DEF CON 26 didn’t take place yet, but the list of the Demo Labs has already been published.
I was just browsing it out of curiosity and realized that a lot of the tools that will be featured in these labs are already publicly available! So I decided to try them & see which ones are worth adding or are compatible with my pentesting arsenal & methodology.
This blog post is a summary of the steps I took to install these tools.
Note that I only chose the ones that are pertaining to the kind of tests I’m doing.
“PA Toolkit – Wireshark plugins for Pentesters” is the only one I’m interested in that wasn’t released yet, so I’m waiting for it! I will update this blog post to add it, after its release.
trackerjacker
- Like nmap for mapping wifi networks you’re not connected to, plus device tracking. Maps and tracks wifi networks and devices through raw 802.11 monitoring.
- Python tool
Installation
pip3 install trackerjacker
Usage
trackerjacker -h
ADRecon
- ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
- Windows Powershell tool
Installation
Prerequisites
- .NET Framework 3.0 or later
- PowerShell 2.0 or later
- Microsoft Excel (optional)
- Remote Server Administration Tools for Windows 10 or for Windows 7
Download ADRecon & unzip it.
Usage
PS C:\ADRecon-master> Get-Help .\ADRecon.ps1
Archery
- Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities.
- Python tool
Installation
$ git clone https://github.com/archerysec/archerysec.git
$ cd archerysec
$ chmod +x run.sh
$ sudo ./run.sh
Usage
python manage.py help
python manage.py runserver 127.0.0.1:8000
Hit <http://127.0.0.1:8000/>
boofuzz
- Boofuzz is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility. The goal: fuzz everything.
- Python library
Installation
pip install boofuzz
Usage
Cloud Security Suite (cs-suite) - Version 2.0
- Cloud Security Suite - One stop tool for auditing the security posture of AWS & GCP infrastructure.
- Python tool
Installation
Prerequisites
- AWS Audit - AWS ReadOnly Keys
- GCP Audit - gcloud setup
$ git clone https://github.com/SecurityFTW/cs-suite.git
$ cd cs-suite/
$ sudo python setup.py
Usage
python cs.py -env aws # Run AWS Audit
python cs.py -env gcp -pId <project_name> # Run GCP Audit
conformer
- Password Guessing for different Web Portals
- BASH script
Installation
$ git clone https://github.com/mikhbur/conformer.git
$ cd conformer/
$ chmod +x conformer.sh
Usage
$ ./conformer.sh
eaphammer
- Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.
- Python tool
Installation
$ git clone https://github.com/s0lst1c3/eaphammer.git
$ cd eaphammer
$ ./kali-setup
Usage
./eaphammer
Expliot
- Framework for security testing IoT and IoT infrastructure
- Python tool
Installation
$ git clone https://gitlab.com/expliot_framework/expliot.git
$ cd expliot
$ python3 setup.py install
Usage
$ efconsole
GyoiThon
- A growing penetration test tool using Machine Learning.
- Python tool
Installation
$ git clone https://github.com/gyoisamurai/GyoiThon.git
$ cd GyoiThon
$ pip install -r requirements.txt
Usage
msfdb init
msfconsole
msf > load msgrpc ServerHost=192.168.4.4 ServerPort=55553 User=test Pass=test1234
[*] MSGRPC Service: 192.168.4.4:55553
[*] MSGRPC Username: test
[*] MSGRPC Password: test1234
[*] Successfully loaded plugin: msgrpc
Edit the following files to put the value previsouly entered in Metasploit:
$ nano classifier4gyoithon/config.ini
...snip...
[GyoiExploit]
server_host : 192.168.4.4 # Replace with your Kali IP address
server_port : 55553
msgrpc_user : test
msgrpc_pass : test1234
timeout : 10
LHOST : 192.168.4.4
LPORT : 4444
data_path : data
wait_for_banner : 1
...snip...
Edit the target file:
$ nano host.txt
65.61.137.117 80 /
65.61.137.117 80 /bank/login.aspx
Then run GyoiThon:
$ python gyoithon.py
Halcyon IDE
- IDE for Nmap Script Developers
- Jar file
Installation
$ wget https://github.com/s4n7h0/Halcyon/releases/download/2.0.1/Halcyon_IDE_v2.0.1.jar
$ java -jar Halcyon_IDE_v2.0.1.jar
On Kali Linux, choose “Autoconfig”, it automatically fills the fiels with the right paths:
Then restart Halcyon IDE to make the changes effective.
Usage
$ java -jar Halcyon_IDE_v2.0.1.jar &
Local-sheriff
- A recon tool in your browser (WebExtension). While you normally browse the internet, Local Sheriff works in the background to empower you in identifying what data points (PII) are being shared / leaked to which all third-parties.
- Chrome/Firefox extension
Installation
Add the extension manually to Firefox:
$ git clone https://github.com/cliqz-oss/local-sheriff.git- Open about:debugging
- Load temporary-addon
- Point to the folder local-sheriff and select manifest.json.
Repeat steps 2 to 4 must be everytime you restart the browser.
Usage
Click the Local Sheriff extension icon & follow the indications displayed.
Passionfruit
- Simple iOS app blackbox assessment tool. Powered by frida.re and vuejs.
- NPM package
Installation
$ npm cache clean
$ npm install -g passionfruit
Usage
$ passionfruit
Sh00t
- A highly customizable, intelligent platform that understands the life of bug hunters and emphasizes on manual security testing.
- Python tool
Installation
$ git clone https://github.com/pavanw3b/sh00t.git
$ cd sh00t/
$ pip install -r requirements.txt --user
$ python manage.py migrate
$ python manage.py createsuperuser
Usage
$ python manage.py runserver- Hit http://127.0.0.1:8000/
Ctrl + Cto stop the server
LHT (Lossy Hash Table) Calculator
- Cracks passwords or keys from a small key space near instantly. A small key space being a few trillion (40+ bits).
- Online tool
GreyNoise
- Online tool
Please let me know if you have a comment, requests for tutorials, questions, etc.
See you next time!
Comments