- Cm Browser Hacking Pentesting Tools Download Pc
- Offensive Security Training– Training From BackTrack/Kali Developers.
- Black Hat– Annual Security Conference In Las Vegas.
Wifiphisher is a security tool that mounts automated phishing attacks against WiFi networks in order to obtain secret passphrases or other credentials. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages or WPA/WPA2 secret passphrases.
Wifiphisher works on Kali Linux and is licensed under the MIT license.
Which are the best Windows pentesting tools? If you check out the most popular online ethical hacking communities and forums, you’ll realize one thing Most of them ethical hackers and pentesters. List and comparison of the most powerful Penetration Testing Tools used by the Penetration Testers. Security testing tools with comparison.
How it works
After achieving a man-in-the-middle position using the Evil Twin attack, wifiphisher redirects all HTTP requests to an attacker-controlled look-alike web site.
From the victim's perspective, the attack makes use in three phases:
- Victim is being deauthenticated from her access point. Wifiphisher continuously jams all of the target access point's wifi devices within range by forging “Deauthenticate” or “Disassociate” packets to disrupt existing associations.
- Victim joins a rogue access point. Wifiphisher sniffs the area and copies the target access point's settings. It then creates a rogue wireless access point that is modeled by the target. It also sets up a NAT/DHCP server and forwards the right ports. Consequently, because of the jamming, clients will eventually start connecting to the rogue access point. After this phase, the victim is MiTMed.
- Victim is being served a realistic specially-customized phishing page. Wifiphisher employs a minimal web server that responds to HTTP & HTTPS requests. As soon as the victim requests a page from the Internet, wifiphisher will respond with a realistic fake page that asks for credentials or serves malwares. This page will be specifically crafted for the victim. For example, a router config-looking page will contain logos of the victim's vendor. The tool supports community-built templates for different phishing scenarios.
License: MIT OR GPL license
wifiphisher Usage Example
Run the tool by typing wifiphisher or python bin/wifiphisher (from inside the tool's directory).
By running the tool without any options, it will find the right interfaces and interactively ask the user to pick the ESSID of the target network (out of a list with all the ESSIDs in the around area) as well as a phishing scenario to perform. By default, the tool will perform both Evil Twin and KARMA attacks.
Use wlan0 for spawning the rogue Access Point and wlan4 for DoS attacks. Select the target network manually from the list and perform the 'Firmware Upgrade' scenario. Verify that the captured Pre-Shared Key is correct by checking it against the handshake in the handshake.pcap file.
Useful for manually selecting the wireless adapters. The 'Firmware Upgrade' scenario is an easy way for obtaining the PSK from a password-protected network.
Automatically pick the right interfaces. Target the Wi-Fi with ESSID 'CONFERENCE_WIFI' and perform the 'Plugin Update' scenario. The Evil Twin will be password-protected with PSK 's3cr3tp4ssw0rd'.
Useful against networks with disclosed PSKs (e.g. in conferences). The 'Plugin Update' scenario provides an easy way for getting the victims to download malicious executables (e.g. malwares containing a reverse shell payload).
Do not load any extensions. Simply spawn an open Wi-Fi network with ESSID 'FREE WI-FI' and perform the 'OAuth Login' scenario. Use the 'Known Beacons' Wi-Fi automatic association technique.
Useful against victims in public areas. The 'OAuth Login' scenario provides a simple way for capturing credentials from social networks, like Facebook.
Wifiphisher supports community-built templates for different phishing scenarios. Currently, the following phishing scenarios are in place:
- Firmware Upgrade Page: A router configuration page without logos or brands asking for WPA/WPA2 password due to a firmware upgrade. Mobile-friendly.
- OAuth Login Page: A free Wi-Fi Service asking for Facebook credentials to authenticate using OAuth.
- Browser Plugin Update: A generic browser plugin update page that can be used to serve payloads to the victims.
- Network Manager Connect: Imitates the behavior of the network manager. This template shows Chrome's 'Connection Failed' page and displays a network manager window through the page asking for the pre-shared key. Currently, the network managers of Windows and MAC OS are supported.
Built-in phishing scenarios to use with -p option:
Available Phishing Scenarios:
- 1 - Firmware Upgrade Page
A router configuration page without logos or brands asking for WPA/WPA2 password due to a firmware upgrade. Mobile-friendly.
- 2 - Network Manager Connect
Imitates the behavior of the network manager. This template shows Chrome's 'Connection Failed' page and displays a network manager window through the page asking for the pre-shared key. Currently, the network managers of Windows and MAC OS are supported.
