Before using the OpenVAS, we need to setup and update it.
1 Launch a terminal, and run setup for OpenVAS
Wait until it finishes downloading and updating, it will take awhile
2 When it’s done, it will show the admin login username and admin login password, note them down, we will need them every time we try to login to OpenVAS
*3 Update feed for OpenVAS (Only required if there is new updates), when initializing, this step was done once already.
If failed (You might encounter this error)
rsync: failed to connect to feed.openvas.org (xx.xx.xx.xx): Connection refused (111) rsync: failed to connect to feed.openvas.org (xx:xx:xx:xx::xx): Connection timed out (110) rsync error: error in socket IO (code 10) at clientserver.c(127) [Receiver=3.1.3]
Just try again with the same command, it should get through.
4 Launch OpenVAS
It will tell us the address for webui, in this case, it is https://127.0.0.1:9392
(We might encounter following error)
It’s OK, just close it, then launch our favourite web browser then enter https://127.0.0.1:9392 as the address
Now we should have the OpenVAS login screen in front of us.
AntSword is an very easy to use tool for pentesters, security groups as a Post Exploitation tool it can also be used for webmasters etc. Do not use this tool on unauthorized servers/environments or for illegal purpose. It can be a better alternative to Weevely
Description from Official website
AntSword is an open source, cross-platform website administration tool, being designed to meet the needs of penetration testers together with security researchers with permissions and/or authorizations as well as webmasters.
Anyone shall not use it for illegal purposes and profitability. Besides that, publishing unauthorized modified version is also prohibited, or otherwise bear legal responsibilities.
fish (friendly interactive shell) is a smart and user-friendly command line shell for Linux, macOS, and the rest of the family.
fish suggests commands as you type based on history and completions, just like a web browser. Watch out, Netscape Navigator 4.0!
Glorious VGA Color
fish supports 24 bit true color, the state of the art in terminal technology. Behold the monospaced rainbow.
fish is fully scriptable, and its syntax is simple, clean, and consistent. You’ll never write esac again.
Web Based configuration
For those lucky few with a graphical computer, you can set your colors and view functions, variables, and history all from a web page.
Man Page Completions
Other shells support programmable completions, but only fish generates them automatically by parsing your installed man pages.
Works Out Of The Box
fish will delight you with features like tab completions and syntax highlighting that just work, with nothing new to learn or configure.
fish can be installed easily on most Linux distros with their default package manager.
# Debian/Ubuntu/Kali Linux etc.
sudo apt install fish
sudo dns install fish
or, for older version
sudo yum install fish
pacman -S fish
# gentoo Linux
nix-env -i fish
guix package -i fish
eopkg install fish
brew install fish
pkg install fish
fish is available in setup, in the Shells category.
# Windows Subsystem for Linux
sudo apt install fish
depend on the Linux distro you've chose, refer to the above "Linux" part to find correct command to use
pacman -S fish
brew install fish
sudo port install fish
10.6+: Installs to /usr/local/
To use, type fish in the terminal then hit Enter key
1 The computer must be joined to the domain with GPMC and RSAT installed
2 User must use Get-GPOReport with PowerShell to generate XML report
3 The report is required by Grouper
4 Users must manually filter out useful data
Grouper2 does not rely on Get-GPOReport, it still needs to parse different types of files format.
1 More accurate file permission detection, no read/write of storage required
2 Won’t ignore GPP password
3 Provide HTML format output
4 Multi-thread support
5 Supports offline mode
What is it for?
Grouper2 is a tool for pentesters to help find security-related misconfigurations in Active Directory Group Policy.
It might also be useful for other people doing other stuff, but it is explicitly NOT meant to be an audit tool. If you want to check your policy configs against some particular standard, you probably want Microsoft’s Security and Compliance Toolkit, not Grouper or Grouper2.
What does it do?
It dumps all the most interesting parts of group policy and then roots around in them for exploitable stuff.
How is it different from Grouper?
