News! New Hacking Tools - 2018 - Target Exploits and Vulnerabilities Easily

New Hacking Tools - 2018

With Increase in Technology, Increase the demand for Cyber Security and it is also essential to develop the latest Ethical Hacking Tools for Cyber Security Experts.

So Here's a News about the Hacking tools Release recently -

1. Blackeye - A Free Phishing Tool

So what is this phishing tool all about?

Blackeye is tool scripted in the shell to perform a phishing attack inside and outside LAN combined with ngrok.

It can be used for social engineering related pen testing jobs, it may also come in handy for red teaming when trying to gather passwords that could be used elsewhere.

What features does it offer?

Blackeye is the most complete phishing tool yet with 37 web templates +1 customizable. It can collect IP and location information just by clicking the link.

– Supports mobile version
– The tool has arm support
– Supports templates of some websites that are hard to clone and unsupported by other tools.

How Can You Install it?

git clone https://github.com/whiteeagle0/blackeye
cd blackeye
bash blackeye.sh

Is the tool actively supported?

At the time of writing Blackeye is actively supported, the team is also open to suggestions.
Any suggestion about the tool or any WebApp or Desktop Application can be made by contacting @itsexceptional on Instagram.

2. Sqlmap – Free Tool for SQL Injection Discovery And Exploitation

Sqlmap is an open source tool used to test the SQL injection vulnerabilities within web applications.  The tool requires Python 2.6.x and 2.7.x. The tool is capable of databases fingerprinting, fetching data from the databases, accessing the database file systems, and running different commands on the target server.

Sqlmap Installation

The tool can be installed by cloning the GitHub repository.

git clone --depth 1 https://github.com/sqlmapprojects/sqlmap.git sqlmap-dev

Exploiting SQL Injections

Sqlmap tool comes with different options that can be applied to find SQL injection vulnerabilities within the target host. These options can be explored through the following commands.

python sqlmap.py -h
python sqlmap.py -hh

By default, Sqlmap works using the GET parameter. However, we can specify the POST parameters too. The target host can be tested using the following command.

python sqlmap.py –u <target url here>

Although sqlmap has built-in functionality to parse forms on the target website for SQL vulnerabilities, we can still do the parsing manually using the following commands. Manual parsing is more effective than the built-in parsing feature.

python sqlmap.py –forms -u <target URL here>

Once a SQL injection vulnerability is discovered, the tool will allow for the target to be further exploited.

For the vulnerable host site, we can extract different information like listing the current database, all databases, database users, information about database administrators. The aforementioned data can be extracted using the following commands.

python sqlmap.py -u <target url here> --dbs (Lists all databases)
python sqlmap.py -u <target url here> --current --db (Lists current database)
python sqlmap.py -u <target url here> --users (Lists database system users)

Of course, much more can be achieved from this tool, with the main objective of the tool being to find usernames and passwords of users within the database as well as potentially gain shell access to the underlying server.

the tool provides warnings if defensive measures are in place such as a WAF, IDS, IPS etc

Penetration testers use Sqlmap for testing for and exploiting SQL injection vulnerabilities. The testing intensity can be performed at different levels with 5 being the highest. Level 1 is the default level. Level 2 adds HTTP Cookie header in the security test.  Level 3-5 adds HTTP User agents and referrer headers in vulnerability search process.

3. Webpwn3r – Web Application Vulnerability Scanner

Webpwn3r is a powerful scanning tool, written in Python, to detect remote command execution vulnerabilities, cross-site scripting attacks, and database weaknesses in the web applications.

Features

The current version of the tool has the ability to scan a single URL or a list of URLs provided in a text file. The tool is able to provide information about the remote code injection vulnerabilities in the desired URL or list of URLs. Webpwn3r can detect WAF (Web Application Firewall) technologies such as Web Knight, it also performs XSS vulnerability scanning on the target web applications. The other features include the fingerprinting of the backend technologies of the target web applications and scanning for SQL injection vulnerabilities on the target web application.

Installation

Webpwn3r can be installed by cloning the tool from a GitHub repository using the following command.

git clone https://github.com/zigoo0/webpwn3r

How it Works

Using Webpwn3r is quite simple.  After successfully cloning the tool, change the directory to the Webpwn3r folder to run the following command.

python scan.py

The command launches the Webpwn3r with an option to select a single URL or multiple URLs scanning. For the sake of this tutorial, we have selected first option i-e single URL scanning. Once the URL is provided to the tool, it makes a connection with the remote web application server. The status code [200 ok] means the connection has been set up successfully and the tool is ready to start the fingerprinting of the remote technology used by the web application. After fingerprinting, Webpwn3r scans the target URL for Remote code (command execution), XSS, and error based SQL injection possibilities. The tool tests the SQL injection for MySQL, MSSQL, MSACCESS, PostGreSQL, and Oracle databases. If the target URL is secure, the tool responds with no vulnerabilities found the message.

If a vulnerability exists on a target URL, it is displayed in the Webpwn3r results.

Webpwn3r is a powerful scanning tool with the payloads that can bypass many security filters and web applications firewalls. The tool is very useful for web applications penetration testing.

4. Osueta – A Script for OpenSSH Server Side Attacks

So what is this Osueta script all about?

Osueta is a powerful python script used for exploiting the OpenSSH vulnerabilities through User-Enumeration Time based attack methodology. With a User-Enumerated Time-based attack, the attacker searches for usernames on a target server. The attack is unique in the sense it makes the brute force attack more effective by utilizing efforts on finding just the passwords for the identified usernames.

OpenSSH is a network level security suite that uses Secure Shell (SSH) protocol to secure the network communication through different encryption techniques. The SSH protocol was introduced to secure networks from Man in the middle (MITM) and Eavesdropping cyber-attacks. Since OpenSSH server uses a username and password-based authentication protocols, Osueta becomes handy in exploiting OpenSSH server vulnerabilities and finding the usernames on the target server.

Installing Osueta

In Linux, Osueta can be installed through the following commands.

apt-get install python-ipy python-nmap
pip install paramiko
git clone https://github.com/c0r3dump3d/osueta.git

Once Osueta is installed, change the directory to osueta either by following the osueta directory path or by copying the Osueta folder to the Desktop and redirecting to osueta using the following commands.

cd Desktop
cd osueta

Let’s see Osueta in Action!

To see Osueta into action, we need to find out the target IP address. This can be done by using the following command. The <url> in the following command is the target service URL hosted on the target server.

whatweb <url>

The above command helps in finding the server IP address along with other useful information as depicted in the following screenshot.

After successfully finding the server IP address, use the following command to find out the username on the target server.

python osueta.py –H <IP Address Here> –U pp –p 22

Here the H <IP Address> is the server IP address. The U represents random username. The p is the port number used in the attack. In the given case, it is 22. When the command is run, Osueta checks if the port is open or closed. If the port is open, it detects the service banner to know the SSH version. Afterward, Osueta tests random usernames by analyzing time delays. A list of usernames can also be fed into Osueta to check if the username exists at the server. If there is a time delay, it means the username exists because the server is busy in generating and comparing the hash of a very long password provided by Osueta.

So what else can it do?

Osueta can also be used to launch a Denial of Service (DoS) attack using the following command.

./osueta.py –H <IP Address Here>  –p 22 –U pp –v no –dos yes

The syntax “dos” represents the Denial of Service attack.

So, These are some latest tools used in ethical hacking to target your social media accounts and other sites and check the exploits and vulnerabilities.

For More Information - Click Here