DEF CON 26 didn’t take place yet, but the list of the Demo Labs has already been published.

I was just browsing it out of curiosity and realized that a lot of the tools that will be featured in these labs are already publicly available! So I decided to try them & see which ones are worth adding or are compatible with my pentesting arsenal & methodology.
This blog post is a summary of the steps I took to install these tools.

Note that I only chose the ones that are pertaining to the kind of tests I’m doing.
“PA Toolkit – Wireshark plugins for Pentesters” is the only one I’m interested in that wasn’t released yet, so I’m waiting for it! I will update this blog post to add it, after its release.

trackerjacker #

• Like nmap for mapping wifi networks you’re not connected to, plus device tracking. Maps and tracks wifi networks and devices through raw 802.11 monitoring.
• Python tool

Installation #

pip3 install trackerjacker

Usage #

trackerjacker -h

ADRecon #

• ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
• Windows Powershell tool

Installation #

Prerequisites

• .NET Framework 3.0 or later
• PowerShell 2.0 or later
• Microsoft Excel (optional)
• Remote Server Administration Tools for Windows 10 or for Windows 7

Download ADRecon & unzip it.

Usage #

PS C:\ADRecon-master> Get-Help .\ADRecon.ps1

Archery #

• Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities.
• Python tool

Installation #

$ git clone https://github.com/archerysec/archerysec.git
$ cd archerysec
$ chmod +x run.sh
$ sudo ./run.sh

Usage #

python manage.py help
python manage.py runserver 127.0.0.1:8000
Hit <http://127.0.0.1:8000/>

Official documentation

boofuzz #

• Boofuzz is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility. The goal: fuzz everything.
• Python library

Installation #

pip install boofuzz

Usage #

Official documentation

Cloud Security Suite (cs-suite) - Version 2.0 #

• Cloud Security Suite - One stop tool for auditing the security posture of AWS & GCP infrastructure.
• Python tool

Installation #

Prerequisites

• AWS Audit - AWS ReadOnly Keys
• GCP Audit - gcloud setup

$ git clone https://github.com/SecurityFTW/cs-suite.git
$ cd cs-suite/
$ sudo python setup.py

Usage #

python cs.py -env aws				# Run AWS Audit
python cs.py -env gcp -pId <project_name>	# Run GCP Audit

conformer #

• Password Guessing for different Web Portals
• BASH script

Installation #

$ git clone https://github.com/mikhbur/conformer.git
$ cd conformer/
$ chmod +x conformer.sh

Usage #

$ ./conformer.sh

eaphammer #

• Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.
• Python tool

Installation #

$ git clone https://github.com/s0lst1c3/eaphammer.git
$ cd eaphammer
$ ./kali-setup

Usage #

./eaphammer

Expliot #

• Framework for security testing IoT and IoT infrastructure
• Python tool

Installation #

$ git clone https://gitlab.com/expliot_framework/expliot.git
$ cd expliot
$ python3 setup.py install

Usage #

$ efconsole

GyoiThon #

• A growing penetration test tool using Machine Learning.
• Python tool

Installation #

$ git clone https://github.com/gyoisamurai/GyoiThon.git 
$ cd GyoiThon
$ pip install -r requirements.txt

Usage #

msfdb init
msfconsole
msf > load msgrpc ServerHost=192.168.4.4 ServerPort=55553 User=test Pass=test1234
[*] MSGRPC Service:  192.168.4.4:55553 
[*] MSGRPC Username: test
[*] MSGRPC Password: test1234
[*] Successfully loaded plugin: msgrpc

Edit the following files to put the value previsouly entered in Metasploit:

$ nano classifier4gyoithon/config.ini
...snip...
[GyoiExploit]
server_host      : 192.168.4.4	# Replace with your Kali IP address
server_port      : 55553
msgrpc_user      : test
msgrpc_pass      : test1234
timeout          : 10
LHOST            : 192.168.4.4
LPORT            : 4444
data_path        : data
wait_for_banner  : 1
...snip...

Edit the target file:

$ nano host.txt 
65.61.137.117 80 /
65.61.137.117 80 /bank/login.aspx

Then run GyoiThon: $ python gyoithon.py

Official documentation

Halcyon IDE #

• IDE for Nmap Script Developers
• Jar file

Installation #

$ wget https://github.com/s4n7h0/Halcyon/releases/download/2.0.1/Halcyon_IDE_v2.0.1.jar
$ java -jar Halcyon_IDE_v2.0.1.jar

Usage #

$ java -jar Halcyon_IDE_v2.0.1.jar &

Local-sheriff #

• A recon tool in your browser (WebExtension). While you normally browse the internet, Local Sheriff works in the background to empower you in identifying what data points (PII) are being shared / leaked to which all third-parties.
• Chrome/Firefox extension

Installation #

Chrome extension

Add the extension manually to Firefox:

1. $ git clone https://github.com/cliqz-oss/local-sheriff.git
2. Open about:debugging
3. Load temporary-addon
4. Point to the folder local-sheriff and select manifest.json.

Repeat steps 2 to 4 must be everytime you restart the browser.

Usage #

Click the Local Sheriff extension icon & follow the indications displayed.

Passionfruit #

• Simple iOS app blackbox assessment tool. Powered by frida.re and vuejs.
• NPM package

Installation #

$ npm cache clean
$ npm install -g passionfruit

Usage #

$ passionfruit

Sh00t #

• A highly customizable, intelligent platform that understands the life of bug hunters and emphasizes on manual security testing.
• Python tool

Installation #

$ git clone https://github.com/pavanw3b/sh00t.git
$ cd sh00t/
$ pip install -r requirements.txt --user
$ python manage.py migrate
$ python manage.py createsuperuser

Usage #

• $ python manage.py runserver
• Hit http://127.0.0.1:8000/
• Ctrl + C to stop the server

LHT (Lossy Hash Table) Calculator #

• Cracks passwords or keys from a small key space near instantly. A small key space being a few trillion (40+ bits).
• Online tool

GreyNoise #

• Online tool

Please let me know if you have a comment, requests for tutorials, questions, etc.

See you next time!