README.md 6.82 KB
Newer Older
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
1
# The tools that will be added to ParrotSec OS (Next 5.0 )[![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)]
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
2

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
3
### Web Tools
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
4

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
5 6 7
* [Konan](https://github.com/m4ll0k/Konan) - Konan is an advanced open source tool designed to brute force directories and files names on web/application servers.

.
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
8
<p align="center">
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
9
  <img src="https://i.imgur.com/w3bQRoW.png" />
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
10 11
</p>

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
12 13 14 15 16 17 18 19 20 21
*[Photon](https://github.com/s0md3v/Photon) - Photon can extract the following data while crawling:
* URLs (in-scope & out-of-scope)
* URLs with parameters (example.com/gallery.php?id=2)
* Intel (emails, social media accounts, amazon buckets etc.)
* Files (pdf, png, xml etc.)
* Secret keys (auth/API keys & hashes)
* JavaScript files & Endpoints present in them
* Strings matching custom regex pattern
* Subdomains & DNS related data.

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
22 23 24
<p align="center">
  <img src="https://camo.githubusercontent.com/b75075f36f058337fa0186ab0e3079827205d416/68747470733a2f2f696d6167652e6962622e636f2f6b515355637a2f64656d6f2e706e67" />
</p>
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
25

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
26
* [Domainker](https://github.com/BitTheByte/Domainker) -Currently Checked Services
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
27 28 29 30 31 32 33 34 35 36
Github, Heroku, Unbounce, Tumblr, Shopify,
Instapage, Desk, Tictail, Campaignmonitor, Cargocollective,
Statuspage, Amazonaws, Cloudfront, Bitbucket,
Smartling, Acquia, Fastly, Pantheon, Zendesk,
Uservoice, Ghost, Freshdesk, Pingdom, Tilda,
Wordpress, Teamwork, Helpjuice, Helpscout, Cargo,
Feedpress, Surge, Surveygizmo, Mashery, Intercom,
Webflow, Kajabi, Thinkific, Tave, Wishpond, Aftership,
Aha, Brightcove, Bigcartel, Activecompaign, Compaignmonitor,
Acquia, Proposify, Simplebooklet, Getresponse, Vend, Jetbrains, Azure .
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
37

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
38 39 40 41
<p align="center">
  <img src="https://raw.githubusercontent.com/antichown/subdomain-takeover/master/take2.jpg" />
</p>

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
42

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
43 44 45
---------------------------------------------------------------

###forensics
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
46

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
47
*[IDF](https://github.com/Red-x-player/IDF) - full analysis for images and give a full report:
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
48

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
49
## How the tool works
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66
* check from file type
* convert bytes to strings > 2strings.txt
* extrect image meta data > metaData.txt
* using foremost to extract hidden files
* using binwalk to extract hidden files
* using stegsolve.jar to play in image colors
* reverse image bytes
* perform XOR to image bytes in a certain range from user
* perform AND and to image bytes In a certain range from user
* crack jpg image with steghide

*[mXtract](https://github.com/rek7/mXtract) -  What is mXtract?
An opensource linux based tool that analyzes and dumps memory. 
It is developed as an offensive pentration testing tool,
its primary purpose is to scan memory for private keys, ips,
and passwords using regexes. Remember,
your results are only as good as your regexes.
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
67

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
68
<p align="center">
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
69
<img src="https://raw.githubusercontent.com/rek7/mXtract/master/img/ss1.png">
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
70 71
</p>
--------------------------------------------------------------------------------
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
72 73

###Android
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
74 75

*[Droid-Hunter](https://github.com/hahwul/droid-hunter) - Android application vulnerability analysis and Android pentest tool
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
76
A. Support
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
77 78 79
<p align="center">
<img src="https://cloud.githubusercontent.com/assets/13212227/17219286/cae365d4-5525-11e6-82c8-ccf9d135f3e2.png">
</p>
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
80

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
81 82 83 84 85 86
* App info check
* Baksmaling android app
* Decompile android app
* Extract class file
* Extract java code
* Pattern base Information Leakage
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
87

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
88
*[APK-Studio](https://github.com/vaibhavpandeyvpz/apkstudio) -
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
89
<p align="center">
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
90
<img src="https://raw.githubusercontent.com/vaibhavpandeyvpz/apkstudio/master/resources/screenshot.png">
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
91
</p>
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
92

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
93
###Features
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
94

