Jan 31 2024

Wireshark Pen Tester Guide

Category: Information Security,Pen Testdisc7 @ 7:51 am

WireShark Cheat Sheet

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: wireshark


Jan 30 2024

Faction: Open-source pentesting report generation and collaboration framework

Category: Pen Testdisc7 @ 8:49 am

Josh Summitt, the creator of Faction, has always disliked the process of writing reports, preferring to focus on uncovering bugs. A key frustration for him was the redundant step of using a separate note-taking app for storing screenshots and findings before compiling the final report.

He envisioned an integrated solution where the report generation tool would serve as the note-taking platform, incorporating all the standard templates typically used in reports. He hopes Faction will help others save time, reduce stress, and improve their information security workflow.

“I built Faction to be extendable in ways like you would extend BurpSuite. It’s designed to be flexible and extended to fit seamlessly in any environment. It is easy for internal teams to build and support their small modules versus a large code base. In addition, I hope the project will get a growing list of prebuilt modules developed by the community to expand capabilities without requiring internal development,” Summitt told Help Net Security.

Faction features

With Faction, you can:

  • Streamline penetration testing and security assessment reporting through automation.
  • Facilitate peer review and monitor modifications in reports.
  • Design docx templates for various assessments and follow-up retests.
  • Collaborate in real-time with assessors using the web application and extensions for Burp Suite.
  • Utilize adaptable vulnerability templates featuring 75 pre-filled options.
  • Oversee assessment teams and monitor organizational progress.
  • Monitor the remediation of vulnerabilities with tailored SLA warnings and notifications.
  • Leverage a comprehensive Rest API for seamless integration with other tools.

Other features:

  • LDAP, OAuth 2.0 and SMTP Integration.
  • Extendable with Custom Plugins similar to Burp Extender.
  • Custom Report Variables.

Future plans

The developer is currently working on enhancing the extendability of Faction by introducing a full app store, reminiscent of those found in platforms like Slack and Burp. This expansion will allow for the inclusion of additional features such as custom UI elements.

“Faction has had a strong focus on penetration testing from an application security mindset. I want to expand that to be more Red and Blue Team inclusive. Not that it won’t work for these teams out of the box but it could be more flexible,” Summitt added.

Faction is available for free on GitHub.

More open-source tools to consider:

Burp Suite Cookbook: Web application security made easy with Burp Suite

To explore Pen Testing

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Pen testing, Pen testing report


Jan 15 2024

Network Penetration Testing Checklist – 2024

Category: Pen Testdisc7 @ 9:18 am

Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering open ports, troubleshooting live systems, and services, and grabbing system banners.

The pen-testing helps the administrator close unused ports, add additional services, hide or customize banners, troubleshoot services, and calibrate firewall rules.

You should test in all ways to guarantee there is no security loophole.

Network penetration testing, also known as ethical hacking or white-hat hacking, is a systematic process of evaluating the security of a computer network infrastructure.

The goal of a network penetration test is to identify vulnerabilities and weaknesses in the network’s defenses that malicious actors could potentially exploit.

Network penetration testing is a critical process for evaluating the security of a computer network by simulating an attack from malicious outsiders or insiders. Here is a comprehensive checklist for conducting network penetration testing:

Pre-Engagement Activities

  1. Define Scope: Clearly define the scope of the test, including which networks, systems, and applications will be assessed.
  2. Get Authorization: Obtain written permission from the organization’s management to conduct the test.
  3. Legal Considerations: Ensure compliance with all relevant laws and regulations.
  4. Set Objectives: Establish what the penetration test aims to achieve (e.g., identifying vulnerabilities, testing incident response capabilities).
  5. Plan and Schedule: Develop a testing schedule that minimizes impact on normal operations.

Reconnaissance

  1. Gather Intelligence: Collect publicly available information about the target network (e.g., via WHOIS, DNS records).
  2. Network Mapping: Identify the network structure, IP ranges, domain names, and accessible systems.
  3. Identify Targets: Pinpoint specific devices, services, and applications to target during the test.

Threat Modeling

  1. Identify Potential Threats: Consider possible threat actors and their capabilities, objectives, and methods.
  2. Assess Vulnerabilities: Evaluate which parts of the network might be vulnerable to attack.

Vulnerability Analysis

  1. Automated Scanning: Use tools to scan for known vulnerabilities (e.g., Nessus, OpenVAS).
  2. Manual Testing Techniques: Perform manual checks to complement automated tools.
  3. Document Findings: Keep detailed records of identified vulnerabilities.

Exploitation

  1. Attempt Exploits: Safely attempt to exploit identified vulnerabilities to gauge their impact.
  2. Privilege Escalation: Test if higher levels of access can be achieved.
  3. Lateral Movement: Assess the ability to move across the network from the initial foothold.

Post-Exploitation

  1. Data Access and Exfiltration: Evaluate what data can be accessed or extracted.
  2. Persistence: Check if long-term access to the network can be maintained.
  3. Cleanup: Remove any tools or scripts installed during the testing.

Analysis and Reporting

  1. Compile Findings: Gather all data, logs, and evidence.
  2. Risk Assessment: Analyze the risks associated with the identified vulnerabilities.
  3. Develop Recommendations: Propose measures to mitigate or eliminate vulnerabilities.
  4. Prepare Report: Create a detailed report outlining findings, risks, and recommendations.

Review and Feedback

  1. Present Findings: Share the report with relevant stakeholders.
  2. Discuss Remediation Strategies: Work with the IT team to discuss ways to address vulnerabilities.
  3. Plan for Re-Testing: Schedule follow-up tests to ensure vulnerabilities are effectively addressed.

Continuous Improvement

  1. Update Security Measures: Implement the recommended security enhancements.
  2. Monitor for New Vulnerabilities: Regularly scan and test the network as new threats emerge.
  3. Educate Staff: Train staff on new threats

and security best practices.

Tools and Techniques

  1. Select Tools: Choose appropriate tools for scanning, exploitation, and analysis (e.g., Metasploit, Wireshark, Burp Suite).
  2. Custom Scripts and Tools: Sometimes custom scripts or tools are required for specific environments or systems.

Ethical and Professional Conduct

  1. Maintain Confidentiality: All findings should be kept confidential and shared only with authorized personnel.
  2. Professionalism: Conduct all testing with professionalism, ensuring no unnecessary harm is done to the systems.

Post-Engagement Activities

  1. Debrief Meeting: Conduct a meeting with the stakeholders to discuss the findings and next steps.
  2. Follow-Up Support: Provide support to the organization in addressing the vulnerabilities.

Documentation and Reporting

  1. Detailed Documentation: Ensure that every step of the penetration test is well-documented.
  2. Clear and Actionable Reporting: The final report should be understandable to both technical and non-technical stakeholders and provide actionable recommendations.

Compliance and Standards

  1. Adhere to Standards: Follow industry standards and best practices (e.g., OWASP, NIST).
  2. Regulatory Compliance: Ensure the testing process complies with relevant industry regulations (e.g., HIPAA, PCI-DSS).

Final Steps

  1. Validation of Fixes: Re-test to ensure vulnerabilities have been properly addressed.
  2. Lessons Learned: Analyze the process for any lessons that can be learned and applied to future tests.

Awareness and Training

  1. Organizational Awareness: Increase awareness about network security within the organization.
  2. Training: Provide training to staff on recognizing and preventing security threats.

By following this checklist, organizations can conduct thorough and effective network penetration tests, identifying vulnerabilities and strengthening their network security posture.

Let’s see how we conduct step-by-step Network penetration testing using famous network scanners.

1. Host Discovery

Footprinting is the first and most important phase where one gathers information about their target system.

DNS footprinting helps to enumerate DNS records like (A, MX, NS, SRV, PTR, SOA, and CNAME) resolving to the target domain.

  • A – A record is used to point the domain name such as gbhackers.com to the IP address of its hosting server.
  •  MX – Records responsible for Email exchange.
  • NS – NS records are to identify DNS servers responsible for the domain.
  • SRV – Records to distinguish the service hosted on specific servers.
  • PTR – Reverse DNS lookup, with the help of IP you can get domains associated with it.
  • SOA – Start of record, it is nothing but the information in the DNS system about DNS Zone and other DNS records.
  • CNAME – Cname record maps a domain name to another domain name.

We can detect live hosts, and accessible hosts in the target network by using network scanning tools such as Advanced IP scanner, NMAP, HPING3, and NESSUS.

Ping&Ping Sweep:

  • root@kali:~# nmap -sn 192.168.169.128
  • root@kali:~# nmap -sn 192.168.169.128-20 To ScanRange of IP
  • root@kali:~# nmap -sn 192.168.169.* Wildcard
  • root@kali:~# nmap -sn 192.168.169.128/24 Entire Subnet

Whois Information 

To obtain Whois information and the name server of a website

root@kali:~# whois testdomain.com

  1. http://whois.domaintools.com/
  2. https://whois.icann.org/en

Traceroute

Network Diagonastic tool that displays route path and transit delay in packets

root@kali:~# traceroute google.com

Online Tools

  1. http://www.monitis.com/traceroute/
  2. http://ping.eu/traceroute/

2. Port Scanning

Perform port scanning using Nmap, Hping3, Netscan tools, and Network monitor. These tools help us probe a server or host on the target network for open ports.

