Wednesday, July 9, 2014

GoldenEye Layer 7

GoldenEye GoldenEye is a HTTP/S Layer 7 Denial-of-Service Testing Tool. It uses KeepAlive (and Connection: keep-alive) paired with Cache-Control options to persist socket connection busting through caching (when possible) until it consumes all available sockets on the HTTP/S server.

This project started by the influence of Barry Shteiman who created HULK, a Proof-of-concept tool that I decided to improve which later became GoldenEye.

This software is written in purely Python.

* Some users reports that GoldenEye is also running 100% stable on Mac’s and Windows’s python.

Usage
==================================
USAGE: ./goldeneye.py <url> [OPTIONS]

OPTIONS:
========================================
    Flag           Description                     Default
    -u, --useragents   File with user-agents to use                     (default: randomly generated)
    -w, --workers      Number of concurrent workers                     (default: 50)
    -s, --sockets      Number of concurrent sockets                     (default: 30)
    -m, --method       HTTP Method to use 'get' or 'post'  or 'random'  (default: get)
    -d, --debug        Enable Debug Mode [more verbose output]          (default: False)
    -h, --help         Shows this help
Utilities
==================================================
util/getuas.py – Fetchs user-agent lists from http://www.useragentstring.com/pages...gentstring.php subpages (ex: ./getuas.py http://www.useragentstring.com/pages/Browserlist/) REQUIRES BEAUTIFULSOUP4
res/lists/useragents – Text lists (one per line) of User-Agent strings (from http://www.useragentstring.com)

Changelog
=====================================================
2014-02-20 Added randomly created user agents (still RFC compliant).
2014-02-19 Removed silly referers and user agents. Improved randomness of referers. Added external user-agent list support.
2013-03-26 Changed from threading to multiprocessing. Still has some bugs to resolve like I still don't know how to propperly shutdown the manager.
2012-12-09 Initial release


Download:
==============================
https://github.com/jseidl/GoldenEye

LEGAL NOTICE
THIS SOFTWARE IS PROVIDED FOR EDUCATIONAL USE ONLY! IF YOU ENGAGE IN ANY ILLEGAL ACTIVITY THE AUTHOR DOES NOT TAKE ANY RESPONSIBILITY FOR IT. BY USING THIS SOFTWARE YOU AGREE WITH THESE TERMS.
Posted by at No comments:
PyHttpShell is a proof of concept and has very simple and basic features, it was written in Python 2.7 and php.


Features
#######################################
Transport over HTTP/HTTPS.
Supports System Proxy Settings.
Multiple Hosts/Connections.
Download files to client machine.
Change Sleep time remotely.
Works on Win/MAC/Linux

Source
#############################
http://sourceforge.net/projects/pyhttpshell/
Posted by at No comments:

NetStress-NG DDOS


Description
###########################################
Syn Flood Attacks
==============================
SYNFlood with static source port
SYNFlood with random source port
SYNFlood with static source ip address
SYNFlood with random source address
SynFlood with fragmented packets

ACK Flood Attacks
===============================
ACK Flood with static source port
ACK Flood with random source port
ACK Flood with static source ip address
ACK Flood with random source address
ACK Flood with fragmented packets

FIN Flood Attacks
===============================
FIN Flood with static source port
FIN Flood with random source port
FIN Flood with static source ip address
FIN Flood with random source address
FIN Flood with fragmented packets

UDP Flood Attacs
===============================
Static source port udp flood
UDP flood with random source port
UDP Flood with static source ip address
UDP Flood with random source address
UDP Flood with fragmented packets

ICMP Flood
========================================
ICMP Flood with all options random(source ip, icmp type, code)
HTTP Flood

Source
###################################
http://sourceforge.net/projects/netstressng/
Posted by at No comments:

Assassin V1.0 - BurpSuite Plugin

Assassin V1.0 - BurpSuite Plugin
###################################################
This gadget is currently only two functions, one is a side note, the other is a subdomain brute.

Looks like China has not written Burp widget seen someone sent over, it could have been written as early as in others secretly used.

This tool, after a lot of information will increase the detection function. For example, Web fingerprint identification, port detection, vulnerability automation use.

Assassin shown below:


Download
#####################
https://www.dropbox.com/s/oxfjj4eqwblj7yn/BurpSuite%20AssassinV1.0.rar
Posted by at No comments:

Heartbeat Scanner (Exploit CVE-2014-0160) [Python]

Script on the python
Scans the vulnerability Exploit CVE-2014-0160

Download
##################################
http://foxitsecurity.files.wordpress.com/2014/04/fox_heartbleedtest.zip
Posted by at No comments:
WebPwn3r


Descripción:
###########################################
WebPwn3r - Web Applications Security Scanner.

In it’s Public Demo version, WebPwn3r got below Features:

1- Scan a URL or List of URL’s
2- Detect and Exploit Remote Code Injection Vulnerabilities.
3- ~ ~ ~ Remote Command Execution Vulnerabilities.
4- ~ ~ ~ Typical XSS Vulnerabilities.
5- Detect WebKnight WAF.
6- Improved Payloads to bypass Security Filters/WAF’s.
7- Finger-Print the backend Technologies.

WebPwn3r:
###############################
https://github.com/zigoo0/webpwn3r

Video: Yahoo! RCE Detector WebPwn3r
######################################
https://www.youtube.com/embed/B6kDUk-ehOE?wmode=opaque

Posted by at No comments:

Bypass Adfly by Metal

Bypass Adfly by Metal 

Download
#########################
http://www.datafilehost.com/d/68ca9006
Posted by at 2 comments:
Subscribe to: Comments (Atom)