All posts by Darknet

APT-Hunter – Threat Hunting Tool via Windows Event Log

Post Syndicated from Darknet original https://www.darknet.org.uk/2021/03/apt-hunter-threat-hunting-tool-via-windows-event-log/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

APT-Hunter – Threat Hunting Tool via Windows Event Log

APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.

This will help you to decrease the time to uncover suspicious activity and the tool will make good use of the windows event logs collected and make sure to not miss critical events configured to be detected.

The target audience for APT-Hunter is threat hunters, incident response professionals or forensic investigators.

Read the rest of APT-Hunter – Threat Hunting Tool via Windows Event Log now! Only available at Darknet.

GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials

Post Syndicated from Darknet original https://www.darknet.org.uk/2021/02/gitlab-watchman-audit-gitlab-for-sensitive-data-credentials/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials

GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally – this includes code, commits, wiki pages and more.

GitLab Watchman searches GitLab for internally shared projects and looks at:

  • Code
  • Commits
  • Wiki pages
  • Issues
  • Merge requests
  • Milestones

For the following data:

  • GCP keys and service account files
  • AWS keys
  • Azure keys and service account files
  • Google API keys
  • Slack API tokens & webhooks
  • Private keys (SSH, PGP, any other misc private key)
  • Exposed tokens (Bearer tokens, access tokens, client_secret etc.)
  • S3 config files
  • Passwords in plaintext
  • CICD variables exposed publicly
  • and more

Using GitLab Watchman to Audit Gitlab For Sensitive Data

GitLab Watchman will be installed as a global command, use as follows:

usage: gitlab-watchman [-h] –timeframe {d,w,m,a} –output
{file,stdout,stream} [–version] [–all] [–blobs]
[–commits] [–wiki-blobs] [–issues] [–merge-requests]
[–milestones] [–comments]

Monitoring GitLab for sensitive data shared publicly

optional arguments:
-h, –help show this help message and exit
–version show program’s version number and exit
–all Find everything
–blobs Search code blobs
–commits Search commits
–wiki-blobs Search wiki blobs
–issues Search issues
–merge-requests Search merge requests
–milestones Search milestones
–comments Search comments

required arguments:
–timeframe {d,w,m,a}
How far back to search: d = 24 hours w = 7 days, m =
30 days, a = all time
–output {file,stdout,stream}
Where to send results

You can run GitLab Watchman to look for everything, and output to default Stdout:

gitlab-watchman –timeframe a –all

Or arguments can be grouped together to search more granularly.

Read the rest of GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials now! Only available at Darknet.

GKE Auditor – Detect Google Kubernetes Engine Misconfigurations

Post Syndicated from Darknet original https://www.darknet.org.uk/2021/01/gke-auditor-detect-google-kubernetes-engine-misconfigurations/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

GKE Auditor – Detect Google Kubernetes Engine Misconfigurations

GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security and development teams streamline the configuration process and save time looking for generic bugs and vulnerabilities.

The tool consists of individual modules called Detectors, each scanning for a specific vulnerability.

Installing and Using GKE Auditor to Detect Google Kubernetes Engine Misconfigurations
Installation

git clone https://github.com/google/gke-auditor
cd ./gke-auditor/
./build.sh

Usage

The tool has to be built by running the build.sh script first.

Read the rest of GKE Auditor – Detect Google Kubernetes Engine Misconfigurations now! Only available at Darknet.

zANTI – Android Wireless Hacking Tool Free Download

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/12/zanti-android-wireless-hacking-tool-free-download/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

zANTI – Android Wireless Hacking Tool Free Download

zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using your mobile device for free download.

This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to compromise the corporate network.

Features of zANTI Android Wireless Hacking Tool

This network auditor comes along with a rather simple interface compared to other solutions and running its tasks is pretty straightforward.

Read the rest of zANTI – Android Wireless Hacking Tool Free Download now! Only available at Darknet.

HELK – Open Source Threat Hunting Platform

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/11/helk-open-source-threat-hunting-platform/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

HELK – Open Source Threat Hunting Platform

The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing, structured streaming, and even machine learning via Jupyter notebooks and Apache Spark over an ELK stack.

This project was developed primarily for research, but due to its flexible design and core components, it can be deployed in larger environments with the right configurations and scalable infrastructure.

Goals of HELK Open Source Threat Hunting Platform

  • Provide an open-source hunting platform to the community and share the basics of Threat Hunting.

Read the rest of HELK – Open Source Threat Hunting Platform now! Only available at Darknet.

Trape – OSINT Analysis Tool For People Tracking

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/11/trape-osint-analysis-tool-for-people-tracking/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Trape – OSINT Analysis Tool For People Tracking

Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information.

Example types of information are the status of sessions of their websites or services and control their users through their browser, without their knowledge. It has evolved with the aim of helping government organizations, companies and researchers to track the cybercriminals.

Read the rest of Trape – OSINT Analysis Tool For People Tracking now! Only available at Darknet.

