preface
Black Hat, an annual event that brings together the world’s security elite, wrapped up in Las Vegas last week with some interesting software tools, some of which are hosted for download on GitHub.
In this article, we’ll give you a rundown of 55 software tools, some of which come with hardware, that will be available for conference announcements or major issues. These tools cover a wide range of areas, including mobile security, code auditing, encryption, data acquisition and incident response, countermeasures, hardware/embedded security, Internet of Things, malware prevention, malicious activity attack defense, network attack, network defense, reverse engineering, vulnerability assessment and network application security.
First, mobile security
DVIA-v2
Damn Vulnerable iOS App is an iOS App written in Swift. Its main goal is to provide a platform for mobile security enthusiasts, professionals or students to practice their iOS penetration testing skills without breaking the law. The bugs and solutions covered by the app are available for iOS 11. Cover these areas: the local data storage, escape detection, privilege abuse, operating, prevent hook/debugging operation, binary protection, bypassing the fingerprint/facial recognition, fishing, bypass data leakage, IPC, encryption, Web view problems, the network layer security, sensitive information in the application repair, memory, etc
For detailed introduction, installation instructions, and related software, please visit:
Github.com/prateek147/… .
Second, code audit
1. Dependency-Check
Dependency Check is a Software Composition Analysis (SCA) tool that can be used to find publicly disclosed vulnerabilities during Dependency detection. It relies on queries to the common Vulnerability Platform (CPE) to achieve this functionality. If a vulnerability is found during testing, the software generates a report with links to relevant CVE entries.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/jeremylong/… .
2. Puma Scan
Puma Scan is a based on. NET framework written software security code analysis tool, can provide real-time, continuous source code analysis support when the team is writing code. When developing with Visual Studio tools, defects are displayed in real time as spell checks and compiler warnings to prevent security bugs from being introduced into the application. Puma Scan is also integrated into the build process to provide security analysis at compile time.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/pumasecurit… .
Third, encryption technology
DeepViolet
DeepViolet is a TLS/SSL scanning tool written in Java. The tool supports script command line running and invocation from desktop graphics tools. Both methods can be used to scan the HTTPS Web server to check the trust credentials, revocation status, expiration time, and weak signature algorithm of the server certificate.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/spoofzu/Dee… .
Data acquisition and event response
1. Bro Network Security Monitor
Bro Network Security Monitor is an open source tool for Network Security monitoring with a history of 15 years. It is a comprehensive platform for Network traffic analysis and can ensure Network Security in a variety of environments. Its user base includes universities, research LABS, supercomputing centers, and the open science community.
For details, installation instructions, and related software, visit github.com/bro/bro.
2. CyBot
CyBot is an open source BOT focused on cyber security threat intelligence that helps users do research, aggregate information, and even take notes. Most organizations and businesses tend to design bots for their own use and use them only internally. The original intention of the project was to build a reusable BOT design, using free and open source frameworks, cheap raspberry Pi(and even virtual machines), to support everyone and groups of people who were interested, from home users to the largest secure operation center.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/CylanceSPEA… .
3. LogonTracer
LogonTracer is an analysis tool that analyzes Window active directory event logs to investigate malicious logins. It consolidates the host name (or IP address) and account name information associated with the login event into a single interface, producing visual results that users can easily see at a glance.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/JPCERTCC/Lo… .
4. Rastrea2r
Rastrea2r is an open source tool for multiple platforms that allows operational and SOC analysts to audit suspicious systems and search for attack indicators (IOC) on hundreds of terminals in just a few minutes. Rastrea2r supports the execution of Sysinternals, system commands, and other third-party tools across multiple terminals to analyze and gather noteworthy information in remote systems, including memory dumps, and then use the output for automatic or manual analysis. Using client/server RESTful apis, Rastrea2r can also search for iocs on disk and in memory on multiple systems based on YARA rules. It can also be used as a command line tool integrated into McAfee ePO as well as other AV consoles and business process tools, allowing operational and SOC analysts to gather evidence and look for iocs.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/rastrea2r/r… .
