CFRipper – CloudFormation Security Scanning & Audit Tool


CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool, it aims to prevent vulnerabilities from getting to production infrastructure through vulnerable CloudFormation scripts.

CFRipper - CloudFormation Security Scanning & Audit Tool


You can use CFRipper to prevent deploying insecure AWS resources into your Cloud environment. You can write your own compliance checks by adding new custom plugins.

CFRipper should be part of your CI/CD pipeline. It runs just before a CloudFormation stack is deployed or updated and if the CloudFormation script fails to pass the security check it fails the deployment and notifies the team that owns the stack. Rules are the heart of CFRipper. When running CFRipper the CloudFormation stack will be checked against each rule and the results combined.

Usage of CFRipper for CloudFormation Security Scanning

You can download CFRipper here:

cfripper-1.3.1.zip

Or read more here.


Topic: Security Software

CredNinja – Test Credential Validity of Dumped Credentials or Hashes


CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.

CredNinja - Test Credential Validity of Dumped Credentials or Hashes


At the core of it, you provide it with a list of credentials you have dumped (or hashes, it can pass-the-hash) and a list of systems on the domain (the author suggests scanning for port 445 first, or you can use “–scan”). It will tell you if the credentials you dumped are valid on the domain, and if you have local administrator access to a host.

Usage of CredNinja to Test Credential Validity of Dumped Credentials or Hashes

The tool really shines on large networks where it can parse a large amount of hosts quite quickly.

It is intended to be run on Kali Linux

You can download CredNinja here:

CredNinja-master.zip

Or read more here.


Topic: Hacking Tools

assetfinder – Find Related Domains and Subdomains


assetfinder is a Go-based tool to find related domains and subdomains that are potentially related to a given domain from a variety of sources including Facebook, ThreatCrowd, Virustotal and more.

assetfinder - Find Related Domains and Subdomains


assetfinder uses a variety of sources including those in the infosec space and social networks which can give relevant info:

  • crt.sh
  • certspotter
  • hackertarget
  • threatcrowd
  • wayback machine
  • dns.bufferover.run
  • facebook – Needs FB_APP_ID and FB_APP_SECRET environment variables set (https://developers.facebook.com/) and you need to be careful with your app’s rate limits
  • virustotal – Needs VT_API_KEY environment variable set (https://developers.virustotal.com/reference)
  • findsubdomains – Needs SPYSE_API_TOKEN environment variable set (the free version always gives the first response page, and you also get “25 unlimited requests”) — (https://spyse.com/apidocs)

Sources to be implemented:

  • http://api.passivetotal.org/api/docs/
  • https://community.riskiq.com/ (?)
  • https://riddler.io/
  • http://www.dnsdb.org/
  • https://certdb.com/api-documentation

Usage of assetfinder to Find Related Domains and Subdomains

The usage is very simple with only one option basically, to limit the search to subdomains only – by default it will scan for all associated domains and subdomains.

Installing assetfinder to Find Related Domains and Subdomains

If you have Go installed and configured (i.e. with $GOPATH/bin in your $PATH):

Another similar and recent tool that uses many of these sources and more and is also worth checking out is The OWASP Amass Project- DNS Enumeration, Attack Surface Mapping & External Asset Discovery.

You can download assetfinder here:

Source: assetfinder-master.zip
Linux: assetfinder-linux-386-0.1.1.tgz
Windows: assetfinder-windows-386-0.1.1.zip

Or read more here.


Topic: Hacking Tools

Karkinos – Beginner Friendly Penetration Testing Tool


Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a ‘Swiss Army Knife’ for pen-testing and/or hacking CTF’s.

Karkinos - Beginner Friendly Penetration Testing Tool


Karkinos Beginner Friendly Penetration Testing Tool Features

  • Encoding/Decoding characters
  • Encrypting/Decrypting text or files
  • Reverse shell handling
  • Cracking and generating hashes

How to Install Karkinos Beginner Friendly Penetration Testing Tool

Dependencies are:

  • Any server capable of hosting PHP
  • Tested with PHP 7.4.9
  • Tested with Python 3.8
  • Make sure it is in your path as:
  • Windows: python
  • Linux: python3
  • If it is not, please change the commands in includes/pid.php
  • Pip3
  • Raspberry Pi Zero friendly :) (crack hashes at your own risk)

Then:

  1. git clone https://github.com/helich0pper/Karkinos.git
  2. cd Karkinos
  3. pip3 install -r requirements.txt
  4. cd wordlists && unzip passlist.zip You can also unzip it manually using file explorer. Just make sure passlist.txt is in wordlists directory.
  5. Make sure you have write privilages for db/main.db
  6. Enable extension=mysqli in your php.ini file.
  7. If you don’t know where to find this, refer to the PHP docs. Note: MySQLi is only used to store statistics.
  8. Thats it! Now just host it using your preferred web server or run: php -S 127.0.0.1:8888 in the Karkinos directory.

Important: using port 5555, 5556, or 5557 will conflict with the Modules
If you insist on using these ports, change the PORT value in:

  • /bin/Server/app.py Line 87
  • /bin/Busting/app.py Line 155
  • /bin/PortScan/app.py Line 128

You can download Karkinos here:

Karkinos-main.zip

Or read more here.


Topic: Hacking Tools
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory

Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory

Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths. It takes a starting and ending point and will use Neo4j pathfinding algorithms to find the most efficient ACL based privilege escalation path. Features of Aclpwn.Py Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py currently has […]

Topic: Hacking Tools
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack

Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack

Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment. Features of Vulhub Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub contains many frameworks, databases, applications, programming languages and more such as: […]

Topic: Exploits/Vulnerabilities