Open ports allow attackers to enter and install malicious backdoor applications.

  • root@kali:~# nmap –open gbhackers.com            
  • To find all open ports root@kali:~# nmap -p 80 192.168.169.128          
  • Specific Portroot@kali:~# nmap -p 80-200 192.168.169.128  
  • Range of ports root@kali:~# nmap -p “*” 192.168.169.128          

Online Tools

  1. http://www.yougetsignal.com/
  2. https://pentest-tools.com/information-gathering/find-subdomains-of-domain

3. Banner Grabbing/OS Fingerprinting

Perform banner grabbing or OS fingerprinting using tools such as Telnet, IDServe, and NMAP to determine the operating system of the target host.

Once you know the version and operating system of the target, you need to find the vulnerabilities and exploit them. Try to gain control over the system.

root@kali:~# nmap -A 192.168.169.128
root@kali:~# nmap -v -A 192.168.169.128 with high verbosity level

IDserve is another good tool for banner grabbing.

Online Tools

  1. https://www.netcraft.com/
  2. https://w3dt.net/tools/httprecon
  3. https://www.shodan.io/

4. Scan For Vulnerabilities

Scan the network using vulnerabilities using GIFLanguard, Nessus, Ratina CS, SAINT.

These tools help us find vulnerabilities in the target system and operating systems. With these steps, you can find loopholes in the target network system.

GFILanguard

It acts as a security consultant and offers patch management, vulnerability assessment, and network auditing services.

Nessus

Nessus is a vulnerability scanner tool that searches for bugs in the software and finds a specific way to violate the security of a software product.

  • Data gathering.
  • Host identification.
  • Port scan.
  • Plug-in selection.
  • Reporting of data.

5. Draw Network Diagrams

Draw a network diagram about the organization that helps you to understand the logical connection path to the target host in the network.

The network diagram can be drawn by LANmanager, LANstate, Friendly pinger, and Network View.

6. Prepare Proxies

Proxies act as an intermediary between two networking devices. A proxy can protect the local network from outside access.

With proxy servers, we can anonymize web browsing and filter unwanted content, such as ads.

Proxies such as Proxifier, SSL Proxy, Proxy Finder, etc., are used to hide from being caught.

6. Document All Findings

The last and very important step is to document all the findings from penetration testing.

This document will help you find potential vulnerabilities in your network. Once you determine the vulnerabilities, you can plan counteractions accordingly.

You can download the rules and scope Worksheet here – Rules and Scope sheet 

Thus, penetration testing helps assess your network before it gets into real trouble that may cause severe loss in value and finance.

Important Tools Used For Network Pentesting

Frameworks

Kali Linux, Backtrack5 R3, Security Onion

Reconnaisance

Smartwhois, MxToolbox, CentralOps, dnsstuff, nslookup, DIG, netcraft

Discovery

Angry IP scanner, Colasoft ping tool, nmap, Maltego, NetResident,LanSurveyor, OpManager

Port Scanning

Nmap, Megaping, Hping3, Netscan tools pro, Advanced port scannerService Fingerprinting Xprobe, nmap, zenmap

Enumeration

Superscan, Netbios enumerator, Snmpcheck, onesixtyone, Jxplorer, Hyena, DumpSec, WinFingerprint, Ps Tools, NsAuditor, Enum4Linux, nslookup, Netscan

Scanning

Nessus, GFI Languard, Retina, SAINT, Nexpose

Password Cracking

Ncrack, Cain & Abel, LC5, Ophcrack, pwdump7, fgdump, John The Ripper,Rainbow Crack

Sniffing

Wireshark, Ettercap, Capsa Network Analyzer

MiTM Attacks

Cain & Abel, Ettercap

Exploitation

 Metasploit, Core Impact

You should concentrate on These most important checklists with Network Penetration Testing.

Network Penetration Testing with Nmap

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Network Penetration Testing, Network Penetration Testing with Nmap


Jan 06 2024

Red Team Guide

Category: Information Security,Pen Testdisc7 @ 9:59 am

Red Team Guide by Hadess

RTFM – Red Team Field Manual

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Red team, Rtfm


Oct 26 2023

Most Important Network Penetration Testing Checklist

Category: Cheat Sheet,Information Security,Pen Testdisc7 @ 9:25 am

Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering Open ports, troubleshooting live systems, and services, and grabbing system banners.

The pen-testing helps the administrator to close unused ports, additional services, Hide or customize banners, troubleshoot services, and to calibrate firewall rules.

You should test in all ways to guarantee there is no security loophole.

Network penetration testing, also known as ethical hacking or white-hat hacking, is a systematic process of evaluating the security of a computer network infrastructure.

The goal of a network penetration test is to identify vulnerabilities and weaknesses in the network’s defenses that malicious actors could potentially exploit.

Let’s see how we conduct step-by-step Network penetration testing by using some famous network scanners.

1. Host Discovery

Footprinting is the first and most important phase where one gathers information about their target system.

DNS footprinting helps to enumerate DNS records like (A, MX, NS, SRV, PTR, SOA, and CNAME) resolving to the target domain.

  • A – A record is used to point the domain name such as gbhackers.com to the IP address of its hosting server.
  •  MX – Records responsible for Email exchange.
  • NS – NS records are to identify DNS servers responsible for the domain.
  • SRV – Records to distinguish the service hosted on specific servers.
  • PTR – Reverse DNS lookup, with the help of IP you can get domains associated with it.
  • SOA – Start of record, it is nothing but the information in the DNS system about DNS Zone and other DNS records.
  • CNAME – Cname record maps a domain name to another domain name.

We can detect live hosts, and accessible hosts in the target network by using network scanning tools such as Advanced IP scanner, NMAP, HPING3, and NESSUS.

Ping&Ping Sweep:

root@kali:~# nmap -sn 192.168.169.128root@kali:~# nmap -sn 192.168.169.128-20 To ScanRange of IProot@kali:~# nmap -sn 192.168.169.* Wildcardroot@kali:~# nmap -sn 192.168.169.128/24 Entire Subnet

Whois Information 

To obtain Whois information and the name server of a websiteroot@kali:~# whois testdomain.com

  1. http://whois.domaintools.com/
  2. https://whois.icann.org/en

Traceroute

Network Diagonastic tool that displays route path and transit delay in packetsroot@kali:~# traceroute google.com

Online Tools

  1. http://www.monitis.com/traceroute/
  2. http://ping.eu/traceroute/

2. Port Scanning

Perform port scanning using tools such as Nmap, Hping3, Netscan tools, and Network monitor. These tools help us to probe a server or host on the target network for open ports.

root@kali:~# nmap –open gbhackers.com             To find all open ports

root@kali:~# nmap -p 80 192.168.169.128           Specific Port

root@kali:~# nmap -p 80-200 192.168.169.128   Range of ports

root@kali:~# nmap -p “*” 192.168.169.128          To scan all ports

Online Tools

  1. http://www.yougetsignal.com/
  2. https://pentest-tools.com/information-gathering/find-subdomains-of-domain

3. Banner Grabbing/OS Fingerprinting

Perform banner Grabbing/OS fingerprinting such as Telnet, IDServe, and NMAP determines the operating system of the target host and the operating system.

Once you know the version and operating system of the target, you need to find the vulnerabilities and exploit them. Try to gain control over the system.

root@kali:~# nmap -A 192.168.169.128root@kali:~# nmap -v -A 192.168.169.128 with high verbosity level

IDserve is another good tool for Banner Grabbing.

Networkpentesting Flowchart

Online Tools

  1. https://www.netcraft.com/
  2. https://w3dt.net/tools/httprecon
  3. https://www.shodan.io/

4. Scan For Vulnerabilities

Scan the network using Vulnerabilities using GIFLanguard, Nessus, Ratina CS, SAINT.

These tools help us find vulnerabilities in the target and operating systems. With these steps, you can find loopholes in the target network system.

GFILanguard

It acts as a security consultant and offers patch management vulnerability assessment, and network auditing services.

Nessus

Nessus is a vulnerability scanner tool that searches for bugs in software and finds a specific way to violate the security of a software product.

  • Data gathering.
  • Host identification.
  • Port scan.
  • Plug-in selection.
  • Reporting of data.

5. Draw Network Diagrams

Draw a network diagram about the organization that helps you understand the logical connection path to the target host in the network.

The network diagram can be drawn by LANmanager, LANstate, Friendly pinger, and Network View.

6. Prepare Proxies

Proxies act as an intermediary between two networking devices. A proxy can protect the local network from outside access.

With proxy servers, we can anonymize web browsing and filter unwanted content, such as ads and many others.

Proxies such as Proxifier, SSL Proxy, Proxy Finder..etc, to hide from being caught.

6. Document All Findings

The last and very important step is to document all the findings from penetration testing.

This document will help you find potential vulnerabilities in your network. Once you determine the Vulnerabilities, you can plan counteractions accordingly.

