URLCrazy version 0.5
by Andrew Horton (urbanadventurer)
http://www.morningstarsecurity.com/research/urlcrazy
Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking,
130
Supports the following domain variations:
Character omission, character repeat, adjacent character swap, adjacent character replacement, double
character replacement, adjacent character insertion, missing dot, strip dashes, singular or pluralise,
common misspellings, vowel swaps, homophones, bit flipping (cosmic rays), homoglyphs, wrong top level
domain, and wrong second level domain.
Usage: /usr/bin/urlcrazy [options] domain
Options
-k, --keyboard=LAYOUT Options are: qwerty, azerty, qwertz, dvorak (default: qwerty) -p, --popularity Check domain popularity with Google
-r, --no-resolve Do not resolve DNS
-i, --show-invalid Show invalid domain names
-f, --format=TYPE Human readable or CSV (default: human readable) -o, --output=FILE Output file
-h, --help This help
-v, --version Print version information. This version is 0.5
URLCRAZY USAGE EXAMP LE
Search for URLs using the dvorak layout (-k dvorak) and do no resolve hostnames (-r) for the given domain (example.com):
root@kali:~# urlcrazy -k dvorak -r example.com URLCrazy Domain Report
Domain : example.com Keyboard : dvorak
At : 2014-05-13 17:04:01 -0600
# Please wait. 95 hostnames to process
Typo Type Typo CC-A Extn --- Character Omission eample.com ? com Character Omission examle.com ? com Character Omission exampe.com ? com Character Omission exampl.com ? com Character Omission example.cm ? cm Character Omission exaple.com ? com
131
Wireshark
WIRESHARK PACKAGE DE SCRIPTION
Wireshark is the world’s foremost network protocol analyzer. It lets you see what’s happening on your network at a microscopic level. It is the de facto (and often de jure) standard across many industries and educational institutions. Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.
Wireshark has a rich feature set which includes the following:
Deep inspection of hundreds of protocols, with more being added all the time
Live capture and offline analysis
Standard three-pane packet browser
Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
The most powerful display filters in the industry
Rich VoIP analysis
Capture files compressed with gzip can be decompressed on the fly
Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
Coloring rules can be applied to the packet list for quick, intuitive analysis
Output can be exported to XML, PostScript® , CSV, or plain text
Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network * General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray® , Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets
EtherPeek/TokenPeek/AiroPeek, and many others Source: http://www.wireshark.org/about.html
Wireshark Homepage | Kali Wireshark Repo
Author: Gerald Combs and contributors
License: GPLv2
TOOLS INCLUDED IN THE WIRESHARK PACKAGE
wireshark–networktrafficanalyzer–GTK+version
root@kali:~# wireshark -h132
Interactively dump and analyze network traffic. See http://www.wireshark.org for more information.
Copyright 1998-2013 Gerald Combs <[email protected]> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Usage: wireshark [options] ... [ <infile> ]
Capture interface:
-i <interface> name or idx of interface (def: first non-loopback) -f <capture filter> packet filter in libpcap filter syntax
-s <snaplen> packet snapshot length (def: 65535) -p don't capture in promiscuous mode
-k start capturing immediately (def: do nothing)
-S update packet display when new packets are captured -l turn on automatic scrolling while -S is in use -I capture in monitor mode, if available
-B <buffer size> size of kernel buffer (def: 2MB)
-y <link type> link layer type (def: first appropriate) -D print list of interfaces and exit
-L print list of link-layer types of iface and exit
Capture stop conditions:
-c <packet count> stop after n packets (def: infinite) -a <autostop cond.> ... duration:NUM - stop after NUM seconds filesize:NUM - stop this file after NUM KB files:NUM - stop after NUM files
Capture output:
-b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs filesize:NUM - switch to next file after NUM KB files:NUM - ringbuffer: replace after NUM files Input file:
-r <infile> set the filename to read from (no pipes or stdin!)
Processing:
-R <read filter> packet filter in Wireshark display filter syntax -n disable all name resolutions (def: all enabled) -N <name resolve flags> enable specific name resolution(s): "mntC"
User interface:
-C <config profile> start with specified configuration profile -Y <display filter> start with the given display filter
133
-g <packet number> go to specified packet number after "-r"
-J <jump filter> jump to the first packet matching the (display) filter
-j search backwards for a matching packet after "-J" -m <font> set the font name used for most text
-t a|ad|d|dd|e|r|u|ud output format of time stamps (def: r: rel. to first) -u s|hms output format of seconds (def: s: seconds)
-X <key>:<value> eXtension options, see man page for details
-z <statistics> show various statistics, see man page for details
Output:
-w <outfile|-> set the output filename (or '-' for stdout)
Miscellaneous:
-h display this help and exit -v display version info and exit
-P <key>:<path> persconf:path - personal configuration files persdata:path - personal data files
-o <name>:<value> ... override preference or recent setting -K <keytab> keytab file to use for kerberos decryption --display=DISPLAY X display to use