'toolkit'에 해당되는 글 3건

  1. 2014.02.19 PC 보안 평가 MAP(Microsoft Assessment and Planning) Toolkit
  2. 2012.03.30 WebSploit Toolkit Version v1.5
  3. 2012.02.23 Metasploit Framework 4.2.0
2014. 2. 19. 18:37

PC 보안 평가 MAP(Microsoft Assessment and Planning) Toolkit

PC 보안 평가를 위한 MAP(Microsoft Assessment and Planning) Toolkit

이 무료 도구 키트를 사용하면 전체 IT 환경에서 데스크톱과 랩톱이 바이러스 및 맬웨어에 얼마나 취약한지 평가하여 PC에 Forefront Client Security가 제대로 구현되어 있는지 확인할 수 있습니다.

The Microsoft Assessment and Planning (MAP) Toolkit is an agentless inventory, assessment, and reporting tool that can securely assess IT environments for various platform migrations—including Windows 8, Windows 7, Office 2013, Office 2010, Office 365, Windows Server 2012 and Windows 2008 R2, SQL Server 2012, Hyper-V, Microsoft Private Cloud Fast Track, and Windows Azure.

Microsoft Assessment and Planning (MAP) Toolkit 9.0 is now available for download!

Download MAP 9.0:

downloadDownload now!

Or visit the MAP Download Center page for more information including install instructions and system requirements.

Learn more about the business scenarios that MAP supports:

Learn more technical information about MAP in the TechNet Library.

Trackback 0 Comment 0
2012. 3. 30. 22:41

WebSploit Toolkit Version v1.5

WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability

Description :

[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin
[+]format infector - inject reverse & bind payload into file format
[+]phpmyadmin - Search Target phpmyadmin login page
[+]lfi - Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF
[+]apache users - search server username directory (if use from apache webserver)
[+]Dir Bruter - brute target directory with wordlist
[+]admin finder - search admin & login page of target
[+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+]MITM - Man In The Middle Attack
[+]Java Applet Attack - Java Signed Applet Attack
[+]MFOD Attack Vector - Middle Finger Of Doom Attack Vector
[+]USB Infection Attack - Create Executable Backdoor For Infect USB For Windows

About Author :

Founder : 0x0ptim0us (Fardin Allahverdinajhand)
Location :  Azarbaycan

출처 : http://sourceforge.net/projects/websploit/

Trackback 0 Comment 0
2012. 2. 23. 18:59

Metasploit Framework 4.2.0

“The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.“

Official change log for Metasploit Framework 4.2.0:

  • IPv6 Coverage:
    Metasploit 4.2 now ships with thirteen brand new payloads, all added to support opening command sessions and shells on IPv6 networks. In addition, Metasploit’s existing arsenal of payloads has been updated to support IPv6 as well. The database back end now fully supports IPv6 addressing for discovered and compromised hosts. Rex, Metasploit’s general purpose socket and protocol library, is now compatible with IPv6 networks. The ability to launch attacks over IPv6, even in otherwise IPv4 networks, is crucial in the modern penetration testing environment, so if you’re not yet up to speed on auditing a client network’s IPv6 exposure, be sure to catch HD Moore’s free IPv6 security online training on March 28.
  • Virtualization as an Attack Vector
    With this release comes a pile of new modules targeting VMware vSphere/ESX SOAP interface, as well as a pair of new brute force modules to audit password strength for both vmauthd and Virtual Web Services. Here’s the quick list of the new virtual target hotness:
  • vmauthd_version : Discovers the version details for a vmauthd service
  • esx_fingerprint : Fingerprints (down to the build number) of a stand-alone ESX server
  • vmware_http_login : Attempts to brute force local VMware credentials via the Web Services interface
  • vmauthd_login : Attempts to brute force local VMware credentials via the vmauthd service
  • vmware_enum_users : Enumerates both local and domain VMware user accounts
  • vmware_enum_permissions : Enumerates locally-defined user and group permissions on aVMware instance
  • vmware_enum_sessions : Enumerates active VMware login sessions
  • vmware_enum_vms : Enumerates all local virtual machines on the local VMware instance
  • vmware_host_details : Discovers host hardware and software details of the VMware host machine
  • poweroff_vm : Powers off a virtual machine via the VMware Web Services interface
  • poweron_vm : Powers on a virtual machine via the VMware Web Services interface
  • tag_vm : Writes a user-defined “tag” to the VMware logs as proof of compromise
  • vmware_screenshot_stealer : Grabs screenshots of VMware guest operating systems as proof of compromise
  • terminate_esx_sessions : Disconnects a user from the ESX server
  • Virtual machine targets in a network often offer unique avenues of attack for penetration testers, and are sometimes overlooked by IT departments and security infrastructure groups alike. Rapid7′s David Maloney, aka, TheLightCosine, wrote most of these modules. For a deep-dive into virtualization security, please join his webcast on March 21.
  • New Resource Scripts
    Metasploit 4.2 now ships with fourteen new resource scripts, nearly all of which were provided byopen source community contributors. These scripts demonstrate the power of Metasploit’s extensible architecture, allowing programmatic Metasploit module usage through the powerful Ruby scripting language. By automating away penetration testing tasks common to most engagements, Metasploit expert users can free up valuable time for more interesting avenues of research and exploitation. Note that while these scripts are useful on their own, they’re also great examples of using this entry point and really getting your hands dirty with Metasploit internals. Finally, most of these scripts were submitted by open source contributor m-1-k-3, while the Oracle-centric scripts come from nebulous.
  • Module Changes

  • Trackback 2 Comment 0