You can download the rules and scope Worksheet here: Rules and Scope sheet 

Thus, penetration testing helps assess your network before it gets into real trouble that may cause severe loss in terms of value and finance.

important tools

Important Tools Used For Network Pentesting

Frameworks

Kali Linux, Backtrack5 R3, Security Onion

Reconnaisance

Smartwhois, MxToolbox, CentralOps, dnsstuff, nslookup, DIG, netcraft

Discovery

Angry IP scanner, Colasoft ping tool, nmap, Maltego, NetResident,LanSurveyor, OpManager

Port Scanning

Nmap, Megaping, Hping3, Netscan tools pro, Advanced port scannerService Fingerprinting Xprobe, nmap, zenmap

Enumeration

Superscan, Netbios enumerator, Snmpcheck, onesixtyone, Jxplorer, Hyena,DumpSec, WinFingerprint, Ps Tools, NsAuditor, Enum4Linux, nslookup, Netscan

Scanning

Nessus, GFI Languard, Retina,SAINT, Nexpose

Password Cracking

Ncrack, Cain & Abel, LC5, Ophcrack, pwdump7, fgdump, John The Ripper,Rainbow Crack

Sniffing

Wireshark, Ettercap, Capsa Network Analyzer

MiTM Attacks

Cain & Abel, Ettercap

Exploitation

 Metasploit, Core Impact

These are the Most important checklist you should concentrate with Network penetration Testing .

Also Read:

Penetration Testing – Protecting Networks and Systems

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Network Penetration Testing Checklist


Oct 09 2023

Kali Linux Penetration Testing Tutorial: Step-By-Step Process

Category: Linux Security,Pen Testdisc7 @ 2:14 pm

Kali Linux turns 10 this year, and to celebrate, the Linux penetration testing distribution has added defensive security tools to its arsenal of open-source security tools.

It remains to be seen if Kali Purple will do for defensive open source security tools what Kali Linux has done for open source pentesting, but the addition of more than 100 open source tools for SIEMincident responseintrusion detection and more should raise the profile of those defensive tools.

For now, Kali is primarily known for its roughly 600 open source pentesting tools, allowing pentesters to easily install a full range of offensive security tools.

In this article, we’ll focus primarily on how to use this powerful OS to run a pentest and mistakes to avoid. We’ll give you an overview of what can be achieved with Kali Linux using a short selection of pre-installed tools. While this guide serves as an introduction to common pentesting phases, with practical examples that highlight best practices, it’s not a substitution for a complete professional pentesting methodology.

Table of Contents

Kali Linux Hacking: A Complete Step by Step Guide to Learn the Fundamentals of Cyber Security, Hacking, and Penetration Testing. Includes Valuable Basic Networking Concepts.

Hacking with Kali Linux: A Step By Step Guide To Ethical Hacking, Hacking Tools, Protect Your Family And Business From Cyber Attacks Using The Basics Of Cybersecurity

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Kali Linux


Oct 06 2023

Intro to shells

Category: Pen Testdisc7 @ 1:59 pm


Aug 05 2023

Open-source penetration testing tool BloodHound CE released

Category: Pen Test,Security Toolsdisc7 @ 2:17 pm

SpecterOps released version 5.0 of BloodHound Community Edition (CE), a free and open-source penetration testing solution that maps attack paths in Microsoft Active Directory (AD) and Azure (including Azure AD/Entra ID) environments. It is available for free on GitHub.

Identifying simple Attack Paths between two objects is a straightforward “search and click” exercise

This update brings many enterprise-grade usability features to BloodHound CE, like containerized deployment, REST APIs, user management, and access control. It also significantly improves performance while streamlining development allowing for faster development and incorporation of community contributions.

“The way that BloodHound Community Edition maps out Attack Paths in AD and Azure is unique – there isn’t another tool (or feature within either of those) that can find hidden and unintentional relationships to identify complex Attack Paths that attackers can exploit. After this update, the tool will offer a user experience closer to an enterprise-grade product than an open-source tool,” Andy Robbins, co-creator of BloodHound and a Principal Product Architect at SpecterOps, told Help Net Security.

The entire UI is driven via RESTful APIs and includes a full Swagger spec within the application

New features

Support for REST APIs – BloodHound CE is a three-tier application with a database, an API layer, and a web-based user interface. Users can now use REST APIs to interact with data rather than needing to write queries directly to the database.

Containerized deployment – The tool will deploy as a containerized product. This much simpler process will reduce deployment time by 80%. This also makes it easier for users with different sized environments to manipulate the resources assigned to BloodHound.

Enterprise-grade user management – This update adds built-in full multi-user support with RBAC, the ability to create and assign user roles, and support for two-factor authentication and SAML to BloodHound CE.

Protected Cypher searches – Cypher queries will include available guardrails to automatically cancel queries that will cause performance or security issues.

Reliability and performance upgrade – Routine maintenance updates will make the tool faster, more resilient, and more reliable.

More frequent updates and community contributions – These changes will allow SpecterOps to increase the rate of updates and new features added to BloodHound CE going forward and will increase the number of pull requests from the community that can be implemented.

Better community support – More similarities between BloodHound CE and BloodHound Enterprise under the hood means users will have better access to support and documentation for both.

BloodHound was created in 2016 by Rohan Vazarkar, Will Schroeder, and Andy Robbins. It has been downloaded nearly 500,000 times and has over 12,000 users in the BloodHound Community Slack. The tool has been recommended by CISA and Microsoft to help secure Microsoft Active Directory and Azure AD.

Checkout our posts on security tools

Open Source Intelligence Methods and Tools: A Practical Guide to Online Intelligence

CISSP training course

InfoSec tools | InfoSec services | InfoSec books


Jul 21 2023

12 open-source penetration testing tools you might not know about

Category: Hacking,Pen Test,Security Toolsdisc7 @ 12:19 pm

Red Siege has developed and made available many open-source tools to help with your penetration testing work.

The company plans to continue to support the tools listed below, whether in the form of bug fixes or new features. Give them a try, they’re all available on GitHub for free.

“I find joy in writing code, turning it into a logic puzzle to create powerful software tools. The satisfaction of seeing my creations in action, like EyeWitness, brings a sense of pride and saves valuable time. Motivated by the possibility of filling a software gap, I open source my creations, hoping they’ll benefit others as they did for me,” Chris Truncer, Senior Security Consultant & Director of Training, Red Siege, told Help Net Security.

AutoFunkt

AutoFunkt is a Python script for automating the creation of serverless cloud redirectors from Cobalt Strike malleable C2 profiles.

C2concealer

C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.

DigDug

Dig Dug works by appending words from a dictionary to an executable. This dictionary is appended repeatedly until the final desired size of the executable is reached. Some AV & EDR engines may measure entropy to determine if an executable is trustworthy for execution. Other vendors inspect executables for signs of null byte padding.

dumpCake

dumpCake will dump password authentication attempts to the SSH daemon. Every SSHD child process will get attached to and at the completetion of the process, the attempted passwords and connection logs will be dumped to the script.

EyeWitness

EyeWitness takes screenshots of websites, collects server header info, and identifies default credentials if possible. Saves a lot of time triaging web sites on large tests. This tool is very commonly used by penetration testers looking to sift through a long list of websites.

EDD – Enumerate Domain Data

Enumerate Domain Data is designed to be similar to PowerView but in .NET. PowerView is essentially the ultimate domain enumeration tool. This tool was largely put together by viewing implementations of different functionality across a wide range of existing projects and combining them into EDD.

GPPDeception

This script generates a groups.xml file that mimics a real GPP to create a new user on domain-joined computers. Blue teams can use this file as a honeyfile. By monitoring for access to the file, Blue Teams can detect pen testers or malicious actors scanning for GPP files containing usernames and cpasswords for lateral movment.

Just-Metadata

Just-Metadata is a tool that gathers and analyzes metadata about IP addresses. It attempts to find relationships between systems within a large dataset. It is used to gather intelligence information passively about a large number of IP addresses, and attempt to extrapolate relationships that might not otherwise be seen.

ProxmarkWrapper

ProxmarkWrapper is a wrapper around the Proxmark3 client that will send a text alert (and/or email if warranted) if a RFID card is captured.

Wappybird

Wappybird is a ultithreaded Wappalyzer CLI tool to find web technologies, with optional CSV output. You can also provide a directory and all scraped data will be saved with a subfolder per host.

WMImplant

WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines, but also as the C2 channel for issuing commands and receiving results. WMImplant requires local administrator permissions on the targeted machine.

WMIOps

WMIOps is a powershell script that uses WMI to perform a variety of actions on hosts, local or remote, within a Windows environment. It’s designed primarily for use on penetration tests or red team engagements.

Security Controls Evaluation, Testing, and Assessment Handbook

InfoSec books | InfoSec tools | InfoSec services

Tags: Open source, Penetration Testing tools


Jul 16 2023

ChatGPT Reconnaissance Techniques for Penetration Testing Success

Category: ChatGPT,Pen Testdisc7 @ 12:42 pm

ChatGPT is one of the biggest and most sophisticated language models ever made, with a massive neural network of over 175 billion parameters.

