Jump to content

Home Practice Network Penetration System


Kee

Recommended Posts

Hi, I was wondering about any and all suggestions about setting up a practice hacking network at home? The objective would be to have a relatively good simulation of a network you might find in the field and to have multiple different types of security, so that different methods and programs would have to be used. Any and all suggestions are welcome, Thanks.

Link to comment
Share on other sites

If I were you I'd start off with Virtualbox if you have the power to run it. If you do that you wont need dedicated hardware for every host, just be sure to isolate the network. Plenty of exploitable target virtual machines you can download too like metasploitable, ultimatelamp, the list really goes on and on.

Link to comment
Share on other sites

Here's a couple of old threads to help you out.

Link to comment
Share on other sites

Thank you for the ideas. The problem I think of with using a virtual machine is that if I want to use mostly windows machines since it's currently the most common OS in the field, I would have to have separate licenses for each VM I set up. Am I correct in that statement or do I just not know enough about Virtual Machines?

Link to comment
Share on other sites

Thank you for the ideas. The problem I think of with using a virtual machine is that if I want to use mostly windows machines since it's currently the most common OS in the field, I would have to have separate licenses for each VM I set up. Am I correct in that statement or do I just not know enough about Virtual Machines?

You would need separate licenses if this was within a business, but since you're a home user I believe you can run it unlicensed (the activate windows later option). Downside to this is I don't think you really get to update.

Link to comment
Share on other sites

You can only run your WIndows copy, unlicensed for 30 days. After the 30 days grace period is over, you must activate your Windows copy in order to continue using it. In addition, to avoid buying licenses, you can make several copies of your first virtual machine and run them, as if they were installed individually.

That's what I did in the past, and was able to run them without any problems. Furthermore, you will need to change the hostname on each of the VMs, or you will get conflicting error messages, sayng that there is already another host on the network with this same name.

Link to comment
Share on other sites

So just keep copying machines whenever one comes close to expiring? Sounds good to me. Again since I am pretty darned new to this, so I have to ask whether I would want these VM's hosted on a single machine and then attack them with a different machine, or could I just do an all in one? Again thanks for all the help.

Link to comment
Share on other sites

http://g0tmi1k.blogspot.com/ has a post and :

http://www.owasp.org/index.php/Phoenix/Tools

=========================

LiveCDs

Monday, January 29, 2007 4:02 PM 828569600 AOC_Labrat-ALPHA-0010.iso - http://www.packetfocus.com/hackos/

DVL (Damn Vulnerable Linux) - http://www.damnvulnerablelinux.org/

Test sites / testing grounds

SPI Dynamics (live) - http://zero.webappsecurity.com/

Cenzic (live) - http://crackme.cenzic.com/

Watchfire (live) - http://demo.testfire.net/

Acunetix (live) - http://testphp.acunetix.com/ http://testasp.acunetix.com http://testaspnet.acunetix.com

WebMaven / Buggy Bank - http://www.mavensecurity.com/webmaven

Foundstone SASS tools - http://www.foundstone.com/us/resources-free-tools.asp

Updated HackmeBank - http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html

OWASP WebGoat - http://www.owasp.org/index.php/OWASP_WebGoat_Project

OWASP SiteGenerator - http://www.owasp.org/index.php/Owasp_SiteGenerator

Stanford SecuriBench - http://suif.stanford.edu/~livshits/securibench/

SecuriBench Micro - http://suif.stanford.edu/~livshits/work/securibench-micro/

HTTP proxying / editing

WebScarab - http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project

Burp - http://www.portswigger.net/

Paros - http://www.parosproxy.org/

Fiddler - http://www.fiddlertool.com/

Web Proxy Editor - http://www.microsoft.com/mspress/companion/0-7356-2187-X/

Pantera - http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project

Suru - http://www.sensepost.com/research/suru/

httpedit (curses-based) - http://www.neutralbit.com/en/rd/httpedit/

Charles - http://www.xk72.com/charles/

Odysseus - http://www.bindshell.net/tools/odysseus

Burp, Paros, and WebScarab for Mac OS X - http://www.corsaire.com/downloads/

Web-application scanning tool from `Network Security Tools'/O'Reilly - http://examples.oreilly.com/networkst/

