Argus v3.0.6 - Real Time Auditing Network Activity

in Argus, Auditing Network Activity, Linux, Mac, Monitor, Network Monitor - on 11:46 AM - No comments

Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information.

Argus is composed of an advanced comprehensive network flow data generator, the Argus sensor, which processes packets (either capture files or live packet data) and generates detailed network flow status reports of all the flows in the packet stream. Argus captures much of the packet dynamics and semantics of each flow, with a great deal of data reduction, so you can store, process, inspect and analyze large amounts of network data efficiently. Argus provides reachability, availability, connectivity, duration, rate, load, good-put, loss, jitter, retransmission, and delay metrics for all network flows, and captures most attributes that are available from the packet contents, such as L2 addresses, tunnel identifiers (MPLS, GRE, ESP, etc…), protocol ids, SAP’s, hop-count, options, L4 transport identification (RTP, RTCP detection), host flow control indications, etc.

Argus is used by many sites to generate network activity reports for every network transaction on their networks. The network audit data that Argus generates is great for security, operations and performance management. The data is used for network forensics, non-repudiation, network asset and service inventory, behavioral baselining of server and client relationships, detecting covert channels, and analyzing Zero day events.

Argus is an Open Source project, currently running on Mac OS X, Linux, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, IRIX, Windows (under Cygwin) and OpenWrt, and has been ported to many hardware accelerated platforms, such as Bivio, Pluribus, Arista, and Tilera. The software should be portable to many other environments with littleor no modifications. Performance is such that auditing an entire enterprise’s Internet activity can be accomplished using modest computing resources.

Download Argus v3.0.6

WifiInfoView v1.60 - WiFi Scanner for Windows

in Wifi, WiFi Scanner, WifiInfoView, Windows, Wireless - on 11:44 AM - No comments

WifiInfoView scans the wireless networks in your area and displays extensive information about them, including: Network Name (SSID), MAC Address, PHY Type (802.11g or 802.11n), RSSI, Signal Quality, Frequency, Channel Number, Maximum Speed, Company Name, Router Model and Router Name (Only for routers that provides this information), and more...

When you select a wireless network in the upper pane of this tool, the lower pane displays the Wi-Fi information elements received from this device, in hexadecimal format.

WifiInfoView also has a summary mode, which displays a summary of all detected wireless networks, grouped by channel number, company that manufactured the router, PHY type, or the maximum speed.

Download WifiInfoView v1.60

MagicTree - Penetration Tester Productivity Tool

in java, Linux, Mac, MagicTree, Productivity Tool, Windows - on 1:49 PM - No comments

Have you ever spent ages trying to find the results of a particular portscan you were sure you did? Or grepping through a bunch of files looking for data for a particular host or service? Or copy-pasting bits of output from a bunch of typescripts into a report? We certainly did, and that's why we wrote MagicTree - so that it does such mind-numbing stuff for us, while we spend our time hacking.

MagicTree is a penetration tester productivity tool. It is designed to allow easy and straightforward data consolidation, querying, external command execution and (yeah!) report generation. In case you wonder, "Tree" is because all the data is stored in a tree structure, and "Magic" is because it is designed to magically do the most cumbersome and boring part of penetration testing - data management and reporting.

Installation
No installation is required for MagicTree. The application is distrubuted as a single JAR file which has to be executed with JRE. Just save the file on your desktop. Double-click on it to execute it or, for less user-friendly OSes, issue “java -jar MagicTree.jar’ command.

Download MagicTree

YaCy - The Peer to Peer Search Engine

in Linux, Mac, P2P, Peer to Peer, Search Engine, Windows, YaCy - on 1:47 PM - No comments

YaCy is a free search engine that anyone can use to build a search portal for their intranet or to help search the public internet. When contributing to the world-wide peer network, the scale of YaCy is limited only by the number of users in the world and can index billions of web pages. It is fully decentralized, all users of the search engine network are equal, the network does not store user search requests and it is not possible for anyone to censor the content of the shared index. We want to achieve freedom of information through a free, distributed web search which is powered by the world's users.

Decentralization
Imagine if, rather than relying on the proprietary software of a large professional search engine operator, your search engine was run by many private computers which aren't under the control of any one company or individual. Well, that's what YaCy does! The resulting decentralized web search currently has about 1.4 billion documents in its index (and growing - download and install YaCy to help out!) and more than 600 peer operators contribute each month. About 130,000 search queries are performed with this network each day.
Live image of the 'freeworld' network

Installation is easy!

The installation takes only three minutes. Just download the release, decompress the package and run the start script. On linux you need OpenJDK7. You don't need to install external databases or a web server, everything is already included in YaCy.

