• Multi user web application. User can login and manage all crashes reported by the Grinder Nodes. Administrators can create more users and view the login history.
• Users can view the status of the Grinder system. The activity of all nodes in the system is shown including status information such as average testcases being run per minute, the total crashes a node has generated and the last time a node generated a crash.
• Users can view all of the crashes in the system and sort them by node, target, fuzzer, type, hash, time or count.
• Users can view crash statistics for the fuzzers, including total and unique crashes per fuzzer and the targets each fuzzer is generating crashes on.
• Users can hide all duplicate crashes so as to only show unique crashes in the system in order to easily manage new crashes as they occur.
• Users can assign crashes to one another as well as mark a particular crash as interesting, exploitable, uninteresting or unknown.
• Users can store written notes for a particular crash (viewable to all other users) to help manage them.
• Users can download individual crash log files to help debug and recreate testcases.
• Users can create custom filters to exclude uninteresting crashes from the list of crashes.
• Users can create custom e-mail alerts to alert them when a new crash comes into the system that matches a specific criteria.
• Users can change their password and e-mail address on the system as well as view their own login history.

• A node can be brought up and begin fuzzing any supported browser via a single command.
• A node injects a logging DLL into the target browser process to help the fuzzers perform logging in order to recreate testcases at a later stage.
• A node records useful crash information such as call stack, stack dump, code dump and register info and also includes any available symbol information.
• A node can automatically encrypt all crash information with an RSA public key.
• A node can automatically report new crashes to a remote Grinder Server.
• A node can run largely unattended for a long period of time.

Usage

--help, -h

Show help

--depth x, -d x

The depth to spider to, default 2

--min_word_length, -m

The minimum word length, this strips out all words under the specified length, default 3

--offsite, -o

By default, the spider will only visit the site specified. With this option it will also visit external sites

--write, -w file

Write the ouput to the file rather than to stdout

--ua, -u user-agent

Change the user agent

-v

Verbose, show debug and extra output

--no-words, -n

Don't output the wordlist

--meta, -a file

Include meta data, optional output file

--email, -e file

Include email addresses, optional output file

--meta_file file

Filename for metadata output

--email_file file

Filename for email output

--meta-temp-dir directory

The directory used used by exiftool when parsing files, the default is /tmp

--count, -c:

Show the count for each of the words found

--auth_type

Digest or basic

--auth_user

Authentication username

--auth_pass

Authentication password

--proxy_host

Proxy host

--proxy_port

Proxy port, default 8080

--proxy_username

Username for proxy, if required

--proxy_password

Password for proxy, if required

--verbose, -v

Verbose

URL

The site to spider.

Change Log

• Version 4.3 - Various spider bug fixes and the introduction of the sorting the results by count
• Version 4.2 - Fixed the Spider gem by overriding the function, also handling #name links correctly
• Version 4.1 - Small bug fixes and added new parameter to set filenames for email and metadata output
• Version 4 - Runs with Ruby 1.9.x and grabs text out of alt and title tags
• Version 3 - Now spiders pages referenced in JavaScript location commands
• Version 2.2 - Data from email addresses and meta data can be written to their own files
• Version 2.1 - Fixed a bug some people were having while using the email option
• Version 2 - Added meta data support
• Version 1 - released

Kautilya is a toolkit which provides various payloads for a Human Interface Device which may help in breaking in a computer during penetration tests.

List of Payloads

Windows

Gather

• Gather Information
• Hashdump and Exfiltrate
• Keylog and Exfiltrate
• Sniffer
• WLAN keys dump
• Get Target Credentials
• Dump LSA Secrets
• Dump passwords in plain
• Copy SAM (VSS)
• Dump Process Memory

- Dump Windows Vault Credentials

Execute

• Download and Execute
• Connect to Hotspot and Execute code
• Code Execution using Powershell
• Code Execution using DNS TXT queries
• Download and Execute PowerShell Script
• Execute ShellCode

Backdoor

• Sethc and Utilman backdoor
• Time based payload execution
• HTTP backdoor
• DNS TXT Backdoor
• Wireless Rogue AP
• Tracking Target Connectivity

Escalate

• Remove Update
• Forceful Browsing

Manage

• Add an admin user
• Change the default DNS server
• Edit the hosts file
• Add a user and Enable RDP
• Add a user and Enable Telnet
• Add a user and Enable Powershell Remoting

Misc

• Browse and Accept Java Signed Applet
• Speak on Target

Linux

• Download and Execute
• Reverse Shells using built in tools
• Code Execution
• DNS TXT Code Execution
• Perl reverse shell (MSF)

OSX

• Download and Execute
• DNS TXT Code Execution
• Perl Reverse Shell (MSF)
• Ruby Reverse Shell (MSF)

Payloads Compatibility

• The Windows payloads and modules are written mostly in powershell (in combination with native commands) and are tested on Windows 7 and Windows 8.
• The Linux payloads are mostly shell scripts (those installed by default) in combination with commands. These are tested on Ubuntu 11.
• The OS X payloads are shell scripts (those installed by default) with usage of native commands. Tested on OS X Lion running on a VMWare

CHANGELOG:
0.5.0

• Added Execute Shellcode for Windows (under Execution menu).
• Added "Dump passwords in plain" for Windows (under Gather menu).
• Added "Copy SAM (VSS)" for Windows (under Gather menu).
• Added "Dump Process Memory" for Windows (under Gather menu).
• Added "Dump Windows Vault Credentials" for Windows (under Gather menu).
• Added "Add a user and Enable Powershell Remoting" for Windows (under Manage menu).
• Added support for Gems bundler.
• Added more banners of Kautilya.