JS Commander - http://jscmd.rubyforge.org/

Ratproxy - http://code.google.com/p/ratproxy/

RSnake's XSS cheat sheet based-tools, webapp fuzzing, and encoding tools

Wfuzz - http://www.edge-security.com/wfuzz.php

ProxMon - http://www.isecpartners.com/proxmon.html

Wapiti - http://wapiti.sourceforge.net/

Grabber - http://rgaucher.info/beta/grabber/

XSSScan - http://darkcode.ath.cx/scanners/XSSscan.py

CAL9000 - http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project

HTMangLe - http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htm

JBroFuzz - http://sourceforge.net/projects/jbrofuzz

XSSFuzz - http://ha.ckers.org/blog/20060921/xssfuzz-released/

WhiteAcid's XSS Assistant - http://www.whiteacid.org/greasemonkey/

Overlong UTF - http://www.microsoft.com/mspress/companion/0-7356-2187-X/

[TGZ] MielieTool (SensePost Research) - http://packetstormsecurity.org/UNIX/utilities/mielietools-v1.0.tgz

RegFuzzer: test your regular expression filter - http://rgaucher.info/b/index.php/post/2007/05/26/RegFuzzer%3A-Test-your-regular-expression-filter

screamingCobra - http://www.dachb0den.com/projects/screamingcobra.html

SPIKE and SPIKE Proxy - http://immunitysec.com/resources-freesoftware.shtml

RFuzz - http://rfuzz.rubyforge.org/

WebFuzz - http://www.codebreakers-journal.com/index.php?option=com_content&task=view&id=112&Itemid=99999999

TestMaker - http://www.pushtotest.com/Docs/downloads/features.html

ASP Auditor - http://michaeldaw.org/projects/asp-auditor-v2/

WSTool - http://wstool.sourceforge.net/

Web Hack Control Center (WHCC) - http://ussysadmin.com/whcc/

Web Text Converter - http://www.microsoft.com/mspress/companion/0-7356-2187-X/

HackBar (Firefox Add-on) - https://addons.mozilla.org/firefox/3899/

Net-Force Tools (NF-Tools, Firefox Add-on) - http://www.net-force.nl/library/downloads/

PostIntercepter (Greasemonkey script) - http://userscripts.org/scripts/show/743

HTTP general testing / fingerprinting

Wbox: HTTP testing tool - http://hping.org/wbox/

ht://Check - http://htcheck.sourceforge.net/

Mumsie - http://www.lurhq.com/tools/mumsie.html

WebInject - http://www.webinject.org/

Torture.pl Home Page - http://stein.cshl.org/~lstein/torture/

JoeDog's Seige - http://www.joedog.org/JoeDog/Siege/

OPEN-LABS: metoscan (http method testing) - http://www.open-labs.org/

Load-balancing detector - http://ge.mine.nu/lbd.html

HMAP - http://ujeni.murkyroc.com/hmap/

Net-Square: httprint - http://net-square.com/httprint/

Wpoison: http stress testing - http://wpoison.sourceforge.net/

Net-square: MSNPawn - http://net-square.com/msnpawn/index.shtml

hcraft: HTTP Vuln Request Crafter - http://druid.caughq.org/projects/hcraft/

rfp.labs: LibWhisker - http://www.wiretrip.net/rfp/lw.asp

Nikto - http://www.cirt.net/code/nikto.shtml

twill - http://twill.idyll.org/

DirBuster - http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project

[ZIP] DFF Scanner - http://security-net.biz/files/dff/DFF.zip

[ZIP] The Elza project - http://packetstormsecurity.org/web/elza-1.4.7-beta.zip http://www.stoev.org/elza.html

HackerFox and Hacking Addons Bundled: Portable Firefox with web hacking addons bundled - http://sf.net/projects/hackfox

Browser-based HTTP tampering / editing / replaying

TamperIE - http://www.bayden.com/Other/

isr-form - http://www.infobyte.com.ar/developments.html

Modify Headers (Firefox Add-on) - http://modifyheaders.mozdev.org/

Tamper Data (Firefox Add-on) - http://tamperdata.mozdev.org/

UrlParams (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1290/

TestGen4Web (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1385/

DOM Inspector / Inspect This (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1806/ https://addons.mozilla.org/en-US/firefox/addon/1913/

LiveHTTPHeaders / Header Monitor (Firefox Add-on) - http://livehttpheaders.mozdev.org/ https://addons.mozilla.org/en-US/firefox/addon/575/

Cookie editing / poisoning

[TGZ] stompy: session id tool - http://lcamtuf.coredump.cx/stompy.tgz

Add'N Edit Cookies (AnEC, Firefox Add-on) - http://addneditcookies.mozdev.org/

CookieCuller (Firefox Add-on) - http://cookieculler.mozdev.org/

CookiePie (Firefox Add-on) - http://www.nektra.com/oss/firefox/extensions/cookiepie/

