   
 FS-NyarL (The Crawling Chaos) - v1.0-kali

 By Alberto Fontanella

 www.fulgursecurity.com

 27 Oct 2013 - Italy - Kali/Debian Version


OVERVIEW:

 NyarL it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony. 
 It's represent Crawling Chaos and FS-NyarL it's The Crawling Chaos of Cyber Security :-)
 A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun 
 and profit - but use it at your own risk!

 * Interactive Console
 * Real Time Passwords Found
 * Real Time Hosts Enumeration
 * Tuned Injections & Client Side Attacks
 * ARP Poisoning & SSL Hijacking
 * Automated HTTP Report Generator
 

SETUP:

 See conf/nyarl.conf CONFIGURATION FILE.
 Type ./setup to install.


HOW-TO RUN:

 Type ./FS-NyarL and Run.


ATTACKS IMPLEMENTED:

 * MITM (Arp Poisoning)
 * Sniffing (With & Without Arp Poisoning)
 * SSL Hijacking (Full SSL/TLS Control)
 * HTTP Session Hijaking (Take & Use Session Cookies)
 * Client Browser Takeover (with Filter Injection in data stream)
 * Browser AutoPwn (with Filter Injection in data steam)
 * Evil Java Applet (with Filter Injection in data stream)
 * DNS Spoofing
 * Port Scanning 


POST ATTACKS DATA OBTAINED:

 * Passwords extracted from data stream
 * Pcap file with whole data stream for deep analysis
 * Session flows extracted from data stream (Xplico & Chaosreader)
 * Files extracted from data stream
 * Hosts enumeration (IP,MAC,OS)
 * URLs extracted from data stream
 * Cookies extracted from data stream
 * Images extracted from data stream
 * List of HTTP files downloaded extracted from URLs


DEPENDENCIES (aka USED TOOLS):
  
 * Chaosreader (already in bin folder)
 * Xplico
 * Ettercap
 * Arpspoof
 * Arp-scan
 * Mitmproxy
 * Nmap
 * Tcpdump
 * Beef
 * SET
 * Metasploit
 * Dsniff
 * Macchanger
 * Hamster
 * Ferret
 * P0f
 * Foremost
 * SSLStrip
 * SSLSplit

   
EOF

 For bugs, comments, write me a bit: itsicurezza @ yahoo it

