Monthly Archives: March 2018

Blind Cross Site Scripting

ezXSS: Test Blind Cross Site Scripting

Category : Blog

Blind Cross Site Scripting

Blind cross site scripting (BXSS) is a variation of stored XSS, where the injection point and the execution point are different. It’s harder to find and certainly requires a different methodology than testing for stored (non-blind), reflected, or even DOM-based XSS.

Typically, with stored Blind cross site scripting, the payload is executed on the same page it was injected in.

Blind Cross Site Scripting

ezXSS: Test Blind Cross Site Scripting

ezXSS is an easy way to test blind Cross Site Scripting.

Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts (also commonly referred to as a malicious payload) into a legitimate website or web application. XSS is amongst the most rampant of web application vulnerabilities and occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.

ezXSS

Features of ezXSS:

  • Easy to use dashboard with statics, payloads, view/share/search reports and more
  • Payload generator
  • Instant email alert on the payload
  • Custom javascript for extra testing
  • Prevent double payloads from saving or alerting
  • Share reports with other ezXSS users
  • Easily manage and view reports in the system
  • Search for reports in no time
  • Secure your system account with extra protection (2FA)
  • The following information is collected on a vulnerable page:
  • The URL of the page
  • IP Address
  • Any page referer (or share referer)
  • The User-Agent
  • All Non-HTTP-Only Cookies
  • Full HTML DOM source of the page
  • Page origin
  • Time of execution
  • its just ez

Payload

Required

  • PHP 5.5 or up
  • A domain name (consider a short one)
  • An SSL if you want to test on https websites (consider Cloudflare or Let’s Encrypt for a free SSL)

SSL

Blind Cross site Scripting (XSS) Vulnerability Detection

One of the major features that XSS Hunter offers is the ability to find blind XSS. This is a vulnerability where an XSS payload fires in another user’s browser (such as an administrative panel, support system, or logging application) which you cannot “see” (e.g. it does not fire in your browser). XSS Hunter addresses this by recording extensive information about each payload fire in its database.

XSS

 

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training

Cybersecurity services that can protect your company:

 

Web Security | Web Penetration Testing

Network Penetration Tester – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 


CredSSP

Critical bugs in CredSSP allow remote code execution on Servers

Category : Blog

CredSSP allow remote code

The newly discovered Credential Security Support Provider protocol (CredSSP) vulnerability on the Windows platform allows hackers to use Remote Desktop Protocol (RDP) and Windows Remote Manager (WinRM) to remotely steal data or run malicious code. The CredSSP protocol was originally designed to provide cryptographic authentication when Windows hosts use RDP or WinRM for remote connections.

This vulnerability (CVE-2018-0886) was discovered by a researcher at a company named Preempt Security. There is a logical encryption vulnerability in the CredSSP protocol. A hacker can use a wireless connection to initiate a man-in-the-middle attack. Physical connection to the network, you can also initiate a remote call (Remote Procedure Call) to steal the authentication information in the computer process.

CredSSP

 

How Does CredSSP Attack Work?

An attacker can exploit this vulnerability in conjunction with a man-in-the-middle attack. The attacker will set up the man-in-the-middle, wait for a CredSSP session to occur, and once it does, will steal session authentication and perform a Remote Procedure Call (DCE/RPC) attack on the server that the user originally connected to (e.g., the server user connected with RDP). An attacker which have stolen a session from a user with sufficient privileges could run different commands with local admin privileges. This is especially critical in case of domain controllers, where most Remote Procedure Calls (DCE/RPC) are enabled by default.

attacker

 

CredSSP attack could be mounted list:

An attacker with WiFi/Physical access – If an attacker has some physical access to your network, then he could easily launch a man-in-the-middle attack. If you also have WiFi deployed in areas of your network, you might be vulnerable to key reinstallation attacks (KRACK), thus making all machines that do RDP via WiFI exposed to this new attack.

WiFi

Address Resolution Protocol (ARP) poisoning – Despite being an old attack technique, many networks are still not 100% protected from ARP poisoning. If this is the case in your network, this new vulnerability means an attacker with control of one machine could easily move laterally and infect all machines in the same network segment.

