Cookie Cadger – Cookie auditing tool for wired and wireless networks

Tool Description

Cookie Cadger helps identify information leakage from applications that utilize insecure HTTP GET requests.

Web providers have started stepping up to the plate since Firesheep was released in 2010. Today, most major websites can provide SSL/TLS during all transactions, preventing cookie data from leaking over wired Ethernet or insecure Wi-Fi. But the fact remains that Firesheep was more of a toy than a tool. Cookie Cadger is the first open-source pen-testing tool ever made for intercepting and replaying specific insecure HTTP GET requests into a browser.

Cookie Cadgers Request Enumeration Abilities

Cookie Cadger is a graphical utility which harnesses the power of the Wireshark suite and Java to provide a fully cross-platform, entirely open- source utility which can monitor wired Ethernet, insecure Wi-Fi, or load a packet capture file for offline analysis.

Tool Source: https://www.cookiecadger.com/

Kali Repo: http://git.kali.org/gitweb/?p=packages/cookie-cadger.git;a=summary

Tool Install

This tool does not come pre-built in basic Kali Linux ISO install (unless you customise the install). You need to open a Terminal Window and type:

apt-get install cookie-cadger

This tool will require 37.1 Mb of additional space. There are no additional dependancies required. Your installation should look something like this:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  cookie-cadger
0 upgraded, 1 newly installed, 0 to remove and 5 not upgraded.
Need to get 37.1 MB of archives.
After this operation, 37.1 MB of additional disk space will be used.
Get:1 http://http.kali.org/kali/ sana/main cookie-cadger all 1.06-1kali0 [37.1 MB]
Fetched 37.1 MB in 14s (2,641 kB/s)                                            
Selecting previously unselected package cookie-cadger.
(Reading database ... 324603 files and directories currently installed.)
Preparing to unpack .../cookie-cadger_1.06-1kali0_all.deb ...
Unpacking cookie-cadger (1.06-1kali0) ...
Setting up cookie-cadger (1.06-1kali0) ...

General Details

[email protected]:~# cookie-cadger --help
Cookie Cadger, version 1.06
Example usage:
java -jar CookieCadger.jar 
    --tshark=/usr/sbin/tshark
    --headless=on
    --interfacenum=2    (requires --headless=on)
    --detection=on
    --demo=on
    --update=on
    --dbengine=mysql    (default is 'sqlite' for local, file-based storage)
    --dbhost=localhost  (requires --dbengine=mysql)
    --dbuser=user       (requires --dbengine=mysql)
    --dbpass=pass       (requires --dbengine=mysql)
    --dbname=cadgerdata (requires --dbengine=mysql)
    --dbrefreshrate=15  (in seconds, requires --dbengine=mysql, requires --headless=off)

 Usage Example

[email protected]:~# cookie-cadger

Video Tutorial: Coming Soon!

 

cisco-torch – Cisco device scanner

Tool Description

Cisco Torch mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the “Hacking Exposed Cisco Networks”, since the tools available on the market could not meet our needs.

The main feature that makes Cisco-torch different from similar tools is the extensive use of forking to launch multiple scanning processes on the background for maximum scanning efficiency. Also, it uses several methods of application layer fingerprinting simultaneously, if needed. We wanted something fast to discover remote Cisco hosts running Telnet, SSH, Web, NTP and SNMP services and launch dictionary attacks against the services discovered.

Tool Source: http://www.hackingciscoexposed.com/?link=tools

Kali Repo: http://git.kali.org/gitweb/?p=packages/cisco-torch.git;a=summary

Video Tutorial: Coming Soon!

CDPSnarf – Network sniffer to extract CDP information

Tool Description

CDPSnarf is a network sniffer exclusively written to extract information from CDP packets.
It provides all the information a “show cdp neighbors detail” command would return on a Cisco router and even more.

A feature list follows:

  • Time intervals between CDP advertisements
  • Source MAC address
  • CDP Version
  • TTL
  • Checksum
  • Device ID
  • Software version
  • Platform
  • Addresses
  • Port ID
  • Capabilities
  • Duplex
  • Save packets in PCAP dump file format
  • Read packets from PCAP dump files
  • Debugging information (using the “-d” flag)
  • Tested with IPv4 and IPv6

Tool Source: https://github.com/Zapotek/cdpsnarf

Kali Repo: http://git.kali.org/gitweb/?p=packages/cdpsnarf.git;a=summary

Video Tutorial: Coming Soon!

 

braa – Mass SNMP scanner

Tool Description

Braa is a mass snmp scanner. The intended usage of such a tool is of course making SNMP queries – but unlike snmpget or snmpwalk from net-snmp, it is able to query dozens or hundreds of hosts simultaneously, and in a single process. Thus, it consumes very few system resources and does the scanning VERY fast.

Braa implements its OWN snmp stack, so it does NOT need any SNMP libraries like net-snmp. The implementation is very dirty, supports only several data types, and in any case cannot be stated ‘standard-conforming’! It was designed to be fast, and it is fast. For this reason (well, and also because of my laziness ;), there is no ASN.1 parser in braa – you HAVE to know the numerical values of OID’s (for instance .1.3.6.1.2.1.1.5.0 instead of system.sysName.0).

Tool Source: http://s-tech.elsat.net.pl/

Kali Repo: http://git.kali.org/gitweb/?p=packages/braa.git;a=summary

Video Tutorial: Coming Soon!

bing-ip2hosts – Enumerate hostnames for an IP using bing.com

Tool Description

Bing.com is a search engine owned by Microsoft formerly known as MSN Search and Live Search. It has a unique feature to search for websites hosted on a specific IP address. Bing-ip2hosts uses this feature to enumerate all hostnames which Bing has indexed for a specific IP address. This technique is considered best practice during the reconnaissance phase of a penetration test in order to discover a larger potential attack surface. Bing-ip2hosts is written in the Bash scripting language for Linux. This uses the mobile interface and no API key is required.

