Installing the latest pentest tools from Defcon 26 Demo Labs

DEF CON 26 didn’t take place yet, but the list of the Demo Labs has already been published.

I was just browsing it out of curiosity and realized that a lot of the tools that will be featured in these labs are already publicly available! So I decided to try them & see which ones are worth adding or are compatible with my pentesting arsenal & methodology.
This blog post is a summary of the steps I took to install these tools.

Note that I only chose the ones that are pertaining to the kind of tests I’m doing.
“PA Toolkit – Wireshark plugins for Pentesters” is the only one I’m interested in that wasn’t released yet, so I’m waiting for it! I will update this blog post to add it, after its release.

trackerjacker

  • Like nmap for mapping wifi networks you’re not connected to, plus device tracking. Maps and tracks wifi networks and devices through raw 802.11 monitoring.
  • Python tool

Installation

pip3 install trackerjacker

Usage

trackerjacker -h

ADRecon

  • ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
  • Windows Powershell tool

Installation

Prerequisites

Download ADRecon & unzip it.

Usage

PS C:\ADRecon-master> Get-Help .\ADRecon.ps1

Archery

  • Open Source Vulnerability Assessment and Management helps developers and pentesters to perform scans and manage vulnerabilities.
  • Python tool

Installation

$ git clone https://github.com/archerysec/archerysec.git
$ cd archerysec
$ chmod +x run.sh
$ sudo ./run.sh

Usage

python manage.py help
python manage.py runserver 127.0.0.1:8000
Hit <http://127.0.0.1:8000/>

Official documentation

boofuzz

  • Boofuzz is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility. The goal: fuzz everything.
  • Python library

Installation

pip install boofuzz

Usage

Official documentation

Cloud Security Suite (cs-suite) - Version 2.0

  • Cloud Security Suite - One stop tool for auditing the security posture of AWS & GCP infrastructure.
  • Python tool

Installation

Prerequisites

  • AWS Audit - AWS ReadOnly Keys
  • GCP Audit - gcloud setup
$ git clone https://github.com/SecurityFTW/cs-suite.git
$ cd cs-suite/
$ sudo python setup.py

Usage

python cs.py -env aws				# Run AWS Audit
python cs.py -env gcp -pId <project_name>	# Run GCP Audit

conformer

  • Password Guessing for different Web Portals
  • BASH script

Installation

$ git clone https://github.com/mikhbur/conformer.git
$ cd conformer/
$ chmod +x conformer.sh

Usage

$ ./conformer.sh

eaphammer

  • Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.
  • Python tool

Installation

$ git clone https://github.com/s0lst1c3/eaphammer.git
$ cd eaphammer
$ ./kali-setup

Usage

./eaphammer

Expliot

  • Framework for security testing IoT and IoT infrastructure
  • Python tool

Installation

$ git clone https://gitlab.com/expliot_framework/expliot.git
$ cd expliot
$ python3 setup.py install

Usage

$ efconsole

GyoiThon

  • A growing penetration test tool using Machine Learning.
  • Python tool

Installation

$ git clone https://github.com/gyoisamurai/GyoiThon.git 
$ cd GyoiThon
$ pip install -r requirements.txt

Usage

msfdb init
msfconsole
msf > load msgrpc ServerHost=192.168.4.4 ServerPort=55553 User=test Pass=test1234
[*] MSGRPC Service:  192.168.4.4:55553 
[*] MSGRPC Username: test
[*] MSGRPC Password: test1234
[*] Successfully loaded plugin: msgrpc

Edit the following files to put the value previsouly entered in Metasploit:

$ nano classifier4gyoithon/config.ini
...snip...
[GyoiExploit]
server_host      : 192.168.4.4	# Replace with your Kali IP address
server_port      : 55553
msgrpc_user      : test
msgrpc_pass      : test1234
timeout          : 10
LHOST            : 192.168.4.4
LPORT            : 4444
data_path        : data
wait_for_banner  : 1
...snip...

Edit the target file:

$ nano host.txt 
65.61.137.117 80 /
65.61.137.117 80 /bank/login.aspx

Then run GyoiThon: $ python gyoithon.py

Official documentation

Halcyon IDE

  • IDE for Nmap Script Developers
  • Jar file

Installation

$ wget https://github.com/s4n7h0/Halcyon/releases/download/2.0.1/Halcyon_IDE_v2.0.1.jar
$ java -jar Halcyon_IDE_v2.0.1.jar

halcyon-ide-1.png On Kali Linux, choose “Autoconfig”, it automatically fills the fiels with the right paths: halcyon-ide-2.png Then restart Halcyon IDE to make the changes effective.

Usage

$ java -jar Halcyon_IDE_v2.0.1.jar &

Local-sheriff

  • A recon tool in your browser (WebExtension). While you normally browse the internet, Local Sheriff works in the background to empower you in identifying what data points (PII) are being shared / leaked to which all third-parties.
  • Chrome/Firefox extension

Installation

Chrome extension

Add the extension manually to Firefox:

  1. $ git clone https://github.com/cliqz-oss/local-sheriff.git
  2. Open about:debugging
  3. Load temporary-addon
  4. Point to the folder local-sheriff and select manifest.json.

Repeat steps 2 to 4 must be everytime you restart the browser.

Usage

Click the Local Sheriff extension icon & follow the indications displayed.

Passionfruit

  • Simple iOS app blackbox assessment tool. Powered by frida.re and vuejs.
  • NPM package

Installation

$ npm cache clean
$ npm install -g passionfruit

Usage

$ passionfruit

Sh00t

  • A highly customizable, intelligent platform that understands the life of bug hunters and emphasizes on manual security testing.
  • Python tool

Installation

$ git clone https://github.com/pavanw3b/sh00t.git
$ cd sh00t/
$ pip install -r requirements.txt --user
$ python manage.py migrate
$ python manage.py createsuperuser

Usage

LHT (Lossy Hash Table) Calculator

  • Cracks passwords or keys from a small key space near instantly. A small key space being a few trillion (40+ bits).
  • Online tool

GreyNoise

  • Online tool

Please let me know if you have a comment, requests for tutorials, questions, etc.

See you next time!


Comments