segunda-feira, 20 de abril de 2020

Practical Bleichenbacher Attacks On IPsec IKE

We found out that reusing a key pair across different versions and modes of IPsec IKE can lead to cross-protocol authentication bypasses, enabling the impersonation of a victim host or network by attackers. These vulnerabilities existed in implementations by Cisco, Huawei, and others.

This week at the USENIX Security conference, I will present our research paper on IPsec attacks: The Dangers of Key Reuse: Practical Attacks on IPsec IKE written by Martin Grothe, Jörg Schwenk, and me from Ruhr University Bochum as well as Adam Czubak and Marcin Szymanek from the University of Opole [alternative link to the paper]. This blog post is intended for people who like to get a comprehensive summary of our findings rather than to read a long research paper.

IPsec and Internet Key Exchange (IKE)

IPsec enables cryptographic protection of IP packets. It is commonly used to build VPNs (Virtual Private Networks). For key establishment, the IKE protocol is used. IKE exists in two versions, each with different modes, different phases, several authentication methods, and configuration options. Therefore, IKE is one of the most complex cryptographic protocols in use.

In version 1 of IKE (IKEv1), four authentication methods are available for Phase 1, in which initial authenticated keying material is established: Two public key encryption based methods, one signature based method, and a PSK (Pre-Shared Key) based method.

Attacks on IKE implementations

With our attacks we can impersonate an IKE device: If the attack is successful, we share a set of (falsely) authenticated symmetric keys with the victim device, and can successfully complete the handshake – this holds for both IKEv1 and IKEv2. The attacks are based on Bleichenbacher oracles in the IKEv1 implementations of four large network equipment manufacturers: Cisco, Huawei, Clavister, and ZyXEL. These Bleichenbacher oracles can also be used to forge digital signatures, which breaks the signature based IKEv1 and IKEv2 variants. Those who are unfamiliar with Bleichenbacher attacks may read this post by our colleague Juraj Somorovsky for an explanation.

The affected hardware test devices by Huawei, Cisco, and ZyXEL in our network lab.

We show that the strength of these oracles is sufficient to break all handshake variants in IKEv1 and IKEv2 (except those based on PSKs) when given access to powerful network equipment. We furthermore demonstrate that key reuse across protocols as implemented in certain network equipment carries high security risks.

We additionally show that both PSK based modes can be broken with an offline dictionary attack if the PSK has low entropy. Such an attack was previously only documented for one of those modes (edit: see this comment). We thus show attacks against all authentication modes in both IKEv1 and IKEv2 under reasonable assumptions.

The relationship between IKEv1 Phase 1, Phase 2, and IPsec ESP. Multiple simultaneous Phase 2 connections can be established from a single Phase 1 connection. Grey parts are encrypted, either with IKE derived keys (light grey) or with IPsec keys (dark grey). The numbers at the curly brackets denote the number of messages to be exchanged in the protocol.

Where's the bug?

The public key encryption (PKE) based authentication mode of IKE requires that both parties exchanged their public keys securely beforehand (e. g. with certificates during an earlier handshake with signature based authentication). RFC 2409 advertises this mode of authentication with a plausibly deniable exchange to raise the privacy level. In this mode, messages three and four of the handshake exchange encrypted nonces and identities. They are encrypted using the public key of the respective other party. The encoding format for the ciphertexts is PKCS #1 v1.5.

Bleichenbacher attacks are adaptive chosen ciphertext attacks against RSA-PKCS #1 v1.5. Though the attack has been known for two decades, it is a common pitfall for developers. The mandatory use of PKCS #1 v1.5 in the PKE authentication methods raised suspicion of whether implementations resist Bleichenbacher attacks.

PKE authentication is available and fully functional in Cisco's IOS operating system. In Clavister's cOS and ZyXEL's ZyWALL USG devices, PKE is not officially available. There is no documentation and no configuration option for it and it is therefore not fully functional. Nevertheless, these implementations processed messages using PKE authentication in our tests.

Huawei implements a revised mode of the PKE mode mentioned in the RFC that saves one private key operation per peer (we call it RPKE mode). It is available in certain Huawei devices including the Secospace USG2000 series.

