NetBScanner – NetBIOS Network Scanner

The New Acunetix V12 Engine


NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.

NetBScanner - NetBIOS Network Scanner


For every computer located by this NetBIOS scanner, the following information is displayed:

  • IP Address
  • Computer Name
  • Workgroup or Domain
  • MAC Address
  • Network adapter manufacturer (from MAC address).

NetBScanner also shows whether a computer is a Master Browser. You can easily select one or more computers found by NetBScanner, and then export the list into csv/tab-delimited/xml/html file.

NetBIOS Network Scanner System Requirements

  • This utility works on every version of Windows, starting from Windows 2000 and up to Windows 10, including both 32-bit systems and x64 systems.
  • NetBIOS scan uses UDP port 137 to send and receive the NetBIOS data. If this port is blocked by your computer or in the remote network computers that you scan, the NetBIOS scan will not work.
  • When you run NetBScanner in the first time, you might get a warning from the Firewall of Windows. Even if you choose to keep blocking NetBScanner, the NetBIOS scan will still work properly.

Using NetBScanner NetBIOS Scanner

NetBScanner doesn’t require any installation process or additional dll files. In order to start using it, simply run the executable file – NetBScanner.exe

After running NetBScanner, you have to choose the IP addresses range to scan (by default, NetBScanner takes the IP addresses range from the configuration of your network adapter) and the scan speed. Be aware that if you increase the scan speed, the NetBIOS scan may become less reliable and miss some of your computers.


After you choose the desired scan option, click the ‘Ok’ button, and then NetBScanner will start scanning your network.

After the NetBIOS scan is finished, you can select one or more computers, and then export the computers list into csv/tab-delimited/xml/html file, by using the ‘Save Selected Items’ option (Ctrl+S)

Command-line Options for NetBIOS Scanning

Also check out:

nbtscan Download – NetBIOS Scanner For Windows & Linux

You can download NetBScanner here:

netbscanner.zip

Or read more here.


Topic: Hacking Tools

Metta – Information Security Adversarial Simulation Tool

The New Acunetix V12 Engine


Metta is an information security preparedness tool in Python to help with adversarial simulation, this can help you check various detection and control capabilities within your organisation.

Metta - Information Security Adversarial Simulation Tool


This project uses Redis/Celery, python, and vagrant with virtualbox to do adversarial simulation. This allows you to test (mostly) your host based instrumentation but may also allow you to test any network based detection and controls depending on how you set up your vagrants.

Metta parses yaml files with a list of “actions” [multistep attacker behavior] and uses Celery to queue these actions up and run them one at a time requiring no manual interaction with the hosts.

You can also craft Scenarious which chain a bunch of Actions together.

Metta Adversarial Simulation Tool FAQ

1. Doesn’t atomic testing do this? Yes, but it is a manual tool. We’ve ported a bunch of the functionality into Metta.

2. Doesn’t $X do this? Maybe, create an GitHub issue and we’ll see if it makes sense to partner or port the functionality.

3. I changed some code but things aren’t working like they should. Any ideas? Try stopping your start_vagrant_celery.sh session and restarting it should pick up changes you made. In general it keeps the state of your code until you restart it. Didn’t work? create a GitHub issue.

You can download Metta here:

metta-master.zip

Or read more here.


Topic: Countermeasures

Powershell-RAT – Gmail Exfiltration RAT

The New Acunetix V12 Engine


Powershell-RAT is a Python-based Gmail exfiltration RAT that can be used a Windows backdoor to send screenshots or other data as an e-mail attachment.

Powershell-RAT - Gmail Exfiltration RAT


This RAT will help you during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment.

It claims to not need Administrator access and is not currently detected by Anti-virus software.

How to setup Powershell-RAT Gmail Exfiltration RAT

  1. You need a throwaway Gmail email address
  2. Then enable “Allow less secure apps” by going to https://myaccount.google.com/lesssecureapps
  3. Modify the $username & $password variable for your account in the Mail.ps1 Powershell file
  4. Modify $msg.From & $msg.To.Add with the throwaway Gmail address

How I do use Powershell-RAT Gmail Backdoor?

