Sunday 8 December 2013

Kvasir Installation on Kali Linux

Installing Kvasir on Kali Linux

Kvasir is a vulnerability / penetration testing data management system developed by cisco. Kvasir helps Pentesters for effective data management during a Penetration Test. It basically works by integrating following list of tools which were listed below


  • Rapid 7 NeXpose
  • Metasploit / Metasploit Pro
  • Tennable Nessus
  • ShodanHQ
  • Nmap
  • THC-Hydra
  • Medusa
  • John The Ripper


How ever the documentation is provided in the github, if you are a newbie or if you are facing any difficulty during the installtion just follow this video.

Download link : https://github.com/KvasirSecurity/Kvasir

Installation : https://github.com/KvasirSecurity/Kvasir/wiki/Installation

Documentation : https://github.com/KvasirSecurity/Kvasir/wiki

                                                                     Installation Guide



Install following packages

apt-get install python-pip git-core python-lxml python-tornado python-beautifulsoup python-dev
pip install msgpack-python


Now install and upgrade following packages


apt-get install postgresql python-psycopg2 --upgrade

Web2py / PostgreSQL Setup

Download latest web2py code from github:

cd /opt

git clone https://github.com/web2py/web2py.git web2py


Verify postgres configuration to permit 'md5' login for localhost:


vi /etc/postgresql/1.9/pg_hba.conf

Create kvasir postgres account. Use a password you can remember.

sudo -u postgres createuser -SleEPRD kvasir

password is toor


Create the Kvasir postgres database

sudo -u postgres createdb kvasir -O kvasir

CREATE ROLE kvasir ENCRYPTED PASSWORD 'md51c8aff1d5dcb54e991590c3f45645d4d' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;




Create a self-signed SSL Certificate to be used for web2py and postgres

openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 1095 -in server.csr -signkey server.key -out server.crt


copy the three files in to /opt/web2py

Start web2py

cd /opt/web2py

python web2py.py -c server.crt -k server.key -p 8443 -i 127.0.0.1 --minthreads=40

Browse to https://localhost:8443/admin/ and enter your web2py administration password.

Kvasir Code Installation

cd /opt
git https://github.com/KvasirSecurity/Kvasir.git


Install Kvasir to web2py

 Git Clone

cd /opt/web2py/applications

git https://github.com/KvasirSecurity/Kvasir.git kvasir


Kvasir Setup

cd /opt/web2py/applications/kvasir/models

cp db.py.sample db.py

mkdir ../databases/


 
Posted by at No comments:

Tuesday 30 October 2012

Securing Email accounts by Hashing passwords

In this blog post i am going to describe how to use hash passwords for logging into your Mail accounts.

Whats the importance of it..?

Well we all know that every single user may have single or multiple accounts with same or different passwords. Remembering different passwords for different accounts could be a challenging thing for users.

By using the following technique user needs remember single masterpassword for logging in to different accounts. So what do you need..?

Step 1: Either a bookmark or just a bash script

Using Bookmark. http://www.hashapass.com/en/bookmarklet.html




  Step 2: Just drag the bookmark to your bookmarks

  Step 3: Now open your gmail account and goto password change settings

  Step 4: Enter your current password



 Step 5:Now just click the hashpass bookmark and enter Parameter and masterpassword

About Parameter : Right now i am using gmail. So based on my requirement i have assigned my parameter as

"gmail"

About Master Password : Its the single password string which you need to remember




After entering it in both fields just save it and get log-out.


Now just open your email account after providing the username click on the Hashapass bookmark

Now enter the parameter value and password. And click on login. That's it.



Video Tutorial


Posted by at 2 comments:
Subscribe to: Posts (Atom)