shARP - anti-ARP-spoofing application software and uses active scanning method to detect any ARP-spoofing incidents

ARP spoofing allows an attacker to intercept data frames on a network, modify the traffic, or stop all traffic. Often the attack is used as an opening for other attacks, such as denial of service, man in the middle, or session hijacking attacks.Our anti- ARP spoofing program, (shARP) detects the presence of a third party in a private network actively. It has 2 mode: defensive and offensive. Defensive mode protects the end user from the spoofer by dissconnecting the user's system from the network and alerts the user by an audio message. The offensive mode dissconnects the user's system from the network and further kicks out the attacker by sending de-authentication packets to his system, unabling him to reconnect to the network until the program is manually reset. The program creates a log file (/usr/shARP/)containing the details of the attack such as, the attackers mac address, mac vendor time and date of the attack. We can identify the NIC of the attackers system with the help of the obtained mac address. If required the attacker can be permanently banned from the netwrk by feeding his mac address to the block list of the router. The whole program is designed specially for linux and is writen in Linux s is hell command (bash command). In the offensive mode the program downloads an open-source application from the internet with the permission of the user namely aircrack-ng (if not present in the user's system already ). Since it is written in python language, you must have python installed on your system for it to work. Visit https://www.aircrack-ng.org for more info.

If the user wants to secure his network by scanning for any attacker he can run the program. the program offers a simple command line interface which makes it easy for the new users.the user can directly access the defensive or offensive mode by inputing the respective command line arguments along with the execution code just as in any other linux command to operate a software through CLI. In case the user inputs any wrong command line argument, the program prompts the user to use the help option. the help option provides the details about the two modes. when the user runs the program in defensive mode, he recieves the original mac address of the gateway. If there is no man in the middle attack, the screen stays idle. As soon as the program detects a spoofer in the network, it outputs the mac address of the spoofer and the time of the attack. It then dissconnects the users's system from the network so as to protect the private data being transfered between the system and the server. It also saves a log file about the attacker for further use. when the user runs the program in offensive mode,he recieves the original mac address of the gateway. If there is no man in the middle attack, the screen stays idle. As soon as the program detects a spoofer in the network, it outputs the mac address of the spoofer and the time of the attack as in the defensive mode. But further, the program puts the user's Network Interface Card to monitor mode with the help of the application 'Airmon-ng'. Then the application 'Aircrack-ng' gets activated and starts sending deauthentication packets to the attacker's system. This process kicks out the attacker from the network. The program also creates a log file about the attack.

How to use

bash ./shARP.sh -r [interface] to reset the network card and driver.  
bash ./shARP.sh -d [interface] to activate the program in defense mode.  
bash ./shARP.sh -o [interface] to activate the program in offense mode.  
bash ./shARP.sh -h             for help.

Download shARP

Read More

Moscrack v2.08b - Multifarious On-demand Systems Cracker (cracking WPA keys in parallel on a group of computers)

Moscrack is a perl application designed to facilitate cracking WPA keys in parallel on a group of computers.

This is accomplished by use of either Mosix clustering software, SSH or RSH access to a number of nodes.

With Moscrack's new plugin framework, hash cracking has become possible. SHA256/512, DES, MD5 and *Blowfish Unix password hashes can all be processed with the Dehasher Moscrack plugin.

Some of Moscrack's features:

• Basic API allows remote monitoring
• Automatic and dynamic configuration of nodes
• Live CD/USB enables boot and forget dynamic node configuration
• Can be extended by use of plugins
• Uses aircrack-ng (including 1.2 Beta) by default
• CUDA/OpenCL support via Pyrit plugin
• CUDA support via aircrack-ng-cuda (untested)
• Does not require an agent/daemon on nodes
• Can crack/compare SHA256/512, DES, MD5 and blowfish hashes via Dehasher plugin
• Checkpoint and resume
• Easily supports a large number of nodes
• Desgined to run for long periods of time
• Doesn't exit on errors/failures when possible
• Supports mixed OS/protocol configurations
• Supports SSH, RSH, Mosix for node connectivity
• Effectively handles mixed fast and slow nodes or links
• Architecture independent
• Supports Mosix clustering software
• Supports all popular operating systems as processing nodes
• Node prioritization based on speed
• Nodes can be added/removed/modified while Moscrack is running
• Failed/bad node throttling
• Hung node detection
• Reprocessing of data on error
• Automatic performance analysis and tuning
• Intercepts INT and TERM signals for clean handling
• Very verbose, doesn't hide anything, logs agressively
• Includes a "top" like status viewer
• Includes CGI web status viewer
• Includes an optional basic X11 GUI

