Yet another nmap GUI – NmapSi is a complete Qt-based GUI with the design goals to provide a complete nmap interface for users. This is done for in order to provide easy management of all nmap options.
Features:
Traceroute
Dns Lookup
Search Vulnerabilities
Full Scan
Currently supports *nix operating systems. Other versions also support the Windows operating systems.
fyodor has released Nmap version 5.35DC1! This version has added 17 new NSE scripts, bringing the total to 131! It has been released in time for Defcon!
“Nmap (“Network Mapper”) is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are avalable for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), and a utility for comparing scan results (Ndiff).””
In addition to the new NSE scripts, it the OS detection integration database has increased by 262 grown to a total of 2,608 fingerprints! Also, the version detection integration run has increased by 279 signatures. This brings the total of version detection signatures to 6,622! Apart from other additions, this is our favourite addition – dns-cache-snoop.nse. This script performs cache snooping by either sending non-recursive queries or by measuring response times.
The Metasploit Framework has been updated to version 3.4.1 in less than 3 months!
Metasploit Framework 3.4.1
“The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.“
Statistics:
Metasploit now has 567 exploits and 283 auxiliary modules (up from 551 and 261 in v3.4)
Over 40 community reported bugs were fixed and numerous interfaces were improved
General:
The Windows installer now ships with a working Postgres connector
New session notifications now always print a timestamp regardless of the TimestampOutput setting
Addition of the auxiliary/scanner/discovery/udp_probe module, which works through Meterpreter pivoting
HTTP client library is now more reliable when dealing with broken/embedded web servers
Improvements to the database import code, covering NeXpose, Nessus, Qualys, and Metasploit Express
The msfconsole “connect” command can now speak UDP (specify the -u flag)
Nearly all exploit modules now have a DisclosureDate field
HTTP fingerprinting routines added to some exploit modules
The psexec module can now run native x64 payloads on x64 based Windows systems
A development style guide has been added in the HACKING file in the SVN root
FTP authentication bruteforce modules added
Payloads:
Some Meterpreter scripts (notably persistence and getgui) now create a resource file to undo the changes made to the target system.
Meterpreter scripts that create logs and download files now save their data in the ~.msf3/logs/scripts folder.
New Meterpreter Scripts:
enum_firefox – Enumerates Firefox data like history, bookmarks, form history, typed URLs, cookies and downloads databases.
arp_scanner – Script for performing ARP scan for a given CIDR.
enum_vmware – Enumerates VMware producst and their configuration.
enum_putty – Enumerates recent and saved connections.
get_filezilla_creds – Enumerates recent and saved connections and extracts saved credentials.
enum_logged_on_users – Enumerate past users that logged in to the system and current connected users.
get_env – Extracts all user and system environment variables.
get_application_lits – Enumerates installed applications and their version.
autoroute – Sets a route from within a Meterpreter session without the need to background the sessions.
panda_2007_pavsrv53 – Panda 2007 privilege escalation exploit.
Support for a dns bypass list added to auxiliary/server/fakedns. It allows the user to specify which domains to resolve externally while returning forged records for everything else. Thanks to Rudy Ruiz for the patch.
Railgun – The Meterpreter “RAILGUN” extension by Patrick HVE has merged and is now available for scripts.
PHP Meterpreter – A protocol-compatible port of the original Meterpreter payload to PHP. This new payload adds the ability to pivot through webservers regardless of the native operating system
Token impersonation now works with “execute -t” to spawn new commands with a stolen token.
This release sees the first official non-Windows Meterpreter payload, in PHP as discussed last month. A new extension called Railgun is now integrated into Meterpreter courtesy of Patrick HVE, giving you scriptable access to Windows APIs and an unprecedented amount of control over post-exploitation. For those of you wishing to contribute to the framework, a new file called HACKING has been introduced that lays out a few guidelines for making it easier.
This release has 16 new exploits, 22 new auxiliary modules and 11 new Meterpreter scripts for your pwning enjoyment.