segunda-feira, 31 de agosto de 2020

RapidScan: The Multi-Tool Website Vulnerabilities Scanner With Artificial Intelligence

RapidScan's Features:
  • One-step installation.
  • Executes a multitude of security scanning tools, does other custom coded checks and prints the results spontaneously.
  • Come of the tools include nmap, dnsrecon, wafw00f, uniscan, sslyze, fierce, lbd, theharvester, dnswalk, golismero etc executes under one entity.
  • Saves a lot of time, indeed a lot time!
  • Checks for same vulnerabilities with multiple tools to help you zero-in on false positives effectively.
  • Legends to help you understand which tests may take longer time, so you can Ctrl+C to skip if needed.
  • Association with OWASP Top 10 2017 on the list of vulnerabilities discovered. (under development)
  • Critical, high, large, low and informational classification of vulnerabilities.
  • Vulnerability definitions guides you what the vulnerability actually is and the threat it can pose
  • Remediations tells you how to plug/fix the found vulnerability.
  • Executive summary gives you an overall context of the scan performed with critical, high, low and informational issues discovered. (under development)
  • Artificial intelligence to deploy tools automatically depending upon the issues found. for eg; automates the launch of wpscan and plecost tools when a wordpress installation is found. (under development)
  • Detailed comprehensive report in a portable document format (*.pdf) with complete details of the scans and tools used. (under development)

For Your Infomation about RapidScan:
  • Program is still under development, works and currently supports 80 vulnerability tests.
  • Parallel processing is not yet implemented, may be coded as more tests gets introduced.

RapidScan supports checking for these vulnerabilities:
  • DNS/HTTP Load Balancers & Web Application Firewalls. 
  • Checks for Joomla, WordPress and Drupal
  • SSL related Vulnerabilities (HEARTBLEED, FREAK, POODLE, CCS Injection, LOGJAM, OCSP Stapling).
  • Commonly Opened Ports.
  • DNS Zone Transfers using multiple tools (Fierce, DNSWalk, DNSRecon, DNSEnum).
  • Sub-Domains Brute Forcing.
  • Open Directory/File Brute Forcing.
  • Shallow XSS, SQLi and BSQLi Banners.
  • Slow-Loris DoS Attack, LFI (Local File Inclusion), RFI (Remote File Inclusion) & RCE (Remote Code Execution).

RapidScan's Requirements:
  • Kali Linux, Parrot Security OS, BlackArch... Linux distros that based for pentesters and hackers.
  • Python 2.7.x

RapidScan Installation:


RapidScan's screenshots:
RapidScan helping menu
RapidScan Intro
RapidScan Outro

How to contribute? If you want to contribute to the author. Read this.

