Tag: Penetration testing software

  • Kali NetHunter, mobile device distribution for hacking

    Kali NetHunter, mobile device distribution for hacking

    Kali NetHunter is an open source mobile distribution for Nexus mobile devices developed by a well known IT penetration testing company called Offensive Security, the same developers of Debian based Kali Linux for desktop computers. Kali NetHunter turns your Nexus mobile phone or tablet into a pocket penetration testing suite able launch attacks on wireless networks and unattended computers.

    One of the attacks demonstrated in video by the distribution developers it is called HID keyboard and it shows how a mobile phone running Kali NetHunter plugged into a computer USB port can automatically type in pre-programmed commands without touching the PC physical keyboard. With this technique, that also works with the lockscreen switched on, it would be possible to install a trojan horse or copying hard drive content in the target computer.

    Kali NetHunter hacking for Nexus mobile
    Kali NetHunter hacking for Nexus mobile

    Another poweful attack is using Kali NetHunter dnsmasq to provide DNS and DHCP services to a small network, this allows for all kind of middle man attacks. From displaying a fake phishing page that captures credentials every time somebody requests the URL for Paypal or Facebook, up to blocking Internet access to the whole network blocking DNS look ups. Other possible attacks are sniffing, spoofing, vulnerability scan, gathering information on a target computer, breaking into a wireless network and dozens more, all of the Kali Linux tools are included in NetHunter.

    After installing Kali NetHunter in your mobile device it is easy to launch any of the included penetration tests, you don’t have to use the command line if you don’t want to, many exploits can be launched with a webpanel and a VPN can be set up to cover your tracks, securing your connection from packet sniffers on the network.

    At the moment Kali NetHunter is only available for Google Nexus mobile phones and tablets, Nexus comes rooted with an unlocked bootloader, this makes it simple for end users to modify factory Android operating system settings. Other Android builds could become available in the future, NetHunter is open to community contributions.

    There has been reports of various antivirus software flagging Kali NetHunter official download as a virus, make sure to get it from the official site and compare the supplied file hashes so that you know it has not been tampered with, you should also change the default “toor” password to something else.

    Visit Kali NetHunter homepage

  • Penetration testing and ethical hacking distribution Matriux

    Penetration testing and ethical hacking distribution Matriux

    Matrix is a penetration testing Linux distribution based on Debian with the GNOME window manager. The download is a huge 3GB and you can run it as a live DVD or install it in your computer or USB thumbdrive. The tools Matrix comes with have been specially created for ethical hackers, penetration testers and computer forensic experts. I can’t imagine anybody using Matrix as their every day desktop unless they work in this field.

    The default username is matriux and password is toor. The only main stream software you will find is an archive manager to pack files, all of the other tools are computer security related. To install this distribution a “Matriux Disk Installer” shortcut in the desktop can be clicked on but it will not partition your hard drive, you will have to prepare the drive and create a Swap partition on your own with a different tool, I suggest GParted.

    PEN testing distribution Matrix
    PEN testing distribution Matrix

    Matriux comes with two browsers, Firefox, including the Adblock Plus and NoScript addons, and Epiphany, a lightweight GNOME desktop browser. The tools you need for hacking are all nicely classified inside the “Arsenal” tab. You can find multiple scanners to test cross site scripting exploits in websites, Nmap and Angry IP scanners to scan a whole network and search for open ports and services where to infiltrate.

    The forensics sections of Matrix has every single piece of software you will possibly need for your job, orderly divided into “Acquisition“, “Analysis” and “Metadata extractors“, without leaving out tools to analyse Android mobile phones. Other crows in the jewel incorporate steganographic tools, Bluetooth hacking, VoIP hacking software, DNS attack tools, debuggers, hacking frameworks like MetaSploit, Mantra or Inguma. For those who don’t know, each framework contains further discovering, gathering, scanning, bruteforcing and exploit tools, you can spend months just learning about how to operate the software.

    I liked that Matriux comes with my favourite zsh shell and a marvelous semi transparent terminal colouring scheme that makes you real look geeky when people look at the screen even if you haven’t got a clue of what you are doing. I could not see anything missing in the cyberarsenal, from the basic Truecrypt and Tor to the more dark open source intelligence and forensics application Maltego.

    With over 300 hacking tools in a single DVD at the touch of your fingertips, Matriux is a good alternative to Kali Linux and should be a must have hacking distribution for all security professionals, students and hobbyists.

    Visit Matriux homepage

  • Intrusion Detection Linux distribution Security Onion

    Intrusion Detection Linux distribution Security Onion

    Security Onion is a Ubuntu based Intrusion Detection and Network Security Linux distribution for professionals. It can run as a live DVD or installed in your hard drive with just a few clicks. The distribution comes with well known offensive and defensive digital tools that are not very beginner friendly, you need to have a computer security background to understand what the tools do.

