS Office <= 2003 MD5
MS Office <= 2003 SHA1
MS Office 2007
MS Office 2010
MS Office 2013
Lotus Notes/Domino 5
Lotus Notes/Domino 6
Lotus Notes/Domino 8
Bitcoin/Litecoin wallet.dat
Blockchain, My Wallet
Blockchain, My Wallet, V2
1Password, agilekeychain
1Password, cloudkeychain
LastPass
Password Safe v2
Password Safe v3
KeePass 1 (AES/Twofish) and KeePass 2 (AES)
JKS Java Key Store Private Keys (SHA1)
Ethereum Wallet, PBKDF2-HMAC-SHA256
Ethereum Wallet, SCRYPT
eCryptfs
Android FDE <= 4.3
Android FDE (Samsung DEK)
TrueCrypt
VeraCrypt
LUKS
Plaintext

Attack-Modes

Straight ^*
Combination
Brute-force
Hybrid dict + mask
Hybrid mask + dict

^* accept Rules

Supported OpenCL runtimes

AMD
Apple
Intel
Mesa (Gallium)
NVidia
pocl

Supported OpenCL device types

GPU
CPU
APU
DSP
FPGA
Coprocessor

Download Hashcat

Hashcat v4.0 - World's Fastest and Most Advanced Password Recovery Utility

Admin Tuesday, October 31, 2017

The Rekall Framework is a completely open collection of tools, implemented in Python under the Apache and GNU General Public License, for the extraction and analysis of digital artifacts computer systems.

The Rekall distribution is available from: http://www.rekall-forensic.com/

Rekall should run on any platform that supports Python

Rekall supports investigations of the following 32bit and 64bit memory images:

Microsoft Windows XP Service Pack 2 and 3
Microsoft Windows 7 Service Pack 0 and 1
Microsoft Windows 8 and 8.1
Microsoft Windows 10
Linux Kernels 2.6.24 to 4.4.
OSX 10.7-10.12.x.

Rekall also provides a complete memory sample acquisition capability for all major operating systems (see the tools directory).

Quick start
Rekall is available as a python package installable via the pip package manager. To install it, first create a virtal env, switch to it and then install rekall:

$ virtualenv  /tmp/MyEnv
New python executable in /tmp/MyEnv/bin/python
Installing setuptools, pip...done.
$ source /tmp/MyEnv/bin/activate
$ pip install --upgrade setuptools pip wheel
$ pip install rekall-agent rekall

For windows, Rekall is also available as a self contained installer package. Please check the download page for the most appropriate installer to use Rekall-Forensic.com
To install from this git repository you will need to use pip --editable and follow the correct order of installation (otherwise pip will pull released dependencies which might be older):

$ virtualenv  /tmp/MyEnv
New python executable in /tmp/MyEnv/bin/python
Installing setuptools, pip...done.
$ source /tmp/MyEnv/bin/activate
$ pip install --upgrade setuptools pip wheel
$ git clone https://github.com/google/rekall.git rekall
$ pip install --editable rekall/rekall-lib
$ pip install --editable rekall/rekall-core
$ pip install --editable rekall/rekall-agent
$ pip install --editable rekall

On Windows you will need to install the Microsoft Visual C compilers for python (for more info see this blog post http://rekall-forensic.blogspot.ch/2015/09/installing-rekall-on-windows.html)

History
In December 2011, a new branch within the Volatility project was created to explore how to make the code base more modular, improve performance, and increase usability. The modularity allowed Volatility to be used in GRR, making memory analysis a core part of a strategy to enable remote live forensics. As a result, both GRR and Volatility would be able to use each other's strengths.
Over time this branch has become known as the "scudette" branch or the "Technology Preview" branch. It was always a goal to try to get these changes into the main Volatility code base. But, after two years of ongoing development, the "Technology Preview" was never accepted into the Volatility trunk version.
Since it seemed unlikely these changes would be incorporated in the future, it made sense to develop the Technology Preview branch as a separate project. On December 13, 2013, the former branch was forked to create a new stand-alone project named "Rekall.” This new project incorporates changes made to streamline the codebase so that Rekall can be used as a library. Methods for memory acquisition and other outside contributions have also been included that were not in the Volatility codebase.
Rekall strives to advance the state of the art in memory analysis, implementing the best algorithms currently available and a complete memory acquisition and analysis solution for at least Windows, OSX and Linux.

