Matriux 0.9.4 beta1 [Security Distro]

Featured, Tools 3 Responses »
Feb 012010

Matriux is…

… a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used normally as your default desktop system.

It’s slick, responsive (even under a VM with bare resources) thanks to it’s lean system requirements and comes with an ‘Arsenal’ of tools to help you get stuff done efficiently. Matriux also seems to have a lot going for it as far as an active community reachable through IRC and forums. Overall, the experience is good. It’s at the very least on par with other distros of this nature. I’m mostly impressed by its speed considering its use of KDE4 with a few sfx turned on. I’ll see how it fares on my crappy little Atom based netbook later.

[slider title="Click to show a comprehensive list of security tools included in Matriux"]

Reconnaissance

DNS
  • DIG
  • DNSBruteForce
  • DNSTracer
  • DNSWalk
HTTrack
  • HTTrack
  • WebHTTrack Website Copier
  • Browse Mirrored Websites
Others
  • Chaosreader
  • Deepmagic Information Gathering Tool
  • dsniff password sniffer
  • EtherApe
  • tcpdump
  • tcpslice
  • tcptrace
  • tcptracert
  • Network Analyzer (Wireshark)
  • xtrace

Scanning

BATMAN-Tools
  • batping
  • batroute
  • batdump
Cisco
  • CDP Packet Generator
  • HSRP Generator
Routing-Protocols
  • Autonomous System Scanner
  • IGRP Route Injector

Web-Scanners

  • Nikto
  • Angry IP Scan
  • CryptCat
  • ettercap console
  • Ettercap Gui
  • file2cable
  • Web Server Fingerprinting Tool
  • icmpush
  • icmpquery
  • IRDP Packet Sender
  • IRDP Responder Packet Sender
  • Netcat
  • netenum
  • netmask
  • Nmap
  • Paris Traceroute
  • Protocol Scanner
  • Parallel Internet Measurement Utility
  • tctrace
  • THC-Amap
  • The Network Mapper Front End

Gain Access (Attack Tools)

Brute-Force
  • BruteSSH
Password
  • crunch
  • md5-utils
Others
  • Mac Changer

Framework

Fast-Track
  • Fast Track Console Mode
  • FT-Interactive Menu
  • Fast Track Gui
Inguma
  • Inguma-cli
  • Inguma-gui
Metasploit Framework 2
  • msf2-cli
  • msf2-console
  • msf2-update
  • msf2-web
  • msf2-web console v2.7.
Metasploit Framework 3
  • msf3-cli
  • msf3-console
  • msf3-gui
  • msf3-web
  • msf3-web console v3.2
Others
  • Grendel-Scan
  • HTTP Request Exploit Framework
  • WebSecurify
  • WSFuzzer

Radio

Bluetooth
  • haraldscan
Wireless 802.11
  • airbase-ng
  • aircrack-ng
  • airdecap-ng
  • airdecloak-ng
  • airdriver-ng
  • aireplay-ng
  • airmon-ng
  • airodump-ng
  • airolib-ng
  • airserv-ng
  • airtun-ng
  • buddy-ng
  • easside-ng
  • packetforge-ng
  • tkiptun-ng
  • wesside-ng
  • WiFi Radar

Digital-Forensics

Acquisition
  • Automated Image & Restore 1.28
  • Guymager
Analysis
  • Start Autopsy
  • Autopsy Forensics Browser
  • Gpart
  • Pasco
  • Vinetto
  • Start WarVOX
  • Open WarVOX Web Interface
  • Xplico Console Mode (Internet Traffic Decoder)
  • Xplico Web Interface (Internet Traffic Decoder)
  • Dhash
Debugger
  • Crash
  • e2dbg
  • efence
  • JavaScript Lint
  • valgrind

Tracer

Leak-Tracer
  • Leak Analyze
  • Leak Check
  • etrace
  • ltrace
  • pstack
  • strace

[/slider]

http://www.matriux.com/
Posted by fuzion at 3:15 pm Tagged with: , ,

w3af 1.0-rc3 console for Windows

Featured, Tools No Responses »
Jan 082010


Here’s w3af 1.0 RC3 CLI built for Windows. Please leave a comment if you find a bug. This is not supported software. Please don’t bother reporting bugs to the official list or tracker unless you can confirm it in the original untouched source as well.