CookieSpy - http://www.codeproject.com/shell/cookiespy.asp

Cookies Explorer - http://www.dutchduck.com/Features/Cookies.aspx

Ajax and XHR scanning

Sahi - http://sahi.co.in/

scRUBYt - http://scrubyt.org/

jQuery - http://jquery.com/

jquery-include - http://www.gnucitizen.org/projects/jquery-include

Sprajax - http://www.denimgroup.com/sprajax.html

Watir - http://wtr.rubyforge.org/

Watij - http://watij.com/

Watin - http://watin.sourceforge.net/

RBNarcissus - http://idontsmoke.co.uk/2005/rbnarcissus/

SpiderTest (Spider Fuzz plugin) - http://blog.caboo.se/articles/2007/2/21/the-fabulous-spider-fuzz-plugin

Javascript Inline Debugger (jasildbg) - http://jasildbg.googlepages.com/

Firebug Lite - http://www.getfirebug.com/lite.html

firewaitr - http://code.google.com/p/firewatir/

RSS extensions and caching

LiveLines (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/324/

rss-cache - http://www.dubfire.net/chris/projects/rss-cache/

SQL injection scanning

0x90.org: home of Absinthe, Mezcal, etc - http://0x90.org/releases.php

SQLiX - http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project

sqlninja: a SQL Server injection and takover tool - http://sqlninja.sourceforge.net/

JustinClarke's SQL Brute - http://www.justinclarke.com/archives/2006/03/sqlbrute.html

BobCat - http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html

sqlmap - http://sqlmap.sourceforge.net/

Scully: SQL Server DB Front-End and Brute-Forcer - http://www.sensepost.com/research/scully/

FG-Injector - http://www.flowgate.net/?lang=en&seccion=herramientas

PRIAMOS - http://www.priamos-project.com/

Web application security malware, backdoors, and evil code

W3AF: Web Application Attack and Audit Framework - http://w3af.sourceforge.net/

Jikto - http://busin3ss.name/jikto-in-the-wild/

XSS Shell - http://ferruh.mavituna.com/article/?1338

XSS-Proxy - http://xss-proxy.sourceforge.net

AttackAPI - http://www.gnucitizen.org/projects/attackapi/

FFsniFF - http://azurit.elbiahosting.sk/ffsniff/

HoneyBlog's web-based junkyard - http://honeyblog.org/junkyard/web-based/

BeEF - http://www.bindshell.net/tools/beef/

Firefox Extension Scanner (FEX) - http://www.gnucitizen.org/projects/fex/

What is my IP address? - http://reglos.de/myaddress/

xRumer: blogspam automation tool - http://www.botmaster.net/movies/XFull.htm

SpyJax - http://www.merchantos.com/makebeta/tools/spyjax/

Greasecarnaval - http://www.gnucitizen.org/projects/greasecarnaval

Technika - http://www.gnucitizen.org/projects/technika/

Load-AttackAPI bookmarklet - http://www.gnucitizen.org/projects/load-attackapi-bookmarklet

MD's Projects: JS port scanner, pinger, backdoors, etc - http://michaeldaw.org/my-projects/

Web application services that aid in web application security assessment

Netcraft - http://www.netcraft.net

AboutURL - http://www.abouturl.com/

The Scrutinizer - http://www.scrutinizethis.com/

net.toolkit - http://clez.net/

ServerSniff - http://www.serversniff.net/

Online Microsoft script decoder - http://www.greymagic.com/security/tools/decoder/

Webmaster-Toolkit - http://www.webmaster-toolkit.com/

myIPNeighbbors, et al - http://digg.com/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_Address

PHP charset encoding - http://h4k.in/encoding

data: URL testcases - http://h4k.in/dataurl

Browser-based security fuzzing / checking

Zalewski's MangleMe - http://lcamtuf.coredump.cx/mangleme/mangle.cgi

hdm's tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan - http://metasploit.com/users/hdm/tools/

Peach Fuzzer Framework - http://peachfuzz.sourceforge.net/

TagBruteForcer - http://research.eeye.com/html/tools/RT20060801-3.html

PROTOS Test-Suite: c05-http-reply - http://www.ee.oulu.fi/research/ouspg/protos/testing/c05/http-reply/index.html

