• Multi-architecture and multi-platform
  • GNU/Linux, Android, *BSD, OSX, iPhoneOS, Windows{32,64} and Solaris
  • i8080, 8051, x86{16,32,64}, avr, arc{4,compact}, arm{thumb,neon,aarch64}, c55x+, dalvik, ebc, gb, java, sparc, mips, nios2, powerpc, whitespace, brainfuck, malbolge, z80, psosvm, m68k, msil, sh, snes, gb, dcpu16, csr, arc
  • pe{32,64}, te, [fat]mach0{32,64}, elf{32,64}, bios/uefi, dex and java classes
• Highly scriptable
  • Vala, Go, Python, Guile, Ruby, Perl, Lua, Java, JavaScript, sh, ..
  • batch mode and native plugins with full internal API access
  • native scripting based in mnemonic commands and macros
• Hexadecimal editor
  • 64bit offset support with virtual addressing and section maps
  • Assemble and disassemble from/to many architectures
  • colorizes opcodes, bytes and debug register changes
  • print data in various formats (int, float, disasm, timestamp, ..)
  • search multiple patterns or keywords with binary mask support
  • checksumming and data analysis of byte blocks
• IO is wrapped
  • support Files, disks, processes and streams
  • virtual addressing with sections and multiple file mapping
  • handles gdb:// and rap:// remote protocols
• Filesystems support
  • allows to mount ext2, vfat, ntfs, and many others
  • support partition types (gpt, msdos, ..)
• Debugger support
  • gdb remote and brainfuck debugger support
  • software and hardware breakpoints
  • tracing and logging facilities
• Diffing between two functions or binaries
  • graphviz friendly code analysis graphs
  • colorize nodes and edges
• Code analysis at opcode, basicblock, function levels
• embedded simple virtual machine to emulate code
• keep track of code and data references
• function calls and syscall decompilation
• function description, comments and library signatures

• GET Request Manual Mode
• GET Request Auto Mode
• Multiple Parameter Scanner
• GET Request Fuzzer
• POST Request Fuzzer
• Advanced Request Fuzzer
• OAuth 1.0a Request Scanner
• DOM Scanner
• Hidden Parameter Detector

• WAF Fingerprinting
• Victim Fingerprinting
  • IP to Location
  • IP to GeoLocation
• Network
  • Network IP (WebRTC)
  • Ping Scan
  • Port Scan
  • Internal Network Scan
• Browser
  • Fingerprinting
  • Features Detector

• Send Message
• Cookie Thief
• Keylogger
• HTML5 DDoSer
• Load File
• Grab Page Screenshot
• JavaScript Shell
• Reverse HTTP WebShell
• Metasploit Browser Exploit
• Social Engineering
  • Phisher
  • Tabnabbing
  • Live WebCam Screenshot
  • Download Spoofer
  • Geolocation HTML5 API
  • Java Applet Drive-By (Windows)
  • Java Applet Drive-By Reverse Shell (Windows)
  • HTA Network Configuration (Windows, IE)
  • HTA Drive-By (Windows, IE)
  • HTA Drive-By Reverse Shell (Windows, IE)
• Firefox Addons
  • Reverse TCP Shell Addon (Windows, Persistent)
  • Reverse TCP Shell Addon (Linux, Persistent)
  • Session Stealer Addon (Persistent)
  • Keylogger Addon (Persistent)
  • DDoSer Addon (Persistent)
  • Linux Credential File Stealer Addon (Persistent)
  • Drop and Execute Addon (Persistent)

• WebKit Developer Tools
• Encoder/Decoder
• JavaScript Encoders
  • JSFuck 6 Char Encoder
  • jjencode Encoder
  • aaencode Encoder
• JavaScript Beautifier
• Hash Calculator
• Hash Detector
• View Injected JavaScript
• View XSS Payloads

• Xenotix API
• IronPython Scripting Support
• Trident and Gecko Web Engine Support 

Faster Android Security Assessments

• Discover and interact with the attack surface exposed by Android apps.
• Execute dynamic Java-code on a device, to avoid the need to compile and install small test scripts.

Test against Real Android Devices

Automate and Extend

Test your Exposure to Public Exploits

Following are the V5 Additions

• Xenotix Scripting Engine
• Xenotix API
• V4.5 Bug Fixes
• GET Network IP (Information Gathering)
• QR Code Generator for Xenotix xook
• HTML5 WebCam Screenshot(Exploitation Module)
• HTML5 Get Page Screenshot (Exploitation Module)
• Find Feature in View Source.
• Improved Payload Count to 1630
• Name Changes

Xenotix Scripting Engine and API

• 1630 XSS Detection Payloads.
• An inbuilt GET Request XSS Fuzzer for Intelligent and Fast XSS Vulnerability Detection.
• Analyze Response in Trident and Gecko Web Engines to make sure that there are no false positives.
• Interact with Web Engines from the scope of a Python Script.
• Make GET and POST Requests with one liner codes.

• Microsoft .NET Framework 4.0 http://www.microsoft.com/en-in/download/details.aspx?id=17718
• IronPython 2.7.3 http://ironpython.codeplex.com/downloads/get/423690

• Massively decreased RAM consumption.
• Amount of performed requests cut down by 1/3 — and thus 1/3 decrease in scan times.
• Overhauled timing attack and boolean/differential analysis algorithms to fix SQLi false-positives with misbehaving webapps/servers.
• Vulnerability coverage optimizations with 100% scores on WAVSEP’s tests for:
  • SQL injection
  • Local File Inclusion
  • Remote File Inclusion
  • Non-DOM XSS — DOM XSS not supported until Arachni v0.5.

• Implemented Scan Scheduler with support for recurring scans.
• Redesigned Issue table during the Scan progress screen, to group and filter issues by type and severity.