Recent research has revealed how ChatGPT for penetration testing can enable testers to achieve greater success.

ChatGPT was launched by OpenAI in November 2022, causing significant disruption in the AI/ML community.

Sophisticated email attacks are on the rise, thanks to threat actors leveraging the power of Artificial Intelligence.

However, researchers are staying one step ahead by utilizing ChatGPT for threat analysis and penetration testing.

A recently published research paper by Sheetal Tamara from the University of the Cumberlands highlights the effective use of ChatGPT in Reconnaissance.

Recently an automated penetration testing tool PentestGPT released;

ChatGPT For Penetration Testing

The ChatGPT can be used in the initial reconnaissance phase, where the penetration tester is collection detailed data about the scope of assessment.

With the help of ChatGPT, pen-testers able to obtain reconnaissance data such as Internet Protocol (IP) address ranges, domain names, network topology, vendor technologies, SSL/TLS ciphers, ports & services, and operating systems.

This research highlights how artificial intelligence language models can be used in cybersecurity and contributes to advancing penetration testing techniques.

Pentesters can obtain the organization’s IP address using the prompt (“What IP address range related information do you have on [insert organization name here] in your knowledge base?”).

This prompt would deliver the possible IP addresses used by the organization.

“What type of domain name information can you gather on [insert target website here]?”

ChatGPT could provide the list of domain names used by the organization, such as primary domains, subdomains, other domains, international domains, generic top-level domains (gTLDs), and subsidiary domains.

“What vendor technologies does [insert target website fqdn here] make use of on its website?”

Answering this question, ChatGPT will provide various technologies, such as content delivery networks (CDNs), web servers, advertising engines, analytics engines, customer relationship management (CRM), and other technologies organizations use.

“Provide a comprehensive list of SSL ciphers based on your research used by [insert target website fqdn] in pursuant to your large corpus of text data present in your knowledge base.”

ChatGPT could provide the ciphers, SSL/TLS versions, and types of TLS certificates used, also, with this question, ChatGPT above to check the encryption standard used.

“Please list the partner websites including FQDN based on your research that [insert target website here] has direct links to according to your knowledge base.”

In response to the question, ChatGPT is able to provide a list of partner websites that are directly linked.

“Provide a vendor technology stack based on your research that is used by [insert organization name here].“

This prompt would extract the include application server type, database type, operating systems, big data technologies, logging and monitoring software, and other infrastructure-related information specific to the organization.

“Provide a list of network protocols related information that is available on [insert organization name here].”

ChatGPT will return a list of network protocols the target organization uses, including HTTPS, SMTP, NTP, SSH, SNMP, and others.

The research determined that “ChatGPT has the ability to provide valuable insight into the deployment of the target organization’s technology stack as well as specific information about web applications deployed by the target organization,” reads the paper published.

“The research performed on ChatGPT required trial and error in the prompting as certain requests can either be outright rejected or may result in responses that do not contain usable data for the reconnaissance phase of a penetration test.”

Mastering Cybersecurity with ChatGPT: Harnessing AI to Empower Your Cyber CareerTable of Contents:

CISSP training course

InfoSec tools | InfoSec services | InfoSec books

Tags: AIPenetration Testing, ChatGPT, Cybersecurity with ChatGPT, Reconnaissance Techniques


Jun 08 2023

Search Engine for PenTesters

Category: Pen Testdisc7 @ 2:08 am

Search Engine For Pentesters

For Daily Updates Follow: Cyber Threat Intelligence

InfoSec tools | InfoSec services | InfoSec books

Tags: Search Engine for PenTesters


Jun 06 2023

10 Best Vulnerability Scanner Tools For Penetration Testing – 2023

Category: Pen Test,Security Toolsdisc7 @ 3:07 pm

Vulnerability Scanner Tools is one of the essential tools in IT departments Since vulnerabilities pop up every day and thus leaving a loophole for the organization.

The Vulnerability scanning tools help detect security loopholes in the application, operating systems, hardware, and network systems.

Hackers are actively looking for these loopholes to use them to their advantage. Vulnerabilities inside a network need to be identified and fixed immediately to leave your attackers at bay.

What do Vulnerability Scanner Tools do?

Vulnerability scanners are one right way to do this. With their continuous and automated scanning procedures, they can scan the network for potential loopholes.

It is on your internet or any device, they would help the IT departments identify the vulnerability and fix it both manually and automatically.

Vulnerability scanning tools do have two different approaches for performing their routines, authenticated and unauthenticated scans.

In the latter case, a penetration tester will show the scan disguised as a hacker without him having trusted access to the corporate network.

What are the Three types of Vulnerability Scanners?

This type of scan will help organizations identify the loopholes which will allow hackers to penetrate the system without trusted permissions.

Following are the types of vulnerability scanners

  • Discovery Scanning
  • Full Scanning
  • Compliance Scanning

What is an example of a Vulnerability Scanner?

The best Web vulnerability scanner in the market should allow you to perform both authenticated and unauthenticated types of scans to nullify network vulnerabilities among other related vulnerability scanners online

In this article, we’ll take a look at the top 10 best vulnerability scanning tools available in the market.

10 Best Vulnerability Scanner Tools

Vulnerability Scanner ToolsKey Features

Vulnerability Manager Plus
Customization of Patches to Application
Detecting zero-day vulnerabilities
Audit end-of-life software
Security recommendations
Custom Scan Configuration
Tripwire IP360Flexible Scanning
Full Network Discovery
Vulnerability Risk Scoring
Asset Discovery
Nessus vulnerability scannerTarget Profiling
Sensitive data discovery
Malware Detection
PCI DSS requirements
Vulnerability scanning
Comodo HackerProofDaily Vulnerability Scanning
Web-based Management Tool
PCI Scanning Tools
Nexpose communityReal Risk Score
Integration with Metasploit
Powerful Reporting
Adaptive Security
OpenVAS Vulnerability ScannerTargeted IP Address
Task Naming
Authorized (credentialed) Scans
Scheduling scans
NiktoSupport for Proxy with authentication
Cookies Support
Username Enumeration
Outdated component report
WiresharkLive capture and offline analysis
Deep inspection of protocols
VoIP analysis
Read/write Capture file
Coloring rules
Aircrack-ngAnalyzing WiFi networks for weaknesses
Capture and injection of WiFi cards
Sniff wireless packets
Recover lost keys
Retina network security scannerDiscover the Full network Environment
Identify Application Flaw
Analyze threats and gain security intelligence

10 Best Vulnerability Scanner Tools 2023

  1. OpenVAS Vulnerability Scanner
  2. Tripwire IP360
  3. Nessus vulnerability scanner
  4. Comodo HackerProof
  5. Nexpose community
  6. Vulnerability Manager Plus
  7. Nikto
  8. Wireshark
  9. Aircrack-ng
  10. Retina network security scanner

Nmap Network Exploration and Security Auditing Cookbook: Network discovery and security scanning at your fingertips

InfoSec tools | InfoSec services | InfoSec books

Tags: Nmap, Scanner Tools


Apr 17 2023

Lynis – Open Source Security Auditing & Pentesting Tool – 2023

Category: Pen Test,Security ToolsDISC @ 8:50 am

Lynis is an open source security auditing tool. Its main goal is to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks. Examples include searching for installed software and determine possible configuration flaws.

Many tests are part of common security guidelines and standards, with on top additional security tests. After the scan, a report will be displayed with all discovered findings. To provide you with initial guidance, a link is shared with the related Lynis control.

Lynis is one of the most trusted automated auditing tool for software patch management, malware scanning and vulnerability detecting in Unix/Linux based systems. This tool is useful for auditorsnetwork and system administratorssecurity specialists and penetration testers.

Intended audience:

Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOX (Sarbanes-Oxley) compliance audits.

Security specialists, Penetration Testers, System auditors, System/network managers, Security Engineers.

