We take a look at the latest additions to security researchers’ armoury
As this year’s hybrid version of Black Hat and DEF CON fades from memory and the nights close in for those in the northern hemisphere, the time has come to restock the security tools arsenal.
Given the heightened threat environment, it’s fortunate that security researchers have been hard at work forging new utilities – many of which are free and open source.
Here’s our roundup of the latest hacking tools available to pen testers, security teams, and others available at the start of the fourth quarter of 2021.
The TruffleHog browser add-on offers a means to find API Keys for software-as-a-service (SaaS) and cloud providers that have stray into published code.
Permissive cross-origin resource sharing (CORS) security settings in Amazon AWS and other environments are a major root cause for credential leakage according to Truffle Security, the developers of the tool.
TruffleHog is currently undergoing a security audit by Google for the Chrome store so, for now, it can only be side-loaded.
Raider – a tool to test authentication in web applications
Raider offers a powerful utility geared towards testing authentication mechanisms in web applications.
Developers DigeeX claim the framework plugs the gaps left by existing vulnerability scanning tools.
The Python-based Raider tool keeps track of the client’s state while offering an interface to handle elements important to the authentication process such as cookies, headers, and CSRF tokens.
Hunting ransomware and bot infections in MongoDB installs
Internet-facing MongoDB instances can be scanned for ransomware or the Meow malware using the Enfilade tool.
The utility, developed by security researcher Aditya K Sood, also offers a more comprehensive but intrusive scan that checks databases for signs of malware infection.
Sood developed the tool with Rohit Bansal, principal security researcher at SecNiche Security Labs. Other functions built into Enfilade include the ability to check access permission for potentially susceptibility to remote code execution attacks and user enumeration.
The availability of Enfilade comes against the backdrop of widespread exploitation of MongoDB databases by criminals, a growing concern for organizations that rely on the document-oriented NoSQL database platform for application development.
Grep the whole web with WARCannon
Scanning the whole web for systems vulnerable to a particular web vulnerability became a more viable proposition with the release of the WARCannon tool at Black Hat USA.
WARCannon offers a platform to non-invasively test regex patterns across the entire internet and match these with corresponding vulnerability indicators. As such, the utility offers a means to scour for flaws in web applications, frameworks, and open source components.
The process involves handling big data on an epic scale but WARCannon’s architecture and approach makes what would normally be a hugely expensive project reduced to an affordable cost.
The utility was developed by cloud security expert Brad Woodward who said it was a component of what he described as a “sort of Apache Project for hackers”.
Credential leak detection tool Scrapesy
Another Black Hat release witnessed the arrival of an open source tool designed to help organizations identify credential leaks.
Scrapesy is designed to scour both the clear web and dark web on the hunt for leaked credentials.
The utility, developed by Standard Industries and released as open source software, is designed to speed up the process of incident response following data leak incidents.
Hopper – machine learning applied to detect lateral movement
Harnessing machine learning to detect lateral movement attacks is just one possibility offered by the Hopper tool.
Lateral movement is the process by which attackers use phishing or exploit various vulnerabilities to gain an entry point in targeted organizations, then typically engage in a series of stepping stone attacks in order to get at the administrator-level user accounts, databases, and resources they covet.
Hopper, a tool developed by researchers at Dropbox, UC Berkeley, looks out for the tell-tale signs of this form of malicious activity.
During lateral movement attacks, miscreants typically seek to access a server that their original victim would not have access to, and to do so, they will need to hack privileged accounts such as sysadmins.
By filtering and examining login paths based on these two criteria, Hooper can determine which activities merit investigation.
USBsamurai leaves even air-gapped networks open to attack
A malicious USB cable that leaves air-gapped networks open to attack allows pen testers to play as Ronin.
USBsamurai – developed by security researcher Luca Bongiorni and unveiled during Black Hat – is made up from a cable, unifying dongle, and a USB radio transceiver features and open source design and costs just $15.
“USBsamurai uses a proprietary wireless protocol that is not detected by any WiFi intrusion detection system,” according to Bongiorni who said the technology was particularly well suited to pen testing and security awareness exercises in industrial environments.
More hacking tools and related news this quarter
- HackerOne published a collection of tools and useful scripts that make use of the HackerOne API was released on GitHub in September. Bug bounty hunters are being encouraged to incorporate their own tools and add to the growing resource.
- A Bash-based script, Reconky, that automate the task of recon and information gathering, was also released on GitHub. The utility allows bug bounty hunters and the like to sort the wheat from the chaff and narrow down their hunt for potential targets that seem ripe for exploitation.
- August marked the green light for GoKart, a security scanner for apps developed in the Go programming language. GoKart was put together as an open source project by security firm Praetorian.
- Filesec.io offers a wiki-style repository of file extensions that can be used for malicious purposes. The brainchild of security researcher mr.d0x, the project indexes the obvious .exe to rather less well known .hta, of potentially dangerous file types.