5. RedHunt Linux Distribution (VM)
The RedHunt Linux branch is a dedicated virtual machine system designed to simulate attacks and search for threats. RedHunt aims to improve users’ efficiency in identifying and addressing security risks by integrating a variety of attack and defense tools to provide a one-stop environment for related operations.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/redhuntlabs… .
5. Countermeasures
1. AVET
The AVET(AntiVirus Tool) is an anti-virus Tool that is designed to help testers deconstruct virus files and develop specific anti-virus solutions.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/govolution/… .
2. DockerSecurityPlayground
DockerSecurityPlayground is an application designed to test penetration and network security. It is very flexible, allowing users to create, visually edit, and manage running/stopping all Docker-Compose projects.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/giper45/Doc… .
3. hideNsneak
HideNsneak provides a user interface to help penetration testers manage attack tools for rapid deployment, management, and implementation of a variety of services, including virtual machines, domain presets, Cobalt Strike, API gateways, and firewalls.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/rmikehodges… .
4. Merlin (BETA)
Merlin is a cross-platform HTTP/2 command & control server and proxy written in Golang.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/Ne0nd0g/mer… .
5. RouterSploit
RouterSploit is an open source development framework for embedded devices. It contains multiple modules to aid penetration testing, supporting development, credential setup, scanner, workload, execution, and more.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/threat9/rou… .
Hardware/embedded security
1. ChipWhisperer
ChipWhisperer is an open source kit for hardware security research, containing several open source components: hardware – schematic and PCB layout available for free; Firmware — open source firmware for on-board USB controllers and FPGas for high-speed fetching capabilities: Software — includes a fetching program that controls the hardware and profiler programs to process the captured data.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/newaetech/c… .
2. JTAGulator
Debugging on chip (OCD) interfaces provide chip-level control of target devices, and are the main way engineers, researchers, and hackers use to extract program code or data, modify the contents of memory, or alter device operations. Depending on the complexity of the target device, manually locating available OCD connections can be difficult and time-consuming, sometimes requiring physical destruction or modification of the device. JTAGulator is an open source hardware tool that can be used to identify OCD connections at test points, through holes, or component pads on target devices.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/grandideast… R.
3. MicroRenovator
MicroRenovator provides a mechanism for deploying processor microcode, independent of updates provided by the manufacturer and operating system, by adding custom EFI startup scripts that load microcode before the operating system runs so that the operating system kernel can detect the updated microcode and enable it to fix ghost vulnerabilities.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/syncsrc/Mic… .
4. TumbleRF
TumbleRF is an RF fuzzy-testing framework for building applications for RF fuzzy-testing. Fuzzy testing is a powerful method to enumerate errors in software systems, and related technologies are widely used in wireless software and hardware systems, deriving many tools. TumbleRF is one of them, aiming to unify RF fuzziness testing by providing apis for multiple protocols, wireless transports and drivers.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/riverloopse… .
5. Walrus
Walrus is an Android app for contactless card cloning devices. With a neat interface similar to Google Pay, it can read card information and store it in a wallet for later writing or emulating.
Designed for physical device security evaluators, Walrus supports a variety of basic tasks, such as card reading, writing, and emulation, as well as device-specific functions, such as antenna tuning and device configuration. More advanced features, such as location markers, make it easy to work with multiple targets, while batch reads allow information from multiple cards to be secretly read as they approach the target.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/TeamWalrus/… .
7. Internet of Things
1. DECAF
DECAF(Dynamic Executable Code Analysis Framework) is a binary data Analysis platform based on QEMU, and is also the basis of DroidScope Dynamic Android malware Analysis platform. Support: Real-time VM internal audit, precise and non-destructive kernel contamination, event-driven programming interfaces, and dynamic device management.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/sycurelab/D… .
2. BLE CTF
BLE CTF can help users learn the core concepts of Bluetooth low-power client and server interaction and further understand how to hack bluetooth links.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/hackgnar/bl… .
3. WHID Injector
The WHID injector allows you to send typed information to the target machine over Wi-Fi. The target recognizes Ducky as a standard HID keyboard and serial port, allowing remote execution of interactive commands and scripts on the target.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/whid-inject… .
8. Malware prevention
1. MLsploit
MLsploit provides a flexible Web machine learning platform that provides machine learning services (MLaaS) for security practitioners. It provides a machine learning (ML) channel for building and tuning models, and a portal for demonstrating machine learning-based countermeasures.
