Happy Halloween!!
Additions to the ISO (Why it's bigger in size)
- zmap (https://github.com/zmap/zmap)
- testssl (https://github.com/drwetter/testssl.sh)
- crackmapexec (https://github.com/byt3bl33d3r/CrackMapExec)
- pupy (https://github.com/n1nj4sec/pupy)
- smbtree, smbclient (Windows domains submenu)
- post-exploitation submenu
- powershell empire (https://github.com/PowerShellEmpire/PowerTools)
- powertools (https://github.com/PowerShellEmpire/PowerTools)
- babadook (https://github.com/jseidl/Babadook)
- pwntools (CTF) - (http://pwntools.com/)
- ctf-tools and pentesters framework moved to "add more tools" sub-menu
- installed Arachni (http://www.arachni-scanner.com/)
- created Arachni icon in wbar and startup scripts for single click startup
- upgraded Debian back-end and all applications
- updated Google-Chrome
- Added Google Chrome RefreshMonkey Extension (https://chrome.google.com/webstore/detail/refresh-monkey/ljngnafhejmefmijjoedbclkadhacebd?hl=en)
- DNS Steal (https://github.com/m57/dnsteal)
- fixed dependencies for Recon-NG (https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/browse/)
- fixed Dependencies for Arachni and Metasploit
- Added Farady to ReadTeam menu and hacked to use Google Chrome (https://www.faradaysec.com)
- SS-6271 Shell Shock Script coded and added to menu (https://github.com/weaknetlabs/ss-6271)
- WPES Post-Exploitation of Web Applications shell (https://github.com/weaknetlabs/wpes)
- Added OWASP ZAP (https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project)
- Added Wapiti (http://wapiti.sourceforge.net/)
- Added Skipfish (https://github.com/spinkham/skipfish)
- ftp, host, and dnsutils (dig nslookup nsupdate)
My New Tools and My New GitHUB
I have finally updated my GitHUB page since the Google Code migration. https://github.com/weaknetlabs
Web Application Penetration Testing
ss-6271 Shell Shock Exploit Script and WPES WeakNet PHP Post Exploitation Shell/Script. Both projects can be found here:SS-6271 Shell Shock Script coded and added to menu (https://github.com/weaknetlabs/ss-6271)
WPES WeakNet PHP Post-Exploitation Shell/Script (https://github.com/weaknetlabs/wpes)
WPES WeakNet PHP Post-Exploitation Shell/Script (https://github.com/weaknetlabs/wpes)
I am trying my best to get an environment set up to test/create a video presentation of both. Here is a video showing off the Shell Shock Script:
New RF Utilities
I have also added 3 new RF Utilities that I made while writing my book Penetration Testing with Perl - DevList, 80211Sniff, and ChannelSet. These tools were written only using Perl and can be found under Penetration Testing->Network Utilities->RF Utilities->WeakNet LabsWarcarrier Updated!
Warcarrier is now Warcarrier-ng and has been updated to the latest version. The latest version has a newer interface with a lot more functionality. The GitHUB repo for Warcarrier and more information can be found here: https://github.com/weaknetlabs/warcarrier To start Warcarrier, you will need a GPS USB device, I recommend the old GlobalSat BU-353 (because it works) http://usglobalsat.com/p-688-bu-353-s4.aspx, an 80211 network adapter which supports RFMON mode, I recommend anything made by Atheros/Qualcomm or if you really have to the ALFA 1W USB thing, and optionally you can use a USB Bluetooth dongle and the HackRF Ubertooth One for 802.15 spectrum analysis.
Download
ISO: (2260709376 bytes) Download Link
MD5: (49 bytes) Download Link
Thanks
So, each time I update the ISO, the updates get bigger and better. This is no exception as you can see from the unordered list above. I have provided links to the tools pages for those unfamiliar with them. I got no recommendations this time around so I just put in tools that I felt that I would use on a daily basis while penetration testing. I hope that you enjoy the shiny new ISO file! If you like the ISO and my work, please consider donating as every little bit helps!
~Douglas