P { margin-bottom: 0.08in; }H2 { margin-bottom: 0.08in; }H2.western { font-family: “Liberation Sans”,sans-serif; font-size: 14pt; font-style: italic; }H2.cjk { font-family: “Droid Sans”; font-size: 14pt; font-style: italic; }H2.ctl { font-family: “FreeSans”; font-size: 14pt; font-style: italic; }TD P { margin-bottom: 0in; }
ATTACKS
POST ATTACKS DATA
Automatic tools have made the
penetration testing process more efficient and effective, although
the importance of manual test are still there and in most of the
cases manuals checks are required. But in the mean time we cannot
deny the advantages of automatic tool, yes it save a loads of time
and energy off course. You must have heard about the most famous
vulnerability assessment & penetration testing tool like Nessus &
Metasploit but in this article I will discuss FS-NyarL.
penetration testing process more efficient and effective, although
the importance of manual test are still there and in most of the
cases manuals checks are required. But in the mean time we cannot
deny the advantages of automatic tool, yes it save a loads of time
and energy off course. You must have heard about the most famous
vulnerability assessment & penetration testing tool like Nessus &
Metasploit but in this article I will discuss FS-NyarL.
NyarL it’s Nyarlathotep, a
mitological chaotic deity of the writer HP. Lovecraft’s
cosmogony.
It’s represent Crawling Chaos and FS-NyarL it’s The
Crawling Chaos of Cyber Security 🙂
A network takeover &
forensic analysis tool – useful to advanced PenTest tasks & for
fun and profit – but use it at your own risk!
mitological chaotic deity of the writer HP. Lovecraft’s
cosmogony.
It’s represent Crawling Chaos and FS-NyarL it’s The
Crawling Chaos of Cyber Security 🙂
A network takeover &
forensic analysis tool – useful to advanced PenTest tasks & for
fun and profit – but use it at your own risk!
-
Interactive Console
-
Real Time Passwords Found
-
Real Time Hosts Enumeration
-
Tuned Injections & Client Side
Attacks -
ARP Poisoning & SSL Hijacking
- Automated HTTP Report Generator
ATTACKS
IMPLEMENTED:
-
MITM (Arp Poisoning)
-
Sniffing (With & Without Arp Poisoning)
-
SSL Hijacking (Full SSL/TLS
Control) -
HTTP Session Hijaking (Take &
Use Session Cookies) -
Client Browser Takeover (with
Filter Injection in data stream) -
Browser AutoPwn (with Filter
Injection in data steam) -
Evil Java Applet (with Filter
Injection in data stream) - Port Scanning
POST ATTACKS DATA
OBTAINED:
-
Passwords extracted from data
stream -
Pcap file with whole data stream
for deep analysis -
Session flows extracted from data
stream (Xplico & Chaosreader) -
Files extracted from data stream
-
Hosts enumeration (IP,MAC,OS)
-
URLs extracted from data stream
-
Cookies extracted from data stream
-
Images extracted from data stream
- List of HTTP files downloaded extracted from URLs
TD P { margin-bottom: 0in; }P { margin-bottom: 0.08in; }
TD P { margin-bottom: 0in; }P { margin-bottom: 0.08in; }
DEPENDENCIES (aka USED TOOLS):
|
|
Download & Tutorial |