Aircrack-ng is a wireless security software suite. It consists of a network packet analyzer, a WEP network cracker, and WPA / WPA2-PSK along with another set of wireless auditing tools. Here are the most popular tools included in the Aircrack-ng suite. read more
Visibility, security and control across converged IT/OT operations. Strong ability to discover, identify and map all assets. Leading IT/OT Convergence.
Thursday, 11 August 2022
Wednesday, 10 August 2022
Netcat
Netcat is a Unix utility which reads and writes data across network connections using TCP or UDP protocol.
Following tasks can be done easily with Netcat:
- Connect to a port of a target host.
- Listen to a certain port for any inbound connections.
- Send data across client and server once the connection is established.
- Transfer files across the network once the connection is established.
- Can execute programs and scripts of the client on the server and vice versa.
- Can Provide remote shell access of server to a client where shell commands can be executed.
- read more
Sunday, 7 August 2022
WPScan
WPScan is a security scanner designed for testing the security of websites built using WordPress. WPScan was developed using the Ruby programming language and then released in the first version in 2019. The WPScan security scanner is primarily intended to be used by WordPress administrators and security teams to assess the security status of their WordPress installations. It is used to scan WordPress websites for known vulnerabilities both in WordPress and commonly used WordPress plugins and themes. The code base for WPScan is licensed under GPLv3.
WPScan is a WordPress black box scanner. The goal for using WPScan is to execute the activities of a real threat actor. WPScan does not require access to the source code or the WordPress dashboard. WPScan uses the wpvulndb.com vulnerability database which is a comprehensive list of WordPress core, plugin, and theme vulnerabilities. Frequently running WPScan is important to make sure that plug-ins and themes have no exposed vulnerabilities. Once set up, WPScan will run automatically on a daily basis.
WPScan is a Ruby application and can be run on Linux (and macOS also) by installing the Ruby gem. You can also run it by cloning the corresponding WPScan Github repository. A quick start can be done by installing the WPScan plugin on the WordPress website. Alternatively, you can use a Docker image. WPScan is also included in Linux distributions including Kali Linux and Pentoo.
WPScan has a strong feature set which includes, but is not limited to:
Username enumeration.
Enumeration attacks involve an attacker trying to determine if a target exists on the target system. The threat actor tries to detect which users exist on a website. The threat actor can then use this information as part of a larger attack chain. WPScan will utilize enumeration techniques just like a real threat actor. In a user enumeration attack, a threat actor will identify the variations in how WordPress responds to specific requests. Depending on the response received, the attacker can determine if the user exists. The threat actor may be able to use this information as part of a larger attack. Standard WordPress installations are often vulnerable to user enumeration, so you will need to protect against this attack vector. WPScan can quickly identify if this vulnerability exists. WPScan will try to enumerate all users on a given WordPress installation.
Version detection.
WPScan can detect the versions of WordPress core, plugins and themes,
Publicly accessible sensitive data.
WPScan can check for publicly accessible wp-config.php backups and other database exports.
Password cracking.
WPScan also has a password cracker. This can help you check your website for weak authentication credentials. You would need to provide WPScan with a password dictionary of your choosing. In an online method, repeatedly try to log in using a login form displayed by the targeted website. Success is just a matter of time for threat actors to break weak passwords. In contrast, in an offline attack, threat actors attack hashes which they downloaded from a hacked target on their servers. The use of offline password cracking is much faster. But without a copy of your WordPress database, they have no choice but to try for an online attack. Brute force attacks are also an option, but generally take too much time and effort. Dictionary attacks generally provide the best return on time invested for a threat actor. A dictionary attack relies on the use of a list of commonly harvested passwords. Attackers have a lot of passwords available at their disposal as a result of all the data breaches major websites have faced over the years.
Version enumeration.
WPScan can check theme and plugin versions against the wpvulndb.com WordPress vulnerability database. WPScan will also flag if the version of WordPress you are running contains security vulnerabilities. This results in a prompt to upgrade to the current version of WordPress.
Licensing
WPScan is actually not Open Source software. WPScan is licensed with a custom license that requires a fee to be paid if used commercially. Please check the WPScan website here for the best data: https://wpscan.com/wordpress-security-scanner
Other important security considerations for WordPress sites
1) Maintenance of a WordPress audit trail of all WordPress website activity and changes.
2) A WordPress firewall helps filter incoming traffic to WordPress websites. Good traffic is allowed to access the website, while malicious and suspect traffic and bots are blocked. WordPress firewalls can also be configured to stop attacks on specific targeted entry points and other vulnerabilities within a WordPress website.
3) The establishment of strong WordPress authentication and password policies
4) The use of two-factor authentication.
