[DLink Password Decryptor] Tool to recover the Login Password of D-Link modem/router

DLink Password Decryptor is a free desktop tool to instantly recover the Login Password of D-Link modem/router.If you have lost login authentication password of your D-link modem and you have backup configuration file then you can use this tool to quickly get back your password. It supports dual mode of password recovery. You can either enter the encrypted D-link password directly or specify the D-Link Modem's backup configuration file. In...

Read More

[Capsa packet Sniffer] Herramienta Portable para Análisis de Red

Capsa es una Herramienta Portable para Análisis de Red gratuito para que los administradores de red puedan supervisar, diagnosticar y solucionar sus problemas en network. La versión gratuita del analizador viene con toneladas de características, y es lo suficientemente buena para se uso doméstico, así como su uso en la pequeña empresa.Con Capsa Sniffer puedes monitorear y capturar los datos de red de 50 direcciones IP.Características de Capsa :Detalle...

Read More

[HoneyProxy] A man-in-the-middle SSL Proxy & Traffic Analyzer

HoneyProxy is a lightweight tool that allows live HTTP(S) traffic inspection and analysis.It focuses on features that are useful for malware analysis and network forensics. FeaturesAnalyze HTTP(S) traffic on the fly Filter and highlight traffic, regex support included. Report Generation for saved flows, including a live JS editor. Save HTTP conversations for later analysis Make scripted changes with Python, e.g. remove Cache Header. based...

Read More

[PunkSPIDER] Búsqueda Masiva de Vulnerabilidades en Aplicaciones Web

Alejandro Caceres, CTO de Hyperion Gray, presentó en la conferencia ShmooCon 2013 un interesante proyecto llamado PunkSPIDER. Se trata de una arquitectura basada en clusters Apache Hadoop para un escaner distribuido capaz de realizar miles de escaneos de vulnerabilidades web al día y poner a disposición de cualquiera sus resultados. Es decir, PunkSPIDER es un gran motor global de búsqueda de vulnerabilidades en aplicaciones web. El objetivo...

Read More

[Hash Kracker Console] Tool to find out the password from the Hash

Hash Kracker Console is the all-in-one command-line tool to find out the password from the Hash.Currently it supports password recovery from following popular Hash typesMD5SHA1SHA256 SHA384 SHA512Also it offers 4 types of Password Recovery methods based on the complexity of password Dictionary Crack Hybrid Crack Brute-force Crack Pattern based Brute-force CrackBeing a command-line makes it faster and easy for automation. It is fully portable tool...

Read More

[oclHashcat-lite v0.15] Worlds fastest NTLM, MD5, SHA1, SHA256 and Descrypt Cracker

FeaturesWorlds fastest NTLM, MD5, SHA1, SHA256 and descrypt crackerFreeMulti-GPU (up to 128 gpus)Multi-OS (Linux & Windows native binaries)Multi-Platform (OpenCL & CUDA support)Multi-Algo (see below)Low resource utilization, you can still watch movies or play games while crackingFocuses one-shot, lightweight hashesSupports mixed GPU typesSupports markov attackSupports mask attackSupports distributed crackingSupports pause / resume while crackingSupports...

Read More

[oclHashcat-plus v0.14] Worlds fastest md5crypt, phpass, mscash2 and WPA/WPA2 cracker

FeaturesWorlds fastest md5crypt, phpass, mscash2 and WPA / WPA2 crackerWorlds first and only GPGPU based rule engineFreeMulti-GPU (up to 128 gpus)Multi-Hash (up to 15 million hashes)Multi-OS (Linux & Windows native binaries)Multi-Platform (OpenCL & CUDA support)Multi-Algo (see below)Low resource utilization, you can still watch movies or play games while crackingFocuses highly iterated modern hashesFocuses single dictionary based attacksSupports...

Read More

[Hashcat v0.44] Advanced Password Recovery

FeaturesMulti-ThreadedFreeMulti-Hash (up to 24 million hashes)Multi-OS (Linux, Windows and OSX native binaries)Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, ...)SSE2 acceleratedAll Attack-Modes except Brute-Force and Permutation can be extended by rulesVery fast Rule-engineRules compatible with JTR and PasswordsProPossible to resume or limit sessionAutomatically recognizes recovered hashes from outfile at startupCan automatically generate random...

