Password Security Scanner - Check the security/strength of your passwords on Windows

This utility scans the passwords stored by popular Windows applications (Microsoft Outlook, Internet Explorer, Mozilla Firefox, and more...) and displays security information about all these passwords. The security information of every stored password includes the total number of characters, number of numeric characters, number of lowercase/uppercase characters, number of repeating characters, and password strength. You can use this tool to determine whether the passwords used by other users are secured enough, without watching the passwords themselves.

Start Using Password Security Scanner

Password Security Scanner doesn't require any installation process or additional dll files. In order to start using it, simply run the executable file - PasswordScan.exe 

After you run PasswordScan.exe, Password Security Scanner scans the passwords stored on your system, and then displays the security information of all found passwords inside the main window. 

You can also go to the 'Advanced Options' window (F9) and choose to displays only insecure passwords with low number of characters or with low password strength value.

Columns Description

• Item Name:The name of the item. For Web site passwords, the address of the Web site is displayed. For email passwords, the email address is displayed.
• Password Type:The type of the password: Web Browser, Messenger, Email, or Dialup/VPN.
• Application:The application that stores the specified password item: Microsoft Outlook, Firefox, Internet Explorer, and so on...
• User Name:The user name that is used with the specified password item.
• Password Length:The total number of characters in the password.
• Numeric:The total number of numeric characters (0 - 9) in the password.
• Lowercase:The total number of lowercase characters (a - z) in the password.
• Uppercase:The total number of uppercase characters (A - Z) in the password.
• Other Ascii:The total number of non-alphanumeric characters in the password.
• Non-English:The total number of non-English characters in the password.
• Repeating:The total number of repeating characters in the password. For example, if the password is abcdab, then the 'Repeating' value will be 2, because both a and b characters appears more than once.
• Password Strength:The strength of the password, calculated according to number of parameters, including the total number of characters, number of repeating characters, type of characters used in the passwords, and more... 
  The numeric value displayed in this column represents the strength of the password, according to the following list:
  • 1 - 7: Very Weak
  • 8 - 14: Weak
  • 15 - 25: Medium
  • 26 - 45: Strong
  • 46 and above: Very Strong
• Windows User:The Windows user that owns the password. For most passwords, this column will display the current logged-on user. However, for Dialup passwords of Windows, you might also see the passwords of other Windows users, and in those cases, this column will display the Windows users that created the dialup password.    

 

Download Password Security Scanner

Read More

[Firefox Password Remover v1.5] Firefox Website Login Password Removal Tool

Firefox Password Remover is the free tool to quickly remove the stored website login passwords from Firefox.

You can either remove selected ones or all of the stored passwords from the Firefox sign-on database.

One of the unique feature of this tool is that it allows you to remove the website passwords even if it is protected with Master Password.

In addition to this, you can also generate password report in HTML/XML/TEXT/CSV format. This is useful for creating backup before proceeding with deletion of passwords.

Also it supports removal of passwords from different Firefox profiles either on local system or any other system with different Operating system (such as Linux, MAC etc).

This is very handy tool for easily removing your stored passwords on public systems or shared computers. Often it is not good idea to hand over your laptop to someone without clearing your important passwords, mainly Facebook or Google ones.

Firefox Password Remover supports all versions of Firefox including latest version v25.0. It works on both 32bit & 64bit platforms starting from Windows XP to Windows 8.

Download Firefox Password Remover v1.5

Read More

[FirePasswordViewer v5.5] Firefox Sign-on Secrets Recovery Software

Like other browsers, Firefox also stores the login details such as username, password for every website visited by the user at the user consent. All these secret details are stored in Firefox sign-on database securely in an encrypted format.

FirePasswordViewer can instantly decrypt and recover these secrets even if they are protected with master password.

Also it can be used to recover passwords from different profile (for other users on the same system) as well as from the different Operating system (such as Linux, Mac etc). This greatly helps Forensic Investigators who can copy the Firefox profile data from the target system to different machine and recover the passwords offline without affecting the target environment.

This mega version brings in major changes to support latest Firefox v25.0 and new GUI interface with cool banner.

Download FirePasswordViewer

Read More

[FoxAnalysis] Firefox Internet History Analysis Software

FoxAnalysis Plus is a software tool for extracting, viewing and analysing internet history from the Mozilla Firefox web browser. The main features are described below:

  

Extract History  ::
Extract history regarding bookmarks, cookies, downloads, favicons, form entries, logins, saved sessions and website visits.   

Case Files  ::
Each Firefox profile analysed can be saved to a Case file for further analysis at a later date.   

Supports Firefox versions 3 to 24  ::
Extract history generated from Firefox versions 3 to 24 (new versions are added regularly). 

Cache ::
The built-in image viewer can be used to view images from the cache. Images, web pages and other files from the cache can also be extracted.

