Newsletter - May 2014 ToolsWatch Team NJ OUCHN & MJMJ SOLERSOLER Tools! Lots of Tools Released! During May 2014, we published 33 Posts with 13 News Tools. Organized by Date • Cuckoo Sandbox v1.1 Released • SpiderFoot v2.1.5 Released • SAMHAIN v3.1.1 Released • WPScan v2.4 Released • w3af v1.6 Released • Tor Browser v3.6 Released • Arachni v0.4.7 – Web User Interface v0.4.4 Released • Tails v1.0 – The Amnesic Incognito Live System Released • Lynis v1.5.2 Auditing Tool Released • Nmap v6.46 Released • IPv6 Toolkit v1.5.3 Released • [New Tool] QuatraScan V3000 Web Application Vulnerability Scanner (SaaS) Released • [New Tool] Inception v0.3.5 Beta – Attacking FireWire Devices Released • [New Tool] Parsero v0.71 – Attacking Robots.txt Files Released • [New Tool] DepDep v1.0 Determine Critical Data In Network Sharing – Released • [New Tool] RedoWalker Beta Version Released • [New Tool] argus v3.0.6 – Real Time Flow Monitor Released • [New Tool] Tastic RFID Thief – Proximity Badge Released • Hook Analyser v3.1 Released • Desenmascara.me (unmaskme) PoC Security Awareness Web • APK Binder Script v0.1 Released • NTO Mobile On-Demand Service Released • oclHashcat v1.21 Released • [New Tool] Interactive Network Packet Builder v1.0 • Kali Linux v1.0.7 Released • p0f v3.07b Released • [New Tool] Webfwlog Firewall Log Analyzer v1.0 Released • [New Tool] OWASP PCI Toolkit Beta Version Released • [New Tool] OWASP OWTF – Offensive (Web) Testing Framework v0.45.0 Released • OWASP ZAP v2.3.1 Released • ThreadFix v2.1M1 Released • [New Tool] ByWaf v1.0 – Web Application Penetration Testing Framework Released • [New Tool] Big Iron Recon & Pwnage (BIRP) for Mainframe Released Cuckoo Sandbox v1.1 Released Cuckoo Sandbox is a malware analysis system. It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment. http://www.toolswatch.org/?p=44036 SpiderFoot v2.1.5 Released SpiderFoot is a free, open-source footprinting tool, enabling you to perform various scans against a given domain name in order to obtain information such as sub-domains, e-mail addresses, owned netblocks, web server versions and so on. The main objective of SpiderFoot is to automate the footprinting process to the greatest extent possible, freeing up a penetration tester's time to focus their efforts on the security testing itself. SpiderFoot has written in Python and runs on Linux, *BSD and Windows. http://www.toolswatch.org/?p=44048 SAMHAIN v3.1.1 Released The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. http://www.toolswatch.org/?p=44055 WPScan v2.4 Released WPScan is a black box WordPress vulnerability scanner. http://www.toolswatch.org/?p=44062 w3af v1.6 Released w3af, is a Web Application Attack and Audit Framework. The w3af core and its plugins are fully written in python, it identifies more than 200 vulnerabilities and reduce your site's overall risk exposure. Identify vulnerabilities like SQL Injection, Cross-Site Scripting, Guessable credentials, unhandled application errors and PHP misconfigurations. http://www.toolswatch.org/?p=44091 Tor Browser v3.6 Released The Tor Browser Bundle lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained. http://www.toolswatch.org/?p=44106 Arachni v0.4.7 – Web User Interface v0.4.4 Released Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. http://www.toolswatch.org/?p=44115 Tails v1.0 – The Amnesic Incognito Live System Released Tails, The Amnesic Incognito Live System, is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly. http://www.toolswatch.org/?p=44117 Lynis v1.5.2 Auditing Tool Released Lynis is an auditing tool which tests and gathers (security) information from Unix based systems. The audience for this tool are security and system auditors, network specialists and system maintainers. http://www.toolswatch.org/?p=44121 Nmap v6.46 Released Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for network inventory, managing service upgrade schedules, monitoring host or service uptime, and many other tasks. http://www.toolswatch.org/?p=44128 IPv6 Toolkit v1.5.3 Released A security assessment and troubleshooting tool for the IPv6 protocols. http://www.toolswatch.org/?p=44144 [New Tool] QuatraScan V3000 Web Application Vulnerability Scanner (SaaS) Released QuatraScan is a next generation Security as a Service platform provides you with advanced website application security. It discovers, catalogs and scan vast numbers of web applications to ensure the highest level of protection against vulnerabilities and intrusion. http://www.toolswatch.org/?p=44146 [New Tool] Inception v0.3.5 Beta – Attacking FireWire Devices Released Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost* any powered on machine you have physical access to. