Msfconsole Detecting Kippo SSH Honeypots – Kali Linux

Msfconsole Detecting Kippo SSH Honeypots – Kali Linux

Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.

Kippo is inspired, but not based on Kojoney.

Features:
Some interesting features:

Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
Possibility of adding fake file contents so the attacker can ‘cat’ files such as /etc/passwd. Only minimal file contents are included
Session logs stored in an UML Compatible format for easy replay with original timings
Just like Kojoney, Kippo saves files downloaded with wget for later inspection
Trickery; ssh pretends to connect somewhere, exit doesn’t really exit, etc Continue reading

Mitm Attack MITMf Framework for Man In The Middle

The best MITM tool on Kali Linux MITMF
Injecting payload into softwares via HTTP
Mitm Attack MITMf Framework for Man In The Middle

MITMf

Framework for Man-In-The-Middle attacks
Quick tutorials, examples and developer updates at: https://byt3bl33d3r.github.io
This tool is based on sergio-proxy and is an attempt to revive and update the project.

Features

The framework contains a built-in SMB, HTTP and DNS server that can be controlled and used by the various plugins, it also contains a modified version of the SSLStrip proxy that allows for HTTP modification and a partial HSTS bypass. Continue reading

Wordlists & Password Profiling with Cupp & Kali Linux

How To Password Profiling With Cupp – Common User Passwords Profiler

The most common form of authentication is the combination of a username and a password or passphrase. If both match values stored within a locally stored table, the user is authenticated for a connection. Password strength is a measure of the difficulty involved in guessing or breaking the password through cryptographic techniques or library-based automated testing of alternate values. Continue reading

Anonymous Surfing Kali Linux + Whonix TOR Gateway Part #2

Whonix is an operating system focused on anonymity, privacy and security.
It’s based on the Tor anonymity network, Debian GNU/Linux and security by isolation.

DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP.
Whonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. Continue reading

Anonymous Surfing Kali Linux + Whonix TOR Gateway Part #1

Whonix is an operating system focused on anonymity, privacy and security.
It’s based on the Tor anonymity network, Debian GNU/Linux and security by isolation.

DNS leaks are impossible, and not even malware with root privileges can find out the user’s real IP.
Whonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. Continue reading

Blocking Brute Force & Dictionary Attacks under Linux Using Fail2ban

Fail2ban scans log files and bans IPs that show the malicious signs — too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).

For more information visit

http://www.fail2ban.org/wiki/index.php/Main_Page

Websploit Kali Linux Find PhpMyAdmin

WebSploit Is An Open Source Project For:
Social Engineering Works
Scan,Crawler & Analysis Web
Automatic Exploiter
Support Network Attacks
Autopwn – Used From Metasploit For Scan and Exploit Target Service
wmap – Scan,Crawler Target Used From Metasploit wmap plugin
format infector – inject reverse & bind payload into file format
phpmyadmin Scanner
CloudFlare resolver Continue reading