1 / 22

Heybe – Penetration Testing Toolkit

Heybe – Penetration Testing Toolkit. BlackHat Arsenal 201 4 - USA. Agenda. Pen etration Test Phases. Pentest Types. Internal Pentest External Pentest Web Application Tests Database Test Social Engineering DDoS Tests Active Directory Wifi Tests ….

gunda
Download Presentation

Heybe – Penetration Testing Toolkit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BahtiyarBircan (bahtiyarb@gmail.com), Gökhan ALKAN (cigalkan@gmail.com) https://github.com/heybe https://github.com/galkan/sees https://github.com/galkan/depdep https://github.com/galkan/sees https://github.com/galkan/kacak https://github.com/galkan/fener https://github.com/galkan/crowbar Heybe – Penetration Testing Toolkit BlackHatArsenal 2014 - USA

  2. Agenda BlackHat Arsenal USA – 2014

  3. Penetration Test Phases BlackHat Arsenal USA – 2014

  4. Pentest Types • Internal Pentest • External Pentest • Web Application Tests • Database Test • Social Engineering • DDoS Tests • Active Directory • WifiTests • … BlackHat Arsenal USA – 2014

  5. Some Problems During Pentests • Very large networks • Limited time • Forgetting tosaveresults • Scan reports • Screenshots • NonstandardNmapparameters • Bruteforce unusual applications BlackHat Arsenal USA – 2014

  6. HEYBE BlackHat Arsenal USA – 2014

  7. HEYBE • Open sourcetoolkitforpentestautomation • Codeavailable on Github • https://github.com/heybe • https://github.com/galkan/sees • https://github.com/galkan/depdep • https://github.com/galkan/sees • https://github.com/galkan/kacak • https://github.com/galkan/levye • https://github.com/galkan/fener • Publishedat Blackhat USA 2014 BlackHat Arsenal USA – 2014

  8. WHY? • Automate and speed upboring/standard steps • More time for fun like SE • Standardize test results • Save resultsfor reporting BlackHat Arsenal USA – 2014

  9. HOW? BlackHat Arsenal USA – 2014

  10. WHAT? BlackHat Arsenal USA – 2014

  11. Penetration Test Phases – Heybe BlackHat Arsenal USA – 2014

  12. Fener • Information Gathering & Recon Tool • https://github.com/heybe/fener • 3 Different ReconMethods • Active Scan • Passive Scan • Screenshot Scan • DB Support BlackHat Arsenal USA – 2014

  13. Fener – Active Scan • LeveragesNmapforactive port scanning • Customconfig file forscanparameters • Ports • NSE Scripts • Savescanresultswithstandardreport name • MultipleNmapscans • PingScan • Service & OS Scan • ScriptScan BlackHat Arsenal USA – 2014

  14. Fener – PassiveScan • Stealth network recon • Passivetrafficcapture • ArpspoofMitMsupport • Trafficsaved in pcap file • Valuableinformationextractedfromtraffic • Hosts • Ports • Windows hostnames • Top 10 HTTP hosts • Top 10 DNS domains BlackHat Arsenal USA – 2014

  15. Fener – PassiveScan • Man In The Middle • Network traffic capture BlackHat Arsenal USA – 2014

  16. Fener – ScreenshotScan • PhantomJSheadlesswebkit • Web pagediscovery • Screnshotsfromcommandline • Standard screenshotfilenames • Offline examination • Pentestreport BlackHat Arsenal USA – 2014

  17. Crowbar • Brute Force Tool • https://github.com/galkan/levye • Supported protocols • OpenVPN • Remote Desktop Protocol (with NLA support) • SSH Private Key • VNC Passwd • Reporting • Debug Logging BlackHat Arsenal USA – 2014

  18. SeeS • Social Engineering Tool • https://github.com/heybe/sees • Send targeted SE mails in bulk • HTML mail body • Multiple attachment • Local/Remote SMTP server BlackHat Arsenal USA – 2014

  19. DepDep • Post-Exploitation Tool • https://github.com/heybe/depdep • Discover sensitive files in network shares • Works with Windows SMB shares • Can search sensitive information within file name and file contents BlackHat Arsenal USA – 2014

  20. Kacak • Active Directory Attack Tool • https://github.com/heybe/kacak • Leverages Metasploit & Mimikatz • Huntfor domain admins in WindowsAD Domain • MetasploitautomationwithMSFRPCD BlackHat Arsenal USA – 2014

  21. Summary BlackHat Arsenal USA – 2014

  22. HEYBE • BahtiyarBircan (bahtiyarb@gmail.com), Gökhan ALKAN (cigalkan@gmail.com) • https://github.com/heybe • https://github.com/galkan/sees • https://github.com/galkan/depdep • https://github.com/galkan/sees • https://github.com/galkan/kacak • https://github.com/galkan/fener • https://github.com/galkan/crowbar BlackHat Arsenal USA – 2014

More Related