Monday, June 28, 2010

Xplico 0.5.7 - VoIP "Wire" Tapping

Xplico is an open source Network Forensic Analysis Tool. Its goal is to extract from an Internet traffic capture the applications data contained. From a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on.

This release introduces improvements in the SIP and RTP dissectors.
In this version was also added the RTCP dissector, with this dissector Xplico is able to obtain the phone numbers of the caller and called party (obviously only if present in the RTCP packets).

DEFT 5.1 Live distribution contains this version.

Download :

Sunday, June 27, 2010

DEFT Linux 5.1 Computer Forensic Live CD

DEFT Linux is a highly specialized Linux distribution aimed at forensic computing. It comes with a number of dedicated tools and is a computer investigator’s best friend. The latest release, DEFT Linux 5.1, is a small maintenance update, which brings some newer packages and fixes a couple of bugs

What’s new?
Update: Sleuthkit 3.1.1 and Autopsy 2.24
Update: Xplico to 0.5.7 (100% support of SIP – RTP codec g711, g729, g722, g723 and g726, SDP and RTCP)
Update: Initrd
Bug fix: Dhash report (reports were not generated)
Bug fix: DEFT Extra bug fix (a few tools did not work if the operator click on their icons, added the dd tool for x64 machines)


Thursday, June 24, 2010

Live Hacking Linux Security Distro Bootable CD

Live Hacking CD is a new Linux distribution packed with tools and utilities for ethical hacking, penetration testing and countermeasure verification. Based on Ubuntu this ‘Live CD” runs directly from the CD and doesn’t require installation on your hard-drive. Once booted you can use the included tools to test, check, ethically hack and perform penetration tests on your own network to make sure that it is secure from outside intruders.

The CD comes in two forms. A full Linux desktop including a graphical user interface (GNOME) and applications like Firefox along with tools and utilities for DNS enumeration, reconnaissance, foot-printing, password cracking and network sniffing. For greater accessibility there is a Live Hacking menu to help you quick find and launch the tools.

The second variation is the Live Hacking Mini CD, which is command line only. However this doesn't detract from the power of the tools and utilities included as most of the penetration testing and ethical hacking tools are command line tools. The included /lh directory has symbolic links to the different tools included.


Tuesday, June 22, 2010

Lens version

Lens ASP.NET Penetration Testing Tool

Lens is an open-source ethical hacking tool specialized to penetration testing of ASP.NET web applications. Lens is written in WPF 4 and its internal modular architecture allows us to easily add new tests to the system.
Base features
Resize-friendly window structure
Window position is preserved across sessions
Built-in zoom
Detailed log window
Links to online information about the attacks and fixes

You can use our Lens tool to test your site against the following attacks
Session state
Session fixation (available in v.
Forms authentication
Eavesdropping (available in v.
Information disclosure (available in v.
Event handler bypass
Event handling
Postback to disabled controls
Postback to invisible controls
One-click attack


Sunday, June 20, 2010

Bruter 1.0

Bruter is a parallel network login brute forcer on Win32 platform only. It currently supports following services: FTP, HTTP (Basic), HTTP (Form), IMAP, MSSQL, MySQL, POP3,SMB-NT, SMTP, SNMP, SSH2, Telnet, VNC.

To see full changelog since alpha version check:


Wednesday, June 16, 2010

Social-Engineering Toolkit


The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. Currently SET has two main methods of attack, one is utilizing.Metasploit payloads and Java-based attacks by setting up a malicious website that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. The goal of SET is to bring awareness to the often forgotten attack vector of social-engineering.


For more info and video demo check: David Kennedy (ReL1K) website

Monday, June 14, 2010

x5s - Automated Cross-Site Scripting

x5s is a Fiddler addon which aims to assist penetration testers in finding cross-site scripting vulnerabilities. It's main goal is to help you identify the hotspots where XSS might occur by:

  • Detecting where safe encodings were not applied to emitted user-inputs
  • Detecting where Unicode character transformations might bypass security filters
  • Detecting where non-shortest UTF-8 encodings might bypass security filters
It injects ASCII to find traditional encoding issues, and it injects special Unicode characters and encodings to help an analyst identify where XSS filters might be bypassed. The approach to finding these hotspots involves injecting single-character probes separately into each input field of each request, and detecting how they were later emitted. The focus is on reflected XSS issues however persisted issues can also be detected. The idea of injecting special Unicode characters and non-shortest form encodings was to identify where transformations occur which could be used to bypass security filters. This also has the interesting side effect of illuminating how all of the fields in a Web-app handle Unicode. For example, in a single page with many inputs, you may end up seeing the same test case get returned in a variety of ways – URL encoded, NCR encoded, ill-encoded, raw, replaced, dropped, etc. In some cases where we’ve had Watcher running in conjunction, we’ve been able to detect ill-formed UTF-8 byte sequences which is indicative of ‘other’ problems.

