Old Parrot Community

Community portal of the Parrot Project.

You are not logged in.

#1 2017-12-15 15:01:29

no0b
Community Member
Registered: 2017-12-14
Posts: 144

Recommandation of Tools for future updates

Reverse Engineering : 
https://github.com/radareorg/cutter  Its a GUI for Radare2, the binary release is 28mb         

Crypto :
https://github.com/cryptolok/EPMG    Entropic Password Manager Generator
https://github.com/cryptolok/SteCoSteg    operates images, JPEGs are used as a decoy. Then, it takes a file and hides it in the image, converting it to PNG, by giving a unique key for the file's retrieval. To unconceal a file in a PNG image, one must specify this key...

Exploit DataBase :     It's like Searchsploit from ExploitDB but better...
https://github.com/1N3/Findsploit       

Exfiltration :
https://github.com/cryptolok/CryKeX      Linux Memory Cryptographic Keys Extractor

Exploitation :
https://github.com/cryptolok/ASLRay      Linux ELF x32 and x64 ASLR bypass exploit with stack-spraying

Morpher/Shellcode Generator :
https://github.com/cryptolok/MorphAES   

Reporting/Utility :
https://github.com/TryCatchHCF/DumpsterFire      A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequence…

Stealth :
https://github.com/cryptolok/GhostInTheNet    protects from MITM/DOS/scan
https://github.com/TryCatchHCF/Cloakify    CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings; Evade DLP/MLS Devices; Defeat Data Whitelisting Controls; Social Engineering of Analysts; Evade AV Detection

Stress-Testing :
https://github.com/epsylon/ufonet     UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

Wireless Attack :
https://github.com/evilsocket/bleah    A BLE scanner for "smart" devices hacking based on the bluepy library

Wordlist Manipulation :
https://github.com/sc0tfree/mentalist    Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.

That's all. Thanks to the Parrot Devs for everything.

Last edited by no0b (2018-01-06 15:17:56)

Offline

#2 2017-12-18 09:50:57

palinuro
Parrot Project Founder
From: Italy
Registered: 2017-02-11
Posts: 273
Website

Re: Recommandation of Tools for future updates

as i said in the release notes of parrot 3.10 (https://blog.parrotsec.org/parrot-3-10-is-out/) we are going to expand our pentest arsenal


to include the tools you listed here, we need a team of maintainers to debianize each of them and maintain them over time


Lorenzo "Palinuro" Faletra - Parrot Security

GPG FINGERPRINT: B350 5059 3C2F 7656 40E6 DDDB 97CA A129 F4C6 B9A4
GPG Info: http://pgp.mit.edu/pks/lookup?op=vindex … 29F4C6B9A4
GPG Key: http://pgp.mit.edu/pks/lookup?op=get&se … 29F4C6B9A4

Offline

#3 2017-12-18 12:22:24

no0b
Community Member
Registered: 2017-12-14
Posts: 144

Re: Recommandation of Tools for future updates

Yes i saw it, it's nice to see you are open to new tools, as for all the tools i listed there, i made them all work on Parrot 3.9, and Kali Linux, they are all compatible with Debian (their dependencies are with APT and PIP). Thanks

Offline

#4 2017-12-20 23:47:39

dmknght
Community Member
Registered: 2017-02-12
Posts: 110

Re: Recommandation of Tools for future updates

Some tools are good. But as you can see, many tools can be replaced by old tools with the same features.

Offline

#5 2017-12-21 02:33:49

no0b
Community Member
Registered: 2017-12-14
Posts: 144

Re: Recommandation of Tools for future updates

Which tools ? The less tools i have to download from Github, the better so i would appreciate if you can tell me what tools can replace the ones above. I used most tools from Parrot/Kali, and the only one that can do similar things to the ones in my list is WifiPhisher vs WifiPumpkin, but they're still different.

Last edited by no0b (2017-12-21 02:34:04)

Offline

#6 2017-12-29 15:59:50

no0b
Community Member
Registered: 2017-12-14
Posts: 144

Re: Recommandation of Tools for future updates

@palinuro, when you will do a remake of the tools on Parrot, will you just add or add new, and remove old/ineffective tools ? Because if you add but don't remove the unnecessary, the list on screen will become bigger than it already is, and so hard to navigate.

Edit : I don't know how i forgot that but Empire https://github.com/EmpireProject/Empire + https://github.com/byt3bl33d3r/DeathStar   would be so great on Parrot.

Edit : Also found a Web GUI for Empire https://github.com/interference-security/empire-web   which is good when you got a lot of agents and want to navigate fast. Obviously you need to launch apache2 though.

Last edited by no0b (2018-01-06 15:20:23)

Offline

#7 2018-01-03 16:22:20

no0b
Community Member
Registered: 2017-12-14
Posts: 144

Re: Recommandation of Tools for future updates

I updated the tools as after exploring more Parrot, yes there is many tools that can replace some i listed above so i edited my post to show only unique ones.

Also Parrot's list of Web Directory Bruteforce tools is very old, same for the stress testing category, and a LOT of tools can be removed and remplaced by just one having all theirs features and more. Parrot will be lighter, easier to navigate in menu, and more open to new tools.
I think by removing all abandonned/possible to remplace/  tools you could gain at least 300mb of space in the ISO.

An example(among many others), all the tools(except Wfuzz) in "Web Application Analysis" => "Web Crawlers and Directory Bruteforce" can be remplaced by "Dirsearch" https://github.com/maurosoria/dirsearch and https://github.com/D35m0nd142/LFISuite.git  (and all of them[thoses i posted included] can be remplaced by BurpSuite's feature Intruder)

There's Paros, Skipfish, Vega,Websploit (and many many more) that are too old/abandonned etc, if you want me to make a list of tools not useful anymore, just ask.

I mean there is 'Crackmapexec', 'Bloodhound', 'Routersploit' 'Sublist3r' 'Seclists' in the repository and yet they are not pre-installed on Parrot, but tools like Paros are installed, there is some serious cleaning to do. Parrot Security's tools are installed in Kali Linux fashion (which is not a good example at all).

Last edited by no0b (2018-01-06 15:20:53)

Offline

Board footer

Powered by FluxBB

Design by Klocek.