Leviathan - Wide Range Mass Audit Toolkit

Leviathan is a mass audit toolkit which has wide range service discovery, brute force, SQL injection detection and running custom exploit capabilities. It consists open source tools such masscan, ncrack, dsss and gives you the flexibility of using them with a combination.

The main goal of this project is auditing as many system as possible in country-wide or in a wide IP range.

Main Features

Discovery: Discover FTP, SSH, Telnet, RDP, MYSQL services running inside a specific country or in an IP range via Shodan, Censys. It's also possible to manually discover running services on a IP range by integrated “masscan” tool.

Short Demo: https://asciinema.org/a/617bsxl1y84bav9f5bcwllx7r

Brute Force: You can brute force the discovered services with integrated “ncrack” tool. It has wordlists which includes most popular combinations and default passwords for specific services.

Short Demo: https://asciinema.org/a/43y2j38zu7hbnuahrj233d5r0

Remote Command Execution: You can run system commands remotely on compromised devices.

Short Demo: https://asciinema.org/a/0xcrhd12f2lpkbktjldwtab16

SQL Injection Scanner: Discover SQL injection vulnerabilities on websites with specific country extension or with your custom Google Dork.

Short Demo: https://asciinema.org/a/2mwfmd9afsuyg5p0vzcq5e6si

Exploit Specific Vulnerabilities: Discover vulnerable targets with Shodan, Censys or masscan and mass exploit them by providing your own exploit or using preincluded exploits.

Short Demo: https://asciinema.org/a/9uqsjvnru780h0ue6ok9j9ktb

Integrated Tools

Masscan: It’s a very fast TCP port scanner by Robert David Graham. Leviathan uses masscan for detecting services on a huge IP range. https://github.com/robertdavidgraham/masscan

Ncrack: Ncrack is a high-speed network authentication cracking tool. Leviathan uses ncrack to brute force services such as FTP, SSH, RDP, Telnet, MYSQL etc. https://github.com/nmap/ncrack

DSSS (Damn Small SQLi Scanner): DSSS is a fully functional and minimal SQL injection vulnerability scanner by Miroslav Stampar. Leviathan uses DSSS to identify SQL Injection vulnerabilities on specific URLs. https://github.com/stamparm/DSSS

Installation
For detailed installiation, please visit our wiki page.

Kali Linux:
Download leviathan by cloning the Git repository:
git clone https://github.com/leviathan-framework/leviathan.git
Go inside the folder
cd leviathan
Install Python libraries:
pip install -r requirements.txt
It's done!

Debian/Ubuntu:
Download leviathan by cloning the Git repository:
git clone https://github.com/leviathan-framework/leviathan.git
Go inside the folder
cd leviathan
Run installiation script. It will setup required tools (ncrack, masscan) and python libraries.
bash scripts/debian_install.sh
It's done!

macOS:
If homebrew is not installed on your system, please install it first:
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
Download leviathan by cloning the Git repository:
git clone https://github.com/leviathan-framework/leviathan.git
Go inside the folder
cd leviathan
Run installiation script. It will setup required tools (ncrack, masscan) and python libraries.
bash scripts/macos_install.sh
It's done!

Requirements
Python version 2.7.x is required for running this program.
Supported platforms: Linux (Kali Linux, Debian, Ubuntu), macOS

Usage
Run the program with following command:
python leviathan.py
You can get basic usage information inside the menus. For detailed usage manual, visit our wiki page.

Screenshots

Download Leviathan

Read More

Nix-Auditor - Nix Audit Made Easier

A script to audit linux and unix distributions based mainly on the CIS standards and universal linux hardening guidelines. The value it brings to your auditing set of tools is:

• Speed - one can audit OS in less than 120 seconds and get report
• Accuracy - tested on CentOS and RedHat with 100% accuracy
• Customizeability - it is on github, code is easily customizeable to suit the OS type and the set of controls one needs to check.
• Simplicity - just make it executable an run!

Download Nix-Auditor

Read More

vsaudit - VOIP Security Audit Framework

This is an opensource tool to perform attacks to general voip services It allows to scans the whole network or single host to do the gathering phase, then it is able to search for most known vulnerabilities on the founds alive hosts and try to exploit them.

Install dependencies
To start using vsaudit you must install the 'bundler' package that will be used to install the requireds gem dependencies through the Gemfile.
Download directly from website:

http://bundler.io/

Or install with 'gem' (ruby package manager) with:

deftcode ~ $ gem install bundler

After that the installation has been completed, run (in the directory where is located vsaudit):

deftcode vsaudit $ bundle

Now you can start vsaudit with:

deftcode vsaudit $ ruby vsaudit.rb

NOTE: If you get an error with gem, you need to install the libssl-dev package (kali-linux: apt install libssl-dev).

Environment commands

• Display the available options that can be set
• List the environment variables
• Get the value of environment variable
• Set or change the environment variables

Audit commands

• Check mistakes in the local configuration files
• Scan a local o remote network
• Enumerate the extensions
• Bruteforce extensions
• Get the live network traffic
• Intercept the network traffic by custom bpf

Informations commands

• Get informations about modules or address
• Show the report list
• Show the extensions list

Global commands

• Display the help message
• Quit from the framework

Screenshots

Reference

• Manual: http://deftcode.ninja/post/vsaudit-voip-security-audit-framework
• RFC-3261 (SIP - Session Initiation Protocol): https://www.ietf.org/rfc/rfc3261.txt

Download vsaudit

Read More

[360-FAAR v0.4.1] Firewall Analysis Audit And Repair

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file!

Changes: This release adds the 'mergelog' mode to merge binary log entries from one config with another and significantly updates the user interface. All configs can be loaded from the 'load' menu instead of specifying them on the command line. Added 'verbose' switches to 'print' and 'rr' modes so that screen output can be switched off, and all 'end.' key words have been changed to simply '.' to reduce the number of keystrokes needed. Entering '0' now adds all options and '.' chooses the default if available. The Netscreen output stage now uses a default zone if none are specified.

Read Policy and Logs for:

Checkpoint FW1 (in odumper.csv / logexport format),

Netscreen ScreenOS (in get config / syslog format),

Cisco ASA (show run / syslog format),

360-FAAR uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalisation at the same time as removing unused connectivity.

360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to seamlessly move rules to where you need them.

Download 360-FAAR Firewall Analysis Audit And Repair 0.4.1

Read More

[Cookie Cadger] v.0.9

An auditing tool for Wi-Fi or wired Ethernet connections 

Cookie Cadger helps identify information leakage from applications that utilize insecure HTTP GET requests.


Cookie Cadger works on Windows, Linux, or Mac, and requires Java 7. Using Cookie Cadger requires having “tshark” – a utility which is part of the Wireshark suite, to be installed. Usually simply installing Wireshark will be sufficient. Additionally, to capture packets promiscuously requires compatible hardware. Capturing Wi-Fi traffic requires hardware capable of monitor mode, and the knowledge of how to place your device into monitor mode.

Download

Read More