Related articles


  1. Hacking Tools Windows 10
  2. Pentest Tools Free
  3. Hack Tools Pc
  4. Hack Tools For Pc
  5. Best Pentesting Tools 2018
  6. How To Make Hacking Tools
  7. Pentest Tools For Windows
  8. Pentest Tools For Mac
  9. Hacking Tools Download
  10. Hack Tools 2019
  11. Hacker Security Tools
  12. Blackhat Hacker Tools
  13. Hack And Tools
  14. New Hack Tools
  15. Hacker Tools Mac
  16. Pentest Tools Framework
  17. Pentest Tools Framework
  18. Hacking Tools Online
  19. Hacker Security Tools
  20. Tools Used For Hacking
  21. Hacker
  22. Hacking Tools 2019
  23. Hacker Tools Linux
  24. Hacker
  25. Hacker
  26. Hack Apps
  27. Hack Tools For Ubuntu
  28. Hacker Tools Software
  29. Pentest Tools List
  30. Hacking Tools For Games
  31. Pentest Tools For Mac
  32. Hack Tools For Games
  33. Hacking Tools Github
  34. Pentest Tools
  35. Hacker Tools Github
  36. Pentest Tools Subdomain
  37. Hacker Tools Free Download
  38. Hacking Tools 2020
  39. Top Pentest Tools
  40. Hacking Tools Online
  41. Free Pentest Tools For Windows
  42. Hacker Tools Apk Download
  43. Android Hack Tools Github
  44. Hacking Tools For Pc
  45. Pentest Recon Tools
  46. Hacks And Tools
  47. Hacking Tools For Windows
  48. Tools Used For Hacking
  49. Hack Tools
  50. Hacking Tools For Beginners
  51. Hacker Tools Software
  52. Hacking Tools For Games
  53. Hack Tools Download
  54. Hacking Apps
  55. Hacking Tools For Mac
  56. Best Hacking Tools 2020
  57. Hacking Tools Usb
  58. Usb Pentest Tools
  59. Hack Tools Mac
  60. Hacker Tools Software
  61. Game Hacking
  62. Android Hack Tools Github
  63. Hack Tools For Windows
  64. Black Hat Hacker Tools
  65. Beginner Hacker Tools
  66. Tools Used For Hacking
  67. Hacking Tools For Kali Linux
  68. Hacking Tools Pc
  69. Tools 4 Hack
  70. Pentest Tools Review
  71. Hacker Tools 2019
  72. Hacking Tools
  73. Pentest Tools Online
  74. Top Pentest Tools
  75. Tools Used For Hacking
  76. How To Install Pentest Tools In Ubuntu
  77. Hacking Tools Mac
  78. Hacker Tools Windows
  79. Free Pentest Tools For Windows
  80. Hacker Tools For Pc
  81. What Are Hacking Tools
  82. Black Hat Hacker Tools
  83. Pentest Tools For Mac
  84. Computer Hacker
Publicada por à(s) Sem comentários:

Voodoo-Kali - Kali Linux Desktop On Windows 10

Iemhacker-kali-windows

How it works?
 * Kali Linux with XFCE Desktop Environment in Windows Subsystem for Linux (WSL)
 * VcXsrv X Server for Windows is doing the hard GUI lifting
 * XFCE is started natively in WSL and displayed by VcXsrv

Install Voodoo-Kali:
 1, Enable WSL and install Kali Linux from the Microsoft Store. Read Install Kali Linux desktop on Windows 10 from Microsoft Store

 2, To start Kali Linux in Windows 10, open Command Prompt and enter the command: kali

 3, Enter this commands:
      apt install wget -y 
      wget https://raw.githubusercontent.com/Re4son/WSL-Kali-X/master/install-WSL-Kali-X
      bash ./install-WSL-Kali-X

 4, Download and install VcXsrv Windows X Server from SourceForge

 5, Start VcXsrv, accept change in firewall rules, exit VcXsrv

Run Voodoo-Kali:
   Start kali in Windows as normal user (that's default), and launch Voodoo-Kali:
    * as normal user: ./start-xfce
    * as root: sudo /root/xtart-xfce

Run Kali Desktop in an RDP session:
   In Kali Linux WSL, type: sudo /etc/init.d/xrdp start
   In Windows 10, open Run and enter mstsc.exe and connect to "127.0.0.1:3390"
remote%2Bdesktop

Status: Voodoo-Kali is in its infancy and it is far from being elegant. I'm working on it though and step by step I'll push out improvements. Below a snippet of the To-Do list:
 * Clean up and comment the scripts
 * Make for a cleaner exit
 * Better error handling and dependency checking (get rid of sleep, etc.)
 * Improve stability of Java programs
 * Improve the looks??
 * …

   Any help is truly appreciated, in any shape or form – from tips to pull requests.
   Why don't you join the forums to discuss?