- 3 - OAuth Login Page
A free Wi-Fi Service asking for Facebook credentials to authenticate using OAuth
- 4 - Browser Plugin Update
A generic browser plugin update page that can be used to serve payloads to the victims.
Creating a custom phishing scenario
For specific target-oriented attacks, custom scenarios may be necessary. Creating a phishing scenario is easy and consists of two steps:
1) Create the config.ini
A config.ini file lies in template's root directory and its contents can be divided into two sections:
i) info: This section defines the scenario's characteristics.
- Name (mandatory): The name of the phishing scenario
- Description (mandatory): A quick description (<50 words) of the scenario
- PayloadPath (optional): If the phishing scenario pushes malwares to victims, users can insert the absolute path of the malicious executable here
ii) context: This section is optional and holds user-defined variables that may be later injected to the template.
Here's an example of a config.ini file:
2) Create the template files
The HTML files may also contain some special syntax (think placeholders) describing how dynamic content will be inserted. The dynamic contect may originate from two sources:
i) Beacon frames. Beacon frames contain all the information about the target network and can be used for information gathering. The main process gathers all the interesting information and passes them to the chosen template on the runtime.
At the time of writing, the main process passes the following data:
- target_ap_essid <str>: The ESSID of the target Access Point
- target_ap_bssid <str>: The BSSID (MAC) address of the target Access Point
- target_ap_channel <str<: The channel of the target Access Point
- target_ap_vendor <str>: The vendor's name of the target Access Point
- target_ap_logo_path <str>: The relative path of the target Access Point vendor's logo in the filesystem
- APs_context <list>: A list containing dictionaries of the Access Points captured during the AP selection phase
- AP <dict>: A dictionary holding the following information regarding an Access Point:
- channel <str>: The channel of the Access Point
- essid <str> The ESSID of the Access Point
- bssid <str> The BSSID (MAC) address of the Access Point
- vendor <str> The vendor's name of the Access Point
Note that the above values may be 'None' accordingly. For example, all the target_* values will be None if there user did not target an Access Point (by using --essid option). The 'target_ap_logo_path' will be None if the logo of the specific vendor does not exist in the repository.
ii) config.ini file (described above).
All the variables defined in the 'Context' section may be used from within the template files. In case of naming conflicts, the variables from the configuration file will override those coming from the beacon frames.
In order for wifiphisher to know which credentials to log, the values of the 'name' HTML attributes need to be prefixed with the 'wfphshr' string. During POST requests, wifiphisher will log all variables that are prefixed with this string.
Here's a snippet from a template (index.html):
In this example, 'victim_name' and 'ISP' variables come from config.ini, while 'target_ap_vendor' variable is from the beacon frames. Both 'wphshr-username' and 'wphshr-password' will be logged.
How to install wifiphisher
Following are the requirements for getting the most out of Wifiphisher:
- Kali Linux. Although people have made Wifiphisher work on other distros, Kali Linux is the officially supported distribution, thus all new features are primarily tested on this platform.
- One wireless network adapter that supports AP mode. Drivers should support netlink.
- One wireless network adapter that supports Monitor mode and is capable of injection. Again, drivers should support netlink. If a second wireless network adapter is not available, you may run the tool with the --nojamming option. This will turn off the de-authentication attack though.
Installin on Kali Linux
Installin on BlackArch
- Fluxion (88%)
- WiFi-Pumpkin (ex 3vilTwinAttacker) (82.8%)
- infernal-twin (81.2%)
- AtEar (81.2%)
- create_ap (61.6%)
- trackerjacker (RANDOM - 51.4%)
Recommended for you:
When it comes to hacking or pen-testing. It’s not about mastering a single tool. One needs to gather information on target and do reverse engineering based on collected information. It may even involve months of research to recon the target and exploit the found vulnerability. Now don’t get apathetic, given enough time any system can be compromised. But you don’t need much time to test the system for predefined security parameters. We have compiled a list of hacking tools that are necessary to perform pen-testing quickly. Most of the time general(Non-IT) people don’t take too much pain to ensure all the security parameters are set. So we should always have some essential security or hacking tools at arm’s length with required skill set to test systems that comes around you. If you consider your self a pentester or at least learner at pentesting you should have these hacking tools and know how to use them.
