techian.com

ABOUT BRUTER

Bruter 1.0 BETA 1 has been released. Bruter is a parallel login brute-forcer. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.

Bruter is a tool for the Win32 platform only.

PROTOCOL SUPPORT

It currently supports the following services:

• FTP
• HTTP (Basic)
• HTTP (Form)
• IMAP
• MSSQL
• MySQL
• POP3
• SMB-NT
• SMTP
• SNMP
• SSH2
• Telnet

DEPENDENCIES

• OpenSSL – Win32 OpenSSL package
• Libssh2

More information and download details

You can download Bruter here:

Bruter_1.0_beta1.zip

Or read more here.

Metasploit development cycle seems to be picking up, I guess with greater community support the bugs get ironed out and the new features introduced faster.

Good to see an update so soon after Metasploit Framework v3.0 was released.

I keep closely up to date with Metasploit as it’s pretty much the best free tool out there right now, and certainly the most exciting along with Nmap.

The latest version features a graphical user interface, full support for the Windows platform, and over 450 modules, including 265 remote exploits. Metasploit 3.1 consolidates a year of research and development, integrating ideas and code from some of the sharpest and most innovative folks in the security research community.

The graphical user interface is a major step forward for Metasploit users on the Windows platform. Development of this interface was driven by Fabrice Mourron and provides a wizard-based exploitation system, a graphical file and process browser for the Meterpreter payloads, and a multi-tab console interface. “The Metasploit GUI puts Windows users on the same footing as those running Unix by giving them access to a console interface to the framework” said H D Moore, who worked with Fabrice on the GUI project.

The latest incarnation of the framework includes a bristling arsenal of exploit modules that are sure to put a smile on the face of every information warrior. Notable exploits in the 3.1 release include a remote, unpatched kernel-land exploit for Novell Netware, written by toto, a series of 802.11 fuzzing modules that can spray the local airspace with malformed frames, taking out a wide swath of wireless-enabled devices, and a battery of exploits targeted at Borland’s InterBase product line. “I found so many holes that I just gave up releasing all of them”, said Ramon de Carvalho, founder of RISE Security, and Metasploit contributor.

Metasploit runs on all modern operating systems, including Linux, Windows, Mac OS X, and most flavors of BSD. Metasploit has been used on a wide range of hardware platforms, from massive Unix mainframes to the tiny Nokia n800 handheld. Users can access Metasploit using the tab-completing console interface, the Gtk GUI, the command line scripting interface, or the AJAX-enabled web interface. The Windows version of Metasploit includes all software dependencies and a selection of useful networking tools.

More information and download details:

You can download Metasploit v3.1 here:

Metasploit v3.1 tar.gz
Metasploit v3.1 exe

Or read more here

wsScanner is a toolkit for Web Services scanning and vulnerability detection.

This tool has the following functions:

Discovery tool

By leveraging search engine this tool helps in discovering Web Services running on any particular domain or with certain name pattern.

Vulnerability detection

It is possible to enumerate and profile Web Services using this tool and one can follow it up by auto auditing (.NET only). .NET proxy gets dynamically created for audit module. One can do vulnerability scan for data type, SQL injections, LDAP/Command injections, Buffer checks, Bruteforing SOAP etc. It is also possible to leverage regex patterns for SOAP analysis.

Fuzzing

This tool helps in fuzzing different Web 2.0 streams like SOAP, XML-RPC, REST, JSON etc. This module helps in assessing various different Web Services.

UDDI scan

It is possible to scan UDDI servers using this tool for footprinting and discovery of Web Services.

This tool is still in beta and they are planning to add some more features and support. Stay tuned for future releases as well.

More information and download details:

You can download wsScanner here:

wsScanner.zip

Or read more here.

Another one that has been a long time coming, but finally here it is! Nikto 2.

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

Nikto is not designed as an overly stealthy tool. It will test a web server in the shortest timespan possible, and it’s fairly obvious in log files. However, there is support for LibWhisker’s anti-IDS methods in case you want to give it a try (or test your IDS system).

Not every check is a security problem, though most are. There are some items that are “info only” type checks that look for items that may not have a security flaw, but the webmaster or security engineer may not know are present on the server. These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.

Version 2 adds a ton of enhancements, including:

• Fingerprinting web servers via favicon.ico files
• 404 error checking for each file type
• Enhanced false positive reduction via multiple methods: headers, page content, and content hashing
• Scan tuning to include or exclude entire classes of vulnerability checks
• Uses LibWhisker 2, which has its own long list of enhancements
• A “single” scan mode that allows you to craft an HTTP request manually
• Basic template engine so that HTML reports can be easily customized
• An experimental knowledge base for scans, which will allow regenerated reports and retests (future)
• Optimizations, bug fixes and more…

You can download Nikto 2 here:

nikto-current.tar.gz

Or read more here.

Quite a few people seem to be interested in this tool, so here is the latest revision – Inguma 0.0.6.

For those that don’t know, Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.

In this new version various things have been added like new modules and improvements in the existing ones. For example the Oracle modules. The Oracle payloads now uses the Cursor Injection method when possible so CREATE PROCEDURE system privilege is not needed to become DBA.

The support for InlineEgg, added in version 0.0.5.1, have been removed and a new completely free library have been added (PyShellCodeLib).

The static analysis framework OpenDis have been enhanced and now you can use the API exposed by OpenDis to write your own binary static analysis tools. As an example of the API, a tool to make binary diffs have been added. Take a look to the file $INGUMA_DIR/dis/asmdiff.py and to the README stored in the same directory.

New 5 exploits for Oracle Databases have been added and the module “sidguess” have been enhanced to retrieve the SID of the database instance from the Enterprise Manager/Database Control banner when possible.

The new modules added to the discover, gather and brute sections are the following:

• brutehttp: A brute forcer for HTTP servers.
• extip : A tool to known your external IP address. Very useful to check anonymous proxies.
• nmbstat : A tool to gather NetBIOS information.
• ipscan : A tool to make IP protocol scans. The tool check what IP protocols are enabled in the target.
• arppoison: A tool to poison target’s ARP cache

You can download Inguma 0.0.6 here:

Inguma 0.0.6

Or read more here

At last a new major release of Nmap!

If for some odd reason you don’t already know what Nmap is, it is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

The changelog shows 320 changes since 4.00 with a lot of great stuff in this release! It has a brand new GUI and results viewer (Zenmap), a scripting engine allowing you to write your own scripts for high-performance network discovery (or use one of the 40 scripts shipped with it), the 2nd generation OS detection system (now with more than a thousand fingerprints), nearly 1,500 more version detection signatures, and a lot more!

Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database.

More on Zenmap here:

Zenmap – the Nmap GUI

More information and download details:

You can download the new Nmap here:

Nmap 4.50

Or read more here.