Connecting SSL VPN FortiGate using Fedora 24


OpenFortiGUI is an open-source VPN-Client to connect to Fortigate VPN-Hardware. It is based on openfortivpn and adds an easy to use and nice GUI on top of it, written in Qt5.

Unlike other VPN-clients it is also possible to connect to multiple VPN-destinations  simultaneously. It is an replacement for the closed-source Forticlient – SSLVPN Client.

Important: Since version 0.2.12 the encoding of AES-encrypted passwords has changed because of a change of the upstream AES-library. You must reset all passwords for your VPN-profiles again to work, sorry for the inconveniences.

Features include:

  • Qt5 GUI, based on 5.5
  • openfortivpn library built-in, no separate download required
  • All settings saved in text-files, so easy to share, passwords saved AES-encrypted (key can be defined as needed)
  • VPNs divided into local and global sections (readonly, useful for deployments to many users)
  • VPN-groups can be defined to start groups of VPNs at the same time
  • Trayicon with fast access to start/stop VPNs and groups
  • Multiple VPN connections possible simultaneously
  • Certificate and user/password auth supported
  • English and german language
  • Source:

Prebuild packages are available for following Distros:

Ubuntu 16.04 (last Update 19.08.2017): 

OpenFortiGUI 0.3.3 32bit
OpenFortiGUI 0.3.3 64bit

Debian 9 (last Update 19.08.2017):

OpenFortiGUI 0.3.3 64bit

You can also use our apt mirror, for instructions see:

Quick instruction to build from source:

  1. Install DEV-tools (on Ubuntu: build-essential, qt5-default, libssl-dev)
  2. git clone
  3. cd openfortigui && git submodule init && git submodule update
  4. cd qtinyaes && git submodule init && git submodule update
  5. cd .. && qmake && make -j8
  6. openfortigui binary is ready

Used software/libraries/resources:

Running with command line :

sudo openfortivpn [<host>:<port>] [-u <user>] [-p <pass>]
[–realm=<realm>] “Optoinal”
[–no-routes] “Optional”
[–no-dns] “Optional”
[–pppd-no-peerdns] “Optional”
[–pppd-log=<file>] “Optional”
[–pppd-plugin=<file>] “Optional”
[–ca-file=<file>] “Optional”
[–user-cert=<file>] “Optional”
[–user-key=<file>] “Optional”
[–trusted-cert=<digest>] “Need if you have some cert”
[-c <file>] [-v|-q] “Optional”

If works, you can see this INFO :


