XLAR8 - All About tech | Tech terms

WIFI HACKING TOOLS POPULLAR

🦑 Hak5's Wi-Fi Pineapple

Fully-integrated Wi-Fi man-in-the-middle platform and rogue access point.

[Site](https://www.wifipineapple.com/)
Wiki

🦑 Aircrack-ng

Complete suite of tools to monitor, capture, export, attack and crack wireless
networks.

[Site](https://www.aircrack-ng.org/)

🦑 Airsnort

Site

🦑 Kismet

Useful for troubleshooting Wi-Fi networks. Detects hidden networks.

[Site](https://www.kismetwireless.net/)

🦑Kismac-ng

Network stumbling tool that works on Mac OS X and features support for built-in
WLAN NICs on some Macs.

Site

🦑Fern WiFi Cracker

Automated cracking and nice monitoring capabilities. Very easy to use.

[Site](http://www.fern-pro.com/)

🦑Cowpatty

Features offline dictionary cracking for WPA networks.

Site

🦑 Ghost Phisher

Tool designed around sniffing passwords with an AP emulator, DHCP/DNS/HTTP
server and logging to a built-in database.

[Site](https://github.com/savio-code/ghost-phisher)

# Online Wireless Resources

🦑Wigle.net

Consolidated location and information of wireless networks world-wide in a
centralized database--queried and updated via web app, native clients and
mobile applications.

Site

Enjoy! Follow us for more...

Fast subdomains enumeration tool for penetration testers

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/aboul3la/Sublist3r.git

2️⃣cd Sublist3r

3️⃣Installation on Windows:
c:\python27\python.exe -m pip install -r requirements.txt

🦑Installation on Linux

> sudo pip install -r requirements.txt

Requests Module (http://docs.python-requests.org/en/latest/)

🦑Install for Windows:

> c:\python27\python.exe -m pip install requests

🦑Install for Ubuntu/Debian:

> sudo apt-get install python-requests

🦑Install for Centos/Redhat:

> sudo yum install python-requests

> Install using pip on Linux:
sudo pip install requests

🦑REQUIREMENT 2 :

dnspython Module (http://www.dnspython.org/)

1️⃣Install for Windows:
c:\python27\python.exe -m pip install dnspython

2️⃣Install for Ubuntu/Debian:
sudo apt-get install python-dnspython

> Install using pip:
sudo pip install dnspython
argparse Module

3️⃣Install for Ubuntu/Debian:
sudo apt-get install python-argparse

4️⃣Install for Centos/Redhat:
sudo yum install python-argparse
>Install using pip:
sudo pip install argparse
for coloring in windows install the following libraries

c:\python27\python.exe -m pip install win_unicode_console colorama

🦑HOW TO USE ?

Examples
1) To list all the basic options and switches use -h switch:
python sublist3r.py -h

2) To enumerate subdomains of specific domain:
python sublist3r.py -d example.com

3) To enumerate subdomains of specific domain and show only subdomains which have open ports 80 and 443 :
python sublist3r.py -d example.com -p 80,443

4) To enumerate subdomains of specific domain and show the results in realtime:
python sublist3r.py -v -d example.com

5) To enumerate subdomains and enable the bruteforce module:
python sublist3r.py -b -d example.com

6) To enumerate subdomains and use specific engines such Google, Yahoo and Virustotal engines
python sublist3r.py -e google,yahoo,virustotal -d example.com

Enjoy! Follow us for more...

Online Analyzers

:

1) [AndroTotal](http://andrototal.org/)

2) [Appknox](https://www.appknox.com/) - not free

3) [AVC UnDroid](http://undroid.av-comparatives.info/)

4) [Virustotal](https://www.virustotal.com/) - max 128MB

5) [Fraunhofer App-ray](http://app-ray.co/) - not free

6) [AppCritique](https://appcritique.boozallen.com) - Upload your Android APKs and receive comprehensive free security assessments.

7) [NowSecure Lab Automated](https://www.nowsecure.com/blog/2016/09/19/announcing-nowsecure-lab-automated/) - Enterprise tool for mobile app security testing both Android and iOS mobile apps. Lab Automated features dynamic and static analysis on real devices in the cloud to return results in minutes. Not free

8) [AMAaaS](https://amaaas.com) - Free Android Malware Analysis Service. A baremetal service features static and dynamic analysis for Android applications. A product of [MalwarePot](https://malwarepot.com/index.php/AMAaaS).

9) [App Detonator](https://appdetonator.run/) - Detonate APK binary to provide source code level details including app author, signature, build and manifest information. 3 Analysis/day free quota.

