Home » Posts filed under Perl

SNMPCheck - Enumerate the SNMP devices

in , , , , , , , - on 3:05 PM - No comments
 Like to snmpwalk, snmpcheck allows you to enumerate the SNMP devices and places the output in a very human readable friendly format. It could be useful for penetration testing or systems monitoring. Distributed under GPL license and based on "Athena-2k" script by jshaw.

Features

snmpcheck supports the following enumerations:
  •  contact
  • description
  • detect write access (separate action by enumeration)
  • devices
  • domain
  • hardware and storage informations
  • hostname
  • IIS statistics
  • IP forwarding
  • listening UDP ports
  • location
  • motd
  • mountpoints
  • network interfaces
  • network services
  • processes
  • routing information
  • software components
  • system uptime
  • TCP connections
  • total memory
  • uptime
  • user accounts

Read more
Labels: , , , , , , ,

[0verCheck] Script para comprobar si una dirección e-mail existe o no

in , , , , , , , - on 5:35 PM - No comments

Script para comprobar si una dirección de e-mail existe o es falsa. Admite listas de correo.

Mi idea es extraer el dominio a partir del correo  y comprobar a través de los DNS cual es el servidor SMTP (mirando los registros MX). Una vez que sabemos el servidor SMTP procedemos a lanzar unos sockets para conectarnos a él y proceder a intentar mandarle un e-mail a la cuenta que queremos comprobar si es válida. Mirando los códigos de respuesta, vemos que si el correo es válido nos devolverá un 250, y si no (en teoría) nos devuelve un 550.


Read more
Labels: , , , , , , ,

[Gojira] Herramienta para facilitar las auditorías en entornos WordPress

in , , , , , , - on 12:01 PM - No comments

Gojira es una herramienta para facilitar las auditorías en entornos WordPress. Está en pañales todavía ;). Por ahora:

  • -Permite crear un diccionario con los plugins más populares.
  • -Enumera plugins instalados a partir del diccionario.
  • -Extrae los usuarios registrados.
  • -Deduce la versión del WordPress a través de Readme.html, links del HTML y el meta generator.
  • -Comprueba el archivo robots.txt y comprueba cada ruta.

Read more
Labels: , , , , , ,

[Dumb0] A simple tool to dump users in popular forums and CMS

in , , , , , , , , , , , , , , , , , - on 1:58 PM - No comments

A simple tool to dump users forums popular forums and CMS like:

  • WordPress
  • SMF
  • vBulletin
  • IP Board
  • XEN forums
  • myBB
  • useBB
  • vanilla
  • bbPress
  • etc...
Read more
Labels: , , , , , , , , , , , , , , , , ,

[FGscanner] Find hidden contents using dictionary-like attack

in , , , , , , , , - on 11:39 AM - No comments
FGscanner is a completely rewritten version of littlescanner script.

FGscanner is an opensource advanced web directory scanner to find hidden contents on a web server using dictionary-like attack with proxy and tor support.

Quick reference for switches
Usage: ./fgscan.pl --host=hostname [--proxy=filepath] [--sec=n] [--dump] [--dirlist=filepath] [--wordlist=filepath] [--tor] [--tordns] [--debug] [--help]

--debug    : Print debug information
--dirs     : Specify the directory list file
--pages    : Specify the wordlist file
--uarnd    : Enable User Agent randomization
--host     : Specify hostname to scan (without http:// or https://)
--proxy    : Specify a proxy list
--sec    : Seconds between requests. Value 999 will randomize delay between requests from 1 to 30 seconds
--dump     : Save found pages on disk
--tor      : Use TOR as proxy for each request
--tordns   : Use TOR to resolve hostname. Without this options DNS queries will be directed to default DNS server outside TOR network
--help     : Show this help

Read more
Labels: , , , , , , , ,

[ExifTool] Read, Writing Meta Information Tools

in , , , , , , , , , , , , , , , , - on 1:17 PM - No comments
ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files.ExifTool supports many different metadata formats including EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP and ID3, as well as the maker notes of many digital cameras by Canon, Casio, FLIR, FujiFilm, GE, HP, JVC/Victor, Kodak, Leaf, Minolta/Konica-Minolta, Nikon, Olympus/Epson, Panasonic/Leica, Pentax/Asahi, Phase One, Reconyx, Ricoh, Samsung, Sanyo, Sigma/Foveon and Sony.


Features


  •     Powerful, fast, flexible and customizable
  •     Supports a large number of different file formats
  •     Reads EXIF, GPS, IPTC, XMP, JFIF, MakerNotes, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP, ID3 and more...
  •     Writes EXIF, GPS, IPTC, XMP, JFIF, MakerNotes, ICC Profile, Photoshop IRB, AFCP and more...
  •     Reads and writes maker notes of many digital cameras
  •     Decodes a riddle wrapped in a mystery inside an enigma
  •     Numerous output formatting options (including tab-delimited, HTML, XML and JSON)
  •     Multi-lingual output (cs, de, en, en-ca, en-gb, es, fi, fr, it, ja, ko, nl, pl, ru, sv, tr, zh-cn or zh-tw)
  •     Geotags images from GPS track log files (with time drift correction!)
  •     Generates track logs from geotagged images
  •     Shifts date/time values to fix timestamps in images
  •     Renames files and organizes in directories (by date or by any other meta information)
  •     Extracts thumbnail images, preview images, and large JPEG images from RAW files
  •     Copies meta information between files (even different-format files)
  •     Reads/writes structured XMP information
  •     Deletes meta information individually, in groups, or altogether
  •     Sets the file modification date (and creation date in Windows) from EXIF information
  •     Supports alternate language tags in XMP, PNG, ID3, Font, QuickTime, ICC Profile, MIE and MXF information
  •     Processes entire directory trees
  •     Creates text output file for each image file
  •     Creates binary-format metadata-only (MIE) files for metadata backup
  •     Automatically backs up original image when writing
  •     Organizes output into groups
  •     Conditionally processes files based on value of any meta information
  •     Ability to add custom user-defined tags
  •     Support for MWG (Metadata Working Group) recommendations
  •     Recognizes thousands of different tags
  •     Tested with images from thousands of different camera models
  •     Advanced verbose and HTML-based hex dump outputs


