Tuesday, May 8, 2007

Metasploit GUI & Assistant

After a long waiting, a cool Metasploit GUI is available. In the development version of the metasploit is available the GUI with the new Metasploit::Assistant.

I think this is a great advance, and step by step the project is getting near the commercial options (Canvas, Core Impact). Right now Metasploit has 187 exploits, 106 payloads and many more

One great thing of this Framework is that runs on the Nokia 770/800, i hope for the GUI to run on the Nokia soon, it will be very easy to hack on the move, not typing in the mini X-term. Someone to port ruby-libglade and ruby-gtk2?

Next, Next, Next, Own3d ;)

For installing in Backtrack2 Final:

1-Download the following files:


2-Execute these commands:

# lzm2dir ruby-gtk2-0.16.0.lzm /
# lzm2dir ruby-libglade2-0.16.lzm /

# cd /pentest/exploits/framework3
# svn update
# ./msfgui

And here are some screenshots of the GUI running:

Sunday, May 6, 2007

Wfuzz update!

We did some bug cleaning, and some improvements to our wfuzz. Now it supports colored output on Windows machines!, we added support for fuzzing all GET and POST variables with one command, and we also tackle some errors.

If you find an error please send us an email, also if you have a new dictionary please help with the project and send it to us ;)

Check the new version: Wfuzz

My new Nokia 770!

Im very happy with my new Nokia 770, its an Internet Tablet that is between a mobile phone and a mini computer. It has an ARM processor, MMC memory, Wlan, Bluetooth, and an impressive 800x480 screen.

The cool thing is that is based on Debian Linux (Kernel 2.6.12). I bought it because i wanted to do some test and try to build a Security testing device, im developing a GUI based bluetooth scanner, and coding some Python tools. :)

There are available tools like: nmap, ettercap, aircrack-ng, kismet, rdesktop, and many more!

Here are some photos:

Tuesday, May 1, 2007

Wfuzz, the web bruteforcer is here...

It's been a while since the last tool were released, with deepbit we were working on a tool for Web Application testing, based on bruteforcing, very fast and useful. It can bruteforce GET and POST parameters, unlinked resources (directories, servlets, scripts), etc. It was used during our latest pentest and it shielded very good results. In the package is included a lot of dictionaries tailored for known applications like Weblogic, Websphere, Tomcat, IIS, Apache, Vignette, Fatwire, and many many more (thanks to Darkraver for letting us using Dirb's dictionaries).

Right now the ouput could be the console and a html file. The last one, is very useful for checking the results in the browser, and if you bruteforced a POST parameter, it will create a button in the Html that will send all the POST data, very cool.

If you are a pentester, you must have it ;)

Please check the Wfuzz page.

Wfuzz 2.2.0 released

I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...