Features:

  • Latest tagged release.
  • Python 2.6 and updated dependencies built in.
  • Completely portable.
  • Tested on Windows XP and 7
  • “Fixed” many deprecation warnings. Please test!
  • You can edit the plugins!

Download:

Normal - http://rapidshare.com/files/332486992/w3af-1.0-rc3-console.7z
Slow - http://nukeit.org/pub/w3af-1.0-rc3-console.7z

Stats:

Size: 16,477,852 bytes
CRC32: 846EA1F7
MD5: 42111F575B702660457425DE7EBFA344
SHA-1: 654D70D81BF61579120D238DE2505AA9614DF753

If you’d like to know how I managed to get this built with pyinstaller and fix all the deprecation warnings, take a look at [slider title="this hideous patch:"]

Index: core/controllers/easy_contribution/sourceforge.py
===================================================================
--- core/controllers/easy_contribution/sourceforge.py	(revision 3264)
+++ core/controllers/easy_contribution/sourceforge.py	(working copy)
@@ -23,7 +23,7 @@
 import os
 import cgi
 import time
-import md5
+import hashlib
 import urllib2, urllib
 import cookielib
 from core.controllers.misc.get_w3af_version import get_w3af_version
@@ -102,7 +102,7 @@
         else:
             # Generate the summary, the random token is added to avoid the
             # double click protection added by sourceforge.
-            summary += md5.new( time.ctime() ).hexdigest()
+            summary += hashlib.md5( time.ctime() ).hexdigest()
 
         # Now we handle the details
         details = ''
Index: core/controllers/extrusionScanning/extrusionScanner.py
===================================================================
--- core/controllers/extrusionScanning/extrusionScanner.py	(revision 3264)
+++ core/controllers/extrusionScanning/extrusionScanner.py	(working copy)
@@ -32,7 +32,7 @@
 
 import time
 import os
-import md5
+import hashlib
 import socket
 
@@ -73,7 +73,7 @@
         r += self._exec('uname -a')
         r += self._exec('env')
         r += self._exec('net user')
-        return md5.new(r).hexdigest()
+        return hashlib.md5(r).hexdigest()
 
     def isAvailable( self, port, proto ):
         try:
Index: core/controllers/misc/homeDir.py
===================================================================
--- core/controllers/misc/homeDir.py	(revision 3264)
+++ core/controllers/misc/homeDir.py	(working copy)
@@ -61,7 +61,7 @@
     '''
     @return: The location of the w3af directory inside the home directory of the current user.
     '''
-    home_path = user.home + os.path.sep + '.w3af'
+    home_path = '.w3af'
     return home_path
 
 def home_dir_is_writable():
Index: core/data/parsers/dpCache.py
===================================================================
--- core/data/parsers/dpCache.py	(revision 3264)
+++ core/data/parsers/dpCache.py	(working copy)
@@ -26,7 +26,7 @@
 import core.data.parsers.documentParser as documentParser
 from core.controllers.misc.lru import LRU
 
-import md5
+import hashlib
 import thread
 
@@ -42,7 +42,7 @@
 
     def getDocumentParserFor( self, httpResponse, normalizeMarkup=True ):
         res = None
-        hash = md5.new( httpResponse.getBody() ).hexdigest()
+        hash = hashlib.md5( httpResponse.getBody() ).hexdigest()
 
         with self._LRULock:
             if hash in self._cache:
Index: core/data/url/handlers/keepalive.py
===================================================================
--- core/data/url/handlers/keepalive.py	(revision 3264)
+++ core/data/url/handlers/keepalive.py	(working copy)
@@ -686,7 +686,7 @@
     keepalive_handler.close_all()
 
 def continuity(url):
-    import md5
+    import hashlib
     format = '%25s: %s'
 
     # first fetch the file with the normal http handler
@@ -695,7 +695,7 @@
     fo = urllib2.urlopen(url)
     foo = fo.read()
     fo.close()
-    m = md5.new(foo)
+    m = hashlib.md5(foo)
     print format % ('normal urllib', m.hexdigest())
 
