Showing posts with label Linux. Show all posts
Showing posts with label Linux. Show all posts

Parrot 4.6 Release - Best Hacking OS


Parrot 4.6

We square measure proud to announce the discharge of Parrot 4.6, when three months of serious development. This has been associate particularly massive 3 months for America as Parrot 4.6 is additionally our initial unharness fully served by our network while not SaaS services like cloudflare. Everything is on our infrastructure.

How to update

Download the newest unharness from they official transfer page

Update your existing Parrot system with command in terminal
  • sudo parrot-upgrade
Don’t forget to use this command frequently (at least once a week) to receive the newest security updates and bugfixes from the Parrot repository.
Appearance

Parrot team developed a new, ultra, awesome visual experience for Parrot 4.6, feast your eyes on a new boot-splash animation and desktop background!

The desktop-base and parrot-wallpapers additionally received some love and ar updated to replicate such changes together with the new Parrot appearence.
Note:The themes and icons are still the same.

APT Now Enforces https

They have modified our APT implementation to support https-to-http downgrades.
This allowed North American country to tack our repository as https by default.

For visual reference Parrot 4.6 is now configured to serve signed index files via https by default, and the mirror redirector is configured to redirect traffic to https mirrors when available.
In case associate degree https mirror isn't obtainable, the packages are downloaded by fallback http mirrors, but APT will still verify the signatures.

In other debian-based systems and previous Parrot OS versions, mirrors used http by default, and https is just an exception.

Http downloads don’t represent a security risk because gpg signatures are more effective than ssl downloads in certifying repository integrity, asdescribed on this website - https://whydoesaptnotusehttps.com/.

Although you'll be able to ne'er eliminate risk of unhealthy actors, we have a tendency to hope to extend the value for suppliers making an attempt to intercept or track user activities (i.e.
knowing if a user is installing specific software).

Improved drivers support

Parrot 4.6 includes the Linux 4.19 kernel that contains many security patches, performance enhancements and a stronger hardware support.

Moreover Parrot 4.6 options vital updates for broadcom and alternative wireless chipset makers, and therefore the Nvidia drivers were updated to the newest 410 version with higher Quadro support.. Debian Kernel Changelog - Linux changelog

Anonsurf has OpenNIC support

Anonsurf currently integrates a replacement choice to modification from the system DNS servers to OpenNIC DNS resolvers.

OpenNIC may be a community-driven dns resolver supplier that respects user freedom and permits domain resolution of some special high level domains.

Parrot 4.6




OSINT-Search - Useful For Digital Forensics Investigations Or InitialBlack-Box Pentest Footprinting


OSINT-Search


OSINT-Search could be a great tool for digital forensics investigations or initial black-box pentest footprinting.

OSINT-Search Description

Functionality
  • Collect personal information include full name, age, gender, languages, location, social networks, etc...
  • Collect information related to data breaches.
  • Collect information related to pastes of data breaches made public.
  • Collect which country a phone number belongs to.
  • Collect results of google hackings searches.
  • Collect results related to a domain or an IP address.
  • Collect digital certificates for a certain domain.
  • Collect CMS for a certain website.
  • Collect DNS Records and zone transfers information for a certain domain.
  • Collect Facebook ID and a facebook page full of photos after getting a facebook profile URL.
  • Collect URLs present in some web page.
  • Collect URL to know what torrents are being downloaded from some IP.
  • This script allows specfic searches and in bulk.
  • More functionalities may to be added later. 

Tested On
  • Kubuntu 18.04.2 LTS
  • Kali Linux 2019.1
  • Windows 10

Requirements (Install)

Linux:
  • Python3 - https://docs.python-guide.org/starting/install3/linux/#install3-linux
  • sudo apt-get install git
Windows:
  • Python3 - https://www.python.org/downloads/windows/
  • git - https://git-scm.com/download/win
Both:
  • pip3 install -r requirements.txt
  • pip3 install git+https://github.com/abenassi/Google-Search-API --upgrade
  • pip3 install https://github.com/PaulSec/API-dnsdumpster.com/archive/master.zip --user

Run
  • first run, you need to submit your API fields to get all the functionality of the script. I suggest you create the accounts mentioned in the description.
  • 'osintSearch.config.ini' configuration file, created with your data and can be edited by you.

