Monday, August 8, 2011

Wfuzz 2.0 released!

Hi All!


After Christian presentation at BlackHat/2011 Tools Arsenal, I'm pleased to announce  a new version of WFuzz! It is now more flexible, dynamic and extensible than ever!

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections, bruteforce Forms parameters (User/Password), Fuzzing,etc.

Highlights in this version:


- Infinite payloads. You can now define as many FUZnZ words as you need .
- Multiple encoders per payload. You can now define as many encoders as you need for each payload independently.
- Payload combination. You can now combine your payloads in different ways by specifying 
iterators.
- Increased flexibility. You can now define in an easy way new payloads, iterators, encoders and output handlers and they will be part of wfuzz straight away.
- Baseline support. You can now define a default value for each payload and compare the results against them.



Other new features include:

- New payloads
- New encoders
- Magictree output
- Support for multiple proxies
- Time delay between requests
- Follow HTTP redirects
- Fuzz within HTTP methods
- HTTP HEAD scan
- SOCKS4/SOCKS5 support

More detailed examples in the README and the google code project page !


Stay tuned! We have a lot of improvements and ideas coming up!

Sunday, July 31, 2011

Blackhat Arsenal USA



Hi all, we are proud to announce that we are going to present at Blackhat Arsenal USA 2011.

We are presenting on Wednesday Wfuzz and Webslayer 2.0 and on Thurdsay theHarvester + Metagoofil 2.0!  both days at 11:15hs.

http://blackhat.com/html/bh-us-11/bh-us-11-arsenal.html

If you want to say hello pass by our pod!

See you there

Edge-Security

Wednesday, June 22, 2011

Scanning ports through SSH Port Forwarding

In one of the latest penetration tests we faced a SSH server that was based in Maverick SSHTOOLS.

The funny thing is that this server was implemented by copy & pasting the example from the web, which had the Port forwarding feature enabled.

After running a bruteforce attack, we found that the admin account had the "admin" password (strong password policy btw), but when we tried to login there was no shell,  the server echoed everything we typed. So we went for the Port forwarding option, we forwarded some ports to interesting services like Terminal Server in the same machine and it worked, so then we though that would be great to be able to scan the internal network through this port forwarding feature, and that´s how we came up with this SSHscan tool.

SSHscan.py will allow you to scan a internal network through a SSH with port forwarding enabled. The tool allows to create a port forward in localhost for every open port detected in the internal network range.

This tool is not one that can be used in every engagement but when you have the opportunity and the need it will came handy.

The tool has been included in the edgeSSH kit, where we will include all the scripts related with SSH, at the moment only bruteSSH, a SSH login bruteforcer and scanSSH are included in the kit.

You can download the code here://code.google.com/p/edgessh

Command line options:

       -h: target host
       -u: username
       -p: password
       -l: targets lists to scan
       -t: threads
       --remote-host: host to scan
       --remote-ports: port list to scan
       --default-ports: scan default ports
       --all-ports: scan all 65535 ports
       --keep-tunnels: Forward all open ports

Examples:

    scanssh.py -h 192.168.1.55 -u root -p passowrd -t list.txt
    scanssh.py -h 192.168.1.55 -u root -p password --remote-host 127.0.0.1 --remote-ports 80,443
    scanssh.py -h 192.168.1.55 -u root -p password --remote-host 127.0.0.1 --default-ports


Enjoy Edge-Security