We were able to confirm the existence of Bleichenbacher oracles in all these implementations. Here are the CVE entries and security advisories by the vendors (I will add links once they are available):
On an abstract level, these oracles work as follows: If we replace the ciphertext of the nonce in the third handshake message with a modified RSA ciphertext, the responder will either indicate an error (Cisco, Clavister, and ZyXEL) or silently abort (Huawei) if the ciphertext is not PKCS #1 v1.5 compliant. Otherwise, the responder continues with the fourth message (Cisco and Huawei) or return an error notification with a different message (Clavister and ZyXEL) if the ciphertext is in fact PKCS #1 v1.5 compliant. Each time we learn that the ciphertext was valid, we can advance the Bleichenbacher attack one more step.

A Bleichenbacher Attack Against PKE

If a Bleichenbacher oracle is discovered in a TLS implementation, then TLS-RSA is broken since one can compute the Premaster Secret and the TLS session keys without any time limit on the usage of the oracle. For IKEv1, the situation is more difficult: Even if there is a strong Bleichenbacher oracle in PKE and RPKE mode, our attack must succeed within the lifetime of the IKEv1 Phase 1 session, since a Diffie-Hellman key exchange during the handshake provides an additional layer of security that is not present in TLS-RSA. For example, for Cisco this time limit is currently fixed to 60 seconds for IKEv1 and 240 seconds for IKEv2.

To phrase it differently: In TLS-RSA, a Bleichenbacher oracle allows to perform an ex post attack to break the confidentiality of the TLS session later on, whereas in IKEv1 a Bleichenbacher oracle only can be used to perform an online attack to impersonate one of the two parties in real time.

Bleichenbacher attack against IKEv1 PKE based authentication.

The figure above depicts a direct attack on IKEv1 PKE:
  1. The attackers initiate an IKEv1 PKE based key exchange with Responder A and adhere to the protocol until receiving the fourth message. They extract the encrypted nonce from this message, and record the other public values of the handshake.
  2. The attackers keep the IKE handshake with Responder A alive as long as the responder allows. For Cisco and ZyXEL we know that handshakes are cancelled after 60 seconds, Clavister and Huawei do so after 30 seconds.
  3. The attackers initiate several parallel PKE based key exchanges to Responder B.
    • In each of these exchanges, they send and receive the first two messages according to the protocol specifications.
    • In the third message, they include a modified version of the encrypted nonce according to the the Bleichenbacher attack methodology.
    • They wait until they receive an answer or they can reliably determine that this message will not be sent (timeout or reception of a repeated second handshake message).
  4. After receiving enough answers from Responder B, the attackers can compute the plaintext of the nonce.
  5. The attackers now have all the information to complete the key derivation and the handshake. They thus can impersonate Responder B to Responder A.

Key Reuse

Maintaining individual keys and key pairs for each protocol version, mode, and authentication method of IKE is difficult to achieve in practice. It is oftentimes simply not supported by implementations. This is the case with the implementations by Clavister and ZyXEL, for example. Thus, it is common practice to have only one RSA key pair for the whole IKE protocol family. The actual security of the protocol family in this case crucially depends on its cross-ciphersuite and cross-version security. In fact, our Huawei test device reuses its RSA key pair even for SSH host identification, which further exposes this key pair.

A Cross-Protocol Version Attack with Digital Signature Based Authentication

Signature Forgery Using Bleichenbacher's Attack

It is well known that in the case of RSA, performing a decryption and creating a signature is mathematically the same operation. Bleichenbacher's original paper already mentioned that the attack could also be used to forge signatures over attacker-chosen data. In two papers that my colleagues at our chair have published, this has been exploited for attacks on XML-based Web Services, TLS 1.3, and Google's QUIC protocol. The ROBOT paper used this attack to forge a signature from Facebook's web servers as proof of exploitability.

IKEv2 With Digital Signatures

Digital signature based authentication is supported by both IKEv1 and IKEv2. We focus here on IKEv2 because on Cisco routers, an IKEv2 handshake may take up to four minutes. This more relaxed timer compared to IKEv1 makes it an interesting attack target.

I promised that this blogpost will only give a comprehensive summary, therefore I am skipping all the details about IKEv2 here. It is enough to know that the structure of IKEv2 is fundamentally different from IKEv1.

If you're familiar with IT-security, then you will believe me that if digital signatures are used for authentication, it is not particularly good if an attacker can get a signature over attacker chosen data. We managed to develop an attack that exploits an IKEv1 Bleichenbacher oracle at some peer A to get a signature that can be used to break the IKEv2 authentication at another peer B. This requires that peer A reuses its key pair for IKEv2 also for IKEv1. For the details, please read our paper [alternative link to the paper].

