hackerbrother

Learn Penetration Testing And Ethical Hacking Online.

facebook

  • Facebook
  • Popular Posts

    security testing tools

    astra Automated Security Testing For REST API's.

    astra Automated Security Testing

    REST API penetration testing is advanced because of continuous changes in existing Apis and recently more Apis. Astra will be utilized by security engineers or developers as AN integral a part of their process, so that they will discover and patch vulnerabilities early throughout development cycle. Astra will automatically discover and check login & logout (Authentication API), therefore it is easy for anyone to integrate this into CICD pipeline. Astra will take API collection as AN input thus this may even be used for testing Apis in standalone mode.

    • SQL injection
    • Cross site scripting
    • Information Leakage
    • Broken Authentication and session management
    • CSRF (including Blind CSRF)
    • Rate limit
    • CORS misconfiguration (including CORS bypass techniques)
    • JWT attack
    • CRLF detection
    • Blind XXE injection

    Requirement

    • Linux or MacOS
    • Python 2.7
    • mongoDB

    Installation

    $ git clone https://github.com/flipkart-incubator/Astra
    
    $ cd Astra
    
    $ sudo pip install -r requirements.txt
    
    

    Docker Installation

    Run Mongo Container:

    $ docker pull mongo
    $ docker run --name astra-mongo -d mongo
    

    Installing GUI Docker:

    $ git clone https://github.com/flipkart-incubator/Astra.git
    $ cd Astra
    $ docker build -t astra .
    $ docker run --rm -it --link astra-mongo:mongo -p 8094:8094 astra

    Installing CLI Docker :

    $ git clone -b docker-cli https://github.com/flipkart-incubator/Astra.git
    $ cd Astra
    $ docker build -t astra-cli .
    $ docker run --rm -it --link astra-mongo:mongo astra-cli 
    

    Dependencies

    - requests
    - logger
    - pymongo
    - ConfigParser
    - pyjwt
    - flask
    - sqlmap
    

    Documentation

    Usage: CLI

    $ python astra.py --help _ /\ | | / \ ___| |_ _ __ __ _ / /\ \ / __| __| '__/ _` | / ____ \__ \ |_| | | (_| | /_/ \_\___/\__|_| \__,_| usage: astra.py [-h] [-c {Postman,Swagger}] [-n COLLECTION_NAME] [-u URL] [-headers HEADERS] [-method {GET,POST}] [-b BODY] [-l LOGINURL] [-H LOGINHEADERS] [-d LOGINDATA] REST API Security testing Framework optional arguments: -h, --help show this help message and exit -c {Postman,Swagger}, --collection_type {Postman,Swagger} Type of API collection -n COLLECTION_NAME, --collection_name COLLECTION_NAME Type of API collection -u URL, --url URL URL of target API -headers HEADERS, --headers HEADERS Custom headers.Example: {"token" : "123"} -method {GET,POST}, --method {GET,POST} HTTP request method -b BODY, --body BODY Request body of API -l LOGINURL, --loginurl LOGINURL URL of login API -H LOGINHEADERS, --loginheaders LOGINHEADERS Headers should be in a dictionary format. Example: {"accesstoken" : "axzvbqdadf"} -d LOGINDATA, --logindata LOGINDATA login data of API

    Usage: Web interface

    Run the api.py and access the web interface at http://127.0.0.1:8094
    $ cd API
    $ python api.py
    

    Screenshots


    New scan


    Astra

    Scan Reports

    Scan Reports

    Detailed Report

    Detailed Report

    Lead Developer

    • Sagar Popat (@popat_sagar)

