HTTPNetworkSniffer - Http Sniffer Utility

HTTPNetworkSniffer is a packet sniffer tool that captures all HTTP requests/responses sent between the Web browser and the Web server and displays them in a simple table. For every HTTP request, the following information is displayed: Host Name, HTTP method (GET, POST, HEAD), URL Path, User Agent, Response Code, Response String, Content Type, Referer, Content Encoding, Transfer Encoding, Server Name, Content Length, Cookie String, and more...You...

Read More

RedoWalker - Tool to explore Oracle database transaction logs

RedoWalker is a tool to explore Oracle database transaction logs, otherwise known as redo logs. Any time changes are made to the database server, for example after an INSERT, DELETE or UPDATE, they are recorded in the redo log.These redo logs are stored in a proprietary and undocumented format and, as such, are unreadable and unintelligible without a tool that can decipher them. Oracle does provide a tool called LogMiner to access the redo...

Read More

Volafox - Mac OS X & BSD Memory Analysis Toolkit

Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any malicious program on the system. Security analyst can have the following information using this tool:InformationKernel version, CPU and memory spec, boot/sleep/wakeup time Mounted filesystems Process listing and dump address space KEXT(Kernel Extensions)...

Read More

Inception - Attacking FireWire Devices

Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost* any powered on machine you have physical access to. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces.Inception aims to provide a stable and easy way of performing intrusive and non-intrusive...

Read More

OWASP ZAP v2.3.1 - An easy to use integrated penetration testing tool for finding vulnerabilities in web applications

OWASP Zed Attack Proxy (ZAP) An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.Changelog v2.3.1The following changes were made in this release:ZAP...

Read More

Parsero v0.75 - Attacking Robots.txt Files

Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries. The Disallow entries tell the search engines what directories or files hosted on a web server mustn't be indexed. For example, "Disallow: /portal/login" means that the content on www.example.com/portal/login it's not allowed to be indexed by crawlers like Google, Bing, Yahoo... This is the way the administrator have to...

Read More

OWASP OWTF – Offensive (Web) Testing Framework

The purpose of this tool is to automate the manual, uncreative part of pen testing: For example, spending time trying to remember how to call "tool X", parsing results of "tool X" manually to feed "tool Y", etc.By reducing this burden I hope pen testers will have more time to:See the big picture and think out of the boxMore efficiently find, verify and combine vulnerabilities Have time to investigate complex vulnerabilities like business logic/architectural...

Read More

ProduKey - Recover lost Windows product key (CD-Key) and Office 2003/2007 product key

ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003, Microsoft Office 2007), Windows (Including Windows 7 and Windows Vista), Exchange Server, and SQL Server installed on your computer. You can view this information for your current running operating system, or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product...

Read More

Hook Analyser 3.1 - Malware Analysis Tool

Hook Analyser is a freeware application which allows an investigator/analyst to perform “static & run-time / dynamic” analysis of suspicious applications, also gather (analyse & co-related) threat intelligence related information (or data) from various open sources on the Internet.Essentially it’s a malware analysis tool that has evolved to add some cyber threat intelligence features & mapping.Hook Analyser is perhaps the only “free”...

Read More

Hostscan - PHP tool for scanning specific range of hosts

Hostscan is a php tool which allows you to scan specific range of hosts, mostly for information gathering and testing for weak passwords. I guess it's a pentest tool, i'd created it to automate some tests that i often do. Since it's PHP, it works quite slowly compared to client-side soft.How it works?You need to provide range of ip's (e.g. 127.0.0.1 - 127.0.0.10); program will perform operations on each address separately, basing on selected options,...

Read More

Kali Linux 1.0.7 Released

Kernel 3.14, Tool Updates, Package ImprovementsKali linux 1.0.7 has just been released, complete with a whole bunch of tool updates, a new kernel, and some cool new features. Check out our changelog for a full list of these items. As usual, you don’t need to re-download or re-install Kali to benefit from these updates – you can update to the latest and greatest using these simple commands:apt-get updateapt-get dist-upgrade#...

Read More

oclHashcat v1.2 - GPGPU-based Multi-hash Cracker

oclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack (implemented as mask attack), combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack.This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite.GPU Driver requirements:NV users require ForceWare 331.67 or laterAMD users require Catalyst 14.4 or laterChangelog v1.21This release is focused on performance increase / bugfixes.Added...

Read More

YaCy - The Peer to Peer Search Engine

YaCy is a free search engine that anyone can use to build a search portal for their intranet or to help search the public internet. When contributing to the world-wide peer network, the scale of YaCy is limited only by the number of users in the world and can index billions of web pages. It is fully decentralized, all users of the search engine network are equal, the network does not store user search requests and it is not possible for anyone to...

Read More

MagicTree - Penetration Tester Productivity Tool

Have you ever spent ages trying to find the results of a particular portscan you were sure you did? Or grepping through a bunch of files looking for data for a particular host or service? Or copy-pasting bits of output from a bunch of typescripts into a report? We certainly did, and that's why we wrote MagicTree - so that it does such mind-numbing stuff for us, while we spend our time hacking.MagicTree is a penetration tester productivity tool....

