This website is web service for checking file that you're uploaded is the malicious file or not. It's similar Virustotal.com, try it by yourself.ByteScan...
[Syhunt Sandcat Browser v4.1] A Penetration-oriented browser (extented to Web Application Assessment)
Sandcat Browser 4 brings unique features that are useful for pen-testers and web developers. Sandcat is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua programming language to provide extensions and scripting support.FeaturesLive HTTP Headers — built-in live headers with a dedicated cache per tab and support for preview extensionsSandcat Console — an extensible command line console; Allows you to...
[iodine] Tunnel application to forward IPv4 traffic through DNS servers (IP over DNS)
iodine lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed. It runs on Linux, Mac OS X, FreeBSD, NetBSD, OpenBSD and Windows and needs a TUN/TAP device. The bandwidth is asymmetrical with limited upstream and up to 1 Mbit/s downstream. Compared to other DNS tunnel implementations, iodine offers: Higher performanceiodine uses the NULL type that...
[WhatWeb v0.4.7] The Content Management Systems (CMS) Technology Scanner
WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL...
[ThreatFactor NSIA v1.0.6] Network System Integrity Analysis
ThreatFactor NSIA is a website scanner that monitors websites in real-time in order to detect defacements, compliance violations, exploits, sensitive information disclosure and other issues. ThreatFactor detects issues remotely and therefore requires no software to install, does not introduce any latency and will not interrupt business operations. At it’s core, ThreatFactor uses an advanced analysis engine that is capable of detecting a wide variety...
[vFeed & vFeed API] The open source cross-linked local vulnerability database
vFeed is an open source naming scheme concept that provides extra structured detailed 3rd parties references for a CVE entry. While the emergence of the Open Standards helped undeniably to shape a new way to communicate about vulnerabilities1, the new vFeed is adding an intelligent structured xml feed that provides effective level of information (meta-data) related to vulnerability.Internally, vFeedCore (not published yet) collects the basis...
[JBrute v0.9.4] Open Source Security tool to audit hashed passwords
JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-auditing scenarios.Java Runtime version 1.7 or higher is required for running JBrute.FeaturesMuli-platform support (by Java VM)Several hashing algorithms supportedFlexible chained hashes decryption...
[ollydbg-binary-execution-visualizer] New Tool for Visualizing Binaries With Ollydbg and Graphvis
Sometimes crackme’s or something you might be reversing will constantly bug you due to the excessive usage of f7 & f8. It will be quiet neat if you can see how the application is executing visually and set your break points accordingly.Requirements:o Ollyscript plugino Bunch of your favorite anti-‐debug plugins (phantom , ollyadvanced, …etc) o Pygraphvizo Graphvizo Python 2.7Approach:Create an ollyscript that will do the followingo Log all EIP...
[Arachni v0.4.5.1-0.4.2] Open Source Web Application Security Scanner Framework
Arachni is a Free/Open Source project, the code is released under the Apache License Version 2.0 and you are free to use it as you see fit.Initially started as an educational exercise, it has since evolved into a powerful and modular framework allowing for fast, accurate and flexible security/vulnerability assessments. More than that, Arachni is highly extend-able allowing for anyone to improve upon it by adding custom components and tailoring most...
[OWASP Zed Attack Proxy 2.2.1] Tool for finding vulnerabilities in web applications (Now supports CWE)
OWASP Zed Attack Proxy (ZAP) An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.Some of ZAP’s features:Intercepting ProxyAutomated scannerPassive scannerBrute...
[Binrev] Automate Reversing Windows Binaries for Pentesters
What you can do with this? Static analysis: you can do a basic manual code review for decompiled sources to discover hidden communication channels, search for hard-coded passwords, or SQL injection vulnerabilities.Import decompiled projects to an IDE to reconstruct and modify the original source codeCall hidden native exported functions with rundll32Here is a rough description of what it does, and what tools it is using:For exe, dll files: ...
Forensics Tools
ADQUISICIÓN Y ANÁLISIS DE LA MEMORIA Set de utilidades que permite la adquisición de la memoria ram para posteriormente hacer un análisis con ella.pd Proccess Dumper - Convierte un proceso de la memoria a fichero.FTK Imager - Permite entre otras cosas adquirir la memoria.DumpIt - Realiza volcados de memoria a fichero.Responder CE - Captura la memoria y permite analizarla.Volatility - Analiza procesos y extrae información util para el analista.RedLine...
[Capture the flag] Remaster Linux Live CD images for wargames
Remaster Linux Live CD images for the purpose of creating ready to use security wargames with pre-installed vulnerabilities to exploit.RequirementsYou will need the following in order to build the Live CD using the scripts in this project:Linux, with root access using sudogitmake, gcc -- for building vulnerable programspwgen -- for generating random passwordsrsyncgenisoimage -- for mkisofsadvancecomp -- for advdefsquashfs-tools -- for unsquashfscurl...