ARP

 

Attacking sensitive servers (including domain controllers) – Sometimes, an attacker has control of several workstations in an organization and needs to find a way to infect sensitive business-critical servers (which might require higher privileges).

servers

 

Most corporate internal networks use the Windows RDP protocol for remote login. Preempt’s researchers reported this vulnerability to Microsoft last August but until now Microsoft released a patch for the vulnerability.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Tester – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery


Agrigento

Agrigento: Identify privacy leaks in Android apps

Category : Blog

Agrigento

Agrigento is a tool to identify privacy leaks in Android apps by performing black-box differential analysis on the network traffic. It performs root cause analysis of non-determinism in the network behavior of Android apps.

Agrigento works in two steps: first, Agrigento establishes a baseline of the network behavior of an app; then, modifies sources of private information, such as the device ID and location, and detects privacy leaks by observing deviations in the resulting network traffic. The main contribution of this work is to make black-box differential analysis practical when applied to modern Android apps.

Agrigento

Agrigento sources:

Agrigento is able to eliminate the different sources of non-determinism by intercepting calls from the app to certain Android API calls and recording their return values, and in some cases replacing them (either by replaying previously seen values or by returning constant values).

  • It records the timestamps generated during the first run of each app and replays the same values in the further runs.
  • It records the random identifiers (UUID) generated by the app.
  • It records the plaintext and ciphertext values whenever the app performs encryption.
  • The instrumented environment sets a fixed seed for all random number generation functions.
  • It replaces the values of system-related performance measures (e.g., free memory, available storage space) with a set of constants.

App

Agrigento requires other modules to be installed on the Android device:

  • [Xposed].
  • [CryptoHooker] – Collect contentextual information.
  • [Changer] – Modify the values of private information sources.
  • [JustTrustMe] – Handle certificate pinning.
  • [Android Mock-location] – Allow to set mock location through ADB.

Android

Agrigento Network Behavior:

Agrigento looks for privacy leaks at all levels of the tree, i.e., in all parts of the HTTP request: the domain, path, key, and values, as well as the headers and the payload. In the current implementation Agrigento includes parsers for application/x-www-form-urlencoded, application/json, and any content that matches a HTTP query format. However, it can be easily extended with parsers for further content types.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Tester – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 


Dorothy

Dorothy 2: A malware/botnet analysis framework

Category : Blog

Dorothy 2

Dorothy 2 is a malware/botnet analysis framework written in Ruby.

Dorothy 2 is a framework created for suspicious binary analysis. Main strengths of Dorothy are a very flexible modular environment and an interactive investigation framework with a particular care of the network analysis. Additionally, it is able to recognize newly spawned processes by comparing them with a previously created baseline. Static binary analysis and an improved system behavior analysis will be shortly introduced in the next versions. Dorothy 2 analyses binaries by the use of pre-configured analysis profiles.

Dorothy

Dorothy 2 analysis profile is composed of the following elements:

Sandbox

The use of profiles gives the researcher the possibility to run analysis on a set of binaries by using different environments. As it is known, some malwares are configured to run only in the specific environment.

The first three modules of Dorothy are publicly released under GPL 2/3 license as tribute to the the Honeynet Project Alliance. All the information generated by the framework – i.e. binary info, timestamps, dissected network analysis.

Dorothy needs the following software:

  • VMWare ESX >= 5.0 (tip: if you download ESXi, you can evaluate ESX for 30 days)
  • Ruby 1.9.3
  • Postgres >= 9.0
  • At least one Windows virtual machine
  • One unix-like machine dedicated to the Network Analysis Engine(NAM) (tcpdump/ssh needed)
  • pcapr-local (only used by doroParser)
  • MaxMind libraries (only used by doroParser)

modules

The framework is mainly composed of five modules that can be even executed separately.

  • The Binary Fetcher Module (BFM)
  • The Dorothy analysis engine
  • The (network) Data Extraction Module (old dparser)
  • The (dummy) Webgui
  • The Java Dorothy Drone

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Tester – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery


Trinity

Trinity – Fuzz tester

Category : Blog

Trinity – A Linux System call fuzz tester

Trinity is a Fuzz testing engine. One that has been done many times before on Linux, and on other operating systems, where Trinity differs is that the arguments it passes are not purely random. Trinity is slightly different from traditional fuzzing.

