Wifite2 - Rewrite of the popular wireless network auditor, "wifite"

A complete re-write of wifite, a Python script for auditing wireless networks.

What's new?

• Lots of files instead of "one big script".
• Cleaner process management -- No longer leaves processes running in the background.
• UX: Target access points are refreshed every second instead of every 5 seconds.
• UX: Displays realtime Power level (in db) of currently-attacked target

What's not new?

• Backwards compatibility with the original wifite's arguments.
• Same text-based interface everyone knows and loves.

Full Feature List

• Reaver Pixie-Dust attack (--pixie)
• Reaver WPS PIN attack (--reaver)
• WPA handshake capture (--no-reaver)
• Validates handshakes against pyrit, tshark, cowpatty, and aircrack-ng
• Various WEP attacks (replay, chopchop, fragment, etc)
• 5Ghz support for wireless cards that support 5ghz (use -5 option)
• Stores cracked passwords and handshakes to the current directory, with metadata about the access point (via --cracked command).
• Decloaks hidden access points when channel is fixed (use -c option)
• Provides commands to crack captured WPA handshakes (via --crack command)

Support

Wifite2 is designed entirely for the latest version of Kali Rolling release (tested on Kali 2016.2, updated May 2017).

This means only the latest versions of these programs are supported: Aircrack-ng suite, wash, reaver, tshark, cowpatty.

Other pen-testing distributions (such as BackBox) have outdated versions of these suites; these distributions are not supported.

Installing & Running

git clone https://github.com/derv82/wifite2.git

cd wifite2

./Wifite.py -c 1

Usage:

• Download

Read More

BloodHound - Six Degrees of Domain Admin

BloodHound is a single page Javascript web application, built on top of Linkurious, compiled with http://electron.atom.io/, with a Neo4j database fed by a PowerShell ingestor.

BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment.

• Demo
• Download

Read More

Spaghetti - Web Application Security Scanner

Spaghetti is a web application security scanner tool. It is designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment.

Installation

$ git clone https://github.com/m4ll0k/Spaghetti.git

$ cd Spaghetti 

$ pip install -r requirements.txt

$ python spaghetti.py --help

Features

• Fingerprints
• Server
• Web Frameworks (CakePHP,CherryPy,Django,...)
• Web Application Firewall (Waf) (Cloudflare,AWS,Barracuda,...)
• Content Management System (CMS) (Drupal,Joomla,Wordpress,Magento)
• Operating System (Linux,Unix,Windows,...)
• Language (PHP,Ruby,Python,ASP,...)

Dicovery:

• Apache
• Apache (mod_userdir)
• Apache (mod_status)
• Apache multiviews
• Apache xss
• Broken Auth./Session Management
• Admin Panel
• Backdoors
• Backup Directory
• Backup File
• Common Directory
• Common File
• Log File
• Disclosure
• Emails
• IP
• Injection
• HTML
• SQL
• LDAP
• XPath
• XSS
• RFI
• PHP Code
• Other
• Allow Methods
• HTML Object
• Multiple Index
• Robots Paths
• Cookie Security
• Vulns
• ShellShock
• Struts-Shock

Usage:

python spaghetti.py --url target.com --scan 0 --random-agent --verbose

python spaghetti.py --url target.com --scan 1 --random-agent --verbose

Download Source

Read More