For detailed introduction, installation instructions, and related software, visit github.com/intel/Resil… .
2. EKTotal
EKTotal is an integrated analytics tool that can be used to automatically analyze traffic from drive-by Download attacks. The software toolkit recognizes four types of vulnerability attack tools, such as RIG and Magnitude, and more than a dozen typical attacks, including Seamless and Fobos. EKTotal can also extract vulnerable code and malware. The heuristic analysis engine it uses is based on data from vulnerability toolkit tracking studies since 2017. EKTotal also provides a user-friendly Web interface and powerful automated analytics capabilities to assist SOC operators, CSIRT members and researchers.
For detailed introduction, installation instructions, and related software, visit github.com/nao-sec/ekt… .
3. Firmware Audit (fwaudit)
Firmware Audit(Fwaudit) is a platform Firmware test application that tests and collects diagnostic and security information about system Firmware, date, and hash output for forensics and event response.
For detailed introduction, installation instructions, and related software, visit github.com/PreOS-Secur… .
4. Malice
Malice aims to be a free, open source version of VirusTotal, available to everyone from independent researchers to Fortune 500 companies.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/maliceio/ma… .
5. Objective-See
As Macs became more popular, OS X malware became more common. And the current Mac security and antivirus software is not enough. Objective-see aims to provide simple and effective OS X security tools, free forever.
For detailed introduction, installation instructions, and related software, visit github.com/objective-s… .
Nine, malicious activities attack and defense
1. BloodHound
BloodHound is a standalone Javascript Web application, built on Linkurious and compiled using Electron, where the Neo4j database is provided by PowerShell ingestor.
BloodHound uses graphical analysis to uncover unexpected hidden relationships in Active Directory environments. Attackers can use BloodHound to easily identify highly complex attack paths, while defenders can use BloodHound to identify and eliminate those same attack paths. Both sides can use BloodHound to gain insight into permission relationships in an Active Directory environment.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/BloodHoundA… .
10. Cyber attacks
1. Armory
Armory is a tool for extracting external and identity data from a variety of tools, adding it to a database and correlating related information. It is not used to replace a specific tool, but to capture tool information to support other tools.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/depthsecuri… .
2. Chiron
Chiron is an advanced IPv6 security assessment and penetration testing framework written in Python and using Scapy. Contains modules: IPv6 scanners, IPv6 local links, ipv4-to-ipv6 proxies, IPv6 attack modules, and IPv6 proxies. The main advantage of this tool over other tools is that it allows users to easily create arbitrary IPv6 header chains by using various types of IPv6 extension headers.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/aatlasis/Ch… .
3. DELTA
DELTA is a penetration testing framework that generates attack scenarios for different test objects. The framework also supports the ability to find unknown security issues in SDN through fuzzy testing techniques.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/OpenNetwork… .
4. Mallet
Mallet is a tool for creating proxies for any protocol that is more versatile than the usual Web proxy equivalents.
Mallet is built on the Netty framework and relies heavily on the Netty channel concept to support graphing. In the Netty world, handlers provide frame framing (where messages start and end), protocol decoding, and encoding (converting byte streams into Java objects and back again; Or convert a byte stream to a different byte stream — similar to compression and decompression) and higher-level logic. By carefully separating the codecs from the handlers that actually manipulate the messages, Mallet can benefit from a large library of existing codecs without implementing many protocols.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/sensepost/m… .
5. PowerUpSQL
PowerUpSQL is a PowerShell toolkit used to attack SQL servers. It supports SQL server discovery, weak configuration audit, rights raising, and operations after obtaining permissions, such as OS command execution. The toolkit is used for internal penetration testing, in addition to allowing administrators to quickly count SQL servers in their ADS domain and perform common threat search tasks related to SQL servers.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/NetSPI/Powe… .
6. WarBerryPi
WarBerryPi is a hardware-built device for internal security testing, enabling as much information as possible in a short amount of time. Users just need to find a network port and plug in their device. WarBerryPi detects network signals with accompanying scripts.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/secgroundze… .