Trinity

Trinity Fuzzer knows how to do “really evil call to syscalls

Trinity Fuzzer is really good at locating bugs in FS.

syscall

 

Trinity creates up a pool of file descriptors, from pipes, sysfs, procfs, /dev and sockets when a system call needs a file descriptor. Trinity also uses information about system calls to provide “something at least semi-sensible”.

Trinity supports Alpha, Aarch64, ARM, i386, IA-64, MIPS, PowerPC-32 etc.

Trinity adding support for additional architectures is a small amount of work mostly involving just defining the order of the syscall table. Trinity also has improved reproducibility so that, when a kernel oops occurs, Trinity records the last random seed used so a developer can use its value to recreate the problem.

Trinity is a system call fuzzer which employs some techniques to pass semi-intelligent arguments to the syscalls.

Trinity has a “syscalls group” dedicated to VFS syscalls.

Trinity

The intelligence features include in Trinity:

  • If a system call expects a certain datatype as an argument (for example a file descriptor) Trinity gets passed one.
  • If a system call only accepts certain values as an argument, (for example a ‘flags’ field), Trinity has a list of all the valid flags that may be passed.

 

System

Trinity logs it’s output to files (1 for each child process), and fsync’s the files before Trinity actually makes the system call.

Trinity Examples:

If one run Trinity without any arguments as a non-root user, it will scan for fd’s as mentioned above, then create a number of child processes.

With warning out of the way: Trinity has a neat feature called ‘victim files’.

Trinity

There are almost always new kernel bugs being triggered by trinity.

Sometimes, trinity causes the oom-killer to trigger.

Trinity put the light on the Bug

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training


Malheur

MALHEUR – Automatic Analysis of Malware Behavior

Category : Blog

Malheur: Automatic Analysis of Malware Behavior

Malheur is a tool of automatic analysis malware behavior. Malheur has been designed to support the regular analysis of malicious software and the development of detection and defense measures. Malheur allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes.

Malheur

MALHEUR supports four basic actions for analysis:

Malheur permits for figuring out novel lessons of malware.

  1. Malheur supports Extraction of prototypes: Malheur identifies a subset of prototypes representative for the full data set.
  2. Malheur supports Clustering of behavior: Malheur automatically identifies groups (clusters) of reports containing similar behavior.
  3. Malheur supports Classification of behavior: Malheur is able to assign unknown behavior to known groups of malware.
  4. Malheur supports Incremental analysis: Malheur can be applied incrementally for analysis of large datasets. By processing reports in chunks, the run-time can be significantly reduced. This renders the application of Malheur feasible.

Behavior

Analysis of malware behavior by Malheur:

Malware binaries are collected in the wild and executed in a sandbox, where behavior of Malheur is monitored during run-time. Malheur analyzes reports for discovery and discrimination of malware classes using machine learning. Malheur can be applied to recorded behavior of various format, for example as in reports generated by CWSandbox, Anubis, Norman Sandbox and Joebox.

Malheur

Actions & Options of Malheur

Malheur supported different actions for analysis of a dataset. For all actions the reports of Malheur are first mapped to a high-dimensional vector space.

Action

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training

 


Droid

DAFF – Droid Application Fuzz Framework

Category : Blog

Droid Application Fuzz Framework

Droid Application Fuzz Framework (DAFF) helps to fuzz Android Browsers and PDF Readers for memory corruption bugs in real android devices. Everyone can use the inbuilt fuzzers or import fuzz files from one’s own custom fuzzers. DAFF consist of inbuilt fuzzers and crash monitor. 

Droid-FF is the very first Android fuzzing framework which helps researchers find memory corruption bugs written in c /c ++ – It comes as a VM which is ready to go and easy to work with.

Native code for Droid-FF is preferred over JIT languages due to their memory efficiency and speed, but security bugs within native code can result in exploits that can take over the Android system . The goal of the fuzzer is help researchers find security bugs by fuzzing Android.

Droid

Droid Application Fuzz Framework currently supports fuzzing the following applications:

Browsers:

  1. Google Chrome
  2. Mozilla Firefox
  3. Opera
  4. UC Browser

Browser

 

 

Data Generation

Currently includes Peach, with some pre-populated pit files, which helps in generating data be it “dex,ttf,png,avi,mp4” etc

Approaches

a . Dumb fuzzing: From a large input section of valid data , the fuzzer generates new data with mutations in place.

