Thủ Phủ Hacker Mũ Trắng Buôn Ma Thuột

Chương trình Đào tạo Hacker Mũ Trắng Việt Nam tại Thành phố Buôn Ma Thuột kết hợp du lịch. Khi đi là newbie - Khi về là HACKER MŨ TRẮNG !

Hacking Và Penetration Test Với Metasploit

Chương trình huấn luyện sử dụng Metasploit Framework để Tấn Công Thử Nghiệm hay Hacking của Security365.

Tài Liệu Computer Forensic Của C50

Tài liệu học tập về Truy Tìm Chứng Cứ Số (CHFI) do Security365 biên soạn phục vụ cho công tác đào tạo tại C50.

Sinh Viên Với Hacking Và Bảo Mật Thông Tin

Cuộc thi sinh viên cới Hacking. Với các thử thách tấn công trang web dành cho sinh viên trên nền Hackademic Challenge.

Tấn Công Và Phòng Thủ Với BackTrack / Kali Linux

Khóa học tấn công và phòng thủ với bộ công cụ chuyên nghiệp của các Hacker là BackTrack và Kali LINUX dựa trên nội dung Offensive Security

Sayfalar

MASSCAN - Mass IP port scanner (fastest Internet port scanner)


This is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second.

It produces results similar to nmap, the most famous port scanner. Internally, it operates more like scanrand, unicornscan, and ZMap, using asynchronous transmission. The major difference is that it's faster than these other scanners. In addition, it's more flexible, allowing arbitrary address ranges and port ranges.

NOTE: masscan uses a custom TCP/IP stack. Anything other than simple port scans will cause conflict with the local TCP/IP stack. This means you need to either use the -S option to use a separate IP address, or configure your operating system to firewall the ports that masscan uses.

This tool is free, but consider funding it here: 1MASSCANaHUiyTtR3bJ2sLGuMw5kDBaj4T

Building

On Debian/Ubuntu, it goes something like this:
$ sudo apt-get install git gcc make libpcap-dev
$ git clone https://github.com/robertdavidgraham/masscan
$ cd masscan
$ make

This puts the program in the masscan/bin subdirectory. You'll have to manually copy it to something like /usr/local/bin if you want to install it elsewhere on the system.

The source consists of a lot of small files, so building goes a lot faster by using the multi-threaded build:
$ make -j

While Linux is the primary target platform, the code runs well on many other systems. Here's some additional build info:
  • Windows w/ Visual Studio: use the VS10 project
  • Windows w/ MingGW: just type make
  • Windows w/ cygwin: won't work
  • Mac OS X /w XCode: use the XCode4 project
  • Mac OS X /w cmdline: just type make
  • FreeBSD: type gmake
  • other: I don't know, don't care

Usage

Usage is similar to nmap. To scan a network segment for some ports:
# masscan -p80,8000-8100 10.0.0.0/8

This will:
  • scan the 10.x.x.x subnet, all 16 million addresses
  • scans port 80 and the range 8000 to 8100, or 102 addresses total
  • print output to <stdout> that can be redirected to a file
To see the complete list of options, use the --echo feature. This dumps the current configuration and exits. This output can be used as input back into the program:
# masscan -p80,8000-8100 10.0.0.0/8 --echo > xxx.conf
# masscan -c xxx.conf --rate 1000


srm - command-line program to delete files securely



srm is a secure replacement for rm(1). Unlike the standard rm, it overwrites the data in the target files before unlinking them. This prevents command-line recovery of the data by examining the raw block device. It may also help frustrate physical examination of the disk, although it's unlikely that it can completely prevent that type of recovery. It is, essentially, a paper shredder for sensitive files.

srm is ideal for personal computers or workstations with Internet connections. It can help prevent malicious users from breaking in and undeleting personal files, such as old emails. Because it uses the exact same options as rm(1), srm is simple to use. Just subsitute it for rm whenever you want to destroy files, rather than just unlinking them. For more information on using srm, read the manual page srm(1).


Drozer - The Leading Security Assessment Framework for Android


drozer is a comprehensive security audit and attack framework for Android.