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
95 96 97 98 99 100 101 102 103
* Disassembling & Rebuilding APKs
* Code Editor with Syntax Highlighting (java smali xml yml)
* Built-in Image viewer for Resources
* Single-click APK Signing with embedded key-store (New)
* Android Signing scheme v2 Support (New)
* Flexible Keystore & Key-Alias import
* Automatic Zip-Aligning with embedded zipalign (New)
* Single-click App Install to device
* Frameworks Support
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
104

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120
*[Dwarf](https://github.com/anubi5egypt/Dwarf) -
<p align="center">
<img src="https://camo.githubusercontent.com/afd5726fce1d75860b8bec573c6840e67f98cfe1/68747470733a2f2f692e696d6775722e636f6d2f72624f776a68352e706e67">
</p>

###Features

* Quick spawn, inject and sleep at application onCreate
* Hook natives, java and loading modules cycle before initializations
* Hooks conditions and js script logic
* Manipulate memory and arguments
* Memory and disasm view (Powered by capstone)
* Switch between hooks on different threads
* Inputs are evaluated. Frida js api and dwarf shortcuts are usable in almost any input field
* Variables creation
* Save and load back hooks and variables
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
121

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
122 123 124 125 126 127 128 129 130
-------------------------------------------------------------------------------
##Reverse Engineering

*[Ghidra](https://github.com/NationalSecurityAgency/ghidra)A software reverse engineering (SRE) suite of tools developed 
by NSA's Research Directorate in support of the Cybersecurity mission
<p align="center">
<img src="https://ghidra-sre.org/images/GHIDRA_1.png" />

-------------------------------------------------------------------------------
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
131

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
132 133 134
##Cryphto 

*[X-RSA](https://github.com/X-Vector/X-RSA) - >wating to fix
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
135 136
<p align="center">
<img src="https://e.top4top.net/p_1073esqyv1.png" />
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
137
</p>
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
138 139 140 141 142 143 144 145

X-RSA V0.2 contains a many of attack types such as Hasted, Fermat,
Common Modulus, Chinese Remainder Theorem, Wiener ... etc ,
and it's still under development and adding other Attack
New Attack Added To X-RSA V0.2 And Fixing Many Error in V0.1
X-RSA helps you in [CTF, Hacking , Penetration Testing , Decryption]

*[Crypto-Detector](https://github.com/Wind-River/crypto-detector) - 
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
146

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
147 148 149 150
### Encryption algorithms
This script crudely detects the following cryptography schemes:

Asymmetric cryptography
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
151

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
152
RSA,DSA,Diffie-Hellman,ECC,ElGamal,Rabin,XTR
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
153
Block ciphers
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
154 155 156
AES, DES, RC2, RC5, RC6, CAST, Blowfish ,Twofish ,Threefish ,Rijndael ,Camellia ,IDEA, SEED,
ARIA, SM4,Serpent,SHACAL,GOST,TEA, XTEA,BTEA,SAFER,Feistel,IntelCascade,KASUMI,
MISTY1, NOEKEON, SHARK, Skipjack, BEAR-LION, RFC2268, MARS, DFC, CSCipher
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
157 158 159 160 161 162 163 164 165 166
Stream ciphers
RC4, Salsa20, XSalsa20, ChaCha20, PANAMA, SEAL, SOSEMANUK, WAKE

Substitution ciphers
ROT13

Hybrid encryption
PGP, GPG

Hashing algorithms
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
167
MD2,MD4,MD5,SHA-1,SHA-2,SHA-3,MDC-2,BLAKE,HMAC,RIPEMD,HAVAL,Tiger,Whirlpool,GOST,Adler32,Streebog
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
168 169

Protocols and standards
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
170
SSL,TLS,SSH,PKI,PKCS,MQV,kerberos,ASN1,MSCHAP
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
171 172

Encryption libraries
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
173 174
OpenSSL, OpenSSH, libgcrypt, Crypto++, cryptlib, libXCrypt,libMD, glibC ,BeeCrypt,Botan,
BouncyCastle ,SpongyCastle ,QT ,JAVA SE 7,WinCrypt
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
175 176 177 178 179 180 181

Message Authentication Codes
HMAC, Poly1305

Cryptographic random number generators

And other generic encryption evidence
Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
182

Abdel Rhman Anter's avatar
Abdel Rhman Anter committed
183 184 185 186 187 188 189 190 191 192 193
*[crypto-Identifier](https://github.com/Acceis/crypto_identifier) -

Crypto tool for pentest and ctf :
try to uncipher data using multiple algorithms and block chaining modes.
Usefull for a quick check on unknown cipher text and key dictionary
Supported Algorithms :

AES.ARC2,ARC4,Blowfish,CAST,DES,DES3,XOR
Supported modes :

ECB,CBC,CFB,OFB