Source : Bits and


apropos : Search Help manual pages (man -k)
apt-get : Search for and install software packages (Debian)
aptitude : Search for and install software packages (Debian)
aspell : Spell Checker
awk : Find and Replace text, database sort/validate/index
basename : Strip directory and suffix from filenames
bash : GNU Bourne-Again SHell
bc : Arbitrary precision calculator language
bg : Send to background
break : Exit from a loop
builtin : Run a shell builtin
bzip2 : Compress or decompress named file(s)
cal : Display a calendar
case : Conditionally perform a command
cat : Concatenate and print (display) the content of files
cd : Change Directory
cfdisk : Partition table manipulator for Linux
chgrp : Change group ownership
chmod : Change access permissions
chown : Change file owner and group
chroot : Run a command with a different root directory
chkconfig : System services (runlevel)
cksum : Print CRC checksum and byte counts
clear : Clear terminal screen
cmp : Compare two files
comm : Compare two sorted files line by line
command : Run a command – ignoring shell functions
continue : Resume the next iteration of a loop
cp : Copy one or more files to another location
cron : Daemon to execute scheduled commands
crontab : Schedule a command to run at a later time
csplit : Split a file into context-determined pieces
cut : Divide a file into several parts
date : Display or change the date & time
dc : Desk Calculator
dd : Convert and copy a file, write disk headers, boot records
ddrescue : Data recovery tool
declare : Declare variables and give them attributes
df : Display free disk space
diff : Display the differences between two files
diff3 : Show differences among three files
dig : DNS lookup
dir : Briefly list directory contents
dircolors : Colour setup for `ls’
dirname : Convert a full pathname to just a path
dirs : Display list of remembered directories
dmesg : Print kernel & driver messages
du : Estimate file space usage
echo : Display message on screen
egrep : Search file(s) for lines that match an extended expression
eject : Eject removable media
enable : Enable and disable builtin shell commands
env : Environment variables
ethtool : Ethernet card settings
eval : Evaluate several commands/arguments
exec : Execute a command
exit : Exit the shell
expect : Automate arbitrary applications accessed over a terminal
expand : Convert tabs to spaces
export : Set an environment variable
expr : Evaluate expressions
false : Do nothing, unsuccessfully
fdformat : Low-level format a floppy disk
fdisk : Partition table manipulator for Linux
fg : Send job to foreground
fgrep : Search file(s) for lines that match a fixed string
file : Determine file type
find : Search for files that meet a desired criteria
fmt : Reformat paragraph text
fold : Wrap text to fit a specified width.
for : Expand words, and execute commands
format : Format disks or tapes
free : Display memory usage
fsck : File system consistency check and repair
ftp : File Transfer Protocol
function : Define Function Macros
fuser : Identify/kill the process that is accessing a file
gawk : Find and Replace text within file(s)
getopts : Parse positional parameters
grep : Search file(s) for lines that match a given pattern
groupadd : Add a user security group
groupdel : Delete a group
groupmod : Modify a group
groups : Print group names a user is in
gzip : Compress or decompress named file(s)
hash : Remember the full pathname of a name argument
head : Output the first part of file(s)
help : Display help for a built-in command
history : Command History
hostname : Print or set system name
iconv : Convert the character set of a file
id : Print user and group id’s
if : Conditionally perform a command
ifconfig : Configure a network interface
ifdown : Stop a network interface
ifup Start a network interface up
import : Capture an X server screen and save the image to file
install : Copy files and set attributes
jobs : List active jobs
join : Join lines on a common field
kill : Stop a process from running
killall : Kill processes by name
less : Display output one screen at a time
let : Perform arithmetic on shell variables
ln : Create a symbolic link to a file
local : Create variables
locate : Find files
logname : Print current login name
logout : Exit a login shell
look : Display lines beginning with a given string
lpc : Line printer control program
lpr : Off line print
lprint : Print a file
lprintd : Abort a print job
lprintq : List the print queue
lprm : Remove jobs from the print queue
ls : List information about file(s)
lsof : List open files
make : Recompile a group of programs
man : Help manual
mkdir : Create new folder(s)
mkfifo : Make FIFOs (named pipes)
mkisofs : Create an hybrid ISO9660/JOLIET/HFS filesystem
mknod : Make block or character special files
more : Display output one screen at a time
mount : Mount a file system
mtools : Manipulate MS-DOS files
mtr : Network diagnostics (traceroute/ping)
mv : Move or rename files or directories
mmv : Mass Move and rename (files)
netstat : Networking information
nice : Set the priority of a command or job
nl : Number lines and write files
nohup : Run a command immune to hangups
notify-send : Send desktop notifications
nslookup : Query Internet name servers interactively
open : Open a file in its default application
op : Operator access
passwd : Modify a user password
paste : Merge lines of files
pathchk : Check file name portability
ping : Test a network connection
pkill : Stop processes from running
popd : Restore the previous value of the current directory
pr : Prepare files for printing
printcap : Printer capability database
printenv : Print environment variables
printf : Format and print data
ps : Process status
pushd : Save and then change the current directory
pwd : Print Working Directory
quota : Display disk usage and limits
quotacheck : Scan a file system for disk usage
quotactl : Set disk quotas
ram : ram disk device
rcp : Copy files between two machines
read : Read a line from standard input
readarray : Read from stdin into an array variable
readonly : Mark variables/functions as readonly
reboot : Reboot the system
rename : Rename files
renice : Alter priority of running processes
remsync : Synchronize remote files via email
return : Exit a shell function
rev : Reverse lines of a file
rm : Remove files
rmdir : Remove folder(s)
rsync : Remote file copy (Synchronize file trees)
screen : Multiplex terminal, run remote shells via ssh
scp : Secure copy (remote file copy)
sdiff : Merge two files interactively
sed : Stream Editor
select : Accept keyboard input
seq : Print numeric sequences
set : Manipulate shell variables and functions
sftp : Secure File Transfer Program
shift : Shift positional parameters
shopt : Shell Options
shutdown : Shutdown or restart linux
sleep : Delay for a specified time
slocate : Find files
sort : Sort text files
source : Run commands from a file `.’
split : Split a file into fixed-size pieces
ssh : Secure Shell client (remote login program)
strace : Trace system calls and signals
su : Substitute user identity
sudo : Execute a command as another user
sum : Print a checksum for a file
suspend : Suspend execution of this shell
symlink : Make a new name for a file
sync : Synchronize data on disk with memory
tail : Output the last part of file
tar : Tape ARchiver
tee : Redirect output to multiple files
test : Evaluate a conditional expression
time : Measure Program running time
times : User and system times
touch : Change file timestamps
top : List processes running on the system
traceroute : Trace Route to Host
trap : Run a command when a signal is set(bourne)
tr : Translate, squeeze, and/or delete characters
true : Do nothing, successfully
tsort : Topological sort
tty : Print filename of terminal on stdin
type : Describe a command
ulimit : Limit user resources
umask : Users file creation mask
umount : Unmount a device
unalias : Remove an alias
uname : Print system information
unexpand : Convert spaces to tabs
uniq : Uniquify files
units : Convert units from one scale to another
unset : Remove variable or function names
unshar : Unpack shell archive scripts
until : Execute commands (until error)
uptime : Show uptime
useradd : Create new user account
userdel : Delete a user account
usermod : Modify user account
users : List users currently logged in
uuencode : Encode a binary file
uudecode : Decode a file created by uuencode
v : Verbosely list directory contents (`ls -l -b’)
vdir : Verbosely list directory contents (`ls -l -b’)
vi : Text Editor
vmstat : Report virtual memory statistics
wait : Wait for a process to complete
watch: Execute/display a program periodically
wc : Print byte, word, and line counts
whereis : Search the user’s $path, man pages and source files for a program
which : Search the user’s $path for a program file
while : Execute commands
who : Print all usernames currently logged in
whoami : Print the current user id and name (`id -un’)
wget : Retrieve web pages or files via HTTP, HTTPS or FTP
write : Send a message to another user
xargs : Execute utility, passing constructed argument list(s)
xdg-open : Open a file or URL in the user’s preferred application.
yes : Print a string until interrupted
Amap The first next-generation scanning tool for pentesters. It attempts to identify applications even if they are running on a different port than normal.
It also identifies non-ascii based applications. This is achieved by sending trigger packets, and looking up the responses in a list of response strings.
root@kali:~# amap -bqv 80
Using trigger file /etc/amap/appdefs.trig … loaded 30 triggers
Using response file /etc/amap/appdefs.resp … loaded 346 responses
Using trigger file /etc/amap/appdefs.rpc … loaded 450 triggers
amap v5.4 ( started at 2014-05-13 19:07:16 – APPLICATION MAPPING mode
Total amount of tasks to perform in plain connect mode: 23
Protocol on (by trigger ssl) matches http – banner: <!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>\n<html><head>\n<title>501 Method Not Implemented</title>\n</head><body>\n<h1>Method Not Implemented</h1>\n<p> to /index.html not supported.<br />\n</p>\n<hr>\n<address>Apache/2.2.22 (Debian) Server at 12
Protocol on (by trigger ssl) matches http-apache-2 – banner: <!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>\n<html><head>\n<title>501 Method Not Implemented</title>\n</head><body>\n<h1>Method Not Implemented</h1>\n<p> to /index.html not supported.<br />\n</p>\n<hr>\n<address>Apache/2.2.22 (Debian) Server at 12
Waiting for timeout on 19 connections …
amap v5.4 finished at 2014-05-13 19:07:22

Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. Maltego’s unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure.
root@kali:~# cat /opt/Teeth/README.txt
NB NB: This runs on Kali Linux
#Make directory /opt/Teeth/
#Copy tgz to /opt/Teeth/
Load the config file called /opt/Teeth/etc/Maltego_config.mtz file into Maltego.
This is painless:
1) Open Maltego Tungsten (or Radium)
2) Click top left globe/sphere (Application button)
3) Import -> Import configuration, choose /opt/Teeth/etc/Maltego_config.mtz
Config file is in /opt/Teeth/etc/TeethConfig.txt
Everything can be set in the config file.
Log file is /var/log/Teeth.log, tail -f it while you running transforms for
real time logs of what’s happening.
You can set DEBUG/INFO. DEBUG is useful for seeing progress – set in
/opt/Teeth/units/ line 26
Look in cache/ directory. Here you find caches of:
1) Nmap results
2) Mirrors
3) SQLMAP results
You need to remove cache files by hand if you no longer want them.
You can run housekeep/ but it removes EVERYTHING.
The WP brute transform uses Metasploit.Start Metasploit server so:
msfconsole -r /opt/Teeth/static/Teeth-MSF.rc
It takes a while to start, so be patient.
In /housekeep is – it’s the same as killall python.

Crackle exploits a flaw in the BLE pairing process that allows an attacker to guess or very quickly brute force the TK (Temporary Key). With the TK and other data collected from the pairing process, the STK (Short Term Key) and later the LTK (Long Term Key) can be collected.
With the STK and LTK, all communications between the master and the slave can be decrypted.
root@kali:~# crackle -i ltk_exchange.pcap -o ltk-decrypted.pcap
TK found: 000000
ding ding ding, using a TK of 0! Just Cracks(tm)
Warning: packet is too short to be encrypted (1), skipping
LTK found: 7f62c053f104a5bbe68b1d896a2ed49c
Done, processed 712 total packets, decrypted 3
Source : Kali Linux