CIP Cyber

Log In
Menu
Log In
  • Opinion
  • Product Reviews
  • Industrial Cybersecurity
  • Videos

FS-NyarL Pentesting & Forensics Framework

Table of Contents

P { margin-bottom: 0.08in; }H2 { margin-bottom: 0.08in; }H2.western { font-family: “Liberation Sans”,sans-serif; font-size: 14pt; font-style: italic; }H2.cjk { font-family: “Droid Sans”; font-size: 14pt; font-style: italic; }H2.ctl { font-family: “FreeSans”; font-size: 14pt; font-style: italic; }TD P { margin-bottom: 0in; }

http://www.ehacking.net/2014/05/fs-nyarl-pentesting-forensics-framework.html
Automatic tools have made the
penetration testing process more efficient and effective, although
the importance of manual test are still there and in most of the
cases manuals checks are required. But in the mean time we cannot
deny the advantages of automatic tool, yes it save a loads of time
and energy off course. You must have heard about the most famous
vulnerability assessment & penetration testing tool like Nessus &
Metasploit but in this article I will discuss FS-NyarL.
NyarL it’s Nyarlathotep, a
mitological chaotic deity of the writer HP. Lovecraft’s
cosmogony.
It’s represent Crawling Chaos and FS-NyarL it’s The
Crawling Chaos of Cyber Security 🙂
A network takeover &
forensic analysis tool – useful to advanced PenTest tasks & for
fun and profit – but use it at your own risk!
  • Interactive Console
  • Real Time Passwords Found
  • Real Time Hosts Enumeration
  • Tuned Injections & Client Side
    Attacks
  • ARP Poisoning & SSL Hijacking
  • Automated HTTP Report Generator

ATTACKS
IMPLEMENTED:

  • MITM (Arp Poisoning)
  • Sniffing (With & Without Arp Poisoning)
  • SSL Hijacking (Full SSL/TLS
    Control)
  • HTTP Session Hijaking (Take &
    Use Session Cookies)
  • Client Browser Takeover (with
    Filter Injection in data stream)
  • Browser AutoPwn (with Filter
    Injection in data steam)
  • Evil Java Applet (with Filter
    Injection in data stream)
  • Port Scanning

POST ATTACKS DATA
OBTAINED:

  • Passwords extracted from data
    stream
  • Pcap file with whole data stream
    for deep analysis
  • Session flows extracted from data
    stream (Xplico & Chaosreader)
  • Files extracted from data stream
  • Hosts enumeration (IP,MAC,OS)
  • URLs extracted from data stream
  • Cookies extracted from data stream
  • Images extracted from data stream
  • List of HTTP files downloaded extracted from URLs

TD P { margin-bottom: 0in; }P { margin-bottom: 0.08in; }

TD P { margin-bottom: 0in; }P { margin-bottom: 0.08in; }

DEPENDENCIES (aka USED TOOLS):
  • Chaosreader (already in bin folder)

  • Xplico

  • Ettercap

  • Arpspoof

  • Arp-scan

  • Mitmproxy

  • Nmap

  • Tcpdump

  • Beef
  • SET

  • Metasploit

  • Dsniff

  • Macchanger

  • Hamster

  • Ferret

  • P0f

  • Foremost

  • SSLStrip

  • SSLSplit
Download & Tutorial
CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Opinion

Password Cyberattack: Everything You Need to Know

November 7, 2023

Industrial Cybersecurity

Cybersecurity Awareness Month: Spotlight on ICS/OT Security

September 28, 2023

Opinion

How to Protect IoT Devices in Critical Infrastructure Networks

September 15, 2023

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training

Related Articles

Do Hackers Really use Metasploit? NO!

Undoubtedly, Metasploit is one of the most organized, well-developed tools in the pen-testers toolbox. But, do hackers use it? Some of them, but not the

December 20, 2020

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training