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces. http://www.toolswatch.org/?p=44149 [New Tool] Parsero v0.71 – Attacking Robots.txt Files Released Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries. The Disallow entries are the URL path of directories or files hosted on a web server which the administrators don't want to be indexed by the crawlers. http://www.toolswatch.org/?p=44163 [New Tool] DepDep v1.0 Determine Critical Data In Network Sharing – Released Depdep is a merciless sentinel which will seek sensitive files containing critical info leaking through your network. Basically, it is a fast and practical sensitive data search tool maintaining personal & commercial data privacy for companies and institutions. http://www.toolswatch.org/?p=44179 [New Tool] RedoWalker Beta Version Released RedoWalker is a tool to explore Oracle database transaction logs, otherwise known as redo logs. Any time changes are made to the database server, for example after an INSERT, DELETE or UPDATE, they are recorded in the redo log. http://www.toolswatch.org/?p=44243 [New Tool] argus v3.0.6 – Real Time Flow Monitor Released Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information. http://www.toolswatch.org/?p=44288 [New Tool] Tastic RFID Thief – Proximity Badge Released The Tastic RFID Thief is a silent, long-range RFID reader that can steal the proximity badge information from an unsuspecting employee as they physically walk near this concealed device. Specifically, it is targeting 125KHz, low frequency RFID badge systems used for physical security, such as those used in HID Prox and Indala Prox products. http://www.toolswatch.org/?p=44291 Hook Analyser v3.1 Released Hook Analyser is a freeware application which allows an investigator/ analyst to perform "static & run-time / dynamic" analysis of suspicious application, also gather (analyse & co- related) threat intelligence related information (or data) from various open sources on the Internet. http://www.toolswatch.org/?p=44386 Desenmascara.me (unmaskme) PoC Security Awareness Web Desenmascara.me is a tool yet in it's early PoC stage but fully functional. The goal of this tool is to raise security awareness among web owners in order to help decrease the constant rise of compromised websites. (unmaskme means desenmascarame in Spanish). http://www.toolswatch.org/?p=44388 APK Binder Script v0.1 Released apk_binder_script allows us to unify two apk's in one or add a service apk smali code to the target. This copy smali code, active and manifest. Implements a receiver acting loader loading the class specified as a parameter (a service). http://www.toolswatch.org/?p=44392 NTO Mobile On-Demand Service Released NTOMobile On-Demand combines static analysis security testing (SAST), NTOSpider’s dynamic application security testing (DAST) and expert pen testers to deliver comprehensive and effective mobile application security testing services. Leveraging the power of NTOSpider’s DAST capabilities, NTOMobile On-Demand is the only mobile security solution available capable of effectively and automatically testing the web services that power mobile back ends and that leverage new technologies like REST, JSON and SOAP. http://www.toolswatch.org/?p=44458 oclHashcat v1.21 Released oclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack (implemented as mask attack), combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack. http://www.toolswatch.org/?p=44462 [New Tool] Interactive Network Packet Builder v1.0 With Interactive Network Packet Builder you can visually build "any" syntactically correct IP packet for a number of well-known protocols via simple point-and-click operations. Supported protools are SSH, FTP, HTTP, SIP, iSCSI, SMBv1, etc.