BlindElephant – Web Application Fingerprinting

During Black Hat USA 2010, Patrick Thomas presented a new web application fingerprinting tool called Blind Elephant.

The BlindElephant Web Application Finger-printer attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatically.

BlindElephant works via a new trendy technique of fetching static elements of the web app such as .js, .css, and other core files then running a check sum to compare sizes of those files from released versions.

BlindElephant is available via SVN here

svn co https://blindelephant.svn.sourceforge.net/svnroot/blindelephant/trunk blindelephant

WebSploit Framework 2.0.3 with Wifi Jammer

WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability.

WebSploit Is An Open Source Project For :
[>]Social Engineering Works
[>]Scan,Crawler & Analysis Web
[>]Automatic Exploiter
[>]Support Network Attacks
----
[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin
[+]format infector - inject reverse & bind payload into file format
[+]phpmyadmin Scanner
[+]LFI Bypasser
[+]Apache Users Scanner
[+]Dir Bruter
[+]admin finder
[+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+]MITM - Man In The Middle Attack
[+]Java Applet Attack
[+]MFOD Attack Vector
[+]USB Infection Attack
[+]ARP Dos Attack
[+]Web Killer Attack
[+]Fake Update Attack
[+]Fake Access point Attack

Download WebSploit Framework 2.0.3

Nessus 5.0.2 vulnerability scanner updates

Nessus is the world’s most widely-deployed vulnerability and configuration assessment product updated to version 5.0.2 .Nessus 5 features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, patch management integration, and vulnerability analysis of your security posture with features that enhance usability, effectiveness, efficiency, and communication with all parts of your organization.

Nessus 5.0.2 change logs:

• UTF8 encoding problems would sometimes cause the generation of reports to fail
• Fixed a case where generating some compliance checks reports would cause the scanner to hang, using 100% of the CPU
• Resolved a resource leak issue occurring when a large number of different users are connected at the same time .
• Network congestion errors are now detected more conservatively
• Upgraded libxml2, libxslt, openssl to their newest versions
• Some nessusd.rules directives were not honored by the port scanners
• Solaris 10 build
• 
  

Download Nessus 5.0.2 Windows version

Download Nessus 5.0.2 Linux Version

BeEF 0.4.3.8 - Browser Exploitation Framework

The Browser Exploitation Framework (BeEF) is a powerful professional security tool. It is a penetration testing tool that focuses on the web browser. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. 

Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.

BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.

Download BeEF 0.4.3.8

Joomscan updated - now can identify 673 joomla vulnerabilities

Security Team Web-Center just released an updated for Joomscan Security Scanner. The new database Have 673 joomla vulnerabilities

Joomla! is probably the most widely-used CMS out there due to its flexibility, user friendlinesss, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites.

Check for new updates with command: ./joomscan.pl or check ./joomscan.pl update 

Download Joomscan

The Social-Engineer Toolkit (SET) version 4.7 codename “Headshot” has been released.

The Social-Engineer Toolkit (SET) version 4.7 codename “Headshot” has been released. This version of SET introduces the ability to specify multi-powershell injection which allows you to specify as many ports as you want and SET will automatically inject PowerShell onto the system on all of the reverse ports outbound. What’s nice with this technique is it never touches disk and also uses already white listed processes. So it should never trigger anything like anti-virus or whitelisting/blacklisting tools. In addition to multi-powershell injector, there are a total of 30 new features and a large rewrite of how SET handles passing information within different modules.

Change log for version 4.7

• removed a prompt that would come up when using the powershell injection technique, port.options is now written in prep.py versus a second prompt with information that was already provided
• began an extremely large project of centralizing the SET config file by moving all of the options to the set.options file under src/program_junk
• moved all port.options to the central routine file set.options
• moved all ipaddr.file to the central routine file set.options
• changed spacing on when launching the SET web server
• changed the wording to reflect what operating systems this was tested on versus browsers
• removed an un-needed print option1 within smtp_web that was reflecting a message back to user
• added the updated java bean jmx exploit that was updated in Metasploit
• added ability to specify a username list for the SQL brute forcing, can either specify sa, other usernames, or a filename with usernames in it
• added new feature called multi-powershell-injection – configurable in the set config options, allows you to use powershell to do multiple injection points and ports. Useful in egress situations where you don’t know which port will be allowed outbound.
• enabled multi-pyinjection through java applet attack vector, it is configured through set config
• removed check for static powershell commands, will load regardless – if not installed user will not know regardless – better if path variables aren’t the same
• fixed a bug that would cause linux and osx payloads to be selected even when disabled
• fixed a bug that would cause the meta_config file to be empty if selecting powershell injection
• added automatic check for Kali Linux to detect the default moved Metasploit path
• removed a tail comma from the new multi injector which was causing it to error out
• added new core routine check_ports(filename, ports) which will do a compare to see if a file already contains a metasploit LPORT (removes duplicates)
• added new check to remove duplicates into multi powershell injection
• made the new powershell injection technique compliant with the multi pyinjector – both payloads work together now
• added encrypted and obfsucated jar files to SET, will automatically push new repos to git everyday.
• rewrote the java jar file to handle multiple powershell alphanumeric shellcode points injected into applet.
• added signed and unsigned jar files to the java applet attack vector
• removed create_payload.py from saving files in src/html and instead in the proper folders src/program_junk
• fixed a payload duplication issue in create_payload.py, will now check to see if port is there
• removed a pefile check unless backdoored executable is in use
• turned digital signature stealing from a pefile to off in the set_config file
• converted all src/html/msf.exe to src/program_junk/ and fixed an issue where the applet would not load properly

It can also be downloaded through github using the following command: 

git clone https://github.com/trustedsec/social-engineer-toolkit/ set/