[zAnti] Android Network Toolkit

Anti consists of 2 parts: The Anti version itself and extendable plugins. Upcoming updates will add functionality, plugins or vulnerabilities/exploits to AntiUsing Anti is very intuitive - on each run, Anti will map your network, scan for active devices and vulnerabilities, and will display the information accordingly: Green led signals an 'Active device', Yellow led signals "Available ports", and Red led signals "Vulnerability found". Also,...

Read More

[Cansina] Web Content Discovery Application

It takes general available lists of common path and files used by web applications and make URL requests looking back to the server response code. Cansina stores the information in a sqlite database (omitting 404 responses). One for every new url (think this as a kind of projects feature) and the same database for every new payload on the same url.It aims to be (very) simple and straight to use doing only one thing: Discover content.The app is far...

Read More

[DEFT] Distribución linux para análisis forense

DEFT es una reputada distribución que recopila herramientas de análisis forense y que alcanza ya su versión 8.No se enfoca únicamente al típico análisis forense de discos duros, si no que tendremos la posibilidad también de realizar forenses de red e incluso de dispositivos móviles. Deft v8 está basada en Ubuntu 12.10, y posee un kernel versión 3.5.0-30. Como cualquier tipo de livecd actual, se nos ofrece la opción de instalar la distribución...

Read More

[WiFi Password Remover] Wireless (WEP/WPA/WPA2) Password/Profile Removal Software

WiFi Password Remover is the Free software to quickly recover and remove Wireless account passwords stored on your system.For each recovered Wi-Fi account, it displays following details,WiFi Name (SSID) Security Settings (WEP-64/WEP-128/WPA2/AES/TKIP)Password TypePassword in Hex formatPassword in clear text Once recovered, you can either remove single or all of them with just a click. Before proceeding with deletion, you can also take a backup...

Read More

[Lynis v1.3.5] The Unix / Linux auditing, security and hardening Tool

Security and system auditing tool to harden Linux systems (and more)Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information, installed packages and possible configuration errors.This software aims in assisting...

Read More

[HTSHELLS] Self contained web shells and other attacks via .htaccess files

Attacks are named in the following fashion, module.attack.htaccess and grouped by attack type in directories. Pick the one you need and copy it to a new file named .htaccess, check the file to see if it needs editing before you upload it. Web shells executes commands from the query parameter c, unless the file states otherwise.Download  HTSHE...

Read More

[Chrome Password Dump] Command-line Tool to Recover Login Password from Google Chrome Browser

Chrome Password Dump is the free command-line tool to quickly recover your lost web login passwords from Google Chrome browser.It automatically detects the default Chrome profile for current user and recovers all the stored web login passwords.Alternatively you can also specify the custom profile path in case your Chrome user profile is not in standard location. This is very useful in recovering the login passwords from other Chrome based browsers...

Read More

[FruityWifi v1.6] the Wireless Network Auditing Tool

FruityWifi is a wireless network auditing tool based in the Wifi Pineapple idea. The application can be installed in any Debian based system. Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi), Pwnpi (Raspberry Pi). With the new version, it is possible to install external modules. This functionality gives the user more flexibility and the FruityWifi can be customized. The modules can be added or removed anytime using...

Read More

[HashTag] Password Hash Type Identification (Identify Hashes)

HashTag.py is a Python script written to parse and identify the password hash type used.HashTag supports the identification of over 250 hash types along with matching them to over 110 hashcat modes (use the command line switch -hc to output the hashcat modes). It is also able to identify a single hash, parse a single file and identify the hashes within it, or traverse a root directory and all subdirectories for potential hash files and identify...

Read More

[pyClamd] Using Clamav with python

pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way.Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product. Download pyCl...

Read More

[Tundeep v0.2a] Layer 2 VPN/Injection tool

Tundeep is a layer 2 VPN/injection tool that resides [almost] entirely in user space on the victim aside from the pcap requirement. This can be handled via a silent install however. The tool will build on Linux and Windows victims. Windows compilation is achieved using Cygwin. The attacker must be a Linux machine however as kernel TUN/TAP support is required. It works just fine on Backtrack/Kali.The purpose of the tool is to allow an attacker...

Read More

[iptables-bash_completion] Programmable completion code (bash) for ip[6]tables

This is the programmable completion specification (compspec) for the iptables program (netfilter.org).FeaturesInteractive completion for ip[6]tables.This completion specification follows the logic of iptables and will only show commands and options, when they are available for the current context. Providing some kind of interactive help.Show and complete matches, targets and builtin and/or user-defined chains.Dynamically retrieve, show and complete: set names, services (port-ranges), protocols, active interfaces, cpu numbers, routing realms,...