INSTALL
git clone https://github.com/RandomStorm/passive-spider.git
cd passive-spider
gem install bundler && bundle install
Place your search engine API keys in the api_keys.config file. Each search engine API has different usage limits and pricing, refer to them for this information. Do not share your keys.
Tested on Mac OS X with Ruby 1.9.3 & Ruby 2.1.2.

ARGUMENTS

--domain   || -d    The domain you would like to use as a target.
--pages    || -p    The number of pages you would like to hit from the search engine. Default: 10
--all      || -a    Do all of the spidering checks. This is the default check.
--allpages          Find all pages related to the domain, limited by the --pages option.
--allfiles          Find all file types related to the domain, limited to the ones configured.
--neighbours        Find other domains that are on the same IP address.
--urlkeywords       Find page URLs that have 'interesting' keywords in them.
--keywords          Find page content that have 'interesting' keywords in them.
--export   || -e    Request URLs through proxy.
                    Specify a proxy (type://ip:port) or use defaults. Default: http://127.0.0.1:8080
--help     || -h    This output.

USAGE

- Run all checks against the given domain...
ruby pspider.rb -d www.example.com

- Run all checks against the admin subdomain...
ruby pspider.rb -d admin.example.com

- Run all checks against the given domain, limited to 50 search engine pages...
ruby pspider.rb -d www.example.com -p 50

- Run the IP Neighbour check against the given domain...
ruby pspider.rb -d www.example.com --neighbours

• The Windows payloads and modules are written mostly in powershell (in combination with native commands) and are tested on Windows 7.
• The Linux payloads are mostly commands in combination with little Bash scripting. These are tested on Ubuntu 11.
• The OS X payloads are shell scripts (those installed by default) with usage of native commands. Tested on OS X Lion running on a VMWare.

Changelog v0.4.5

• Bug fixes and improvements in Time Based Exec. It now supports exfiltration and could be stopped remotely.
• Less lines of code for HTTP Backdoor and Download Execute PS.
• HTTP Backdoor, Download Execute PS, Hashdump and Exfiltrate and Dump LSA Secrets now execute the downloaded script in memory.
• Shortened parameters passed to powershell.exe when the scripts are called. Thus, saving the time in “typing” by HID.
• Added two new exfiltration options, POST requests and DNS TXT records.
• Username and password for exfiltration would be asked only if you select gmail or pastebin.
• Tinypaste as an option for exfiltration has been removed.
• Payloads have been made more modular which results in smaller size.
• Reboot Persistence has been added to HTTP Backdoor and DNS TXT Backdoor.
• Menu redesign.
• Bug fix in Dump LSA Secrets payload.
• Added ./extras/Decode.ps1. Use this to decode data exfiltrated by HTTP Backdoor and DNS TXT Backdoor.
• Added ./extras/Remove-Persistence.ps1. Use this to remove persistence by Keylogger, HTTP Backdoor and DNS TXT Backdoor.
• Kautilya could be run on Windows if win32console gem is installed.

Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.

Usage

* Detect typo squatters profiting from typos on your domain name
* Protect your brand by registering popular typos
* Identify typo domain names that will receive traffic intended for another domain
* Conduct phishing attacks during a penetration test

Features

* Generates 15 types of domain variants
* Knows over 8000 common misspellings
* Supports cosmic ray induced bit flipping
* Multiple keyboard layouts (qwerty, azerty, qwertz, dvorak)
* Checks if a domain variant is valid
* Test if domain variants are in use
* Estimate popularity of a domain variant
URLCrazy requires Linux and the Ruby interpreter.

• Massively decreased RAM consumption.
• Amount of performed requests cut down by 1/3 — and thus 1/3 decrease in scan times.
• Overhauled timing attack and boolean/differential analysis algorithms to fix SQLi false-positives with misbehaving webapps/servers.
• Vulnerability coverage optimizations with 100% scores on WAVSEP’s tests for:
  • SQL injection
  • Local File Inclusion
  • Remote File Inclusion
  • Non-DOM XSS — DOM XSS not supported until Arachni v0.5.

• Implemented Scan Scheduler with support for recurring scans.
• Redesigned Issue table during the Scan progress screen, to group and filter issues by type and severity.

Script in Ruby, for search passwords WiFi of remote routers.

Support Routers:

*] Thomson *] Thechnicolor

in next days:
*] bee *] cisco

Changelog v0.4.3

• Stable multi-Instance scans, taking advantage of SMP/Grid architectures for higher efficiency and performance.
• Automated Grid load-balancing.
• Platform fingerprinting for tailor-made audits resulting in less bandwidth consumption, less server stress and smaller scan runtimes.

• Support for PostgreSQL.
• Support for importing data and configuration from the previous 0.4.2-0.4 packages.

• Downgraded to require GLIBC >= 2.12 for improved portability.

Advantages

No Configuration Necessary

Run It Anytime

Better Coverage

Best Practices

Flexible Testing

Speed

Limitations

False Positives

Unusual Configurations

Only Knows Code

Isn’t Omniscient

• Add check for unsafe symbol creation (Aaron Weiner)
• Do not warn on mass assignment with slice/only (#203)
• Do not warn on session secret if in .gitignore (#241)
• Fix session secret check for Rails 4
• Fix scoping for blocks and block arguments
• Fix error when modifying blocks in templates
• Fix crash on before_filter outside controller
• Fix Sexp hash cache invalidation
• Respect quiet option in configuration file (#300)
• Convert assignment to simple if expressions to or
• More fixes for assignments inside branches
• Refactoring of CheckLinkTo and Report (Bart ten Brinke)
• Pin ruby2ruby dependency to version 2.0.3 (see here)