BoopSuite A Wireless Sniffer Tool

BoopSuite : BoopSuite A Wireless Sniffer Tool

A Suite of Tools written in Python for Wireless Auditing and Security Testing.

This project is easier to use, identifies clients more quickly than airodump-ng, and displays less useless information.

The developer said, "Don't mistake me, aircrack is an amazing suite of tools and I understand the thought of "why use a different tool when airodump is still very usuable", and the answer is because change is good, and this project is going to continue to grow as I add new handlers for additional packet types."

Installation:

To install open a terminal and type:

git clone https://github.com/M1ND-B3ND3R/BoopSuite.git
cd BoopSuite
./setup.py

The setup includes creating two symbolic links for the gui and cli version of the tool so it can be run from anywhere.

Upgrade:

To upgrade open a terminal and type:

git clone https://github.com/M1ND-B3ND3R/BoopSuite.git


cd BoopSuite
./setup.py

How to Use?

To start sniffing:
boopsniff -i wlan1mon

To specify a channel:
boopsniff -i wlan1mon -c 6

Boop also works on the 5ghz spectrum if you have a supporting card:
boopsniff -i wlan1mon -f 5

Reporting can also be enabled:
boopsniff -i wlan1mon -r ~/report.txt

If some processes are interfering then you can preemptively kill them with:
boopsniff -i wlan1mon -k

If you want to see unassociated clients:
boopsniff -i wlan1mon -u

If you want to filter by a specific AP mac address:
boopsniff -i wlan1mon -a xx:xx:xx:xx:xx:xx

New Update includes a gui tool:
boopsniff_gui

Download Boopsuite

Millions of Android Devices Using Broadcom Wi-Fi Chip Can Be Hacked Remotely

Google has released its latest monthly security update for Android devices, including a serious bug in some Broadcom Wi-Fi chipsets that affects millions of Android devices, as well as some iPhone models.

Dubbed BroadPwn, the critical remote code execution vulnerability resides in Broadcom's BCM43xx family of WiFi chipsets, which can be triggered remotely without user interaction, allows a remote attacker to execute malicious code on targeted Android devices with kernel privileges.

"The most severe vulnerability in this [runtime] section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process," Google describes in the July 2017 Android Security Bulletin.

The BroadPwn vulnerability (CVE-2017-3544) has been discovered by Exodus Intelligence researcher Nitay Artenstein, who says the flawed Wi-Fi chipset also impacts Apple iOS devices.

Since Artenstein will be presenting his finding at Black Hat 2017 event, details about the BroadPwn bug is scarce at this moment.

"The Broadcom BCM43xx family of Wi-Fi chips is found in an extraordinarily wide range of mobile devices – from various iPhone models to HTC, LG, Nexus and practically the full range of Samsung flagship devices," the abstract for Artenstein's talk says.

Besides the fix for the BroadPwn vulnerability, July's Android Security Bulletin includes patches for 10 critical, which are all remote code execution bugs, 94 high and 32 moderate rated vulnerabilities.

Two months ago, an over-the-air hijacking vulnerability was discovered in Broadcom WiFi SoC (Software-on-Chip) chips, allowing attackers within the same WiFi network to remotely hack, iPhones, iPads, iPods and Android handsets without any user interaction.


At that time, Apple rushed out an emergency iOS patch update to address the serious bug, and Google addressed the flaw in its Android April 2017 security updates.

Android Security Bulletin: July 2017 Updates

Among the other critical flaws is a long list of vulnerabilities in the Mediaserver process in the Android operating system, which also allows attackers to perform remote code execution on the affected devices.

One of the vulnerabilities is an issue with the way the framework handles some specific files. The libhevc library has an input validation vulnerability (CVE-2017-0540), which can be exploited using a crafted file.

"A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing," the vulnerability description says. 

"This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process."

The over-the-air updates and firmware for Google devices have already been issued by the company for its Pixel and Nexus devices, though rest of Android still need to wait for an update from their OEMs, leaving million of Android devices vulnerable for next few months.

ELSA: New CIA Tool Revealed By Wikileaks Which Was Used To Track PCs Via WI-Fi

ELSA: New CIA Tool Revealed By Wikileaks Which Was Used To Track PCs Via WI-Fi.

Wikileaks released latest Vault7 series of CIA Hacking tools. ELSA, the malware used to track Wi-Fi enabled devices on running Microsoft Windows operating system. ELSA allows to gather location data on the victim device and able to monitor remotely.

"WikiLeaks publishes documents from the ELSA project of the CIA. ELSA is a Geo-location malware for WiFi-enabled devices like laptops running the Microsoft Windows operating system. Once persistently installed on a target machine using separate CIA exploits, the malware scans visible WiFi access points and records the ESS identifier, MAC address and signal strength at regular intervals. To perform the data collection the target machine does not have to be online or connected to an access point; it only needs to be running with an enabled WiFi device.

