[Xenotix] XSS Exploit Framework 2013 v2 Released

Xenotix XSS Exploit Framework is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications. This tool can inject codes into a webpage which are vulnerable to XSS. It is basically a payload list based XSS Scanner and XSS Exploitation kit. It provides a penetration tester the ability to test all the XSS payloads available in the payload list against a web application to test for XSS vulnerabilities. The tool supports...

Read More

[Network Password Decryptor v3.0] Tool to Recover Network Passwords

Network Password Decryptor is the free tool to instantly recover network passwords stored in the 'Credential Store' of Windows. Windows 'Credential Store' provides the framework for storing various network authentication based passwords in secure encrypted format.    Not only Windows uses it to store network authentication passwords, but also other applications such as Outlook, Windows Live Messenger,...

Read More

[VSD] (Virtual Section Dumper) Just another Virtual Section Dumper for Windows Processes

What's VSD?VSD (Virtual Section Dumper) is intented to be a tool to visualize and dump the memory regions of a running 32 bits or a 64 bits process in many ways. For example, you can dump the entire process and fix the PE Header, dump a given range of memory or even list and dump every virtual section present in the process. Usage of VSD can be found hereScreenshotsVSD x86 Main window Loaded modules Handles Threads Patch VSD x64Latest...

Read More

[ISME v0.7] IP Phone Scanning Made Easy

ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.Initially intended as a scanner dedicated to Cisco IP Telephony solution, ISME has...

Read More

[VMInjector] DLL Injection tool to unlock guest VMs

Overview: VMInjector is a tool designed to bypass OS login authentication screens of major operating systems running on VMware Workstation/Player, by using direct memory manipulation.Description:VMInjector is a tool which manipulates the memory of VMware guests in order to bypass the operation system authentication screen. VMware handles the resources allocated to guest operating systems, including RAM memory. VMInjector injects a DLL library...

Read More

[PwnStar] Version with new Exploits

A bash script to launch a Soft AP, configurable with a wide variety of attack options. Includes a number of index.html and server php scripts, for sniffing/phishing. Can act as multi-client captive portal using php and iptables.  Launches classic exploits such as evil-PDF. De-auth with aireplay, airdrop-ng or MDK3.Changes and New Features“hotspot_3″ is a simple phishing web page, used with basic menu option 4.“portal_simple” is a captive...

Read More

[PwnPi v2.0] A Pen Test Drop Box distro for the Raspberry Pi

PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 114 network security tools pre-installed to aid the penetration tester. It is built on the debian squeeze image from the raspberry pi foundation’s website and uses Xfce as the window managerLogin username and password is root:rootTools List:Download H...

Read More

[NetSleuth] Open source Network Forensics And Analysis Tools

NetSleuth identifies and fingerprints network devices by silent network monitoring or by processing data from PCAP files.NetSleuth is an opensource network forensics and analysis tool, designed for triage in incident response situations. It can identify and fingerprint network hosts and devices from pcap files captured from Ethernet or WiFi data (from tools like Kismet).It also includes a live mode, silently identifying hosts and devices...

Read More

[TXDNS v 2.2.1] Aggressive multithreaded DNS digger

TXDNS is a Win32 aggressive multithreaded DNS digger. Capable of placing, on the wire, thousands of DNS queries per minute. TXDNS main goal is to expose a domain namespace trough a number of techniques:-- Typos: Mised, doouble and transposde keystrokes;-- TLD/ccSLD rotation;-- Dictionary attack;-- Full Brute-force attack: alpha, numeric or alphanumeric charsets.New features:Support AAAA(IPv6)record queries:-rr AAAA;Rewrite summarizing statistics using a thread-safe algorithm instead mutex.Bug fixes:Fixed a problem when running under Windows XP;Fixed...

Read More

[SSLsplit 0.4.5] Tool for man-in-the-middle attacks against SSL/TLS encrypted network connections

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections.  Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit.  SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted.  SSLsplit is intended to be useful for network forensics and penetration testing.SSLsplit...

Read More

[Network Database Scanner v1.0] Software to remotely detect the type of Database services running on the network system

Network Database Scanner is the free software to remotely detect the type of Database services running on the network system. It can help you to scan single or multiple systems on your internal network or on the Internet.It uses smart timer based Connect method which makes the scanning faster than traditional approach.Current version supports following popular Database Services,     MySQL    MSSQL   ...

Read More

[FTP Password Kracker] Crack FTP password

FTP Password Kracker is a free software to recover your lost FTP password directly from server. It uses brute-force password cracking method based on universal FTP protocol and can recover password from any FTP server.It automatically detects and alerts you if the target FTP server allows any Anonymous (without password) connections. In case your FTP server is running on different port (other than port 21) then you can easily specify the same in...

Read More

[ShowWindows v1.0] Command-line Tool to Manage Open Windows

Show Windows is the command-line tool to manage Windows opened by all running Processes on your system.In addition to showing open Windows, it does little more. Here are some of the things that you can do with ShowWindows,View all open Windows/AppsWindows opened by particular UserWindows opened by particular ProcessSearch for Windows with specified TitleClose the WindowKill the selected ProcessIn Penetration Testing environment, it can help you to...

Read More

[Dissy] Graphical frontend to the objdump disassembler

Dissy is a graphical frontend to the objdump disassembler. Dissy can be used for debugging and browsing compiler-generated code. Download Di...

Read More

[Patator Brute Forcer] v 0.4

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.Currently it supports the following modules: * ftp_login     : Brute-force FTP * ssh_login     : Brute-force SSH * telnet_login  : Brute-force Telnet * smtp_login    : Brute-force SMTP * smtp_vrfy     : Enumerate valid users using the SMTP VRFY command * smtp_rcpt     : Enumerate valid users using the SMTP RCPT TO command * finger_lookup...