Evaluation and Results

For testing the attack, we used a Cisco ASR 1001-X router running IOS XE in version 03.16.02.S with IOS version 15.5(3)S2. Unfortunately, Cisco's implementation is not optimized for throughput. From our observations we assume that all cryptographic calculations for IKE are done by the device's CPU despite it having a hardware accelerator for cryptography. One can easily overload the device's CPU for several seconds with a standard PC bursting handshake messages, even with the default limit for concurrent handshakes. And even if the CPU load is kept below 100 %, we nevertheless observed packet loss.

For the decryption attack on Cisco's IKEv1 responder, we need to finish the Bleichenbacher attack in 60 seconds. If the public key of our ASR 1001-X router is 1024 bits long, we measured an average of 850 responses to Bleichenbacher requests per second. Therefore, an attack must succeed with at most 51,000 Bleichenbacher requests.

But another limit is the management of Security Associations (SAs). There is a global limit of 900 Phase 1 SAs under negotiation per Cisco device in the default configuration. If this number is exceeded, one is blocked. Thus, one cannot start individual handshakes for each Bleichenbacher request to issue. Instead, SAs have to be reused as long as their error counter allows. Furthermore, establishing SAs with Cisco IOS is really slow. During the attack, the negotiations in the first two messages of IKEv1 require more time than the actual Bleichenbacher attack.

We managed to perform a successful decryption attack against our ASR 1001-X router with approximately 19,000 Bleichenbacher requests. However, due to the necessary SA negotiations, the attack took 13 minutes.

For the statistics and for the attack evaluation of digital signature forgery, we used a simulator with an oracle that behaves exactly as the ones by Cisco, Clavister, and ZyXEL. We found that about 26% of attacks against IKEv1 could be successful based on the cryptographic performance of our Cisco device. For digital signature forgery, about 22% of attacks could be successful under the same assumptions.

Note that (without a patched IOS), only non-cryptographic performance issues prevented a succesful attack on our Cisco device. There might be faster devices that do not suffer from this. Also note that a too slow Bleichenbacher attack does not permanently lock out attackers. If a timeout occurs, they can just start over with a new attack using fresh values hoping to require fewer requests. If the victim has deployed multiple responders sharing one key pair (e. g. for load balancing), this could also be leveraged to speed up an attack.

Responsible Disclosure

We reported our findings to Cisco, Huawei, Clavister, and ZyXEL. Cisco published fixes with IOS XE versions 16.3.6, 16.6.3, and 16.7.1. They further informed us that the PKE mode will be removed with the next major release.

Huawei published firmware version V300R001C10SPH702 for the Secospace USG2000 series that removes the Bleichenbacher oracle and the crash bugs we identified. Customers who use other affected Huawei devices will be contacted directly by their support team as part of a need-to-know strategy.

Clavister removed the vulnerable authentication method with cOS version 12.00.09. ZyXEL responded that our ZyWALL USG 100 test device is from a legacy model series that is end-of-support. Therefore, these devices will not receive a fix. For the successor models, the patched firmware version ZLD 4.32 (Release Notes) is available.

FAQs

  • Why don't you have a cool name for this attack?
    The attack itself already has a name, it's Bleichenbacher's attack. We just show how Bleichenbacher attacks can be applied to IKE and how they can break the protocol's security. So, if you like, call it IPsec-Bleichenbacher or IKE-Bleichenbacher.
  • Do you have a logo for the attack?
    No.
  • My machine was running a vulnerable firmware. Have I been attacked?
    We have no indication that the attack was ever used in the wild. However, if you are still concerned, check your logs. The attack is not silent. If your machine was used for a Bleichenbacher attack, there should be many log entries about decryption errors. If your machine was the one that got tricked (Responder A in our figures), then you could probably find log entries about unfinished handshake attempts.
  • Where can I learn more?
    First of all, you can read the paper [alternative link to the paper]. Second, you can watch the presentation, either live at the conference or later on this page.
  • What else does the paper contain?
    The paper contains a lot more details than this blogpost. It explains all authentication methods including IKEv2 and it gives message flow diagrams of the protocols. There, we describe a variant of the attack that uses the Bleichenbacher oracles to forge signatures to target IKEv2. Furthermore, we describe the quirks of Huawei's implementation including crash bugs that could allow for Denial-of-Service attacks. Last but not least, it describes a dictionary attack against the PSK mode of authentication that is covered in a separate blogpost.