If it is connected to the internet, the malware automatically tries to use public Geo-location databases from Google or Microsoft to resolve the position of the device and stores the longitude and latitude data along with the timestamp. The collected access point/geo-location information is stored in encrypted form on the device for later exfiltration. The malware itself does not beacon this data to a CIA back-end; instead the operator must actively retrieve the log file from the device - again using separate CIA exploits and backdoors.

The ELSA project allows the customization of the implant to match the target environment and operational objectives like sampling interval, maximum size of the logfile and invocation/persistence method. Additional back-end software (again using public geo-location databases from Google and Microsoft) converts unprocessed access point information from exfiltrated logfiles to Geo-location data to create a tracking profile of the target device."

Last week Wikileaks Published Brutal Kangaroo project of the CIA.  Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumb drives. Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executable.

Top five (5) apps that's turns your Android device into hacking phone

zANTI - Mobile Security Rise Assessment: zANTI is a penetration testing toolkit for cyber security professionals.its
also allows you to simulate malicious attacks on a network.you can use zANTI
in creating a malicious WiFi hotpot,Hijacking HTTP sessions,Modifying HTTP requests and responses.
Exploiting routers,checking a device for shell shock and SSL poodle vulnerability,capturing downloads,changing
device's MAC address etc

Download ZAnti

WiFi Kill: this another powerful tool,basically its controls the WiFi network,it can also disable
the internet connection of other devices connected to same WiFi network...it is a useful tool for
WiFi internet users, using the powerful tool can prevent others off from a common WiFi network and set aside all the bandwidth
to yourself.this very up is for rooted Android app only.to use this app
mark the tic on "unknown source" in settings of the phone and open the downloaded app and install it,ready to use

Download WiFiKill

Whats-app Sniffer: Whats-app Sniffer is an Android app that allows you to receive the conversations from whats-app application from
phones that uses the same WiFi  with you with this app you can receive text messages , videos pictures as well this app only works with rooted phones its a free app you can download from place-store it used be use for educational and personal use only.
Download WhatsAppSniffer

cSploit: is an Android app that opens Android network analysis and penetration suite,it is the best and advanced professional toolkit for internet
security assess in mobile phones. it works rooted Android version 2.4 or newer vision with this app you can

•  map your local network
•  integrated trace rout
•  adjust exploit settings,lunch and create shell console on exploited system
• capturing pcap network  traffic files etc

Download cSploit-release

Face Niff : is an Android app for hackers (newbies) who wants to sniff and 

analyse web session profiles over WiFi connection.which simply means you

can use this app only when you are on the same WiFi connection

Download FaceNiff

NOTE: there are thousands of hacking app out there but we have only worked on this five app for now......

10 Tips on How to Prevent Malware & Virus From Infecting Your Computer—and Your Livelihood

Most of us have had to deal with a computer virus or some sort of malware by now. It wasn’t fun; it was annoying, time consuming, and very frustrating.

When our computers start slowing down or behaving in an unusual way, we are often quick to suspect that we have a virus. It might not be a virus, but it is likely that you have some sort of malware. Some are malicious, and others are just annoying. The worst culprits are the hijackers—malware programs that take over your browser, or worse yet, your computer. I have had to remove these types of evil programs from personal computers and work computers in the past, and I’m sure you have, too. Here are 10 tips on how to prevent malware from infecting your computer, keeping your hardware safe.

1. Install Anti-Virus/Malware Software. This tip may go without saying, and I almost just casually mentioned it in my opening paragraph. However, I have seen many computers—especially home computers—that don’t have anti-virus/malware protection. This protection is a must-have first step in keeping you computer virus free.

2. Keep Your Anti-Virus Software Up to Date. Having protection software is the first step; maintaining it is the second. Free anti-virus software is better than nothing, but keep in mind that it’s not the best solution. Microsoft does provide a security package for “free.” It’s free in that if you have Windows on your machine, you are granted access, but you did pay for your Windows license. Many users aren’t aware of this program, but it’s actually decent protection.

3. Run Regularly Scheduled Scans with Your Anti-Virus Software. This too may seem like a no-brainer, but many of us forget to do this. Set up your software of choice to run at regular intervals. Once a week is preferred, but do not wait much longer between scans. It’s difficult to work on your computer while your anti-virus software is running. One solution is to run the software at night when you aren’t using your computer. However, we often turn off our computers at night, and so the scan never runs. Set your anti-virus software to run on a specific night, and always leave your computer running on that day. Make sure it doesn’t shut off automatically or go into hibernation mode.

4. Keep Your Operating System Current. Whether you are running Windows, Mac OS X, Linux, or any other OS, keep it up to date. OS developers are always issuing security patches that fix and plug security leaks. These patches will help to keep your system secure. Similarly, keep your anti-virus software up to date. Viruses and malware are created all the time. Your scanning software is only as good as its database. It too must be as up to date as possible.

5. Secure Your Network. Many of our computers connect to our files, printers, or the Internet via a Wi-Fi connection. Make sure it requires a password to access it and that the password is strong. Never broadcast an open Wi-Fi connection. Use WPA or WPA2 encryption. WEP is no longer strong enough as it can be bypassed in minutes by experts. It’s also a great idea to not broadcast your SSID (the name of your Wi-Fi network). You can still access it with your device, you will just have to manually type in the SSID and the password. If you frequently have guests who use your Internet, provide a guest SSID that uses a different password, just in case your friends are evil hackers.