Saturday, 6 August 2022
Skipfish
Skipfish is a free, open-source Automated Penetration Testing tool available on GitHub made for security researchers. Skipfish is used for information gathering and testing the security of websites and web servers. Skipfish is the easiest and one of the best tools for penetration testing. It provides many integrated tools to perform penetration testing on the target system.
This tool is also known as an active web application security reconnaissance tool. This tool functions and makes a map on the console of the targeted site using recursive crawl and dictionary-based probes.
This tool gives us all the security checks that are active in the domain. Lastly, this tool generates a report which can be further used for security assessments.
Features and Uses of Skipfish tools :
- Skipfish is Open source intelligence tool.
- Skipfish can track enumeration.
- Skipfish is a fully automated tool.
- Skipfish has more than 15 modules that can be used for penetration testing.
- Skipfish is used to scanning websites and web apps.
- Skipfish is used to scan content management systems(CMS).
- Skipfish can find vulnerabilities in CMS, eg. WordPress, Joomla, etc.
- Skipfish has a large number of modules, such as metagoofil, wananga, etc.
Installation
Step 1:
To install the tool first move to desktop and then install the tool using the following command.
git clone https://gitlab.com/kalilinux/packages/skipfish.git
Step 2:
The tool has been downloaded into your kali Linux machine. Now move into the tool directory using the following command.
cd skipfish
ls
skipfish -h
Step 3:
Now you can see the help menu of the tool is running. You can use all the flags which are used with the tool. The tool has been downloaded and now we will see how to use it.
Usage
Example 1: Use skipfish tool to scan a WordPress website using its IP address.
skipfish -o 202 http://192.168.1.202/wordpress
This is the report of the tool. You can use this tool with your own target. You can use any domain of your own choice.
Example 2: Use Skipfish tool to scan bodegeit
sudo skipfish -o SkipfishTEST http://192.168.225.37/bodgeit
You can see that the tool has given all information such as scan time, HTTP requests to host, compression size, TCP handshakes, etc. This is how you can also perform an operation on your own specified target.
Thursday, 4 August 2022
Burp Suite
Burp Suite contains various tools for performing different testing tasks. The tools operate effectively together, and you can pass interesting requests between tools as your work progresses, to carry out different actions.
- Target - This tool contains detailed information about your target applications, and lets you drive the process of testing for vulnerabilities.
- Proxy - This is an intercepting web proxy that operates as a man-in-the-middle between the end browser and the target web application. It lets you intercept, inspect and modify the raw traffic passing in both directions.
- Scanner - This is an advanced web vulnerability scanner, which can automatically crawl content and audit for numerous types of vulnerabilities.
- Intruder - This is a powerful tool for carrying out automated customized attacks against web applications. It is highly configurable and can be used to perform a wide range of tasks to make your testing faster and more effective.
- Repeater - This is a tool for manually manipulating and reissuing individual HTTP requests, and analyzing the application's responses.
- Sequencer - This is a sophisticated tool for analyzing the quality of randomness in an application's session tokens or other important data items that are intended to be unpredictable.
- Decoder - This is a useful tool for performing manual or intelligent decoding and encoding of application data.
- Comparer - This is a handy utility for performing a visual "diff" between any two items of data, such as pairs of similar HTTP messages.
- Extender - This lets you load Burp extensions, to extend Burp's functionality using your own or third-party code.
- Logger - This is a tool for recording and analyzing HTTP traffic that Burp Suite generates.
- Inspector - This provides some useful features for analyzing and editing HTTP and WebSockets messages.
- Collaborator client - This is a tool for making use of Burp Collaborator during manual testing.
- DOM Invader - This is a tool for finding DOM XSS vulnerabilities.
- Clickbandit - This is a tool for generating Clickjacking attacks.
- Mobile Assistant - This is a tool to facilitate testing of mobile apps with Burp Suite.
Tuesday, 2 August 2022
Sqlmap
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches lasting from database fingerprinting to data fetching from the database to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Features
1) Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, Informix, MariaDB, MemSQL, TiDB, CockroachDB, HSQLDB, H2, MonetDB, Apache Derby, Amazon Redshift, Vertica, Mckoi, Presto, Altibase, MimerSQL, CrateDB, Greenplum, Drizzle, Apache Ignite, Cubrid, InterSystems Cache, IRIS, eXtremeDB, FrontBase, Raima Database Manager, YugabyteDB and Virtuoso database management systems.
2) Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries, and out-of-band.
3) Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port, and database name.
4) Support to enumerate users, password hashes, privileges, roles, databases, tables, and columns.
5) Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
6) Support to dump database tables entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.
7) Support to search for specific database names, specific tables across all databases, or specific columns across all databases' tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain strings like name and pass.
8) Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL, or Microsoft SQL Server.
9) Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL, or Microsoft SQL Server.
10) Support establishing an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session, or a graphical user interface (VNC) session as per the user's choice.
11) Support for database process' user privilege escalation via Metasploit's Meterpreter getsyste
m
command.