Fuzzilli – JavaScript Engine Fuzzing Library

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/10/fuzzilli-javascript-engine-fuzzing-library/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Fuzzilli – JavaScript Engine Fuzzing Library

Fuzzilii is a JavaScript engine fuzzing library, it’s a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language (“FuzzIL”) which can be mutated and translated to JavaScript.

When fuzzing for core interpreter bugs, e.g. in JIT compilers, semantic correctness of generated programs becomes a concern. This is in contrast to most other scenarios, e.g. fuzzing of runtime APIs, in which case semantic correctness can easily be worked around by wrapping the generated code in try-catch constructs.

Read the rest of Fuzzilli – JavaScript Engine Fuzzing Library now! Only available at Darknet.

OWASP APICheck – HTTP API DevSecOps Toolset

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/10/owasp-apicheck-http-api-devsecops-toolset/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

OWASP APICheck – HTTP API DevSecOps Toolset

APICheck is an HTTP API DevSecOps toolset, it integrates existing HTTP APIs tools, creates execution chains easily and is designed for integration with third-party tools in mind.

APICheck is comprised of a set of tools that can be connected to each other to achieve different functionalities, depending on how they are connected. It allows you to create execution chains and it can not only integrate self-developed tools but also can leverage existing tools in order to take advantage of them to provide new functionality.

Read the rest of OWASP APICheck – HTTP API DevSecOps Toolset now! Only available at Darknet.

trident – Automated Password Spraying Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/10/trident-automated-password-spraying-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

trident – Automated Password Spraying Tool

The Trident project is an automated password spraying tool developed to be deployed across multiple cloud providers and provides advanced options around scheduling and IP pooling.

trident was designed and built to fulfill several requirements and to provide:

  • the ability to be deployed on several cloud platforms/execution providers
  • the ability to schedule spraying campaigns in accordance with a target’s account lockout policy
  • the ability to increase the IP pool that authentication attempts originate from for operational security purposes
  • the ability to quickly extend functionality to include newly-encountered authentication platforms

Using trident Password Spraying Tool

Usage:
trident-cli campaign [flags]

Flags:
-a, –auth-provider string this is the authentication platform you are attacking (default "okta")
-h, –help help for campaign
-i, –interval duration requests will happen with this interval between them (default 1s)
-b, –notbefore string requests will not start before this time (default "2020-09-09T22:31:38.643959-05:00")
-p, –passfile string file of passwords (newline separated)
-u, –userfile string file of usernames (newline separated)
-w, –window duration a duration that this campaign will be active (ex: 4w) (default 672h0m0s)

Example output:

$ trident-client results
+—-+——————-+————+——-+
| ID | USERNAME | PASSWORD | VALID |
+—-+——————-+————+——-+
| 1 | [email protected] | Password1!

Read the rest of trident – Automated Password Spraying Tool now! Only available at Darknet.

tko-subs – Detect & Takeover Subdomains With Dead DNS Records

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/09/tko-subs-detect-takeover-subdomains-with-dead-dns-records/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

tko-subs – Detect & Takeover Subdomains With Dead DNS Records

tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services or to nothing at all or NS records that are mistyped.

What does tko-subs – Detect & Takeover Subdomains With Dead DNS Records Do?

This tool allows you:

  • To check whether a subdomain can be taken over because it has:
    • a dangling CNAME pointing to a CMS provider (Heroku, Github, Shopify, Amazon S3, Amazon CloudFront, etc.) that can be taken over.

Read the rest of tko-subs – Detect & Takeover Subdomains With Dead DNS Records now! Only available at Darknet.

Arcane – Tool To Backdoor iOS Packages (iPhone ARM)

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/08/arcane-tool-to-backdoor-ios-packages-iphone-arm/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Arcane – Tool To Backdoor iOS Packages (iPhone ARM)

Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.

It was created to help illustrate why Cydia repositories can be dangerous and what post-exploitation attacks are possible from a compromised iOS device.

How Arcane Tool To Backdoor iOS Package Works

It’s possible to supply scripts as part of a package when installing or removing applications. Package maintainer scripts include the preinst, postinst, prerm, and postrm files.

Read the rest of Arcane – Tool To Backdoor iOS Packages (iPhone ARM) now! Only available at Darknet.

SharpHose – Asynchronous Password Spraying Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/07/sharphose-asynchronous-password-spraying-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

SharpHose – Asynchronous Password Spraying Tool

SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike’s execute-assembly.

It provides a flexible way to interact with Active Directory using domain-joined and non-joined contexts, while also being able to target specific domains and domain controllers. The tool takes into consideration the domain password policy, including fine-grained password policies, in an attempt to avoid account lockouts.

Read the rest of SharpHose – Asynchronous Password Spraying Tool now! Only available at Darknet.

Axiom – Pen-Testing Server For Collecting Bug Bounties

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/07/axiom-pen-testing-server-for-collecting-bug-bounties/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Axiom – Pen-Testing Server For Collecting Bug Bounties

Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.

