[SET v5.2] The Social-Engineer Toolkit "Urban Camping"

The Social-Engineer Toolkit (SET) version 5.2 codename “Urban Camping” has been released. This version adds a complete rewrite of the PowerShell injection techniques within SET and incorporates an automatic process downgrade attack detailed here: https://www.trustedsec.com/may-2013/native-powershell-x86-shellcode-injection-on-64-bit-platforms/. The attack will automatically detect if PowerShell is installed, then detect what platform its running...

Read More

[Suricata v1.4.4] Next Generation Intrusion Detection and Prevention Engine

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.OISF is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval...

Read More

[HconSTF Pentest Browser] Open Source Penetration Testing / Ethical Hacking Framework

HconSTF is Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments.contains webtools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain - students, Security Professionals,web developers,...

Read More

[Patator v0.5] Multi-purpose brute-forcer, with a modular design and a flexible usage

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.Currently it supports the following modules:* ftp_login : Brute-force FTP* ssh_login : Brute-force SSH* telnet_login : Brute-force Telnet* smtp_login : Brute-force SMTP* smtp_vrfy : Enumerate valid users using the SMTP VRFY command* smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command* finger_lookup : Enumerate valid users using Finger*...

Read More

[Hash Console v1.5] All-in-one Command-line tool to generate hash md5, sha1, sha256, sha384, sha512, lm, ntlm, base64, crc32, rot13

Hash Console is the all-in-one command-line based tool to quickly generate more than 15 different type of hashes. It can generate hash for any given file or simple text.Hashes or checksums are used for multiple purposes including file integrity verification, encryption, password storage etc. Hash Console help you easily and quickly quickly computing the hash for given file or text.Currently it supports following popular hash typesMD5 family (md2,...

Read More

[OWASP Zed Attack Proxy 2.1.0] An easy to use integrated penetration testing tool for finding vulnerabilities in web applications

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.Some of ZAP's functionality: Intercepting Proxy Traditional and...

Read More

[Facebook Password Decryptor v5.0] Facebook Password Recovery Software

Facebook Password Decryptor is the FREE software to instantly recover Facebook account passwords stored by popular Web Browsers and Messengers. It is one of our most popular software with over One Million downloads worldwide.It supports recovering of the stored Facebook login password from most of the popular Internet browsers and messengers. Here is the complete list of supported applications.Internet Explorer (v4.0 - v10.0)...

Read More

[MAC Address Scanner] Desktop Tool to Find MAC address of Remote Computers on Local Network

MAC Address Scanner is the free desktop tool to remotely scan and find MAC Address of all systems on your local network.It allows you to scan either a single host or range of hosts at a time. During the scan, it displays the current status for each host. After the completion, you can generate detailed scan report in HTML/XML/TEXT format.Note that you can find MAC address for all systems within your subnet only. For all others, you will see the...

Read More

[bWAPP bee-box] Linux VMware virtual machine pre-installed with bWAPP

bee-box is a custom Linux VMware virtual machine pre-installed with bWAPP.bee-box gives you several ways to hack and deface the bWAPP website.It's even possible to hack the bee-box to get root access...With bee-box you have the opportunity to explore all bWAPP vulnerabilities!This project is part of the ITSEC Games project. ITSEC Games are a fun approach to IT security education. IT security, ethical hacking, training and fun... all mixed together....

Read More

[DLL Finder v1.5] Tool to quickly find the matching DLL in all running Processes

DLL Finder is the command-line tool to quickly find the matching DLL in all running Processes.For each discovered DLL in a process it displays, Target Process Name Process ID Full DLL Name DLL Base Address DLL Load Count DLL File PathOn 64 bit system, 32-bit processes are shown with suffix "*32" for easier identification.It is mainly useful for developers and reserachers. Being a command-line tool makes it easy for automation.      ...

Read More

[Netsparker v3.0.2.0 Community Edition] Web Application Security Scanner

Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker.It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting (XSS), Remote Code Execution and many more. It has exploitation built on it, for example you can get a reverse shell out of an identified SQL Injection or extract data via running...

Read More

[Arachni v0.4.3] Ruby framework aimed towards helping penetration testers

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process.Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while travelling through the paths of a web application’s...

Read More

[Snort 2.9.5] Network intrusion prevention and detection system (IDS/IPS)

Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS.[*] New additions* Added tracking of FTP data channel for file transfers as file_data...

Read More

[Zarp v0.1.2] The Python Network Attack Tool

Zarp is a network attack tool centered around the exploitation of local networks. This does not include system exploitation, but rather abusing networking protocols and stacks to take over, infiltrate, and knock out. Sessions can be managed to quickly poison and sniff multiple systems at once, dumping sensitive information automatically or to the attacker directly. Various sniffers are included to automatically parse usernames and passwords from...

Read More

[Salted Hash Kracker v1.5] Recover the Password from Salted Hash text

Salted Hash Kracker is the free all-in-one tool to recover the Password from Salted Hash text.These days most websites and applications use salt based hash generation to prevent it from being cracked easily using precomputed hash tables such as Rainbow Crack. In such cases, 'Salted Hash Kracker' will help you to recover the lost password from salted hash text. It also allow you to specify the salt position either in the beginning of password(salt+password)...

Read More

[Chrome Password Decryptor v4.6] Recover all stored passwords from Google Chrome

Chrome Password Decryptor is the FREE tool to instantly recover all stored passwords from Google Chrome browser. It automatically detect the default Chrome profile path for the current user and displays all the stored login passwords in clear text after decrypting them. It also shows all the blacklisted website entries for which user has prompted Chrome to not to remember the passwords. Another useful feature of this tool...

Read More