Hook Analyser 3.1 - Malware Analysis Tool

Hook Analyser is a freeware application which allows an investigator/analyst to perform “static & run-time / dynamic” analysis of suspicious applications, also gather (analyse & co-related) threat intelligence related information (or data) from various open sources on the Internet.

Essentially it’s a malware analysis tool that has evolved to add some cyber threat intelligence features & mapping.

Hook Analyser is perhaps the only “free” software in the market which combines analysis of malware analysis and cyber threat intelligence capabilities. The software has been used by major Fortune 500 organisations.

Features/Functionality

• Spawn and Hook to Application – Enables you to spawn an application, and hook into it
• Hook to a specific running process – Allows you to hook to a running (active) process
• Static Malware Analysis – Scans PE/Windows executables to identify potential malware traces
• Application crash analysis – Allows you to analyse memory content when an application crashes
• Exe extractor – This module essentially extracts executables from running process/s

Download Hook Analyser 3.1

Read more

FS-NyarL - Network Takeover & Forensic Analysis Tool

NyarL it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony.

It's represent Crawling Chaos and FS-NyarL it's The Crawling Chaos of Cyber Security :-)

A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit - but use it at your own risk!

 

• Interactive Console
• Real Time Passwords Found
• Real Time Hosts Enumeration
• Tuned Injections & Client Side Attacks
• ARP Poisoning & SSL Hijacking
• Automated HTTP Report Generator

ATTACKS IMPLEMENTED:

• MITM (Arp Poisoning)
• Sniffing (With & Without Arp Poisoning)
• SSL Hijacking (Full SSL/TLS Control)
• HTTP Session Hijaking (Take & Use Session Cookies)
• Client Browser Takeover (with Filter Injection in data stream)
• Browser AutoPwn (with Filter Injection in data steam)
• Evil Java Applet (with Filter Injection in data stream)
• DNS Spoofing
• Port Scanning

POST ATTACKS DATA OBTAINED:

• Passwords extracted from data stream
• Pcap file with whole data stream for deep analysis
• Session flows extracted from data stream (Xplico & Chaosreader)
• Files extracted from data stream
• Hosts enumeration (IP,MAC,OS)
• URLs extracted from data stream
• Cookies extracted from data stream
• Images extracted from data stream
• List of HTTP files downloaded extracted from URLs

DEPENDENCIES (aka USED TOOLS):

• Chaosreader (already in bin folder)
• Xplico
• Ettercap
• Arpspoof
• Arp-scan
• Mitmproxy
• Nmap
• Tcpdump
• Beef
• SET
• Metasploit
• Dsniff
• Macchanger
• Hamster
• Ferret
• P0f
• Foremost
• SSLStrip
• SSLSplit

Download FS-NyarL

Read more

Scout - Download and analyze webpage components to identify infected files

Uses the Pinpoint engine to download and analyze webpage components to identify infected files. Scout has a built-in HTTP Request Simulator that will render user-specified HTML files, catch the resulting HTTP requests, then drop the responses. Scout includes the ability to screenshot the webpage using PhantomJS (download PhantomJS and copy the .exe to the same folder as Scout). Use Scout in a VM since it could potentially cause your computer to become infected.

Download Scout

Read more

[CIAT] Crypto Implementations Analysis Toolkit

The Cryptographic Implementations Analysis Toolkit (CIAT) is compendium of command line and graphical tools whose aim is to help in the detection and analysis of encrypted byte sequences within files (executable and non-executable).

Download CIAT

Read more

[WebSploit Framework] Scan And Analysis Remote System From Vulnerability

WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability.

WebSploit Is An Open Source Project For :

[>]Social Engineering Works

[>]Scan,Crawler & Analysis Web

[>]Automatic Exploiter

[>]Support Network Attacks

[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service

[+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin

[+]format infector - inject reverse & bind payload into file format

[+]phpmyadmin Scanner

[+]LFI Bypasser

[+]Apache Users Scanner

[+]Dir Bruter

[+]admin finder

[+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks

[+]MITM - Man In The Middle Attack

[+]Java Applet Attack

[+]MFOD Attack Vector

[+]USB Infection Attack

[+]ARP Dos Attack

[+]Web Killer Attack

[+]Fake Update Attack

[+]Fake Access point Attack

[+]Wifi Honeypot

[+]Wifi Jammer

[+]Wifi Dos

[+]Bluetooth POD Attack

Download WebSploit

Read more

[Binwalk] Firmware Analysis Tool

Binwalk is a firmware analysis tool designed to assist in the analysis, extraction, and reverse engineering of firmware images and other binary blobs. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules.

Binwalk supports various types of analysis useful for inspecting and reverse engineering firmware, including:

• Embedded file identification and extraction
• Executable code identification
• Type casting
• Entropy analysis and graphing
• Heuristic data analysis
• "Smart" strings analysis

Binwalk's file signatures are (mostly) compatible with the magic signatures used by the Unix file utility, and include customized/improved signatures for files that are commonly found in firmware images such as compressed/archived files, firmware headers, kernels, bootloaders, filesystems, etc.

Features

Binwalk is:

• Fast
• Flexible
• Extendable
• Easy to use

Binwalk can:

• Find and extract interesting files / data from binary images
• Find and extract raw compression streams
• Identify opcodes for a variety of architectures
• Perform data entropy analysis
• Heuristically analyze unknown compression / encryption
• Visualize binary data
• Diff an arbitrary number of files

Download Binwalk

Read more