[WebVulScan] Web Application Vulnerability Scanner

WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found. After...

Read More

[Hardanger] Web Application Penetration Testing Platform

Hardanger is an Open Source web application penetration testing tool led by security researchers from SecurityWire. The project aims to bridge the gap between current open source web application testing tools commonly used in a Linux environment and bring the same level of tools to native Windows based platforms. Hardanger aims to deliver a user friendly experience for semi-automated web application penetration testing by building tools on...

Read More

[Hidden File Finder] Scan and discover all the Hidden files on your Windows

Hidden File Finder is the free software to quickly scan and discover all the Hidden files on your Windows system.It performs swift multi threaded scan of all the folders parallely and quickly uncovers all the hidden files. It automatically detects the Hidden Executable Files (EXE, DLL, COM etc) and shows them in red color for easier identification. Similarly 'Hidden Files' are shown in black color and 'Hiddden Folders' are shown in blue color.One...

Read More

[Dradis Pro v1.7] Framework to enable effective information sharing

Dradis Pro is framework to enable effective information sharing, specially during security assessments.Dradis is a self-contained web application that provides a centralised repository of information to keep track of what has been done so far, and what is still ahead.Changelog v1.7This is the result of eight months of hard work, a bit longer than usual, but the release is packed with lots of handy improvements.Here are some changes:New Issue/Evidence...

Read More

[EMET v4.0] Enhanced Mitigation Experience Toolkit

The Enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent hackers from gaining access to your system. Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before the latest updates have been applied or who get attacked before an update is even available, the results...

Read More

[OWASP Bricks] Modular Deliberately Vulnerable Web Application

 Bricks is a deliberately vulnerable web application built on PHP and MySQL. The project focuses on variations of commonly seen application security vulnerabilities and exploits. Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). The mission is to 'break the bricks' and thus learn the various aspects of web application security. Bricks Challenge Page URL Documentations 1 Log in page #1...

Read More

[PyMal] The Malware Analysis Framework

PyMal is a python based interactive Malware Analysis Framework. It is built on the top of three pure python programes Pefile, Pydbg and Volatility.The main aim of the project is to combine all the Malware Analysis related tools into a single interface for rapid analysis. PyMal have several wrapper functions to manipulate Executable as well as running Processes. It also offers some advanced features like Injected Code Detection Hook Detection...

Read More

[Process Magic] Tool to Hide any Windows application in Hidden or Invisible mode

Process Magic is the command-line tool to Hide any Windows application or launch new application in Hidden or Invisible mode.In addition to hiding any Windows process, it also allows you to Unhide any previously Hidden application.Note that it hides the application by hiding its main window. So it will be seen in Task Manager or any process listing tools. It will be ideal when you want to hide your application from other users to prevent it from...

Read More

[pweb-suite] Perl based web application penetration testing tools

Written completely in Perl, this suite of tools covers a lot of the basics for penetration testing and vulnerability detection automation. This Suite (formerly known as the "pCrack Suite") of tools is used primarily or web application vulnerability testing.xssPlay in Action! (YouTube)Download pweb-su...

Read More

[Nishang v.0.2.7] PowerShell for Penetration Testing

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests.It contains many interesting scripts like download and execute, keylogger, dns txt pwnage, wait for command and much more. Changelog:- DNS_TXT_Pwnage, Time_Execution and Wait_For_Command...

Read More

[DLL Magic] Tool to Hide DLL in any Windows Process

DLL Magic is the simple command-line tool to Hide DLL in any Windows Process.Every Process maintains internal database of loaded Modules/DLLs in the form of three linked lists. Each of these linked list represents the order in which DLLs are loaded, here are they Load Order Memory Order Initialization OrderDLL Magic hides the DLL by removing the DLL from all these three linked lists. This is an effective technique to hide DLL from any of the Process/DLL...

Read More

[Malwasm] Offline debugger for malware's reverse engineering

Malwasm is a tool based on Cuckoo Sandbox available here. Malwasm was designed to help people that do reverse engineering. Malwasm step by step: the malware to analyse is executed through Cuckoo Sandbox during the execution, malwasm logs all activites of the malware with pintool all activities are stored in a database (Postgres) a web service is available to visualize and manage the data stored in the database FeaturesMalwasm provides these features:...

Read More

[John the Ripper v1.8.0] Fast Password Cracker

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.John the Ripper is free and Open Source software, distributed primarily...

Read More

[Hashcat v0.45] Advanced Password Recovery

* changes v0.44 -> v0.45:Release with some new algorithms:AIX smd5AIX ssha1, ssha256, ssha512GOST R 34.11-94We managed also to fix some bugs and implement some additional feature requestsFull changelog:type: featurefile: hashcat-clidesc: show status screen also when all hashes were recovered AND add start/stop time tootype: featurefile: hashcat-clidesc: added -m 6300 = AIX {smd5}cred: philsmdtype: featurefile: hashcat-clidesc: added -m 6400 =...

Read More

[PenQ] The Security Testing Browser Bundle

PenQ is an open source Linux based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more. PenQ is configured to run on Debian based distributions including Ubuntu and its derivative distros, and penetration testing operating systems such as BackTrack and...

Read More

AndroRat - Remote Administration Tool for Android

Androrat is a client/server application developed in Java Android for the client side and in Java/Swing for the Server.The name Androrat is a mix of Android and RAT (Remote Access Tool).It has been developed in a team of 4 for a university project. It has been realised in one month. The goal of the application is to give the control of the android system remotely and retrieve informations from it.Technical mattersThe android application is the...

Read More

[Suricata 1.4.2] Next Generation Intrusion Detection and Prevention Engine

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.OISF is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval...

Read More

[Veil v1.2] A Payload Generator to Bypass Antivirus

Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.Veil was designed to run on Kali Linux, but should function on any system capable of executing python scripts. Simply call Veil from the command line, and follow the menu to generate a payload. Upon creating the payload, veil will ask if you would like the payload file to be converted into an executable by Pyinstaller or Py2Exe.If using Pyinstaller,...

Read More