Download YaCy

Moscrack - Cluster Cracking Tool For WPA Keys

in Aircrack-ng, Cracking, Linux, Moscrack, WPA Keys - on 1:43 PM - No comments

Moscrack is a PERL application designed to facilitate cracking WPA keys in parallel on a group of computers. This is accomplished by use of either Mosix clustering software, SSH or RSH access to a number of nodes. With Moscrack’s new plugin framework, hash cracking has become possible. SHA256/512, DES, MD5 and *Blowfish Unix password hashes can all be processed with the Dehasher Moscrack plugin.

Features

Basic API allows remote monitoring
Automatic and dynamic configuration of nodes
Live CD/USB enables boot and forget dynamic node configuration
Uses aircrack-ng (including 1.2 Beta) by default
CUDA/OpenCL support via Pyrit plugin
CUDA support via aircrack-ng-cuda (untested)
Does not require an agent/daemon on nodes
Can crack/compare SHA256/512, DES, MD5 and blowfish hashes via Dehasher plugin
Supports mixed OS/protocol configurations
Supports SSH, RSH, Mosix for node connectivity
Effectively handles mixed fast and slow nodes or links
Supports Mosix clustering software
Nodes can be added/removed/modified while Moscrack is running
Failed/bad node throttling
Hung node detection
Reprocessing of data on error

Download Moscrack

oclHashcat v1.2 - GPGPU-based Multi-hash Cracker

in Combinator Attack, Dictionary attacks, Hybrid Attack, Linux, Mac, Mask Attack, Oclhashcat, oclHashcat-lite, oclHashcat-plus, Windows - on 1:40 PM - No comments

oclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack (implemented as mask attack), combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack.

This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite.

GPU Driver requirements:

NV users require ForceWare 331.67 or later
AMD users require Catalyst 14.4 or later

Changelog v1.21
This release is focused on performance increase / bugfixes.

Added support for algorithm -m 2612 = PHPS
Added support for algorithm -m 8600 = Lotus Notes/Domino 5
Added support for algorithm -m 8700 = Lotus Notes/Domino 6
Fixed performance drop on descrypt, LM and oracle-old initiated by AMD drivers
Fixed problem with restoring ADL performance state when the clock size reported by the AMD driver didn’t respect the clock step size
Fixed problem with setting ADL powertune value for r9 295×2 GPUs
Added support for writing logfiles
Added parameter –logfile-disable which should be self-explaining
Dictstat is now no longer session dependent and will always be based on oclHashcat installation directory
Use AMD custom profile settings instead of basing the AMD powertune/clock settings on maximum supported clock values
Fixed VLIW size calculated by compute capability was broken for sm_50 -> cuModuleLoad() 301
Make –runtime count relative to real attack start not program start
Fixed bug with fan speed handling, if fan speed is manually set to a high enought value (e.g. 100%) oclHashcat shouldn’t change it
Problem with username parsing (–username) was fixed
Fixed problem where IKE-PSK sha1/md5 (-m 5300/-m 5400) were wrongly recognized as shadow file formats
Fixed problem where the ‘delete range’ rule (xNM) did not allow to remove charaters at the very end of the word

Full Changelog: here

Features

Worlds fastest password cracker
Worlds first and only GPGPU based rule engine
Free
Multi-GPU (up to 128 gpus)
Multi-Hash (up to 100 million hashes)
Multi-OS (Linux & Windows native binaries)
Multi-Platform (OpenCL & CUDA support)
Multi-Algo (see below)
Low resource utilization, you can still watch movies or play games while cracking
Focuses highly iterated modern hashes
Focuses dictionary based attacks
Supports distributed cracking
Supports pause / resume while cracking
Supports sessions
Supports restore
Supports reading words from file
Supports reading words from stdin
Supports hex-salt
Supports hex-charset
Built-in benchmarking system
Integrated thermal watchdog
100+ Algorithms implemented with performance in mind

Attack-Modes

Straight (accept Rules)
Combination
Brute-force
Hybrid dict + mask
Hybrid mask + dict