Further Information:
 * Offsec – Kali Linux in the Windows App Store
 * MSDN – Windows Subsystem for Linux Overview

                                       Download Voodoo-Kali
Related word
  1. Hack And Tools
  2. Hacker Tools Github
  3. Hacking Tools Hardware
  4. Hacking Tools Windows
  5. Pentest Tools Android
  6. Hack And Tools
  7. Easy Hack Tools
  8. Pentest Tools List
  9. Hacker Tools For Ios
  10. Pentest Tools Nmap
  11. Github Hacking Tools
  12. Hacking Tools 2020
  13. Hacking Tools Windows 10
  14. Pentest Tools Open Source
  15. Hacking Tools Windows
  16. Pentest Tools Port Scanner
  17. Growth Hacker Tools
  18. Hacker Tools 2019
  19. Hack Tools For Games
  20. Hack And Tools
  21. Pentest Tools Download
  22. Hack Tools For Pc
  23. Pentest Tools
  24. Hacks And Tools
  25. Hack Tools Mac
  26. Hacker Tools For Mac
  27. Nsa Hacker Tools
  28. Hacking Tools For Beginners
  29. Beginner Hacker Tools
  30. Pentest Tools List
  31. Hacking Tools For Mac
  32. How To Install Pentest Tools In Ubuntu
  33. Hacker Tools Hardware
  34. New Hacker Tools
  35. Black Hat Hacker Tools
  36. Hack App
  37. How To Make Hacking Tools
  38. New Hack Tools
  39. Hacking Tools For Kali Linux
  40. Hacking Tools
  41. Hacker Techniques Tools And Incident Handling
  42. Pentest Tools Website
  43. Hack Tools Online
  44. Termux Hacking Tools 2019
  45. Hacking Tools For Windows Free Download
  46. Hacker Tools For Mac
  47. Hackers Toolbox
  48. Pentest Tools Bluekeep
  49. Hacker
  50. Beginner Hacker Tools
  51. Hack Tools Pc
  52. Hacking Tools Hardware
  53. New Hack Tools
  54. Best Pentesting Tools 2018
  55. Hack Tools 2019
  56. Hack Tools For Games
  57. Install Pentest Tools Ubuntu
  58. Physical Pentest Tools
  59. Hacking Tools For Games
  60. Beginner Hacker Tools
  61. Pentest Tools For Windows
  62. Pentest Tools Tcp Port Scanner
  63. Hacking Tools For Windows
  64. Black Hat Hacker Tools
  65. Android Hack Tools Github
Publicada por à(s) Sem comentários:

domingo, 30 de agosto de 2020

TLS-Attacker V2.2 And The ROBOT Attack

We found out that many TLS implementations are still vulnerable to different variations of a 19-year old Bleichenbacher's attack. Since Hanno argued to have an attack name, we called it ROBOT: https://robotattack.org

Given the new attack variants, we released a new version of TLS-Attacker 2.2, which covers our vulnerabilities.

Bleichenbacher's attack from 1998

In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 1.5 padding allow an adversary to execute an adaptive-chosen ciphertext attack. This attack also belongs to the category of padding oracle attacks. By performing the attack, the adversary exploits different responses returned by the server that decrypts the requests and validates the PKCS#1 1.5 padding. Given such a server, the attacker can use it as an oracle and decrypt ciphertexts.
We refer to one of our previous blog posts for more details.

OK, so what is new in our research?

In our research we performed scans of several well-known hosts and found out many of them are vulnerable to different forms of the attack. In the original paper, an oracle was constructed from a server that responded with different TLS alert messages. In 2014, further side-channels like timings were exploited. However, all the previous studies have considered mostly open source implementations. Only a few vulnerabilities have been found.

In our scans we could identify more than seven vulnerable products and open source software implementations, including F5, Radware, Cisco, Erlang, Bouncy Castle, or WolfSSL. We identified new side-channels triggered by incomplete protocol flows or TCP socket states.

For example, some F5 products would respond to a malformed ciphertext located in the ClientKeyExchange message with a TLS alert 40 (handshake failure) but allow connections to timeout if the decryption was successful. We could observe this behaviour only when sending incomplete TLS handshakes missing ChangeCipherSpec and Finished messages.
See our paper for more interesting results.