Read More

[Juniper Password Decryptor] Tool to Decode and Recover Juniper $9$ Passwords

Juniper Password Decryptor is a free desktop tool to instantly decode and recover Juniper $9$ Passwords.Juniper Router allows you to configure 2 types of passwords,Juniper $1$ Password: Here MD5 hash of the password is stored. It starts with $1$ and requires brute-force technique to recover the passwordJuniper $9$ Password: These passwords are encoded using Juniper's private encryption algorithm. Password hash starts with $9$ text & can be...

Read More

[Dexter] A Free Tool for Mobile (Android) Malware Analysis

Bluebox Labs just released Dexter, a free tool which wants to help information security professionals and malware analysts to analyze Android mobile applications in order to find malware and vulnerabilities.Dexter combines manual and automatic static program analysis to provide a better understanding of an Android application. Since the original application source code is not required, Dexter is useful during third party binary application analyses...

Read More

[WhatWeb] Scanner para Fingerprinting de una Web

WhatWeb es una herramienta que nos permite realizar Fingerprinting de una web.WhatWeb tiene la particularidad de identificar webs que están realizadas con alguno de los CMS más populares como WordPress, Joomla!, phpBB o Drupal, además permite identificar versiones de librerías JavaScript, Geolocalización de dominios, identificación de etiquetas HTML, Servidores Web y más de 900 plugins para extender su funcionalidad.A los que nunca utilizaron...

Read More

[Converter v0.7] Analyzing and Deobfuscating Malicious Scripts

Malicious Java applets have been making news for awhile so I thought I would update Converter to include some new features to help with deobfuscating them.This is a list of changes made to this version:+ Replaced Binary-to/from-Text with Binary-to/from-Hex to make it more useful+ Added Filter > “Keep Hex” to only keep hex characters+ Added Format > “Mixed Octal to Hex” to convert a mixture of text and octal to hex+ Added Format > “Sort...

Read More

[JoomlaScan v1.5] Scanner para encontrar vulnerabilidades en Joomla

En esta nueva actualización de JoomlaScan se reconoce la versión 3.1.0-beta1 de Joomla! pasando por las últimas de 2.5.x y las primeras de 3.0.xDesde que apareció la versión 2.5 la identificación de la versión de Joomla! se reduce a consultar un archivo, concretamente http://tu.joomla.com/administrator/manifest/files/joomla.xml donde podemos localizar la versión exacta:<version>3.0.3</version>Aunque bien es cierto que en versiones...

Read More

[L517] Simple WordList Generator for Windows

L517 is a word-list generator for the Windows Operating System.I wrote L517 to be the only word-list generator and editor I would ever need. L517 is small (considering what it does), it is fast (considering it's a Windows app), and it is lightweight (when not loading astronomically large lists). A user-friendly GUI requires no memorization of command-line arguments!L517 contains hundreds of options for generating a large, personalized, and/or...

Read More

[SET v4.7] The Social-Engineer Toolkit

The Social-Engineer Toolkit (SET) version 4.7 codename “Headshot” has been released. This version of SET introduces the ability to specify multi-powershell injection which allows you to specify as many ports as you want and SET will automatically inject PowerShell onto the system on all of the reverse ports outbound. What’s nice with this technique is it never touches disk and also uses already white listed processes. So it should...

Read More

[Password Sniffer Console] Password Sniffing Tool to capture Email, Web and FTP login passwords

Password Sniffer Console is the all-in-one command-line based Password Sniffing Tool to capture Email, Web and FTP login passwords passing through the network.It automatically detects the login packets on network for various protocols and instantly decodes the passwords.Here is the list of supported protocols,HTTP (BASIC authentication)FTPPOP3IMAPSMTPIn addition to recovering your own lost passwords, you can use this tool in following scenarios,Run...

Read More

[SCIP] Indentify, Enumerate & Execute Invisible ASP.net Controls

SCIP is an OWASP ZAP extension designed to assess the security of ASP.net and Mono applications, while abusing platform specific behaviors and misconfigurations. The extension currently supports the following features: Identify the existence of invisible, commented and disabled server side web controls in ASP.net – passively (!). Identify which ASP.net security configuration is active in each page (EventValidation, MAC), and in which cases...