Read More

[ipset_list] ipset set listing wrapper script

Features:Calculate sum of set members (and match on that count).List only members of a specified set.Choose a delimiter character for separating members.Show only sets containing a specific (glob matching) header.Arithmetic comparison on headers with an integer value.Match members using a globbing or regex pattern.Suppress listing of (glob matching) sets.Suppress listing of (glob matching) headers.Suppress listing of members matching a glob or regex...

Read More

[OMENS v1.17] The framework for distributing Actionable Intelligence

OMENS (Object Monitor for Enhanced Network Security) was born out of the intrusion (and intrusion attempts) analysis that I have been doing over many years. I consistently run into intrusion attempts that existing IDS systems have difficulty detecting. OMENS is my attempt to better detect (and understand) these blind spots in existing systems.OMENS uses two primary methods to determine hostile activity. Scanning for hostile activity through signature comparisons, and base-lining to determine if any system changes have taken place.OMENS is initially...

Read More

[Hashcat v0.46] Multi-Threaded Password Hash Cracking Tool

hashcat claims to be the world’s fastest CPU-based password recovery tool, while not as fast as GPU powered hash brute forcing (like CUDA-Multiforcer), it is still pretty fast.hashcat was written somewhere in the middle of 2009. Yes, there were already close-to-perfect working tools supporting rule-based attacks like “PasswordsPro”, “John The Ripper”. However for some unknown reason, both of them did not support multi-threading. That was the...

Read More

OWASP Xenotix XSS Exploit Framework v4.5

Version 4.5 AdditionsJavaScript BeautifierPause and Resume support for ScanJump to PayloadCookie Support for POST RequestCookie Support and Custom Headers for Header ScannerAdded TRACE method SupportImproved InterfaceBetter Proxy SupportWAF FingerprintingLoad FilesHash CalculatorHash DetectorDownload OWASP Xenotix XSS Exploit Framework v...

Read More

[MailPasswordDecryptor] All-in-one Mail Password Recovery Software

Mail Password Decryptor is the FREE software to instantly recover Mail Account passwords from popular email clients and other desktop applications.You can recover your lost password for email accounts like Gmail, Yahoo Mail, Hotmail or Windows Live Mail from email applications such as Microsoft Outlook, Thunderbird, IncrediMail, GTalk & many more. MailPasswordDecryptor automatically crawls through each of these applications...

Read More

[Beleth] Multi-threaded SSH Password Auditor

Dictionary based SSH crackerUsage: ./beleth [OPTIONS] -c [payload] Execute payload on remote server once logged in -h Display this help -l [threads] Limit threads to given number. Default: 4 -p [port] Specify remote port -t [target] Attempt connections to this server -u [user] Attempt connection using this username -v -v (Show attempts) -vv (Show debugging) -w [wordlist] Use this wordlist. Defaults to wordlist.txtExample:$ ./beleth -l 15 -t 127.0.0.1 -u stderr -w wordlist.txt+-----------------------------------------+|...

Read More

[WebSurgery] Web application security testing suite

WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with web application planning and exploitation. Suite currently contains a spectrum of efficient, fast and stable web tools (Crawler, Bruteforcer, Fuzzer, Proxy, Editor) and some extra functionality tools (Scripting Filters, List Generator, External Proxy).Main ToolsCrawlerHigh Performance Multi-Threading and Completely...

Read More

[autosploit] Scripts that combine Nmap and Metasploit

Scripts that will combine Metasploit and Nmap without using Lua. Download autospl...

Read More

[WiFi Password Decryptor] Wireless Password Recovery Software

WiFi Password Decryptor is the FREE software to instantly recover Wireless account passwords stored on your system.It automatically recovers all type of Wireless Keys/Passwords (WEP/WPA/WPA2 etc) stored by Windows Wireless Configuration Manager. For each recovered WiFi account, it displays following information WiFi Name (SSID) Security Settings (WEP-64/WEP-128/WPA2/AES/TKIP)Password TypePassword in Hex formatPassword in clear text After the...

Read More

[LANs.py] Capture and inject traffic on LAN

Multithreaded asynchronous packet parsing/injecting arp spoofer.Individually arpspoofs the target box, router and DNS server if necessary. Does not poison anyone else on the network. Displays all most the interesting bits of their traffic and can inject custom html into pages they visit. Cleans up after itself.Prereqs: Linux, scapy, python nfqueue-bindings 0.4.3+, aircrack-ng, python twisted, BeEF (optional), and a wireless card capable of promiscuous mode if you don't use the -ip optionTested on Kali 1.0. In the following examples 192.168.0.5...