More documentation
Further documentation is available at http://www.rekall-forensic.com/

Download Rekall

Analysis Apache Collection Distribution Forensic Framework GNU Incident Response Python Rekall Volatility Windows

Rekall v1.7 - Forensic and Incident Response Framework

Admin Friday, October 27, 2017

The Port Scan Attack Detector psad is a lightweight system daemon written in is designed to work with Linux iptables/ip6tables/firewalld firewalling code to detect suspicious traffic such as port scans and sweeps, backdoors, botnet command and control communications, and more. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, reverse DNS info, email and syslog alerting, automatic blocking of offending IP addresses via dynamic configuration of iptables rulesets, passive operating system fingerprinting, and DShield reporting. In addition, psad incorporates many of the TCP, UDP, and ICMP signatures included in the Snort intrusion detection system. to detect highly suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (Mstream, Shaft), and advanced port scans (SYN, FIN, XMAS) which are easily leveraged against a machine via nmap. psad can also alert on Snort signatures that are logged via fwsnort, which makes use of the iptables string match extension to detect traffic that matches application layer signatures. As of the 2.4.4 release, psad can also detect the IoT default credentials scanning phase of the Mirai botnet.

The complete feature list is below.

Features

Detection for TCP SYN, FIN, NULL, and XMAS scans as well as UDP scans.
Support for both IPv4 and IPv6 logs generated by iptables and ip6tables respectively.
Detection of many signature rules from the Snort intrusion detection system.
Forensics mode iptables/ip6tables logfile analysis (useful as a forensics tool for extracting scan information from old iptables/ip6tables logfiles).
Passive operating system fingerprinting via TCP syn packets. Two different fingerprinting strategies are supported; a re-implementation of p0f that strictly uses iptables/ip6tables log messages (requires the --log-tcp-options command line switch), and a TOS-based strategy.
Email alerts that contain TCP/UDP/ICMP scan characteristics, reverse dns and whois information, snort rule matches, remote OS guess information, and more.
When combined with fwsnort and the iptables string match extension, psad can generate alerts for application layer buffer overflow attacks, suspicious application commands, and other suspect layer 7 traffic.
Icmp type and code header field validation.
Configurable scan thresholds and danger level assignments.
Iptables ruleset parsing to verify "default drop" policy stance.
IP/network danger level auto-assignment (can be used to ignore or automatically escalate danger levels for certain networks).
DShield alerts.
Auto-blocking of scanning IP addresses via iptables/ip6tables and/or tcpwrappers based on scan danger level. (This feature is NOT enabled by default.)
Parsing of iptables/ip6tables log messages and generation of CSV output that can be used as input to AfterGlow. This allows iptables/ip6tables logs to be visualized. Gnuplot is also supported.
Status mode that displays a summary of current scan information with associated packet counts, iptables/ip6tables chains, and danger levels.

Visualizing Malicious Traffic

psad offers integration with gnuplot and afterglow to produce graphs of malicious traffic. The following two graphs are of the Nachi worm from the Honeynet Scan30 challenge. First, a link graph produced by afterglow after analysis of the iptables log data by psad:

"Nachi Worm Link Graph"

The second shows Nachi worm traffic on an hourly basis from the Scan30 iptables data:

"Nachi Worm Hourly Graph"

Configuration Information
Information on config keywords referenced by psad may be found both in the psad(8) man page, and also here:
http://www.cipherdyne.org/psad/docs/config.html

Methodology
All information psad analyzes is gathered from iptables log messages. psad by default reads the /var/log/messages file for new iptables messages and optionally writes them out to a dedicated file (/var/log/psad/fwdata). psad is then responsible for applying the danger threshold and signature logic in order to determine whether or not a port scan has taken place, send appropriate alert emails, and (optionally) block offending ip addresses. psad includes a signal handler such that if a USR1 signal is received, psad will dump the contents of the current scan hash data structure to /var/log/psad/scan_hash.$$ where "$$" represents the pid of the running psad daemon.
NOTE: Since psad relies on iptables to generate appropriate log messages for unauthorized packets, psad is only as good as the logging rules included in the iptables ruleset. Hence if your firewall is not configured to log packets, then psad will NOT detect port scans or anything else. Usually the best way setup the firewall is with default "drop and log" rules at the end of the ruleset, and include rules above this last rule that only allow traffic that should be allowed through. Upon execution, the psad daemon will attempt to ascertain whether or not such a default deny rule exists, and will warn the user if not. See the FW_EXAMPLE_RULES file for example firewall rulesets that are compatible with psad.
Additionally, extensive coverage of psad is included in the book "Linux Firewalls: Attack Detection and Response" published by No Starch Press, and a supporting script in this book is compatible with psad. This script can be found here:
http://www.cipherdyne.org/LinuxFirewalls/ch01/