Read More

[SSLyze v0.6] SSL Server Configuration Scanning Tool

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers.FeaturesSSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibilityPerformance testing: session resumption and TLS tickets supportSecurity testing: weak cipher suites, insecure renegation, CRIME and THC-SSL DOS attacksServer...

Read More

[Evasi0n] Quitar el jailbreak en el iPhone/iPod touch/iPad

El jailbreak no es necesariamente ilegal (al menos no en Estados Unidos), pero sin lugar a dudas es una práctica mal vista por Apple. Si quieres llevar tu dispositivo móvil a un taller de reparación, entonces deberás quitar primero el jailbreak.Los evad3rs (autores de la herramienta de jailbreak untethered evasi0n) han dicho que el jailbreak no afecta de ningún modo a los iPhones – por ejemplo, no provoca un mayor consumo de batería ni otras...

Read More

[SHA256 Salted Hash Kracker]Tool to Crack your Salted SHA256 Hash

SHA256 Salted Hash Kracker is the free tool to crack and recover your lost password from the salted SHA256 hash.These days most websites and applications use salt based SHA256 hash generation to prevent it from being cracked easily using precomputed hash tables such as Rainbow Crack. In such cases, 'SHA256 Salted Hash Kracker' will help you to recover your lost password from salted SHA256 hash.It uses dictionary based cracking method which makes...

Read More

[JSQL v0.3] Java Tool for Automatic Database Injection

jSQL Injection is a lightweight application used to find database information from a distant server.jSQL is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris).Version 0.2 features:GET, POST, header, cookie methodsnormal, error based, blind, time based algorithmsautomatic best algorithm selectionthread control (start/pause/resume/stop)expose URL callssimple evasiondata retrieving progression barproxy settingsupports MySQLNext...

Read More

[Pentoo 2013.0 RC1.1] Security-Focused live CD based on Gentoo

Pentoo is a security-focused live CD based on Gentoo It's basically a Gentoo install with lots of customized tools, customized kernel, and much more.Pentoo 2013.0 RC1.1 features :Changes savingCUDA/OpenCL Enhanced cracking softwareJohn the ripperHashcat Suite of toolsKernel 3.7.5 and all needed patches for injectionXFCE 4.10All the latest tools and a responsive development team!Here is a non-exhaustive list of the features currently included :Hardened...

Read More

[Snort 2.9.4.1] Network Intrusion Detection System

Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) . Snort having the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks. Snort performs protocol analysis, content searching, and content matching.The program can also be used to detect probes or attacks, including, but not limited to, operating system fingerprinting attempts,...

Read More

[SSL Certificate Downloader] Command-line Tool to grab SSL Certificate from Server Remotely

SSL Cert Downloader is a free command-line tool to grab SSL certificate from server remotely.It can be used to download certificate from any of the SSL enabled services including HTTPS (443) LDAPS (636) SMTPS (465) POPS (995) IMAPS (993)You can either specify IP address or host name of the server. Also you can enter any custom port which makes it useful when SSL service is running on non-standard port.Once the certificate is downloaded from the...

Read More

[Ghost Phisher Tool] Fake DNS Server, Fake DHCP Server and Fake HTTP server

Ghost Phisher is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honeypot, could be used to service DHCP request , DNS requests or phishing attacksRequirements:python,python-qt4,dhcp3-server,ettercap-gtkhttp://adf.ly/145...

Read More

[Hook Analyser v2.4] Application (and Malware) Analysis tool

Application (and Malware) Analysis tool. Hook Analyser is a hook tool which could be potentially helpful in reversing application and analysing malwares.Changelog v2.4Hook Analyser can now analyse DLLs. (Part of the Static Malware Analysis Module)The deep trace functionality has been improved significantly, and now it supports searching (and logging) for traces such as Shellcodes, Filenames, WinSockets, Compiler Traces etc.(Part of the Static Malware...

Read More

[Weevely] PHP Stealth Tiny Web Shell

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.Weevely is currently included in Backtrack and Backbox and all the major Linux distributions oriented for penetration testing.More than 30 modules to automatize administration and post exploitation tasks: ...

Read More