Ideas

[ETeissonniere]

Hello guys, I opened that issue so you will be able to share some ideas concerning cSploit. Here is mine (working on it if @tux-mind thinks it clan be good):

• bluetooth hacking
• geo traceroute
• social engineering menu ... And a lot more

[pgolecha]

An option to stop all running process and exit because currently I cannot find a way to stop metasploit rpcd ,closing the app does not seem to work

[evertking]

Any chance that P2P-ADB might be an option? Love the app!! Its came so far in the past few weeks! Tux YOU ARE the man!!!!

[ada-af]

Add Estimated time for inspector module

[tux-mind]

@evertking thanks for the compliments, but we get so far only thanks to all other great contributors :wink:

anyway please open an issue for the awesome P2P-ADB idea if you didn't yet.

@mcilya I think that someone was already working on it :wink: we talked about it on freenode.

[evertking]

Would it be possible to have an option to create a apk and send to a target to exploit an android phone?

[tajnymag]

Or an Stagefright aware media?

[evertking]

@tux-mind I know this is a bit off topic ;) but where would you suggest as a starting point for a noob to start learning so one could jump in here and contribute? All I have is a laptop.

[evertking]

Just one more noob request ;) maybe a cSploit scripts add on like dsploit but more geared toward pentesting? Can that even be used for testing or is that more like pranks? Where can I donate at to help ya out in anyway. Again thanks for all your hard work, everyone. This app has peaked my interest and find my self spending a lot of time checking for updates and trying to learn. Its shocking how easy it is to take data and to spy and this app opened my eyes to that. And with mobiles being such a large part of everyday life its a must, I think. Test and secure it or risk it. I'm very thankful to you and to have found this! OK I with end my rant and get busy taking windows off my laptop and throwing on linux

[tux-mind]

@evertking first step to become an adavanced user ( aka uber ) it's to install Linux :wink:

probably learning a new sexy OS will require some weeks or more. as start point I suggest you to use Ubuntu, an easy to use linux distibution. once you learned quite well how to play with a terminal you can more forward to ArchLinux, one of the most used distro by advanced users. if you get crazy and want to really understand how every part of your pc works give a try to Gentoo linux.

btw those are my suggestions for became a linux expert, not a contributor.

for contribute to cSploit you can also use a windows PC, installing android studio on it. you need to learn Java and some basic of the Android SDK. anyway contributions can be made in many forms.

once you installed AndroidStudio you can also open the translation editor to help us translate the application into your language.

For donations give a look to the donate page. I have to switch to another donation system thus to give you a way to see how much we raised.

about your idea of "sending" an apk to other phones: using the MSF we will be able to infect downloaded objects.

a cool feature that require some cool work :wink:

and thanks for your impressions, will post them on the official website if yo agree :blush:

[ghost]

I like how in the latest nightly it added port scan at startup like zanti and I think we should add to that by automatically doing service inspector and exploit finder at startup and putting the exploits found next to the ports found open. I would do this myself but I'm just now learning java in order to use android studio so I can help.

[tux-mind]

@uranium-waffles service inspection is too deep and heavy IMHO.

we already encountered some performance issues with the stealth syn scan ( aka fast scan ). furthermore using the Inspector will make any IDS detect you.

I think that it can be a bad idea. you can scan all the hosts using the multiple selection from the main screen.

it can be acceptable if we can scan networks with the service inspector, this will use a single process but will not solve the IDS problem.

however if you are using cSploit you really don't care about IDS...

so maybe will do, unsure right now

[ghost]

@tux-mind how about an intrusive scan option? In zanti2 if you press the refresh button for a rescan a drop down menu appears and allows for selection of an intrusive scan that scans for vulns. That way we could switch between the two. (Non intrusive and intrusive)

[fat-tire]

I think this could be done, but it's my understanding that the longer, slower scan takes a ton of resources, both generating a lot of network activity and taking up cpu/battery/memory. I was reminded today that thre are local networks with thousands of hosts...

That said, I don't see any obvious reason not to make it an option-- either from a drop down menu or a toggle in the settings to use regular vs. extra-crispy port scanning by default. The latter would give you the vuln count...

If there is a lot of enthusiasm for this, it could be an option. @tux-mind I imagine this isn't something like the nmap network portscan that could be done "in bulk"... you'd have to inspect each host independently... wonder how many hosts a typical device could do simultaneously before choking....

[gustavo-iniguez-goya]

In my (personal) opinion, I think that these options belong to the subnet card/window, and adding them to the app start up is redundant. On the other hand it has no many sense to have these options on the main window, and not on the subnet card/window.

I guess this is about how each of us understand how cSploit should work :) The initial arp scan is just fine for me, to give you an overview of the subnet you are on, and for select targets. Successive actions should be perform on demand. It's also true that the initial port scan allows you to select targets, and having an option to allow it on the app start up is ok for me (default to on would be a bit annoying).

[ghost]

3 suggestions I found very interestong that are not on the todo list are Stagefright Aware Media, Geo-Traceroute, and HID attacks where you plug into a computer and you can execute commands.

[ghost]

Also how about bettercap integration? http://www.bettercap.org/ made by evilsocket It is like ettercap but better hence the name bettercap.