Installation
Depending on the Linux distribution, psad may already be available in the default package repository. For example, on Debian or Ubuntu systems, installation is done with a simple:

apt-get install psad

If psad is not available in the package repository, it can be installed with the install.pl script bundled in the psad sources. The install.pl script also handles upgrades if psad is already installed. psad requires several perl modules that may or may not already be installed on your Linux system. These modules are included in the deps/ directory in the psad sources, and are automatically installed by the install.pl script. The list of modules is:

Bit::Vector
Date::Calc
IPTables::ChainMgr
IPTables::Parse
NetAddr::IP
Storable
Unix::Syslog

psad also includes a whois client written by Marco d'Itri (see the deps/whois directory). This client does better than others at collecting the correct whois information for a given IP address.

Firewall Setup
The main requirement for an iptables configuration to be compatible with psad is simply that iptables logs packets. This is commonly accomplished by adding rules to the INPUT and FORWARD chains like so:

iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG

The rules above should be added at the end of the INPUT and FORWARD chains after all ACCEPT rules for legitimate traffic and just before a corresponding DROP rule for traffic that is not to be allowed through the policy. Note that iptables policies can be quite complex with protocol, network, port, and interface restrictions, user defined chains, connection tracking rules, and much more. There are many pieces of software such as Shorewall and Firewall Builder, that build iptables policies and take advantage of the advanced filtering and logging capabilities offered by iptables. Generally the policies built by such pieces of software are compatible with psad since they specifically add rules that instruct iptables to log packets that are not part of legitimate traffic. Psad can be configured to only analyze those iptables messages that contain specific log prefixes (which are added via the --log-prefix option), but the default is for psad to analyze all iptables log messages for evidence of port scans, probes for backdoor programs, and other suspect traffic.

Platforms
psad generally runs on Linux systems, and is available in the package repositories of many major Linux distributions. If there are any operational issues with psad, please open an issue on psad

Download psad

Analysis Backdoor DDoS Debian Detection Extension Fingerprinting Firewall Forensics Forensics Tool GNU Intrusion Detection Linux Log Nmap p0f Perl psad Scan Snort

psad - Intrusion Detection and Log Analysis with iptables

Admin Wednesday, October 11, 2017

OS X Auditor is a free Mac OS X computer forensics tool.
OS X Auditor parses and hashes the following artifacts on the running system or a copy of a system you want to analyze:

the kernel extensions
the system agents and daemons
the third party's agents and daemons
the old and deprecated system and third party's startup items
the users' agents
the users' downloaded files
the installed applications

It extracts:

the users' quarantined files
the users' Safari history, downloads, topsites, LastSession, HTML5 databases and localstore
the users' Firefox cookies, downloads, formhistory, permissions, places and signons
the users' Chrome history and archives history, cookies, login data, top sites, web data, HTML5 databases and local storage
the users' social and email accounts
the WiFi access points the audited system has been connected to (and tries to geolocate them)

It also looks for suspicious keywords in the .plist themselves.
It can verify the reputation of each file on:

Team Cymru's MHR
VirusTotal
your own local database

It can aggregate all logs from the following directories into a zipball:

/var/log (-> /private/var/log)
/Library/logs
the user's ~/Library/logs

Finally, the results can be:

rendered as a simple txt log file (so you can cat-pipe-grep in them… or just grep)
rendered as a HTML log file
sent to a Syslog server

Author
Jean-Philippe Teissier - @Jipe_ & al.

Support
OS X Auditor started as a week-end project and is now barely maintained. It has been forked by the great guys @ Yelp who created osxcollector.
If you are looking for a production / corporate solution I do recommend you to move to osxcollector (https://github.com/Yelp/osxcollector)

How to install
Just copy all files from GitHub.

