Archives

All posts by jmk

I was informed last month of the release of the new “Faraday” penetration testing framework. A key feature of this framework is its ability to parse the output from various other security tools, including Foofus.Net’s Medusa! Here is the official release from the Infobyte folks:

We are happy to announce our first release of Faraday (beta), an open source collaborative Penetration Test IDE console that uses the same tools you use every day.

Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment

We built a plugin system, where all the I/O from the terminal gets interpreted, if we have a plugin for the command, the output is processed and added to a knowledge base in a transparent way.

Our idea was to build a tool that helps from the perspective of a pentester without changing the way you work, adding the support for multi user collaboration on security testing projects.

Developed with a specialized set of functionalities that help users improve their own work adding collaborative data sharing, indexation and analysis of the generated knowledge during the engagement of a security audit.

[Features]
* +40 Plugins (Metasploit, Amap, Arachini, Dnsenum, Medusa, Nmap, Nessus, w3af, Zap and More!)
* Collaborative support
* Information Highlighting
* Knowledge Filtering
* Information Dashboard
* Conflict Detection
* Support for multiple Workspaces
* IntelliSense Support
* Easy Plugin Development
* XMLRPC, XML and Regex Parsers

Get it now:
http://www.faradaysec.com
https://github.com/infobyte/faraday

[Contact]
@faradaysec
#faraday-dev on irc.freenode.net

We hope you enjoy it!

Francisco Amato
http://www.linkedin.com/in/famato
http://twitter.com/famato

Infobyte LLC.
2699 S. Bayshore Dr #300.
[33133], Miami, FL
Phone: +1 305 851 3373
http://www.infobytesec.com
http://blog.infobytesec.com
http://twitter.com/infobytesec

 

Medusa 2.1 is now available for public download.

http://www.foofus.net/jmk/tools/medusa-2.1.tar.gz

What is Medusa? Medusa is a speedy, massively parallel, modular, login brute-forcer for network services created by the geeks at Foofus.net. It currently has modules for the following services: AFP, CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), NNTP, PcAnywhere, POP3, PostgreSQL, rexec, rlogin, rsh, SMB, SMTP (AUTH/VRFY), SNMP, SSHv2, SVN, Telnet, VmAuthd, VNC. It also includes a basic web form module and a generic wrapper module for external scripts.

While Medusa was designed to serve the same purpose as THC-Hydra, there are several significant differences. For a brief comparison, see:

http://www.foofus.net/jmk/medusa/medusa-compare.html

This release does not introduce any major changes to the core of the application, however, it does include two years worth of bug-fixes throughout the code base and numerous incremental improvements.

Enjoy,

Joe

 

I’ve posted an updated version of my “Karma” patch for HostAP (hostap_0_7_2-775-g9fc6aa9). This patch adds Karma-style automatic probe response, in addition to PEAP/MSCHAPv2 authentication logging (think all-in-one FreeRadius-WPE). See the Wireless page for a link to the old Hostap 0.6.9 patch and the newer version.