Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label PenTesting Tools. Show all posts
Security News
PenTesting Pentesting OS PenTesting OS for mobile PenTesting Tools Security News

Ubnhd2 PenTesting OS : Change your Android mobile as Hacking Device


Ubnhd2 is a security and pentest focused ubuntu/debian system that runs natively on the HTC HD2 phone. To boot this you need the Magldr on your phone and the first FAT partition should be named "SD". The Ubnhd2 is in beta version.

The Ubnhd2 is in beta .  For now, these options work:
- Booting via Magldr
- Landscape Display orientation
- usb host
- Haret booting
- Touchscreen
- Wifi with encryption
- 3G network connection, sim-pin needs to be disabled !
- Audio/audio player
- Audio Outputs (Loudspeaker, Phonespeaker or Headphones)
- The Hardware Controls (Display Brightness, LEDs etc)
- x11VNC Server(not the fastest one due to workarounds, but still usable)
- PwnPi & Backtrack Tools(not all but most atm)
- dpms
- The common ubuntu stuff


What doesnt work:
- Monitor Mode for bc5329
- Phone Feature(no calls no sms/mms sPhone stills needs to be loaded or 3g network wouldnt work.)
- Bluetooth(kernel side looking ok, but the rest is incomplete)
- Battery Stats (no percentage, no recharging)
- Video Player (Without Audio it looks delicious with Xine, even in
fullscreen, but due to the Audio problem mentioned before it has desynchronized and laggy sound)
- Hardware keys, (Kernel side ok but the xorg.conf and xinput settings are not correct)
- Second Mouse Button

The Project needs:
- Kernel Developers (urgent)
- People who are familiar with implementing the msm/qsd x.org driver
- People who are able to crosscompile for arm's
- Developers that have good tools or scripts to embed
- Pentesters who want to contribute some toolchains and methods
- Designers / Webdesigners
- Translators
- People who are able to fix s.th.


If you want to enter the project, you can contact the developer via XDA-developers forum.

How to install Ubnhd2?:
Rename the first FAT Partition of the SD card to "SD" or many things wont work !  (this should be done externally and not in the phone because ubuntu sets the mount points on boot time !)

You need the Magldr on your HD2

Extract all files from the downloaded archive "linux.zip" to the directory "linux" on your sd card

Set the right "Android from SD" folder in Magldr (SD/linux), select "Boot AD from SD"

The package "connman" should be deinstalled because its consuming too much cpu and doesn't work well together with wicd, the wifi autoconnect after boot was also affected by this.

Password for both accounts is still "ubuntu"

Be careful what you install, it has Debian and Ubuntu repos. In some cases the "Force Version" Option helps

To get the Wifi working you need the drivers from here:
http://www.mediafire.com/?6l365qz2jvc5hqh

- extract the two files (fw_bcm4329.bin & bcm4329.ko)
- move them to the root folder of your SD-Card
- boot up ubnhd2
- go to gnome-menu -> Stuff -> System -> bcd-res-upd
- take option 7 (Import ... from SD)
- takes a second
- Press the wifi-signal in the dock
- answer the dialog with ok
- after the vibration signal from the wifi script the networks can be
configured by clicking the icon in the menubar (wicd app)

Download 0.0.3.17 beta:
https://sourceforge.net/projects/ubnhd2/
Read more »
PenTesting Tools
Backtrack Linux Featured PenTesting Tools

Backtrack 5 R3 Released - PenTesting Distribution



Offensive Security has released updated version of its PenTesting distribution, BackTrack 5 R3.  The update version  focuses on bug-fixes as well as the addition of over 60 new tools-several of which were released in BlackHat and Defcon 2012.

A whole new tool category was populated – “Physical Exploitation”, which now includes tools such as the Arduino IDE and libraries, as well as the Kautilya Teensy payload collection.

"Together with our usual KDE and GNOME, 32/64 bit ISOs, we have released a single VMware Image (Gnome, 32 bit). For those requiring other VM flavors of BackTrack – building your own VMWare image is easy – instructions can be found in the BackTrack Wiki." Offensive Security Team said.

For the insanely impatient, you can download the BackTrack 5 R3 release via torrent right now. Direct ISO downloads will be available once all their HTTP mirrors have synched, which should take a couple more hours. Once this happens, they will update their BackTrack Download page with all links.
Read more »
Software Release
Breaking News PenTesting Tools Software Release

Microsoft released Attack Surface Analyzer 1.0


Microsoft has released Attack Surface Analyzer 1.0 which determines the security of an application by examining how it affects the computer it is installed on.

The tools was originally released on January 2011 during the Blackhat DC security conference as Beta version.