Dependencies
If you plan to run OS X Auditor on a Mac, you will get a full plist parsing support with the OS X Foundation through pyobjc:

pip install pyobjc

If you can't install pyobjc or if you plan to run OS X Auditor on another OS than Mac OS X, you may experience some troubles with the plist parsing:

pip install biplist
pip install plist

These dependencies will be removed when a working native plist module will be available in python

How to run

OS X Auditor runs well with python >= 2.7.2 (2.7.9 is OK). It does not run with a different version of python yet (due to the plist nightmare)
OS X Auditor is maintained to work on the lastest OS X version. It will do its best on older OS X versions.
You must run it as root (or via sudo) if you want to use is on a running system, otherwise it won't be able to access some system and other users' files
If you're using API keys from environment variables (see below), you need to use the sudo -E to use the users environment variables

Type osxauditor.py -h to get all the available options, then run it with the selected options
eg. [sudo -E] python osxauditor.py -a -m -l localhashes.db -H log.html

Setting Environment Variables
VirusTotal API:

export VT_API_KEY=aaaabbbbccccddddeeee

Artifacts

Users

Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2
Library/Preferences/com.apple.LaunchServices.QuarantineEvents
Library/Preferences/com.apple.loginitems.plist
Library/Mail Downloads/
Library/Containers/com.apple.mail/Data/Library/Mail Downloads
Library/Accounts/Accounts3.sqlite
Library/Containers/com.apple.mail/Data/Library/Mail/V2/MailData/Accounts.plist
Library/Preferences/com.apple.recentitems.plist
Firefox

Library/Application Support/Firefox/Profiles/
cookies.sqlite
downloads.sqlite
formhistory.sqlite
places.sqlite
signons.sqlite
permissions.sqlite
addons.sqlite
extensions.sqlite
content-prefs.sqlite
healthreport.sqlite
webappsstore.sqlite

Safari

Library/Safari/
Downloads.plist
History.plist
TopSites.plist
LastSession.plist
Databases
LocalStorage

Chrome

Library/Application Support/Google/Chrome/Default/
History
Archived History
Cookies
Login Data
Top Sites
Web Data
databases
Local Storage

System

/System/Library/LaunchAgents/
/System/Library/LaunchDaemons/
/System/Library/ScriptingAdditions/
/System/Library/StartupItems/Library/ScriptingAdditions/
/System/Library/Extensions/
/System/Library/CoreServices/SystemVersion.plist
/Library/LaunchAgents/
/Library/LaunchDaemons/
/Library/StartupItems/
/Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist
/Library/logs
/var/log
/etc/localtime
StartupParameters.plist
/private/var/db/dslocal/nodes/Default/groups/admin.plist
/private/var/db/dslocal/nodes/Default/users

Related work

Disk Arbitrator
Disk Arbitrator is Mac OS X forensic utility designed to help the user ensure correct forensic procedures are followed during imaging of a disk device. Disk Arbitrator is essentially a user interface to the Disk Arbitration framework, which enables a program to participate in the management of block storage devices, including the automatic mounting of file systems. When enabled, Disk Arbitrator will block the mounting of file systems to avoid mounting as read-write and violating the integrity of the evidence.
https://github.com/aburgh/Disk-Arbitrator

Volafox
volafox a.k.a 'Mac OS X Memory Analysis Toolkit' is developed on python 2.x
https://code.google.com/p/volafox/

Mandiant Memoryze(tm) for the Mac
Memoryze for the Mac is free memory forensic software that helps incident responders find evil in memory… on Macs. Memoryze for the Mac can acquire and/or analyze memory images. Analysis can be performed on offline memory images or on live systems.
http://www.mandiant.com/resources/download/mac-memoryze

Volatility MacMemoryForensics
https://code.google.com/p/volatility/wiki/MacMemoryForensics

Download OSXAuditor

Analysis Chrome Chrome History Firefox Forensic Forensics Geolocation GNU Mac Mac OS X Memory Forensic Software OS X Auditor OSXAuditor Python SQLite VirusTotal Wi-Fi Wifi

OSXAuditor - Free Mac OS X Computer Forensics Tool

Admin Tuesday, October 10, 2017

Dradis is an open-source collaboration framework, tailored to InfoSec teams.

Goals

Share the information effectively.
Easy to use, easy to be adopted. Otherwise it would present little benefit over other systems.
Flexible: with a powerful and simple extensions interface.
Small and portable. You should be able to use it while on site (no outside connectivity). It should be OS independent (no two testers use the same OS).