With increasing pressure to support mobile working, the ingress of Android into the enterprise is gathering momentum. Have you considered the threat posed by the Android app that supports your business function, or Android devices being used as part of your BYOD strategy?

drozer helps to provide confidence that Android apps and devices being developed by, or deployed across, your organisation do not pose an unacceptable level of risk. By allowing you to interact with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.

drozer provides tools to help you use and share public exploits for Android. For remote exploits, it can generate shellcode to help you to deploy the drozer Agent as a remote administrator tool, with maximum leverage on the device.

Faster Android Security Assessments

drozer helps to reduce the time taken for Android security assessments by automating the tedious and time-consuming.
  • Discover and interact with the attack surface exposed by Android apps.
  • Execute dynamic Java-code on a device, to avoid the need to compile and install small test scripts.

Test against Real Android Devices

drozer runs both in Android emulators and on real devices. It does not require USB debugging or other development features to be enabled; so you can perform assessments on devices in their production state to get better results.

Automate and Extend

drozer can be easily extended with additional modules to find, test and exploit other weaknesses; this, combined with scripting possibilities, helps you to automate regression testing for security issues.

Test your Exposure to Public Exploits

drozer provides point-and-go implementations of many public Android exploits. You can use these to identify vulnerable devices in your organisation, and to understand the risk that these pose.


UFONet - DDoS attacks via Web Abuse (XSS/CSRF)


UFONet - is a tool designed to launch DDoS attacks against a target, using 'Open Redirect' vectors on third party web applications, like botnet.

See this links for more info:
- CWE-601:Open Redirect
- OWASP:URL Redirector Abuse


Main features:
--version             show program's version number and exit
-v, --verbose active verbose on requests
--check-tor check to see if Tor is used properly
--update check for latest stable version

*Configure Request(s)*:
--proxy=PROXY Use proxy server (tor: http://localhost:8118)
--user-agent=AGENT Use another HTTP User-Agent header (default SPOOFED)
--referer=REFERER Use another HTTP Referer header (default SPOOFED)
--host=HOST Use another HTTP Host header (default NONE)
--xforw Set your HTTP X-Forwarded-For with random IP values
--xclient Set your HTTP X-Client-IP with random IP values
--timeout=TIMEOUT Select your timeout (default 30)
--retries=RETRIES Retries when the connection timeouts (default 1)
--delay=DELAY Delay in seconds between each HTTP request (default 0)

*Manage Botnet*:
-s SEARCH Search 'zombies' on google (ex: -s 'proxy.php?url=')
--sn=NUM_RESULTS Set max number of result to search (default 10)
-t TEST Test list of web 'zombie' servers (ex: -t zombies.txt)

*Configure Attack(s)*:
-r ROUNDS Set number of 'rounds' for the attack (default: 1)
-b PLACE Set a place to 'bit' on target (ex: -b /path/big.jpg)
-a TARGET Start a Web DDoS attack (ex: -a http(s)://target.com)


FBHT v3.0 - Facebook Hacking Tool (Like flood, Note DDoS attack, FBFriendlyLogout, more...)


FBHT (Facebook Hacking Tool) is an open-source tool written in Python that exploits multiple vulnerabilities on the Facebook platform

The tool provides:
  • 1) Create accounts
  • 2) Delete all accounts for a given user
  • 3) Send friendship requests (Test Accounts)
  • 4) Accept friendship requests (Test Accounts)
  • 5) Connect all the accounts of the database
  • 6) Link Preview hack (Simple web version)
  • 7) Link Preview hack (Youtube version)
  • 8) Youtube hijack
  • 9) Private message, Link Preview hack (Simple web version)
  • 10) Private message, Link Preview hack (Youtube version)
  • 11) NEW Like flood
  • 12) Publish a post as an App (App Message Spoof)
  • 13) Bypass friendship privacy
  • 14) Bypass friendship privacy with graph support
  • 15) Analyze an existing graph
  • 16) Link to disclosed friendships
  • 17) Print database status
  • 18) Increase logging level globally
  • 19) Set global login (Credentials stored in memory - Danger)
  • 20) Print dead attacks :\'( 
  • 21) Send friend request to disclosed friend list from your account
  • 22) Bypass friendship (only .dot without graph integration)
  • 23) Note DDoS attack
  • 24) Old Like Flood (Not working)
  • 25) NEW! SPAM any fanpage inbox
  • 26) Bypass - database support (Beta)
  • 27) Logout all your friends - FB blackout 
  • 28) Close the application

DAWIN - Distributed Audit & Wireless Intrusion Notification


DA-WIN is the end of the manual PCI wireless scan DA-WIN provides an organisation a continuous wireless scanning capability that is light touch and simple. It utilises compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance.