Algorithms

MD4
MD5
SHA1
SHA-256
SHA-512
SHA-3 (Keccak)
RipeMD160
Whirlpool
GOST R 34.11-94
HMAC-MD5 (key = $pass)
HMAC-MD5 (key = $salt)
HMAC-SHA1 (key = $pass)
HMAC-SHA1 (key = $salt)
HMAC-SHA256 (key = $pass)
HMAC-SHA256 (key = $salt)
HMAC-SHA512 (key = $pass)
HMAC-SHA512 (key = $salt)
LM
NTLM
DCC
DCC2
NetNTLMv1
NetNTLMv1 + ESS
NetNTLMv2
Kerberos 5 AS-REQ Pre-Auth etype 23
AIX {smd5}
AIX {ssha1}
AIX {ssha256}
AIX {ssha512}
FreeBSD MD5
OpenBSD Blowfish
descrypt
md5crypt
bcrypt
sha256crypt
sha512crypt
DES(Unix)
MD5(Unix)
SHA256(Unix)
SHA512(Unix)
OSX v10.4
OSX v10.5
OSX v10.6
OSX v10.7
OSX v10.8
OSX v10.9
Cisco-ASA
Cisco-IOS
Cisco-PIX
GRUB 2
Juniper Netscreen/SSG (ScreenOS)
RACF
Samsung Android Password/PIN
MSSQL
MySQL
Oracle
Postgres
Sybase
DNSSEC (NSEC3)
IKE-PSK
IPMI2 RAKP
iSCSI CHAP
WPA
WPA2
1Password, cloudkeychain
1Password, agilekeychain
Lastpass
Password Safe SHA-256
TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES
TrueCrypt 5.0+ PBKDF2 HMAC-SHA512 + AES
TrueCrypt 5.0+ PBKDF2 HMAC-Whirlpool + AES
TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + boot-mode
TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + hidden-volume
TrueCrypt 5.0+ PBKDF2 HMAC-SHA512 + AES + hidden-volume
TrueCrypt 5.0+ PBKDF2 HMAC-Whirlpool + AES + hidden-volume
TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + hidden-volume + boot-mode
SAP CODVN B (BCODE)
SAP CODVN F/G (PASSCODE)
Citrix Netscaler
Netscape LDAP SHA/SSHA
Apache MD5-APR
hMailServer
EPiServer
Drupal
IPB
Joomla
MyBB
osCommerce
Redmine
SMF
vBulletin
Woltlab Burning Board
xt:Commerce
WordPress
phpBB3
Half MD5 (left, mid, right)
Double MD5
Double SHA1
md5($pass.$salt)
md5($salt.$pass)
md5(unicode($pass).$salt)
md5($salt.unicode($pass))
md5(sha1($pass))
sha1($pass.$salt)
sha1($salt.$pass)
sha1(unicode($pass).$salt)
sha1($salt.unicode($pass))
sha1(md5($pass))
sha256($pass.$salt)
sha256($salt.$pass)
sha256(unicode($pass).$salt)
sha256($salt.unicode($pass))
sha512($pass.$salt)
sha512($salt.$pass)
sha512(unicode($pass).$salt)
sha512($salt.unicode($pass))

Download oclHashcat v1.21

Kali Linux 1.0.7 Released

in Distro, Kali, Kali Linux, Linux, Pentesting distrib - on 1:36 PM - No comments

Kernel 3.14, Tool Updates, Package Improvements

Kali linux 1.0.7 has just been released, complete with a whole bunch of tool updates, a new kernel, and some cool new features. Check out our changelog for a full list of these items. As usual, you don’t need to re-download or re-install Kali to benefit from these updates – you can update to the latest and greatest using these simple commands:


apt-get update
apt-get dist-upgrade
# If you've just updated your kernel, then:
reboot

Kali Linux Encrypted USB Persistence
One of the new sought out features introduced (which is also partially responsible for the kernel update) is the ability to create Kali Linux Live USB with LUKS Encrypted Persistence. This feature ushers in a new era of secure Kali Linux USB portability, allowing us to either boot to a “clean” Kali image or alternatively, overlay it with the contents of a persistent encrypted partition, all within the same USB drive.

Tool Developers Ahoy!
This release also marks the beginning of some co-ordinated efforts between Kali developers and tool developers to make sure their tools are represented correctly and are fully functional within Kali Linux. We would like to thank the metasploit, w3af, and wpscan dev teams for working with us to perfect their Kali packages and hope that more tool developers join in. Tool developers are welcome to send us an email to and we’ll be happy to work with you to better integrate your tool into Kali.

Kali Linux: Greater Than the Sum of its Parts
For quite some time now, we’ve been preaching that Kali Linux is more than a “Linux distribution with a collection of tools in it”. We invest a significant of time and resources developing and enabling features in the distribution which we think are useful for penetration testers and other security professionals. These features range from things like “live-build“, which allows our end users to easily customize their own Kali ISOs to features like Live USB persistence encryption, which provides paranoid users with an extra layer of security. Many of these features are unique to Kali and can be found nowhere else. We’ve started tallying these features and linking them from our Kali documentation page – check it out, it’s growing to be an impressive list!

Torrents, Virtual Machine & ARM images
In the next few days, Offensive Security will post Virtual Machine and custom ARM images for the 1.0.7 release. We will announce the availability of these images via our blogs and Twitter feeds, so stay tuned!.

The Exploiting Tools