DigiNinja http://www.digininja.org/rss.xml Security and general IT tools and tips en-gb Copyright DigiNinja 2010-09-10T06:27:51+01:00 DigiNinja IT Security Do you have a second hand Trojan in your pocket? http://www.digininja.org/blog/pocket_trojan.php The Trojan in your pocket - Do you know what your phone is doing? http://www.digininja.org/blog/pocket_trojan.php A custom wordlist generator with a twist. http://www.digininja.org/projects/rsmangler.php A custom wordlist generator that creates permutations of all the input words as well as just manipulating them individually http://www.digininja.org/projects/rsmangler.php A Metasploit module to accompany my blog post on finding interesting data in MSSQL databases. http://www.digininja.org/metasploit/mssql_idf.php A Metasploit module to accompany my blog post on finding interesting data in MSSQL databases. http://www.digininja.org/metasploit/mssql_idf.php Automating searching through MSSQL databases for interesting data. http://www.digininja.org/blog/finding_interesting_db_data.php Automating looking through MSSQL databases to find interesting sounding column names. Once found automating pulling back some sample data to give a feel as to whether it is worth investigating. http://www.digininja.org/blog/finding_interesting_db_data.php This scan result beats any I've seen from Nessus, Nikto or Nmap http://www.digininja.org/blog/ultrasound.php This scan result beats any I've seen from Nessus, Nikto or Nmap. I'm going to be a daddy! http://www.digininja.org/blog/ultrasound.php Karma comes into the modern age with patches for hostapd. http://www.digininja.org/karma/index.php Karma was originally written for Madwifi and I then updated it to work with Madwifi-ng. This update adds the same functionality to hostapd. http://www.digininja.org/karma/index.php A pair of Metasploit modules to do DHCP exhaustion attack and then act as a DNS MiTM. http://www.digininja.org/metasploit/dns_dhcp.php My DHCP and DNS Metasploit attack modules, now fixed up to work with Ruby 1.9.x http://www.digininja.org/metasploit/dns_dhcp.php Convert Nessus v2 reports to CSV for easier manipulation and reporting. http://www.digininja.org/projects/nexcser.php Converts Nessus v2 reports to various CSV files to help with reporting and continued scanning. http://www.digininja.org/projects/nexcser.php Kismet log manipulation with GISKismet http://www.digininja.org/blog/giskismet_ignore_gps.php A patch to GISKismet so it will import Kismet data which doesn't include GPS positions. http://www.digininja.org/blog/giskismet_ignore_gps.php Updated Metasploit sound module http://www.digininja.org/metasploit/session_created.php Now with added verbosity, reads IP address and port of connecting clients. http://www.digininja.org/metasploit/session_created.php Metasploit DNS MiTM and DHCP Exhaustion modules http://www.digininja.org/metasploit/dns_dhcp_beta.php I've updated these to run with the latest version of Metasploit. http://www.digininja.org/metasploit/dns_dhcp_beta.php OSSEC rules for handling Kismet alerts files http://www.digininja.org/projects/ossec_kismet_rules.php Handle alerts generated by Kismet Newcore in OSSEC. http://www.digininja.org/projects/ossec_kismet_rules.php Convert a CSV file to an OSSEC rules file http://www.digininja.org/projects/ossec_rule_converter.php Save the effort of having to keep an XML file up-to-date and create your rules in a spreadsheet then convert to XML with my app. http://www.digininja.org/projects/ossec_rule_converter.php Whats behind the door? http://www.digininja.org/blog/door.php I really want to know what is behind this door. http://www.digininja.org/blog/door.php Don't just see on screen that you've got a new Metasploit session, be told by a nice lady. http://www.digininja.org/metasploit/session_created.php A patch for Metasploit to have it play a wav file telling you a new session has been created. Similar to the Core 'Agent Deployed'. http://www.digininja.org/metasploit/session_created.php Would you give out your password? http://www.digininja.org/blog/password_experiment.php A write up of an experiment where I asked a class to give me their passwords. http://www.digininja.org/blog/password_experiment.php CeWL Version 3 http://www.digininja.org/projects/cewl.php Now with JS redirect checking and a bug fix for an issue I found in the ruby spider gem http://www.digininja.org/projects/cewl.php Calc IP Range http://www.digininja.org/projects/calc_ip_range.php Given a IP address calculate the top and bottom of its available subnet range http://www.digininja.org/projects/calc_ip_range.php #secvidofday http://www.digininja.org/blog/secvidofday.php What is #secvidofday and why am I doing it? http://www.digininja.org/blog/secvidofday.php My AP Collection http://www.digininja.org/blog/ap_collection.php I'm going to be doing some AP testing and this is a small part of the collection. http://www.digininja.org/blog/ap_collection.php Releasing KreiosC2 version 3 http://www.digininja.org/kreiosc2/ KreiosC2 can now channel data over TinyURL and JPEG as well as the original Twitter. http://www.digininja.org/kreiosc2/ The start of the PenTester Scripting project http://www.digininja.org/blog/pentester_scripting.php How I got involved in yet another new project, this time the PenTester Scripting community wiki http://www.digininja.org/blog/pentester_scripting.php Metasploit DNS MiTM and DHCP Exhaustion modules http://www.digininja.org/metasploit/dns_dhcp_beta.php Two new beta Metasploit modules, one for DNS MiTM and one for DHCP Exhaustion attacks http://www.digininja.org/metasploit/dns_dhcp_beta.php Cool new Micro SD reader http://www.digininja.org/blog/microsd.php This Micro SD reader is so small it is only just larger than the USB connector it is built on http://www.digininja.org/blog/microsd.php New KreiosC2 language pack http://www.digininja.org/projects/kreiosc2.php#download Split KreiosC2 commands over multiple tweets, a very simple example language http://www.digininja.org/projects/kreiosc2.php#download Blindly Installing VMs and Using Live CDs http://www.digininja.org/blog.php Do you know what the VM or live CD you have just downloaded really contains and if you don't, how do you find out? http://www.digininja.org/blog.php KreiosC2 released http://www.digininja.org/ Launching KreiosC2, version 2 of Twitterbot with new name and new dynamic language options http://www.digininja.org/ New site launched http://www.digininja.org/ I've finally got round to styling the new site http://www.digininja.org/