    Fortunately Security Onion developers have uploaded a series of YouTube tutorials explaining how to search DNS traffic, how to use Sguil, Squert, Snorby and tcpreplay, there is also a well documented Wiki, a mailing list and Freenode IRC channel where you can post questions. If you wish to learn about digital forensics and hacking this will be a good place to start.

    Intrusion Detection Linux distribution Security Oniion
    Intrusion Detection Linux distribution Security Onion

    Security Onion default window manager is XFCE, a minimalist lightweight desktop environment. You will find a basic Xubuntu software base, like the Synaptic package manager, text editor Abiword, graphic editor the Gimp and a couple of Solitaire games with a considerable bundle of network inspection software, the expected WireShark packet sniffer, Suricata, Xplico and Network Miner for network forensic analysis, Snorby, ELSA, Snort and a long etc of tools that security professionals will quickly recognise.

    There is no root password in Security Onion, a default Ubuntu based distribution setting. Your account already has sudo permissions and you can add a new user with sudo adduser

    This is an actively supported distribution, one of the developers is a SANS Institute GSE Community Instructor and other seasoned security professionals are also involved, a two training class about Security Onion has already taken place, with enough demand there is no reason why this should not happen more often.

    Security Onion is a proper alternative to BackTrack that has all the tools a pen tester and digital forensics professional needs to detect network intrusion and test network defences before and attack happens. Security Onion is well documented with community based online support.

    Definitely a distribution to look at if you work in the IDS field or if you would like to learn more about real computer security that actually needs some skill and it is not a point and click script kiddie cyberweapon.

    Visit Security Onion homepage

  • Intercept communications with data tampering tool HookME

    Intercept communications with data tampering tool HookME

    HookME is a free open source Windows tool to intercept network communications hooking up desired processes and API calls, including SSL clear data, the unencrypted SSL headers.

    The software download is initially tiny (125Kb), when you try to install it you will get a message saying it requires supplemental .dll and .db files to work, over 30MB of files will be automatically downloaded by HookME from a third party site, you will also be asked to register the new .dll dependencies giving administrative rights to Windows Command Processor, the installation process could make some people feel uneasy about this tool containing malware, the only guarantee you have is that HookME is developed by well known OSINT FOCA creators.

    Every time you start the software you will be shown a small Netkra Deviare unregistered license splash screen, you don’t have to buy a license but it will get rid of the initial screen if you do.

    TCP data tampering tool HookME
    TCP data tampering tool HookME

    The software has a tabbed user interface that can be used to intercept any hooked API call and read the data that is being sent and received, you can change intercepted packets in real time, dropping or forwarding them, a Python plugin system allows for anyone to create their own custom addon, there are some templates for that. HookME developer showed in BlackHat Europe 2013 conference how to easily intercept MySQL data and inject a backdoor on the fly with a few clicks executing remote commands.

    Real time intercepted data can be seen in the user interface Hex editor showing you hexadecimal numbers and their corresponding text meaning, you can highlight data packets and click on the “Drop” or “Forward” buttons, a small window below the program lets you know what process is hooked, for example it will show firefox.exe if you are eavesdropping on a Firefox browser session.

    This tool can be used for penetration testing creating malware and backdoors in network protocols or to uncover rootkits hooking up API calls, the main challenge for an attacker to use HookME against you would be getting access to your network first.

    Visit HookME homepage

  • SandCat browser for website penetration testing

    SandCat browser for website penetration testing

    SandCat is a free portable penetration testing browser based on Chromium, the rendering engine behind Chrome browser, thanks to extensions support you can quickly find out what server software is being used by a website, run javascript in the loaded page, view cookies and links, use a cgi scanner, HTTP brute force a page and much more. Three tabs at the bottom of the browser allow you to easily change view from normal to source code or logs.

    Coders can create their own browser extensions with HTML, CSS and Lua (a programming language), Syhunt, the browser developers, own RudaScript library allows you to execute any scripting language, like Ruby, Python, PHP, javascript, etc.

    SandCat browser penetration testing
    SandCat browser penetration testing

    Although the browser is directed towards system administrators to test their own web server security and people scrutinizing pages that contain malware, privacy activists could use SandCat to see in real time how they are being tracked on the Internet, the browser can split its main window in half to show all HTTP live headers in real time on top of it, it can also be used to teach people how websites work, looking at the HTTP headers as you browse a website shows all of the external elements being download, packet sizes, request methods (GET/POST), pings, advertising networks, redirects… It is much more clear than seeing a website activity using a packet sniffer full of binary numbers that have to be grouped together.

    The browser is too technical for the average user, unless you are a student, hardcore geek or professional PEN tester it wouldn’t make much sense for you to run SandCat.

    Visit SandCat browser homepage