A rapidly-expanding portion of today’s Internet strives to increase personal efficiency by turning tedious or complex processes into a framework which provides instantaneous results. On the contrary, much of the information security community still finds itself performing manual, complicated tasks to administer and protect their computer networks. Given the increase in automated hacking tools, it is surprising that a simplistic, “push-button” tool has not been created for information security professionals to validate their networks’ ability to protect against a Man-In-The-Middle attack. Subterfuge is a small but devastatingly effective credential-harvesting program which exploits a vulnerability in the Address Resolution Protocol. It does this in a way that a non-technical user would have the ability, at the push of a button, to harvest all of the usernames and passwords of victims on their connected network, thus equipping information and network security professionals with a “push-button” security validation tool.
- Harvesting Module is functional.
- Code Injection Module is functional (only custom injection)
Subterfuge Beta package and installer. Unpack and run “python install.py -i” for full installation. (Note some packages require an internet connection to install properly). Python 2.7 is required.
For User guide Please read : Subterfuge – White Paper.pdf http://subterfuge.googlecode.com/files/Subterfuge%20-%20White%20Paper.pdf