BeEF – Browser exploitation framework

Tool Description

BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.

Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.

Tool Source: http://beefproject.com/

Kali Repo: http://git.kali.org/gitweb/?p=packages/beef-xss.git;a=summary

Video Tutorial: Coming Soon!

 

Cookie Cadger – Cookie auditing tool for wired and wireless networks

Tool Description

Cookie Cadger helps identify information leakage from applications that utilize insecure HTTP GET requests.

Web providers have started stepping up to the plate since Firesheep was released in 2010. Today, most major websites can provide SSL/TLS during all transactions, preventing cookie data from leaking over wired Ethernet or insecure Wi-Fi. But the fact remains that Firesheep was more of a toy than a tool. Cookie Cadger is the first open-source pen-testing tool ever made for intercepting and replaying specific insecure HTTP GET requests into a browser.

Cookie Cadgers Request Enumeration Abilities

Cookie Cadger is a graphical utility which harnesses the power of the Wireshark suite and Java to provide a fully cross-platform, entirely open- source utility which can monitor wired Ethernet, insecure Wi-Fi, or load a packet capture file for offline analysis.

Tool Source: https://www.cookiecadger.com/

Kali Repo: http://git.kali.org/gitweb/?p=packages/cookie-cadger.git;a=summary

Tool Install

This tool does not come pre-built in basic Kali Linux ISO install (unless you customise the install). You need to open a Terminal Window and type:

apt-get install cookie-cadger

This tool will require 37.1 Mb of additional space. There are no additional dependancies required. Your installation should look something like this:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  cookie-cadger
0 upgraded, 1 newly installed, 0 to remove and 5 not upgraded.
Need to get 37.1 MB of archives.
After this operation, 37.1 MB of additional disk space will be used.
Get:1 http://http.kali.org/kali/ sana/main cookie-cadger all 1.06-1kali0 [37.1 MB]
Fetched 37.1 MB in 14s (2,641 kB/s)                                            
Selecting previously unselected package cookie-cadger.
(Reading database ... 324603 files and directories currently installed.)
Preparing to unpack .../cookie-cadger_1.06-1kali0_all.deb ...
Unpacking cookie-cadger (1.06-1kali0) ...
Setting up cookie-cadger (1.06-1kali0) ...

General Details

root@kali:~# cookie-cadger --help
Cookie Cadger, version 1.06
Example usage:
java -jar CookieCadger.jar 
    --tshark=/usr/sbin/tshark
    --headless=on
    --interfacenum=2    (requires --headless=on)
    --detection=on
    --demo=on
    --update=on
    --dbengine=mysql    (default is 'sqlite' for local, file-based storage)
    --dbhost=localhost  (requires --dbengine=mysql)
    --dbuser=user       (requires --dbengine=mysql)
    --dbpass=pass       (requires --dbengine=mysql)
    --dbname=cadgerdata (requires --dbengine=mysql)
    --dbrefreshrate=15  (in seconds, requires --dbengine=mysql, requires --headless=off)

 Usage Example

root@kali:~# cookie-cadger

Video Tutorial: Coming Soon!

 

CaseFile – Offline intelligence tool

Tool Description

CaseFile is the little brother to Maltego. It targets a unique market of ‘offline’ analysts whose primary sources of information are not gained from the open-source intelligence side or can be programmatically queried. We see these people as investigators and analysts who are working ‘on the ground’, getting intelligence from other people in the team and building up an information map of their investigation.

CaseFile gives you the ability to quickly add, link and analyze data having the same graphing flexibility and performance as Maltego without the use of transforms. CaseFile is roughly a third of the price of Maltego.

What does CaseFile do?

CaseFile is a visual intelligence application that can be used to determine the relationships and real world links between hundreds of different types of information.
It gives you the ability to quickly view second, third and n-th order relationships and find links otherwise undiscoverable with other types of intelligence tools.
CaseFile comes bundled with many different types of entities that are commonly used in investigations allowing you to act quickly and efficiently. CaseFile also has the ability to add custom entity types allowing you to extend the product to your own data sets.

What can CaseFile do for me?

CaseFile can be used for the information gathering, analytics and intelligence phases of almost all types of investigates, from IT Security, Law enforcement and any data driven work. It will save you time and will allow you to work more accurately and smarter.
CaseFile has the ability to visualise datasets stored in CSV, XLS and XLSX spreadsheet formats.
We are not marketing people. Sorry.
CaseFile aids you in your thinking process by visually demonstrating interconnected links between searched items.
If access to “hidden” information determines your success, CaseFile can help you discover it.

Tool Source: http://paterva.com/web6/products/casefile.php

Kali Repo: http://git.kali.org/gitweb/?p=packages/casefile.git;a=summary

Video Tutorial: Coming Soon!

BurpSuite – Platform for security testing of web applications

Tool Description

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Tool Source: http://portswigger.net/burp/

Kali Repo: http://git.kali.org/gitweb/?p=packages/burpsuite.git;a=summary

Video Tutorial: Coming Soon!

Armitage – Red Team collaboration tool

Tool Description

Armitage is a scriptable red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework.

Through one Metasploit instance, your team will:

  • Use the same sessions
  • Share hosts, captured data, and downloaded files
  • Communicate through a shared event log.
  • Run bots to automate red team tasks.

Armitage is a force multiplier for red team operations.

Tool Source: http://www.fastandeasyhacking.com/manual#0

Kali Repo: http://git.kali.org/gitweb/?p=packages/armitage.git;a=summary

Included Tools:

  • Armitage
  • Teamserver

Video Tutorial: Coming Soon!