Intelligent Fuzzing: File format representation of the target data and let the fuzzer generate data which is structurally valid, but has invalid data in sections.

Fuzzing System

The fuzzing system is an automated program which runs the dataset against the target program and deals with any error conditions that can possibly happen. It also maintains state so that we could resume the fuzzing from the right place in an event of a crash.

Fuzzing

Advanced Triage System

In the event of a valid crash, the triage system collects the tombstone files which contains the dump of the registers and system state with detailed information. It also collects valid logs and the file responsible for the crash and moves it to the triage database. The triage database runs scripts on the data derived from crashes, like the type pf the crash, for eg : SIGSEGV, the PC address at this crash and checks for any duplicate, if found, the duplicate entry is removed and is moved to crashes for investigation.

Advanced

Using during this lab:

The android system which we are going to fuzz is an Engineering build from AOSP which has symbols, thus in an event of a crash, it will be much easier to triage the crash. The system supports fuzzing real devices, emulators , and images running on virtual box.

Android


Mara Framework: Mobile Application Reverse engineering and Analysis Framework

Category : Blog

Mara Framework

MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a tool that puts together commonly used mobile application reverse engineering and analysis tools, to assist in testing mobile applications against the OWASP mobile security threats. Its objective is to make this task easier and friendlier to mobile application developers and security professionals.

How it all started

For the past few months by digging into the Android Operating system to understand its inner workings and how different elements are pieced together. It is decided to start of with trying to understand how applications are developed.

The first step was to understand the components of an android application, then later how the operating system executes it, what data is stored, where its stored and who had access to it.

It soon started to become quite frustrating on having to run various tools to get different output. For example, running dex to jar to convert the android application (apk) into a jar file or converting the apk into smali bytecode using baksmali. This process was not only inconvenient and slow, but i could only reverse engineer and study one app at a time. At this point in time my good friend Chrispus was also facing the same challenges on reverse engineering android apps.

After a bit of googling it came across MobSF.  Its an awesome tool that performs both static and dynamic analysis of both Android and iOS applications. After downloading the tool from github and poking around in it, found the strings it was using to perform the static analysis, and that was when we had the light bulb moment.

It has figured, why don’t we use the same strings to perform the static analysis but dumping the identified matches to a text file for review. First thing first, was to ask Ajin, the creator of MobSF for permission to use the detection strings, of which he obliged. What crossed our minds next was the OWASP mobile top 10, which checks are supposed to be performed on an mobile application in accordance to OWASP mobile security threats. then it came across the list of mobile app checklist on the OWASP website for both static and dynamic analysis.
After a few months of bash scripting, the simple reverse engineering script morphed into the MARA framework. A tool that decompiles android application, java classes, dex file and class files into java class files, then proceeds to statically analyze them.  Included androbugs to scan for potential vulnerabilities in the apk, alongside a number of other tools. There is also an integrated SSL scanner for scanning domains extracted from the resulting source code. This was nothing more than a script to make our work easier, faster and more efficient.

OWASP mobile

Features supported:

APK Reverse Engineering

  • Disassembling Dalvik bytecode to smali bytecode via baksmali and apktool
  • Disassembling Dalvik bytecode to java bytecode via enjarify
  • Decompiling APK to Java source code via jadx

APK Deobfuscation

  • APK deobfuscation via apk-deguard.com

APK Analysis

  • Parsing smali files for analysis via smalisca
  • Dump apk assets,libraries and resources
  • Extracting certificate data via openssl
  • Extract strings and app permissions via aapt
  • Identify methods and classes via ClassyShark
  • Scan for apk vulnerabilities via androbugs
  • Analyze apk for potential malicious behaviour via androwarn
  • Identify compilers, packers and obfuscators via APKiD
  • Extract execution paths, IP addresses, URL, URI, emails via rege

APK Manifest Analysis

  • Extract Intents
  • Extract exported activities
  • Extract receivers
  • Extract exported receivers
  • Extract Services
  • Extract exported services
  • Check if apk is debuggable
  • Check if apk allows backups
  • Check if apk allows sending of secret codes
  • Check if apk can receive binary SMS

APK

Domain Analysis

  • Domain SSL scan via pyssltest and testssl
  • Website fingerprinting via whatweb

Security Analysis

  • Source code static analysis based on OWASP Top Mobile Top 10 and the OWASP Mobile Apps Checklist
  • MARA is capable of performing either single or mass analysis of apk, dex or jar files.