Where Grouper required you to:
have GPMC/RSAT/whatever installed on a domain-joined computer
generate an xml report with the Get-GPOReport PowerShell cmdlet
feed the report to Grouper
a bunch of gibberish falls out and hopefully there’s some good stuff in there.
Grouper2 does like Mr Ed suggests and goes straight to the source, i.e. SYSVOL.
This means you don’t have the horrible dependency on Get-GPOReport (hooray!) but it also means that it has to do a bunch of parsing of different file formats and so on (booo!).
Other cool new features:
better file permission checks that don’t involve writing to disk.
doesn’t miss those GPP passwords that Grouper 1 did.
HTML output option so you can preserve those sexy console colours and take them with you.
aim Grouper2 at an offline copy of SYSVOL if you want.
a bunch of other great stuff but it’s late and I’m tired.
Also, it’s written in C# instead of PowerShell.
How do I use it?
Literally just run the EXE on a domain joined machine in the context of a domain user, and magic JSON candy will fall out.
If the JSON burns your eyes, add -g to make it real pretty.
If you love the prettiness so much you wanna take it with you, do -f "$FILEPATH.html" to puke the candy into an HTML file.
If there’s too much candy and you want to limit output to only the tastiest morsels, set the ‘interest level’ with -i $INT, the bigger the number the tastier the candy, e.g. -i 10 will only give you stuff that will probably result in creds or shells.
If you don’t want to dig around in old policy and want to limit yourself to only current stuff, do -c.
If you want the candy to fall out faster, you can set the number of threads with -t $INT – the default is 10.
If you want to see the other options, do -h.
I don’t get it.
OK have a look at this:
In the screenshot above we can see an “Assigned Application” policy that is still being pushed to computers, but the MSI file to install is missing, and the directory it’s being installed from is writable by the current user.
If you created a hacked up MSI (e.g. with msfvenom) and then modified it to match the UIDs at the bottom of the picture, it would get executed on machines targeted by the GPO. Sweet!
In this one you can see that someone’s done something absolutely insane to the ACLS on the registry.
Microsoft Application Inspector is a software source code analysis tool that helps identify and surface well-known features and other interesting characteristics of source code to aid in determining what the software is or what it does. It has received attention on ZDNet, SecurityWeek, CSOOnline, Linux.com/news, HelpNetSecurity, Twitter and more and was first featured on Microsoft.com.
Application Inspector is different from traditional static analysis tools in that it doesn’t attempt to identify “good” or “bad” patterns; it simply reports what it finds against a set of over 400 rule patterns for feature detection including features that impact security such as the use of cryptography and more. This can be extremely helpful in reducing the time needed to determine what Open Source or other components do by examining the source directly rather than trusting to limited documentation or recommendations.
It includes a filterable confidence indicator to help minimize false positives matches as well as customizable default rules and conditional match logic.
Application Inspector helps inform you better for choosing the best components to meet your needs with a smaller footprint of unknowns for keeping your application attack surface smaller. It helps you to avoid inclusion of components with unexpected features you don’t want.
Application Inspector can help identify feature deltas or changes between component versions which can be critical for detecting injection of backdoors.
It can be used to automate detection of features of interest to identify components that require additional scrutiny as part of your build pipeline or create a repository of metadata regarding all of your enterprise application.
Basically, we created Application Inspector to help us identify risky third party software components based on their specific features, but the tool is helpful in many non-security contexts as well.
Application Inspector v1.0 is now in GENERAL AUDIENCE release status. Your feedback is important to us. If you’re interested in contributing, please review the CONTRIBUTING.md.
We have a strong default starting base of Rules for feature detection. But there are many feature identification patterns yet to be defined and we invite you to submit ideas on what you want to see or take a crack at defining a few. This is a chance to literally impact the open source ecosystem helping provide a tool that everyone can use. See the Rules section of the wiki for more.
Getting Application Inspector
To use Application Inspector, download the relevant binary (either platform-specific or the multi-platform .NET Core release). If you use the .NET Core version, you will need to have .NET Core 3.0 or later installed. See the JustRunIt.md or Build.md files for help.
