• This repository has been archived on 01/Sep/2024
  • Stars
    star
    309
  • Rank 135,306 (Top 3 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 3 years ago
  • Updated 2 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Frack - Keep and Maintain your breach data

Head

Twitter Defcon Code style: Black

Plugins

What is Frack?

Frack is my attempt at creating an end-to-end solution to store, manage and query your breach data. The tool has got a very basic workflow making it easy to use.

WF

Youtube video of DefCon 29

Why Frack?

Well, I wanted something that was easy to use, didn’t cost millions of dollars and was quick. The python is easy to read and understand so hopefully you will get a better understanding of interacting with your database using python while learning about all the awesome cloud stuff that’s available.

Let’s get into it.

Frack has been updated to use custom plugins to make it easier to parse raw breach data. The SHA-1 hashes of the breach files will be posted on the Plugins page to make it easy to find the correct plugin for your dataset. These plugins will be updated as new breaches are released. If you feel like contributing, you are more than welcome to add your own parsers.

Should you have a breach that is not supported by a plugin, you can still manually parse the file if you can get in one of the following .csv formats.

Frack supports these .csv file formats:

  • <email>,<password>
  • <email>,<hash>
  • <email>,<hash>,<salt>

Unfortunately, the breach data available on the internet is never clean, and has to be extracted manually to ensure quality of the data. An example of extracting the data from a .sql dump can be seen below. I’m using an awk script to break down the .sql file into .csv files for each table and then a .sql file containing the structure of the .csv file. The awk script I use in this video is by: https://gist.github.com/slawo-ch/894349427655d22398f825dc535a40f0

Extracting

Once you’ve got a clean .csv file, you can use the parsing module to add fields to the .csv file to make the data make sense when viewed in the database. The converted format looks like this:

breach:string,site:string,year:int,domain:string,email:string,password:string,hash:string,salt:string

Because we’re adding a lot of data to the .csv the file will grow substantially which is why we then convert it to .orc format. To learn more about the .orc format you can visit: https://orc.apache.org/

As you can see below, the .orc file is super compressed, so it fits in perfectly with the why, to not spend your whole year’s salary on bandwidth.

Image01

Here you can see how effective .orc is at compressing data. I threw a kitchen sink at it and it managed to parse it perfectly. Our input file was 29.7GB, then after adding our fields it was 75.7GB then after converting to .orc it’s a mere 12.8GB. That’s smaller than the original, and we’re adding 1 billion lines to our DB.

Now let’s go through the modules. The tool consists of three modules. A query module to query your data, a db module to manage your database and get some pretty cool info from your db and finally the parse module to do the whole conversion process explained above.

The Parse Module:

This module’s sole purpose is to first clean up the data by performing these checks:

  • The fields must equal that of the selected input. This is two fields for <email>,<password> and <email>,<hash> and then three fields for <email>,<hash>,<salt>.
  • Validate that the e-mail address is valid by using some RegEx.
  • Do some rubbish removal of lines with blank fields and non-ascii characters.
  • Check that the hash is longer than 16 chars. If it's shorter it's probably trash.

The parse module now supports plugins. This will allow importing of a raw dump no matter what format it was dumped in to be parsed into Frack format alleviating the pain associated with extracting the data into a clean usable dataset. To see if your breach is supported by a plugin you can search for the SHA-1 of the file on the Plugins page.

The parse module has got several arguments. The default input file format is <email>,<hash>. If your file differs, you need to use flags to specify what data your file contains.

Argument What it does
-i / --inputfile <file> File to import data from. This is your cleaned .csv file.
-m / --module <module name> Use a plugin module to import a raw breach.
-y / --year <year> The year the breach / combo / collection was released.
-n / --name <name> The name of the breach / combo / collection.
-w / --website <website> The website address of the site in question.
-p / --passwords Use this flag if the file being imported contains passwords i.e. <email>,<password>
-s / --salt Use this flag if the file contains salt values i.e. <email>,<hash>,<salt>.
-d / --nodel Don't delete the .error file. During parsing all fields that does not comply with the rules above will be dumped into a .error file for further analysis.
-u / --upload When parsing is done, upload the .orc file to the ingestion bucket.

The db module:

The db module is used for managing the data, and includes some cool stats for your dataset.

Image09

Argument What it does
-c / --count Count the lines in the database.
-n / --nomnom Create and start an ingestion job for all the files in your storage bucket.
-d / --delete Adding this flag, the ingestion bucket will be emptied once everything has been ingested.
-t / --top <n> Displays the top <n> passwords from the whole dataset.
-w / --web Display all the websites with line counts that's currently in your database.
-b / --breach Display all the breaches with their line counts that's in the current database.
-f / --file Save the output of any of the queries above to an Excel sheet.

The query module:

The query module allows you to query the dataset for domains. The output will be in Excel and include a quick password analysis and a list of all the unique passwords for the domain you’ve queried.