For more information please follow the LINK

Conclusion:

A multiple set of test tools will be necessary for a more thorough and comprehensive testing process .I have given an overview of the MARA Framework setup process and how it can expedite your android app reverse engineering and static analysis process.

BriskInfosec holds utmost experience in Mobile App Penetration Test to identify potential vulnerabilities and insure coding practises in android application.

multiple

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training

 


Hash

Hash Buster – scraps online hash crackers to find cleartext of a hash

Category : Blog

Hash Buster

A hash buster is a program that generates a string of text for insertion in a spam message so that, to a spam filter, the e-mail appears to be a different message each time it is sent. The text might appear in the Subject line, its From line, or after the message body, and might either be coherent text or gibberish. The latter is sometimes arranged in word-like formations to be less easily detected.

The hashing process, used by some spam filters, represents each message as a single number (known as a hash) to simplify comparison. Each number is then compared to those of other messages to determine if it matches a list of known spam messages or enough other messages to determine bulk e-mail status. However, a hash buster is only effective for spam filters that rely solely on hash comparison, and most such programs combine a number of approaches.

More update follow: github.com

Hash

Features of Hash Buster:

Detects hash

MD5 Support

SHA1 Support

SHA2 Support

Features

Detects hash

PTH is a one of the hash buster attack technique that allows an attacker to start lateral movement in the network over the NTLM protocol, without the need for the user password. We evaluated a number of legitimate and illegitimate scenarios for (PTH) NTLM connections to see the differences and how each of these can be distinguished. Based on our findings, CyberArk Labs created a freely available tool (Ketshash) that detects live PTH attempts.

PTH

MD5 Support

Hash Buster MD5 is hashing algorithm (one-way cryptographic function) that accepts a message of any length as input and returns as output a fixed-length digest value to be used for authenticating the original message.

MD5 has been deprecated for uses other than as a non-cryptographic checksum to verify data integrity and detect unintentional data corruption.

MD5

SHA1 Support

SHA – standing for secure hash algorithm used by certification authorities to sign certificates and CRL (certificates revocation list). Introduced in 1993 by NSA with SHA0, it is used to generate unique hash values from files. Developed as part of the U.S. Government’s Capstone project.

Since 2005 SHA-1 has not been considered secure against well-funded opponents, and since 2010 many organizations have recommended its replacement by SHA-2 or SHA-3. Microsoft, Google, Apple and Mozilla have all announced that their respective browsers will stop accepting SHA-1 SSL certificates by 2017.

According to Venafi, after January this kind of certificate use will cause major performance disruptions. For example, browsers will alert users that sites using SHA-1 are insecure and won’t display a green padlock or other symbol for secure HTTPS transactions. Browsers may even block access to sites that use the outdated certificates.

SHA-1

SHA2 Support

SHA-2 is a set of cryptographic hash functions which includes SHA-224, SHA-256, and SHA-512. The 256 in SHA-256 represents the bit size of the hash output or digest when the hash function is performed. Not all software supports every digest size within the SHA-2 family. Most browsers, platforms, mail clients, and mobile devices already support SHA-2. However, some older operating systems such as Windows XP pre-SP3 do not support SHA-2 encryption.

Many organizations will be able to convert to SHA-2 without running into user experience issues, and many may want to encourage users running older, less secure systems to upgrade.

SHA-2

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training

 

 


Network Sniffing Tools

Top 20 Network Sniffing Tools

Category : Blog

Network Sniffing Tools

Network Sniffing Tools were listed since 2014 from the web’s favorite hacking/ pentesting software hacker tools as used by hackers, geeks, ethical hackers and security engineers (as well as black hat hackers).

This list and resource sprung to life when we organized an online poll way back in 2013 that was very well received and the below are the recommended tools that all voted as the ‘Top Ten List of Hacking Tools’.

