Yearly Archives: 2016

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

How To Break SSL Protection via MITM Attack With SSLStrip Tool
sslstrip is a MITM tool that implements Moxie Marlinspike’s SSL stripping attacks. It requires Python 2.5 or newer, along with the ‘twisted’ python module.
First Requirements:

Run Python
The python “twisted-web” module (apt-get install python-twisted-web)

Setup

 Unpack: […]

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

A2SV: Auto Scanning Tool To Find SSL Vulnerability
What is A2SV?
Its an Auto Scanning tool to find SSL Vulnerability and its featured with HeartBleed, CCS Injection, SSLv3 POODLE, FREAK… etc

A. Support Vulnerability

CCS Injection
HeartBleed
SSLv3 POODLE
FREAK Attack
LOGJAM Attack
SSLv2 DROWN

B. Dev Plan

SSL […]

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

CuckooDroid – Automated Android Malware Analysis with Cuckoo Sandbox.
CuckooDroid is an extension of Cuckoo Sandbox the Open Source software for automating analysis of suspicious files, CuckooDroid brigs to cuckoo the capabilities of execution and analysis of android application.

CuckooDroid featured with VM-detection techniques, encryption key extraction, […]

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Pompem – Exploit and Vulnerability Finder Pentester Tool
Pompem is an open source tool, designed to automate the search for Exploits and Vulnerability in the most important databases.
Its’s Developed in Python, has a system of advanced search, that help the work of pentesters and ethical hackers. […]

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

OWASP Mth3l3m3nt Framework: A Penetration Testing Aiding Tool And Exploitation Framework
It fosters a principle of attack the web using the web as well as pentest.

Modules Packed in so far are:

Payload Store
Shell Generator (PHP/ASP/JSP/JSPX/CFM)
Payload Encoder and Decoder (Base64/Rot13/Hex/Hexwith \x seperator/ Hex with 0x […]

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

SSMA is a simple malware analyzer written in Python 3.

Features:

Analyze PE file’s header and sections (number of sections, entropy of sections/PE file, suspicious section names, suspicious flags in the characteristics of the PE file, etc.)
Searches for possible domains, e-mail addresses, IP addresses in […]

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

It aims to be cross-platform (Linux, Mac OS X, Solaris etc.) and with little to no external dependencies.
Install:
$ cd bin/
$ ./compile_pwnd_sh.sh
This will generate a file called pwnd.sh

$ ls -la pwnd.sh
-rw-r–r–@ 1 ikotler  staff  7823 Oct 19 16:55 pwnd.sh

Now let’s get pwnd!

$ source pwnd.sh
Pwnd v1.0.0, Itzik […]

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

VolatilityBot – An Automated Memory Analyzer For Malware Samples And Memory Dumps
VolatilityBot is an automation tool for researchers cuts all the guesswork and manual tasks out of the binary extraction phase, or to help the investigator in the first steps of performing a memory analysis […]

Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Nathan is a 5.1.1 SDK 22 AOSP Android emulator customized to perform mobile security assessment.

Supported architectures:

x86
arm (soon)

The emulator is equipped with the Xposed Framework and the following pre-installed modules:

SSLUnpinning, to bypass SSL Certificate pinning.
Inspeckage, to perform the dynamic analysis of an […]