Security Videos

Entries in backtrack (7)


Automater added to Kali (The new BackTrack)

Update: Automater gets its own project page http://www.tekdefense.com/automater/

I must admit, I am in a bit of shock here. Never did I think I would actually get to have something I developed on the most popular distribution for security professionals. For those who do not know, Kali is the successor to Backtrack, this time fully debian based.

As of 2013/03/22 Automater was added to the Kali repos.  What does that mean for you? If you are on Kali or have their repos added as a source you can now apt-get install automater. 

Installation of automater on Kali:

In order to ensure you are able to pull automater from Kali you must first update your repos. to do this simply:

apt-get update

Once updated you can install automater with the following command:

apt-get install automater

You can roll both of those commands into one if you like, as seen in the screenshot below.

It is that simple, installation complete. Of course if you are not on kali you can still grab the latest version of automater from Github.

Automater usage:

Once installed via apt-get, automater is placed in /usr/bin/ which is in the PATH. So you can run automater from any directory.

Single target is an ip:

automater -t

Single target is a url/domain:

automater -t lovedacha.com

Single target is a shortened url:

automater -e bit.ly/XDlV1q

Target is several IPs and URLs/Domains listed in a file called hosts, outputting to another file called hosts.out:

automater -f hosts -o hosts.out

I have some really fun things planned for automater, such as adding a hash search function.  I hope you enjoy.


TekTip ep17 - Web scanning with WhatWeb

Description:   What Web is a flexible web scanning utility that allows for varying degrees of aggression in scanning.
*Version 0.4.8 by Andrew Horton aka urbanadventurer from Security-Assessment.com
Options include target selection, Agression level, HTTP options, Proxy, Plugins, logging, and performance.
./whatweb -l
./whatweb tekdefense.com
./whatweb -v tekdefense.com
./whatweb -v -a 4 securitytube.net

Automater 1.0 - Passive IP and URL Analysis

Update: Automater gets its own project page http://www.tekdefense.com/automater/

Automater is an IP and URL analysis tool that I created to assist analyst in pulling data quickly and passively in mass.  This is the first stable release of the tool.
IPVoid: Pulls blacklist, ISP, and Geo Location
Robtex: Pulls DNS information. *A records only.
Fortiguard: Pulls URL Categorization
Unshotren.me: Will determine if the URL is shortened.  If it is it will display the final destination.
URLVoid - Pulls IP Address, blacklist, ISP, Geo Location, Domain creation date.
 1. Download from github: 
wget https://github.com/1aN0rmus/TekDefense/archive/master.tar.gz
 2. Unzip the file:
tar -xvcf master.tar.gz 
 3. Make executable:
cd TekDefense-master
chmod +x *
 4. Now you are ready to run!
*Required Libraries: httplib2, re, sys, argparse, urllib, urllib2
Display help information
./Automater.py -h
./Automater.py -t
./Automater.py -t securitytube.net
./Automater.py -e bit.ly/XDlV1q
./Automater.py -f hostsss
./Automater.py -f hostsss -o host.out
Video Demo:
Known Bugs:
  • If the IP or URL has not been previously scanned at IPVoid or URLVoid, the script is supposed to submit the IP or URL and then pull results.  This seems to work most of the time, but on occasion it will not wait long enough to pull the appropriate result.  Running the command a second time will work though.
  • Can not use the -e and -f switch together.
  • URLs with http:// cannot be scanned.  Must take the http:// out for it to work.
  • Please submit any other bugs to 1aN0rmus@tekdefense.com

Upcoming Features:


  • For those who would like to be able to just query a specific engine or source such as robtex, we will be creating an option to do so.
  • Check IP and/or URL against Malwaredomainlist
  • Check IP and/or URL against malware sandboxes such as ThreatExpert.
  • Summary report that will give statistics on the targets highlighting the known bad information such as blacklists and malicious URL categories.
  • Please submit feature requests to 1aN0rmus@tekdefense.com



TekTip ep12 - Regex Basics

Description: Regular expressions are a way to match specific patterns in strings.
Demo Setup: For the demo, I am using BT5 with eclipse and pydev.  I am demonstrating with python, but there are many other methods that could be used.
Uses:  Singature creation pcre, scripting, programming
"\w": word character
"\W": Not word character
"\d" : digit
"\D" : Not digit
"\s" : space
"\S" : not space
"\" : escape 
"." : Any character except \n (new line)
"|" : or
"{}" : Range
"+" : One or more
String: Hi, my name is 1aN0rmus.  My phone number is 555-555-5555 my address is 123 Internet Lane. 
Regex: '\d\w\w\d\w\w\w\w'
Result: 1aN0rmus
Regex: '\d\w+\d\w+'
Result: 1aN0rmus
Regex: '\d{3}.\d{3}.\d{4}'
Result: 555.555.5555 
Regex: '\d{1,5}\s\w+\s\w+'
Result: 123 Internet Lane
String: saDaSDASD/forum/Themes/core/images/sdfs.exe SAdasd
Regex: '\/forum\/Themes\/core\/images\/\w+\.exe'
Result: /forum/Themes/core/images/sdfs.exe
Scripts seen on this episode can be downloaded at https://github.com/1aN0rmus/TekDefense.  Feel free to help out with either script.  I'm a beginner when it comes to python.

Thank you,



TekTip ep7 - Credential Harvesting with The Social Engineering Toolkit

The Social-Engineer Toolkit (SET)  
SET is created by: https://www.trustedsec.com      
SET includes many modules:  Spear-Phishing Attack Vectors,  Website Attack Vectors, Infectious Media Generator, Create a Payload and Listener, Mass Mailer Attack, Arduino-Based Attack Vector, SMS Spoofing Attack Vector, Wireless Access Point Attack Vector, QRCode Generator Attack Vector, Powershell Attack Vectors, Third Party Modules.
In this video we focus on "Website Attack Vectors" and particularly "Credential Harvester".  For this demo we clone the securitytube.net login page and watch as users (in our lab) attempt to connect and login, giving us their passwords.
Keep in mind that this by itself is not a very strong tool.  You must combine with information gathering techniques and trickery to get the most out of this tool in a pentest.