     # now install the keepalive handler and try again
@@ -705,7 +705,7 @@
     fo = urllib2.urlopen(url)
     foo = fo.read()
     fo.close()
-    m = md5.new(foo)
+    m = hashlib.md5(foo)
     print format % ('keepalive read', m.hexdigest())
 
     fo = urllib2.urlopen(url)
@@ -715,7 +715,7 @@
         if f: foo = foo + f
         else: break
     fo.close()
-    m = md5.new(foo)
+    m = hashlib.md5(foo)
     print format % ('keepalive readline', m.hexdigest())
 
 def comp(N, url):
Index: core/data/url/handlers/localCache.py
===================================================================
--- core/data/url/handlers/localCache.py	(revision 3264)
+++ core/data/url/handlers/localCache.py	(working copy)
@@ -25,7 +25,7 @@
 import urllib2
 import httplib
 import unittest
-import md5
+import hashlib
 from core.controllers.misc.homeDir import get_home_dir
 
 import StringIO
@@ -47,7 +47,7 @@
     id += request.get_full_url()
     for h in request.headers.keys():
         id += h + request.headers[h]
-    return md5.new(id).hexdigest()
+    return hashlib.md5(id).hexdigest()
 
 class CacheHandler(urllib2.BaseHandler):
     '''
Index: core/data/url/handlers/MultipartPostHandler.py
===================================================================
--- core/data/url/handlers/MultipartPostHandler.py	(revision 3264)
+++ core/data/url/handlers/MultipartPostHandler.py	(working copy)
@@ -42,7 +42,7 @@
 import urllib
 import urllib2
 import mimetools, mimetypes
-import os, stat, md5
+import os, stat, hashlib
 from core.data.fuzzer.fuzzer import string_file
 
 class Callable:
@@ -102,7 +102,7 @@
             # '127.0.0.1.1000.6267.1173556103.828.1'
             # This contains my IP address, I dont like that...
             # Now:
-            boundary = md5.new(mimetools.choose_boundary()).hexdigest()
+            boundary = hashlib.md5(mimetools.choose_boundary()).hexdigest()
         if buffer is None:
             buffer = ''
 
Index: extlib/pyPdf/pyPdf/pdf.py
===================================================================
--- extlib/pyPdf/pyPdf/pdf.py	(revision 3264)
+++ extlib/pyPdf/pyPdf/pdf.py	(working copy)
@@ -46,8 +46,8 @@
 import utils
 from generic import *
 from utils import readNonWhitespace, readUntilWhitespace, ConvertFunctionsToVirtualList
-from sets import ImmutableSet
-
+#from sets import ImmutableSet
+ImmutableSet = frozenset
 ##
 # This class supports writing PDF files out, given pages produced by another
 # class (typically {@link #PdfFileReader PdfFileReader}).
@@ -115,7 +115,7 @@
     # encryption.  When false, 40bit encryption will be used.  By default, this
     # flag is on.
     def encrypt(self, user_pwd, owner_pwd = None, use_128bit = True):
-        import md5, time, random
+        import hashlib, time, random
         if owner_pwd == None:
             owner_pwd = user_pwd
         if use_128bit:
@@ -129,8 +129,8 @@
         # permit everything:
         P = -1
         O = StringObject(_alg33(owner_pwd, user_pwd, rev, keylen))
-        ID_1 = md5.new(repr(time.time())).digest()
-        ID_2 = md5.new(repr(random.random())).digest()
+        ID_1 = hashlib.md5(repr(time.time())).digest()
+        ID_2 = hashlib.md5(repr(random.random())).digest()
         self._ID = ArrayObject((StringObject(ID_1), StringObject(ID_2)))
         if rev == 2:
             U, key = _alg34(user_pwd, O, P, ID_1)
@@ -156,7 +156,7 @@
     # @param stream An object to write the file to.  The object must support
     # the write method, and the tell method, similar to a file object.
     def write(self, stream):
-        import struct, md5
+        import struct, hashlib
 
         externalReferenceMap = {}
         self.stack = []
@@ -177,7 +177,7 @@
                 pack2 = struct.pack("= 3:
         for i in range(50):
-            md5_hash = md5.new(md5_hash[:keylen]).digest()
+            md5_hash = hashlib.md5(md5_hash[:keylen]).digest()
     return md5_hash[:keylen]
 
 def _alg33(owner_pwd, user_pwd, rev, keylen):
@@ -1114,14 +1114,14 @@
     return val
 
 def _alg33_1(password, rev, keylen):
-    import md5
-    m = md5.new()
+    import hashlib
+    m = hashlib.md5()
     password = (password + _encryption_padding)[:32]
     m.update(password)
     md5_hash = m.digest()
     if rev >= 3:
         for i in range(50):
-            md5_hash = md5.new(md5_hash).digest()
+            md5_hash = hashlib.md5(md5_hash).digest()
     key = md5_hash[:keylen]
     return key
 