Lynis is compatible with many Operating Systems, such as:

  • AIX
  • Arch Linux
  • BackTrack Linux
  • CentOS
  • Debian, DragonFlyBSD
  • Fedora Core, FreeBSD
  • Gentoo
  • HPUX
  • Kali, Knoppix
  • Linux Mint
  • MacOS X, Mageia, Mandriva
  • NetBSD
  • OpenBSD, OpenSolaris, openSUSE, Oracle Linux
  • PcBSD, PCLinuxOS
  • Red Hat Enterprise Linux (RHEL) and derivatives
  • Sabayon, Scientific Linux, Slackware, Solaris 10, SuSE
  • TrueOS
  • Ubuntu and derivatives

Lynis can also be auditing software such as :

  • Database servers: MySQL, Oracle, PostgreSQL
  • Time daemons: dntpd, ntpd, timed
  • Web servers: Apache, Nginx

Once lynis starts scanning your system, it will perform auditing in a number of categories:

  • System tools: system binaries
  • Boot and services: boot loaders, startup services
  • Kernel: run level, loaded modules, kernel configuration, core dumps
  • Memory and processes: zombie processes, IO waiting processes
  • Users, groups and authentication: group IDs, sudoers, PAM configuration, password aging, default mask
  • Shells
  • File systems: mount points, /tmp files, root file system
  • Storage: usb-storage, firewire ohci
  • NFS
  • Software: name services: DNS search domain, BIND
  • Ports and packages: vulnerable/upgradable packages, security repository
  • Networking: nameservers, promiscuous interfaces, connections
  • Printers and spools: cups configuration
  • Software: e-mail and messaging
  • Software: firewalls: iptables, pf
  • Software: webserver: Apache, nginx
  • SSH support: SSH configuration
  • SNMP support
  • Databases: MySQL root password
  • LDAP services
  • Software: php: php options
  • Squid support
  • Logging and files: Syslog daemon, log directories
  • Insecure services: inetd
  • Banners and identification
  • Scheduled tasks: crontab/cronjob, atd
  • Accounting: sysstat data, auditd
  • Time and synchronization: ntp daemon
  • Cryptography: SSL certificate expiration
  • Virtualization
  • Security frameworks: AppArmor, SELinux, security status
  • Software: file integrity
  • Software: malware scanners
  • Home directories: shell history files

How Lynis works:

In this Kali Linux Tutorial , To run it for the first time, it is recommended to use -c paramater. -c parameter means doing all tests to check the systems. If you want to put the Auditor name, just add –auditor parameter there. Here’s some

Download and Install the Lynis from GitHub 

git clone https://github.com/CISOfy/lynis

$ cd lynis-2.7.3
# ./lynis

samples output :

Once Installed then Start with Auditor or Pentester name .

# lynis -c –auditor “BALAJI”

Figure 1. Initialize

Lynis – Open source security auditing tool

Figure 2. System Tools

Lynis – Open source security auditing tool

Figure 3. Boot & Services and Kernel

Lynis – Open source security auditing tool

Figure 4. Users and Group

Lynis – Open source security auditing tool

Figure 5. Shell and storage

Lynis – Open source security auditing tool

Figure 6. Software, Ports and Packages

6

Figure 7. Networking and Printer

7

Figure 8. Email, Firewalls and Web Server

8

Figure 9. SSH, SNMP and Databases

Lynis – Open source security auditing tool

Figure 10. PHP, Squid Proxy and Logging

10

Figure 11. Inetd, Banner and Cron

11

Figure 12. Accounting, NTP and Cryptography

12

Figure 13. Virtualization, Security Frameworks and File Integrity

13

Figure 14. Malware Scanners, System Tool and Home directory

14

Figure 15. Kernel Hardening

15

Figure 16. Hardening, Custom Tests and Result

lynis_16_hardening_customtests_result

Figure 17. Hardening Index

17

Run Lynis with Custom Tests

Your system may not need to run all the tests. If your server not running a web server, you don’t need to test it. For this purpose, we can use –tests parameter. The syntax is :

# lynis –tests “Test-IDs”

there are more than 100 tests that we can do. Here are some list of Lynis Tests-ID.

  • FILE-7502 (Check all system binaries)
  • BOOT-5121 (Check for GRUB boot loader presence).
  • BOOT-5139 (Check for LILO boot loader presence)
  • BOOT-5142 (Check SPARC Improved boot loader (SILO))
  • BOOT-5155 (Check for YABOOT boot loader configuration file)
  • BOOT-5159 (Check for OpenBSD i386 boot loader presence)
  • BOOT-5165 (Check for FreeBSD boot services)
  • BOOT-5177 (Check for Linux boot and running services)
  • BOOT-5180 (Check for Linux boot services (Debian style))
  • BOOT-5184 (Check permissions for boot files/scripts)
  • BOOT-5202 (Check uptime of system)
  • KRNL-5677 (Check CPU options and support)
  • KRNL-5695 (Determine Linux kernel version and release number)
  • KRNL-5723 (Determining if Linux kernel is monolithic)
  • KRNL-5726 (Checking Linux loaded kernel modules)
  • KRNL-5728 (Checking Linux kernel config)
  • KRNL-5745 (Checking FreeBSD loaded kernel modules)
  • [04:57:04] Reason to skip: Test not in list of tests to perform
  • KRNL-5770 (Checking active kernel modules)
  • KRNL-5788 (Checking availability new kernel)
  • KRNL-5820 (Checking core dumps configuration)

Below is a sample command to run Check uptime of system and Checking core dumps configuration tests. If you want to add more tests, just add more Test-ID separated by space.

# ./lynis –tests “BOOT-5202 KRNL-5820”

111111

To get more Tests-IDs, you can find it inside /var/log/lynis.log. Here’s a trick how to do it.

1. First, we need to run lynis with -c (check-all) parameter.

# ./lynis -c -Q

2. Then look at inside /var/log/lynis.log file. Use cat command and combine it with grep. Let say you want to search Test-ID which related to Kernel. Use keyword KRNL to find it.

# cat /var/log/lynis.log | grep KRNL

2222

Below is a complete keywords of Test-IDs that available in Lynis.

BOOT
KRNL (kernel)
PROC (processor)
AUTH (authentication)
SHLL (shell)
FILE
STRG (storage)
NAME (dns)
PKGS (packaging)
NETW (network)
PRNT (printer)
MAIL
FIRE (firewall)
HTTP (webserver)
SSH
SNMP
DBS (database)
PHP
LDAP
SQD (squid proxy)
LOGG (logging)
INSE (insecure services – inetd)
SCHD (scheduling – cron job)
ACCT (accounting)
TIME (time protocol – NTP)
CRYP (cryptography)
VIRT (virtualization)
MACF (AppArmor – SELINUX)
MALW (malware)
HOME
HRDN (hardening)

Run lynis with categories

If you feel that put a lot of Test-IDs is painful, you can use –test-category parameter. With this option, Lynis will run Test-IDs which are included inside a specific category. For example, you want to run Firewall and Kernel tests. Then you can do this :

# ./lynis –tests-category “firewalls kernel”

3333

Run Lynis as Cronjob

Since security needs consistency, you can automate Lynis to run periodically. Let’s say you want to run it every month to see if there is any improvement since the last Lynis run. To do this, we can run Lynis as a cronjob. Here’s a sample cronjob to run it every month.

#!/bin/sh

AUDITOR=”automated”
DATE=$(date +%Y%m%d)
HOST=$(hostname)
LOG_DIR=”/var/log/lynis”
REPORT=”$LOG_DIR/report-${HOST}.${DATE}”
DATA=”$LOG_DIR/report-data-${HOST}.${DATE}.txt”

cd /usr/local/lynis
./lynis -c –auditor “${AUDITOR}” –cronjob > ${REPORT}

mv /var/log/lynis-report.dat ${DATA}

# End

Save the script into /etc/cron.monthly/lynis. Don’t forget to add related paths (/usr/local/lynis and /var/log/lynis), otherwise the script will not work properly.


InfoSec Threats
 | InfoSec books | InfoSec tools | InfoSec services

Tags: Lynis, Open source security


Mar 02 2023

10 Best Penetration Testing tools

Category: Pen Test,Security ToolsDISC @ 3:15 pm
Penetration Testing

Best Penetration Testing tools

Penetration testing, also known as pen testing, is a process of assessing the security of a computer system or network by simulating an attack from a malicious outsider or insider. The goal is to identify vulnerabilities and weaknesses that can be exploited by attackers to gain unauthorized access to the system.

There are many penetration testing tools available that can help security professionals and ethical hackers to perform effective tests. Here are some of the best penetration testing tools:

  1. Metasploit Framework: It is an open-source penetration testing framework that provides a range of exploits, payloads, and auxiliary modules. It is widely used by penetration testers and security professionals to identify vulnerabilities and exploit them.
  2. Nmap: It is a network exploration and security auditing tool that can be used to scan networks and identify hosts, ports, and services. It can also be used to detect operating systems and versions.
  3. Wireshark: It is a network protocol analyzer that allows you to capture and analyze network traffic. It can be used to detect and analyze network attacks and vulnerabilities.
  4. Burp Suite: It is an integrated platform for performing web application security testing. It includes a proxy server, a scanner, a spider, and other tools that can be used to identify vulnerabilities in web applications.
  5. Aircrack-ng: It is a suite of tools that can be used to crack wireless network passwords. It includes tools for capturing and analyzing network traffic, as well as tools for cracking encryption keys.
  6. John the Ripper: It is a password cracking tool that can be used to test the strength of passwords. It can be used to crack passwords for a range of operating systems and applications.
  7. SQLmap: It is an open-source penetration testing tool that can be used to test the security of SQL-based web applications. It can be used to detect and exploit SQL injection vulnerabilities.
  8. Hydra: It is a password cracking tool that can be used to test the strength of passwords for a range of protocols, including HTTP, FTP, and Telnet.
  9. Nessus: It is a vulnerability scanner that can be used to scan networks and identify vulnerabilities. It can also be used to generate reports and prioritize vulnerabilities based on their severity.
  10. OWASP Zap: The world’s most popular free web security tool, actively maintained by a dedicated international team of volunteers.
  11. Kali Linux: It is a Linux distribution that is specifically designed for penetration testing and ethical hacking. It includes a range of tools for network analysis, vulnerability testing, password cracking, and more.