Media Coverage, Blogs, and more

English

German

Related posts


  1. Game Hacking
  2. Android Hack Tools Github
  3. Pentest Tools Url Fuzzer
  4. Hack Tools For Mac
  5. Hacker Tools For Pc
  6. Ethical Hacker Tools
  7. Pentest Recon Tools
  8. Tools For Hacker
  9. Pentest Reporting Tools
  10. Hacker Tools 2019
  11. Termux Hacking Tools 2019
  12. Hack App
  13. Hacking Tools For Mac
  14. Hack Tools
  15. Hackrf Tools
  16. Hack Tools Pc
  17. Github Hacking Tools
  18. Pentest Automation Tools
  19. Tools Used For Hacking

Top 5 Most Useful Linux Tools For Programmers

Top 5 most useful linux tools for Programmer

Linux is a free and open-source software operating systems built around the Linux kernel. It typically packaged in a form known as a Linux distribution for both desktop and server use. It is a great development environment for programmers and developers. However, without the development tools, that would be impossible. Fortunately, plenty of Linux tools are available. Here are the top 5 most useful Linux tools for programmers.

Also Read;-  How To Clone One Android To Another

5 Most Useful Linux tools for Programmers

1. VIM

vim editor-compressed
VIM is a free and open source software written by Bram Moolenaar in 1991. It is designed for use both from a command-line interface and as a standalone application in a graphical user interface. It comes standard with almost every Linux distribution and is also known as "the programmer's editor". VIM is great for coding and can also be used for editing things like configuration files and XML documents.
Vim has been developed to be a cross-platform that supports many other platforms. In 2006, it was voted as the most popular editor amongst Linux Journal readers. In 2015, Stack Overflow developer survey found it to be the third most popular text editor while in 2016, the Stack Overflow developer survey found it to be the fourth most popular development environment.
Read more;-  How To Use WhatsApp without Mobile No

2. Zsh

Zsh is written in C and initially released in 1990. It is a Unix shell that can be used as an interactive login shell and as a powerful command interpreter for shell scripting. Zsh is an extended version of Bourne shell (BASH) with a large number of improvements, including some features of Bash, ksh, and tcsh. Zsh gives a user-friendly experience on the command line. It also gives better auto-completion, Vim key bindings, and smart guesses when you write a command wrong.
Its features include (but not limited to):
  • Programmable command-line completion,
  • Sharing of command history among all running shells
  • Extended file globbing
  • Improved variable/array handling
  • Editing of multi-line commands in a single buffer
  • Spelling correction
  • Various compatibility modes,
  • Themeable prompts, and
  • Loadable modules.

3. Byobu

It was initially released in 2009 written in Sh and Python. Byobu can be used to provide on-screen notification or status and tabbed multi-window management. Thus, it is intended to improve terminal sessions when users connect to remote servers with an operating system Linux and Unix-like. It is is an enhancement for the GNU Screen terminal multiplexer or tmux used with the GNU/Linux computer operating system.

4. GIT

git commandsGit was initially released on April 7, 2005. It is a version control system to track changes in computer files and to coordinate work on those files among multiple people. It is primarily used for source code management in software development and can be used to keep track of changes in any set of files available in the English language. It is aimed at speed, data integrity, and support for distributed, non-linear workflows. It is free and open source software distributed under the terms of the GNU General Public License version 2.
Moreover, Linus Torvalds was the creator of GIT for the development of the Linux kernel. On the other hand, its current maintainer since then is Junio Hamano. Thus, every Git directory on every computer is a full-fledged repository with complete history and full version tracking abilities, independent of network access or a central server.

5. Docker

Written by Solomon Hykes in 2013, it is a computer program that performs operating-system-level virtualization, the containerization, which is developed by Docker, Inc. Primarily, Docker was developed for Linux to use as the resource isolation features of the Linux kernel. It is a tool that can package an application and its dependencies in a virtual container that can run on any Linux server. This helps enable the flexibility and portability on where the application can run, whether on premises, public cloud, private cloud, bare metal, etc.  Moreover, it accesses the Linux kernel's virtualization features either directly using the libcontainer library.
More articles

How To Create Fake Email Address Within Seconds

How To Create Fake Email Address Within Seconds

How To Create Fake Email Address Within Seconds

Email address is a type of identification by which an email receiver identifies the person who sends mail to him/her. That's why while creating an email address you need to enter your personal details that must be valid. However, what if we tell you that you can create an email address that doesn't require any validation of personal details and that email address gets permanently deleted after your work is done. So here we have a method To Create Fake Email Address. By this, you can create a fake email address that will get auto-deleted after ten minutes. Just follow the below steps to proceed.