COMRaider - http://labs.idefense.com

bcheck - http://bcheck.scanit.be/bcheck/

Stop-Phishing: Projects page - http://www.indiana.edu/~phishing/?projects

LinkScanner - http://linkscanner.explabs.com/linkscanner/default.asp

BrowserCheck - http://www.heise-security.co.uk/services/browsercheck/

Cross-browser Exploit Tests - http://www.jungsonnstudios.com/cool.php

Stealing information using DNS pinning demo - http://www.jumperz.net/index.php?i=2&a=1&b=7

Javascript Website Login Checker - http://ha.ckers.org/weird/javascript-website-login-checker.html

Mozilla Activex - http://www.iol.ie/~locka/mozilla/mozilla.htm

Jungsonn's Black Dragon Project - http://blackdragon.jungsonnstudios.com/

Mr. T (Master Recon Tool, includes Read Firefox Settings PoC) - http://ha.ckers.org/mr-t/

Vulnerable Adobe Plugin Detection For UXSS PoC - http://www.0x000000.com/?i=324

About Flash: is your flash up-to-date? - http://www.macromedia.com/software/flash/about/

Test your installation of Java software - http://java.com/en/download/installed.jsp?detect=jre&try=1

WebPageFingerprint - Light-weight Greasemonkey Fuzzer - http://userscripts.org/scripts/show/30285

PHP static analysis and file inclusion scanning

PHP-SAT.org: Static analysis for PHP - http://www.program-transformation.org/PHP/

Unl0ck Research Team: tool for searching in google for include bugs - http://unl0ck.net/tools.php

FIS: File Inclusion Scanner - http://www.segfault.gr/index.php?cat_id=3&cont_id=25

PHPSecAudit - http://developer.spikesource.com/projects/phpsecaudit

PHP Defensive Tools

PHPInfoSec - Check phpinfo configuration for security - http://phpsec.org/projects/phpsecinfo/

A Greasemonkey Replacement can be found at http://yehg.net/lab/#tools.greasemonkey

Php-Brute-Force-Attack Detector - Detect your web servers being scanned by brute force tools such as WFuzz, OWASP DirBuster and vulnerability scanners such as Nessus, Nikto, Acunetix ..etc. http://yehg.net/lab/pr0js/files.php/php_brute_force_detect.zip

PHP-Login-Info-Checker - Strictly enforce admins/users to select stronger passwords. It tests cracking passwords against 4 rules. It has also built-in smoke test page via url loginfo_checker.php?testlic

http://yehg.net/lab/pr0js/files.php/loginfo_checkerv0.1.zip

http://yehg.net/lab/pr0js/files.php/phploginfo_checker_demo.zip

php-DDOS-Shield - A tricky script to prevent idiot distributed bots which discontinue their flooding attacks by identifying HTTP 503 header code. http://code.google.com/p/ddos-shield/

PHPMySpamFIGHTER - http://yehg.net/lab/pr0js/files.php/phpmyspamfighter.zip http://yehg.net/lab/pr0js/files.php/phpMySpamFighter_demo.rar

Web Application Firewall (WAF) and Intrusion Detection (APIDS) rules and resources

APIDS on Wikipedia - http://en.wikipedia.org/wiki/APIDS

PHP Intrusion Detection System (PHP-IDS) - http://php-ids.org/ http://code.google.com/p/phpids/

dotnetids - http://code.google.com/p/dotnetids/

Secure Science InterScout - http://www.securescience.com/home/newsandevents/news/interscout1.0.html

Remo: whitelist rule editor for mod_security - http://remo.netnea.com/

GotRoot: ModSecuirty rules - http://www.gotroot.com/tiki-index.php?page=mod_security+rules

The Web Security Gateway (WSGW) - http://wsgw.sourceforge.net/

mod_security rules generator - http://noeljackson.com/tools/modsecurity/

Mod_Anti_Tamper - http://www.wisec.it/projects.php?id=3

[TGZ] Automatic Rules Generation for Mod_Security - http://www.wisec.it/rdr.php?fn=/Projects/Rule-o-matic.tgz

AQTRONIX WebKnight - http://www.aqtronix.com/?PageID=99

Akismet: blog spam defense - http://akismet.com/

Samoa: Formal tools for securing web services - http://research.microsoft.com/projects/samoa/

Web services enumeration / scanning / fuzzing

WebServiceStudio2.0 - http://www.codeplex.com/WebserviceStudio

Net-square: wsChess - http://net-square.com/wschess/index.shtml

WSFuzzer - http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project

SIFT: web method search tool - http://www.sift.com.au/73/171/sift-web-method-search-tool.htm

iSecPartners: WSMap, WSBang, etc - http://www.isecpartners.com/tools.html

Web application non-specific static source-code analysis

Pixy: a static analysis tool for detecting XSS vulnerabilities - http://www.seclab.tuwien.ac.at/projects/pixy/

