Bruter 1.0 – Parallel Windows Password Brute Forcing Tool

Bruter 1.0 BETA 1 has been released. Bruter is a parallel login brute-forcer. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.

Bruter is a tool for the Win32 platform only.

PROTOCOL SUPPORT

It currently supports the following services:

  • FTP
  • HTTP (Basic)
  • HTTP (Form)
  • IMAP
  • MSSQL
  • MySQL
  • POP3
  • SMB-NT
  • SMTP
  • SNMP
  • SSH2
  • Telnet

DEPENDENCIES

You can download Bruter here:

Bruter_1.0_beta1.zip

Or read more here.

Labels: , ,

Metasploit Framework v3.1

The latest version features a graphical user interface, full support for the Windows platform, and over 450 modules, including 265 remote exploits. Metasploit 3.1 consolidates a year of research and development, integrating ideas and code from some of the sharpest and most innovative folks in the security research community.

The graphical user interface is a major step forward for Metasploit users on the Windows platform. Development of this interface was driven by Fabrice Mourron and provides a wizard-based exploitation system, a graphical file and process browser for the Meterpreter payloads, and a multi-tab console interface. “The Metasploit GUI puts Windows users on the same footing as those running Unix by giving them access to a console interface to the framework” said H D Moore, who worked with Fabrice on the GUI project.

The latest incarnation of the framework includes a bristling arsenal of exploit modules that are sure to put a smile on the face of every information warrior. Notable exploits in the 3.1 release include a remote, unpatched kernel-land exploit for Novell Netware, written by toto, a series of 802.11 fuzzing modules that can spray the local airspace with malformed frames, taking out a wide swath of wireless-enabled devices, and a battery of exploits targeted at Borland’s InterBase product line. “I found so many holes that I just gave up releasing all of them”, said Ramon de Carvalho, founder of RISE Security, and Metasploit contributor.

Metasploit runs on all modern operating systems, including Linux, Windows, Mac OS X, and most flavors of BSD. Metasploit has been used on a wide range of hardware platforms, from massive Unix mainframes to the tiny Nokia n800 handheld. Users can access Metasploit using the tab-completing console interface, the Gtk GUI, the command line scripting interface, or the AJAX-enabled web interface. The Windows version of Metasploit includes all software dependencies and a selection of useful networking tools.

You can download Metasploit v3.1 here:

Metasploit v3.1 tar.gz
Metasploit v3.1 exe

Or read more here.

Labels: , , ,

sqlmap 0.5 – Automated SQL Injection

sqlmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

Features

  • Full support for MySQL, Oracle, PostgreSQL and Microsoft SQL Server database management system back-end.
  • Can also identify Microsoft Access, DB2, Informix and Sybase;
  • Extensive database management system back-end fingerprint based upon:
  • - Inband DBMS error messages
  • – DBMS banner parsing
  • – DBMS functions output comparison
  • – DBMS specific features such as MySQL comment injection
  • – Passive SQL injection fuzzing
  • It fully supports two SQL injection techniques:
  • – Blind SQL injection, also known as Inference SQL injection
  • – Inband SQL injection, also known as UNION query SQL injection

You can find the documentation here:

sqlmap README (HTML and PDF)

You can download sqlmap 0.5 here:

sqlmap-0.5 (tar/zip)

Or read more here.

Labels: ,

w3af Fifth BETA – Automated Web Auditing and Exploitation Framework

w3af is a Web application attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and

We did mention when it was first released – w3af – Web Application Attack and Audit Framework.

There are a lot of small changes, but the basic and bigger ones are:

  • Virtual daemon, a way to use Metasploit framework payloads/shellcodes while exploiting web applications.
  • w3afAgent, a reverse VPN that allows you to route packets through the compromised server
  • Good samaritan, a module that allows you to exploit blind sql injections much faster
  • 20+ new plugins
  • A lot of bug fixes
  • A much more stable core.

A full plugin list is here:

w3af – Plugins

The users guide can be found here:

w3afUsersGuide.pdf

The author has also uploaded the presentation material he made for the T2 conference in Finland – this can serve as a good introduction.

w3af-T2.pdf

You can download w3af here:

w3af BETA5

Or read more here.

Labels: , ,

Unicornscan v0.4.7

Unicornscan has always been a favourite of mine, especially for UDP scanning and scanning large networks (and getting it done fast).

Unicornscan is a new information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL license.

In some ways the implementation is better than Nmap – in some ways worse. Both are great tools and for me they work well hand in hand, both have certain advantages over the other in different situations.

I did get half way to writing an article about Nmap vs Unicornscan for large network scanning.

Benefits of Unicornscan

Unicornscan is an attempt at a User-land Distributed TCP/IP stack. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Although it currently has hundreds of individual features, a main set of abilities include:

  • Asynchronous stateless TCP scanning with all variations of TCP Flags.
  • Asynchronous stateless TCP banner grabbing
  • Asynchronous protocol specific UDP Scanning (sending enough of a signature to elicit a response).
  • Active and Passive remote OS, application, and component identification by analyzing responses.
  • PCAP file logging and filtering
  • Relational database output
  • Custom module support
  • Customized data-set views

Anyway on the news – Unicornscan has finally been updated and v0.4.7 is available and released for download.

Unicornscan has also been awarded 2nd place in the security category for this years Les Trophees du libre 2007 (http://www.tropheesdulibre.org).

You can download Unicornscan here:

Source Code: unicornscan-0.4.7-2.tar.bz2
Fedora Core 8 RPM: unicornscan-0.4.7-4.fc8.i386.rpm

Or read more here.

Documentation is available here: Unicornscan-Getting_Started.pdf

Labels: ,
Subscribe to: Posts (Atom)