Organization of this repo
This is is just a map of some of the repos collected and stored under its own repo name. The Original name has not been changed and code not changed but faithfully saves as it is from its source
Here is just an explanation of the repos related to this category.
Each directory is independently collected and not related to other directories
================================================================================
Hive - Downloaded from wikileaks.org and supposedly to be an infrastrure framework used by CIA for infiltration. Source code collected at my repo Hive
Hive 9 November, 2017
Today, 9 November 2017, WikiLeaks publishes the source code and development logs to Hive, a major component of the CIA infrastructure to control its malware.
Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention. Using Hive even if an implant is discovered on a target computer, attributing it to the CIA is difficult by just looking at the communication of the malware with other servers on the internet. Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated information to CIA servers and to receive new instructions from operators at the CIA.
Hive can serve multiple operations using multiple implants on target computers. Each operation anonymously registers at least one cover domain (e.g. "perfectly-boring-looking-domain.com") for its own use. The server running the domain website is rented from commercial hosting providers as a VPS (virtual private server) and its software is customized according to CIA specifications. These servers are the public-facing side of the CIA back-end infrastructure and act as a relay for HTTP(S) traffic over a VPN connection to a "hidden" CIA server called 'Blot'.
The cover domain delivers 'innocent' content if somebody browses it by chance. A visitor will not suspect that it is anything else but a normal website. The only peculiarity is not visible to non-technical users - a HTTPS server option that is not widely used: Optional Client Authentication. But Hive uses the uncommon Optional Client Authentication so that the user browsing the website is not required to authenticate - it is optional. But implants talking to Hive do authenticate themselves and can therefore be detected by the Blot server. Traffic from implants is sent to an implant operator management gateway called Honeycomb (see graphic above) while all other traffic go to a cover server that delivers the insuspicious content for all other users.
Digital certificates for the authentication of implants are generated by the CIA impersonating existing entities. The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town. In this way, if the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated.
The documentation for Hive is available from the WikiLeaks Vault7 series.
A copy of the user documentation and developer documentation is at my forked repo under CIA-Hacking-Tools/Hive (https://github.com/cndpost/CIA-Hacking-Tools/tree/master/Hive)
====================================================================
Routersploit - How to control someone's home router and make it as a spy device. Source code colleted at my repo at Routersploit
Instruction downloaded from :
https://null-byte.wonderhowto.com/how-to/seize-control-router-with-routersploit-0177774/
Source code downloaded from :
https://github.com/threat9/routersploit
Summary of the usage (on ubuntu. For other platforms, see original instruction in above link):
1. install python and depencies
apt-get install python3-pip requests paramiko beautifulsoup4 pysnmp
2. install routersploit (tested once, it seems not working on regular ubuntu yet):
git clone https://github.com/cndpost/routersploit
cd routersploit
python3 -m pip install -r requirements.txt
python3 rsf.py
3. Then, the rest of the commands is done inside rst command line windows. (To be tested on ubuntu)
==============================================================
Other CIA Hacking Tools collected:
https://github.com/cndpost/CIA-Hacking-Tools
Some more list which may not included in above link is at here: (source: https://www.bleepingcomputer.com/news/government/wikileaks-releases-source-code-of-cia-cyber-weapon/)
Below is a list of the most important CIA cyber-weapons released by WikiLeaks as part of the Vault 7 series.
-
Weeping Angel - tool to hack Samsung smart TVs
-
Fine Dining - a collection of fake, malware-laced apps
-
Grasshopper - a builder for Windows malware
-
DarkSeaSkies - tools for hacking iPhones and Macs
-
Scribble - beaconing system for Office documents
-
Archimedes - a tool for performing MitM attacks
-
AfterMidnight and Assassin - malware frameworks for Windows
-
Athena - a malware framework co-developed with a US company
-
Pandemic - a tool for replacing legitimate files with malware
-
CherryBlossom - a tool for hacking SOHO WiFi routers
-
Brutal Kangaroo - a tool for hacking air-gapped networks
-
ELSA - malware for geo-tracking Windows users
-
OutlawCountry - CIA tool for hacking Linux systems
-
BothanSpy & Gyrfalcon - CIA malware for stealing SSH logins
-
HighRise - Android app for intercepting & redirecting SMS data
-
Achilles, Aeris, & SeaPea - tools for hacking Mac & POSIX systems
-
Dumbo - tool to disable webcams and microphones
-
CouchPotato - tool to capture remote video streams
-
Angelfire - malware framework for hacking Windows PCs
======================================================
Security Company Types:
Change monitoring:
New Relics - Capture and monitor the file system changes by their hashs
Antivirus
McCaffee
Symantec
Norton
ClamAV - Open Source solution runs on Linux as well
Network attacking and defense
Malware infiltration and defense
=============================================================
US weapons:
Brutal Kongaroo - infiltrate airgapped computers which are not even connected to outside network
through USB drive