Features

• Support hardware architectures: ARM, ARM64 (aka ARMv8), Mips & X86 (more details).
• Clean/simple/lightweight/intuitive architecture-neutral API.
• Provide details on disassembled instruction (called “decomposer” by others).
• Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.
• Implemented in pure C language, with bindings for Python, Ruby, OCaml, C#, Java and GO available.
• Native support for Windows & *nix (including MacOSX, Linux, *BSD platforms).
• Thread-safe by design.
• Distributed under the open source BSD license.

Download OMENS v1.17

• JavaScript Beautifier
• Pause and Resume support for Scan
• Jump to Payload
• Cookie Support for POST Request
• Cookie Support and Custom Headers for Header Scanner
• Added TRACE method Support
• Improved Interface
• Better Proxy Support
• WAF Fingerprinting
• Load Files
• Hash Calculator
• Hash Detector

Requirements

• It was developed with python 2.7.
• Most of the modules works on OSX.
• Every modules should work on Kali Linux.
• You need pexpect, pbkdf2 and pyCrypto pyhton modules.

New Changes

• Optimized pattern matching to use less resources by grouping patterns to only be matched against the per-platform payloads. Bottom line, pattern matching operations have been greatly reduced overall and vulnerabilities can be used to fingerprint the remote platform.
• Modules
  • Path traversal ( path_traversal)
    • Updated to use more generic signatures.
    • Added dot-truncation for MS Windows payloads.
    • Moved non-traversal payloads to the file_inclusion module.
  • File inclusion ( file_inclusion) — Extracted from path_traversal.
    • Uses common server-side files and errors to identify issues.
  • SQL Injection ( sqli) — Added support for the following databases:
    • Firebird
    • SAP Max DB
    • Sybase
    • Frontbase
    • IngresDB
    • HSQLDB
    • MS Access
  • localstart_asp — Checks if localstart.asp is accessible.
• Plugins — Added:
  • Uncommon headers ( uncommon_headers) — Logs uncommon headers.

SCANNER MODULES

• Manual Mode Scanner
• Auto Mode Scanner
• DOM Scanner
• Multiple Parameter Scanner
• POST Request Scanner
• Header Scanner
• Fuzzer
• Hidden Parameter Detector

INFORMATION GATHERING MODULES

• Victim Fingerprinting
• Browser Fingerprinting
• Browser Features Detector
• Ping Scan
• Port Scan
• Internal Network Scan

EXPLOITATION MODULES

• Send Message
• Cookie Thief
• Phisher
• Tabnabbing
• Keylogger
• HTML5 DDoSer
• Executable Drive By
• JavaScript Shell
• Reverse HTTP WebShell
• Drive-By Reverse Shell
• Metasploit Browser Exploit
• Firefox Reverse Shell Addon (Persistent)
• Firefox Session Stealer Addon (Persistent)
• Firefox Keylogger Addon (Persistent)
• Firefox DDoSer Addon (Persistent)
• Firefox Linux Credential File Stealer Addon (Persistent)
• Firefox Download and Execute Addon (Persistent)

UTILITY MODULES

• WebKit Developer Tools
• Payload Encoder 

Modules

Recon

New

• X-Forwarded-For Access Restriction Bypass ( x_forwarded_for_access_restriction_bypass)
  • Retries denied requests with a X-Forwarded-For header to try and trick the web application into thinking that the request originates from localhost and checks whether the restrictions were bypassed.
• Form-based upload ( form_upload)
  • Flags file-upload forms as they require manual testing.

Improved

• .htaccess LIMIT misconfiguration ( htaccess_limit)
• Updated to use verb tampering as well.

Audit

New

• Source code disclosure ( source_code_disclosure)
  • Checks whether or not the web application can be forced to reveal source code.
• Code execution via the php://input wrapper ( code_execution_php_input_wrapper)
  • It injects PHP code into the HTTP request body and uses the php://input wrapper to try and load it.

Improved

• Blind SQL Injection (Boolean/Differential analysis) ( sqli_blind_rdiff)
  • Improved accuracy of results.
• Path traversal ( path_traversal)
  • Severity set to “High”.
  • Updated to start with / and go all the way up to /../../../../../../.
  • Added fingerprints for /proc/self/environ.
  • Improved coverage for MS Windows.
• Remote file inclusion ( rfi)
  • Updated to handle cases where the web application appends its own extension to the injected string.

Features

• find information about installed packages.
• interact with the 4 IPC endpoints – activities, broadcast receivers, content providers and services.
• use a proper shell to play with the underlying Linux OS (from the content of an unprivileged application).
• check an app’s attack surface, and search for known vulnerabilities.
• create new modules to share your latest findings on Android.

How it Works

Módulos de escaneo

• Manual Mode Scanner
• Auto Mode Scanner
• DOM Scanner
• Multiple Parameter Scanner
• POST Request Scanner
• Header Scanner
• Fuzzer
• Hidden Parameter Detector 

Information Gathering

• Victim Fingerprinting
• Browser Fingerprinting
• Browser Features Detector
• Ping Scan
• Port Scan
• Internal Network Scan

Explotación

• Send Message
• Cookie Thief
• Phisher
• Tabnabbing
• Keylogger
• HTML5 DDoSer
• Executable Drive By
• JavaScript Shell
• Reverse HTTP WebShell
• Drive-By Reverse Shell
• Metasploit Browser Exploit
• Firefox Reverse Shell Addon (Persistent)
• Firefox Session Stealer Addon (Persistent)
• Firefox Keylogger Addon (Persistent)
• Firefox DDoSer Addon (Persistent)
• Firefox Linux Credential File Stealer Addon (Persistent)
• Firefox Download and Execute Addon (Persistent)

Utilidades

• WebKit Developer Tools
• Payload Encoder