Want to know how NSA snoops on you? Here are some tools it uses

Here are some of the NSA snooping tools leaked by Shadow Broke

In what could be the hack of this decade, a hacking group called Shadow Brokers claims to have hacked NSA and has access to some of the most scariest hacking and snooping tools.

Shadow Brokers are willing to sell this tools to the highest bidder according to various news reports. As of now, Shadow Brokers say they dumped 60 percent of all the stolen files, and started an auction, promising to give the winner access to the other 40 percent.

The veracity and authenticity of the NSA hacking tools has been confirmed by multiple sources. Security researchers from Kaspersky have confirmed the leaked data is similar to what they have seen from past Equation Group malware. Another investigative website, The Intercept, with the help of Snowden documents, has tied the leaked malware with actual NSA cyber-weapons.

At the time of writing this articles, most of the URLs where Shadow Brokers dumped details about their operation (GitHub, Tumblr, PasteBin) have been taken down.

NSA snooping tools

Softpedia has compiled a list of NSA hacking and snooping tools which uses for surveillance and hacking. Softpedia says that they “used different analysis provided by Risk Based Security, Mustafa Al-Bassam, Matt Suiche, RST Forums, and other researchers”

Here is a table of NSA snooping tools compiled by NSA

Name	Type	Description
1212/DEHEX	Tool	Tool for converting hex strings to IP addresses and ports
BANANABALLOT	Implant	BIOS implant
BANANAGLEE	Implant	Firewall implant that does not persist across reboots. Works on Cisco ASA and PIX.
BANANALIAR	Tool	Connects to an (currently) unknown implant
BANNANADAIQUIRI	Implant	Uknown, has associations with SCREAMINGPILLOW.
BARGLEE	Implant	Unconfirmed Juniper NetScreen 5.x firewall implant
BARICE	Tool	Shell for deploying BARGLEE
BARPUNCH	Implant	BANANAGLEE and BARGLEE module
BBALL	Implant	BANANAGLEE module
BBALLOT	Implant	BANANAGLEE module
BBANJO	Implant	BANANAGLEE module
BCANDY	Implant	BANANAGLEE module
BEECHPONY	Implant	Firewall implant (BANANAGLEE predecessor)
BENIGNCERTAIN	Tool	Tool for extracking VPN keys from Cisco PIX firewalls.
BFLEA	Implant	BANANAGLEE module
BILLOCEAN	Tool	Extracts seral numbers from Fortinet Fortigate firewalls (possible others).
BLATSTING	Implant	Firewall implant for deploying EGREGIOUSBLUNDER and ELIGIBLEBACHELOR
BMASSACRE	Implant	BANANAGLEE and BARGLEE module
BNSLOG	Implant	BANANAGLEE and BARGLEE module
BOOKISHMUTE	Exploit	Exploit against unknown firewall
BPATROL	Implant	BANANAGLEE module
BPICKER	Implant	BANANAGLEE module
BPIE	Implant	BANANAGLEE and BARGLEE module
BUSURPER	Implant	BANANAGLEE module
BUZZDIRECTION	Implant	Unconfirmed Fortinet Fortigate firewall implant
CLUCKLINE	Implant	BANANAGLEE module
CONTAINMENTGRID	Exploit	Ready-made payload that can be delivered via the ELIGIBLEBOMBSHELL exploit. Affects TOPSEC firewalls running TOS 3.3.005.066.1.
DURABLENAPKIN	Tool	Tool for packet injection on LAN connections
EGREGIOUSBLUNDER	Exploit	RCE for Fortinet FortiGate firewalls. Affected models: 60, 60M, 80C, 200A, 300A, 400A, 500A, 620B, 800, 5000, 1000A, 3600, and 3600A
ELIGIBLEBACHELOR	Exploit	Exploit on TOPSEC firewalls running TOS operating system versions 3.2.100.010, 3.3.001.050, 3.3.002.021 and 3.3.002.030.
ELIGIBLEBOMBSHELL	Exploit	RCE for TOPSEC firewalls affecting versions 3.2.100.010.1_pbc_17_iv_3 to 3.3.005.066.1
ELIGIBLECANDIDATE	Exploit	RCE for TOPSEC fierewalls affecting versions 3.3.005.057.1 to 3.3.010.024.1
ELIGIBLECONTESTANT	Exploit	RCE for TOPSEC fierewalls affecting versions 3.3.005.057.1 to 3.3.010.024.1. Must be run only after ELIGIBLECANDIDATE
EPICBANANA	Exploit	Privilege escalation on Cisco ASA (versions 711, 712, 721, 722, 723, 724, 80432, 804, 805, 822, 823, 824, 825, 831, 832) and Cisco PIX (versions 711, 712, 721, 722, 723, 724, 804)
ESCALATEPLOWMAN	Exploit	Privilege escalation on WatchGuard products. Company says this won’t work on newer devices.
EXTRABACON	Exploit	RCE on Cisco ASA versions 802, 803, 804, 805, 821, 822, 823, 824, 825, 831, 832, 841, 842, 843, 844 (CVE-2016-6366)
FALSEMOREL	Exploit	Cisco exploit that extracts the “enable” password if Telnet is active on the device.
FEEDTROUGH	Implant	Persistent implant on Juniper NetScreen firewalls for deploying BANANAGLEE and ZESTYLEAK.
FLOCKFORWARD	Exploit	Ready-made payload that can be delivered via the ELIGIBLEBOMBSHELL exploit. Affects TOPSEC firewalls running TOS 3.3.005.066.1.
FOSHO	Tool	Python library for crafting HTTP requests used in exploits
GOTHAMKNIGHT	Exploit	Ready-made payload that can be delivered via the ELIGIBLEBOMBSHELL exploit. Affects TOPSEC firewalls running TOS 3.2.100.010.8_pbc_27.
HIDDENTEMPLE	Exploit	Ready-made payload that can be delivered via the ELIGIBLEBOMBSHELL exploit. Affects TOPSEC firewalls running TOS 3.2.8840.1.
JETPLOW	Implant	Cisco ASA and PIX implant used to insert BANANAGLEE in the device’s firmware
JIFFYRAUL	Implant	BANANAGLEE module for Cisco PIX
NOPEN	Tool	Post-exploitation shell (client used by the attacker, server installed on targeted device)
PANDAROCK	Tool	For connecting to POLARPAWS implants
POLARPAWS	Implant	Firewall implant for unknown vendor
POLARSNEEZE	Implant	Firewall implant for unknown vendor
SCREAMINGPLOW	Implant	Cisco ASA and PIX implant used to insert BANANAGLEE in the device’s firmware
SECONDDATE	Tool	Packet injection on WiFi and LAN networks. Used with BANANAGLEE and BARGLEE
TEFLONDOOR	Tool	Self-destructing post-exploitation shell
TURBOPANDA	Tool	Tool for connecting to previosuly-leaked HALLUXWATER implant.
WOBBLYLLAMA	Exploit	Ready-made payload that can be delivered via the ELIGIBLEBOMBSHELL exploit. Affects TOPSEC firewalls running TOS 3.3.002.030.8_003.
XTRACTPLEASING	Tool	Converts data to PCAP files
ZESTYLEAK	Implant	Juniper NetScreen firewall implant

If you want to view the files published by Shadow Brokers, please visit Softpedia article here.