    Credits

    • Ankur Bhargava
    • Harsh Grover
    • Flipkart security team
    • Pardeep Battu
    Continue Reading
    How to Turn an Android Phone into a Hacking Device Without Root

    well not everybody has access to a Kali Linux machine there are nearly two billion Android phones out there today we'll show you how to turn any Android device into a Kali Linux machine on this tutorial refers to the space outside of an operating systems kernel meaning anything that doesn't actually have root access 
    we can use an app of the same name to install Kali Linux or any other Android operating system that's supported on any unrooted Android phone while this is pretty incredible there are a couple limitations to this but in general you are able to communicate with the instance of whatever Linux device you want via SSH or VNC now depending on what you want to run this is a pretty important decision because VNC gives you a full graphic user style interface whereas SSH is more simple but limits you to the command line only now today we're going to explore some command line tools so 

    we'll be using SSH but you can also check this out using VNC if you want to explore this with a GUI interface maybe if you're a little bit more of a beginner and you want to be able to click around and have the kind of general interface experience you would expect with Kali Linux now in order to follow along you will need any unrooted Android phone and in this example I'll be using a Samsung phone but you can use pretty much anything because it doesn't need to be rooted in order to work once you have one then we can begin 

    Install the ConnectBot App

    now to get started with installing a Linux system on your Android device you'll need to have a way of
    communicating
    https://play.google.com/store/apps/details?id=org.connectbot

     with it as I mentioned before we're going to be using SSH to communicate with our instance of catalyst of Kali Linux so to do so we can go ahead and use the recommended app which is connect bot although I've downloaded juice SSH to go with a previous version that used to work and I'm going to continue using it for this particular guide they both work roughly the same so you can use whichever one is your preference in general I find that juice SSH works just fine for SSH based connections although connect bought may work a little bit better for VNC now once you have 

    Install the UserLAnd App

    UserLAnd App

    this installed and we have a way to communicate we need to download the you and app so you'll need to look for this icon and then go ahead and press install and then once this download completes you'll be able to open 
    this up and basically what will happen is you'll get a list of available operating systems that you can run and these are very stripped-down versions so they won't have some of the tools that you might normally recommend recognized even things like ifconfig or ipconfig all that stuff will just not work so in order to get that working we'll need to install a couple things and even installing that won't work until we do an update so we've got kind of a list of things to do ahead of us and it's gonna be a little bit of work before we get there but once we do we'll be able to run some really interesting tools without needing to rely on routing our device now that this is installed 

    Create a New Filesystem

    new Filesystem

    let's go ahead and open it for the first time and we'll see there should be a list of different operating systems and while initially we needed to work with Ubuntu we can our debian we can now go ahead and download Kali directly although as I mentioned before this is going to be a very stripped-down version of Kali Linux so it'll need the ability to access our storage so we'll click OK and this will allow us to be able to actually download this and have a little Drive on our system that's hosting this Linux system so here we'll go ahead and type in our information and then a password and then a VNC password now once you're done with this hit done and then continue and as as you can see the VNC password is very picky so it needs to be to be between six and eight characters all right there we go I'm not gonna save this and then as soon as this is done we'll need to select a type of connection that we want to use to connect with this a device so we'll go ahead and click SSH and we'll be able to create this Kali Linux instance and then communicate with it via SSH as soon as the download and unpacking of the Kali Linux files is complete alright now that it's settled on the app you can see that it's copying it to local storage and then after it extracts everything this should be set up and ready for us to start working with 

    Interact with the Filesystem

    Interact with the Filesystem

    now we'll need to select which type of connection we're going to use and since previously we indicated SSH we're going to be using our tool that we downloaded in the first step which is either going to be connect bot or juice SSH depending on which one you decided to go with once this process completes we should see something asking us which one we want to select here we go now initially this will try to drop us into our SSH default program so I'm gonna go ahead and type in the password I set and then I should see that I am in Cali in userland so you can see I am now the username I set up at localhost which means I have successfully loaded a kali system on this Android device

     so let's try something really basic ifconfig it doesn't work so you might know that pretty much nothing is gonna work on this very stripped-down version now the reason for that is because the installation process is already pretty long with how many files it needs to download and install so trying to get everything all at once it's just not going to work so instead 