It might be valuable to consult the project wiki for additional background on Rules, Tags and more used to identify features. Tags are used as a systematic hierarchical nomenclature e.g. Cryptography.Protocol.TLS to more easily represent features.
Application Inspector is a command-line tool. Run it from a command line in Windows, Linux, or MacOS.
> dotnet AppInspector.dll or on *Windows* simply AppInspector.exe <command> <options>
Microsoft Application Inspector 1.0.25
(c) Microsoft Corporation. All rights reserved
No verb selected.
analyze Inspect source directory/file/compressed file (.tgz|zip) against defined characteristics
tagdiff Compares unique tag values between two source paths
tagtest Test presence of smaller set or custom tags in source (compare or verify modes)
exporttags Export default unique rule tags to view what features may be detected
verifyrules Verify rules syntax is valid
help Display more information on a specific command
version Display version information
Usage: dotnet AppInspector.dll [arguments] [options]
dotnet AppInspector.dll -description of available commands
dotnet AppInspector.dll <command> -options description for a given command
Usage: dotnet AppInspector.dll analyze [arguments] [options]
-s, --source-path Required. Path to source code to inspect (required)
-o, --output-file-path Path to output file. Ignored with -f html option which auto creates output.html
-f, --output-file-format Output format [html|json|text]. Default = html
-e, --text-format Match text format specifiers
-r, --custom-rules-path Custom rules path
-t, --tag-output-only Output only contains identified tags. Default = false
-i, --ignore-default-rules Ignore default rules bundled with application. Default = false
-d, --allow-dup-tags Output only non-unique tag matches. Default = false
-c, --confidence-filters Output only matches with confidence [high|medium|low]. Default = high,medium
-k, --file-path-exclusions Exclude source files [none|<list>]. Default = sample,example,test,docs,.vs,.git
-x, --console-verbosity Console verbosity [high|medium|low|none]. Default = medium
-l, --log-file-path Log file path. Default is <application path>/log.txt
-v, --log-file-level Log file level [Debug|Info|Warn|Error|Fatal|Off]. Default = Error
Scan a project directory, with output sent to “output.html” (default behavior includes launching default browser to this file)
Used to verify (pass/fail) that a specified set of rule tags is present or not present in a project e.g. user only wants to know true/false if cryptography is present as expected or if personal data is not present as expected and get a simple yes/no result rather than a full analysis report.
Note: The user is expected to use the custom-rules-path option rather than the default ruleset because it is unlikely that any source package would contain all of the default rules. Instead, create a custom path and rule set as needed or specify a path using the custom-rules-path to point only to the rule(s) needed from the default set. Otherwise, testing for all default rules present in source will likely yield a false or fail result in most cases.
Usage: dotnet AppInspector.dll tagtest [arguments] [options
-s, --source-path Required. Source to test (required)
-t, --test-type Test to perform [rulespresent|rulesnotpresent]. Default = rulespresent
-r, --custom-rules-path Custom rules path
-i, --ignore-default-rules Ignore default rules bundled with application. Default = true
-o, --output-file-path Path to output file
-x, --console-verbosity Console verbosity [high|medium|low]. Default = medium
-l, --log-file-path Log file path
-v, --log-file-level Log file level
Simplest use to see if a set of rules are all present in a project
Roundcube is an open source web/online MUA (mail user agent)
Note!: Don’t forget to change the download link and folder name for wget and Install/Update (Step 2 and 4)
#1 Switch to /tmp directory
#2 Download the package with wget
#3 Extract the package
tar xf roundcubemail-*.tar.gz
MUA (mail user agent) Is used for users to read, compose, and send email. Examples of MUAs are Roundcube, SquirrelMail, pine, Microsoft Outlook etc.
MTA (mail transfer agent) Is used for the transport, delivery, and forwarding of email. Examples of MTAs like SMTP servers are POSTFIX, sendmail etc.