Bugtraq-II Beta 32 bits Release

Features Bugtraq system offers the most comprehensive distribution, optimal, and stable with automated services manager in real time. This distribution based on the 3.2 and 3.4 kernel PAE has a huge range of penetration, forensic and laboratory tools. Bugtraq is available with XFCE, Gnome and KDE based on Ubuntu, Debian and OpenSuse. The systems are available in 11 different languages. ToolsOne of the novelties of bugtraq is its wide range of...

Read More

[SAMHAIN 3.0.9] File Integrity Checker / Host-Based Intrusion Detection System

The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host. Samhain is an open-source multiplatform application...

Read More

[Stegano 0.4] Python Steganography Module

Stéganô is a Python Steganography module.Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. Consequently, functions provided by Stéganô only hide message, without encryption. Indeed steganography is often used with cryptography.The advantage of steganography, over cryptography alone,...

Read More

[HoneyDrive Desktop] Máquina virtual con varias aplicaciones para correr nuestro propio Honeypot

HoneyDrive Desktop es una máquina virtual con varias aplicaciones preparadas que nos permite de una forma sencilla y rápida correr nuestro propio honeypot.Corre con Xubuntu Desktop 12.04 32 bits y contiene entre otras, las siguientes aplicaciones:Servidor LAMP con phpMyAdminKippo SSH, Kippo-Graph y Kippo2MySQLDionaea Malware + phpLiteAdminHoneyd + Honeyd2MySQL y Honeyd-VizLaBrea, Tiny Honeypot, IIS Emulator, INetSim y SimHVarias utilidades para el...

Read More

[AnonTwi 1.0] Twittea Anónimanente

AnonTwi es un software gratuito diseñado para navegar anónimamente en las redes sociales. Es compatible con Identi.ca y Twitter.com. Puedes aprovechar la aleatorización de proxy, enviar datos falsos geolocalización, y más. + Cifrado AES + HMAC-SHA1 en Tweets y Mensajes Directos --> [Más Info] + Secure Sockets Layer (SSL) para interactuar con la API + Proxy Socks (por ejemplo, para conectar a la red TOR) + Valores aleatórios...

Read More

[SQLSentinel] OpenSource tool for sql injection security testing

SQLSentinel is an opensource tool that automates the process of finding the sql injection on a website. SQLSentinel includes a spider web and sql errors finder. You give in input a site and SQLSentinel crawls and try to exploit parameters validation error for you. When job is finished, it can generate a pdf report which contains the url vuln found and the url crawled. Please remember that SQLSentinel is not an exploiting tool. It can only...

Read More

[BeEF] Fake Browser Update Exploitation

How to use BeEF Framework for fake browser update exploitation.Fake Browser Update : - In BeEF Framework there is a new feature available in social-engineering called Clippy using this feature we are sending the fake Update notification and if user click on that so obviously he is going to install that exe and other side you will get the meterpreter session. Very easy to perform but very good for social-engineering.BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.Amid growing...

Read More

Windows Autologin Password Dumper & Manager

Windows Autologin Password is the free command-line tool to quickly dump and manage the Windows Automatic Logon Password.Automatic Logon is one of the useful feature in Windows which allows you to login to system automatically without entering the password everytime. This tool helps you to easily dump the current Autologon password as well as quickly change the Autologon settings with just one command.Here is the complete list of things that...

Read More

[SQL Fingerprint] Christmas Release

Microsoft SQL Server fingerprinting can be a time consuming process, because it involves trial and error methods to determine the exact version. Intentionally inserting an invalid input to obtain a typical error message or using certain alphabets that are unique for certain server are two of the many ways to possibly determine the version, but most of them require authentication, permissions and/or privileges on Microsoft SQL Server to succeed. Instead,...

Read More

[Hydra v 7.4] Fast Network cracker

One of the biggest security holes are passwords, as every password security study shows. A very fast network logon cracker which support many different services, THC-Hydra is now updated to 7.4 version.Hydra available for Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, Currently supports AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST,...

Read More

[WiFi Password Decryptor] Free Wireless Password Recovery Software

WiFi Password Decryptor is the FREE software to instantly recover Wireless account passwords stored on your system. It automatically recovers all type of Wireless Keys/Passwords (WEP/WPA/WPA2 etc) stored by Windows Wireless Configuration Manager. For each recovered WiFi account, it displays following information WiFi Name (SSID) Security Settings (WEP-64/WEP-128/WPA2/AES/TKIP)Password Type Password in clear text After the successful...

Read More

[ScanPlanner] Scanner Nmap Online

ScanPlanner is the easiest, fastest way to run NMAP scans and tests from the web. Schedule and track your network scans and vulnerability tests with our intuitive online interface.WEB: http://scanplanner.com/...

Read More

[jSQL Injection] Java based automated SQL injection tool

jSQLi is java based free SQL Injection Tool. It is very easy for user to retrieve database information from a vulnerable web server.SQL Injection features:GET, POST, header, cookie methodsnormal, error based, blind, time based algorithmsautomatic best algorithms detectiondata retrieving progressionproxy settingevasionfor now supports MySQLDownload it from here:http://adf.ly/146...

Read More

[Nmap 6.25] 85 new NSE scripts

After five months NMAP team release latest version of open source utility for network exploration or security auditing - NMAP 6.25 .It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.Many systems and network administrators also find it useful for tasks such as network inventory,...

Read More

[Xenotix] XSS Exploit Framework 2013 v2 Released

Xenotix XSS Exploit Framework is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications. This tool can inject codes into a webpage which are vulnerable to XSS. It is basically a payload list based XSS Scanner and XSS Exploitation kit. It provides a penetration tester the ability to test all the XSS payloads available in the payload list against a web application to test for XSS vulnerabilities. The tool supports...

