Skipfish [kali linux]

welcome!

Today we are going to see about a tool in skipfish.
skipfish is a tool in kali linux to gather information.


Skipfish is a web application security Reconnaissance tool. Skipfish prepares an  interactive sitemap for the target using recursive crawl and dictionary-based probes. 
The resulting map provides output after being scanned by security checks


Skipfish can be found under Web Applications | Web Vulnerability Scanners as 
skipfish

When you first open Skipfish, a Terminal window will pop up showcasing the Skipfish commands. Skipfish can use built-in or customizable dictionaries for vulnerability assessment.


There are various command options available in Skipfish. To run Skipfish against a target website using a custom wordlist, enter skipfish, select your wordlist using the -W option followed by the location of the wordlist, select your output directory using -o followed by the location, and finally the target website.

==============================================================
Skipfish –o (output location) –W (location of wordlist) (target website)
==============================================================

I run a  sample over www.google.com


==============================================================
Skipfish –o /root/desktop/skipfishoutput http://www.google.com
==============================================================

If there are no compiling errors, you will be presented with a launch screen that states the will start in 60 seconds or on pressing any key.

You can press the Spacebar to see the details on the scan or watch the default numbers 
run. Scanning a target can take anywhere from 30 seconds to a few hours to complete the process. You can end a scan early by typing Ctrl + C.

Once the scan is complete or if you end it early, Skipfish will generate a ton of output files in the location specified when using the –o option to designate an output folder. To see the results, click on the index.html file, which will bring up an Internet browser. You can click through the drop-down boxes to see your results. See the example reports section for more information

Read More

Heartbleed Vulnerability exploitation

Hi HACKERS,

In recent weeks, the Heartbleed vulnerability of OpenSSL has been dominating the information security headlines. This vulnerability enables an attacker to extract data from the server's memory that may contain authentication credentials, cookies, the servers private key, and personally identifiable info (PII) that could be used for identity theft. As a result, websites around the world have been scrambling to close this hole. Fortunately for us, many still have not, and many may never be closed.

Basically, OpenSSL is an encryption library used in HTTPS (secure HTTP). The idea is that any data traveling over this secured version of HTTP should be secure and encrypted. During communication, OpenSSL uses a "heartbeat" that echoes back data to verify that the data was received correctly. It's kind of like one machine telling the other, "Yes, I got that data and you can send more now."

The Heartbleed vulnerability enables a hacker to trick OpenSSL by sending asingle byte of data while telling the server it sent 64K bytes of data. The server will then send back 64K bytes of data to be checked and echoed back. The server will then respond with 64K of random data from its memory.

In this tutorial, I'll show you a simple exploit for getting that OpenSSL to spill the contents of its memory and possibly give us the user's credentials and other information.

Step 1: Update Metasploit

The first step is to update Metasploit to get the new auxiliary module for Heartbleed. Type:

• kali > msfupdate

Metasploit will then go through the long and slow process of updating its modules and framework. Be patient here, it takes awhile.

When you are finally returned to the Kali prompt, the update has completed.

Step 2: Start Metasploit

Now, we need to start the Metasploit console. At any terminal prompt, type:

• kali > msfconsole

You should be greeted with a screen like that below.

Step 3: Find Heartbleed

Now, we need to find the new Heartbleed module. We can use the built-in search feature in Metasploit. Type:

• search heartbleed

This should bring up two auxiliary modules for Heartbleed. Select the first one as I've highlighted below.

Step 4: Use Auxiliary Module

Next, we need to load this payload. Simply type:

• use auxiliary/scanner/ssl/openssl_heartbleed

This will load the heartbleed module.

Whenever I am using a new module, I like to look at the info page. Once we have loaded the module, type:

• msf > info

As we can see in the screenshot below, this reveals the options that need to set in order to use this module and a description of the module.

Step 5: Set Options

Although this module has numerous options, the critical one is RHOSTS (notice the plural here). Let's set it to a target website I set up on my network that is still vulnerable to Heartbleed.

