Twitter sec memories #2 [04.02.15] (HTTP botnet / Android app analysis vm / Router Hunter / MITM vm )

Моя подборка тулз и заметок по ИБ в одном посте #2
(наиболее интересное что накопилось за пару дней)

Терминальный дашборд:

https://github.com/gizak/termui

Сетап:

master mirrors v2 branch, to install:

go get -u github.com/gizak/termui
For the compatible reason, you can choose to install the legacy version of termui:

go get gopkg.in/gizak/termui.v1

HTTP BOTNET Betabot 1.8.0.0.1(Private Version)

https://userscloud.com/xm8wih87ypca

https://mega.nz/#!hV0RQTQS!T82bIE1X2ZkjeGerkQvU8WgAniMM1ZIqtqs6lIjd4e4

(делать все только на виртуалке)

AndroL4b -виртуалка для реверса приложений для видроида. (A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis)

Download

The tools directory contains tools and frameworks. Labs are in Lab directory.

username : andro
password : androlab

https://github.com/sh4hin/Androl4b

RouterhunterBR 2.0 - тестирование роутеров на уязвимости (automated Tool for Testing in Vulnerable Routers)

Random ips:

python routerhunter.py --dns1 8.8.8.8 --dns2 8.8.4.8 --randomip --limitip 10 --threads 10 

python routerhunter.py --dns1 8.8.8.8 --dns2 8.8.4.8 -rip -lmtip 10 --threads 10

Scanner in range ip: 

python routerhunter.py --dns1 8.8.8.8 --dns2 8.8.4.8 --range 192.168.25.0-255 --threads 10
IP range customized with wildcard / Ex: --startip 201.*.*.* - --endip 201.*.*.* 

python routerhunter.py --dns1 8.8.8.8 --dns2 8.8.4.8 --startip 192.168.*.* --endip 192.168.*.* --threads 10

Brute force with users and passwords on routers that requires authentication, forcing alteration of dns - DSLink 260E. 

python routerhunter.py --dns1 8.8.8.8 --dns2 8.8.4.4 --range 177.106.19.65-70 --bruteforce --threads 10

https://github.com/jh00nbr/Routerhunter-2.0

MITM Virtual Machine

git clone https://github.com/praetorian-inc/mitm-vm.git 

cd mitm-vm 

vagrant up