6. Think Before You Click. Avoid websites that provide pirated material. Do not open an email attachment from somebody or a company that you do not know. Do not click on a link in an unsolicited email. Always hover over a link (especially one with a URL shortener) before you click to see where the link is really taking you. If you have to download a file from the Internet, an email, an FTP site, a file-sharing service, etc., scan it before you run it. A good anti-virus software will do that automatically, but make sure it is being done.

7. Keep Your Personal Information Safe. This is likely the most difficult thing to do on the Internet. Many hackers will access your files not by brute force, but through social engineering. They will get enough of your information to gain access to your online accounts and will glean more of your personal data. They will continue from account to account until they have enough of your info that they can access your banking data or just steal your identity altogether. Be cautious on message boards and social media. Lock down all of your privacy settings, and avoid using your real name or identity on discussion boards.

8. Don’t Use Open Wi-Fi. When you are at the local coffee shop, library, and especially the airport, don’t use the “free” open (non-password, non-encrypted) Wi-Fi. Think about it. If you can access it with no issues, what can a trained malicious individual do?

9. Back Up Your Files. The best thing you can do is back up your files—all of them. Ideally you will have your files (your data) in at least three places: the place where you work on them, on a separate storage device, and off-site. Keep your files on your computer, back them up to an external hard drive, then back them up in a different location. You can use a backup service or simply get two external hard drives and keep one at work, at a friend’s house, at a family member’s house, or in a safe deposit box.

10. Use Multiple Strong Passwords. Never use the same password, especially on your bank account. Typically, we use the same email address or username for all of our accounts. Those are easy to see and steal. If you use the same password for everything, or on many things, and it is discovered, then it takes only seconds to hack your account. Use a strong password. Use lower case, upper case, numbers, and symbols in your password. Keep it easy to remember but difficult to guess. Do not use dates or pet names.

What are the steps you take to protect your computer and data? Please share your ideas below in the comments section.

Mobile Hacking Apps

In a world where everything which your computer can do, can be done on your smartphone, hacking cannot be left behind.
The world is full of smartphones these days. Most people rely on their smartphones and other portable devices to carry out their day to day activities. It won’t be an exaggeration to say that smartphones have taken over laptops in terms of productivity. Thus, it becomes extremely important to know about the (ethical) hacking tools available on your android phone. Who knows, you might need them one day!

Hacking, nowadays, is not something which is the exclusive domain of the “experts”. With the help of a few applications and basic knowledge of the true capabilities of your android phone, you, too, could delve into the world of hacking. So, let’s discuss some of the apps for your android phones which will turn you into a hacker!

1. ANDRORAT

AndroRat stands for Android Remote Administration Tool. As the name suggests, it is a remote administration tool which is used to control another device even if you have no physical access to that device! Manipulating other devices can be easily done using the app which is quite useful in case you’re away from your device and need it to perform some task. It is also useful in inducing some giggle and amazement amongst your friends and family members!

2. DROIDSHEEP

The word “hacking” for many is hacking into your friend’s social media account for giggles. Or it may be used for even something useful like extracting some important information from someone’s social media accounts. DroidSheep does the job for you. It hijacks the sessions of social media activities carried out on your network. You need the knowledge of the basics of hijacking and by installing the app on your android device you’re all set to ‘hack’ your friend’s online social life!

3. KILL WIFI

This open source ethical hacking app is one of the most popular ones in this field. Similar to the net cut app in Windows, this app is capable of cutting off anyone’s WiFi over your network. Kill Wifi is extremely useful when you have an open WiFi not protected by a strong password. You can cut off the WiFi of the intruder by just a few clicks on your device. This app is easy to use owing to its lucid and interactive interface and easy-to-use tools.

4. SPOOFAPP

Won’t it be wonderful if you could place a call to your friend phone, but instead of showing your phone number different number flashes on your friend’s phone?SpoofApp is exactly what this app does. Apart from changing your phone number, this app can also change your voice and record your entire conversation! However, you will need SpoofCards to use this app. Overall a nice app for bringing smiles on your and your friend’s face.

5. WIFI MAC CHANGER

One of the most useful ones, Wifi Mac Changer app changes the MAC address of your device you make your activities almost untraceable. With your rooted android phone, you can change the MAC Address of your device temporarily so that your online activities cannot be traced back to you. The app provides you two methods of changing your MAC Address. One is the easier way which reflects no change in your WiFi settings. The other method is a bit tougher which allows you to enter apps which are password protected and this will reflect the changed address in your WiFi settings.

CONCLUSION

These apps may not seem very productive at a first glance but with prolonged use, you will certainly realize the potential that these apps possess. Who knows someday you may need to spy upon your friend’s/significant other’s social media account? Or you may need to kick off an intruder from your network. Thus, gear up for the path untraveled and watch your world in an entirely different light using these apps!