• msf > set RHOSTS 192.168.1.169

Step 6: Run the Module

Finally, set the option 'verbose" to "true". This will provide us with verbose output.

• msf > set verbose true

And now let's run it:

• msf > run

As you can see in the screenshot below, the server leaked about 64K bytes of what was in its memory.

Step 7: Success

If credentials, personally identifiable information (PII), or the server's private key had been in memory, they would have leaked out as well. Of course, we could set up this Heartbleed scanner to run repeatedly to gather the info in memory at a continual basis, eventually gaining access to all the info that traversed RAM.

Read More

8 Must-Have Tools For Coders

1.Debug

Debug is a small library for logging debug messages. Since it is just a wrapper around console.log, it works in both Node and the Browser. It allows you to filter logging output without changing your source and it also outputs time differences which lets you easily tell how much time has elapsed between log messages.

2.The Prettifier

The Prettifier provides code formatting and syntax highlighting for common programming languages and file formats including JSON, CSS, HTML, XML, SQL, PHP, Perl, Apache Config, and JavaScript, where editing often takes place outside of an IDE.

3.Quill

Quill is a free, open source WYSIWYG editor built for the modern web. With its extensible architecture and a expressive API you can completely customise it to fulfill your needs.

4.Hoa

Hoa is a modular, extensible and structured set of PHP libraries. Moreover, Hoa aims at being a bridge between industrial and research worlds.

5.HTML Inspector

HTML Inspector is a code quality tool to help you and your team write better markup. It's written in JavaScript and runs in the browser, so testing your HTML has never been easier.

6.Socket.IO

Socket.IO enables real-time bidirectional event-based communication. It works on every platform, browser or device, focusing equally on reliability and speed.

7.Handy.js

Handy is a web application template for nodejs. Handy provides all the basic functionality of a web app freeing you to focus on the features that make your app truly unique.

8.Twproject Gantt

Twproject Gantt is a JavaScript component built on jQuery for creating Gantts, task trees, dependencies which exports the resulting data in JSON format

Read More

7 Tips To Follow To Increase Battery Life Of Smart Devices

1. Know the basics:

Know the basic facts about the longevity of batteries. Smartphones, tablets and laptops have lithium-ion batteries usually which start losing their capacity after long-time and daily use. Batteries are designed to retain around 80 per cent of their capacity till a certain limit in charge cycles. You must be wondering what is a charge cycle. Well, a battery completes one charge cycle when it completes 100 per cent and then gets drained to 0.

2. Maintain Screen Brightness:

You must know that if your smartphone screen has maximum brightness then the battery reserve is reduced slowly. The display levels should be reduced manually to a lower level or enable automatic brightness adjustment to save energy. If you are having animated screen-savers it can become a great reason for draining out battery life. You should also keep your device cool all the time to prolong battery life.

3. Keep Temperature In Mind:

Temperature factor plays a crucial role in device's battery life . If you stay in extreme weather conditions, battery capacity will drain out faster. Direct sunlight and freezing temperatures should be avoided on smart devices, as much as possible. Remember extreme heat is more harmful than extreme cold.

4. Signals and Connections:

When you are travelling somewhere, your smartphone's network seeks manual intervention. When this search for network goes on, battery life gets reduced. Bluetooth also drains out battery fast. To ensure better battery life for your smart devices, you need to stay in a zone where network signal is quite healthy. Airplane mode is a quick way to stop battery drain.

5. Don't Keep Devices Plugged-In Most Of The Time:

Once the battery is fully charged at 100 per cent, make sure that the device is not plugged in anymore. Hence, overcharging is not at all a healthy practice. But this practice cannot be implemented in case you are using your laptop. Make sure you discharge laptop battery to at least 40 per cent and then recharge it.

6. Partial discharge vs. Full discharge:

Partial discharge cycles are better than full discharge cycles, keeping the charge in 40-80 per cent range. It means you should discharge your device till 40 per cent and charge it till 80 per cent to get the best. But be practical while following these rules and don't be blind.