10) [BitBaan](https://malab.bitbaan.com/)

11) [NVISO ApkScan](https://apkscan.nviso.be/) - sunsetting on Oct 31, 2019

12) [Mobile Malware Sandbox](http://www.mobilemalware.com.br/analysis/index_en.php)

13) [IBM Security AppScan Mobile Analyzer](https://appscan.bluemix.net/mobileAnalyzer) - not free

14) [Visual Threat](https://www.visualthreat.com/) - no longer an Android app analyzer

16) [Tracedroid](http://tracedroid.few.vu.nl/)

17) [habo](https://habo.qq.com/) - 10/day

18) [CopperDroid](http://copperdroid.isg.rhul.ac.uk/copperdroid/)

19) [SandDroid](http://sanddroid.xjtu.edu.cn/)

20) [Stowaway](http://www.android-permissions.org/)

21) [Anubis](http://anubis.iseclab.org/)

22) [Mobile app insight](http://www.mobile-app-insight.org)

23) [Mobile-Sandbox](http://mobile-sandbox.com)

24) [Ijiami](http://safe.ijiami.cn/)

25) [Comdroid](http://www.comdroid.org/)

26) [Android Sandbox](http://www.androidsandbox.net/)

27) [Foresafe](http://www.foresafe.com/scan)

28) [Dexter](https://dexter.dexlabs.org/)

29) ~[MobiSec Eacus](http://www.mobiseclab.org/eacus.jsp)

30) [Fireeye](https://fireeye.ijinshan.com/)- max 60MB 15/day~~

Enjoy! Follow us for more...

Static Analysis Tools

1. [Androwarn](https://github.com/maaaaz/androwarn/) - detect and warn the user about potential malicious behaviours developed by an Android application.

2. [ApkAnalyser](https://github.com/sonyxperiadev/ApkAnalyser)

3. [APKInspector](https://github.com/honeynet/apkinspector/)

4. [Droid Intent Data Flow Analysis for Information Leakage](https://www.cert.org/secure-coding/tools/didfail.cfm)

5. [DroidLegacy](https://bitbucket.org/srl/droidlegacy)

7. [Smali CFG generator](https://github.com/EugenioDelfa/Smali-CFGs)

8. [FlowDroid](https://blogs.uni-paderborn.de/sse/tools/flowdroid/)

9. [Android Decompiler](https://www.pnfsoftware.com/) â€“ not free

10. [PSCout](http://pscout.csl.toronto.edu/) - A tool that extracts the permission specification from the Android OS source code using static analysis

11. [Amandroid](http://amandroid.sireum.org/)

12. [SmaliSCA](https://github.com/dorneanu/smalisca) - Smali Static Code Analysis

13. [CFGScanDroid](https://github.com/douggard/CFGScanDroid) - Scans and compares CFG against CFG of malicious applications

14. [Madrolyzer](https://github.com/maldroid/maldrolyzer) - extracts actionable data like C&C, phone number etc.

15. [SPARTA](https://www.cs.washington.edu/sparta) - verifies (proves) that an app satisfies an information-flow security policy; built on the [Checker Framework](https://types.cs.washington.edu/checker-framework/)

16. [ConDroid](https://github.com/JulianSchuette/ConDroid) - Performs a combination of symbolic + concrete execution of the app

17. [DroidRA](https://github.com/serval-snt-uni-lu/DroidRA)

18. [RiskInDroid](https://github.com/ClaudiuGeorgiu/RiskInDroid) - A tool for calculating the risk of Android apps based on their permissions, with online demo available.

19. [SUPER](https://github.com/SUPERAndroidAnalyzer/super) - Secure, Unified, Powerful and Extensible Rust Android Analyzer

20. [ClassyShark](https://github.com/google/android-classyshark) - Standalone binary inspection tool which can browse any Android executable and show important infos.

21. [StaCoAn](https://github.com/vincentcox/StaCoAn) - Crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications. This tool was created with a big focus on usability and graphical guidance in the user interface.

22. [JAADAS](https://github.com/flankerhqd/JAADAS) - Joint intraprocedure and interprocedure program analysis tool to find vulnerabilities in Android apps, built on Soot and Scala

23. ~~[Several tools from PSU](http://siis.cse.psu.edu/tools.html)~~

24. [Quark-Engine](https://github.com/quark-engine/quark-engine) - An Obfuscation-Neglect Android Malware Scoring System

Enjoy! Follow us for more...

🦑App #Vulnerability Scanners Popular 2020

1️⃣ [QARK](https://github.com/linkedin/qark/) - QARK by LinkedIn is for app developers to scan app for security issues

2️⃣ [AndroBugs](https://github.com/AndroBugs/AndroBugs_Framework)

3️⃣[Nogotofail](https://github.com/google/nogotofail)

4️⃣~[Devknox](https://devknox.io/) - IDE plugin to build secure Android apps. Not maintained anymore.~~

Enjoy! Follow us for more...