Image10

Argument What it does
-i / --inputfile <filename> Specify a file containing all the domains you wish to query. One domain per line.
-d / --singledomain <domain> Specify a single domain to query.

Installation

    git clone https://github.com/sensepost/Frack
    cd Frack
    pip3 install -r requirements

Quick guided run through

  1. Configuring your local and Cloud infrastructure.
  2. Converting and Ingesting your first data.
  3. Converting and Ingesting using a plugin.

License

Frack is licensed under a GNU General Public v3 License. Permissions beyond the scope of this license may be available at http://sensepost.com/contact/.

More Repositories

1

objection

📱 objection - runtime mobile exploration
Python
7,492
star
2

gowitness

🔍 gowitness - a golang, web screenshot utility using Chrome Headless
Go
3,159
star
3

reGeorg

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
Python
3,015
star
4

ruler

A tool to abuse Exchange services
Go
2,164
star
5

mana

*DEPRECATED* mana toolkit for wifi rogue AP attacks and MitM
HTML
1,087
star
6

DET

(extensible) Data Exfiltration Toolkit (DET)
Python
819
star
7

godoh

🕳 godoh - A DNS-over-HTTPS C2
Go
752
star
8

kwetza

Python script to inject existing Android applications with a Meterpreter payload.
Smali
638
star
9

Snoopy

Snoopy: A distributed tracking and data interception framework
Python
597
star
10

hostapd-mana

SensePost's modified hostapd for wifi attacks.
C
543
star
11

rattler

Automated DLL Enumerator
C++
522
star
12

DNS-Shell

DNS-Shell is an interactive Shell over DNS channel
Python
521
star
13

USaBUSe

Universal Serial aBUSe is a project to demonstrate the risks of hardware bypasses of software security by Rogan Dawes at SensePost.
C
493
star
14

snoopy-ng

Snoopy v2.0 - modular digital terrestrial tracking framework
Python
430
star
15

reDuh

Create a TCP circuit through validly formed HTTP requests
Java
343
star
16

autoDANE

Auto Domain Admin and Network Exploitation.
Python
295
star
17

impersonate

A windows token impersonation tool
Python
279
star
18

SPartan

Frontpage and Sharepoint fingerprinting and attack tool.
Python
277
star
19

wiresocks

A sock, with a wire, so you can tunnel all you desire.
Shell
272
star
20

mallet

Mallet is an intercepting proxy for arbitrary protocols
Java
262
star
21

UserEnum

Domain user enumeration tool
Python
212
star
22

jack

Drag and Drop ClickJacking PoC development assistance tool.
CSS
190
star
23

wpa_sycophant

Evil client portion of EAP relay attack
C
189
star
24

wikto

Nikto for Windows with some extra features.
C#
175
star
25

routopsy

Routopsy - Hacking Routers with Routers
Python
167
star
26

heartbleed-poc

Test for SSL heartbeat vulnerability (CVE-2014-0160)
Ruby
159
star
27

dwn

d(ockerp)wn - a docker pwn tool manager
Python
156
star
28

gdi-palettes-exp

DC25 5A1F - Demystifying Windows Kernel Exploitation by Abusing GDI Objects
C++
143
star
29

assless-chaps

Crack MSCHAPv2 challenge/responses quickly using a database of NT hashes
Python
127
star
30

wadi

Wadi Fuzzing Harness
JavaScript
127
star
31

birp

Big Iron Recon & Pwnage
Python
123
star
32

go-out

☄️ go-out - A Golang egress buster.
Go
122
star
33

mail-in-the-middle

Python
100
star
34

mydumbedr

C
99
star
35

liniaal

Liniaal - A communication extension to Ruler
Go
96
star
36

frida-windows-playground

A collection of Frida hooks for experimentation on Windows platforms.
C
95
star
37

ms16-098

Windows 8.1 x64 Exploit for MS16-098 RNGOBJ_Integer_Overflow
C
92
star
38

notruler

The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.
Go
91
star
39

offensive-rpc

Offensive RPC PoC
C++
83
star
40

anapickle

Toolset for writing shellcode in Python's Pickle language and for manipulating pickles to inject shellcode.
Python
79
star
41

autoresponder

Quick python script to automatically load NTLM hashes from Responder logs and fires up Hashcat to crack them
Python
78
star
42

xrdp

A rudimentary remote desktop tool for the X11 protocol exploiting unauthenticated x11 sessions
Python
76
star
43

apostille

Java
72
star
44

peanuts

Peanuts is a free and open source wifi tracking tool. Based on the SensePosts Snoopy-NG project that is now closed.
Python
69
star
45

