[FS-NyarL] A network takeover & forensic analysis tool

Friday, November 8, 2013


NyarL it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony.
It's represent Crawling Chaos and FS-NyarL it's The Crawling Chaos of Cyber Security :-)
A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit - but use it at your own risk!

  • Interactive Console
  • Real Time Passwords Found
  • Real Time Hosts Enumeration
  • Tuned Injections & Client Side Attacks
  • ARP Poisoning & SSL Hijacking
  • Automated HTTP Report Generator

ATTACKS IMPLEMENTED:
  • MITM (Arp Poisoning)
  • Sniffing (With & Without Arp Poisoning)
  • SSL Hijacking (Full SSL/TLS Control)
  • HTTP Session Hijaking (Take & Use Session Cookies)
  • Client Browser Takeover (with Filter Injection in data stream)
  • Browser AutoPwn (with Filter Injection in data steam)
  • Evil Java Applet (with Filter Injection in data stream)
  • DNS Spoofing
  • Port Scanning


    POST ATTACKS DATA OBTAINED:
    • Passwords extracted from data stream
    • Pcap file with whole data stream for deep analysis
    • Session flows extracted from data stream (Xplico & Chaosreader)
    • Files extracted from data stream
    • Hosts enumeration (IP,MAC,OS)
    • URLs extracted from data stream
    • Cookies extracted from data stream
    • Images extracted from data stream
    • List of HTTP files downloaded extracted from URLs

DEPENDENCIES (aka USED TOOLS):
  • Chaosreader (already in bin folder)
  • Xplico
  • Ettercap
  • Arpspoof
  • Arp-scan
  • Mitmproxy
  • Nmap
  • Tcpdump
  • Beef

  • SET
  • Metasploit
  • Dsniff
  • Macchanger
  • Hamster
  • Ferret
  • P0f
  • Foremost
  • SSLStrip
  • SSLSplit



Subscribe via e-mail for updates!