Brixoft.Net: Source Edit - http://www.brixoft.net/prodinfo.asp?id=1

Security compass web application auditing tools (SWAAT) - http://www.owasp.org/index.php/Category:OWASP_SWAAT_Project

An even more complete list here - http://www.cs.cmu.edu/~aldrich/courses/654/tools/

A nice list that claims some demos available - http://www.cs.cmu.edu/~aldrich/courses/413/tools.html

A smaller, but also good list - http://spinroot.com/static/

Yasca: A highly extensible source code analysis framework; incorporates several analysis tools into one package. http://www.yasca.org/

Static analysis for C/C++ (CGI, ISAPI, etc) in web applications

RATS - http://www.securesoftware.com/resources/download_rats.html

ITS4 - http://www.cigital.com/its4/

FlawFinder - http://www.dwheeler.com/flawfinder/

Splint - http://www.splint.org/

Uno - http://spinroot.com/uno/

BOON (Buffer Overrun detectiON) - http://www.cs.berkeley.edu/~daw/boon/ http://boon.sourceforge.net

Valgrind - http://www.valgrind.org/

Java static analysis, security frameworks, and web application security tools

LAPSE - http://suif.stanford.edu/~livshits/work/lapse/

HDIV Struts - http://hdiv.org/

Orizon - http://sourceforge.net/projects/orizon/

FindBugs: Find bugs in Java programs - http://findbugs.sourceforge.net/

PMD - http://pmd.sourceforge.net/

CUTE: A Concolic Unit Testing Engine for C and Java - http://osl.cs.uiuc.edu/~ksen/cute/

EMMA - http://emma.sourceforge.net/

JLint - http://jlint.sourceforge.net/

Java PathFinder - http://javapathfinder.sourceforge.net/

Fujaba: Move between UML and Java source code - http://wwwcs.uni-paderborn.de/cs/fujaba/

Checkstyle - http://checkstyle.sourceforge.net/

Cookie Revolver Security Framework - http://sourceforge.net/projects/cookie-revolver

tinapoc - http://sourceforge.net/projects/tinapoc

jarsigner - http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.html

Solex - http://solex.sourceforge.net/

Java Explorer - http://metal.hurlant.com/jexplore/

HTTPClient - http://www.innovation.ch/java/HTTPClient/

another HttpClient - http://jakarta.apache.org/commons/httpclient/

a list of code coverage and analysis tools for Java - http://mythinkpond.blogspot.com/2007/06/java-foss-freeopen-source-software.html

Microsoft .NET static analysis and security framework tools, mostly for ASP.NET and ASP.NET AJAX, but also C# and VB.NET

* Visual Studio 2008 Code Analysis, available in:

o VSTS 2008 Development Edition (http://msdn.microsoft.com/vsts2008/products/bb933752.aspx) and

o VSTS 2008 Team Suite (http://msdn.microsoft.com/vsts2008/products/bb933735.aspx)

* Visual Studio 2005 Code Analyzer, available in:

o Visual Studio 2005 Team Edition for Software Developers (http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx)

o Visual Studio 2005 Team Suite (http://msdn.microsoft.com/en-us/vstudio/aa718806.aspx)

* Web Development Helper - http://www.nikhilk.net/Project.WebDevHelper.aspx

* FxCop:

o (blog) http://blogs.msdn.com/fxcop/

o (download) http://code.msdn.microsoft.com/codeanalysis

* Microsoft internal tools you can't have yet:

o http://www.microsoft.com/windows/cse/pa_projects.mspx

o http://research.microsoft.com/Pex/

o http://www.owasp.org/images/5/5b/OWASP_IL_7_FuzzGuru.pdf

Threat modeling

Microsoft Threat Analysis and Modeling Tool v2.1 (TAM) - http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-944703479451&displaylang=en

Amenaza: Attack Tree Modeling (SecurITree) - http://www.amenaza.com/software.php

Octotrike - http://www.octotrike.org/

Add-ons for Firefox that help with general web application security

Web Developer Toolbar - https://addons.mozilla.org/firefox/60/

Plain Old Webserver (POW) - https://addons.mozilla.org/firefox/3002/

XML Developer Toolbar - https://addons.mozilla.org/firefox/2897/

Public Fox - https://addons.mozilla.org/firefox/3911/

XForms Buddy - http://beaufour.dk/index.php?sec=misc&pagename=xforms

MR Tech Local Install - http://www.mrtech.com/extensions/local_install/

Nightly Tester Tools - http://users.blueprintit.co.uk/~dave/web/firefox/buildid/index.html