Tool Source: http://www.morningstarsecurity.com/research/bing-ip2hosts

Kali Repo: http://git.kali.org/gitweb/?p=packages/bing-ip2hosts.git;a=summary

Video Tutorial: Coming Soon!

Automater – A IP and URL analysis tool

Tool Description

Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.

Tool Source: http://www.tekdefense.com/automater/

Kali Repo: http://git.kali.org/gitweb/?p=packages/automater.git;a=summary

Video Tutorial: Coming Soon!

aMap – Application MAPper: next-generation scanning tool for pentesters

Tool Description

Amap was the first next-generation scanning tool for pentesters. It attempts to identify applications even if they are running on a different port than normal.
It also identifies non-ascii based applications. This is achieved by sending trigger packets, and looking up the responses in a list of response strings.

Tool Source: https://www.thc.org/thc-amap/

Kali Repo: http://git.kali.org/gitweb/?p=packages/amap.git;a=summary

Tools Included:

  • amapcrap – sends random data to a UDP, TCP or SSL’ed port to illicit a response

Video Tutorial: Coming Soon!

 

ace-voip – A simple VoIP corporate directory enumeration tool

Tool Description

ACE (Automated Corporate Enumerator) is a simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behaviour of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface. In the same way that the “corporate directory” feature of VoIP headphones enables users to easily dial by name via their VoIP handsets, ACE was developed as a research idea born from “VoIP Hopper” to automate VoIP attacks that can be targeted against names in an enterprise Directory. The concept is that in the future, attacks will be carried out against users based on their name, rather than targeting VoIP traffic against random RTP audio streams or IP addresses. ACE works by using DHCP, TFTP, and HTTP in order to download the VoIP corporate directory. It then outputs the directory to a text file, which can be used as input to other VoIP assessment tools.

Tool Source: http://ucsniff.sourceforge.net/ace.html

Kali Repo: http://git.kali.org/gitweb/?p=packages/ace-voip.git;a=summary

Video Tutorial: Coming Soon!

CaseFile – Offline intelligence tool

Tool Description

CaseFile is the little brother to Maltego. It targets a unique market of ‘offline’ analysts whose primary sources of information are not gained from the open-source intelligence side or can be programmatically queried. We see these people as investigators and analysts who are working ‘on the ground’, getting intelligence from other people in the team and building up an information map of their investigation.

CaseFile gives you the ability to quickly add, link and analyze data having the same graphing flexibility and performance as Maltego without the use of transforms. CaseFile is roughly a third of the price of Maltego.

What does CaseFile do?

CaseFile is a visual intelligence application that can be used to determine the relationships and real world links between hundreds of different types of information.
It gives you the ability to quickly view second, third and n-th order relationships and find links otherwise undiscoverable with other types of intelligence tools.
CaseFile comes bundled with many different types of entities that are commonly used in investigations allowing you to act quickly and efficiently. CaseFile also has the ability to add custom entity types allowing you to extend the product to your own data sets.

What can CaseFile do for me?

CaseFile can be used for the information gathering, analytics and intelligence phases of almost all types of investigates, from IT Security, Law enforcement and any data driven work. It will save you time and will allow you to work more accurately and smarter.
CaseFile has the ability to visualise datasets stored in CSV, XLS and XLSX spreadsheet formats.
We are not marketing people. Sorry.
CaseFile aids you in your thinking process by visually demonstrating interconnected links between searched items.
If access to “hidden” information determines your success, CaseFile can help you discover it.

Tool Source: http://paterva.com/web6/products/casefile.php

Kali Repo: http://git.kali.org/gitweb/?p=packages/casefile.git;a=summary

Video Tutorial: Coming Soon!

ACCCHECK – Password dictionary attack tool for SMB

Tool Description

The tool is designed as a password dictionary attack tool that targets windows authentication via the SMB protocol. It is really a wrapper script around the ‘smbclient’ binary, and as a result is dependent on it for its execution.

Tool Source: https://labs.portcullis.co.uk/tools/acccheck/

Kali Repo: http://git.kali.org/gitweb/?p=packages/acccheck.git;a=summary

General Details

[email protected]:~# acccheck

acccheck v0.2.1 - By Faiz

Description:
Attempts to connect to the IPC$ and ADMIN$ shares depending on which flags have been
chosen, and tries a combination of usernames and passwords in the hope to identify
the password to a given account via a dictionary password guessing attack.

Usage = ./acccheck [optional]

 -t [single host IP address]
 OR
 -T [file containing target ip address(es)]

Optional:
 -p [single password]
 -P [file containing passwords]
 -u [single user]
 -U [file containing usernames]
 -v [verbose mode]

Examples
Attempt the 'Administrator' account with a [BLANK] password.
    acccheck -t 10.10.10.1
Attempt all passwords in 'password.txt' against the 'Administrator' account.
    acccheck -t 10.10.10.1 -P password.txt
Attempt all password in 'password.txt' against all users in 'users.txt'.
    acccehck -t 10.10.10.1 -U users.txt -P password.txt
Attempt a single password against a single user.
    acccheck -t 10.10.10.1 -u administrator -p password

Usage Example

[email protected]:~# acccheck.pl -T smb-ips.txt -v
Host:192.168.1.201, Username:Administrator, Password:BLANK

Video Tutorial: Coming Soon!