[Mercury v2.2.0] The Android Assessment Framework

Mercury is a security assessment framework for the Android platform. It allows you to dynamically interact with the Inter-Process Communication (IPC) endpoints exported by an application installed on a device.

Mercury provides similar functionality to a number of static analysis tools, such as aapt, but offers far more flexibility by allowing you to interact with these endpoints from the context of an unprivileged application running on the same device.

The Android sandbox is designed to restrict the access of an unprivileged application to other applications and the underlying device, without requesting appropriate permissions. Once you’ve had a look with Mercury, you will be surprised at how much access you actually have.

Mercury was also a part of the latest Blackhat Arsenal 2013 Session in Amsterdam, where the awesome team has demoed neat features and few tricks pentesters can leverage to bypass restrictions and exploit vulnerabilities on Android Smartphones.

Mercury allows you to:

1. Interact with the 4 IPC endpoints – activities, broadcast receivers, content providers and services
2. Use a proper shell that allows you to play with the underlying Linux OS from the point of view of an unprivileged application (you will be amazed at how much you can still see)
3. Find information on installed packages with optional search filters to allow for better control
4. Built-in commands that can check application attack vectors on installed applications
5. Tools to upload and download files between the Android device and computer without using ADB (this means it can be done over the internet as well!)
6. Create new modules to exploit your latest finding on Android, and playing with those that others have found

Here is the latest changelog information as embedded with Mercury package

- Connections between Consoles and Agents can be encrypted with SSL.

- The Agent can require a password to be provided to establish a session.

- New Mercury modules can be downloaded and installed from the Internet, and

the local file system.

- Significant performance improvements to the Agent.

In addition, the following Github Issues have been closed:

Agent:

# 2 High CPU usage when polling for messages in Session.java.

# 1 High CPU usage on active connection in Server/Client.java.

Console:

# 50 Error when printing ContentProvider Path Permissions.

# 49 app.provider.delete does not work.

# 48 Python 2.x xrange/range optimization.

# 47 Some apps can crash scanner.provider.* modules.

# 44 Running app.package.manifest without specifying a package results in a

Null Pointer Exception.

# 43 Bug in app.provider.query.

# 34 Five, new 3rd Party ‘pilfer’ Modules.

The new console is compatible with the old agent, and vice-versa. However, this

configuration does not support SSL or password-on-connect.

Download Mercury v2.2.0

[SPF v0.1.7] Smartphone Pentest Framework - Support of the SMS shell pivot

The smartphone penetration testing framework, the result of a DARPA Cyber Fast Track project, aims to provide an open source toolkit that addresses the many facets of assessing the security posture of these devices. We will look at the functionality of the framework including information gathering, exploitation, social engineering, and post exploitation through both a traditional IP network and through the mobile modem, showing how this framework can be leveraged by security teams and penetration testers to gain an understanding of the security posture of the smartphones in an organization. We will also show how to use the framework through a command line console, a graphical user interface, and a smartphone based app.

SPF first release includes a text based management console, a web based GUI, and a management Android app.

• SPF Console: The console is a text based Perl program that allows Smartphone Pentest Framework users to perform all the server functionality of SPF.
• SPF Web based GUI: The GUI is a web based front end for SPF that allows users to perform all the server functionality. It is a set of Perl based webpages.
• SPF Android App: The SPF Android App allows users to use the mobile modem of the Android smartphone with SPF to send SMS messages, gather information, etc. Users can also perform server functionality directly from Android smartphones using this application.
• SPF Android Agent: The SPF Android Agent is one of Smartphone Pentest Framework’s post exploitation options. It is transparent to the user and allows SPF users to perform post exploitation tasks such as privilege escalation, information gathering, and remote control on Android phones with the agent installed. Agents for iPhone and Blackberry platforms are currently in development.