Network Sniffing Tools

Nmap (Network Mapper)

Nmap is an abbreviation of ‘Network Mapper’, and it’s very well known free open source hackers tool. It is mainly used for network discovery and security auditing. As a tool uses raw IP packets in creative ways to determine what hosts are available on the network, what services (application name and version) those hosts are providing information about, what operating systems (fingerprinting) and what type and version of packet filters/ firewalls are being used by the target. It was designed to rapidly scan large networks, but works fine against single hosts.

Nmap

Metasploit Penetration Testing Software

The Metasploit Project is a hugely popular pentesting or hacking framework. It is very essential network sniffing tools which provides the user with vital information regarding known security vulnerabilities and helps to formulate penetration testing and IDS testing plans, strategies and methodologies for exploitation. Most practical IT Security courses such as OSCP and CEH include a Metasploit component. It helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game.

Metasploit

John The Ripper

John the Ripper is free and Open Source software which is famous network sniffing tools, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of “native” packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance. This tool can also be used to perform a variety of alterations to dictionary attacks.

John The Ripper

 THC Hydra

THC Hydra is a popular password cracker and has a very active and experienced development team. Essentially THC Hydra is a fast and stable Network sniffing Tools that will use dictionary or brute-force attacks to try various password and login combinations against an log in page. This hacking tool supports a wide set of protocols including Mail (POP3, IMAP, etc.), Databases, LDAP, SMB, VNC, and SSH.

The Hydra

 OWASP Zed

The Zed Attack Proxy (ZAP) is one of the most popular network sniffing tools named as OWASP projects. The fact that you’ve reached this page means that you are likely already a relatively seasoned cybersecurity professional so it’s highly likely that you are very familiar with OWASP, not least the OWASP Top Ten Threats listing which is considered as being the ‘guide-book’ of web application security. This hacking and pentesting tool is a very efficient as well as being an ‘easy to use’ program that finds vulnerabilities in web applications.

Zed

Wireshark

Wireshark is the world’s foremost and widely-used network sniffing tools and very popular pentesting tool. It can locate what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions.

Wireshark essentially captures data packets in a network in real time and then displays the data in human-readable format (verbose). The tool (platform) has been highly developed and it includes filters, color-coding and other features that lets the user dig deep into network traffic and inspect individual packets.

Wireshark

 Aircrack-ng

The Aircrack is a Wifi (Wireless) hacking or network sniffing tools. This network sniffing tool are very effective when used in the right hands. For those new to this wireless-specific hacking program, Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking hacking tool that can recover keys when sufficient data packets have been captured (in monitor mode).  All tools are command line which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily Linux but also Windows, OS X, FreeBSD, OpenBSD, NetBSD, as well as Solaris and even eComStation 2.

Aircrack

Maltego

Maltego is a unique network sniffing tools and it is an unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates and is a platform that was designed to deliver an overall cyber threat picture to the enterprise or local environment in which an organization operates. It is an unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure.

One of the awesome things about Maltego which likely makes it so popular (and included in the Kali Linux Top Ten) is its’s unique perspective in offering both network and resource based entities is the aggregation of information sourced throughout the web.

Maltego

 

Cain and Abel Hacking Tool

Cain and Abel is a password recovery tool which is a popular network sniffing tools for Microsoft Windows but it can be used off-label in a variety of uses, for example, white and black hat hackers use Cain to recover. Many types of passwords using methods such as network packet sniffing and by using the tool to crack password hashes.

Cain and Abel

Nikto Website Vulnerability Scanner

Nikto is a classic Network Sniffing Tool’ that a lot of pentesters like to use. Nickto is sponsored by Netsparker (which is yet one of the Network Sniffing Tools). It is an Open Source (GPL) web server scanner which is able to scan and detect web servers for vulnerabilities. It performs over 6000 tests against a website. The large number of tests for both security vulnerabilities and mis-configured web servers makes it a go to tool for many security professionals and systems administrators. It can find forgotten scripts and other hard to detect problems from an external perspective.

Nikto

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training


×

Hello!

Click one of our representatives below to chat on WhatsApp or send us an email to hello@quadlayers.com

× Hi How can we help you