Release of TLS-Attacker 2.2

These new findings motivated us to implement the complete detection of Bleichenbacher attacks in our TLS-Attacker. Before our research, TLS-Attacker had implemented a basic Bleichenbacher attack evaluation with full TLS protocol flows. We extended this evaluation with shortened protocol flows with missing ChangeCipherSpec and Finished messages, and implemented an oracle detection based on TCP timeouts and duplicated TLS alerts. In addition, Robert (@ic0ns) added many fixes and merged features like replay attacks on 0-RTT in TLS 1.3.
You can find the newest version release here: https://github.com/RUB-NDS/TLS-Attacker/releases/tag/v2.2

TLS-Attacker allows you to automatically send differently formatted PKCS#1 encrypted messages and observe the server behavior:
$ java -jar Attacks.jar bleichenbacher -connect [host]:[port]
In case the server responds with different error messages, it is most likely vulnerable. The following example provides an example of a vulnerable server detection output:
14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered vulnerable to this attack if it responds differently to the test vectors.
14:12:42 [main] CONSOLE attacks.impl.Attacker - A server is considered secure if it always responds the same way.
14:12:49 [main] CONSOLE attacks.impl.Attacker - Found a difference in responses in the Complete TLS protocol flow with CCS and Finished messages.
14:12:49 [main] CONSOLE attacks.impl.Attacker - The server seems to respond with different record contents.
14:12:49 [main] INFO  attacks.Main - Vulnerable:true
In this case TLS-Attacker identified that sending different PKCS#1 messages results in different server responses (the record contents are different).
Related news
  1. Hack Rom Tools
  2. Hacking Tools For Games
  3. How To Make Hacking Tools
  4. Hacker Tools For Mac
  5. Pentest Tools Github
  6. Termux Hacking Tools 2019
  7. What Is Hacking Tools
  8. Hacking Tools For Kali Linux
  9. Hacking Tools For Kali Linux
  10. Pentest Tools For Android
  11. Hacker Search Tools
  12. Hacker Tools 2020
  13. Hacking Tools Kit
  14. Nsa Hacker Tools
  15. Hack Tools For Windows
  16. Install Pentest Tools Ubuntu
  17. Hacker Tools Free
  18. New Hack Tools
  19. Hacker Tools For Ios
  20. Hacker Tools Mac
  21. Hacking Tools For Windows Free Download
  22. Hacking Tools
  23. Android Hack Tools Github
  24. Hacker Tools Free Download
  25. Hacker Hardware Tools
  26. Hacker Tools For Mac
  27. Pentest Tools Framework
  28. Hack Tools Github
  29. Pentest Tools Review
  30. Free Pentest Tools For Windows
  31. Hacker Tools
  32. Hacker Security Tools
  33. Tools For Hacker
  34. Hacker Tools For Pc
  35. Hacking Tools Kit
  36. Pentest Box Tools Download
  37. Growth Hacker Tools
  38. Hacker Tools Hardware
  39. Hacker Tools Free Download
  40. Hacker Tools Free Download
  41. What Are Hacking Tools
  42. Hack Website Online Tool
  43. Hak5 Tools
  44. Hacking Tools Online
  45. Hacker Hardware Tools
  46. Pentest Box Tools Download
  47. Hacking Tools For Windows 7
  48. Hack Tools
  49. How To Hack
  50. Easy Hack Tools
  51. Hack Tools 2019
  52. Pentest Box Tools Download
  53. Pentest Tools Website
  54. Hacker Tools 2020
  55. Pentest Tools
  56. Hacking Tools Pc
  57. Hacking Tools 2019
  58. Hack Tools
  59. Hacking Tools For Games