Changes for 0.1.7

Added SMS shell pivot

Note: There is also a new script to install SPF on the newest KALI Pentest Plateform (https://github.com/georgiaw/Smartphone-Pentest-Framework/blob/master/kaliinstall). Don’t miss it.

Download SPF v0.1.7

[Canari Framework] Maltego Rapid Transform Development Framework

Canari is a rapid transform development framework for Maltego written in Python. The original focus of Canari was to provide a set of transforms that would aid in the execution of penetration tests, and vulnerability assessments. Ever since it's first prototype, it has become evident that the framework can be used for much more than that. Canari is perfect for anyone wishing to graphically represent their data in Maltego without the hassle of learning a whole bunch of unnecessary stuff. It has generated interest from digital forensics analysts to pen-testers, and even psychologists.

Canari's core features include:        - An easily extensible and configurable framework that promotes maximum reusability;      - A set of powerful and easy-to-use scripts for debugging, configuring, and installing transforms; -Finally, a great number of community provided transforms. 

More info: http://www.canariproject.com 

Video demo: http://www.youtube.com/allfro

Download Canari Framework

[MASTIFF2HTML] Static Analysis Framework Results Viewer

MASTIFF2HTML is a python program that is used to create a GUI results interface in HTML from MASTIFF results.

Download the python program at:
https://github.com/1aN0rmus/TekDefense/blob/master/MASTIFF2HTML.py
MASTIFF is an automated static malware analysis framework.

Learn more about MASTIFF at:
http://www.tekdefense.com/news/2013/2/22/tektip-ep23-mastiff-with-a-splash-of-maltrieve.html

[Recon-ng] Web Reconnaisance Framework for Penetration Testers

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework.

Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.

If you want to exploit, use the Metasploit Framework. If you want to Social Engineer, us the Social Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng!

How to use ? Complete Guide is available here

Recon-ng repository

git clone https://LaNMaSteR53@bitbucket.org/LaNMaSteR53/recon-ng.git

[The Volatility Framework] An advanced memory forensics framework

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.

• Windows Malware and Memory Forensics Training by The Volatility Project
• Mar 2013 in Chicago, IL
• Dec 2012 in Reston, VA
• Download the latest release: Volatility Framework 2.2
• Read documentation on our wiki

Volatility supports memory dumps from all major 32- and 64-bit Windows versions and service packs including XP, 2003 Server, Vista, Server 2008, Server 2008 R2, and Seven. Whether your memory dump is in raw format, a Microsoft crash dump, hibernation file, or virtual machine snapshot, Volatility is able to work with it. We also now support Linux memory dumps in raw or LiME format and include 35+ plugins for analyzing 32- and 64-bit Linux kernels from 2.6.11 - 3.5.x and distributions such as Debian, Ubuntu, OpenSuSE, Fedora, CentOS, and Mandrake. Official OSX and Android support are coming!

Download The Volatility Framework

[Scythe Framework] Harvest Profile Id And Email

In this video i will show you how to use Scythe Framework for Harvesting a Email ID and other usernames from blogs, social-media, etc ..

I personally like this tool because,online there's tons of tools available for Email ID harvesting but this one is great .... right now only supports two Mail system.

Scythe Framework: - https://github.com/ChrisJohnRiley/Scythe

Account Enumerator is designed to make it simple to perform account enumeration as part of security testing. The framework offers the ability to easily create new modules (XML files) and speed up the process of testing. This tool was created with 2 main use cases in mind: - The ability to test a range of email addresses across a range of sites (e.g. social media, blogging platforms, etc...) to find where those targets have active accounts. This can be useful in a social engineering test where you have email accounts for a company and want to list where these users have used their work email for 3rd party web based services. - The ability to quickly create a custom testcase module and use it to enumerate for a list of active accounts. Using either a list of know usernames, email addresses, or a dictionary of common account names. This program is released as is and is not designed to be used to test again sites where you do not have permission. Any modules provided are for demonstration purposes and may breach end user license agreements if used against a site. Your mileage may vary... be responsible!