Usage
  • $ python3 osintS34rCh.py
OSINT-Search


ScanQLi - Scanner To Detect SQL Injection Vulnerabilities


ScanQLi

ScanQLi is a simple SQL injection scanner with somes additionals features. This tool cannot exploit the SQLi, it simply notice them. Tested on Debian 9

Features

  • Classic
  • Blind
  • Time based
  • GBK (soon)
  • Recursive scan (follow all hrefs of the scanned web site)
  • Cookies integration
  • Adjustable wait delay between requests
  • Ignore given URLs

Prerequisites

1. Install git tool
  • apt update
  • apt install git

2. Clone the repo.
  • git clone https://github.com/bambish/ScanQLi

3. Install python required libs
  • apt install python-pip
  • cd ScanQLi
  • pip install -r requirements.txt
For python3 please install python3-pip and use pip3
 
Usage
  • ./scanqli -u [URL] [OPTIONS]
Exsamples

Simple url scan with output file
  • python scanqli.py -u 'http://127.0.0.1/test/?p=news' -o output.log

Recursive URL scanning with cookies
  • python scanqli.py -u 'https://127.0.0.1/test/' -r -c '{"PHPSESSID":"4bn7uro8qq62ol4o667bejbqo3" , "Session":"Mzo6YWMwZGRmOWU2NWQ1N2I2YTU2YjI0NTMzODZjZDVkYjU="}' 

    Anti DDOS | Bash Script

    Anti-DDOS project is associate open supply computer code project developed to guard against DOS and DDoS attacks. The project was written exploitation bash artificial language. By writing iptables rules into the Linux OS. Takes the required defense configurations. And it solely works on the Linux OS. 100 percent compatible for Linux system} operating systems. It doesn't give 100 percent security, it'll solely assist you to require the required measures.

    More about DDOS, Read Here

    Programing Languages: Bash .sh
    System: Linux
    Sources: Ismail Tasdelen


    Screenshot

    anti-ddos-bash-script



    Tutorial:

    • $ git clone https://github.com/ismailtasdelen/Anti-DDOS.git
    • $ cd Anti-DDOS
      $ chmod +x anti-ddos.sh
    • $ ./anti-ddos.sh

    mXtract

    mXtract is associate opensource Linux based mostly tool that analyzes and dumps memory. it's developed as associate offensive pentration testing tool, its primary purpose is to scan memory for personal keys, ips, and passwords exploitation regexes. Remember, your results area unit solely pretty much as good as your regexes.

    Screenshots

    mxtract

    Scan with prolix and with an easy scientific discipline regex, scanning each knowledge section, displaying method data and scanning atmosphere files.


    Why dump directly from memory?

    In most linux environments users can access the memory of processes, this allows attackers to harvest credentials, private keys, or anything that isnt suppose to be seen but is being processed by a program in clear text.


    Features

    • List of regex abilition
    • Display Clear and Readable
    • Run if Memory Range is Writable in Current Permissions
    • Output file in XML and HTML (process name:result)
    • Mass Scan Every Proccess or a Specific PID
    • Can choose memory sections to scan
    • Show Detailed Process Information
    • Scan Process Environment Files
    • Automatically removes unicode characters (manually allows processing with other tools)

    Install

    • $ git clone https://github.com/rek7/mXtract
    • $ cd mXtract && sh compile.sh

    Commands

    • $ ./mxtract -h
    • $ ./mxtract -wm -wr -e -i -d=/tmp/output/ -r=example_regexes.db