7. Battery Replacement:

Even if you follow all the rules, there is a certain limit your battery life can last. So look out for the indicators to make it out that your device battery needs a replacement. The symptoms are: you need to charge your device more than before, it's getting warm during charging or it's getting discharged very shortly.

Read More

Top 7 New Features of Android 5.0 L

Google has finally announced the release of its new Android OS version, Android 5.0 called ‘Android L’, in the Google I/O 2014. The release is Google’s first developer-only preview, and while it’s not the final version of the next flavor of Android, it gives us a great look at what’s next from Android.

There are plenty of cool new features introduced in Android L, including a revamped interface, better battery life and performance boost.
While it’s still not yet released for public but you can download developer preview from here. The SDK is available for developers to download onto Nexus 5 and Nexus 7 devices .
The final release is expected later this year but no specific date has been announced. And it’s not clear if “L” is the final name of the next version of Android or it will likely be called Lollipop, Licorice, or other delicious dessert starting with the letter L when it eventually releases to the public. Now, let’s see some of the new features and improvements come with Android 5.0 L.

New UI: Material Design

The first noticeable change in Android L will be its new user interface. Android 5.0 L featuring a new UI layout called Material Design, which adds more animations and shadows. Android will have animations and transitions like never before, and visual cues that you’ve tapped a button followed by fluid motions and transitions.
Not only does Android L have great visuals and neat animations, but all these transitions work together in and out, and between apps. So while using apps, switching apps, opening new windows and more. Everything moves smooth and fluid.
The navigation bar also get a whole new look. With this release, the Home, Back and Multitasking keys are now symbolized by a triangle, circle, and square that make it looks like the PlayStation controller buttons.

Enhanced Notifications

Google has improved notifications on Android 5.0. The users will now be able to get a full notification appear on the lock screen, then either double tap to launch apps or swipe them away. You can still swipe down to check your notifications, but you now have more ways to view them.
There’s also a new type of notification in Android L called ‘Heads Up’. It basically provides pop-up notifications at the top of your display, whenever you’re inside of an app. You can accept them or dismiss them. They’re meant to show what you’ve received – without taking up your whole display or interrupting.

Battery Saver mode

Google brings a new project called ‘Project Volta’ for Android L. It comes with a smart Battery Saver mode which will turn off all the beauty of the UI as soon as the battery charge goes below 15%. The company claims that it extend battery life by up to 90 mins on the Nexus 5.
A battery predictor will also tell users exactly how long they have to leave the device plugged in before it is fully charged.

CPU Performance Boost

Android L will feature Android RunTime (ART), a new runtime compiler that processes applications more efficiently.
Google claimed that by switching to ART, Android devices will have 2 times performance over Android device running the older Dalvik runtime compiler. ART is also 64-bit compatible allowing Android L to benefit from the larger number registers, cross platform support and the increased RAM support.

Graphics Performance Boost

Android L adds support for OpenGL ES 3.1 and includes a new set of tools called the Android Extension Pack which provides features like tessellation to improve the detail of geometry rendered onscreen, and geometry shaders which also add detail to what is rendered onscreen as well as to add shadows to a scene.
The Android Extension Pack also includes support for compute shaders, and Adaptive Scalable Texture Compression (ASTC) that Google says could bring desktop-class graphic to android devices.

Improved Security

Android L also makes it easier to unlock your phone without having to enter a pin or draw a pattern. The new personal locking feature will help users to make the device aware about their location or proximity with other Bluetooth connected devices like smart-watch and program it to unlock on its own.
Android L also include kill-switch that allow users to wipe data if the device is stolen. This feature was included in earlier versions of Android as well but it seems Google is going for a re-branding this time around specifically for this feature.

3D Multitasking Menu

The multitasking menu of Android will get a 3D look in android L. This is also courtesy Material Design and shows the open apps as overlapping cards. The 3D effect is generated with the help of “shadows and perspectives,”. This will make multitasking on your devices easier.

These are just some of the more notable changes in Android 5.0.

Read More