Dynamic Analysis Tools 2020 Topic

1. [Android DBI frameowork](http://www.mulliner.org/blog/blosxom.cgi/security/androiddbiv02.html)

2. [Androl4b](https://github.com/sh4hin/Androl4b)- A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

4. [Mobile-Security-Framework MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) - Mobile Security Framework is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static, dynamic analysis and web API testing.

5. [AppUse](https://appsec-labs.com/AppUse/) â€“ custom build for pentesting

6. [Droidbox](https://github.com/pjlantz/droidbox)

10. [Drozer](https://github.com/mwrlabs/drozer)

11. [Xposed](https://forum.xda-developers.com/xposed/xposed-installer-versions-changelog-t2714053) - equivalent of doing Stub based code injection but without any modifications to the binary

12. [Inspeckage](https://github.com/ac-pm/Inspeckage) - Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)

13. [Android Hooker](https://github.com/AndroidHooker/hooker) - Dynamic Java code instrumentation (requires the Substrate Framework)

14. [ProbeDroid](https://github.com/ZSShen/ProbeDroid) - Dynamic Java code instrumentation

15. [Android Tamer](https://androidtamer.com/) - Virtual / Live Platform for Android Security Professionals

16. [DECAF](https://github.com/sycurelab/DECAF) - Dynamic Executable Code Analysis Framework based on QEMU (DroidScope is now an extension to DECAF)

17. [CuckooDroid](https://github.com/idanr1986/cuckoo-droid) - Android extension for Cuckoo sandbox

18. [Mem](https://github.com/MobileForensicsResearch/mem) - Memory analysis of Android (root required)

19. [Crowdroid](http://www.ida.liu.se/labs/rtslab/publications/2011/spsm11-burguera.pdf) â€“ unable to find the actual tool

20. [AuditdAndroid](https://github.com/nwhusted/AuditdAndroid) â€“ android port of auditd, not under active development anymore

21. [Android Security Evaluation Framework](https://code.google.com/p/asef/) - not under active development anymore

23. [Aurasium](https://github.com/xurubin/aurasium) â€“ Practical security policy enforcement for Android apps via bytecode rewriting and in-place reference monitor.

24. [Android Linux Kernel modules](https://github.com/strazzere/android-lkms)

25. [Appie](https://manifestsecurity.com/appie/) - Appie is a software package that has been pre-configured to function as an Android Pentesting Environment. It is completely portable and can be carried on USB stick or smartphone. This is a one stop answer for all the tools needed in Android Application Security Assessment and an awesome alternative to existing virtual machines.

26. [StaDynA](https://github.com/zyrikby/StaDynA) - a system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection). This tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information.

27. [DroidAnalytics](https://github.com/zhengmin1989/DroidAnalytics) - incomplete

28. [Vezir Project](https://github.com/oguzhantopgul/Vezir-Project) - Virtual Machine for Mobile Application Pentesting and Mobile Malware Analysis

29. [MARA](https://github.com/xtiankisutsa/MARA_Framework) - Mobile Application Reverse engineering and Analysis Framework

30. [Taintdroid](http://appanalysis.org) - requires AOSP compilation

Why Doesn't Windows Remember My Folder View Settings?

Xp Folder View Does Not Stay To You're Setting., Grab your registry editor and join in

Why Doesn't Windows Remember My Folder View Settings?

If you've changed the view settings for a folder, but Windows "forgets" the settings when you open the folder again, or if Windows doesn't seem to remember the size or position of your folder window when you reopen it, this could be caused by the default limitation on storing view settings data in the registry; by default Windows only remembers settings for a total of 200 local folders and 200 network folders.

To work around this problem, create a BagMRU Size DWORD value in both of the following registry keys, and then set the value data for both values to the number of folders that you want Windows to remember the settings for. For example, for Windows to remember the settings for 5000 local folders and 5000 network folders, set both values to 5000.

Here is how:

Follow these steps, and then quit Registry Editor:
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following key in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type BagMRU Size, and then press ENTER.
5. On the Edit menu, click Modify.
6. Type 5000, and then click OK.

AND:

1. Locate and then click the following key in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam
2. On the Edit menu, point to New, and then click DWORD Value.
3. Type BagMRU Size, and then press ENTER.
4. On the Edit menu, click Modify.
5. Type 5000, and then click OK.

Note:

When you use roaming user profiles, registry information is copied to a server when you log off and copied to your local computer when you log on. Therefore, you may have performance issues if you increase the BagMRU Size values for roaming user profiles.