Latest Pen Testing Titles

Cobalt’s Pentest as a Service (PtaaS) platform, coupled with an exclusive community of testers, delivers the real-time insights you need to remediate risk quickly and innovate securely.

Previous Pen Testing Posts

We’d love to hear from you! If you have any questions, comments, or feedback, please don’t hesitate to contact us. Our team is here to help and we’re always looking for ways to improve our services. You can reach us by email (info@deurainfosec.com), or through our website’s contact form.

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: Penetration Testing tools


Feb 09 2023

API Penetration Testing Checklist

Category: API security,Pen TestDISC @ 3:10 pm

API security is an undervalued but crucial aspect of information security. Some of the most common cyber attacks exploit APIs and web applications, and if organisations are to stay secure, they must test their systems to identify and eradicate weaknesses.

Organisations can achieve this with API penetration tests. An ethical hacker (or ‘penetration tester’) will examine your applications using the same techniques that a cyber criminal would use. This gives you a real-world insight into the way someone might compromise your systems.

Web application and API tests look specifically at security vulnerabilities introduced during the development or implementation of software or websites. There is no single checklist of how exactly the test should be conducted, but there are general guidelines.

Benefits of API penetration testing

The primary purpose of an API penetration test is to protect your organisation from data breaches. This is crucial given the increased risk of cyber attacks in recent years; according to a UK government report, 39% of surveyed organisations said they suffered a security breach in the past year.

By conducting an API penetration test, you will gain a real-world overview of one of the biggest security threats that organisations face. The tester will use their experience to provide guidance on specific risks and advise you on how to address them.

But penetration tests aren’t only about closing security vulnerabilities. Mitigating the risk of security incidents has several other benefits. For instance, you protect brand loyalty and corporate image by reducing the likelihood of a costly and potentially embarrassing incident.

Penetration testing also helps you demonstrate to clients and potential partners that you take cyber security seriously. This gives you a competitive advantage and could help you land higher-value contracts.

Perhaps most notably, penetration testing is a requirement for several laws and regulations. Article 32 of the GDPR (General Data Protection Regulation), for example, mandates that organisations regularly test and evaluate the effectiveness of their technical and organisational measures employed to protect personal data.

Likewise, if your organisation is subject to the PCI DSS (Payment Card Industry Data Security Standard), you must conduct external penetration tests at least once per year and after any significant changes are made to your systems.

API penetration testing checklist

IT Governance has its own proprietary checklist when conducting API and web application penetration tests.

The system is modelled on the OSSTMM (Open Source Security Testing Methodology Manual) and the OWASP (Open Web Application Security Project) methodologies.

A high-level overview of our process is outlined below, with a brief description of what is assessed during each section.

1. Authentication

The penetration tester ensures that appropriate mechanisms are in place to confirm a user’s identity. They then review how the authentication process works, using that information to circumvent the authentication mechanism.

2. Authorisation

The tester verifies that access to resources is provided only to those permitted to use them.

Once roles and privileges are understood, the tester attempts to bypass the authorisation schema, finding path-traversal vulnerabilities and ways to escalate the privileges assigned to the tester’s user role.

3. Session management

The tester ensures that effective session management configurations are implemented. This broadly covers anything from how user authentication is performed to what happens when logging out.

4. Input validation and sanitisation

The tester checks that the application appropriately validates and sanitises all input from the user or the environment before using it.

This includes checking common input validation vulnerabilities such as cross-site scripting and SQL injection, as well as other checks such as file uploads, antivirus detection and file download weaknesses.

5. Server configuration

The tester analyses the deployed configuration of the server that hosts the web application. They then verify that the application server has gone through an appropriate hardening process.

6. Encryption

The tester assesses encryption security around the transmission of communication. This includes checking for common weaknesses in SSL/TLS configurations and verifying that all sensitive data is being securely transferred.

7. Information leakage

The tester reviews the application configuration to ensure that information is not being leaked.

This is assessed by reviewing configurations and examining how the application communicates to discover any information disclosure that could cause a security risk.

8. Application workflow

The tester determines whether the application processes and workflows can be bypassed.

Tests are conducted to ensure that application workflows cannot be bypassed by either tampering with the parameters or forcefully browsing. This ensures the integrity of the data.

9. Application logic

The tester analyses how the application uses, stores and maintains data. They do this by checking the underlying technology and any mitigating controls that may affect the risk to the application.

10. Report

The tester documents their findings. Their reports contains an executive summary, which provides a high-level, non-technical summary of any identified vulnerabilities, alongside a summary of the organisation’s business risks and an overall risk rating.

It also contains a comprehensive review of testing details, such as the scope of the assessment, descriptions of the vulnerabilities identified and their impact, plus proofs of concept that support the findings.

Finally, the report provides the tester’s commentary, where they discuss the issues identified and how the vulnerabilities could be linked within an attack chain. This is supplemented with remediation advice and supporting references.

Pen testing Resources

Tags: API Penetration Testing Checklist


Feb 06 2023

75 Best Android Penetration Testing Tools – 2023

Category: Pen Test,Security ToolsDISC @ 10:56 am

Android penetration testing tools are more often used by security industries to test the vulnerabilities in Android applications.

Here you can find the Comprehensive mobile penetration testing tools and resource list that covers Performing Penetration testing Operations in Android Mobiles.

Android is the biggest organized base of any mobile platform and developing fast—every day. Besides, Android is rising as the most extended operating system in this viewpoint because of different reasons.

Android Security Penetration Testing Tools

Online Analyzers

Following are the online analyzers used to pentest the android applications.

ApprayDynamic Analysis Tools for Android and iOS Applications
NowsecureComplete Mobile Security Testing tool for Android & iOS Tools
AppKnoxEfficient Security Testing Tools for Mobile Apps

Static Analysis Tools

AndrowarnDetects and warn the user about potential malicious behaviors developed by an Android application
ApkAnalyserVirtual Analysis Tools for Android Applications
APKInspectorGUI-based Security Analysis
DroidLegacyPentesting Kit
FlowDroidStatic Analysis Tool
Android DecompilerProfessional Reverse Engineering Toolkit
PSCoutA tool that extracts the permission specification from the Android OS source code using static analysis
Amandroidstatic analysis framework
SmaliSCASmali Static Code Analysis
CFGScanDroidScans and compares CFG against CFG of malicious applications
Madrolyzerextracts actionable data like C&C, phone number etc.
SPARTAverifies (proves) that an app satisfies an information-flow security policy; built on the Checker Framework
ConDroidPerforms a combination of symbolic + concrete execution of the app
DroidRAVirtual Analysis
RiskInDroidA tool for calculating the risk of Android apps based on their permissions, with an online demo available.
SUPERSecure, Unified, Powerful, and Extensible Rust Android Analyzer
ClassySharkStandalone binary inspection tool which can browse any Android executable and show important info.

Mobile App Vulnerability Scanner Tools

QARKQARK by LinkedIn is for app developers to scan app for security issues
AndroBugsAndroid vulnerability analysis system
NogotofailNetwork security testing tool
DevknoxAutocorrect Android Security issues as if it was spell check from your IDE
JAADASJoint intraprocedural and inter-procedure program analysis tool to find vulnerabilities in Android apps, built on Soot and Scala

Dynamic Analysis Tools

Androl4bA Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
Android Malware Analysis Toolkit(Linux distro) Earlier it use to be an online analyzer
Mobile-Security-Framework MobSFMobile Security Framework is an intelligent, all-in-one open-source mobile application (Android/iOS) automated pen-testing framework capable of performing static, dynamic analysis, and web API testing.
AppUsecustom build for pentesting
Cobradroidcustom image for malware analysis
Xposedequivalent of doing Stub based code injection but without any modifications to the binary
InspeckageAndroid Package Inspector – dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)
Android HookerDynamic Java code instrumentation (requires the Substrate Framework)
ProbeDroid Dynamic Java code instrumentation
Android Tamer Virtual / Live Platform for Android Security Professionals
DECAF Dynamic Executable Code Analysis Framework based on QEMU (DroidScope is now an extension to DECAF)
CuckooDroid Android extension for Cuckoo sandbox
Mem Memory analysis of Android Security (root required)
AuditdAndroid Android port of auditd, not under active development anymore
AurasiumPractical security policy enforcement for Android apps via bytecode rewriting and in-place reference monitor.
Appie Appie is a software package that has been pre-configured to function as an Android Pentesting Environment.It is completely portable and can be carried on USB stick or smartphone.This is a one-stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines.
StaDynA A system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection). This tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information.
Vezir Project Virtual Machine for Mobile Application Pentesting and Mobile Malware Analysis
MARA Mobile Application Reverse engineering and Analysis Framework
Taintdroid Requires AOSP compilation

Reverse Engineering

Smali/Baksmali apk decompilation
Androguard powerful, integrates well with other tools
Apktool really useful for compilation/decompilation (uses smali)
Android OpenDebugmake any application on device debuggable (using cydia substrate)
Dare .dex to .class converter
Dex2Jar dex to jar converter
Enjarify dex to jar converter from Google
Frida Inject javascript to explore applications and a GUI tool for it
Indroidthread injection kit
Jad Java decompiler
JD-GUIJava decompiler
CFRJava decompiler
KrakatauJava decompiler
ProcyonJava decompiler
FernFlowerJava decompiler
Redexerapk manipulation

Fuzz Testing

IntentFuzzer
Radamsa Fuzzer
Honggfuzz
An Android port of the melkor ELF fuzzer
Media Fuzzing Framework for Android
AndroFuzz

App Repackaging Detectors

FSquaDRAAndroid Security tool for detection of repackaged Android applications based on app resources hash comparison.

