Fork me on GitHub

четвъртък, 16 октомври 2014 г.

Kali Linux NetHunter HID Attack

Kali Linux NetHunter HID Attack from Offensive Security on Vimeo.

kali-linux-nethunter more


Offensive Security Introduces Kali Linux Free All-in-One Solution for Professional Security Auditing Popular BackTrack Linux Evolves Into Mature, Enterprise-Ready Penetration Testing Toolkit. Black Hat Europe, Amsterdam – March 13 – Offensive Security today announced the availability of Kali Linux, the evolution of its popular BackTrack Linux, a free security auditing operating system and toolkit. Showcased at Black Hat Europe in Amsterdam, Kali Linux incorporates more than 300 penetration testing and security auditing programs with a Linux operating system, delivering an all-in-one solution that enables IT administrators and security professionals to test the effectiveness of risk mitigation strategies. “For IT professionals, an experiment is worth a thousand theories. Applied to security, it means that simulating attacks to assess the defenses protecting your organization is the only sure way to understand their effectiveness and the impact of an attack,” said Mati Aharoni, Lead Trainer and Developer, Offensive Security. “That’s why we created Kali Linux; we’ve developed the most advanced penetration testing and security auditing toolkit available to help IT administrators and security professionals put themselves in the shoes of potential attackers.” The new Kali Linux offers a smoother, easier penetration testing experience, making it more accessible to IT generalists as well as security specialists. The new infrastructure incorporates Debian development standards to provide a more familiar environment for IT administrators. The result is a more robust solution that can be updated more easily. Users can also customize the operating system to tailor it to their needs and preferences. All the programs packaged with the operating system were evaluated for suitability and effectiveness before being included. They include Metasploit for network penetration testing, Nmap for port and vulnerability scanning, Wireshark for monitoring network traffic, and Aircrack-ng for testing the security of wireless networks. “When it comes to security, the best defense is offense; you need to test the effectiveness of your own security practices before a real intruder does it for you,” said HD Moore, Chief Architect for Metasploit at Rapid7. “We built Metasploit to level the playing field for defenders; arming them with the same tools the attackers have. Offensive Security takes this even further, bringing hundreds of such tools together in Kali Linux to streamline security auditing.” Additionally, Kali Linux can now run on a wide variety of hardware and is compatible with numerous wireless and USB devices. It also introduced support for ARM devices – typically miniature, battery-powered computers – which are becoming more prevalent and inexpensive. More information on which devices are supported, as well as other documentation, is available on the Kali Linux documentation site.

Pricing and Availability

Like its predecessor, Kali Linux is completely free and always will be. Offensive Security is committed to supporting the open source community with the ongoing development of Kali Linux. The development tree and all sources are available for those who wish to tweak and rebuild packages. Kali Linux is available immediately for download from

About Offensive Security

Founded in 2007, Offensive Security was born out of the belief that the only way to achieve sound defensive security is through an offensive approach. The team is made up of security professionals with extensive experience of attacking systems to see how they respond. They share this information through trainings, free tools and publications. With the motto “Try Harder,” the Company’s trainings and certifications are well-respected and considered amongst the most rigorous available, creating a model adopted across the industry. In addition, the Exploit Database, Metasploit Unleashed and BackTrack Linux community projects are highly-regarded and used by security teams in governmental and commercial organizations across the world. For more information about Offensive Security, please visit

сряда, 15 октомври 2014 г.

събота, 11 октомври 2014 г.

Offensive-security-wireless-attacks & Attack WPS WiFi protected WPA WPA2_script


This is a brute force attack against an access point’s WiFi Protected Setup pin number. Once the WPS pin is found, the WPA PSK can be recovered and alternately the AP’s wireless settings can be reconfigured. Reaver-WPS targets the external registrar functionality mandated by the WiFi Protected Setup specification. Access points will provide authenticated registrars with their current wireless configuration (including the WPA PSK), and also accept a new configuration from the registrar. In order to authenticate as a registrar, the registrar must prove its knowledge of the AP’s 8-digit pin number. Registrars may authenticate themselves to an AP at any time without any user interaction. Because the WPS protocol is conducted over EAP, the registrar need only be associated with the AP and does not need any prior knowledge of the wireless encryption or configuration. Reaver-WPS performs a brute force attack against the AP, attempting every possible combination in order to guess the AP’s 8 digit pin number. Since the pin numbers are all numeric, there are 10^8 (100,000,000) possible values for any given pin number. However, because the last digit of the pin is a checksum value which can be calculated based on the previous 7 digits, that keyspace is reduced to 10^7 (10,000,000) possible values. The keyspace is reduced even further due to the fact that the WPS authentication protocol cuts the pin in half and validates each half individually. That means that there are 10^4 (10,000) possible values for the first half of the pin and 10^3 (1,000) possible values for the second half of the pin, with the last digit of the pin being a checksum. Reaver-wps brute forces the first half of the pin and then the second half of the pin, meaning that the entire key space for the WPS pin number can be exhausted in 11,000 attempts. The speed at which Reaver can test pin numbers is entirely limited by the speed at which the AP can process WPS requests. Some APs are fast enough that one pin can be tested every second; others are slower and only allow one pin every ten seconds. Statistically, it will only take half of that time in order to guess the correct pin number.


Need to install:

Kali Linux
Download script


Download from:
git clone


RECOMMENDED: Check for update every week!

NOTE! You need about 10 or 15 hours to complete the process. If you see "warning detected ap rate-limiting waiting 60 seconds before re-checking" Need to Know! Some routers will just block the mac address after a few failed WPS attempts. So you can bash your way with macchanger -r to some success. However anything new as you said tend to lock completely. You have to get fancy with trying to reset it using MDK3 to carry on. But do not worry. Reset the program and try another.

Upgrade 2019