[tux-mind]

@uranium-waffles I think that bettercap is a great project, but is in it's early days let check up together why is not a good choice right now:

• ruby is slower then C
• ettercap has more dissectors ATM
• both bettercap and etttercap does not have a callback
• ettercap stores credentials in a shared point, where we can found them

I'm not talking about parsing their output, we've scheduled ( from a lot of time ) to move all the MITM stuff into the core, it will be stupid to rewrite all protocol dissectors, just reuse what has been already wrote and tested from years, use libettercap. actually bettercap does not provide any library.

sorry for the short answer but I've to go right now :grin:

[Tosible]

Advertisement Button

An idea I have was a button in the cSploit settings where you can turn it on and off.

If you turn it on, you enable ads in cSploit and the ads will support the devs.

If you turn it off, you remove the ads and cSploit is like back to normal. IMO this will help out the devs a lot.

[ghost]

@Up This is a nice idea .

[fat-tire]

I kinda like the idea, except speaking only for myself-- i don't want any money.

I think @tux-mind could use some revenue to offset his expenses (domain name registration, web site + bandwidth, beer?). So if he wants to set up an Admob account or something, it would be very simple to incorporate ads.

A license concern though-- Admob in particular would involve a dependency on a Google library (play-services-ads), which is closed source. Not sure how that would be compatible, license-wise, with the GPLv3, cSploit's license.

Distributing the cSploit code itself on github may fall under the Linking exception -- the source code only refers to the closed library. But the app binary itself? Not sure. But the FAQ seems to suggest you could distribute the app only without the library, which would be pointless for an .apk...

[Rubenoo]

Why can't you just make a standalone simple app with like a calculator or something and then advertising's everywhere to support csploit?

[BoBeR182]

-1 for ads. All you need is a bitcoin address in the about page or paypal set up. If you really wanna make more money set up a script that replaces adsense ads with your own ads for MiTM networks.

[Tosible]

MitM script that replaces their regular ads with your ads...dirty, but awesome.

high fives

[tux-mind]

thanks for the suggestions guys.

@fat-tire thank you for pointing out the license problem. I'm quite away of all that law stuff, I just want to worry about writing code :grin:

lemme known what is the best way to raise some money and I'll start working on it ASAP. I recently started a campaign on pledgie to buy a new notebook.

I'll try to make every incoming donation and outcoming purchase public, thus to allow you to see where your moneys goes.

yours, tux_mind.

[Vinesh123]

user new tool in csploit DOS attack

[BoBeR182]

@tux-mind maybe start something on BountySource and see if anyone wants to fund bugfixes and thus pays for your time.

[Somebodyhura]

Hi I saw one of your goals is to crack wifi passwords. There are many ways as you know and wps is the fastest. I suggest wps connect:

http://www.pfrox.site40.net/

As it's a free app I think the dev will agree for its source code to be added to csploit by mentioning the credits of that section is for them OR the androdumpper:

https://www.linkedin.com/profile/view?id=AAMAAAVKhNMBg5PU0s4M01AIF3H_5uFfn7lLrHg

Just like wps connect but can brute force wps too.

You may ask why implement such a thing when there it is available...but I say all-in-one is always different.

And there is something else called WIBR+ that does brute force on the router(not wps...the real password) It's like hydra... Or dictionary attack and it supports masks too...like sometimes I hear they say 110043XX so I go WIBR and as the other 2 digits are numbers so it tries and bingo it finds it...

http://forum.xda-developers.com/showthread.php?t=2398114

[ETeissonniere]

Hey @Somebodyhura, I am taking a look, thanks !

[pahapoika]

Maybe something like https://github.com/jackgu1988/dSploit-scripts

Maybe graphical gui where you can add those scripts to script injection. No need for writing those could be good for noobs. :)

[pahapoika]

And https://github.com/n1nj4sec/pupy could be very useful too. It would be added to exploiting module.

Also i think automated msf payload generator would be cool. (See https://github.com/cSploit/android/issues/579 )

[Somebodyhura]

And for the other goal ( install backdoor for later access)...

How about androrat? http://forum.xda-developers.com/android/apps-games/androrat-remote-administration-tool-t2734932

Well I just heard of it...I haven't tested it but as its a rat...it should do remote administration and can make installing a backdoor possible

( somehow using the packet editor and replace the apk with Androrat so the victim will install it and its done but mostly as I see users check the apk icon...and see its not matching to what they want...somehow not going to work)

( and I think of an very difficult way to bind apk editor to csploit so apk will be downloaded to attackers phone, extract icon, replace with androrat icon, and maybe add useless bites to make same size...this should better work...permission are never problem cuz...even me don't check them :D)

[ghost]

New easy-to-add but powerfuel idea to add at the main menu attack. This is a special type of DOS attack directed on a special LAN node or IP address. It can be used to exec massive attacks on a single device, and to crash it.

The way to implement this feauture is follow these steps:

1. Add a new contestual-menu card named DOS attack in the main menu
2. Create an activity to SetUp the attack details, such as victim IPv4 and IPv6 address, MAC adddress, OS type, and other tech data. At the end of page, a button who will start attack
3. Implement in daemon the basic DOS C++ files and headers
4. Create a function called first to launch the attack who change your NET configuration faking your spech and making your device unreachable by network inspections tools.
5. Try to send an abnormal quantity of ping data using thread's engine same as LOIC

[BoBeR182]

@Xmashine Mass amount of pings will not crash a machine these days, just slow down their internet connection. Your better bet to create a DOS would be to use the ARP injection attack and just drop all packets from the machine, this is already implemented.

[ETeissonniere]

Outdated