  • Press 1: This option sets the execution policy to unrestricted using Set-ExecutionPolicy Unrestricted. This is useful on administrator machine
  • Press 2: This takes the screenshot of the current screen on the user machine using Shoot.ps1 Powershell script
  • Press 3: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesCore
  • Press 4: This option sends an email from the user machine using Powershell. These uses Mail.ps1 file to send screenshot as attachment to exfiltrate data
  • Press 5: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesUA
  • Press 6: This option deletes the screenshots from user machine to remain stealthy
  • Press 7: This option backdoors the user machine using schtasks and sets the task name to MicrosoftAntiVirusCriticalUpdatesDF
  • Press 8: This option performs all of the above with a single button press 8 on a keyboard. Attacker will receive an email every 5 minutes with screenshots as an email attachment. Screenshots will be deleted after 12 minutes
  • Press 9: Exit gracefully from the program or press Control+C

Some other related tools are:

PyExfil – Python Data Exfiltration Tools
DET – Data Exfiltration Toolkit
dnsteal – DNS Exfiltration Tool

And using Gmail as a backchannel there is:

Gdog – Python Windows Backdoor With Gmail Command & Control
Gcat – Python Backdoor Using Gmail For Command & Control

You can download Powershell-RAT here:

Powershell-RAT-master.zip

Or read more here.


Topic: Hacking Tools

SCADA Hacking – Industrial Systems Woefully Insecure

The New Acunetix V12 Engine


It seems like SCADA hacking is still a topic in hacker conferences, and it should be with SCADA systems still driving power stations, manufacturing plants, refineries and all kinds of other powerful and dangerous things.

SCADA Hacking - Industrial Systems Woefully Insecure

The latest talk given on the subject shows with just 4 lines of code and a small hardware drop device a SCADA based facility can be effectively DoSed by sending repeated shutdown commands to suscpetible systems.


Industrial control systems could be exposed not just to remote hackers, but to local attacks and physical manipulation as well.

A presentation at last week’s BSides conference by researchers from INSINIA explained how a device planted on a factory floor can identify and list networks, and trigger controllers to stop processes or production lines.

The talk – Hacking SCADA: How We Attacked a Company and Lost them £1.6M with Only 4 Lines of Code – reviewed 25 years of industrial control kit, going back to the days of proprietary equipment and X21 connections before discussing proof-of-concept attacks.

Mike Godfrey, chief exec at INSINIA, told El Reg that industrial control kit has long been developed with safety, longevity and reliability in mind. Historically everything was “air-gapped” but this has changed as the equipment has been adapted to incorporate internet functionality. This facilitates remote monitoring without having to physically go around and take readings and check on devices, which are often as not in hazardous environments.


It was ok before everything started getting wired up to networks, but with SCADA systems pre-dating the kind of security controls we need to stay safe, it’s hard to retrofit them.

Especially with the control software being on outdated versions of Windows dating back to Windows 98, which is so easily popped it’s laughable (and in this case, scary).

Industrial control systems run water supply, power grid and gas distribution systems as well as factories, building management systems and more. INSINIA has developed test rigs to assess the effectiveness of real-world systems that the security consultancy is asked to check. Testing attacks such as spoofing on real-world systems is likely to bring things down, Godfrey added.

Denial-of-service in industrial control environments is easy and fuzzing (trying a range of inputs to see which causes an undesigned effect) also offers a straightforward way to uncover hacks.

INSINIA has developed a device that automatically scans networks and shuts down components. The “weaponised” Arduino micro-controller looks like a regular programmable logic controller (PLC) to other devices on the network. If it is physically planted on a targeted environment, it can quickly enumerate networks before sending stop commands. It can “kill industrial processes with only four lines of code”, according to Godfrey.

He added that it wouldn’t be possible to apply a simple reset in the event of such an attack, so a targeted environment could be taken down again and again.

BSides presentations are often accompanied by the release of proof-of-concept code but the software here exploits systemic vulnerabilities that are unlikely to be resolved any time soon, so INSINIA is not releasing the tech even to its ethical hacker peers.

Godfrey said that for industrial control plants, keeping the processes running is the prime concern. He claimed many plants “self-insure” to cover for the losses and disruption caused by security incidents, which he said already happen on an under-publicised scale.

In this case not releasing the code is a good idea as these systems are not likely to get updated ever, the more likely move forward is to decomission them and replace them with more modern, native network connected systems or even cloud based controllers – which is the direction Industrial IoT is moving in.

It’s an area which is lagging far behind other industries and is ripe for nation state attacks, if you can take another countries power grid offline, that’s a pretty significant win.

Source: The Register


Topic: Exploits/Vulnerabilities
airgeddon - Wireless Security Auditing Script

airgeddon – Wireless Security Auditing Script

Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list. Airgeddon Wireless Security Auditing Features Interface mode switcher (Monitor-Managed) keeping selection even on interface name changing DoS over wireless networks using different methods. “DoS Pursuit mode” available to avoid AP channel hopping (available also on DoS […]

Topic: Hacking Tools
Acunetix v12 - Pause & Resume

Acunetix v12 – More Comprehensive More Accurate & 2x Faster

Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12. This new version provides support for JavaScript ES7 to better analyse sites which rely heavily on JavaScript such as SPAs. This coupled with a new AcuSensor for Java web applications, sets Acunetix ahead of the curve in its ability […]

Topic: Advertorial