Compatibility

Moscrack itself should work with any Un*x variant, but it is developed and tested on Linux.

Tested platforms for SSH based end nodes:

• Moscrack Live CD (SUSE)
• Ubuntu Linux 12.10 x86 64bit
• Ubuntu Linux 12.04.2 x86 64bit
• Ubuntu Linux 10.10 x86 64bit
• Ubuntu Linux 10.10 x86 32bit
• CentOS Linux 5.5 x86 32bit
• FreeBSD 8.1 x86 64bit
• Windows Vista Business 64bit w/Cygwin 1.7.7-1
• Windows Vista Business 64bit w/Cygwin 1.7.9
• Mac OS X 10.5.6 (iPC OSx86)
• Solaris Express 11 x64
• iPhone 3g iOS 3.2.1 (Jailbroken)
• Samsung Galaxy S2 SGH-I727R (Cyanogenmod 10 + Linux chroot)

Tested platforms for RSH based end nodes:

• Ubuntu Linux 10.10 x86 64bit
• Windows Vista Business 64bit w/Cygwin 1.7.7-1
• Windows Vista Business 64bit w/Cygwin 1.7.9

Tested platforms for Mosix end nodes:

• Ubuntu Linux 10.10 x86 64bit
• Ubuntu Linux 10.10 x86 32bit

Tested platforms for Moscrack server:

• Ubuntu Linux 13.10 x86 64bit
• Ubuntu Linux 12.10 x86 64bit
• Ubuntu Linux 10.10 x86 64bit

Download Moscrack

Read More

[Aircrack-ng 1.2 Beta 1] 802.11 WEP and WPA-PSK keys cracking tool

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.

Changelog summary

• Compilation fixes on all supported OSes.
• Makefile improvement and fixes.
• A lot of fixes and improvements on all tools and documentation.
• Fixed licensing issues.
• Added a few new tools and scripts (including distributed cracking tool).
• Fixed endianness and QoS issues.

