netool.sh script project

pedro ubuntu



MitM PENTESTING OPENSOURCE T00LKIT v4.6 WIKI

         netool.sh toolkit provides a fast and easy way For new arrivals to IT security
         pentesting and also to experience users to use allmost all features that the
         Man-In-The-Middle can provide under local lan, since scanning, sniffing and
                    social engeneering attacks "[phishing attacks over mitm]"...





DESCRIPTION

                         "Scanning - Sniffing - Social Engeneering"
        Netool: its a toolkit written using 'bash, python, ruby' that allows you to
        automate frameworks like Nmap, Driftnet, Sslstrip, Metasploit and Ettercap
        MitM attacks. this toolkit makes it easy tasks such as SNIFFING tcp/udp traffic,
        Man-In-The-Middle attacks, SSL-sniff, DNS-spoofing, D0S attacks in wan/lan
        networks, TCP/UDP packet manipulation using etter-filters, and gives you
        the ability to capture pictures of target webbrowser surfing (driftnet)
        also uses macchanger to decoy scans changing the mac address.

        Rootsector: module allows you to automate some attacks over DNS_SPOOF + MitM
        (phishing - social engineering) using metasploit, apache2 and ettercap frameworks.
        like the generation of payloads,shellcode,backdoors delivered using dns_spoof
        and MitM method to redirect a target to your phishing webpage.

        Recently was introduced "inurlbr" webscanner (by cleiton) that allow us to search
        SQL related bugs, using severeal search engines, also this framework can be
        used in conjunction with other frameworks like nmap, (using the flag --comand-vul)
        Example: inurlbr.php -q 1,2,10 --dork 'inurl:index.php?id=' --exploit-get ?´0x27
        -s report.log --comand-vul 'nmap -Pn -p 1-8080 --script http-enum --open _TARGET_'

* STABLE repository | GIT repository | VIDEO Tutorials | CHANGELOG | BUG-REPORTS *



Operative Systems Supported

                     Linux-Ubuntu | Linux-kali | Parrot security OS | backbox OS
                         Linux-backtrack (un-continued) | Mac osx (un-continued).

          Additionally was build one 'UNIVERSAL INSTALLER' to help us download/install
          the toolkit for: Kali, Ubuntu, Backbox, Parrot, Debian, Lubuntu, Xubuntu, etc.
          it will download the correct toolkit for your OS to is default install PATH,
           and triggers the 'INSTALL.sh', with little interaction needed from user.

                         "downloader.sh" gives you the choise to download the
                  STABLE (bug-free) or the GIT (under-develop) version of my toolkit...

Download netool.sh V4.5

* UBUNTU install | KALI install | OTHER DISTROS install | BUILD A SHORTCUT*



Dependencies

                                    "TOOLKIT DEPENDENCIES"
       zenity | Nmap | Ettercap | Macchanger |  Metasploit | Driftnet | Apache2 | sslstrip

                                     "SCANNER INURLBR.php"
               curl | libcurl3 | libcurl3-dev | php5 | php5-cli | php5-curl

* Install zenity | Install nmap | Install ettercap | Install macchanger | Install metasploit | Install Apache2 *



Features (modules)

  "1-Show Local Connections"
  "2-Nmap Scanner menu"
        ->
        Ping target
        Show my Ip address
        See/change mac address
        change my PC hostname
        Scan Local network 
        Scan external lan for hosts
        Scan a list of targets (list.txt)          
        Scan remote host for vulns          
        Execute Nmap command
        Search for target geolocation
        ping of dead (DoS)
        Norse (cyber attacks map)
        nmap Nse vuln modules
        nmap Nse discovery modules
        nmap stealth scan (evade IDS)
        <-
  "3-Retrieve metadata"
        ->
        retrieve metadata from target website
        retrieve using a fake user-agent
        retrieve only certain file types
        <-
  "4-open router config webpage"
  "5-ip tracer whois"                           
  "6-INURLBR.php (webcrawler)"
        -> 
        scanner inurlbr.php -> Advanced search with multiple engines, provided
        analysis enables to exploit GET/POST capturing emails/urls & internal
        custom validation for each target/url found. also the ability to use
        external frameworks in conjuction with the scanner like nmap,sqlmap,etc
        or simple the use of external scripts.
        <-
  "7-cupp.py password profiler"     
  "8-r00tsect0r automated exploits (phishing - social engeneering)"
        ->
        package.deb backdoor [Binary linux trojan]
        Backdooring EXE Files [Backdooring EXE Files]
        fakeupdate.exe [dns-spoof phishing backdoor]
        meterpreter powershell invocation payloads [by ReL1K]
        Web_delivery (PSH/PYTHON) payloads
        host a file attack [dns_spoof+mitm-hosted file]
        clone website [dns-spoof phishing keylooger]
        Java.jar phishing [dns-spoof+java.jar+phishing]
        clone website [dns-spoof + java-applet]
        clone website [browser_autopwn phishing Iframe]
        Block network access [dns-spoof]
        Samsung TV DoS [Plasma TV DoS attack]
        RDP DoS attack [Dos attack against target RDP]
        website D0S flood [Dos attack using syn packets]
        firefox_xpi_bootstarpped_addon automated exploit
        PDF backdoor [insert a payload into a PDF file]
        Winrar backdoor (file spoofing)
        VBScript injection [embedded a payload into a world document]
        router phishing (capture router credentials over mitm)
        Adobe_hacking_team  (adobe browser exploit)
        ".::[ normal payloads ]::."
        windows.exe payload
        mac osx payload
        linux payload
        java signed applet [multi-operative systems]
        android-meterpreter [android smartphone payload]
        webshell.php [webshell.php backdoor]
        generate shellcode [C,Perl,Ruby,Python,exe,war,vbs,Dll,js]
        Session hijacking [cookie hijacking]
        Shellter PE infector [build obfuscated backdoors]
        start a lisenner [multi-handler]
        <-
  "9-Config ettercap"         
  "10-Launch MitM"            
  "11-Show URLs visited"       
  "12-MITM + Dns-Spoofing"
  "13-DoS attack [local lan]"      
  "14-Compile etter.filters"
  "15-Execute ettercap filter"   
  "16-Share files [local lan]"      
  "17-Sniff target browser pics"    
  "18-Sniff SSL login passwords"

  d. delete lock folders
  a. about netool
  u. check for updates
  c. config toolkit
 db. access database
  q. quit



Wall Of Fame

In this 'wall of fame' we have all developers that have contributed in any way to this project,
reporting bugs, debbuging the tool or even sourcecode Contributions. "my warm thanks to
all opensource hax0rs out there that have help me"...
wall of fame



Credits

           Fyodor "Nmap" | ALoR & NaGa "Ettercap" | HD moore "Metasploit"
             Moxie M "Sslstrip" | Chris L "Driftnet" | j0rgan "Cupp.py"
         Cleiton p "inurlbr.php" | ReL1K "unicorn.py" | KyRecon "shellter"
                    Chris Tyler "zenity" and rob mcCool "apache"

                      "Develop by: pedr0 Ubuntu [r00t-3xp10it]"
              Suspicious Shell Activity Labs@2015 | r00tsect0r CyberTeam

Red Team Collaborations | GNU PUBLIC LICENSE
alternate text



some videos about 4.6 stable version












Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks