Evil Foca is a tool for security pen testers and auditors whose purpose it is to test security in IPv4 and IPv6 data networks.
The tool is capable of carrying out various attacks such as:
MITM over IPv4 networks with ARP Spoofing and DHCP ACK Injection.
MITM on IPv6 networks with Neighbor Advertisement Spoofing, SLAAC attack, fake DHCPv6.
DoS (Denial of Service) on IPv4 networks with ARP Spoofing.
DoS (Denial of Service) on IPv6 networks with SLAAC DoS.
DNS Hijacking.
The software automatically scans the networks and identifies all devices and their respective network interfaces, specifying their IPv4 and IPv6 addresses as well as the physical addresses through a convenient and intuitive interface.
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.
WHAT IS KISMET?
Kismet is a wireless network detector, sniffer, and intrusion detection system. Kismet works predominately with Wi-Fi (IEEE 802.11) networks, but can be expanded via plug-ins to handle other network types.
FEATURES
802.11 sniffing
Standard PCAP logging (compatible with Wireshark, TCPDump, etc)
Client/Server modular architecture
Plug-in architecture to expand core features
Multiple capture source support
Live export of packets to other tools via tun/tap virtual interfaces
Distributed remote sniffing via light-weight remote capture
XML output for integration with other tools
The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.
utility for arming (creating) many bees (micro EC2 instances) to attack (load test) targets (web applications).
Dependencies:
Python 2.6
boto
paramiko
Wifiphisher is a security tool that mounts automated phishing attacks against WiFi networks in order to obtain secret passphrases or other credentials. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages or WPA/WPA2 secret passphrases.Wifiphisher works on Kali Linux and is licensed under the GPL license.
Requirements:
Kali Linux.
Two wireless network adapters; one capable of injection.
Orchid is a Tor client implementation and library written in pure Java.It was written from the Tor specification documents, Orchid runs on Java 5+ and the Android devices.
How can Orchid be used?
In a basic use case, running Orchid will open a SOCKS5 listener which can be used as a standalone client where Tor would otherwise be used.
Orchid can also be used as a library by any application running on the JVM. This is what Orchid was really designed for and this is the recommended way to use it. Orchid can be used as a library in any Java application, or any application written in a language that compiles bytecode that will run on the Java virtual machine, e.g., JRuby, Clojure, Scala..
Ipdecap can decapsulate traffic encapsulated within GRE, IPIP, 6in4, ESP (ipsec) protocols, and can also remove IEEE 802.1Q (virtual lan) header.
It reads packets from an pcap file, removes the encapsulation protocol, and writes them to another pcap file.
Goals are:
Extract encapsulated tcp flow to analyze them with conventional tcp tools (tcptrace, tcpflow, …)
Reduce pcap files size by removing encapsulation protocol
Ipdecap was first written to analyze a strange tcp behavior encapsulated by ESP, without intervention on vpn endpoints.
Installation:
Dependances
Openssl
Libpcap
Compilation
wget https://github.com/lpefferkorn/ipdecap/archive/v0.7.tar.gz
tar xvzf v0.7.tar.gz
cd ipdecap-0.7
sh autogen.sh
./configure
make
make install
Use
Command line:
A source pcap file
An output pcap file
A configuration file to decrypt ESP packets
Maybe a bpf filter to limit packets to process.
Ipdecap 0.5, decapsulate GRE, IPIP, 6in4, ESP packets, remove 802.1Q header - Loic Pefferkorn
Supported encapsulation protocols
GRE
IPIP
6in4 (IPv6 encapsulated within IPv4)
ESP (ipsec, tunnel mode)
ESP algorithms
(crypt) des-cbc 3des-cbc aes128-cbc aes128-ctr null_enc
(auth) hmac_md5-96 hmac_sha1-96 aes_xcbc_mac-96 null_auth any96 any128 any160 any192 any256 any384 any512
Usage
ipdecap [-v] [-l] [-V] -i input.cap -o output.cap [-c esp.conf] [-f ]
Options:
-c, --conf configuration file for ESP parameters (IP addresses, algorithms, ... (see man ipdecap)
-h, --help this help message
-i, --input pcap file to process
-o, --output pcap file with decapsulated data
-f, --filter only process packets matching the bpf filter
-l, --list list availables ESP encryption and authentication algorithms
-V, --version print version
-v, --verbose verbose
GoldenEye is an python app for SECURITY TESTING PURPOSES ONLY!
GoldenEye is a HTTP DoS Test Tool.
Attack Vector exploited: HTTP Keep Alive + NoCache
GoldenEye is an HTTP/S Layer 7 denial of service testing tool. It uses KeepAlive (and Connection: keep-alive) paired with Cache-Control options to persist socket connection busting through caching (when possible) until it consumes all available sockets on the HTTP/S server.
Changes: Referer strings from search engines now only domain part hardcoded. Referer generation function now generates even more random referers. Evades Juniper Netscreen signature. Various other updates and improvements.
OLD:
Usage
USAGE: ./goldeneye.py [OPTIONS]
OPTIONS:
Flag Description Default
-t, --threads Number of concurrent threads (default: 500)
-m, --method HTTP Method to use 'get' or 'post' or 'random' (default: get)
-d, --debug Enable Debug Mode [more verbose output] (default: False)
-h, --help Shows this help
NEW:
USAGE: ./goldeneye.py [OPTIONS]
OPTIONS:
Flag Description Default
-u, --useragents File with user-agents to use (default: randomly generated)
-w, --workers Number of concurrent workers (default: 50)
-s, --sockets Number of concurrent sockets (default: 30)
-m, --method HTTP Method to use 'get' or 'post' or 'random' (default: get)
-d, --debug Enable Debug Mode [more verbose output] (default: False)
-h, --help Shows this help
Utilities
util/getuas.py - Fetchs user-agent lists from http://www.useragentstring.com/pages/useragentstring.php subpages (ex: ./getuas.py http://www.useragentstring.com/pages/Browserlist/) REQUIRES BEAUTIFULSOUP4
OpenFPC is a set of scripts that combine to provide a lightweight full-packet network traffic recorder & buffering tool. It's design goal is to allow non-expert users to deploy a distributed network traffic recorder on COTS hardware while integrating into existing alert and log tools.
OpenFPC is described as lightweight because it follows a different design model to other FPC/Network traffic forensic tools that I have seen. It doesn't provide a user with the ability to trigger automatic events (IDS-like functions), or watch for anomalous traffic changes (NBA-like functions) as it is assumed external open source, or comercial tools already provide this detection capability. OpenFPC fits in as a companion to provide extra (full packet/traffic stream) data as a bolt-on to these tools allowing deeper analysis of event data where required.
Simply give it a logfile entry in one of the supported formats, and it will provide you with the PCAP.
For more information, visit the OpenFPC project home at http://www.openfpc.org
Features and futures
Automated install on Debain and RH style distributions
Extraction of single streams based on event occurrence time, or start/end timestamps
Extracts stream data based on common logfile/alert formats
Distributed collection with central extraction Optional compression and extract checksums Ability to request data from external tools/user interfaces
TODO
Central web-based UI for stream/data extraction from distributed remote storage buffers
Automatic calculation of an optimal configuration for extraction speed based on available storage.