Read More

[Firefox Password Remover] Firefox Website Login Password Removal Tool

Firefox Password Remover is the free tool to quickly remove the stored website login passwords from Firefox.You can either remove selected ones or all of the stored passwords from the Firefox sign-on database.One of the unique feature of this tool is that it allows you to remove the website passwords even if it is protected with Master Password. In addition to this, you can also generate password report in HTML/XML/TEXT format. This is useful for...

Read More

[WhiteHat Aviator] The Web’s most secure and private browser

A few weeks have passed and we’ve had an overwhelmingly positive response from the community for the Aviator Beta. As you can probably expect, the vast majority of comments we received were around building a Windows version or a Linux version. But in the mean time, we wanted to make sure we continued iterating on some of the bugs that have floated in. Aviator version 1.2 has the following changes:Fixed gate keeper – unidentified developer...

Read More

[Wifislax 4.7 Final] Livecd de Auditorías Wireless

Una vez más nos satisface entregar una nueva versión del livecd de auditorías wireless wifislax. En esta versión 4.7 , el sistema esta construido con paquetes slackware-14.1 que por fin ha visto la luz también. Salimos con kernel 3.10.18 , con ampliación de drivers y como siempre en versiones normal y pae. Los escritorios son kde 4.10.5 del repositorio slackware y xfce 4.11, y configurado para darle un toque diferente acorde a las peticiones...

Read More

Python tools for Pentesters

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs. This page lists some of them. Most of the listed tools are written in Python, others are just Python bindings for existing C libraries, i.e. they make those libraries easily usable from Python programs.NetworkScapy: send, sniff and dissect and forge...

Read More

[SX Password Dump Suite] Complete Set of Command-line Password Recovery Tools from SecurityXploded

SX Password Dump Suite is the complete collection of all the FREE command-line based password recovery tools from SecurityXploded. It contains the latest version of all the password dump tools which makes it easier for the user to get all these tools at one place instead of downloading each of them separately. SX Password Dump Suite includes following universal password recovery tools, Browser Password Dump Facebook...

Read More

[aidSQL] PHP Application For SQL Injection Detection & Exploitation

aidSQL a PHP application provided for detecting security holes in your website/s. It’s a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation.The tool provides pen-testing capabilities for MS-SQL 2000, MySQL 5 and the author promises to add Oracle 10g support – but that doesn’t seem to be happening.You can view a demo of the app here:The output from Wavsep for aidSQL can also be...

Read More

[Volatility v2.3] The advanced memory forensics framework (Support of OSX)

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities...

Read More

[FS-NyarL] A network takeover & forensic analysis tool

NyarL it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony.It's represent Crawling Chaos and FS-NyarL it's The Crawling Chaos of Cyber Security :-)A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit - but use it at your own risk!Interactive ConsoleReal Time Passwords FoundReal Time Hosts EnumerationTuned Injections & Client Side AttacksARP Poisoning &...

Read More

[SET v5.4] The Social-Engineer Toolkit "Walkers"

TrustedSec is proud to announce the release of The Social-Engineer Toolkit (SET) v5.4 codename “Walkers”. This version has a significant amount of changes, performance upgrades, bug fixes, and efficiency. This blog post will cover some of the major highlights from Java 7 Update 45 and how to get around the security “enhancements”. Most importantly, a massive overhaul on how the Java Applet behaves. Most recently, Java released Java 7 Update 45 which...

Read More

[Bluelog v1.1.2] Linux Bluetooth scanner

Bluelog is a Linux Bluetooth scanner with optional daemon mode and web front-end, designed for site surveys and traffic monitoring. It's intended to be run for long periods of time in a static location to determine how many discoverable Bluetooth devices there are in the area.While there are many different Bluetooth scanners available, none I found did exactly what I wanted, most seemed focused on pulling down various bits of information from the...

Read More

[sniffMyPackets v1.0] A Maltego Set of Transforms for pcap analysis

sniffMyPackets is a set of Maltego transforms written using the Canari framework that allow for the analysis of pcap files.Currently there are over 60 transforms that cover things such as:extracting TCP/UDP streamsrewriting IP src/dst addresses for pcap replaySHA1 & MD5 hashingRebuilding of files from pcap filesCapturing packets from specified interfacesYou can still watch some Videos showing features and how to run sniffMyPacketsDownload sniffMyPackets v...

Read More

[Umap] The USB host security assessment tool

umap is a tool which allows you to test the security of USB host implementations i.e. something you plug a USB device into, like a PC or a tablet. Its primary function at the moment is a fuzzer with test cases based on a combination of data from standards documentation and the author's experience of where USB bugs are commonly found. However, it also has additional functionality that will be expanded further in future versions, for example:Operating...

Read More