Read More

[360-FAAR] Firewall Analysis Audit And Repair 0.3.6

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file!Read Policy and Logs for:Checkpoint FW1 (in odumper.csv / logexport format),Netscreen ScreenOS (in get config / syslog format),Cisco ASA (show run / syslog format),360-FAAR...

Read More

[GNUnet P2P Framework] v 0.9.4

GNUnet is a framework for secure peer-to-peer networking that does not use any centralized or otherwise trusted services. A first service implemented on top of the networking layer allows anonymous censorship-resistant file-sharing. Anonymity is provided by making messages originating from a peer indistinguishable from messages that the peer is routing. All peers act as routers and use link-encrypted connections with stable bandwidth utilization...

Read More

[Subterfuge] Beta Version 4.2

 Automated Man-in-the-Middle Attack Framework                                     Abstract:  Enter Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attack and make it as simple as point and shoot. A beautiful, easy to use interface which produces a more transparent and effective attack is what sets Subterfuge apart...

Read More

[Cookie Cadger] v.0.9

An auditing tool for Wi-Fi or wired Ethernet connections  Cookie Cadger helps identify information leakage from applications that utilize insecure HTTP GET requests. Cookie Cadger works on Windows, Linux, or Mac, and requires Java 7. Using Cookie Cadger requires having “tshark” – a utility which is part of the Wireshark suite, to be installed. Usually simply installing Wireshark will be sufficient. Additionally, to capture packets promiscuously...

Read More

[PySQLi] Python SQL injection framework

PySQLi is a python framework designed to exploit complex SQL injection vulnerabilities. It provides dedicated bricks that can be used to build advanced exploits or easily extended/improved to fit the case.PySQLi is thought to be easily modified and extended through derivated classes and to be able to inject into various ways such as command line, custom network protocols and even in anti-CSRF HTTP forms.PySQLi is still in an early stage of development,...

Read More

[ExploitShield Browser Edition] Forget about browser vulnerabilities

ExploitShield Browser Edition protects against all known and unknown 0-day day vulnerability exploits, protecting users where traditional antivirus and security products fail. It consists of an innovative patent-pending vulnerability-agnostic application shielding technology that prevents malicious vulnerability exploits from compromising computers.Includes "shields" for all major browsers (IE, Firefox, Chrome, Opera) and browser all components...

Read More

[Spooftooph 0.5.2] Automated spoofing or cloning Bluetooth device

Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specificaly the same Address).FeaturesClone and log Bluetooth device informationGenerate a...

Read More

[Wifi Honey] Creates fake APs using all encryption

This is a script, attack can use to creates fake APs using all encryption and monitors with Airodump. It automate the setup process, it creates five monitor mode interfaces, four are used as APs and the fifth is used for airdump-ng. To make things easier, rather than having five windows all this is done in a screen session which allows you to switch between screens to see what is going on. All sessions are labelled so you know which is...

Read More

[Burp Suite] Free Edition v1.5

Burp Suite helps you secure your web applications by finding the vulnerabilities they contain.  Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, upstream proxies, logging,...

Read More

[BackBox Linux] Version 3.0

BackBox is a Linux distribution based on Ubuntu Desktop, and designed for performing penetration testing, incident response, computer forensics, and intelligence gathering. It uses the Xfce desktop environment, and is developed by Raffaele Forte and a small but dedicated team.This release include features such as the new Linux Kernel 3.2 flower and Xfce 4.8. Apart from the system major upgrade, all auditing tools are up to date as well.What's...

Read More

[DEFT 7.2] Computer Forensic live system

DEFT 7.2 released its last 32bit release but we will support bugfix until 2020. DEFT is a new concept of Computer Forensic live system that uses LXDE as desktop environment and thunar file manager and mount manager as tool for device management. It is a very easy to use system that includes an excellent hardware detection and the best free and open source applications dedicated to incident response and computer forensicsNew in...

Read More

[Android Privacy Guard v1.0.8] OpenPGP for Android

There's no public key encryption for Android yet, but that's an important feature for many of us. Android Privacy Guard is to manage OpenPGP keys on your phone, use them to encrypt, sign, decrypt emails and files.Change log v1.0.8HKP key server supportapp2sd supportmore pass phrase cache options: 1, 2, 4, 8 hoursbugfixesDownload Android Privacy Ga...

Read More

[Snuck] Automatic XSS filter bypass

Snuck is an automatic tool whose goal is to significantly test a given XSS filter by specializing the injections on the basis of the reflection context. This approach adopts Selenium to drive a web browser in reproducing both the attacker's behavior and the victim's.snuck is an automated tool that may definitely help in finding XSS vulnerabilities in web applications. It is based on Selenium and supports Mozilla Firefox, Google Chrome and Internet...

Read More

[TCHead] TrueCrypt Password Cracking Tool

TCHead is software that decrypts and verifies TrueCrypt headers. TCHead supports all the current hashes, individual ciphers, standard volume headers, hidden volume headers and system drive encrypted headers (preboot authentication).Brute-force TrueCrypt : However, TrueCrypt passwords go through many iterations and are strengthened. Cracking them takes time. Very strong passwords will not be cracked. Also, in addition to trying multiple passwords...

Read More

[WebSploit] Framework 2.0.3 with Wifi Jammer

WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability.WebSploit Is An Open Source Project For :[>]Social Engineering Works[>]Scan,Crawler & Analysis Web[>]Automatic Exploiter[>]Support Network Attacks[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service[+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin[+]format infector - inject reverse & bind payload into file format[+]phpmyadmin...

Read More