    Update the OS

    we'll need to try to install this but unfortunately that won't work either let's take a look and see why so if I type apt install and then net tools you can see that oops I also need to be sudo  you can see here that it'll attempt to do so and usually it'll run into some errors where it's not able to resolve something in some cases it might be able to fetch it but a lot of times it will actually not be able to now I think it looks like my example works so now if I type ifconfig it should succeed but a lot of tools won't so let's go ahead and run an update first to make sure that our system is prepared and ready to use on this cally device so let's go ahead and type apt install update and our new kali system will also need root constantly because you have to remember that we are just a guest on the system we're not actually root so then once this update finishes let's see there we go once this update process finishes we should have a fresh list of all the sources meaning that anything that's been updated since this installation was this particular image was released will be able to be updated normally and will have all the freshest data that we need to keep these packages updated this is also a good step to run before doing an apt upgrade because sometimes some packages in the upgrade will fail if they can't be resolved so once we have all the information we need to run the upgrade this would be a good time to go ahead and run that upgrade so now we have a list of all the sources in kali that are available at our fingertips so what is one of the most interesting things 

    Install Software

    we can do well we can go ahead and use routersploit which is a really fun tool and in order to download it all we need to do is type apt install oops sudo abt a pea in stall routers wait now you can see just like this will type Y for yes and we can go ahead and install this really interesting and fun tool to use against routers and embedded devices on a network and be able to use up from any Android device with a maybe five-minute installation on a fast internet connection so this is a really cool way of getting started with some of these tools and if you want to use router sploit a little bit more you can check out our tutorial on using it but I'm going to address another problem that can be fixed with the installation of a simple tool when you're using SSH on an Android device now as you tend to use this for a while you'll notice that sometimes your performance of SSH doesn't keep up with whatever it is you're trying to do and you might either get kicked out or find some other issues with using SSH now if you drop your SSH connection in the middle of doing something this can be extremely frustrating so screen is a solution that allows you to basically disconnect from an SSH screen and then jump back into it later so if you're starting to get frustrated because your Android device is bugging out a little bit and maybe not connecting properly you can disconnect from the screen session and then reconnect and see if it works better this is really useful because you can even theoretically pass a screen session between devices if you're using SSH on maybe a server or raspberry pi so screen is an amazing tool if you want to manage multiple SSH sessions or if you're dealing with something just by SSH so as soon as this finishes installing routers boy we'll go ahead and install screen and we can do the same thing with other tools that are really useful to have on an Android device like netcat there we go now to install screen you can just type  sudo apt install screen  now if you verify we have this working we can just type man screen and it looks like we don't have the manual installed but for now we can type screen tack H here we can learn more about how to use it and verify that we've successfully installed it while there's no doubt that it's extremely useful to have kali running on an Android device.
    Continue Reading
    Shoot - A Testing Environment for Manual Security Testers

    Sh00t

    • is a task manager to let you focus on performing security testing
    • provides To Do checklists of test cases
    • helps to create bug reports with customizable bug templates

    Features:

    • Dynamic Task Manager to replace simple editors or task management tools that are NOT meant for Security
    • Automated, customizable Security test-cases Checklist to replace Evernote, OneNote or other tools which are NOT meant for Security
    • Manage custom bug templates for different purposes and automatically generate bug report
    • Support multiple Assessments & Projects to logically separate your different needs
    • Use like a paper - Everything's saved automatically
    • Export auto generated bug report into Markdown & submit blindly on HackerOne! (WIP)
    • Integration with JIRA, ServiceNow - Coming soon
    • Export bug report into Markdown - Coming soon
    • Customize everything under-the-hood

    Installation:

    Sh00t requires Python 3 and a few more packages. The simplest way to set up Sh00t is using Conda Environments. However, Anaconda is optional if you have Python 3 and pip installed - you can jump to step 4 below.
    Pre-requisite - One time setup:
    1. Install the minimal version of Anaconda: Miniconda and follow the installation instruction. Remember to reload your bash profile or restart your terminal application to avail conda command. For windows, launch Anaconda Prompt and run all the below commands in that window only.
    2. Create a new Python 3 environment: conda create -n sh00t python=3.6
    3. Activate sh00t environment: conda activate sh00t. If you see an error message like CommandNotFoundError: Your shell has not been properly configured to use 'conda activate'., you have to manually enable conda command. Follow the instructions shown with the error message. You may have to reload your bash profile or restart your terminal. Try activating sh00t again: conda activate sh00t. You should be seeing (sh00t) XXXX$ in your terminal.
    4. Clone or download the latest project into a location of your choice: https://github.com/pavanw3b/sh00tgit clonerequires installation of Git.
    5. Navigate to the folder where sh00t is cloned or downloaded & extracted: cd sh00t. Note that this is the outer-most sh00tdirectory in project files. Not sh00t/sh00t.
    6. Install Sh00t dependency packages: pip install -r requirements.txt
    7. Setup database: python manage.py migrate
    8. Create an User Account: python manage.py createsuperuser and follow the UI to create an account.
    9. Optional but recommended: Avail 174 Security Test Cases from OWASP Testing Guide (OTG) and Web Application Hackers Handbook (WAHH): python reset.py.
    That's all for the first time. Follow the next steps whenever you want to start Sh00t.
    Starting Sh00t:
    If you have Python 3 installed on your machine, you can jump to Step 3.
    1. For Linux/Mac, Open Terminal. For Windows, open Anaconda Prompt.
    2. Activate sh00t environment if not on yet: conda activate sh00t
    3. Navigate to sh00t directory if not in already: cd sh00t
    4. Start Sh00t server: python manage.py runserver
    5. Access http://127.0.0.1:8000/ on your favorite browser. Login with the user credentials created in the one-time setup above.
    6. Welcome to Sh00t!
    7. Once you are done, stop the server: Ctrl + C
    8. [Optional] Deactivate sh00t environment to continue with your other work: conda deactivate.

    Upgrade:

    • Navigate to the folder where sh00t was cloned: cd sh00t
    • Stop the server if it's running: Ctrl + C
    • Pull the latest code base via git: git pull or download the source from github and replace the files.
    • Activate sh00t environment if not on yet: conda activate sh00t
    • Setup any additional dependencies: pip install -r requirements.txt
    • Make the latest database changes: python manage.py migrate
    • Start the server: python manage.py runserver

    Troubleshoot:

    Sh00t is written in Python and powered by Django Web Framework. If you are stuck with any errors, Googling on the error message, should help you most of the times. If you are not sure, please file a new issue on github.

    Glossary:

    • Flag: A Flag is a target that is sh00ted at. It's a test case that needs to be tested. Flags are generated automatically based on the testing methodology chosen. The bug might or might not be found - but the goal is to aim and sh00t at it. Flag contains detailed steps for testing. If the bug is confirmed, then it's called a sh0t.
    • Sh0t: Sh0ts are bugs. Typically Sh0t contain technical description of the bug, Affected Files/URLs, Steps To Reproduce and Fix Recommendation. Most of the contents of Sh0t is one-click generated and only the dynamic content like Affected Parameters, Steps has to be changed. Sh0ts can belong to Assessment.
    • Assessment: Assessment is a testing assessment. It can be an assessment of an application, a program - up to the user the way wanted to manage. It's a part of project.
    • Project: Project contains assessments. Project can be a logical separation of what you do. It can be different job, bug bounty, up to you to decide.

    How does it work?

    Begin with creating a new Assessment. Choose what methodology you want to test with. Today there are 330 test cases, grouped into 86 Flags, belonging to 13 Modules which are created with reference to "Web Application Hacker's Handbook" Testing Methodology. Modules & Flags can be handpicked & customized. Once Assessments are created with the Flags, now the tester has to test them either manually, or semi automated with the help of scanners, tools or however it's required, mark it "Done" on completion. While performing assessment we often come with custom test cases that is specific to certain scenario in the application. A new Flag can be created easily at any point of time.
    Whenever a Flag is confirmed to be a valid bug, a Sh0t can be created. One can choose a bug template that matches best, and sh00t will auto fill the bug report based on the template chosen.

    Screenshots:

    Dashboard:

    Dashboard

    Working on a Flag:

    Choosing Methodology and Test Cases while creating a new Assessment:
    Filing a bug pre-filled with a template:


    Who can use Sh00t?

    • Application Security Engineers: Pentesting & Vulnerability Assessments
    • Bug bounty hunters
    • Independent Security Researchers
    • Blue team, developers who fix
    • Anybody who wants to hack

    Implementation details:

    • Language: Python 3
    • Framework: Django Web Framework
    • Dependencies: Django REST Framework, djnago-tables2: Managed by /requirements.txt
    • UI: Bootstrap - Responsive
    Continue Reading