IE Tab - https://addons.mozilla.org/firefox/1419/

User-Agent Switcher - https://addons.mozilla.org/firefox/59/

ServerSwitcher - https://addons.mozilla.org/firefox/2409/

HeaderMonitor - https://addons.mozilla.org/firefox/575/

RefControl - https://addons.mozilla.org/firefox/953/

refspoof - https://addons.mozilla.org/firefox/667/

No-Referrer - https://addons.mozilla.org/firefox/1999/

LocationBar^2 - https://addons.mozilla.org/firefox/4014/

SpiderZilla - http://spiderzilla.mozdev.org/

Slogger - https://addons.mozilla.org/en-US/firefox/addon/143

Fire Encrypter - https://addons.mozilla.org/firefox/3208/

Add-ons for Firefox that help with Javascript and Ajax web application security

Selenium IDE - http://www.openqa.org/selenium-ide/

Firebug - http://www.joehewitt.com/software/firebug/

Venkman - http://www.mozilla.org/projects/venkman/

Chickenfoot - http://groups.csail.mit.edu/uid/chickenfoot/

Greasemonkey - http://www.greasespot.net/

Greasemonkey compiler - http://www.letitblog.com/greasemonkey-compiler/

User script compiler - http://arantius.com/misc/greasemonkey/script-compiler

Extension Developer's Extension (Firefox Add-on) - http://ted.mielczarek.org/code/mozilla/extensiondev/

Smart Middle Click (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/3885/

Bookmarklets that aid in web application security

RSnake's security bookmarklets - http://ha.ckers.org/bookmarklets.html

BMlets - http://optools.awardspace.com/bmlet.html

Huge list of bookmarklets - http://www.squarefree.com/bookmarklets/

Blummy: consists of small widgets, called blummlets, which make use of Javascript to provide rich functionality - http://www.blummy.com/

Bookmarklets every blogger should have - http://www.micropersuasion.com/2005/10/bookmarklets_ev.html

Flat Bookmark Editing (Firefox Add-on) - http://n01se.net/chouser/proj/mozhack/

OpenBook and Update Bookmark (Firefox Add-ons) - http://www.chuonthis.com/extensions/

SSL certificate checking / scanning

[ZIP] THCSSLCheck - http://thc.org/root/tools/THCSSLCheck.zip

[ZIP] Foundstone SSLDigger - http://www.foundstone.com/us/resources/termsofuse.asp?file=ssldigger.zip

Cert Viewer Plus (Firefox Add-on) - https://addons.mozilla.org/firefox/1964/

Honeyclients, Web Application, and Web Proxy honeypots

Honeyclient Project: an open-source honeyclient - http://www.honeyclient.org/trac/

HoneyC: the low-interaction honeyclient - http://honeyc.sourceforge.net/

Capture: a high-interaction honeyclient - http://capture-hpc.sourceforge.net/

Google Hack Honeypot - http://ghh.sourceforge.net/

PHP.Hop - PHP Honeynet Project - http://www.rstack.org/phphop/

SpyBye - http://www.monkey.org/~provos/spybye/

Honeytokens - http://www.securityfocus.com/infocus/1713

Blackhat SEO and maybe some whitehat SEO

SearchStatus (Firefox Add-on) - http://www.quirk.biz/searchstatus/

SEO for Firefox (Firefox Add-on) - http://tools.seobook.com/firefox/seo-for-firefox.html

SEOQuake (Firefox Add-on) - http://www.seoquake.com/

Footprinting for web application security

Evolution - http://www.paterva.com/evolution-e.html

GooSweep - http://www.mcgrewsecurity.com/projects/goosweep/

Aura: Google API Utility Tools - http://www.sensepost.com/research/aura/

Edge-Security tools - http://www.edge-security.com/soft.php

Fierce Domain Scanner - http://ha.ckers.org/fierce/

Googlegath - http://www.nothink.org/perl/googlegath/

Advanced Dork (Firefox Add-on) - https://addons.mozilla.org/firefox/2144/

Passive Cache (Firefox Add-on) - https://addons.mozilla.org/firefox/977/

CacheOut! (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1453/

BugMeNot Extension (Firefox Add-on) - http://roachfiend.com/archives/2005/02/07/bugmenot/