x5s acts as an assistant to the security tester by speeding up the process of parameter manipulation and aggregating the results for quick viewing. It automates some of the preliminary XSS testing work by enumerating and injecting canaries into all input fields/parameters sent to an application and analyzing how those canaries were later emitted. E.g. Was the emitted output encoded safely or not? Did an injected character transform to something else?

x5s does not inject XSS payloads - it does not attempt to exploit or confirm an XSS vulnerability. It's designed to draw your attention to the fields and parameters which seem likely candidates for vulnerability. A security-tester would review the results to find issues where special characters were dangerously transformed or emitted without a safe encoding. This can be done by quickly scanning the results, which have been designed with the intention of providing quick visual inspection. Results filters are also included so the tester could simply click show hotspots to see only the potential problem areas. After identifying a hotspot it's the tester's job to perform further validation and XSS testing.

The types of test cases that x5s includes:
  1. Traditional test cases - characters typically used to test for XSS injection such as <, >, ",and ' which are used to control HTML, CSS, or javascript;
  2. Transformable test cases - characters that might uppercase, lowercase, Normalize, best-fit map, or other wise transform to completely different characters, E.g. the Turkish 'İ' which will lower-case to 'i' in culture-aware software.
  3. Overlong UTF-8 test cases - non-shortest UTF-8 encodings of the 'traditional' test cases noted above. E.g. the ASCII < is 0x3C normally and 0xC0 0xBC in non-shortest form UTF-8.

Friday, June 11, 2010

W3af v1.0-rc3

W3af, is a Web Application Attack and Audit Framework. The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much

The development team is proud to announce a new w3af release! Some of the features of the 1.0-rc3 version are:

* Enhanced GUI, including huge changes in the MITM proxy and the Fuzzy Request Editor
* Increased speed by rewriting parts of the thread management code
* Fixed tons of bugs
* Reduced memory usage
* Many plugins were rewritten using different techniques that use less HTTP requests to identify the same vulnerabilities
* Reduced false positives

You can download the latest versions from the official w3af website:

Thursday, June 10, 2010


Jacknsee is an educational network security tool. Its purpose is to teach students in computer science how basic hijacking techniques are used to corrupt a network. A few examples are given: man in the middle, DoS, stack buffer overflow attack

Video demo:

Download and more info:

Tuesday, June 8, 2010

SamuraiWTF 0.8

Web penetration testing live CD built on open source software

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

This version includes metasploit, target applications and tons of tool updates. It is now DVD sized as it has out grown the CD release

More info and Download:

Monday, June 7, 2010

SpiderLabs Defacetool

DefaceTool is an open-source Java Server Faces(JSF)testing tool for decoding view state and creating view state attack vectors. The tool can be used to create XSS attacks and session and application scope attacks against Apache MyFaces 1.2.8 applications. The tool has been architected to be extensible and can be modified to support other versions of Apache MyFaces and Sun Mojarra.


Friday, June 4, 2010

D-Link Routers: One Hack to Own Them All

Multiple D-Link Routers Vulnerable to Authentication Bypass

Multiple D-Link routers suffer from insecure implementations of the Home
Network Administration Protocol which allow unauthenticated and/or
unprivileged users to view and configure administrative settings on the

Further, the mere existence of HNAP allows attackers to completely bypass
the CAPTCHA login features that D-Link has made available in recent
firmware releases.

These vulnerabilities can be exploited by an individual inside the local
network, as well as an external attacker.

It is suspected that most, if not all, D-Link routers manufactured since
2006 have HNAP support and are vulnerable. However, only the following
routers and firmware versions have been confirmed to date:

1) DI-524 hardware version C1, firmware version 3.23
2) DIR-628 hardware version B2, firmware versions 1.20NA and
3) DIR-655 hardware version A1, firmware version 1.30EA

You can read full write-up here, and download POC tool, HNAP0wn, here.

Wednesday, June 2, 2010


WebRaider is a plugin based automated web application exploitation tool which focuses to get a shell from multiple targets or injection point

Internally WebRaider uses Metasploit. We use a specific version of Metasploit. We trim the fat from Metasploit to launch it faster and make it smaller. You can change the paths and make it work with the latest Metasploit of your own setup.

Note: Your antivirus won't like the WebRaider download package as it includes reverse shell executables and other metasploit files.

WebRaider Presentation and White Paper and Download
Certified Ethical Hacker Network Security Internet Security Computer Security Wireless Network Security