11. Cyber defense
1. ANWI
ANWI is a new wireless intrusion detection tool built on a low-cost Wi-Fi module (ESP8266) that can be deployed around the perimeter of the area to be detected. Helps organizations and enterprises that cannot afford expensive WIDS solutions to secure their networks completely at a low cost.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/SanketKarpe… .
2. CHIRON
CHIRON is a tool for network security analysis, built on the ELK stack and used in conjunction with machine learning threat detection framework AKTAION. CHIRON supports parsing and displaying data from P0f, Nmap, and BRO IDS. Designed for the home environment, users can better understand home Internet devices (Internet of Things, computers, phones, tablets, etc.). CHIRON’s integration with AKTAION helps users detect vulnerabilities, ransomware, phishing and other cyber security risks in their home Internet environment.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/jzadeh/chir… .
3. Cloud Security Suite (cs-suite)
CS Suite is a one-stop tool for auditing the security of AWS infrastructure. Using existing open source tools, CS Suite supports simple installation of Python virtual environments and Docker containers, a one-time startup of all tools and auditing capabilities, AWS security auditing, and AWS use case design
For detailed introduction, installation instructions, and related software, please visit:
Github.com/SecurityFTW… .
4. DejaVU
DejaVu is an open source fraud software framework that can be used to deploy decoys to test security. Users can use it to deploy multiple interactive decoys (HTTP server, SQL, SMB, FTP, SSH, NBNS) on networks of different vlans. To simplify the administration of decoys, the open source framework provides a Web-based platform that can be used to efficiently deploy, manage, and configure all decoys from a centralized console. The records and alerts dashboard displays the details of the generated alerts and can be further configured to handle them.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/bhdresh/Dej… .
5. DataSploit 2.0
DataSploit is an assistive tool for processing open Source Intelligence (OSINT) that supports:
- Retrieve OSINT by domain name/email/username/phone and find information from different sources.
- The relationship between the associated results is displayed in a uniform manner.
- Find credentials associated with the target, such as API-key, token, subdomain, domain history, old entry, and so on.
- Automatic collection of OSInts using specific scripts for specific data.
- Perform an active scan of the collected data.
- Generate HTML, JSON reports, and text files.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/DataSploit/… T.
6. Dradis
Dradis is an open source collaboration and report writing framework for information security teams. Has the following features:
- Sharing information effectively;
- Easy to use and deploy;
- Flexible and simple extension interface;
- Compact, portable, mobile and operating system independent.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/dradis/drad… .
Reverse engineering
1. Snake
Snake is a malware storage container that centrally stores malicious samples and seamlessly integrates with other security research software, providing security analysts with useful information to quickly select the best tool for the task at hand. Written in Python and built on Tornado and MongoDB, Snake offers everything from static analysis to interaction with external services.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/countercept… .
2. GRFICS
GRFICS is a graphical implementation framework for industrial control simulation that uses Unity 3D game engine graphics to lower the barriers to entry in the field of industrial control system security. GRFICS provides users with a complete virtual industrial control System (ICS) network that supports the implementation of common attacks, including command injection, man-in-the-middle and buffer overflows, and displays the impact of attacks in 3D visualization. Users can also practice their defenses by isolating networks with their powerful firewall rules or writing intrusion detection rules.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/djformby/GR… .
13. Vulnerability assessment
1. ART
ART is a machine learning tool library for network security attack and defense, aiming to help engineers quickly build and analyze machine learning models for network attack and defense learning. At the same time, it also provides a variety of implementation methods for attack and defense.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/IBM/adversa… .
2. Archery
Archery is an open source vulnerability assessment and management tool that helps developers scan and manage vulnerabilities. It uses major open source tools to perform a comprehensive scan of Web applications and networks, and also supports dynamic validation scans of Web applications. Developers can also use the tool to implement a DevOps CI/CD environment.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/archerysec/… .
3. Boofuzz
Boofuzz is an offshoot and successor of the Sulley fuzzy testing framework. In addition to fixing many bugs, Boofuzz also improves scalability. The main features are as follows:
- Easy and fast data generation;
- The instrument panel supports AKA fault detection;
- [Fixed] Target reset after failure
- Record test data;
- Online documentation;
- Support for any communication medium;
- Built-in support for serial fuzzy testing, Ethernet, IP layer and UDP broadcast;
- Better recording of test data — consistent, thorough, and clear;
- The test results were exported by CSV.
