4. Pentest Types
4
Internal Pentest
External Pentest
Web Application Tests
Database Test
Social Engineering
DDoS Tests
Active Directory
Wifi Tests
…
BlackHat Arsenal USA – 2015
5. Some Problems During Pentests
5
Very large networks
Limited time
Forgetting to save results
Scan reports
Screenshots
Non standard Nmap parameters
Non-standard nmap report names
Bruteforce unusual applications
BlackHat Arsenal USA – 2015
7. What is HEYBE Toolkit
7BlackHat Arsenal USA – 2015
HEYBE is toolkit for everyday pentest usage
Automates common test phases
Provides standardized reports and outputs
8. Developers
8
Gökhan Alkan
TUBITAK Cyber Security Institute
Email: cigalkan@gmail.com
Github: github.com/galkan
Twitter: @gokhan_alkn
Bahtiyar Bircan
Barikat Akademi
(www.barikatakademi.com.tr)
Email: bahtiyarb@gmail.com
Github: github.com/bahtiyarb
Twitter: @bahtiyarb
BlackHat Arsenal USA – 2015
9. WHY?
9
Automate and speed up boring/standard steps
More time for fun like SE
Standardize test results
Save results for reporting
BlackHat Arsenal USA – 2015
11. HEYBE Toolkit
11
Code available on Github
https://github.com/heybe
https://github.com/galkan/flashlight
https://github.com/galkan/crowbar
https://github.com/galkan/sees
https://github.com/galkan/depdep
First published at Blackhat USA 2014
BlackHat Arsenal USA – 2015
15. Flashlight (Fener)
15
Information Gathering & Recon Tool
https://github.com/heybe/fener
3 Different Recon Methods
Active Scan
Passive Scan
Screenshot Scan
BlackHat Arsenal USA – 2015
16. Flashlight (Fener) – Active Scan
16
Leverages Nmap for active port scanning
Custom config file for scan parameters
Ports
NSE Scripts
Save scan results with standard report name
Multithreaded Nmap scans
Ping Scan
Service & OS Scan
Script Scan
BlackHat Arsenal USA – 2015
17. Flashlight (Fener) – Passive Scan
17
Stealth network recon
Passive traffic capture
Arpspoof MitM support
Traffic saved in pcap file
Valuable information extracted from traffic
Hosts
Ports
Windows hostnames
Top 10 HTTP hosts
Top 10 DNS domains
BlackHat Arsenal USA – 2015
18. Flashlight (Fener) – Screenshot Scan
18
Used to quickly discover web applications in network
Save screenshots of discovered web apps
Standard screenshot filenames
Used for
Offline examination
Pentest report
BlackHat Arsenal USA – 2015