Infernal Twin is an automated wireless hacking suite written in Python which automates many of the repetitive tasks involved in security testing for wifi networks.
Originally created to automate the Evil Twin attack, it has grown much beyond that into a comprehensive suite including various wireless attack vectors.
An evil twin attack is when a hacker sets its service identifier (SSID) to be the same as an access point at the local hotspot or corporate wireless network. The hacker disrupts or disables the legitimate AP by disconnecting it, directing a denial of service against it, or creating RF interference around it.
Users lose their connections to the legitimate AP and re-connect to the “evil twin,” allowing the hacker to intercept all the traffic to that device.
- WPA2 hacking
- WEP Hacking
- WPA2 Enterprise hacking
- Wireless Social Engineering
- SSL Strip
- Report Generation
- PDF Report
- HTML Report
- Note Taking
- Data saved in Database
- Network mapping
- Probe Request
- Added Log retrieval button for various attack results.
- Added BeeF XSS framework Integration
- Added HTTP Traffic View within tool
- Improved Infenral Wireless Attack
- Visual View of some of the panel improved
- Improved Basic Authentication during Social engineering assessment over wireless network
You can download Infernal Twin here:
Or read more here.
Zenmap is the official Nmap GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users.
No frontend can replace good old command-line Nmap. The nature of a frontend is that it depends on another tool to do its job. Therefore the purpose of Zenmap is not to replace Nmap, but to make Nmap more useful. Here are some of the advantages Zenmap offers over plain Nmap.
- Interactive and graphical results viewing – In addition to showing Nmap’s normal output, Zenmap can arrange its display to show all ports on a host or all hosts running a particular service. It summarizes details about a single host or a complete scan in a convenient display. Zenmap can even draw a topology map of discovered networks. The results of several scans may be combined together and viewed at once.
- Comparison – Zenmap has the ability to show the differences between two scans. You can see what changed between the same scan run on different days, between scans of two different hosts, between scans of the same hosts with different options, or any other combination. This allows administrators to easily track new hosts or services appearing on their networks, or existing ones going down.
- Convenience – Zenmap keeps track of your scan results until you choose to throw them away. That means you can run a scan, see the results, and then decide whether to save them to a file. There is no need to think of a file name in advance.
- Repeatability – Zenmap’s command profiles make it easy to run the exact same scan more than once. There’s no need to set up a shell script to do a common scan.
- Discoverability – Nmap has literally hundreds of options, which can be daunting for beginners. Zenmap’s interface is designed to always show the command that will be run, whether it comes from a profile or was built up by choosing options from a menu. This helps beginners learn and understand what they are doing. It also helps experts double-check exactly what will be run before they press “Scan”.
- Frequently used scans can be saved as profiles to make them easy to run repeatedly.
- A command creator allows interactive creation of Nmap command lines.
- Scan results can be saved and viewed later.
- Saved scan results can be compared with one another to see how they differ.
- The results of recent scans are stored in a searchable database.
Zenmap is already included in the Windows and Mac installer and the source, so you can download it using that:
Or read more here.
Hashing, it’s always a contentious issue – used to be md5, then sha-1, then bcrypt and now it looks like SHA-256 or SHA3-256 might the future with quantum science boffins predicting it’s not feasable to crack.
You can read more about the algorithm and design (using sponge construction) on Wikipedia here: SHA-3
While it’s reasonable to assume that a world with real quantum computers will ruin traditional asymmetric encryption, perhaps surprisingly hash functions might survive.
That’s the conclusion of a group of boffins led by Matthew Amy of Canada’s University of Waterloo, in a paper at the International Association of Cryptologic Research.
The researchers – which included contributions from the Perimeter Institute for Theoretical Physics and the Canadian Institute for Advanced Research – looked at attacks on SHA-2 and SHA-3 using Grover’s algorithm (a quantum algorithm to search “black boxes” – Wikipedia).
