Sponsored by

Installing the latest pentest tools from Defcon 26 Demo Labs

Posted in Articles on July 2, 2018

Installing the latest pentest tools from Defcon 26 Demo Labs

DEF CON 26 didn’t take place yet, but the list of the Demo Labs has already been published.

I was just browsing it out of curiosity and realized that a lot of the tools that will be featured in these labs are already publicly available! So I decided to try them & see which ones are worth adding or are compatible with my pentesting arsenal & methodology.
This blog post is a summary of the steps I took to install these tools.

Note that I only chose the ones that are pertaining to the kind of tests I’m doing.
“PA Toolkit – Wireshark plugins for Pentesters” is the only one I’m interested in that wasn’t released yet, so I’m waiting for it! I will update this blog post to add it, after its release.

trackerjacker

  • Like nmap for mapping wifi networks you’re not connected to, plus device tracking. Maps and tracks wifi networks and devices through raw 802.11 monitoring.
  • Python tool

Installation

pip3 install trackerjacker

Usage

trackerjacker -h

ADRecon

  • ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
  • Windows Powershell tool

Installation

Prerequisites

Download ADRecon & unzip it.

Usage

PS C:\ADRecon-master> Get-Help .\ADRecon.ps1

Archery

  • Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities.
  • Python tool

Installation

$ git clone https://github.com/archerysec/archerysec.git
$ cd archerysec
$ chmod +x run.sh
$ sudo ./run.sh

Usage

python manage.py help
python manage.py runserver 127.0.0.1:8000
Hit <http://127.0.0.1:8000/>

Official documentation

boofuzz

  • Boofuzz is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility. The goal: fuzz everything.
  • Python library

Installation

pip install boofuzz

Usage

Official documentation

Cloud Security Suite (cs-suite) - Version 2.0

  • Cloud Security Suite - One stop tool for auditing the security posture of AWS & GCP infrastructure.
  • Python tool

Installation

Prerequisites

  • AWS Audit - AWS ReadOnly Keys
  • GCP Audit - gcloud setup
$ git clone https://github.com/SecurityFTW/cs-suite.git
$ cd cs-suite/
$ sudo python setup.py

Usage

python cs.py -env aws				# Run AWS Audit
python cs.py -env gcp -pId <project_name>	# Run GCP Audit

conformer

  • Password Guessing for different Web Portals
  • BASH script

Installation

$ git clone https://github.com/mikhbur/conformer.git
$ cd conformer/
$ chmod +x conformer.sh

Usage

$ ./conformer.sh

eaphammer

  • Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.
  • Python tool

Installation

$ git clone https://github.com/s0lst1c3/eaphammer.git
$ cd eaphammer
$ ./kali-setup

Usage

./eaphammer

Expliot

  • Framework for security testing IoT and IoT infrastructure
  • Python tool

Installation

$ git clone https://gitlab.com/expliot_framework/expliot.git
$ cd expliot
$ python3 setup.py install

Usage

$ efconsole

GyoiThon

  • A growing penetration test tool using Machine Learning.
  • Python tool

Installation

$ git clone https://github.com/gyoisamurai/GyoiThon.git 
$ cd GyoiThon
$ pip install -r requirements.txt

Usage

msfdb init
msfconsole
msf > load msgrpc ServerHost=192.168.4.4 ServerPort=55553 User=test Pass=test1234
[*] MSGRPC Service:  192.168.4.4:55553 
[*] MSGRPC Username: test
[*] MSGRPC Password: test1234
[*] Successfully loaded plugin: msgrpc

Edit the following files to put the value previsouly entered in Metasploit:

$ nano classifier4gyoithon/config.ini
...snip...
[GyoiExploit]
server_host      : 192.168.4.4	# Replace with your Kali IP address
server_port      : 55553
msgrpc_user      : test
msgrpc_pass      : test1234
timeout          : 10
LHOST            : 192.168.4.4
LPORT            : 4444
data_path        : data
wait_for_banner  : 1
...snip...

Edit the target file:

$ nano host.txt 
65.61.137.117 80 /
65.61.137.117 80 /bank/login.aspx

Then run GyoiThon: $ python gyoithon.py

Official documentation

Halcyon IDE

  • IDE for Nmap Script Developers
  • Jar file

Installation

$ wget https://github.com/s4n7h0/Halcyon/releases/download/2.0.1/Halcyon_IDE_v2.0.1.jar
$ java -jar Halcyon_IDE_v2.0.1.jar
halcyon-ide-1.png On Kali Linux, choose "Autoconfig", it automatically fills the fiels with the right paths: halcyon-ide-2.png Then restart Halcyon IDE to make the changes effective.

Usage

$ java -jar Halcyon_IDE_v2.0.1.jar &

Local-sheriff

  • A recon tool in your browser (WebExtension). While you normally browse the internet, Local Sheriff works in the background to empower you in identifying what data points (PII) are being shared / leaked to which all third-parties.
  • Chrome/Firefox extension

Installation

Chrome extension

Add the extension manually to Firefox:

  1. $ git clone https://github.com/cliqz-oss/local-sheriff.git
  2. Open about:debugging
  3. Load temporary-addon
  4. Point to the folder local-sheriff and select manifest.json.

Repeat steps 2 to 4 must be everytime you restart the browser.

Usage

Click the Local Sheriff extension icon & follow the indications displayed.

Passionfruit

  • Simple iOS app blackbox assessment tool. Powered by frida.re and vuejs.
  • NPM package

Installation

$ npm cache clean
$ npm install -g passionfruit

Usage

$ passionfruit

Sh00t

  • A highly customizable, intelligent platform that understands the life of bug hunters and emphasizes on manual security testing.
  • Python tool

Installation

$ git clone https://github.com/pavanw3b/sh00t.git
$ cd sh00t/
$ pip install -r requirements.txt --user
$ python manage.py migrate
$ python manage.py createsuperuser

Usage

LHT (Lossy Hash Table) Calculator

  • Cracks passwords or keys from a small key space near instantly. A small key space being a few trillion (40+ bits).
  • Online tool

GreyNoise

  • Online tool

Please let me know if you have a comment, requests for tutorials, questions, etc.

See you next time!

Top