Detailed changelog

* Airmon-ng: Added chipset information for ar9170usb, wl, rt2800usb, ar9271, wl12xx, RT3070STA, ath9k_htc, r871x_usb_drv, ath5k, carl9170 and various Intel drivers.
* Airmon-ng: Fixed chipset information ipw2200.
* Airmon-ng: Fixed output for r8187 driver.
* Airmon-ng: Improved chipset information for a few drivers.
* Airmon-ng: Support for displaying information about ath9k.
* Airmon-ng: Added 'check kill' to automatically kill services that could interfere.
* Airmon-ng: Fixed issues with Intel chipsets detection.
* Airmon-ng: Updated iw download link.
* Airmon-ng: Better mac80211 handling
* Airmon-ng: Added detection for WiLink TI driver, rtl819xU, iwlwifi.
* Airmon-zc: Improved version of Airmon-ng with more detailled information.
* Airdecap-ng: Fixed decoding QoS frames (Closes: #667 and #858).
* Airgraph-ng: Use Aircrack-ng Makefile instead of its own.
* Airbase-ng: Fixed bug using clients list.
* Airbase-ng: Fixed issue with QoS (ticket #760).
* Airbase-ng: Fixed sending beacons with null SSID.
* Airbase-ng: Allow non ASCII ESSID
* Airodump-ng: Fixed buffer overflow (ticket #728).
* Airodump-ng: Fixed channel parsing.
* Airodump-ng: Fixed FreeBSD battery reading.
* Airodump-ng: Renamed "Packets" column to "Frames" ("Packets" was not correct).
* Airodump-ng: Fixed XML bugs when outputting NetXML: ESSID containing '&' or chinese characters, when multiple encryption are used.
* Airodump-ng: Add alternative paths for Airodump-ng OUI file.
* Airodump-ng: Added GPSd 2.92+ support (JSON).
* Airodump-ng: Add option --manufacturer to display manufacturer column on airodump-ng.
* Airodump-ng: Add feature to show APs uptime (--uptime) based on the timestamp.
* Airodump-ng-OUI-update: Fixed OUI URL and allow CURL redirect (ticket #829).
* Airdrop-ng: removed .py from file names.
* Airdrop-ng: Fixed bug in installer.
* Airdrop-ng: Fixed OUI lookup.
* Airdrop-ng: Fixed bug when several BSSID have the same ESSID.
* Airdrop-ng: Doesn't constantly parse anymore, wait 5 seconds each time it parses.
* Airdrop-ng: Fixed crash when failing to get channel or when rules file didn't exist.
* Airdrop-ng: Fixed to use lorcon.py/lorcon2 libs.
* Airdrop-ng: Updated README.
* Airdrop-ng: Fixed error preventing update to work.
* Versuck-ng: New script to do the same thing as the kismet autowep plugin from the CLI.
* Aircrack-ng: Fixed counter display error when cracking WPA.
* Aircrack-ng: Added output of the WPA handshake to EWSA project file.
* Aircrack-ng: Added output of the WPA handshake to oclhashcat+ project file.
* Aircrack-ng: Added benchmark option, -S.
* Aircrack-ng: Fixed -u option.
* Aircrack-ng: PIC fix for hardened systems from Francisco Blas Izquierdo Riera (klondike)
* Aircrack-ng: Allow dictionaries larger than 2Gb.
* Aircrack-ng: Give a better message when there's an error with the dictionary.
* Aircrack-ng: Prevent a buffer overflow from happening (Wojciech Waga).
* Aireplay-ng: Added migration mode attack from Leandro Meiners and Diego Sor from Core Security (BlackHat Las Vegas 2010)
* Aireplay-ng, Airodump-ng: Added option to ignore issue with -1 channel.
* Airserv-ng: Fixed crash when clients disconnect.
* Besside-ng-crawler: Added EAPOL Crawler.
* Airdecloak-ng: Fixed bug when using pcap files with PPI headers.
* dcrack: Distributed cracking server/client
* wifi-detect.sh: reference script for testing wifi card detection using iwconfig vs ls /sys/class/net
* WPA Clean: Tool to merge and clean WPA capture files.
* Wireless Panda: C# Library to parse Airodump-ng output files (and added example project).
* OSdep (Linux): Setting fixed bitrates on mac80211 2.6.31 and up.
* OSdep (Linux): Added support for nl80211 thanks to impulse32. Use 'make libnl=true' to add netlink support (Ticket #1004).
* Manpages: Improvement and fixes for Airgraph-ng, Airodump-ng, packetforge-ng, Aircrack-ng
* Manpages: Fixed various spelling issues and single quote issues.
* Makefiles: Added tests for the different tools.
* Makefiles: Various fixes and improvements.
* Makefiles: Added support for libgrypt instead of OpenSSL via parameter.
* Patches: Added a few patches.
* Removed useless script: patchchk.
* Finally fixed licensing issues.
* Fixed endianness issues in most of the tools.
* Fixed cppcheck errors (Ticket #957).
* Fixed various compilation issues on Linux and Cygwin, GNU/Hurd, Darwin (OSX) and Sparc.
* Fixed compilation on recent gcc versions on Linux, Cygwin.
* Added instructions for Travis CI: Free Hosted Continuous Integration Platform for the Open Source Community.
* Added Readme.Md for GitHub. Aircrack-ng subversion repository is synced on GitHub: http://github.com/aircrack-ng/aircrack-ng
* Various other small bug fixes.

Download Aircrack-ng 1.2 beta 1

Read More