Note:  The method we are discussing is just for a known purpose and should not be used for any illegal purposes, as we will be not responsible for any wrongdoing.

How To Create Fake Email Address Within Seconds

The method of creating a fake email address is very simple and easy as these are based on online websites that will provide you a free email address without taking any personal details from you.

#1 10 Minute Mail

10 Minute Mail
10 Minute Mail
10 Minute Mail will provide you a temporary e-mail address. Any e-mails sent to that address will show automatically on the web page. You can read them, click on links, and even reply to them. The email address will expire after 10 minutes.

#2 GuerrillaMail

Guerrillamail
Guerrillamail
It is one of the most user-friendly ones out there, with this, you can get disposable email ID easily. You need to enter the details, and the fake email ID will be generated. Moreover, this also lets you send emails with attachment up to 150MB. You will be provided with a temporary email address which you can use to verify some websites which require the email address.

#3 Mailinator

Mailinator
Mailinator
Mailinator is a free, Public, Email System where you can use any inbox you want. You will be given a Mailinator address which you can use anytime a website asks for an email address. The public emails you will receive will be auto-deleted after few hours of receiving.

#4 MailDrop

MailDrop
MailDrop
Maildrop is a great idea when you want to sign up for a website but you are concerned that they might share your address with advertisers. MailDrop is powered by some of the spam filters created by Heluna, used in order to block almost all spam attempts before they even get to your MailDrop inbox. This works the same way like Mailinator in which you will be given a temporary Email address which you can use to verify sites etc.

#5 AirMail

AirMail
AirMail
AirMail is a free temporary email service, you are given a random email address you can use when registering to new websites or test-driving untrusted services. All emails received by AirMail servers are displayed automatically in your online browser inbox.

Related articles


CSRF Referer Header Strip

Intro

Most of the web applications I see are kinda binary when it comes to CSRF protection; either they have one implemented using CSRF tokens (and more-or-less covering the different functions of the web application) or there is no protection at all. Usually, it is the latter case. However, from time to time I see application checking the Referer HTTP header.

A couple months ago I had to deal with an application that was checking the Referer as a CSRF prevention mechanism, but when this header was stripped from the request, the CSRF PoC worked. BTW it is common practice to accept empty Referer, mainly to avoid breaking functionality.

The OWASP Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet tells us that this defense approach is a baaad omen, but finding a universal and simple solution on the Internetz to strip the Referer header took somewhat more time than I expected, so I decided that the stuff that I found might be useful for others too.

Solutions for Referer header strip

Most of the techniques I have found were way too complicated for my taste. For example, when I start reading a blog post from Egor Homakov to find a solution to a problem, I know that I am going to:
  1. learn something very cool;
  2. have a serious headache from all the new info at the end.
This blog post from him is a bit lighter and covers some useful theoretical background, so make sure you read that first before you continue reading this post. He shows a few nice tricks to strip the Referer, but I was wondering; maybe there is an easier way?

Rich Lundeen (aka WebstersProdigy) made an excellent blog post on stripping the Referer header (again, make sure you read that one first before you continue). The HTTPS to HTTP trick is probably the most well-known one, general and easy enough, but it quickly fails the moment you have an application that only runs over HTTPS (this was my case).

The data method is not browser independent but the about:blank trick works well for some simple requests. Unfortunately, in my case the request I had to attack with CSRF was too complex and I wanted to use XMLHttpRequest. He mentions that in theory, there is anonymous flag for CORS, but he could not get it work. I also tried it, but... it did not work for me either.

Krzysztof Kotowicz also wrote a blog post on Referer strip, coming to similar conclusions as Rich Lundeen, mostly using the data method.

Finally, I bumped into Johannes Ullrich's ISC diary on Referer header and that led to me W3C's Referrer Policy. So just to make a dumb little PoC and show that relying on Referer is a not a good idea, you can simply use the "referrer" meta tag (yes, that is two "r"-s there).