Read More

Tails - The Amnesic Incognito Live System Released

Tails, The Amnesic Incognito Live System,  is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly.It is a complete operating system designed to be used from a DVD, USB stick, or SD card independently of the computer’s original operating system. It is Free Software...

Read More

Onionshare - Securely and anonymously share a file of any size

OnionShare lets you securely and anonymously share a file of any size with someone. It works by starting a web server, making it accessible as a Tor hidden service, and generating an unguessable URL access and download the file. It doesn't require setting up a server on the internet somewhere or using a third party filesharing service. You host the file on your own computer and use a Tor hidden service to make it temporarily accessible over...

Read More

w3af - Open Source Web Application Security Scanner

w3af, is a Web Application Attack and Audit Framework. The w3af core and it’s plugins are fully written in python, it identifies more than 200 vulnerabilities and reduce your site’s overall risk exposure. Identify vulnerabilities like SQL Injection, Cross-Site Scripting, Guessable credentials, Unhandled application errors and PHP misconfigurations.Changelog v1.6Improved performance: your scans will run fasterImproved quality: 1300+ unittests...

Read More

WPScan - WordPress Security Scanner

WPScan is a black box WordPress vulnerability scanner.FeaturesUsername enumeration (from author querystring and location header)Weak password cracking (multithreaded)Version enumeration (from generator meta tag and from client side files)Vulnerability enumeration (based on version)Plugin enumeration (2220 most popular by default)Plugin vulnerability enumeration (based on plugin name)Plugin enumeration list generationOther misc WordPress checks (theme...

Read More

WVS v9.5 - Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.This week the latest version was released, Acunetix Vulnerability Scanner 9.5.FeaturesAcuSensor TechnologyIndustry’s...

Read More

Tor Browser v3.6 - Anonymity Online and defend yourself against network surveillance and traffic analysis

The Tor Browser Bundle lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained.Changelog v3.6Here is the complete changelog since TBB 3.5.4:All PlatformsUpdate Firefox to 24.5.0esrInclude Pluggable Transports by default:Obfsproxy3 0.2.4, Flashproxy 1.6, and FTE 0.2.13 are now includedBug 11586:...

Read More

Cuckoo Sandbox v1.1 - Automated Malware Analysis

Cuckoo Sandbox is a malware analysis system. It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment.Cuckoo generates a handful of different raw data which include:Native functions and Windows API calls tracesCopies of files created and deleted from the filesystemDump of the memory of the...

Read More

Online JavaScript Beautifier - Beautify, unpack or deobfuscate JavaScript and HTML

This little beautifier will reformat and reindent bookmarklets, ugly JavaScript, unpack scripts packed.Online JavaScript Beautif...

Read More

Acrylic WiFi Free - Real-time WLAN information and network analysis

Acrylic WiFi enables identificating WiFi access points, obtaining information of the security mechanisms and obtaining generic WiFi passwords thanks to a plugins system.Access points: WLAN network information (SSID and BSSID) and clients connected to the network.Signal level: Signal quality charts (RSSI) of detected devices.Inventory: Naming known devices.Passwords: WiFi passwords and WPS Keys factory configured.Channels: Channel scanner and WiFi...

Read More

Host-Extract - Enumerate All IP/Host Patterns In A Web Page

This little ruby script tries to extract all IP/Host patterns in page response of a given URL and JavaScript/CSS files of that URL.With it, you can quickly identify internal IPs/Hostnames, development IPs/ports, cdn, load balancers, additional attack entries related to your target that are revealed in inline js, css, html comment areas and js/css files. This is unlike web crawler which looks for new links only in anchor tags (<a) or the like. (you might miss many additional targets if you ever use such web crawler or other GUI-based...

Read More

Tilt - Terminal Ip Lookup Tool

Tilt: Terminal ip lookup tool, is an easy and simple open source tool implemented in Python for ip/host passive reconnaissance. It's very handy for first reconnaissance approach and for host data retrieval.FeaturesHost to IP conversionIP to Host conversionDNS to IPsGeoIP TranslationExtensive information gathering trough Host-name Whois with: Registrar infoDatesName ServerSiteStatusOwner informationAdditional dataSub domains Percentage of accessExtensive...

Read More

Acunetix Web Vulnerability Scanner Version 9 - Web Application Security Testing Tool

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.Changelog v9.20140206New Functionality in Acunetix Web Vulnerability Scanner v9Added...

Read More

ModSecurity v2.8.0 - Open Source Web Application Firewall

ModSecurity™is an open source, free web application firewall (WAF) Apache module. With over 70% of all attacks now carried out over the web application level, organizations need all the help they can get in making their systems secure.Changelog v2.8.0Bug fixBuild issue: Now using autotools to identify if sys/utsname.h is present.Changed configure.ac version to 2.8Changelog v2.8.0-rc1:New featuresJSON Parser is no longer under tests. Now it is...

Read More