WiFi-Rifle

Creating a wireless rifle de-authentication gun, which utilized a yagi antenna and a Raspberry Pi.
Python
68
star
46

punch-q

👊 A small utility to play with IBM MQ
Python
61
star
47

hash-cracker

Script to perform some hashcracking logic automagically
C
61
star
48

common-substr

Simple tool to extract the most common substrings from an input text. Built for password cracking.
Go
61
star
49

shinai-fi

Docker images for learning wifi hacking
Shell
60
star
50

thumbscr-ews

Exchangelib wrapper for pentesting
Python
56
star
51

wsproxy

A websocket proxy
JavaScript
55
star
52

BiLE-suite

The Bi-directional Link Extractor.
Perl
53
star
53

go-derper

Memcache hacking tool.
Ruby
47
star
54

yeti

SensePost's network footprinting and enumeration tool. You can't pwn what you don't know about.
Java
43
star
55

understanding-eap

A repository with toy implementations of MSCHAPv2, MPEE and WPA/2 to understand EAP better
Python
37
star
56

sockstlsproxy

C#
37
star
57

ntcrack

Left To My Own Devices - NT hash tools
Rust
31
star
58

dual-pod-shock

C
27
star
59

policies

Collection of information security policies.
27
star
60

Suru

Suru is one of the original Man In The Middle (MITM) proxies that sits between the user's browser and the web application.
C#
26
star
61

steampipe-plugin-projectdiscovery

A steampipe plugin to query projectdiscovery.io tools.
Go
26
star
62

squeeza

SQL Injection without the pain of syringes.
Ruby
24
star
63

x11-active-displays

Checks X11 and outputs a screenshot to of the display if allowed and the display is active
Lua
22
star
64

wpa3-vuln

hostapd and wpa_supplicant 2.7 vulnerable to Mathy's WPA3 bugs
C
21
star
65

SapCap

SApCap is a SAP packet sniffer and decompression tool for analysing SAP GUI (DIAG) traffic
C++
16
star
66

6thSense

A while back antirez, in a post to Bugtraq, detailed a new Tcp portscan method.
Perl
16
star
67

maltego-mvs

Tools to combine MVS data with external sources and visualise the output in Maltego.
Python
16
star
68

password-tools

Service desk password tools.
JavaScript
15
star
69

cipherchecks

visually see issues with supported cipher suites
Python
15
star
70

ntp_monlist

Basic script to pull addresses from a NTP server using the monlist command.
Python
14
star
71

XAPSpy

Runtime analysis of windows phone 7 applications.
C#
13
star
72

esp-vnc

Our fork of the esp-link firmware with a built in VNC server for passing input events to an AVR. Part of our Universal Serial aBUSe project.
C
11
star
73

casper

Casper is a tiny system tray application that can be used to view the invisible windows on your desktop.
C#
11
star
74

SAPProx

SAPProx is a proof of concept tool for intercepting and modifying SAP GUI (DIAG protocol) traffic.
C++
11
star
75

JBaah

HTTP Brute Forcer (Java replacement for SP's CrowBar).
Java
11
star
76

SP-DNS-mine

Google DNS name / sub domain miner.
Perl
10
star
77

SpUD

SensePost Unified Data API (SPUD) is a wrapper for apps requiring use of the deprecated Google API.
C#
10
star
78

neverevercookie

GUI for cleaning out evercookie persistence locations.
Java
10
star
79

dresscode

Python
10
star
80

berate_radius

Alpine hostapd-mana based RADIUS server
Shell
9
star
81

Manifestor

Android Manifest.xml tool
Python
9
star
82

ClashofSpamTitan

Python
9
star
83

BilePublic

BiLE stands for Bi-directional Link Extraction. It is used in the footprinting process to find non-obvious relationships between different web sites.
Perl
9
star
84

glypeahead

Port scan through Glype proxies.
PHP
8
star
85

finder

Finder.pl remotely checks IIS Servers for most of the methods used by WebDAV.
Perl
8
star
86

jcertchecker

JCertChecker is used to check HTTPS certificates.
Java
7
star
87

desperate

Perl
7
star
88

MonSoen

Proxy Server network scanner and tunnelling tool.
Python
7
star
89

Scully

Scully is a client interface to MSSQL and MySQL database servers.
C#
7
star
90

hash-cracker-apple-silicon

Script to perform some hashcracking logic automagically
Python
6
star
91

sconwar

a bring your own client programming game
Go
6
star
92

CarbanakCheck

Check squid logs for possible Carbanak malware.
Python
6
star
93

go

Seriously primitive portscanner using Squid proxy.
Perl
6
star
94

pudding

IDS evasion for web-based exploits via encoding built into a "proxy"
5
star
95

gr-protocoldecoder

A simple way to decode a known protocol in GRC in real time.
CMake
4
star
96

mpdchecker

Confirm the presence of HTTP methods per directory.
Python
4
star
97

unitools

For working with IIS servers with the Unicode bug
Perl
4
star
98

file-read-experiments

A few short scripts to look at the performance of various file read strategies.
Rust
4
star
99

ctf-challenges

A collection of CTF challenges
CSS
3
star
100

sensedecode

Sensedecode includes 2 perl scripts which exploit the IIS url decoding bug.
Perl
3
star