The PoC would look something like this:
<html>
<meta name="referrer" content="never">
<body>
<form action="https://vistimsite.com/function" method="POST">
<input type="hidden" name="param1" value="1" />
<input type="hidden" name="param2" value="2" />
...
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>

Conclusion

As you can see, there is quite a lot of ways to strip the Referer HTTP header from the request, so it really should not be considered a good defense against CSRF. My preferred way to make is PoC is with the meta tag, but hey, if you got any better solution for this, use the comment field down there and let me know! :)

More information
  1. Pentest Tools Port Scanner
  2. Hacker Tools For Ios
  3. Wifi Hacker Tools For Windows
  4. Hacking Tools 2019
  5. Hacks And Tools
  6. Termux Hacking Tools 2019
  7. Usb Pentest Tools
  8. Kik Hack Tools
  9. Hacking Tools Online
  10. Hacks And Tools
  11. Hack Tools Download
  12. Hack Tool Apk
  13. Hacking Tools Usb
  14. Pentest Tools Port Scanner
  15. Pentest Tools For Ubuntu
  16. Pentest Tools Review

How To Automatically Translate Any Android App Into Any Language

There is the number of applications which are not having the features of translating apps to your favorite languages. This makes it difficult for the users to translate apps into their native language. Today, I am going to tell you about an application which will help you to Automatically Translate Any Android App into Any Language.
Nowadays there are around hundreds of application on play store which is having the feature of translate but some applications don't have this features. This is just because they don't have proper developers or sometimes translators.
There is an application launched by Akhil Kedia from XDA Developer which made it possible for all the users to translate the application to any language you need. This is something which everyone needs it.
Akhil Kedia built an Xposed module in which users can easily change the language of any application to whichever they like or love. Personally, we all love English language but there are peoples in many parts of the world they are suitable for other languages.
Automatically Translate Any Android App into Any Language
Automatically Translate Any Android App into Any Language

Automatically Translate Any Android App into Any Language

The best part about this Xposed Module is that it translates the application to any language whichever you like and there are around many languages which you can try it. The other best part about this application is that the user interface which is amazing.
In an Android application, the best thing is the user interface. This is something which helps users to download the module or application to run again and again. There are about many settings which can be changed from the application.
The setup process is a bit different from other applications but if you will look at the application you will definitely love it. Just because of too many settings and features available in the application and you can turn it to any language without any crashing issues of the application.

Requirements:

  • Rooted Android Phone
  • Xposed Framework installed on your phone.
  • Android 5.0 or higher.
  • Unknown Source enabled (You might be knowing it)
How to Automatically Translate Any Android App into Any Language
  • Download the module called as All Trans from here: Download
Automatically Translate Any Android App
  • Now, after installation, it will ask you to reboot your phone to activate the module
  • Now, you need to get the API Key to get it you need to sign up with Yandex first so sign up: Yandex Sign up
Automatically Translate Any Android App
  • Then after sign up you will get the API key just enter the API key in the All-Trans application.
Automatically Translate Any Android App
  • Open All Trans Application and the swipe right to Global Settings.
Automatically Translate Any Android App
  • Click on Enter Yandex Subscription key and then enter your key.
Automatically Translate Any Android App
  • In Global Settings click on Translate from and select the Language the application is already in. (Eg: English)
Automatically Translate Any Android App
  • Now, click on translate to and select your favorite language. This will change the language.
Automatically Translate Any Android App
  • Swipe left and select the applications which you need to translate and done.
Automatically Translate Any Android App
  • After selecting just open the application and the language is translated automatically.
Automatically Translate Any Android App

Final Words:

This is the best and easy way to Automatically Translate Any Android App into Any Language. I hope you love this article.Share this article with your friends and keep visiting for more tips and tricks like this and I will meet you in the next one.
Stay Updated Tune IemHacker

More info
  1. Hacker Security Tools
  2. Hacking Tools For Windows 7
  3. Pentest Tools Review
  4. Hacker Tools Software
  5. Hacking Tools Online
  6. Hacker Tool Kit
  7. Pentest Tools Find Subdomains
  8. Hacking Tools Hardware
  9. Pentest Box Tools Download
  10. Hacker Tools
  11. Best Hacking Tools 2020
  12. Hacker
  13. Hack App
  14. Best Hacking Tools 2019
  15. Pentest Tools Subdomain
  16. Game Hacking
  17. Pentest Tools For Mac
  18. Hacker Tools List
  19. Ethical Hacker Tools
  20. How To Make Hacking Tools
  21. Tools 4 Hack
  22. Tools Used For Hacking
  23. Pentest Reporting Tools
  24. Pentest Tools Framework
  25. Hack Tools
  26. Hacker Tools 2020
  27. Hack Tool Apk No Root
  28. Hacker Tools Linux
  29. Hacking Tools For Windows Free Download