BYOD - Bring Your Own Disaster

Marketing directors everywhere need to be able to swager (see urban dictionary not a spelling mistake - aka swagger) into the office. They NEED to be able to use an I-P-PAD-POD-PONE with teeniest screen to do their job.
DO THEY REALLY need to introduce that POX, VIRUS and MALWARE infected digital equivalent of TYPHOID Mary on to your network
DA-WIN provides an organisation a continuous wireless scanning capability that is light touch and simple. It replaces the network surveillance that head of risk made you take out after the last gartner conference

What is DA-WIN

DA- WIN (pronounced DARWIN) is the evolution of wireless security scanning. Developed by a team that had a significant impact on the field of 802.11 security, it embraces the true-ism that most organisations don't like or embrace network IDS technology and so are unlikely to welcome, invest in or support an IDS implementation in a more specialised area like Wfi.
Scanning is a costly, regulatory requirement for many - Yet it often provides little security protection because it only measures the threat on 4 or 5 days a year. How many CIOs would be happy with a firewall or anti-virus that worked for 1 week in 52?  

How we solved the problem 

Purpose built, designed from the ground up, Wireless IDS are expensive and require an organisation that is committed to the significant investment that is required to gain a security return. Other offering based on repurposed PC or Network equipment can only be deployed in too sparse numbers because of their size and cost to yield real benefits. Mostly these are network sniffers bundled together with adhoc scripts which often results in a significant manual overhead in interpreting the output. DA-WIN is different because:
  • The software it uses has been purposefully designed for the task, it has been designed with regulations such as PC-DSS and Government Standards (332/5) in mind � by personnel that helped set the baseline.
  • The hardware is custom assembled - it is compact, cost effective which allows for easy and trouble free volume deployment.
  • Supports Attack detection, Flood detection, brute forcing detection and a myriad of rogue access point detection techniques.
The typical organisation will claw back its expenditure on manual wireless scanning within 18 months.


WebBrowserPassView v1.56 - Recover lost passwords stored in your Web browser


WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0), Mozilla Firefox (All Versions), Google Chrome, Safari, and Opera. This tool can be used to recover your lost/forgotten password of any Website, including popular Web sites, like Facebook, Yahoo, Google, and GMail, as long as the password is stored by your Web Browser.

After retrieving your lost passwords, you can save them into text/html/csv/xml file, by using the 'Save Selected Items' option (Ctrl+S).

Using WebBrowserPassView

WebBrowserPassView doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file - WebBrowserPassView.exe

After running it, the main window of WebBrowserPassView displays the list of all Web browser passwords found in your system. You can select one or more passwords and then copy the list to the clipboard (Ctrl+C) or export them into text/xml/html/csv file (Ctrl+S). 

NetHogs - Small 'net top' tool


NetHogs is a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to indentify programs that have gone wild and are suddenly taking up your bandwidth.

Since NetHogs heavily relies on /proc, it currently runs on Linux only.

 Now supported:
  • Shows TCP download- and upload-speed per process
  • Supports both IPv4 and IPv6
  • Supports both Ethernet and PPP
Ideas/ToDo for new releases:
  • Incoming UDP packets?
  • Sort the output by other values than network usage
  • Monitor specific processes
  • Make it work correctly on machines with multiple IP addresses
  • Integrate into another tool?
  • gui? 

Lynis 1.6.1 - Version which includes a non-privileged scan (--pentest)


Lynis is a security auditing tool for the Linux, Unix and Mac platform. Being open source and free to use, it is an accessible and great solution to perform security scans. Within just a matter of minutes, it displays the weaknesses in your defenses, and tips for improving them. While Lynis was initially an auditing solution, version 1.6.1 brought a very exciting new pentest option (--pentest). It allows to perform a non-privileged scans, so root access is not longer needed. Great for pentesting and to determine if there are other holes to exploit.