- Scalable instrumentation/fault detection;
- Convenient installation experience;
For detailed introduction, installation instructions, and related software, please visit:
Github.com/jtpereyda/b… .
4. BTA
BTA is an open source Active Directory security audit framework designed to help auditors capture the following information:
- Permissions for target objects (computers, user accounts, and so on);
- Access permission to mailbox;
- Account information with domain administrator rights;
- Extended permission information.
For detailed introduction, installation instructions, and related software, visit github.com/airbus-secl… .
5. Deep Exploit
DeepExploit is a fully automated penetration testing tool linked to Metasploit. Deepexploits identifies the status of all open ports on the target server and uses machine learning to attack the vulnerability in a precise manner. Its main characteristics are as follows: efficient vulnerability utilization, deep penetration, self-learning and short training time.
For detailed introduction, installation instructions, and related software, visit github.com/13o-bbr-bbq… .
6. Halcyon IDE
Halcyon IDE helps users quickly and easily develop Nmap scripts to perform advanced scans on applications and infrastructures. It is the first IDE to be developed and released specifically for Nmap scripting, providing a simpler development interface for the information security community worldwide.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/s4n7h0/Halc… .
7. TROMMEL
TROMMEL can be used to filter embedded device files to identify potentially vulnerable indicators. Supports the following indicators:
- Secure Shell(SSH) key files
- Secure Sockets Layer (SSL) key file;
- Internet Protocol (IP) addresses;
- Uniform Resource Locator (URL);
- Email address;
- A shell script;
- Web server binaries;
- Configuration file;
- Database file;
- Specific binaries (i.e., Dropbear, BusyBox, etc.);
- Share object library files;
- Web application script variables;
- Android Application Package (APK) file permissions.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/CERTCC/trom… .
Network application security
1. ModSecurity
ModSecurity is a Web application firewall engine that supports user-defined configurations and rules. Trustwave’s SpiderLabs offers ModSecurity™2.x rules pack for free.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/SpiderLabs/… .
2. Astra
API penetration testing is becoming increasingly complex as more and more existing apis and new ones are added. Astra can be used in the development process by security engineers or developers who can detect and patch vulnerabilities early in the development cycle. Astra automatically detects and tests login and logout (the Authentication API), so anyone can easily integrate it into the CICD channel.
For detailed introduction, installation instructions, and related software, visit github.com/flipkart-in… .
3. Replicator
Replicator is a Burp extension that helps developers reproduce penetration testing problems. The penetration tester generates a Replicator file containing the report’s conclusions. The tester sends the Replicator file to the client, opens it in Burp, and replicates the problem.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/PortSwigger… .
4. OWASP OWTF
WASP OWTF is a Web testing framework that focuses on security standards such as penetration and security testing, OWASP testing (V3 and V4), OWASP Top 10, PTES, and NIST. The tool is highly configurable, and anyone can easily create simple plug-ins or add new tests in a configuration file without requiring any development experience.
For details, installation instructions, and related software, visit github.com/owtf/owtf.
5. OWASP JoomScan
OWASP JoomScan is a vulnerability scanner designed to automate vulnerability detection and reliability verification services in Joomla CMS deployments. The tool is implemented in Perl and can easily scan Joomla installations. It can detect not only known offensive vulnerabilities, but also a variety of misconfiguration and management-level flaws that can be exploited by attackers to undermine systems. In addition, OWASP JoomScan provides a user-friendly interface and outputs the final report in both text and HTML format.
OWASP JoomScan is included with the Kali Linux distribution.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/rezasp/joom… .
6. WSSAT
WSSAT is an open source Web services security scanning tool that provides a dynamic environment to add, update, or remove vulnerabilities by editing configuration files. The tool takes a LIST of WSDL addresses as an input file and tests for security vulnerabilities both statically and dynamically for each service. The tool allows users to analyze all Web services in real time and view overall security assessments.
For detailed introduction, installation instructions, and related software, please visit:
Github.com/YalcinYolal… .
Original: http://www.freebuf.com/news/181143.html