Metasploit is versatile Pen-testing tool with large developer base. It is the biggest project done in Ruby on rails that is still being maintained. Metaploit is a security framework that can be used to develop, test and execute your exploits and payloads. One can develop his own exploitation tool using this framework. Metasploit can be integrated closely with other security hacking tools like Nmap and gives you insight about the vulnerabilities in the system. There’s also a variant available for Windows. if you don’t feel at ease using this tool on Linux you can download it for Windows as well. Metaslpoit allows you to quickly test the system against the existing exploits available in framework. You can even add more exploit to the framework.
Nmap stands for Network mapper. It’s one of the greatest tools used for information gathering. It test the system for open ports and services running on them. Nmap uses raw packets for service detection. Nmap is a great tool for Network Discovery. It can easily determine number of nodes that are up in a network. Nmap also provides you NSE(Nmap Scripting Engine) to automate networking tasks. There are already many NSE scripts available on Nmap. You can also write his own custom script. There’s also a GUI variant of this tool available. Nmap is available for Windows, Mac and Linux.
Wireshark is a an open-source application to capture and analyze the ongoing network traffic. Wireshark is designed to inspect the network traffic on low level. It is used to identify various network problem like DDOS attack, detect packet crafting and test firewalls. It comes with integrated decryption tools so that data packets can be decrypted for protocols like WEP and WPA/WPA2 and you could dig up the data packets. Wireshark is user-friendly to use if you know some basic networking. Anyone with little bit of research can start using Wireshark. Due to it’s support for large number of protocols Wireshark can be used to sniff the network traffic. Wireshark is availbe for windows Mac and Linux.
Hashcat is a multi-threaded password cracking application. Hascat is used for password recovery. It support various password hashing algorithmswhich includes Microsoft LM hashes, MD4, MD5, SHA-family, Unix Crypt formats, MySQL, and Cisco PIX. Some people consider hashcat world’s fastest and most advanced password recovery tool. Hashcat support both CPU and GPU based architecture. Password cracking is a intensive task, it requires large amount of processing power. Haschcat handles this issues very nicely as it uses GPU. GPUs are considered more effective when it comes to password cracking.
Nessus Vulnerability Scanner
Nessus Vulnerability Scanner is extensive vulnerability scanner. System Administrators often use this tool to assess their network security parameters. Nessus is remarkably flexible tool. You can integrate other hacking tools with it like Metasploit and Nmap. Nessus Vulnerability provides web interface to use it. Nessus can be used to detect Security threats on local system and on network nodes. It can audit your systems in minutes. Nessus is available for Windows, Mac and Linux.
Socail-Engineering Toolkit(SET) is a powerful tool in the world of pentesting. Beside finding security weaknesses in the hardware and software systems and taking advantage of them, the most worthwhile of all is penetrating the human mind to acquire the essential information by tricking it. Such perfidious methods are known as social engineering, and computer-based software tools to pefrom this is the subtructure for SET. SET conatiains number of attacks. Some of the mostly used are listed below.
Spear-Phishing Attack Vectors
Website Attack Vectors
Infectious Media Generator
Cm Browser Hacking Pentesting Tools Download Pc
Create a Payload and Listener
Mass Mailer Attack
Arduino-Based Attack Vector
SMS Spoofing Attack Vector
Wireless Access Point Attack Vector
QRCode Generator Attack Vector
Powershell Attack Vectors
Third Party Modules
Acunetix Web Vulnerability Scanner
Acunetix is pioneer in the web application security business having launched its first vulnerability scanner in 2005. It is backed by highly experienced and recognized security developers. Acunetix is a OWASP member. Acunetix has won very comparative reviews including reviews by university of California and Infosec Island which showed acunetix high vulnerability detection rate.
Other best security and hacking tools
Web Vulnerability Scanners – Burp Suite, Firebug, AppScan, OWASP Zed, Paros Proxy, Nikto, Grendel-Scan
Offensive Security Training– Training From BackTrack/Kali Developers.
Vulnerability Exploitation Tools – Netsparker, sqlmap, Core Impact, WebGoat, BeEF
Forensic Tools – Helix3 Pro, EnCase, Autopsy
Port Scanners – Unicornscan, NetScanTools, Angry IP Scanner
Traffic Monitoring Tools – Nagios, Ntop, Splunk, Ngrep, Argus
Debuggers – IDA Pro, WinDbg, Immunity Debugger, GDB
Rootkit Detectors – DumpSec, Tripwire, HijackThis
Encryption Tools – KeePass, OpenSSL, OpenSSH/PuTTY/SSH, Tor
Password Crackers – John the Ripper, Aircrack, Hydra, ophcrack
Black Hat– Annual Security Conference In Las Vegas.
Learn some command line tools here.