  60. Hacking Tools For Kali Linux
  61. Hack Tools
  62. Hacker Tools 2019
  63. Hacking Tools For Mac
  64. Hacking Tools For Beginners
  65. Hack Tools Online
  66. Pentest Tools For Mac
  67. Usb Pentest Tools
  68. Pentest Tools Website
  69. Hacking Tools For Windows 7
  70. Best Hacking Tools 2019
  71. Hacking Tools
  72. Hacker Tools Hardware
  73. Hack Tools For Ubuntu
  74. Pentest Tools For Android
  75. Pentest Tools Website
  76. How To Install Pentest Tools In Ubuntu
  77. Hacker Tools Github
  78. Black Hat Hacker Tools
  79. Hacker Tools Apk
  80. Hacker Tools For Ios
  81. Hacker Tools Software
  82. Hacking Tools And Software
  83. World No 1 Hacker Software
  84. Bluetooth Hacking Tools Kali
  85. Hacker Tools For Pc
  86. Wifi Hacker Tools For Windows
  87. Hacker Tools For Ios
  88. Pentest Recon Tools
  89. Hacking Tools Software
  90. Pentest Tools Download
  91. Github Hacking Tools
  92. Pentest Tools Port Scanner
  93. Ethical Hacker Tools
  94. Pentest Tools Online
  95. Hack Tools For Mac
  96. Hacking Tools Name
  97. Hacker Tools List
  98. Hacking Tools Github
  99. Hacking Tools For Beginners
  100. Hacking Tools 2019
  101. Hack Tools Mac
  102. Hacker Tools 2020
  103. Pentest Tools Review
  104. Hack Tools For Mac
  105. Pentest Tools For Ubuntu
  106. Hacking Tools Software
  107. Hack Tools 2019
  108. Pentest Tools For Windows
  109. Nsa Hack Tools Download
  110. Hack Tools Mac
  111. Hacking Tools Windows 10
  112. Pentest Tools Github
  113. Computer Hacker
  114. Hack Tools For Mac
  115. Hacker Tools Github
  116. Hack And Tools
  117. Hacking Tools 2020
  118. Hacker Tool Kit
  119. Hacker Tools Mac
  120. Pentest Tools Tcp Port Scanner
  121. Best Pentesting Tools 2018
  122. New Hacker Tools
  123. Hack And Tools
  124. Hacking Tools Pc
  125. Pentest Tools Website
  126. Hacking Tools For Mac
  127. Hacker Tools Mac
  128. Tools For Hacker
  129. How To Install Pentest Tools In Ubuntu
  130. Hacker Tools Linux
  131. Hack Tools For Pc
  132. Pentest Tools Linux
  133. Hacking Tools For Windows
  134. Best Hacking Tools 2019
  135. Hacker Tools List
  136. Hacker
  137. Pentest Tools Review
  138. Pentest Tools Alternative
  139. Hacking Tools Github
  140. Hack Tools Download
  141. Hacking Tools For Pc
  142. Hacking Tools Download
  143. Github Hacking Tools
  144. Hacking Tools Windows 10
  145. Hack Tools Mac
  146. Pentest Tools Linux
  147. Pentest Tools Port Scanner
  148. Free Pentest Tools For Windows
  149. Free Pentest Tools For Windows
  150. Top Pentest Tools
  151. Termux Hacking Tools 2019
  152. Pentest Tools Port Scanner
  153. Hack Tools For Ubuntu
  154. Top Pentest Tools
  155. Pentest Tools List
  156. Hacker Tools For Mac
  157. Hacking Tools And Software
  158. Hacker Techniques Tools And Incident Handling
  159. Pentest Automation Tools
  160. Hak5 Tools
  161. Hack Website Online Tool
  162. Hacking Tools Windows 10
  163. Nsa Hack Tools
  164. How To Hack
  165. Hacker Tools Mac
  166. Hacker Tools Online
  167. Hacker Tools For Mac
  168. Hacking Tools Windows 10
  169. Hacker Tools Mac
  170. Best Hacking Tools 2020
  171. Pentest Tools Nmap
  172. Pentest Tools Nmap
  173. Hacker Tool Kit
  174. Computer Hacker
  175. Usb Pentest Tools
  176. Pentest Tools Framework
Publicada por à(s) Sem comentários:
Subscrever: Mensagens (Atom)