Banner 1

FS-NyarL Pentesting & Forensics Framework (ingles)

Publicado por Unknown en 9:17 lunes, 26 de mayo de 2014 Etiquetas: , , ,

http://www.ehacking.net/2014/05/fs-nyarl-pentesting-forensics-framework.html
Automatic tools have made the penetration testing process more efficient and effective, although the importance of manual test are still there and in most of the cases manuals checks are required. But in the mean time we cannot deny the advantages of automatic tool, yes it save a loads of time and energy off course. You must have heard about the most famous vulnerability assessment & penetration testing tool like Nessus & Metasploit but in this article I will discuss FS-NyarL.

NyarL it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony.
It's represent Crawling Chaos and FS-NyarL it's The Crawling Chaos of Cyber Security :-)
A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit - but use it at your own risk!
  • Interactive Console
  • Real Time Passwords Found
  • Real Time Hosts Enumeration
  • Tuned Injections & Client Side Attacks
  • ARP Poisoning & SSL Hijacking
  • Automated HTTP Report Generator 

ATTACKS IMPLEMENTED:

  • MITM (Arp Poisoning)
  • Sniffing (With & Without Arp Poisoning)
  • SSL Hijacking (Full SSL/TLS Control)
  • HTTP Session Hijaking (Take & Use Session Cookies)
  • Client Browser Takeover (with Filter Injection in data stream)
  • Browser AutoPwn (with Filter Injection in data steam)
  • Evil Java Applet (with Filter Injection in data stream)
  • Port Scanning 

POST ATTACKS DATA OBTAINED:

  • Passwords extracted from data stream
  • Pcap file with whole data stream for deep analysis
  • Session flows extracted from data stream (Xplico & Chaosreader)
  • Files extracted from data stream
  • Hosts enumeration (IP,MAC,OS)
  • URLs extracted from data stream
  • Cookies extracted from data stream
  • Images extracted from data stream
  • List of HTTP files downloaded extracted from URLs 



DEPENDENCIES (aka USED TOOLS):
  • Chaosreader (already in bin folder) 
  • Xplico 
  • Ettercap 
  • Arpspoof 
  • Arp-scan 
  • Mitmproxy 
  • Nmap 
  • Tcpdump 
  • Beef 
  • SET 
  • Metasploit 
  • Dsniff 
  • Macchanger 
  • Hamster 
  • Ferret 
  • P0f 
  • Foremost 
  • SSLStrip 
  • SSLSplit 
Download & Tutorial
- See more at: http://www.ehacking.net/2014/05/fs-nyarl-pentesting-forensics-framework.html#sthash.Vs2OSeXP.dpuf

 Fuente: http://www.ehacking.net/2014/05/fs-nyarl-pentesting-forensics-framework.html

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)
Powered by Bad Robot
Helped by Blackubay