Some of the features:

Platform independent
Markup support for the notes: text styles, code blocks, images, links, etc.
Integration with existing systems and tools:

Editions
There are two editions of Dradis Framework:

Dradis Framework Community Edition (CE): open-source and available freely under the GPLv2 license.
Dradis Framework Professional Edition (Pro): includes extra features that are more useful for organizations dealing with bigger teams and multiple projects at a time. To use Pro and get official support please become a subscriber.

Getting started: Community Edition

Git release (recommended)

$ git clone https://github.com/dradis/dradis-ce.git
$ cd dradis-ce/
$ ruby bin/setup
$ bundle exec rails server

You can browse to the app at http://localhost:3000/

Using Vagrant
If you'd like to use dradis in Vagrant, you can use the included Vagrantfile.

# Clone the repo
git clone https://github.com/dradis/dradis-ce.git

# install/start the vagrant box
vagrant up
# ssh into the box
vagrant ssh

# install ruby in the vagrant box
cd /dradis/dradis-ce
rvm install "$(cat .ruby-version)"


# Then you can proceed with standard setup from within Vagrant
ruby bin/setup
# You'll need to tell the server to bind to 0.0.0.0 for port forwarding:
bundle exec rails server -b 0.0.0.0

Stable release
In https://dradisframework.com/ce/download.html you will find the latest packages.

Getting help

http://dradisframework.org/
Community Forums
Slack channel
IRC: #dradis irc.freenode.org

Download Dradis Framework

Dradis Dradis Framework Framework GNU Linux Mac Python Reporting Ruby Ruby on Rails Security SSH Wrapper

Dradis Framework - Collaboration and reporting for IT Security teams

Admin Wednesday, October 4, 2017

BloodHound is a single page Javascript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a PowerShell ingestor.

BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attacks can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment.

BloodHound is developed by @_wald0, @CptJesus, and @harmj0y.

Getting started

Getting started with BloodHound is very simple. Once complete, head over to the Data Collection section to start collecting data, or check out the included database using BloodHound.

Windows

Download and install neo4j community edition.
Optional: configure the REST API to accept remote connections if you plan to run neo4j and the PowerShell ingestor on different hosts.

Clone the BloodHound GitHub repo.

git clone https://github.com/adaptivethreat/Bloodhound

Start the neo4j server, pointing neo4j to the provided sample graph database.
Run BloodHound.exe from the release found here or build BloodHound from source.
Authenticate to the provided sample graph database at bolt://localhost:7687. The username is "neo4j", and the password is "BloodHound".

You're now ready to get started with data collection!

Linux

Download and install neo4j community edition.
Optional: configure the REST API to accept remote connections if you plan to run neo4j and the PowerShell ingestor on different hosts.

Clone the BloodHound GitHub repo.

git clone https://github.com/adaptivethreat/Bloodhound

Start the neo4j server, pointing neo4j to the provided sample graph database.
Run BloodHound from the release found here or build BloodHound from source.
```
./BloodHound
```
Authenticate to the provided sample graph database at bolt://localhost:7687. The username is "neo4j", and the password is "BloodHound".

You're now ready to get started with data collection!

OSX

Download and install neo4j community edition.
Optional: configure the REST API to accept remote connections if you plan to run neo4j and the PowerShell ingestor on different hosts.

Clone the BloodHound GitHub repo.

git clone https://github.com/adaptivethreat/Bloodhound

Start the neo4j server, pointing neo4j to the provided sample graph database.
Run the BloodHound App from the release found here or build BloodHound from source.
Authenticate to the provided sample graph database at bolt://localhost:7687. The username is "neo4j", and the password is "BloodHound".

You're now ready to get started with data collection!

Download BloodHound

Active Directory BloodHound Database GNU Hidden JavaScript Linux Mac PowerShell Windows

BloodHound - Six Degrees of Domain Admin

Admin Friday, September 29, 2017

Halaman

Social Items

Termux ID

Features

Algorithms

Attack-Modes

Supported OpenCL runtimes

Supported OpenCL device types

Hashcat v4.0 - World's Fastest and Most Advanced Password Recovery Utility

Rekall v1.7 - Forensic and Incident Response Framework

psad - Intrusion Detection and Log Analysis with iptables

OSXAuditor - Free Mac OS X Computer Forensics Tool

Dradis Framework - Collaboration and reporting for IT Security teams

BloodHound - Six Degrees of Domain Admin