Market Crawlers

Google play crawler (Java) searching android applications on GooglePlay,
Google play crawler (Python) browse and download Android apps from Google Play
Google play crawler (Node) get app details and download apps from official Google Play Store
Aptoide downloader (Node) download apps from Aptoide third-party Android market
Appland downloader (Node)download apps from Appland third-party Android market

Misc Tools

smalihookDecompiler
APK-DownloaderDownloader
AXMLPrinter2to convert binary XML files to human-readable XML files
adb autocompleteRepo Downloader
Dalvik opcodesRegistry
Opcodes table for quick referenceRegistry
ExploitMe Android Labsfor practice
GoatDroid for practice
mitmproxyintercepting proxy 
dockerfile/androguardshell environment
Android Vulnerability Test Suite android-vts scans a device for set of vulnerabilities
AppMonAppMon is an automated framework for monitoring and tampering system API calls of native macOS, iOS and android apps. It is based on Frida.

ANDROID SECURITY BOOK: 10 Simple Ways Billionaires Secure Their Android Devices

Checkout our previous posts on “Security Tools”

Computer Forensics

Building a Cybersecurity Toolkit

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: Android Penetration Testing Tools, Android security, Pen testing, Security professionals


Jan 26 2023

Cloud Pentesting Cheatsheet

Category: Cheat Sheet,Cloud computing,Pen TestDISC @ 12:09 pm

Cloud Pentesting for Noobs. An introduction to peneration testing… | by Jon  Helmus | Medium

Checkout our previous posts on Cheat Sheet

InfoSec books | InfoSec tools | InfoSec services

Tags: cheat sheet, Cloud Pentesting


Jan 18 2023

Wireless Penetration Testing Checklist – A Detailed Cheat Sheet

Category: Cheat Sheet,Pen Test,Wi-Fi SecurityDISC @ 4:13 pm

Wireless Penetration testing actively examines the process of Information security Measures which is Placed in WiFi Networks and also analyses the Weakness, technical flows, and Critical wireless Vulnerabilities.

The most important countermeasures we should focus on are Threat  Assessment, Data theft Detection, security control auditing, Risk prevention and Detection, information system Management, and Upgrade infrastructure and a Detailed report should be prepared.What is Wireless Penetration Testing?

Wireless Penetration Testing is aimed to test wireless infrastructure to find vulnerabilities in the network. Testing involves both manual testing techniques and automated scans to simulate a real-world attack and identify risks.Why is wireless penetration testing important?

Usage of Wi-Fi access dramatically increased nowadays, and the quality of Wi-Fi security is in question. By using Wi-Fi access thousands of transaction processing every minute.
If the network is vulnerable it allows hackers to launch various attacks and intercept the data.

Common Wireless Network Vulnerabilities

  • Deployment of Vulnerable WEP Protocol
  • Man-in-the-Middle Attacks
  • Default SSIDs and Passwords
  • Misconfigured Firewalls
  • WPA2 Krack Vulnerability
  • NetSpectre – Remote Spectre Exploit
  • Warshipping
  • Packet Sniffing
  • Warshipping

Wireless Penetration Testing Checklist

Let’s take a detailed look at the Wireless Penetration Testing Checklist and the steps to be followed.

Framework for Wireless Penetration Testing

  1. Discover the Devices connected with  Wireless Networks.
  2. Document all the findings if Wireless Device is Found.
  3. If a wireless Device is found using Wifi Networks, then perform common wifi Attacks and check the devices using WEP Encryption.
  4. If you found WLAN using WEP Encryption then Perform WEP Encryption Pentesting.
  5. Check whether WLAN Using WPA/WPA2 Encryption. If yes then perform WPA/WPA2 pen-testing.
  6. Check Whether WLAN using LEAP Encryption. If yes then perform LEAP Pentesting.
  7. No other Encryption Method was used which I mentioned above, Then Check whether WLAN using unencrypted.
  8. If WLAN is unencrypted then perform common wifi network attacks, check the vulnerability which is placed in the unencrypted method and generate a report.
  9. Before generating a Report make sure no damage has been caused to the pentesting assets.

Wireless Pentesting with WEP Encrypted WLAN

  1. Check the SSID and analyze whether SSID is Visible or Hidden.
  2. Check for networks using WEP encryption.
  3. If you find the SSID as visible mode then try to sniff the traffic and check the packet capturing status.
  4. If the packet has been successfully captured and injected then it’s time to break the WEP  key by using a WiFi cracking tool such as Aircrack-ng, or WEPcrack.
  5. If packets are not reliably captured then sniff the traffic again and capture the Packet.
  6. If you find SSID is the Hidden mode, then do Deauthentication for the target client by using some deauthentication tools such as Commview and Airplay-ng.
  7. Once successfully Authenticated with the client and Discovered the SSID is, then again follow the Above Procedure which is already used for discovering SSID in earlier steps.
  8. Check if the Authentication method used is OPN (Open Authentication) or SKA (Shared Key Authentication). If SKA is used, then bypassing mechanism needs to be performed.
  9. Check if the STA (stations/clients) are connected to AP (Access Point) or not. This information is necessary to perform the attack accordingly.

If clients are connected to the AP, an Interactive packet replay or ARP replay attack needs to be performed to gather IV packets which can be then used to crack the WEP key.

If there’s no client connected to the AP, Fragmentation Attack or Korex Chop Chop attack needs to be performed to generate the keystream which will be further used to reply to ARP packets.

10. Once the WEP key is cracked, try to connect to the network using WPA-supplicant and check if the AP is allotting any IP address or not.”EAPOL handshake“.

Wireless Penetration Testing with WPA/WPA2 Encrypted WLAN

  1. Start and Deauthenticate with WPA/WPA2 Protected WLAN client by using WLAN tools Such as Hotspotter, Airsnarf, Karma, etc.
  2. If the Client is Deaauthenticated, then sniff the traffic and check the status of captured EAPOL Handshake.
  3. If the client is not Deauthenticate then do it again.
  4. Check whether the EAPOL handshake is captured or Not.
  5. Once you captured the EAPOL handshake, then perform a PSK Dictionary attack using coWPAtty, Aircrack-ng to gain confidential information.
  6. Add Time-memory trade-off method (Rainbow tables) also known as WPA-PSK Precomputation attack for cracking WPA/2 passphrase. Genpmk can be used to generate pre-computed hashes.
  7. If it’s Failed then Deauthenticate again and try to capture again and redo the above steps.

LEAP Encrypted WLAN

  1. Check and Confirm whether WLAN is protected by LEAP Encryption or not.
  2. De-authenticate the LEAP Protected Client using tools such as karma, hotspotter, etc.
  3. If the client is De authenticated then break the LEAP Encryption using a tool such as asleapto steal the confidential information
  4. If the process dropped then de-authenticate again

Wireless Penetration Testing with Unencrypted WLAN

  1. Check whether SSID is Visible or not
  2. Sniff for IP range if SSID is visible then check the status of MAC Filtering.
  3. If MAC filtering is enabled then spoof the MAC Address by using tools such as SMAC
  4. Try to connect to AP using IP within the discovered range.
  5. If SSID is hidden then discover the SSID using Aircrack-ng and follow the procedure of visible SSID which I Declared above.

Wireless Penetration Testing

Checkout our previous posts on InfoSec “Cheat Sheet”

InfoSec books | InfoSec tools | InfoSec services

Tags: cheat sheet


Jan 16 2023

Most Important Network Penetration Testing Checklist

Category: Cheat Sheet,Network security,Pen TestDISC @ 11:05 am

Network Penetration Testing determines vulnerabilities in the network posture by discovering Open ports, Troubleshooting live systems, services and grabbing system banners.

The pen-testing helps administrator to close unused ports, additional services, Hide or Customize banners, Troubleshooting services and to calibrate firewall rules.You should test in all ways to guarantee there is no security loophole.

Let’s see how we conduct a step by step Network penetration testing by using some famous network scanners.

Network Penetration Testing

1.HOST DISCOVERY

Footprinting is the first and important phase were one gather information about their target system.

DNS footprinting helps to enumerate DNS records like (A, MX, NS, SRV, PTR, SOA, CNAME) resolving to the target domain.

