Web-Fu - Chrome extension for pentesting web applications

Chrome extension for pentesting web applications. Web-fu Is a web hacking tool focused on discovering and exploiting web vulnerabilitites.

Is a Browser embedded webhacking tool. Some tools, doesn't support certifiacte auhtentication or web vpn accesses. If the browser can authenticate on the application for inside scanning, this hacking tool can too becouse is embedded.

Very comfortable way of website auditing.

Main functionalities:

 - visual web crawling

 - visual form cracking

 - get/post bruteforcing and fuzzing

 - real rendering

 - gauss based false positive reductor

 - encoding/decoding

 - portscan 

 - cookie editor

 - web notes

 - request interceptor

 - http logger 

 - vulnerability scanner

 - build request

 - session locker

 - exploit multi-search

With webfu, you will do the best web site pentest and vulnerability assessment.

Download Web-Fu

Read More

Shodan Plugin for Chrome

The Shodan plugin tells you where the website is hosted (country, city), who owns the IP and what other services/ ports are open.

The Shodan plugin for Chrome automatically checks whether Shodan has any information for the current website. Is the website also running FTP, DNS, SSH or some unusual service? With this plugin you can see all the info that Shodan has collected on a given website/ domain.

Download Shodan Plugin for Chrome

Read More

[ImageCacheViewer] View images in the cache of your Web browser

ImageCacheViewer is a simple tool that scans the cache of your Web browser (Internet Explorer, Firefox, or Chrome), and lists the images displayed in the Web sites that you recently visited. 

For every cached image file, the following information is displayed: URL of the image, Web browser that was used to visit the page, image type, date/time of the image, browsing time, and file size. 

When selecting a cache item in the upper pane of ImageCacheViewer, the image is displayed in the lower pane, and you can copy the image to the clipboard by pressing Ctrl+M.

System Requirements And Limitations

• This utility works in any version of Windows, starting from Windows XP and up to Windows 8. Both 32-bit and 64-bit systems are supported.
• The following Web browsers are supported: Internet Explorer, Mozilla Firefox, SeaMonkey, and Google Chrome.
• ImageCacheViewer won't work if you configure your Web browser to clear the cache after closing it.
• It's recommended to close all windows of your Web browser before using ImageCacheViewer, to ensure that all cache files are saved to the disk.

Start Using ImageCacheViewer

ImageCacheViewer doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file - ImageCacheViewer.exe

After running ImageCacheViewer, it begins to scan the cache of your Web browser, and displays all cached images from Web sites you visited in the last day. If you want to get images from other days, you can remove or change the last 1-day filter from the 'Advanced Options' window (F9).

After the scanning process is finished, you can also watch the image in the lower pane of ImageCacheViewer, by selecting the desired item in the upper pane.

If from some reason ImageCacheViewer fails to detect the cache of your Web browser properly, you can go to 'Advanced Options' window (F9), and choose the desired cache folders to scan for each Web browser.

Download ImageCacheViewer

Read More

[ChromeAnalysis] Tool for analysing Google Chrome web browser

ChromeAnalysis Plus is a software tool for extracting, viewing and analysing internet history from the Google Chrome web browser. The main features are described below:

Extract History

Extract history regarding bookmarks, cookies, downloads, favicons, logins, most visited sites, search terms, website visits, archived search terms and archived website visits.

Case Files

Each Chrome profile analysed can be saved to a Case file for further analysis at a later date.

Supports Chrome versions 1 to 30

Extract history generated from Chrome versions 1 to 30 (new versions are added regularly).

Technical Support and Upgrades (1 year)

Technical support is provided via e-mail. Free upgrades to minor versions are also provided.

Web History Timeline

Website visits can be viewed in a navigable timeline structure for easily viewing the time and order that websites were visited.

Reporting

Generate reports in HTML, CSV and XML format.

Time Zone and DST Settings

Convert UTC timestamps to any time zone and apply custom daylight saving settings.

Cache

The built-in image viewer can be used to view images from the cache. Images, web pages and other files from the cache can also be extracted.

Web Page Reconstruction

Web pages stored in the cache can be reconstructed using other resource files from the cache. This allows the web page to be viewed in the state it was originally accessed.

Filtering

Analyse the extracted data with filtering by keyword, date range, download status or selection. Lists of keyword filters can also be saved and loaded.

Download ChromeAnalysis

Read More

[Websecurify] Web Security Testing Runtime

A Complete Suite Of Web Security Tools

The Suite provides a complete and functional marketplace of highly integrated web application security tools. You will find that different areas are covered by various domain-specific solutions. The Suite consists of automated scanners, fuzzers, utilities and many other tools useful in numerous situations.

Consistent And Easy To Use

The look and feel is consistent across all applications, which makes them incredibly easy to work with. You no longer have to look for hidden options, remember commands or even change the way you go about doing your work. It all just makes sense.

Wide Coverage Of Security Vulnerabilities

The Suite scanning technology is able to discover variety of issues from XSS, SQL Injection, Local File Includes to Default Logins, Session Problems and many others. OWASP TOP 10, WASC and variety of other lists are well supported. For the complete list of vulnerabilities we can discover just click here.

Download Websecurify

Read More

[Chrome Password Dump] Command-line Tool to Recover Login Password from Google Chrome Browser

Chrome Password Dump is the free command-line tool to quickly recover your lost web login passwords from Google Chrome browser.

It automatically detects the default Chrome profile for current user and recovers all the stored web login passwords.

Alternatively you can also specify the custom profile path in case your Chrome user profile is not in standard location. This is very useful in recovering the login passwords from other Chrome based browsers such as Chrome SXS/Canary, CoolNovo, Flock, Comodo Dragon etc.

Command line interface makes it helpful for Penetration Testers & Forensic investigators.

Download Chrome Password Dump v1.0

Read More

[Chrome Password Decryptor v4.6] Recover all stored passwords from Google Chrome

Chrome Password Decryptor is the FREE tool to instantly recover all stored passwords from Google Chrome browser. It automatically detect the default Chrome profile path for the current user and displays all the stored login passwords in clear text after decrypting them. It also shows all the blacklisted website entries for which user has prompted Chrome to not to remember the passwords.

Another useful feature of this tool is the Save option which can be used to save the login secrets to the local file in standard HTML/XML/Text format. This will be very useful in following cases

To take backup of the login secrets for the stored websites To transfer the secrets from one system to another. To store the website passwords at more secured centralized location To recover the passwords in case Chrome becomes not accessible or non functional.

It presents the command line interface which is more helpful for Penetration testers in their work. Apart from normal users who can use it to recover their lost password, it can come in handy for Forensic investigators.   Download Chrome Password Decryptor  v4.6

Read More