SecurityExperiment.com

It is still just POC code, however it was recently cleaned up by researcher Dave of Pingtrip.com.
Download this latest version:
IntelliScan.pl

Instead of emailing in your script submissions or editing the Wiki, you can now use the form that has been added to the Social Engineering Repository.

Upload a script now!

Updated version of WLAuthor released.  WLAuthor is an advanced custom wordlist generator.  It can be used to create a custom dictionary/wordlist for password guessing or cracking attacks in penetration testing.  It now supports better crawling capabilities and a hybrid engine (customized word manipulation).  This script takes a target domain, and a manipulation recipe as input and will browse the target web site and parse it for potential words used in passwords.  It will then manipulate the wordlist to include special characters and numbers for increased complexity.

WLAuthor-0.12.pl

Security Experiment's researcher Joseph Rivela publishes white paper on affordable data leakage prevention. Check it out at Protiviti Inc.'s website: Download the White Paper.  Look for mention of the honey data techique discussed ealier this month here, as an affordable option to data leakage detection.

Other groups may have a different name for the below process but Security Experiment has referred to it as “Honey Data.”

“Honey Data” can be a very valuable technique to detect and respond to data leakage.  Not to be confused with a “Honey Pot,” where whole systems may be set up to entice would be attackers.  Using honey data involves the introduction of strategic data into production databases and resources.  Different databases within the organization are seeded with unique information.  A secure database is maintained of honey data location and content.  Known signatures for this very specific information can be easily created.  Theses known signatures are generally granular enough not to generate false positives.  They could easily be incorporated into existing intrusion detection systems as well as specialized data leakage solutions such as Vontu, Vericept, and Verdasys.  This can be a very cost effective tool of detecting when data is leaving an organization and from which resources the leak is originating from.

In addition to customized network based signatures, other means for detecting the leak of information would also be in place.  Dummy accounts would include data such as working email addresses for which the defending organization has control over.  Then accounts can be monitored for unsolicited traffic.  If one of the dummy accounts were to receive spam, it would be an indication that the email address had been leaked and from which database or source.  This method could be applied to other mediums as well, such as postal addresses, IP addresses and telephone numbers.  Another method for detection is data mining for our known honey data on the Internet.  For example, currently one would not want to do Google searches for legitimate customer private information.  But we could perform Google, IRC, or file sharing searches for our known honey data social security or account numbers.  The process could even be automated to be performed at an acceptable interval

Honey data sometimes can be your last line of detection.  If a determined attacker is successful at stealing information, honey data techniques may detect the breach via misinformation.  It is not infeasible for an attacker to be able to encrypt information in order to bypass detection at an organization’s egress points.  However, once the stolen information is acted upon, detection will not be easily avoided by the attacker. 

As with any solution, there are some considerations to be aware of.  Some such considerations include who has access to the database and knowledge of honey data.  Special caution must also be performed to avoid the unintentional use of honey data which effects business decisions unknowingly. 

Look for more research on honey data by Security Experiment in the near future.

WLAuthor is a proof of concept custom wordlist generator.  It can be used to create a custom dictionary/wordlist for password guessing or cracking attacks in penetration testing.  This script takes a target domain as input and will browse the target web site and parse it for potential words used in passwords.  It is still just proof of concept and will see some additions soon, such as crawling capabilities, hybrid engine, custom parsing options, and better documentation.  It will also be cleaned up a bit, to be more memory efficient, although it is still very quick for what it does.

WLAuthor-0.05.pl

This is an updated version of the StatfulTCPScanner.pl proof of concept in regards to intelligent port scanning.  It now supports command line arguments, ability to adjust the error threshold, and verbose mode.

IntelliScan0.02.pl

One concept I have been throwing around with the group is the idea of more intelligent port scanning.  I think it would be great to have a port scanner that could detect an IPS and adjust appropriately. By feeding the tool "previously known open ports", it could have sort of a heartbeat back to the target to detect if there has been a service crash or IPS interference.  Ideally, it could run the check from separate IP addresses to differentiate between the two.  The below file is a simple interactive perl script as a proof of concept to this theory.  As I get more development cycles I would like to expand on this idea.  As opposed to writing a whole new port scanner maybe just create a script to kick off and monitor the tried and true Nmap scanner.

StatefulTCPScanner.pl
Updated Version
IntelliScan0.02.pl

Please visit and contribute to the Social Engineering Repository.  In its current state it is just a framework to input and share information.  I am hoping with time it can become a central repository for all things Social Engineering. It is designed to be a database of scripts, tools, attack theories, and prevention methods that one could use to assess their environment's susceptibility to social engineering attacks. Feel free to use what ever you would like and Please Contribute!

Social Engineering Repository