[Xenotix] XSS Exploit Framework 2013 v2 Released

Xenotix XSS Exploit Framework is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications. This tool can inject codes into a webpage which are vulnerable to XSS. It is basically a payload list based XSS Scanner and XSS Exploitation kit. It provides a penetration tester the ability to test all the XSS payloads available in the payload list against a web application to test for XSS vulnerabilities. The tool supports both manual mode and automated time sharing based test modes. The exploitation framework in the tool includes a XSS encoder, a victim side XSS keystroke logger, an Executable Drive-by downloader and a XSS Reverse Shell. These exploitation tools will help the penetration tester to create proof of concept attacks on vulnerable web applications during the creation of a penetration test report.

Features: 

• Built in XSS Payloads
• XSS Key logger
• XSS Executable Drive-by downloader
• Automatic XSS Testing
• XSS Encoder
• XSS Reverse Shell (new)

Download Xenotix XSS Exploit Framework 2013 v2

[GNUnet P2P Framework] v 0.9.4

GNUnet is a framework for secure peer-to-peer networking that does not use any centralized or otherwise trusted services. A first service implemented on top of the networking layer allows anonymous censorship-resistant file-sharing. Anonymity is provided by making messages originating from a peer indistinguishable from messages that the peer is routing. All peers act as routers and use link-encrypted connections with stable bandwidth utilization to communicate with each other. GNUnet uses a simple, excess-based economic model to allocate resources. Peers in GNUnet monitor each others behavior with respect to resource usage; peers that contribute to the network are rewarded with better service. GNUnet is part of the GNU project.

We're happy to announce the release of GNUnet 0.9.4. Key new features in GNUnet 0.9.4 include:

• flow- and congestion-control for GNUnet's multicast subsystem
• support for exit policies and exit discovery for the GNUnet VPN
• support for reverse-proxies for HTTP and HTTPS transports
• GNUnet Naming System, an initial implementation of the GNU Alternative Domain System (GADS)
• gnunet-auto-share for automatically sharing a directory is available again
• gnunet-download now has a progress bar
• new API for ultra large-scale testing and benchmarking
• new API for reliable, ordered bidirectional communication between peers
• reductions in memory consumption (about 25%)
• performance improvements, especially on W32

Platform: 

Source Code (TGZ) 

Download link: 

ftp://ftp.gnu.org/gnu/gnunet/gnunet-0.9.4.tar.gz

ftp://ftp.gnu.org/gnu/gnunet/gnunet-0.9.4.tar.gz.sig

[Subterfuge] Beta Version 4.2

 Automated Man-in-the-Middle Attack Framework 

                                   
Abstract:  

Enter Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attack and make it as simple as point and shoot. A beautiful, easy to use interface which produces a more transparent and effective attack is what sets Subterfuge apart from other attack tools. Subterfuge demonstrates vulnerabilities in the ARP Protocol by harvesting credentials that go across the network, and even exploiting machines through race conditions. Now walk into a corporation… A rapidly-expanding portion of today’s Internet strives to increase personal efficiency by turning tedious or complex processes into a framework which provides instantaneous results.

On the contrary, much of the information security community still finds itself performing manual, complicated tasks to administer and protect their computer networks. Given the increase in automated hacking tools, it is surprising that a simplistic, “push-button” tool has not been created for information security professionals to validate their networks’ ability to protect against a Man-In-The-Middle attack. Subterfuge is a small but devastatingly effective credential-harvesting program which exploits a vulnerability in the Address Resolution Protocol. It does this in a way that a non-technical user would have the ability, at the push of a button, to harvest all of the usernames and passwords of victims on their connected network, thus equipping information and network security professionals with a “push-button” security validation tool.   


Download: http://code.google.com/p/subterfuge

Subterfuge DEFCON 20 Teaser:  http://www.youtube.com