[SuperPutty Password Decryptor] SuperPutty Session Login Password Recovery Software
SuperPutty Password Decryptor is the Free desktop tool to instantly recover all the login passswords from SuperPutty session history.SuperPutty is a Windows GUI Application that allows PuTTY SSH Client to be opened in Tabs. It also stores the session details allowing users to automatically login without entering the password every time.SuperPutty Password Decryptor helps you to quickly recover all the stored login passwords from this session file....
[sslnuke] SSL without verification isn't secure!
We have all heard over and over that SSL without verification is not secure. If an SSL connection is not verified with a cached certificate, it can easily be hijacked by any attacker. So in 2013, one would think we had totally done away with this problem. Browsers cache certificates and very loudly warn the user when a site has offered up a self-verified certificate and should not be trusted, browser vendors have pretty much solved this problem....
[OS X Auditor] free Mac OS X computer forensics tool
OS X Auditor parses and hashes the following artifacts on the running system or a copy of a system you want to analyze:the kernel extensionsthe system agents and daemonsthe third party's agents and daemonsthe old and deprecated system and third party's startup itemsthe users' agentsthe users' downloaded filesthe installed applicationsIt extracts:the users' quarantined filesthe users' Safari history, downloads, topsites, HTML5 databases and localstorethe...
[SpearPhisher] A Simple Phishing Email Generation Tool
SpearPhisher is a simple point and click Windows GUI tool designed for (mostly) non-technical people who would like to supplement the education and awareness aspect of their information security program. Not only is it useful to non-technical folks, penetration testers may find it handy for sending quick and easy ad-hoc phishing emails. The tool supports specifying different sending names and email addresses, multiple recipients via TO, CC,...
[OWASP ZAP] Herramienta de Pentest para encontrar vulnerabilidades en aplicaciones web
OWASP ZAP, una de las herramientas absolutamente indispensable en el arsenal de cualquier pentester, acaba de liberar su versión 2.2.0Esta fabulosa herramienta, que además es gratuita, no para de progresar y añadir nuevas funcionalidades. Un enorme ¡GRACIAS! a OWASP por hacer que el proyecto crezca y siga adelante.Esta versión trae interesantes novedades como por ejemplo soporte para Mozilla Zest, un motor de scripting orientado a herramientas...
[SecureCheq v1.0] The Security Configuration Management made easy!
SecureCheq is a fast, simple utility for Windows servers and desktops that answers these questions while it tests for common configuration risks. This free utility:Tests for a subset of typical (and often dangerous) Windows configuration errorsProvides detailed remediation and repair adviceTests for about two dozen critical but common configuration errors related to OS hardening, Data Protection, Communication Security, User Account Activity and...
[OWASP Broken Web Applications Project VM v1.1] Collection of vulnerable web applications
The Broken Web Applications (BWA) Project is a collection of vulnerable web applications that is distributed on a Virtual Machine.The Broken Web Applications (BWA) Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in:Learning about web application securityTesting manual assessment techniquesTesting automated toolsTesting source code analysis toolsObserving web attacksTesting WAFs...
[Facebook Password Dump] Tool to instantly recover your lost Facebook password
Facebook Password Dump is the command-line tool to instantly recover your lost Facebook password from popular web browsers and messengers.It automatically discovers installed applications on your system and recovers all the stored Facebook login passwords within seconds. Being command-line tool makes it ideal tool for penetration testers and forensic investigators. For GUI version check out the Facebook Password Decryptor.Download FacebookPasswordDump...
[wEAPe] Weape-Wireless-EAP-Extractor Script
Auto extracts EAP 802.1x user namesFeatures Sets up wireless card into monitor modeLists all APsAssociates with AP's you wishExtracts domain user names from any connects using EAPRequirements airodump tool setTested on Backtrack 5 and Kali.Download wE...
[Nimbostratus] Tools for fingerprinting and exploiting Amazon cloud infrastructures
Nimbostratus are tools for fingerprinting and exploiting Amazon cloud infrastructures. Nimbostratus is the first toolset to help you in the process of pivoting in Amazon AWS cloudsFeaturesEnumerate permissions to AWS services for current IAM roleUse poorly configured IAM role to create new AWS userExtract local and remote AWS credentials from metadata, .boto, etc.Clone DB to access information stored in snapshotInject raw Celery task for pickle...
[Bluebox-ng] UC/VoIP Security Tool
Bluebox-ng is a next generation UC/VoIP security tool. It has been written in CoffeeScript using Node.js powers. This project is "our 2 cents" to help to improve information security practices in VoIP/UC environments.GitHub repo: https://github.com/jesusprubio/bluebox-ngIRC(Freenode): #breakingVoIPInstallGNU/Linux and Mac OS XInstall Node.js:Linux: https://github.com/joyent/node/wiki/Installing-Node.js-via-package-managerMac: http://nodejs.org/download/cd...
Subscribe to:
Posts (Atom)
.png)