TrashMail.net Extension (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1813/

DiggiDig (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2819/

Digger (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1467/

Database security assessment

Scuba by Imperva Database Vulnerability Scanner - http://www.imperva.com/scuba/

Browser Defenses

DieHard - http://www.diehard-software.org/

LocalRodeo (Firefox Add-on) - http://databasement.net/labs/localrodeo/

NoMoXSS - http://www.seclab.tuwien.ac.at/projects/jstaint/

Request Rodeo - http://savannah.nongnu.org/projects/requestrodeo

FlashBlock (Firefox Add-on) - http://flashblock.mozdev.org/

CookieSafe (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2497

NoScript (Firefox Add-on) - http://www.noscript.net/

FormFox (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1579/

Adblock (Firefox Add-on) - http://adblock.mozdev.org/

httpOnly in Firefox (Firefox Add-on) - http://blog.php-security.org/archives/40-httpOnly-Cookies-in-Firefox-2.0.html

SafeCache (Firefox Add-on) - http://www.safecache.com/

SafeHistory (Firefox Add-on) - http://www.safehistory.com/

PrefBar (Firefox Add-on) - http://prefbar.mozdev.org/

All-in-One Sidebar (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1027/

QArchive.org web file checker (Firefox Add-on) - https://addons.mozilla.org/firefox/4115/

Update Notified (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2098/

FireKeeper - http://firekeeper.mozdev.org/

Greasemonkey: XSS Malware Script Detector - http://yehg.net/lab/#tools.greasemonkey

Browser Privacy

TrackMeNot (Firefox Add-on) - https://addons.mozilla.org/firefox/3173/

Privacy Bird - http://www.privacybird.com/

Application and protocol fuzzing (random instead of targeted)

Sulley - http://fuzzing.org/

taof: The Art of Fuzzing - http://sourceforge.net/projects/taof/

zzuf: multipurpose fuzzer - http://sam.zoy.org/zzuf/

autodaf¨¦: an act of software torture - http://autodafe.sourceforge.net/

EFS and GPF: Evolutionary Fuzzing System - http://www.appliedsec.com/resources.html

Subject: Infosec Learning

Free Information Security Learning

https://class.coursera.org/inforiskman-2012-001/auth/welcome?type=logout&visiting=%2Finforiskman-2012-001%2Fclass%2Findex

http://blackhatacademy.net/

http://hackademy.hackaserver.com/login/index.php

Learning Sheet

http://pentest.cryptocity.net/careers/

Compiled List of vuln os

http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/

http://bailey.st/blog/2010/11/30/linux-penetration-testing-distributions-list/

http://bailey.st/blog/2010/09/14/pentest-lab-vulnerable-servers-applications-list/

vuln os

https://www.pentesterlab.com/

http://forums.heorot.net/viewtopic.php?f=15&t=189

http://pentestlab.org/

http://www.kioptrix.com/blog/

http://exploit.co.il/projects/vuln-web-app/

http://sourceforge.net/projects/virtualhacking/?source=recommended

http://sourceforge.net/projects/null-gameover/?source=recommended

http://sourceforge.net/projects/holynix/?source=directory

http://sourceforge.net/projects/lampsecurity/?source=directory

http://sourceforge.net/projects/matriux/

http://sourceforge.net/projects/torbox/?source=directory

http://sourceforge.net/projects/remnux/?source=directory

http://sourceforge.net/projects/vicnum/?source=recommended

http://sourceforge.net/projects/livehacking/

http://sourceforge.net/projects/samurai/

http://sourceforge.net/projects/nodezero/

http://sourceforge.net/projects/blackbuntu/

http://sourceforge.net/projects/virtualhacking/files/os/de-ice/

http://sourceforge.net/projects/lampsecurity/files/

Onlne Labs

https://www.hacking-lab.com/Remote_Sec_Lab/livecd.html

http://www.enigmagroup.org/

http://www.hackthissite.org/

http://www.hellboundhackers.org/

http://www.hackerslab.org/eorg/index.html

http://haxme.org/

http://www.dareyourmind.net/

http://www.try2hack.nl/

http://www.astalavista.com/

https://www.pentesterlab.com/exercises

Online CTF's

http://hackergames.net/

http://www.overthewire.org/wargames/

http://www.zeroidentity.org/

http://www.smashthestack.org/index.php

Link to comment
Share on other sites

Wow operat0r_001 quite a collection of links, most of them are redundant information.

Not everyone has the cash flow but if you do here is what I setup.