@@ -1131,8 +1131,8 @@
     return U, key
 
 def _alg35(password, rev, keylen, owner_entry, p_entry, id1_entry, metadata_encrypt):
-    import md5
-    m = md5.new()
+    import hashlib
+    m = hashlib.md5()
     m.update(_encryption_padding)
     m.update(id1_entry)
     md5_hash = m.digest()
Index: extlib/scapy/scapy.py
===================================================================
--- extlib/scapy/scapy.py	(revision 3264)
+++ extlib/scapy/scapy.py	(working copy)
@@ -3111,9 +3111,9 @@
             if loctrace:
                 trt[trace_id] = loctrace
 
-        tr = map(lambda x: Gnuplot.Data(x,with="lines"), trt.values())
+        tr = map(lambda x: Gnuplot.Data(x,with_="lines"), trt.values())
         g = Gnuplot.Gnuplot()
-        world = Gnuplot.File(conf.gnuplot_world,with="lines")
+        world = Gnuplot.File(conf.gnuplot_world,with_="lines")
         g.plot(world,*tr)
         return g
 
Index: plugins/attack/db/dbDriverFunctions.py
===================================================================
--- plugins/attack/db/dbDriverFunctions.py	(revision 3264)
+++ plugins/attack/db/dbDriverFunctions.py	(working copy)
@@ -13,7 +13,7 @@
 
 import urllib
 import time
-import md5
+import hashlib
 import os
 import random
 
Index: plugins/discovery/favicon_identification.py
===================================================================
--- plugins/discovery/favicon_identification.py	(revision 3264)
+++ plugins/discovery/favicon_identification.py	(working copy)
@@ -43,7 +43,7 @@
 from core.controllers.w3afException import w3afException, w3afRunOnce
 
 import re
-import md5
+import hashlib
 import os.path
 
@@ -86,7 +86,7 @@
             response = self._urlOpener.GET( def_favicon_url, useCache=True )
 
             if not is_404( response ):
-                favmd5=md5.new(response.getBody()).hexdigest()
+                favmd5=hashlib.md5(response.getBody()).hexdigest()
 
                 try:
                     # read MD5 database.
Index: plugins/discovery/findCaptchas.py
===================================================================
--- plugins/discovery/findCaptchas.py	(revision 3264)
+++ plugins/discovery/findCaptchas.py	(working copy)
@@ -33,7 +33,7 @@
 import core.data.kb.knowledgeBase as kb
 import core.data.kb.info as info
 
-import sha
+import hashlib
 import mimetypes
 import core.data.parsers.documentParser as documentParser
 
@@ -121,7 +121,7 @@
                     except:
                         om.out.debug('Failed to retrieve the image for finding captchas.')
                     else:
-                        res[ img_src ] = sha.new(image_response.getBody()).hexdigest()
+                        res[ img_src ] = hashlib.sha1(image_response.getBody()).hexdigest()
 
         return res
 
Index: plugins/discovery/phpEggs.py
===================================================================
--- plugins/discovery/phpEggs.py	(revision 3264)
+++ plugins/discovery/phpEggs.py	(working copy)
@@ -36,7 +36,7 @@
 import core.data.kb.knowledgeBase as kb
 import core.data.kb.info as info
 
-import md5
+import hashlib
 
 class phpEggs(baseDiscoveryPlugin):
@@ -274,7 +274,7 @@
         else:
             cmp_list = []
             for r in response:
-                cmp_list.append( (md5.new(r[0].getBody()).hexdigest(), r[1] ) )
+                cmp_list.append( (hashlib.md5(r[0].getBody()).hexdigest(), r[1] ) )
             cmp_set = set( cmp_list )
 
             found = False
Index: scripts/script-all.w3af
===================================================================
--- scripts/script-all.w3af	(revision 3264)
+++ scripts/script-all.w3af	(working copy)
@@ -10,7 +10,7 @@
 output config console
 set verbose False
 back
-discovery all, !fingerMSN, !fingerGoogle, !fingerPKS, !spiderMan
+discovery all, !fingerMSN, !fingerGoogle, !fingerPKS, !spiderMan !detectReverseProxy
 discovery
 grep all
 grep
@@ -20,6 +20,6 @@
 bruteforce
 back
 target
-set target http://localhost/w3af/
+set target http://localhost/
 back
 start
Index: scripts/script-find_captcha.w3af
===================================================================
--- scripts/script-find_captcha.w3af	(revision 3264)
+++ scripts/script-find_captcha.w3af	(working copy)
@@ -13,7 +13,7 @@
 