Read More

[Network Password Decryptor v3.0] Tool to Recover Network Passwords

Network Password Decryptor is the free tool to instantly recover network passwords stored in the 'Credential Store' of Windows. Windows 'Credential Store' provides the framework for storing various network authentication based passwords in secure encrypted format.    Not only Windows uses it to store network authentication passwords, but also other applications such as Outlook, Windows Live Messenger,...

Read More

[VSD] (Virtual Section Dumper) Just another Virtual Section Dumper for Windows Processes

What's VSD?VSD (Virtual Section Dumper) is intented to be a tool to visualize and dump the memory regions of a running 32 bits or a 64 bits process in many ways. For example, you can dump the entire process and fix the PE Header, dump a given range of memory or even list and dump every virtual section present in the process. Usage of VSD can be found hereScreenshotsVSD x86 Main window Loaded modules Handles Threads Patch VSD x64Latest...

Read More

[ISME v0.7] IP Phone Scanning Made Easy

ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.Initially intended as a scanner dedicated to Cisco IP Telephony solution, ISME has...

Read More

[VMInjector] DLL Injection tool to unlock guest VMs

Overview: VMInjector is a tool designed to bypass OS login authentication screens of major operating systems running on VMware Workstation/Player, by using direct memory manipulation.Description:VMInjector is a tool which manipulates the memory of VMware guests in order to bypass the operation system authentication screen. VMware handles the resources allocated to guest operating systems, including RAM memory. VMInjector injects a DLL library...

Read More

[PwnStar] Version with new Exploits

A bash script to launch a Soft AP, configurable with a wide variety of attack options. Includes a number of index.html and server php scripts, for sniffing/phishing. Can act as multi-client captive portal using php and iptables.  Launches classic exploits such as evil-PDF. De-auth with aireplay, airdrop-ng or MDK3.Changes and New Features“hotspot_3″ is a simple phishing web page, used with basic menu option 4.“portal_simple” is a captive...

Read More

[PwnPi v2.0] A Pen Test Drop Box distro for the Raspberry Pi

PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 114 network security tools pre-installed to aid the penetration tester. It is built on the debian squeeze image from the raspberry pi foundation’s website and uses Xfce as the window managerLogin username and password is root:rootTools List:Download H...

Read More

[NetSleuth] Open source Network Forensics And Analysis Tools

NetSleuth identifies and fingerprints network devices by silent network monitoring or by processing data from PCAP files.NetSleuth is an opensource network forensics and analysis tool, designed for triage in incident response situations. It can identify and fingerprint network hosts and devices from pcap files captured from Ethernet or WiFi data (from tools like Kismet).It also includes a live mode, silently identifying hosts and devices...

Read More

[TXDNS v 2.2.1] Aggressive multithreaded DNS digger

TXDNS is a Win32 aggressive multithreaded DNS digger. Capable of placing, on the wire, thousands of DNS queries per minute. TXDNS main goal is to expose a domain namespace trough a number of techniques:-- Typos: Mised, doouble and transposde keystrokes;-- TLD/ccSLD rotation;-- Dictionary attack;-- Full Brute-force attack: alpha, numeric or alphanumeric charsets.New features:Support AAAA(IPv6)record queries:-rr AAAA;Rewrite summarizing statistics using a thread-safe algorithm instead mutex.Bug fixes:Fixed a problem when running under Windows XP;Fixed...

Read More

[SSLsplit 0.4.5] Tool for man-in-the-middle attacks against SSL/TLS encrypted network connections

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections.  Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit.  SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted.  SSLsplit is intended to be useful for network forensics and penetration testing.SSLsplit...

Read More

[Network Database Scanner v1.0] Software to remotely detect the type of Database services running on the network system

Network Database Scanner is the free software to remotely detect the type of Database services running on the network system. It can help you to scan single or multiple systems on your internal network or on the Internet.It uses smart timer based Connect method which makes the scanning faster than traditional approach.Current version supports following popular Database Services,     MySQL    MSSQL   ...

Read More

[FTP Password Kracker] Crack FTP password

FTP Password Kracker is a free software to recover your lost FTP password directly from server. It uses brute-force password cracking method based on universal FTP protocol and can recover password from any FTP server.It automatically detects and alerts you if the target FTP server allows any Anonymous (without password) connections. In case your FTP server is running on different port (other than port 21) then you can easily specify the same in...

Read More

[ShowWindows v1.0] Command-line Tool to Manage Open Windows

Show Windows is the command-line tool to manage Windows opened by all running Processes on your system.In addition to showing open Windows, it does little more. Here are some of the things that you can do with ShowWindows,View all open Windows/AppsWindows opened by particular UserWindows opened by particular ProcessSearch for Windows with specified TitleClose the WindowKill the selected ProcessIn Penetration Testing environment, it can help you to...

Read More

[Dissy] Graphical frontend to the objdump disassembler

Dissy is a graphical frontend to the objdump disassembler. Dissy can be used for debugging and browsing compiler-generated code. Download Di...

Read More

[Patator Brute Forcer] v 0.4

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.Currently it supports the following modules: * ftp_login     : Brute-force FTP * ssh_login     : Brute-force SSH * telnet_login  : Brute-force Telnet * smtp_login    : Brute-force SMTP * smtp_vrfy     : Enumerate valid users using the SMTP VRFY command * smtp_rcpt     : Enumerate valid users using the SMTP RCPT TO command * finger_lookup...

Read More

[360-FAAR] Firewall Analysis Audit And Repair 0.3.6

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file!Read Policy and Logs for:Checkpoint FW1 (in odumper.csv / logexport format),Netscreen ScreenOS (in get config / syslog format),Cisco ASA (show run / syslog format),360-FAAR...

Read More