With Axiom, you just need to run a single command to get setup, and then you can use the Axiom toolkit scripts to spin up and down your new hacking VPS.

Setting up your own ‘hacking vps’, to catch shells, run enumeration tools, scan, let things run in the background in a tmux window, used to be an afternoon project – running into a whole day sometimes if you hit some package isues or ‘dependency hell’.

Read the rest of Axiom – Pen-Testing Server For Collecting Bug Bounties now! Only available at Darknet.

Quasar RAT – Windows Remote Administration Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/05/quasar-rat-windows-remote-administration-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Quasar RAT – Windows Remote Administration Tool

Quasar is a fast and light-weight Windows remote administration tool coded in C#. The usage ranges from user support through day-to-day administrative work to employee monitoring.

It aims to provide high stability and an easy-to-use user interface and is a free, open source tool.

Features of Quasar RAT Windows Remote Administration Tool

The main features that can be found in Quasar are:

  • TCP network stream (IPv4 & IPv6 support)
  • Fast network serialization (Protocol Buffers)
  • Compressed (QuickLZ) & Encrypted (TLS) communication
  • UPnP Support
  • Task Manager
  • File Manager
  • Startup Manager
  • Remote Desktop
  • Remote Shell
  • Remote Execution
  • System Information
  • Registry Editor
  • System Power Commands (Restart, Shutdown, Standby)
  • Keylogger (Unicode Support)
  • Reverse Proxy (SOCKS5)
  • Password Recovery (Common Browsers and FTP Clients)

Using Quasar Windows Remote Administration Tool

1.

Read the rest of Quasar RAT – Windows Remote Administration Tool now! Only available at Darknet.

Pingcastle – Active Directory Security Assessment Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/05/pingcastle-active-directory-security-assessment-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Pingcastle – Active Directory Security Assessment Tool

PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level with a methodology based on a risk assessment and maturity framework. It does not aim at a perfect evaluation but rather as an efficiency compromise.

The risk level regarding Active Directory security has changed. Several vulnerabilities have been made popular with tools like mimikatz or sites likes adsecurity.org.

CMMI is a well known methodology from the Carnegie Mellon university to evaluate the maturity with a grade from 1 to 5, PingCastle has adapated CMMI to Active Directory security.

Read the rest of Pingcastle – Active Directory Security Assessment Tool now! Only available at Darknet.

Second Order – Subdomain Takeover Scanner Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/04/second-order-subdomain-takeover-scanner-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Second Order – Subdomain Takeover Scanner Tool

Second Order Subdomain Takeover Scanner Tool scans web applications for second-order subdomain takeover by crawling the application and collecting URLs (and other data) that match specific rules or respond in a specific way.

Using Second Order Subdomain Takeover Scanner Tool

Command line options:

-base string
Base link to start scraping from (default "http://127.0.0.1")
-config string
Configuration file (default "config.json")
-debug
Print visited links in real-time to stdout
-output string
Directory to save results in (default "output")

Example:

go run second-order.go -base https://example.com -config config.json -output example.com -concurrency 10

Config File for Second Order Subdomain Takeover Scanner Tool

Example configuration file included (config.json)

  • Headers: A map of headers that will be sent with every request.

Read the rest of Second Order – Subdomain Takeover Scanner Tool now! Only available at Darknet.

Binwalk – Firmware Security Analysis & Extraction Tool

Post Syndicated from Darknet original https://www.darknet.org.uk/2020/04/binwalk-firmware-security-analysis-extraction-tool/?utm_source=rss&utm_medium=social&utm_campaign=darknetfeed

Binwalk – Firmware Security Analysis & Extraction Tool

Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering, and extraction of firmware images.

Features of Binwalk Firmware Security Analysis & Extraction Tool

  • Scanning Firmware – Binwalk can scan a firmware image for many different embedded file types and file systems
  • File Extraction – You can tell binwalk to extract any files that it finds in the firmware image
  • Entropy Analysis – Can help identify interesting sections of data inside a firmware image
  • String Search – Allows you to search the specified file(s) for a custom string

There are also various filters such as by CPU architecture, number of instructions, include filter, exclude filter,

Installation of Binwalk Firmware Security Analysis & Extraction Tool

Download binwalk:

$ wget https://github.com/ReFirmLabs/binwalk/archive/master.zip
$ unzip master.zip

Install binwalk; if you have a previously installed version of binwalk, it is suggested that you uninstall it before upgrading:

$ (cd binwalk-master && sudo python setup.py uninstall && sudo python setup.py install)

Debian users can install all optional and suggested extractors/dependencies using the included deps.sh script (recommended):

$ sudo ./binwalk-master/deps.sh

If you are not a Debian user, or if you wish to install only selected dependencies, see the INSTALL documentation for more details.

Read the rest of Binwalk – Firmware Security Analysis & Extraction Tool now! Only available at Darknet.