Xenserver 6.0 on a PE1950 III server 600GB SAS SCSI 15k RPMs 32G DDR2 ECC Ram.

Using thin provisioning I am able to make fast clones of Base images in matter of seconds so if I screw something up I blow it away make a new.

Perl scrip using the xe commands.

PIX 520 Fire

1900 XL Catalyst Switch 4 VLans

1 Linksys Wireless router in DMZ

1 Cisco 2106 AP Air Radius WPA2-Ent

NetApp FAS2020 1TB space.

Now I do a lot of testing and theory hacking.

The VMs I have installed.

Applaince DVWA converted from VMware to Xenserver

Backtrack 4 and 5

Debain Natter

PFsense firewall

WAF by Imperva

Windows 2003 x64/32bit unpatched and patched

Windows XP x64/32bit unpatched and patched

Windows 7 x64/32bit unpatched and patched

Windows 8 (Crap Crap Crap)

Windows 2008 R2 x64/32bit patched and unpatched

For remote access best compress and smooth running tool I use FreeNX by NoMachine. Its free for non commercial use and rock solid.

Ubuntu 10

CentOS

Crunch#!

NAS Virtual Filer

Solaris x86

Oracle Appliance

Citrix XenApp Farm

Citrix CSG

Critix Concentrators.

With a perl script and using the native xe commands and VBscript (Black Magic Coding) on my LandingVM I am able to control how many get fireup at once with just a couple of param settings when executing the perl script.

In some consulting cases I will actually take their physical machine and make a VM from it using XenConverter 2.2 then mock their network up with the same policies and firewall rules.

Then I will hammer it look for holes so on. When I find them I document the tool or tools used with methods. Then I will come up with a fix for it.

This type of lab setup is very cool. VirtualBox is also a solid tool but lacks in multi VM performance once past 3 VMs.

There is Xenserver free edition but I use the enterprise version.

VMware is ok but I don't like their pricing model as Xenserver is flat rate unlimited VMs and no stupid Vsphere or vCenter hyper visors XenServer give a free Xencenter management tool.

Also performance wise Xenserver will handle more VMs up and running as VMware Udom will choke at 20 concurrent running VMs after 3 days uptime with moderate useage.

Hope this helps some.

Thank You

Ghosthunter007 since 1985

Edited by ghosthunter007
Link to comment
Share on other sites

A slightly scaled down version of that for me. I have proxmox running on a oc'd 2600K i7 with 16gb ram and it screams pretty good. I run various VM's on it and attack. I also nabbed a Mikrotik router that does port mirroring so I added a security onion box to the setup as well :) Very fun

telot

Link to comment
Share on other sites

  • 3 weeks later...
  • 3 weeks later...

Money Money Money.... lol... your setup seems pricey; if you do not mind, what is the ballpark price for all of that equipment...?

PE 1950 cost me 1000.00

Fast2020 1TB 500.00 (Repo sale)

Catalyst are $50.00 a pop

Router $100.00 liquidation sites

All the MS licensing I just use trial version so I dont have to pay for the keys.

Citrix CSG is free

Citric Concentator is free

XenServer 6.0 1000.00

Wireless 200.00 from Cisco in San Jose after market value sale.

But I have done enough consulting gigs to pay for it all 5x over.

Just look for deals on the net.

A little hidden secret I use to dumpster dive at technology centers and companies for gear but that got old and troubleshooting unknow issues was old but 80% of the stuff I did get worked great.

Use the same rules as the cops if its in the trash its pubic. as long as the company doesnt own the land the trash can sits on. MNost land owners dont enforce that anyways.

Link to comment
Share on other sites

PE 1950 cost me 1000.00

Fast2020 1TB 500.00 (Repo sale)

Catalyst are $50.00 a pop

Router $100.00 liquidation sites

All the MS licensing I just use trial version so I dont have to pay for the keys.

Citrix CSG is free

Citric Concentator is free

XenServer 6.0 1000.00

Wireless 200.00 from Cisco in San Jose after market value sale.

But I have done enough consulting gigs to pay for it all 5x over.

Just look for deals on the net.

A little hidden secret I use to dumpster dive at technology centers and companies for gear but that got old and troubleshooting unknow issues was old but 80% of the stuff I did get worked great.

Use the same rules as the cops if its in the trash its pubic. as long as the company doesnt own the land the trash can sits on. MNost land owners dont enforce that anyways.

Careful with that one. I've seen stores charge people with theft for dumpster diving. Depending on where you live it's still the store's property until the garbage is collected.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...