According to the press release, the new release includes performance enhancements and bug fixes to improve the user experience. Through improvements in the code, Microsoft reduces the number of false positives and improve Graphic User Interface performance. This release also includes in-depth documentation and guidance to improve ease of use.

"The Attack Surface Analyzer tool is designed to assist independent software vendors (ISVs) and other software developers during the verification phase of the Microsoft Security Development Lifecycle (SDL) as they evaluate the changes their software makes to the attack surface of a computer. " Microsoft explains.

"Because Attack Surface Analyzer does not require source code or symbol access, IT professionals and security auditors can also use the tool to gain a better understanding of the aggregate attack surface change that may result from the introduction of line-of-business (LOB) applications to the Windows platform. "


Read more »
Software Release
Breaking News Network Mapper PenTesting Tools Software Release

Nmap Security Scanner version v6.0 released


The Nmap Project released Nmap Security Scanner version 6.00. It is the product of almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009.


Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts, better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more! We recommend that all current users upgrade.

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for network inventory, managing service upgrade schedules, monitoring host or service uptime, and many other tasks


Top 6 Improvements in Nmap 6

  • NSE Enhanced
  • Better Web Scanning
  • Full IPv6 Support
  • New Nping Tool
  • Better Zenmap GUI & results viewer
  • Faster scans
More details about the latest version can be found here:
http://nmap.org/6/
Read more »
Vulnerability Scanner
PenTesting Tools Software Release Vulnerability Scanner

IronWASP v0.9.0.3 released -A web application vulnerability Testing Tool


IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing, developed by Lavakumar Kuppan.

It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners.

Features:
  • Automated Scanning
  • Manual Testing
  • Scripting Shell
  • Javascript Static Analysis
  • Active and Passive Plugins
  • Format Plugin
  • Logging
  • Session Plugin
In recent null chennai meeting, Mr.Lavakumar demonstrated how to use this tool to test your web application against Web application vulnerabilities(Sqli and XSS).  Fortunately, i was there and enjoyed the demo. In next null chennai meeting, he is going to present Second part of the Demo. So don't miss it!


You can download the latest version from here:
http://ironwasp.org/download.html

Read more »
Software Release
PenTesting Tools Software Release

Mole V.0.3 released ,an automatic SQL Injection exploitation tool

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.

ChangeLog v-0.3 :

+ Added integer union sql injection exploitation support.

+ Added early DBMS Detection.

+ Added import command (only XML format supported).

+ Added export command (only XML format supported).

+ Added find_tables command.

+ Added find_tables_like command.

+ Added find_users_table command.

+ Added readfile command (only supported in MySQL).

+ Added xml import and export support.

+ Fixed gathering of schemas, tables and columns in SQL Server.

+ Fixed dumping bugs in Postgres.

+ Fixed other minor bugs.

Platform : Windows & Linux:

Download

Read more »
Software Release
Backtrack Linux Operating system PenTesting Tools Software Release

Now Upgrade to Backtrack 5 R2 ~ BT5 R2 will be Released On March

The long awaited release of the BackTrack 5 R2 kernel has arrived, and it’s now available in Backtrack repositories. With a spanking brand new 3.2.6 kernel, a huge array of new and updated tools and security fixes, BT5 R2 will provide a more stable and complete penetration testing environment than ever before.

Backtrack will start a series of blog posts on how to upgrade, deal with VMWare, and even build your own updated BT5 R2 by yourself. Backtrack explained how to upgrade to BT5 R2 here


"March 1st! The BackTrack 5 R2 ISOS will we available for download from our site on March 1st via Torrent only. HTTP links will be added a few days later." promised in the Backtrack-linux.
Read more »
Vulnerability Scanner
Drupal Scanners PenTesting Tools Software Release Vulnerability Scanner

DPScan : Drupal Vulnerability Scanner Released

A Pen tester , Ali Elouafiq and his team have developed a new Penetration testing tool for scanning vulnerabilities in Drupal CMS.

Drupal Security Scanner will enumerate at least the modules used by Drupal so we can simulate a White Box audit on our private machines.

 They released this tool publicly so that it can help for other PenTesters and auditors to do their job faster.

Download the Scanner from here:
https://github.com/insaneisnotfree/Blue-Sky-Information-Security/blob/master/DPScan.py

How to scan?
1.After downloading the tool, Move the downloaded file to pentesting folder or Desktop.
2.Open your terminal.
3.Navigate to the dpscan folder using cd command.
4.Use the command to scan the vulnerability in target website:
python DPScan.py [Target_Drupal_site]
Read more »
Subscribe to: Posts (Atom)