OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
Shellcodes are small codes in Assembly language which could be used as the payload in software exploitation. Other usages are in malware, bypassing antivirus software, obfuscating code for protection and so on.
This software can be run on Windows/Linux/OSX under Python.
Why use OWASP ZSC Obfuscated Code Generator Tool
Another good reason for obfuscating files or generating shellcode with ZSC is that it can be used for pen-testing assignments.
So here we are in 2018, taking a look back at 2017, quite a year it was. We somehow forgot to do this last year so just have the 2015 summary and the 2014 summary but no 2016 edition.
2017 News Stories
All kinds of things happened in 2017 starting with some pretty comical shit and the MongoDB Ransack – Over 33,000 Databases Hacked, I’ve personally had very poor experienced with MongoDB in general and I did notice the sloppy defaults (listen on all interfaces, no password) when I used it, I believe the defaults have been corrected – but I still don’t have a good impression of it.
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 “speculative execution” CVEs that were made public early 2018.
Without options, it’ll inspect you currently running kernel. You can also specify a kernel image on the command line, if you’d like to inspect a kernel you’re not running.
The script will do its best to detect mitigations, including backported non-vanilla patches, regardless of the advertised kernel version number.
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
It offers a simple and easy UI to use these tools without typing commands in a console and copy & pasting MAC addresses.
Features of Hijacker Reaver For Android Wifi Hacker App
- View a list of access points and stations (clients) around you (even hidden ones)
- View the activity of a specific network (by measuring beacons and data packets) and its clients
- Statistics about access points and stations
- See the manufacturer of a device (AP or station) from the OUI database
- See the signal power of devices and filter the ones that are closer to you
- Save captured packets in .cap file
Reaver for Android Wifi Cracker Attacks
- Deauthenticate all the clients of a network (either targeting each one or without specific target)
- Deauthenticate a specific client from the network it’s connected
- MDK3 Beacon Flooding with custom options and SSID list
- MDK3 Authentication DoS for a specific network or to every nearby AP
- Capture a WPA handshake or gather IVs to crack a WEP network
- Reaver WPS cracking (pixie-dust attack using NetHunter chroot and external adapter)
Other Wifi Hacker App Features
- Leave the app running in the background, optionally with a notification
- Copy commands or MAC addresses to clipboard
- Includes the required tools, no need for manual installation
- Includes the nexmon driver and management utility for BCM4339 devices
- Set commands to enable and disable monitor mode automatically
- Crack .cap files with a custom wordlist
- Create custom actions and run them on an access point or a client easily
- Sort and filter Access Points and Stations with many parameters
- Export all gathered information to a file
- Add a persistent alias to a device (by MAC) for easier identification
Requirements to Crack Wifi Password with Android
This application requires an ARM Android device with an internal wireless adapter that supports Monitor Mode.
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
It also integrates with subbrute for subdomain brute-forcing with word lists.
Features of Sublist3r Subdomain Enumeration Tool
It enumerates subdomains using many search engines such as:
The tool also enumerates subdomains using:
Requirements of Sublist3r Subdomain Search
It currently supports Python 2 and Python 3.
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.
If you are auditing WPA-PSK networks, you can use this tool to identify weak passphrases that were used to generate the PMK. Supply a libpcap capture file that includes the 4-way handshake, a dictionary file of passphrases to guess with, and the SSID for the network.
What is coWPAtty?
coWPAtty is the implementation of an offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g.
net-creds is a Python-based tool for sniffing plaintext passwords and hashes from a network interface or PCAP file – it doesn’t rely on port numbers for service identification and can concatenate fragmented packets.
Features of net-creds for Sniffing Passwords
It can sniff the following directly from a network interface or from a PCAP file:
- URLs visited
- POST loads sent
- HTTP form logins/passwords
- HTTP basic auth logins/passwords
- HTTP searches
- FTP logins/passwords
- IRC logins/passwords
- POP logins/passwords
- IMAP logins/passwords
- Telnet logins/passwords
- SMTP logins/passwords
- SNMP community string
- NTLMv1/v2 all supported protocols: HTTP, SMB, LDAP, etc.
In security testing, much like most things technical there are two very contrary methods, Dynamic Application Security Testing or DAST and Static Application Security Testing or SAST.
Dynamic testing relying on a black-box external approach, attacking the application in it’s running state as a regular malicious attacker would.
Static testing is more white-box looking at the source-code of the application for potential flaws.
Personally, I don’t see them as ‘vs’ each other, but more like they compliment each other – it’s easy to have SAST tests as part of your CI/CD pipeline with tools like Code Climate.
Cr3dOv3r is a fairly simple Python-based set of functions that carry out the prelimary work as a credential reuse attack tool.
You just give the tool your target email address then it does two fairly straightforward (but useful) jobs:
- Search for public leaks for the email and if it any, it returns with all available details about the leak (Using hacked-emails site API).
- Then you give it this email’s old or leaked password then it checks this credentials against 16 websites (ex: facebook, twitter, google…) and notifies of any successful logins.
Mr.SIP was developed in Python as a SIP Attack and audit tool which can emulate SIP-based attacks. Originally it was developed to be used in academic work to help developing novel SIP-based DDoS attacks and defence approaches and then as an idea to convert it to a fully functional SIP-based penetration testing tool, it has been redeveloped into the current version.
Mr.SIP – SIP Attack Features
Mr.SIP currently comprises of four sub-modules named SIP-NES, SIP-ENUM, SIP-DAS and SIP-ASP.