This tool is the result of 7 years of development and much feedback by the community. Now it supported by the original author and his company, development is active and regular updates are being released. The author also stated Lynis would remain free and open source. His way of giving back to the community and make sure nice tools do not get behind a paywall.

tinfoleak - Get detailed information about a Twitter user activity


tinfoleak is a simple Python script that allow to obtain:
  • basic information about a Twitter user (name, picture, location, followers, etc.)
  • devices and operating systems used by the Twitter user
  • applications and social networks used by the Twitter user
  • place and geolocation coordinates to generate a tracking map of locations visited
  • show user tweets in Google Earth!
  • download all pics from a Twitter user
  • hashtags used by the Twitter user and when are used (date and time)
  • user mentions by the the Twitter user and when are occurred (date and time)
  • topics used by the Twitter user
You can filter all the information by:
  • start date / time
  • end date / time
  • keywords

BurpSentintel - GUI Burp Plugin to ease discovering of security holes in web applications


A plugin for Burp Intercepting Proxy, to aid and ease the identification of vulnerabilities in web applications.

Searching for vulnerabilities in web applications can be a tedious task. Most of the time consists of inserting magic chars into parameters, and looking for suspicious output. Sentinel tries to automate parts of this laborous task. It's purpose is not to automatically scan for vulnerabilities (even if it can do it in certain cases), as there are better tools out there to do that (BURP scanner for example). So it's the only tool which sits in between manual hacking with BURP repeater, and automated scanning with BURP scanner.

To use it, just send a suspicious HTTP request from BURP proxy to Sentinel. Then the user is able to select certain attack patterns for selected parameters (say, XSS attacks for parameter "id"). Sentinel will issue several requests, with the attack patterns inserted. It will also help find suspicious behaviour and pattern in the accompaining HTTP responses (for example, identify decoded HTML magic chars).

Features

Big Features:
UI Features:

Wireless Network Watcher v1.72 - Show who is connected to your wireless network


Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network. 

For every computer or device that is connected to your network, the following information is displayed: IP address, MAC address, the company that manufactured the network card, and optionally the computer name. 

You can also export the connected devices list into html/xml/csv/text file, or copy the list to the clipboard and then paste into Excel or other spreadsheet application.

Using Wireless Network Watcher

Wireless Network Watcher doesn't require any installation process or additional dll files. In order to start using it, simply extract the executable file (WNetWatcher.exe) from the zip file, and run it. 

If you want, you can also download WNetWatcher with full install/uninstall support (wnetwatcher_setup.exe), so a shortcut for running WNetWatcher will be automatically added into your start menu.

After running WNetWatcher, it automatically locates your wireless adapter, and scans your network. After a few seconds, you should start see the list of computers that are currently connected to your network.

If from some reason, WNetWatcher failed to locate and scan your network, you can try to manually choosing the correct network adapter, by pressing F9 (Advanced Options) and choosing the right network adapter.

Columns Description

  • IP Address: IP Address of the device or computer.
  • Device Name: The name of the device or computer. This field may remain empty if the computer or the device doesn't provide its name.
  • MAC Address: The MAC address of the network adapter.
  • Network Adapter Company:The company that manufactured the network adapter, according to the MAC Address. This column can help you to detect the type of the device or computer. For example, if the company name is Apple, the device is probably a Mac computer, iPhone, or iPad. 
    if the company name is Nokia, the device is probably a cellular phone of Nokia.

    By default, this utility uses an internal MAC addresses database stored inside the .exe file, but it's not always updated with the latest MAC address assignments. 
    You can manually download the latest MAC addresses file from http://standards.ieee.org/develop/regauth/oui/oui.txtand then put oui.txt in the same folder where WNetWatcher.exe is located. When you run WNetWatcher.exe, it'll automatically load and use the external oui.txt instead of the internal MAC addresses database.
  • Device Information:This column displays 'Your Computer' if the device is the computer that you currently use. This column displays 'Your Router' if the device is the wireless router.
  • User Text:You can assign your own text to any device detected by WNetWatcher. By default, this field is filled with the device name. In order to change the User Text, simply double-click the item and type the desired text.
  • Active:Specifies whether this device is currently active. When a device is not detected anymore, the 'Active' value is turned from 'Yes' to 'No'

Background Scan

Starting from version 1.15, there is a new option under the Options menu - 'Background Scan'. 
When it's turned on, Wireless Network Watcher first make the regular fast network scan to discover all current connected devices. After that, a continuous background scan is activated to discover when new devices are connected to your network. The background scan is slower and less intensive then the regular scan, so it won't overload your computer and you can leave it to run in the background while using other programs. 
When the background scan is running, a counter of the scan process is displayed in the second section of the bottom status bar.
When the background scan is used, you can use the 'Beep On New Device' option to get a beep sound when a new device is detected.