They reckon both SHA-256 and SHA3-256 need around 2166 “logical qubit cycles” to crack.
Perhaps counter-intuitively, the paper says the problem isn’t in the quantum computers, but the classical processors needed to manage them.
The paper notes: “The main difficulty is that the coherence time of physical qubits is finite. Noise in the physical system will eventually corrupt the state of any long computation.”
The sad part is, a lot of people are still using crappy old badly implemented hash algorithms like md5 and thinking that’s ok.
On the other hand with the predominance of people using frameworks like Rails, Laravel, Django etc those problems are minimised.
“Preserving the state of a logical qubit is an active process that requires periodic evaluation of an error detection and correction routine.”
If the quantum correction is handled by ASICs running at a few million hashes per second (and if Vulture South’s spreadsheet is right), Grover’s algorithm would need about 1032 years to crack SHA-256 or SHA3-256.
That’s considerably longer than the mere 14 billion years the universe has existed, although less than the estimated 10100 years until the heat death of the universe. Even if you didn’t care about the circuit footprint and used a billion-hash-per-second Bitcoin-mining ASIC, the calculation still seems to be in the order of 1029 years.
That’s a lot of years, the limitation seems to be the physical processors used to manage quantum computing – which may be resolved at some point but would take some time (according to even an accelerated Moore’s law).
Source: The Register
Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for penetration testing, offensive security and red teaming. Nishang is useful during all phases of penetration testing.
Import all the scripts in the current PowerShell session (PowerShell v3 onwards).
PS C:\nishang> Import-Module .\nishang.psm1
Use the individual scripts with dot sourcing.
PS C:\nishang> . C:\nishang\Gather\Get-Information.ps1
PS C:\nishang> Get-Information
To get help about any script or function, use:
PS C:\nishang> Get-Help [scriptname] -full
Note that the help is available for the function loaded after running the script and not the script itself since version 0.3.8. In all cases, the function name is same as the script name.
For example, to see the help about Get-WLAN-Keys.ps1, use
PS C:\nishang> . C:\nishang\Get-WLAN-Keys.ps1
PS C:\nishang> Get-Help Get-WLAN-Keys -Full
Nishang comes with a myriad of scripts divided into various categories:
You can download Nishang here:
Or read more here.
DyMerge is a simple, yet powerful bruteforce dictionary merging tool – written purely in python – which takes given wordlists and merges them into one dynamic dictionary that can then be used as ammunition for a successful dictionary based (or bruteforce) attack. One day the author was making his way through a ctf challenge, and […]
Today let’s talk about securing MySQL installation on Ubuntu, in this case specifically Ubuntu 16.04 LTS which was released not too long ago. So I love Ubuntu and I use it for everything, especially the LTS (Long Term Support) releases for servers. MySQL is not my best buddy, but a necessary evil many times – […]
mitmproxy is an interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. It’s a console tool that allows interactive examination and modification of HTTP traffic. It differs from mitmdump in that all flows are kept in memory, which means that it’s intended for taking and manipulating small-ish samples. The command-line companion called mitmdump […]
Scirius Community Edition is a web interface dedicated to Suricata ruleset management. It handles the rules file and update associated files. A Ruleset is made of components selected in different Sources. A Source is a set of files providing information to Suricata. For example, this can EmergingThreats ruleset. To create a ruleset, you thus must […]
So there’s been some HUGE DDoS attacks going on lately, up to 620Gbps and the Mirai DDoS Malware has been fingered – with the source code also being leaked. It’s spreading like wildfire too, and the scariest thought? All that was really needed to construct it was a telnet scanner and a list of default […]
Raptor WAF is a Web Application Firewall made in C, using DFA to block SQL Injection, Cross Site Scripting (XSS) and Path Traversal. DFA stands for Deterministic Finite Automaton also known as a Deterministic Finite State Machine. It’s essentially a simple web application firewall made in C, using the KISS principle, making polls using the […]