Name: Hool Analyser
Category : Malware Analysis
Author/Owner : Beenu Arora
Project Home URL – www.hookanalyser.com
1. Spawn and Hook to Application – This feature allows analyst to spawn an application, and hook into it
2. Hook to a specific running process – The option allows analyst to hook to a running (active) process.
3. Perform quick static malware analysis – This module is one of the most interesting and useful module of Hook 4 Analyser, which performs scanning on PE or Widows executables to identify potential malware traces.
4. Application crash analysis – This module enables exploit researcher and/or application developer to analyse memory content when an application crashes.
Project Paper – http://packetstormsecurity.org/files/download/119112/Hook_Analyser.pdf
Name : Game Over
Category : Web Pentest Learning Platform
File Type : VM image/iso
Author : Jovin Lobo
Mentor : Murtuja Bharmal
Download URL : http://sourceforge.net/projects/null-gameover/files
Default Credentials : [username:root / password:gameover]
Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work. It is collection of various vulnerable web applications, designed for the purpose of learning web penetration testing.
GameOver has been broken down into two sections.
Section 1 consists of special web applications that are designed especially to teach the basics of Web Security. This seciton will cover
RFI & LFI
Section 2 is a collection of dileberately insecure Web applications. This section provides a legal platform to test your skills and to try and exploit the vulnerabilities and sharpen your skills before you pentest live sites. We would advice newbies to try and exploit these web applications. These applications provide real life environments and will boost their confidence.
Name : SQLol
Category : SQL Injection
Author : Daniel Crowley
Download URL : https://github.com/SpiderLabs/SQLol
Description : SQLol is a configurable SQL injection testbed. SQLol allows
you to exploit SQL injection flaws, but furthermore allows
a large amount of control over the manifestation of the flaw.
Name : PE Dumper
Category : PE File Analysis.
Author : Rashid Bhatt
Download URL : http://texe.codeplex.com
Description : Texe is Portable Executable Import and Exports Viewer And Disassembler for Microsoft Windows. It can view Symbols Imported and Exported by a portable Executable and can also disassembler the code section of executable. It generates output in form of a html report.
Name: Project Jugaad
Category: API (Linux)
Author/Owner: Aseem Jakhar
Source Code: https://github.com/aseemjakhar/jugaad
Download the project from github using git command:
$ git clone git://github.com/aseemjakhar/jugaad.git
Windows malware conveniently uses the CreateRemoteThread API to delegate critical tasks within
the context of other processes. However, there is no similar API on Linux to perform such operations.
This paper talks about my research on creating an API similar to CreateRemoteThread for the *nix
The aim of the research is to show, how a simple debugging functionality in *nix OSes can be
exploited by a piece of malware to hide itself and delegate the critical (malicious) operations to an
The presented Proof of Concept toolkit named “Jugaad” currently works on Linux. In order to achieve
its primary goal, it allocates the required memory space inside a specified process, creates a thread,
injects arbitrary payload and executes it in the context of the remote thread.
Name: Malware Analyser
Category: Malware Analysis
Author/Owner: Beenu Arora
Download URL: http://www.malwareanalyser.com
Malware Analyzer aims to aid static and dynamic analysis of malwares.
The static analysis allows analyst to predict the behaviour of malware without actually executing it which in turns saves resources in terms of time and effort. It can be useful for string based analysis for Windows registry, API calls, IRC Commands, DLL’s called and anit-VMWare code detection. It can perform a full ASCII dump of the PE along with other options. It can also generate various section of a PE. Malware analyzer also assists on the code analysis of the malware. It can also perform an online malware check. Based on PeID signatures, it can also detect packers used to compress it. It also provides a tracer functionality that can be used to identify anti-debugging calls tricks, file system manipulation calls, Rootkit hooks, keyboard hooks, DEP setting changes, Hardware Breakpoints,Internet communication etc generally used by malwares. It also performs the CRC and timestamp based verification to detect any anomalies along with entropy based scan for identification of malicious sections. The tool can be used to create signatures of a malware which then can be exported as custom signature of AV or IDS. It also allows viewing modules of process along with complete process dumping
The Dynamic analysis allows predicting the actual behaviour of the malware at runtime. Currently malwareanalyser allows hooking to certain APIs File creation and Registry creation and more to come near future.
Category: Metasploit Automater
Author/Owner: Prajwal Panchmahalkar
Download URL: http://metapwn.sourceforge.net/
It will combine the process of nmap scanning and uses the output of the nmap scans to perform an autopwn on the target machines.
Author/Owner: Abhishek Kumar
Download URL: http://n00brat.sourceforge.net/
An undetectable Remote Administration Tool -OR- trojan, an all new approach. Easily usable, Client just requires any Web Browser to control remote machine via WebPage. Fooling firewalls/ids/ips security solutions, as it operates like any web-site.
Category: PDF Fuzzer
Download URL: http://code.google.com/p/spiderpig-pdffuzzer/
An example Input file is in spiderpig’s directory named as test.proto .
test.proto contains methods prototypes with (object/namespace scope)which helps spiderpig to understand the method and its parameters.Add prototypes of methods which are you going to test in this file.Each new method must be written on new line. For example if you want to test methods [alert] and [beep] methods from [app] object you can write prototype as follows
it will create 2 pdfs 1 for app.alert(app.alert.pdf) and another for app.beep(app.beep.pdf).
spiderpig understands type of parameter(strin,number,boolean,object) by reading
the first character of parameter written in methods prototype.
n for numbers
b for boolean
o for object
c for string
so while writing prototype add them as shown in above example.
Here are the steps to use spiderpig:
2>extract it to folder
3>create a file for example test.proto in this file write methods prototypes
4>open comand prompt and goto the folder.
4>type python sp.py <folder-path> test.proto
where <folder-path> is exsisting folder in which pdfs will be created.
5>open pdf reader.
7>open pdf file in reader.
8>do reverse engineering