Command-Line Options

/cfg <Filename> Start Wireless Network Watcher with the specified configuration file. For example:
WNetWatcher.exe /cfg "c:\config\wnw.cfg"
WNetWatcher.exe /cfg "%AppData%\WNetWatcher.cfg"
/stext <Filename> Scan your network, and save the network devices list into a regular text file.
/stab <Filename> Scan your network, and save the network devices list into a tab-delimited text file.
/scomma <Filename> Scan your network, and save the network devices list into a comma-delimited text file (csv).
/stabular <Filename> Scan your network, and save the network devices list into a tabular text file.
/shtml <Filename> Scan your network, and save the network devices list into HTML file (Horizontal).
/sverhtml <Filename> Scan your network, and save the network devices list into HTML file (Vertical).
/sxml <Filename> Scan your network, and save the network devices list into XML file.    
  

WPHardening - WPHardening fortification is a security tool for WordPress


WPHardening is a security tool for WordPress. Different tools to hardening WordPress.

Usage

$ python wphardening.py -h 
Options:
--version show program's version number and exit
-h, --help show this help message and exit
-v, --verbose Active verbose mode output results
--update Check for WPHardening latest stable version

Target:
This option must be specified to modify the package WordPress.

-d DIRECTORY, --dir=DIRECTORY
**REQUIRED** - Working Directory.

Hardening:
Different tools to hardening WordPress.

-c, --chmod Chmod 755 in directory and 644 in files.
-r, --remove Remove files and directory.
-b, --robots Create file robots.txt
-f, --fingerprinting
Deleted fingerprinting WordPress.
-t, --timthumb Find the library TimThumb.
--wp-config Wizard generated wp-config.php
--delete-version Deleted version WordPress.
--plugins Download Plugins Security.
--proxy=PROXY Use a HTTP proxy to connect to the target url for
--plugins and --wp-config.
--indexes It allows you to display the contents of directories.

Miscellaneous:
-o FILE, --output=FILE
Write log report to FILE.log

Examples

Check a WordPress Project
$ python wphardening.py -d /home/path/wordpress -v
Change permissions
$ python wphardening.py -d /home/path/wordpress --chmod -v
Remove files that are not used
$ python wphardening.py -d /home/path/wordpress --remove -v
Create your robots.txt file
$ python wphardening.py -d /home/path/wordpress --robots -v
Remove all fingerprinting
$ python wphardening.py -d /home/path/wordpress --fingerprinting -v
Check a TimThumb library
$ python wphardening.py -d /home/path/wordpress --timthumb -v
Create Index file
$ python wphardening.py -d /home/path/wordpress --indexes -v
Download Plugins security
$ python wphardening.py -d /home/path/wordpress --plugins
Wizard generated wp-config.php
$ python wphardening.py -d /home/path/wordpress --wp-config
Deleted version WordPress
$ python wphardening.py -d /home/path/wordpress --delete-version -v
WPHardening update
$ python wphardening.py --update
Use all options
$ python wphardening.py -d /home/user/wordpress -c -r -f -t --wp-config --delete-version --indexes --plugins -o /home/user/wphardening.log


XSScrapy - Fast, thorough XSS vulnerability spider


Fast, thorough, XSS spider. Give it a URL and it'll test every link it finds for cross-site scripting vulnerabilities.

XSS attack vectors xsscrapy will test
  • Referer header (way more common than I thought it would be!)
  • User-Agent header
  • Cookie header (added 8/24/14)
  • Forms, both hidden and explicit
  • URL variables
  • End of the URL, e.g. www.example.com/<script>alert(1)</script>
  • Open redirect XSS, e.g. looking for links where it can inject a value of javascript:prompt(1)
XSS attack vectors xsscrapy will not test
  • Other headers
Let me know if you know of other headers you’ve seen XSS-exploitable in the wild and I may add checks for them in the script.
  • Persistent XSS’s reflected in pages other than the immediate response page
If you can create something like a calendar event with an XSS in it but you can only trigger it by visiting a specific URL that’s different from the immediate response page then this script will miss it.
  • DOM XSS
DOM XSS will go untested.
  • CAPTCHA protected forms
This should probably go without saying, but captchas will prevent the script from testing forms that are protected by them.
  • AJAX

Because Scrapy is not a browser, it will not render javascript so if you’re scanning a site that’s heavily built on AJAX this scraper will not be able to travel to all the available links. I will look into adding this functionality in the future although it is not a simple task.