  • A – A record is used to point the domain name such as gbhackers.com to the IP address of it’s hosting server.
  •  MX – Records responsible for Email exchange.
  • NS – NS records are to identify DNS servers responsible for the domain.
  • SRV – Records to distinguish the service hosted on specific servers.
  • PTR – Reverse DNS lookup, with the help of IP you can get domain’s associated with it.
  • SOA – Start of record, it is nothing but the information in the DNS system about DNS Zone and other DNS records.
  • CNAME – Cname record maps a domain name to another domain name.

We can detect live hosts, accessible hosts in the target network by using network scanning tools such as Advanced IP scanner, NMAP, HPING3, NESSUS.

Ping&Ping Sweep:

root@kali:~# nmap -sn 192.168.169.128root@kali:~# nmap -sn 192.168.169.128-20 To ScanRange of IProot@kali:~# nmap -sn 192.168.169.* Wildcardroot@kali:~# nmap -sn 192.168.169.128/24 Entire Subnet

Whois Information 

To obtain Whois information and name server of a webisteroot@kali:~# whois testdomain.com

  1. http://whois.domaintools.com/
  2. https://whois.icann.org/en

Traceroute

Network Diagonastic tool that displays route path and transit delay in packetsroot@kali:~# traceroute google.com

Online Tools

  1. http://www.monitis.com/traceroute/
  2. http://ping.eu/traceroute/

2.PORT SCANNING

Perform port scanning using tools such as Nmap, Hping3, Netscan tools, Network monitor. These tools help us to probe a server or host on the target network for open ports.

Open ports are the gateway for attackers to enter in and to install malicious backdoor applications.root@kali:~# nmap –open gbhackers.com             To find all open portsroot@kali:~# nmap -p 80 192.168.169.128           Specific Portroot@kali:~# nmap -p 80-200 192.168.169.128   Range of portsroot@kali:~# nmap -p “*” 192.168.169.128          To scan all ports

Online Tools

  1. http://www.yougetsignal.com/
  2. https://pentest-tools.com/information-gathering/find-subdomains-of-domain

3.Banner Grabbing/OS Fingerprinting

Perform banner Grabbing/OS fingerprinting such as Telnet, IDServe, NMAP determines the operating system of the target host and the operating system.

Once you know the version and operating system of the target, we need to find the vulnerabilities and exploit.Try to gain control over the system.root@kali:~# nmap -A 192.168.169.128root@kali:~# nmap -v -A 192.168.169.128 with high verbosity level

IDserve another good tool for Banner Grabbing.

Networkpentesting Flowchart

Online Tools

  1. https://www.netcraft.com/
  2. https://w3dt.net/tools/httprecon
  3. https://www.shodan.io/

4.Scan for Vulnerabilities

Scan the network using Vulnerabilities using GIFLanguard, Nessus, Ratina CS, SAINT.

These tools help us in finding vulnerabilities with the target system and operating systems.With this steps, you can find loopholes in the target network system.

GFILanguard

It acts as a security consultant and offers patch Management, Vulnerability assessment, and network auditing services.

Nessus

Nessus a vulnerability scanner tool that searches bug in the software and finds a specific way to violate the security of a software product.

  • Data gathering.
  • Host identification.
  • Port scan.
  • Plug-in selection.
  • Reporting of data.

5.Draw Network Diagrams

Draw a network diagram about the organization that helps you to understand logical connection path to the target host in the network.

The network diagram can be drawn by LANmanager, LANstate, Friendly pinger, Network view.

6.Prepare Proxies

Proxies act as an intermediary between two networking devices. A proxy can protect the local network from outside access.

With proxy servers, we can anonymize web browsing and filter unwanted contents such as ads and many other.

Proxies such as Proxifier, SSL Proxy, Proxy Finder..etc, to hide yourself from being caught.

6.Document all Findings

The last and the very important step is to document all the Findings from Penetration testing.

This document will help you in finding potential vulnerabilities in your network. Once you determine the Vulnerabilities you can plan counteractions accordingly.

You can download rules and scope Worksheet here – Rules and Scope sheet 

Thus, penetration testing helps in assessing your network before it gets into real trouble that may cause severe loss in terms of value and finance.

Important Tools used for Network Pentesting

Frameworks

Kali Linux, Backtrack5 R3, Security Onion

Reconnaisance

Smartwhois, MxToolbox, CentralOps, dnsstuff, nslookup, DIG, netcraft

Discovery

Angry IP scanner, Colasoft ping tool, nmap, Maltego, NetResident,LanSurveyor, OpManager

Port Scanning

Nmap, Megaping, Hping3, Netscan tools pro, Advanced port scannerService Fingerprinting Xprobe, nmap, zenmap

Enumeration

Superscan, Netbios enumerator, Snmpcheck, onesixtyone, Jxplorer, Hyena,DumpSec, WinFingerprint, Ps Tools, NsAuditor, Enum4Linux, nslookup, Netscan

Scanning

Nessus, GFI Languard, Retina,SAINT, Nexpose

Password Cracking

Ncrack, Cain & Abel, LC5, Ophcrack, pwdump7, fgdump, John The Ripper,Rainbow Crack

Sniffing

Wireshark, Ettercap, Capsa Network Analyzer

MiTM Attacks

Cain & Abel, Ettercap

Exploitation

 Metasploit, Core ImpactThese are the Most important checklist you should concentrate with Network penetration Testing .

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Checkout our previous posts on Pen Testing…

Contact DISC InfoSec

InfoSec books | InfoSec tools | InfoSec services

Tags: Penetration Testing Checklist


Jan 09 2023

Top 10 Best Penetration Testing Companies & Services – 2023

Category: Pen TestDISC @ 12:08 pm

enetration Testing Companies are pillars when it comes to information security, nothing is more important than ensuring your systems and data are safe from unauthorized access, Many organizations have a flawed security culture, with employees motivated to protect their own information rather than the organization.

This sets up an opportunity for attackers seeking ways into a company to exploit it and get access to critical data and secrets.

In this article, we will see the 10 best penetration testing companies and understand what penetration testing is. We will also discuss its importance, different types of tests, and how they are conducted. 

What Is Penetration Testing?

The term “penetration testing” refers to the process of checking an application’s or network’s security by exploiting any known vulnerabilities.

These security flaws might be found in a variety of places, such as system configuration settings, authentication methods, and even end-user risky behaviors.

Apart from assessing security, pentesting is also used to assess the effectiveness of defensive systems and security tactics.

The cyber security condition is shifting at a breakneck speed. New vulnerabilities are discovered and exploited all of the time, some of them are publicly recognized, and others are not.

Being aware is the greatest defence you can have. A penetration test uncovers security flaws in your system that might lead to data theft and denial of service.

Top 10 Best Penetration Testing Companies – 2023

Best Penetration Testing Companies: Key Features and Services

Top Pentesting CompaniesKey FeaturesServices
Astra SecurityAutomated Vulnerability Scans, Continuous Scanning, CI/CD Integration, Zero false positives, Pentest Report, Customer Support, and Theories on How to Report to Regulators.Penetration Testing, Vulnerability Assessment, Security Audits, IT Risk Assessments, Security Consulting Website Protection, Compliance Reporting.
DetectifySimple and intuitive interface, Prioritized remediation advice can your web applications and APIs in the cloudPenetration Testing, Scanning for Vulnerabilities
IntruderProvides results from automated analysis and prioritization, Examination of configurations for flaws missing patches application weaknessesManagement of Vulnerabilities, Penetration Testing, Perimeter server scanning, Cloud Security, Network Security
InvictiBuilt-in reporting tools automatically find SQL Injection, Scan 1,000 web applications in just 24 hoursPenetration Testing, Website SecurityScanning, Web VulnerabilityScanning
Rapid7Easy-to-use interface-click phishing campaignsPenetration Testing, Vulnerability Management
AcunetixAccess Controls/Permissions, Activity Dashboard, Activity MonitoringImmediate actionable results best web security services seamless integration with customer’s current system
CobaltProof-Based Scanning, Full HTML5 Support, Web Services Scanning, Built-in Tools, SDLC IntegrationIntegration with JIRA and Github, OWASP Top 10PCIHIPAA, and other compliance report templates customer Reports API for building personalized security reports test vulnerabilities functionality
SecureWorksmore than 4,400 customers in 61 countries across the world perform more or less 250 billion cyber eventsPen Testing Services, Application Security Testing, Advance Threat/Malware detection, and preventing Retention and Compliance Reporting
SciencesoftCertified ethical hackers on the team33 years of overall experience in ITIBM Business Partner in Security Operations & Response, Recognized with 8 Gold Microsoft CompetenciesVulnerability Assessment, Penetration Testing, Compliance Testing, Security Code Review, Infrastructure Security Audit
CyberhunterBest for Penetration Testing, Network Threat Assessments, Security Audits, Cyber Threat Hunting, Network reconnaissance, vulnerability mapping, exploitation attempts, cyber threat analysisPenetration Testing, Network Threat Assessments, Network Security Audits, Cyber Threat Hunting, Network Log Monitoring

Table covering 10 Penetration Testing Companies & Key Features

Infosec books | InfoSec tools | InfoSec services

Tags: Penetration Testing


Next Page »