 back
 target
-set target http://localhost/w3af/discovery/find_captcha/index.php
+set target http://localhost/
 back
 
 start
Index: w3af_console
===================================================================
--- w3af_console	(revision 3264)
+++ w3af_console	(working copy)
@@ -2,7 +2,76 @@
 
 import getopt, sys, os
 import gettext
-
+import hashlib
+import csv
+import Cookie
+import core.controllers.outputManager as om
+import core.data.constants.browsers as browsers
+import core.data.constants.dbms as dbms
+import core.data.constants.httpConstants as httpConstants
+import core.data.constants.httpConstants as http_constants
+import core.data.constants.severity as severity
+import core.data.constants.w3afPorts as w3afPorts
+import core.data.dc.form as form
+import core.data.kb.config as cf
+import core.data.kb.info as info
+import core.data.kb.info as infokb
+import core.data.kb.knowledgeBase as kb
+import core.data.kb.vuln as vuln
+import core.data.parsers.documentParser as documentParser
+import core.data.parsers.dpCache as dpCache
+import core.data.parsers.urlParser as urlParser
+import core.data.request.httpPostDataRequest as httpPostDataRequest
+import core.data.request.httpQsRequest as httpQsRequest
+import core.data.url.httpResponse as httpResponse
+from core.controllers.basePlugin.baseAttackPlugin import *
+from core.controllers.basePlugin.baseAuditPlugin import *
+from core.controllers.basePlugin.baseBruteforcePlugin import *
+from core.controllers.basePlugin.baseDiscoveryPlugin import *
+from core.controllers.basePlugin.baseEvasionPlugin import *
+from core.controllers.basePlugin.baseGrepPlugin import *
+from core.controllers.basePlugin.baseManglePlugin import *
+from core.controllers.basePlugin.baseOutputPlugin import *
+from core.controllers.basePlugin.basePlugin import *
+from core.controllers.coreHelpers.fingerprint_404 import *
+from core.controllers.daemons.proxy import *
+from core.controllers.daemons.webserver import *
+from core.controllers.misc.factory import *
+from core.controllers.misc.get_local_ip import *
+from core.controllers.misc.groupbyMinKey import *
+from core.controllers.misc.homeDir import *
+from core.controllers.misc.is_private_site import *
+from core.controllers.misc.levenshtein import *
+from core.controllers.misc.temp_dir import *
+from core.controllers.misc.webroot import *
+from core.controllers.sql_tools.blind_sqli_response_diff import *
+from core.controllers.sql_tools.blind_sqli_time_delay import *
+from core.controllers.threads.threadManager import *
+from core.controllers.threads.w3afThread import *
+from core.controllers.w3afException import *
+from core.data.constants.common_directories import *
+from core.data.db.db import *
+from core.data.db.history import *
+from core.data.db.temp_persist import *
+from core.data.dc.form import *
+from core.data.exchangableMethods import *
+from core.data.fuzzer.formFiller import *
+from core.data.fuzzer.fuzzer import *
+from core.data.fuzzer.mutant import *
+from core.data.getResponseType import *
+from core.data.kb.shell import *
+from core.data.options.option import *
+from core.data.options.optionList import *
+from core.data.parsers.dpCache import *
+from core.data.parsers.urlParser import *
+from core.data.request.frFactory import *
+from core.data.request.httpQsRequest import *
+from core.data.searchEngines.googleSearchEngine import *
+from core.data.searchEngines.msn import *
+from core.data.searchEngines.pks import *
+from core.data.searchEngines.yahooSiteExplorer import *
+from core.data.url.xUrllib import *
+
 # First of all, we need to change the working directory to the directory of w3af.
 currentDir = os.getcwd()
 scriptDir = os.path.dirname(sys.argv[0]) or '.'

[/slider]
I’ll have both GUI and console packaged versions uploaded soon.

Posted by fuzion at 11:57 pm Tagged with: , , , , ,
Older Entries Newer Entries
© 2010 nukeitdotorg Suffusion WordPress theme by Sayontan Sinha