From within the main folder run:
./xsscrapy.py -u http://something.com
If you wish to login then crawl:
./xsscrapy.py -u http://something.com/login_page -l loginname -p pa$$word

Output is stored in XSS-vulnerable.txt.


PHP Secure Configuration Checker - Check current PHP configuration for potential security flaws


Among the most tedious tasks of PHP security testing is the check for insecure PHP configuration. As a successor of our PHP Security Poster, we have created a script to help system administrators as well as security professionals to assess the state of php.ini and related topics as quickly and as thoroughly as possible. For later reference, the script is called "PHP Secure Configuration Checker" , or pcc.

Inspiration and previous work

  • phpinfo(): Just like phpinfo() the pcc is supposed to give a brief overview of security related configuration issues.
  • phpsecinfo: This is an alternative project that appears to have been discontinued in 2007.
  • SektionEins PHP Security Poster (2009-2011): Some text snippets and recommendations of our own work we put into the popular poster have been reused.


Ideas, Features and Software Design

  • One single file for easy distribution: In respect to an update process and access restrictions, a single file can be handled easier than a whole web application monster.
  • Simple tests for each security related ini entry: Testing php.ini on a live system is the main aspect of this project. Each entry is supposed to be checked or otherwise actively ignored.
  • A few other tests: pcc is not restricted to php.ini checks. Other ideas can be implemented as well.
  • Compatibility: PHP 5.4 is supposed to work. Older PHP versions are not supposed to be used in the wild anyway.
  • NO complicated/overengineered code, e.g. no classes/interfaces, test-frameworks, libraries, ...: In most cases, a recommendation is based on a simple boolean decision, e.g. is it 1 or is it 0. The corresponding code is supposed to reflect this simplicity. Also, simple code leads to fewer programming errors.
  • Novice factor: The result is supposed to help secure the PHP environment. There is no need to obfuscate, encrypt or hide the code. Even unexperienced developers or system administrators may take a glance at the code - free of charge.
  • NO (or very few) dependencies: pcc is supposed to run in the most simplistic (yet still realistically sane) PHP environment. Writing files and loading bloated library code should be avoided.
  • Safeguards: In order to prevent information disclosure, IP restrictions are implemented, as well as a lock-out mechanism based on the script's modification time.
  • Suhosin: pcc checks the correct configuration of the Suhosin extension.

LinSSID - Graphical wireless scanning for Linux (similar to Inssider)


LinSSID is graphically and functionally similar to Inssider (Microsoft™ Windows®). It is written in C++ using Linux wireless tools, Qt5, and Qwt 6.1.

LinSSID may be installed either by downloading source or binary from this site, or if you're using Debian/Ubuntu or one of its brethren, adding a ppa to your software sources and then installing it with your favorite application manager. The ppa is:
(substitute 'precise', 'quantal', 'raring', 'saucy', 'trusty' or 'utopic' for 'myversion')

Builds are available for amd64 and i386. Please report problems on the 'discussion' tab.

Version 2.2 and above now built on Qt5 using version 6.1 of the Qwt library, based on a 'trusty' development environment. Several small bugs have been fixed and there is now a status message in the top panel.

LinSSID is not bug-free. If you find one please report it on the discussion page and let's fix it.


zAnti - Android Penetration Testing Toolkit (Free!)


zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.

zANTI offers a comprehensive range of fully customizable scans to reveal everything from authentication, backdoor and brute-force attempts to database, DNS and protocol-specific attacks – including rogue access points.

zANTI produces an Automated Network Map that shows any vulnerabilities of a given target.

Pick your audit

zANTI offers a host of penetration-testing features, including everything from Man-In-The-Middle and password complexity audits to port monitoring and a sophisticated packet sniffer.

End the discussion

zANTI employs advanced cloud-based reporting that makes it easy to demonstrate flaws and rationalize budgeting for necessary network upgrades.

Keep it simple

zANTI offers a user-friendly web-based interface that turns complex audits into a walk in the park; to quote Forbes, it’s “as polished as a video game”.