Read more
Labels: , , , , , , , , , , , , , , , ,

[Proxyp] Multithreaded Proxy Enumeration Utility

in , , , , , , - on 9:03 AM - No comments

Proxyp is a small multithreaded Perl script written to enumerate latency, port numbers, server names, & geolocations of proxy IP addresses. 

This script started as a way to speed up use of proxychains, which is why I've added an append option for resulting live IP addresses to be placed at the end of a file if need be.

Requires IP::Country module and root/administrator privileges.


Read more
Labels: , , , , , ,

[DAVOSET] Tool for conducting DDoS attacks

in , , , , , - on 10:05 PM - No comments
DAVOSET – it is console (command line) tool for conducting DDoS attacks on the sites via Abuse of Functionality vulnerabilities at other sites.

Changelog v1.1.5
  • Added error handler in GetCookie().
  • Added new services into lists of zombies.
  • Removed non-working services from lists of zombies.
Usage
1. Start the program: davoset.pl
2. Enter URL of the site to attack: Site: http://site
3. Get the site attacked via your list of zombie-servers.
Or from command line: 
perl davoset.pl u=http://site
perl davoset.pl u=http://site l=list.txt m=1 c=100

Read more
Labels: , , , , ,

[Beast-Check] SSL/TLS BEAST Vulnerability Check

in , , , , , , , , - on 8:51 AM - No comments

A small perl script that checks a target server whether it is prone to BEAST vulnerability via target preferred cipher. It assumes no workaround (i.e. EMPTY FRAGMENT) applied in target server. Some sources said this workaround was disabled by default for compatibility reasons. This may be the reason why RC4 ciphersuite was widely chosen as highest preferred ciphersuite for the primary workaround.

$ ./beast.pl

===============================================

SSL/TLS BEAST Vulnerability Check
 by YGN Ethical Hacker Group, http://yehg.net/

===============================================

Usage: beast.pl host [port]

port = 443 by default {optional}
$ ./beast.pl www.hotmail.com

===============================================

SSL/TLS BEAST Vulnerability Check
 by YGN Ethical Hacker Group, http://yehg.net/

===============================================

Target: www.hotmail.com:443

## The target is PRONE to BEAST attack. ##

Protocol: TLS v1
Server Preferred Cipher: AES128-SHA
Vulnerable: YES
$ ./beast.pl www.google.com

===============================================

SSL/TLS BEAST Vulnerability Check
 by YGN Ethical Hacker Group, http://yehg.net/

===============================================

Target: www.google.com:443

## The target is NOT vulnerable to BEAST attack. ##

Protocol: TLS v1
Server Preferred Cipher: ECDHE-RSA-RC4-SHA
Vulnerable: NO


Read more
Labels: , , , , , , , ,

[IP-reputation-snort-rule-generator] A tool to generate Snort rules based on public IP reputation data

in , , , , - on 4:21 PM - No comments
A tool to generate Snort rules or Cisco IDS signatures based on public IP/domain reputation data.

Usage



./tepig.pl [ [--file=LOCAL_FILE] | [--url=URL] ] [--csv=FIELD_NUM] [--sid=INITIAL_SID] [--ids=[snort|cisco]] | --help
LOCAL_FILE is a file stored locally that contains a list of malicious domains, IP addresses and/or URLs. If omitted then it is assumed that a URL is provided. URL is a URL that contains a list of malicious domains, IP addresses or URLs. The default is https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist. FIELD_NUM is the field number (indexing from 0) that contains the information of interest. If omitted then the file is treated as a simple list. INITIAL_SID is the SID that will be applied to the first rule. Every subsequent rule will increment the SID value. The default is 9000000.

Examples

Malicious IP address

./tepig.pl --url=https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist
https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist is a plain text file containing a list of known bad IP addresses. At the time of writing, the first entry is 108.161.130.191. The first rule output would be:
alert ip any any <> 108.161.130.191 any (msg:"Traffic to known bad IP (108.161.130.191)"; reference:"url,https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist"; sid:9000000; rev:0;)
This rule looks for any traffic going to or coming from the bad IP address.

Malicious Domain

./tepig.pl --url=http://doc.emergingthreats.net/pub/Main/RussianBusinessNetwork/Storm_2_domain_objects_3-11-2011.txt
http://doc.emergingthreats.net/pub/Main/RussianBusinessNetwork/Storm_2_domain_objects_3-11-2011.txt is a plain text file containing a list of known bad domain names. At the time of writing the first entry is *.bethira.com. The first rule output would be:
alert udp any any -> any 53 (msg:"Suspicious DNS lookup for *.bethira.com"; reference:"url,http://doc.emergingthreats.net/pub/Main/RussianBusinessNetwork/Storm_2_domain_objects_3-11-2011.txt"; content:\"|01 00 00 01 00 00 00 00 00 00|\"; depth: 10; offset: 2; content:"|07|bethira|03|com"; nocase; distance:0; sid:9000000; rev:0;)
This rule looks for any DNS lookup for the bad domain.


Read more
Labels: , , , ,