MASSCAN - Mass IP port scanner (fastest Internet port scanner)

This is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second.It produces results similar to nmap, the most famous port scanner. Internally, it operates more like scanrand, unicornscan, and ZMap, using asynchronous transmission. The major difference is that it's faster than these other scanners. In addition, it's more flexible, allowing arbitrary address ranges and port ranges.NOTE:...

Read More

srm - command-line program to delete files securely

srm is a secure replacement for rm(1). Unlike the standard rm, it overwrites the data in the target files before unlinking them. This prevents command-line recovery of the data by examining the raw block device. It may also help frustrate physical examination of the disk, although it's unlikely that it can completely prevent that type of recovery. It is, essentially, a paper shredder for sensitive files.srm is ideal for personal...

Read More

Drozer - The Leading Security Assessment Framework for Android

drozer is a comprehensive security audit and attack framework for Android.With increasing pressure to support mobile working, the ingress of Android into the enterprise is gathering momentum. Have you considered the threat posed by the Android app that supports your business function, or Android devices being used as part of your BYOD strategy?drozer helps to provide confidence that Android apps and devices being developed by, or deployed across,...

Read More

UFONet - DDoS attacks via Web Abuse (XSS/CSRF)

UFONet - is a tool designed to launch DDoS attacks against a target, using 'Open Redirect' vectors on third party web applications, like botnet.See this links for more info:- CWE-601:Open Redirect- OWASP:URL Redirector AbuseMain features: --version show program's version number and exit -v, --verbose active verbose on requests --check-tor check to see if Tor is used properly --update check for latest...

Read More

FBHT v3.0 - Facebook Hacking Tool (Like flood, Note DDoS attack, FBFriendlyLogout, more...)

FBHT (Facebook Hacking Tool) is an open-source tool written in Python that exploits multiple vulnerabilities on the Facebook platformThe tool provides:1) Create accounts2) Delete all accounts for a given user3) Send friendship requests (Test Accounts)4) Accept friendship requests (Test Accounts)5) Connect all the accounts of the database6) Link Preview hack (Simple web version)7) Link Preview hack (Youtube version)8) Youtube hijack9) Private message,...

Read More

DAWIN - Distributed Audit & Wireless Intrusion Notification

DA-WIN is the end of the manual PCI wireless scan DA-WIN provides an organisation a continuous wireless scanning capability that is light touch and simple. It utilises compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance.BYOD - Bring Your Own Disaster Marketing directors everywhere need to be able to swager (see urban...

Read More

WebBrowserPassView v1.56 - Recover lost passwords stored in your Web browser

WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0), Mozilla Firefox (All Versions), Google Chrome, Safari, and Opera. This tool can be used to recover your lost/forgotten password of any Website, including popular Web sites, like Facebook, Yahoo, Google, and GMail, as long as the password is stored by your Web Browser.After retrieving your lost passwords,...

Read More

NetHogs - Small 'net top' tool

NetHogs is a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to indentify programs that have gone wild and are suddenly taking up your bandwidth.Since NetHogs...

Read More

Lynis 1.6.1 - Version which includes a non-privileged scan (--pentest)

Lynis is a security auditing tool for the Linux, Unix and Mac platform. Being open source and free to use, it is an accessible and great solution to perform security scans. Within just a matter of minutes, it displays the weaknesses in your defenses, and tips for improving them. While Lynis was initially an auditing solution, version 1.6.1 brought a very exciting new pentest option (--pentest). It allows to perform a non-privileged scans, so...

Read More

tinfoleak - Get detailed information about a Twitter user activity

tinfoleak is a simple Python script that allow to obtain:basic information about a Twitter user (name, picture, location, followers, etc.)devices and operating systems used by the Twitter userapplications and social networks used by the Twitter userplace and geolocation coordinates to generate a tracking map of locations visitedshow user tweets in Google Earth!download all pics from a Twitter userhashtags used by the Twitter user and when are used...

Read More

BurpSentintel - GUI Burp Plugin to ease discovering of security holes in web applications

A plugin for Burp Intercepting Proxy, to aid and ease the identification of vulnerabilities in web applications.Searching for vulnerabilities in web applications can be a tedious task. Most of the time consists of inserting magic chars into parameters, and looking for suspicious output. Sentinel tries to automate parts of this laborous task. It's purpose is not to automatically scan for vulnerabilities (even if it can do it in certain cases),...

Read More

Wireless Network Watcher v1.72 - Show who is connected to your wireless network

Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network. For every computer or device that is connected to your network, the following information is displayed: IP address, MAC address, the company that manufactured the network card, and optionally the computer name. You can also export the connected devices list into html/xml/csv/text...

Read More

WPHardening - WPHardening fortification is a security tool for WordPress

WPHardening is a security tool for WordPress. Different tools to hardening WordPress.Usage$ python wphardening.py -h Options: --version show program's version number and exit -h, --help show this help message and exit -v, --verbose Active verbose mode output results --update Check for WPHardening latest stable version Target: This option must be specified to modify the package WordPress. -d DIRECTORY,...

Read More

XSScrapy - Fast, thorough XSS vulnerability spider

Fast, thorough, XSS spider. Give it a URL and it'll test every link it finds for cross-site scripting vulnerabilities. XSS attack vectors xsscrapy will testReferer header (way more common than I thought it would be!)User-Agent headerCookie header (added 8/24/14)Forms, both hidden and explicitURL variablesEnd of the URL, e.g. www.example.com/<script>alert(1)</script>Open redirect XSS, e.g. looking for links where it can inject a value...

Read More

PHP Secure Configuration Checker - Check current PHP configuration for potential security flaws

Among the most tedious tasks of PHP security testing is the check for insecure PHP configuration. As a successor of our PHP Security Poster, we have created a script to help system administrators as well as security professionals to assess the state of php.ini and related topics as quickly and as thoroughly as possible. For later reference, the script is called "PHP Secure Configuration Checker" , or pcc.Inspiration and previous workphpinfo():...

Read More

LinSSID - Graphical wireless scanning for Linux (similar to Inssider)

LinSSID is graphically and functionally similar to Inssider (Microsoft™ Windows®). It is written in C++ using Linux wireless tools, Qt5, and Qwt 6.1.LinSSID may be installed either by downloading source or binary from this site, or if you're using Debian/Ubuntu or one of its brethren, adding a ppa to your software sources and then installing it with your favorite application manager. The ppa is:deb http://ppa.launchpad.net/wseverin/ppa/ubuntu...

Read More

zAnti - Android Penetration Testing Toolkit (Free!)

zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety.zANTI offers a comprehensive range of fully customizable scans to reveal everything from authentication, backdoor and brute-force attempts to database, DNS and protocol-specific attacks – including rogue access points.zANTI...

Read More