Download
You can download the latest zipball or tarball.
Preferably, you can download sqlmap by cloning the Git repository:
git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
Documentation
- sqlmap User's manual.
- sqlmap History.
- sqlmap Frequently Asked Questions (FAQ).
- Material around sqlmap presented at conferences.
Monday, 1 August 2022
Wireshark
What Is Wireshark?
Wireshark is a network protocol analyzer, or an application that captures packets from a network connection, such as from your computer to your home office or the internet. Packet is the name given to a discrete unit of data in a typical Ethernet network.
Wireshark is the most often-used packet sniffer in the world. Like any other packet sniffer, Wireshark does three things:
Packet Capture: Wireshark listens to a network connection in real time and then grabs entire streams of traffic – quite possibly tens of thousands of packets at a time.
Filtering: Wireshark is capable of slicing and dicing all of this random live data using filters. By applying a filter, you can obtain just the information you need to see.
Visualization: Wireshark, like any good packet sniffer, allows you to dive right into the very middle of a network packet. It also allows you to visualize entire conversations and network streams.
Packet sniffing can be compared to spelunking – going inside a cave and hiking around. Folks who use Wireshark on a network are kind of like those who use flashlights to see what cool things they can find. After all, when using Wireshark on a network connection (or a flashlight in a cave), you’re effectively using a tool to hunt around tunnels and tubes to see what you can see.
What Is Wireshark Used For?
Wireshark has many uses, including troubleshooting networks that have performance issues. Cybersecurity professionals often use Wireshark to trace connections, view the contents of suspect network transactions, and identify bursts of network traffic. It’s a major part of any IT pro’s toolkit – and hopefully, the IT pro has the knowledge to use it.
When Should Wireshark Be Used?
Wireshark is a safe tool used by government agencies, educational institutions, corporations, small businesses, and nonprofits alike to troubleshoot network issues. Additionally, Wireshark can be used as a learning tool.
Those new to information security can use Wireshark as a tool to understand network traffic analysis, how communication takes place when particular protocols are involved and where it goes wrong when certain issues occur.
Of course, Wireshark can’t do everything.
First of all, it can’t help a user who has little understanding of network protocols. No tool, no matter how cool, replaces knowledge very well. In other words, to properly use Wireshark, you need to learn exactly how a network operates. That means you need to understand things such as the three-way TCP handshake and various protocols, including TCP, UDP, DHCP, and ICMP.
Second, Wireshark can’t grab traffic from all of the other systems on the network under normal circumstances. On modern networks that use devices called switches, Wireshark (or any other standard packet-capturing tool) can only sniff traffic between your local computer and the remote system it is talking to.
Third, while Wireshark can show malformed packets and apply color coding, it doesn’t have actual alerts; Wireshark isn’t an intrusion detection system (IDS).
Fourth, Wireshark can’t help with decryption with regards to encrypted traffic.
And finally, it is quite easy to spoof IPv4 packets. Wireshark can’t really tell you if a particular IP address it finds in a captured packet is a real one or not. That requires a bit more know-how on the part of an IT pro, as well as an additional software.
Common Wireshark Use Cases
Here’s a common example of how a Wireshark capture can assist in identifying a problem. The figure below shows an issue on a home network, where the internet connection was very slow.
As the figure shows, the router thought a common destination was unreachable. This was discovered by drilling down into the IPv6 Internet Message Control Protocol (ICMP) traffic, which is marked in black. In Wireshark, any packet marked in black is considered to reflect some sort of issue.
In this case, Wireshark helped determine that the router wasn’t working properly and couldn’t find YouTube very easily. The problem was resolved by restarting the cable modem. Of course, while this particular problem didn’t necessitate using Wireshark, it’s kind of cool to authoritatively finalize the issue.
When you take another look at the bottom of Figure 2, you can see that a specific packet is highlighted. This shows the innards of a TCP packet that is part of a transport layer security (TLS) conversation. This is a great example of how you can drill down into the captured packet.
Using Wireshark doesn’t allow you to read the encrypted contents of the packet, but you can identify the version of TLS the browser and YouTube are using to encrypt things. Interestingly enough, the encryption shifted to TLS version 1.2 during the listening.
Wireshark is often used to identify more complex network issues.
Microsoft Thwarts Chinese Cyber Attack Targeting Western European Governments
Microsoft on Tuesday revealed that it repelled a cyber attack staged by a Chinese nation-state actor targeting two dozen organizations...
-
An intrusion detection system (IDS) An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity a...
-
Computer cracker A computer cracker is an outdated term to describe someone who broke into computer systems, bypassed passwords or licenses ...
-
Man-in-the-Middle Attack You may have heard the term ‘Man-in-the-middle (MiTM) Attack.’ You may even have a blurred idea of it. But you’re s...