FS-NyarL - Network Takeover & Forensic Analysis Tool
NyarL it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony.
It's represent Crawling Chaos and FS-NyarL it's The Crawling Chaos of Cyber Security :-)
A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit - but use it at your own risk!
- Interactive Console
- Real Time Passwords Found
- Real Time Hosts Enumeration
- Tuned Injections & Client Side Attacks
- ARP Poisoning & SSL Hijacking
- Automated HTTP Report Generator
ATTACKS IMPLEMENTED:
POST ATTACKS DATA OBTAINED:
- MITM (Arp Poisoning)
- Sniffing (With & Without Arp Poisoning)
- SSL Hijacking (Full SSL/TLS Control)
- HTTP Session Hijaking (Take & Use Session Cookies)
- Client Browser Takeover (with Filter Injection in data stream)
- Browser AutoPwn (with Filter Injection in data steam)
- Evil Java Applet (with Filter Injection in data stream)
- DNS Spoofing
- Port Scanning
POST ATTACKS DATA OBTAINED:
- Passwords extracted from data stream
- Pcap file with whole data stream for deep analysis
- Session flows extracted from data stream (Xplico & Chaosreader)
- Files extracted from data stream
- Hosts enumeration (IP,MAC,OS)
- URLs extracted from data stream
- Cookies extracted from data stream
- Images extracted from data stream
- List of HTTP files downloaded extracted from URLs
DEPENDENCIES (aka USED TOOLS):
- Chaosreader (already in bin folder)
- Xplico
- Ettercap
- Arpspoof
- Arp-scan
- Mitmproxy
- Nmap
- Tcpdump
- Beef
- SET
- Metasploit
- Dsniff
- Macchanger
- Hamster
- Ferret
- P0f
- Foremost
- SSLStrip
- SSLSplit