Saved Sessions ::
Analyse current and last session data such as open windows and tabs, cookies and text typed into forms. Session data not displayed within a table can be analysed using the tree viewer. 

Web History Timeline ::
Website visits can be viewed in a navigable timeline structure for easily viewing the time and order that websites were visited. 

Web Page Reconstruction ::
Web pages stored in the cache can be reconstructed using other resource files from the cache. This allows the web page to be viewed in the state it was originally accessed. A report is also provided summarising how the web page was reconstructed. 

Filtering ::
Analyse the extracted data with filtering by keyword, date range, download status, website visit or selection. Lists of keyword filters can also be saved and loaded. 

Reporting ::
Generate reports in HTML, CSV and XML format. 

Time Zone and DST Settings ::
Convert UTC timestamps to any time zone and apply custom daylight saving settings.  

Download FoxAnalysis

Read More

[Websecurify] Web Security Testing Runtime

A Complete Suite Of Web Security Tools

The Suite provides a complete and functional marketplace of highly integrated web application security tools. You will find that different areas are covered by various domain-specific solutions. The Suite consists of automated scanners, fuzzers, utilities and many other tools useful in numerous situations.

Consistent And Easy To Use

The look and feel is consistent across all applications, which makes them incredibly easy to work with. You no longer have to look for hidden options, remember commands or even change the way you go about doing your work. It all just makes sense.

Wide Coverage Of Security Vulnerabilities

The Suite scanning technology is able to discover variety of issues from XSS, SQL Injection, Local File Includes to Default Logins, Session Problems and many others. OWASP TOP 10, WASC and variety of other lists are well supported. For the complete list of vulnerabilities we can discover just click here.

Download Websecurify

Read More

Tor Browser Bundle 3.5

The 2.x stable series of the Tor Browser Bundle has officially been deprecated, and all users are encouraged to upgrade to the 3.5 series.

Packages are now available from the Tor download page as well

as the Tor Package archive.

For now, the Pluggable Transports-capable TBB is still a separate package, maintained by David Fifield.

For people already using TBB 3.5rc1, the changes are not substantial, and are included below.

However, for users of TBB 2.x and 3.0, this release includes important security updates to Firefox. All users are strongly encouraged to update immediately, as we will not be making further releases in the 2.x or 3.0 series.

In terms of user-facing changes from TBB 2.x, the 3.x series primarily features the replacement of Vidalia with a Firefox-based Tor controller called Tor Launcher. This has resulted in a vast decrease in startup times, and a vast increase in usability. We have also begun work on an FAQ page to handle common questions arising from this transition -- where Vidalia went, how to disable JavaScript, how to check signatures, etc.

The complete changelog for the 3.x series describes the changes since 2.x.

The set of changes since the 3.5rc1 release is:

• All Platforms
• Update Tor to 0.2.4.19
• Update Tor Launcher to 0.2.4.2
  • Bug 10382: Fix a Tor Launcher hang on TBB exit
• Update Torbutton to 1.6.5.2
• Misc: Switch update download URL back to download-easy    

Download Tor Browser Bundle 3.5

Read More

[Firefox Password Remover] Firefox Website Login Password Removal Tool

Firefox Password Remover is the free tool to quickly remove the stored website login passwords from Firefox.

You can either remove selected ones or all of the stored passwords from the Firefox sign-on database.

One of the unique feature of this tool is that it allows you to remove the website passwords even if it is protected with Master Password.

In addition to this, you can also generate password report in HTML/XML/TEXT format. This is useful for creating backup before proceeding with deletion of passwords.

Also it supports removal of passwords from different Firefox profiles either on local system or any other system with different Operating system (such as Linux, MAC etc).

This is very handy tool for easily removing your stored passwords on public systems or shared computers. Often it is not good idea to hand over your laptop to someone without clearing your important passwords, mainly Facebook or Google ones.

Firefox Password Remover supports all versions of Firefox including latest version v25.0. It works on both 32bit & 64bit platforms starting from Windows XP to Windows 8.

Download Firefox Password Remover v1.0

Read More

11 Firefox Add-ons to Hack and PenTest

1. Tamper Data

Tamper data is an great tool to to view and modify HTTP/HTTPS headers and post parameters. We can alter each request going from our machine to destination host with this. Thus it helps in security testing web application by modifying POST parameters. It can be used in performing XSS and SQL Injection attacks by modifying header data.

Add Tamper data to Firefox:

https://addons.mozilla.org/en-us/firefox/addon/tamper-data/

2. Firebug

Firebug is a nice add-on that integrates a web development tool inside the browser. With this tool, you can edit and debug HTML, CSS and JavaScript live in any webpage to see the effect of changes. It helps in analyzing JS files to find XSS vulnerabilities. It’s an really helpful add-on in finding DOM based XSS for security testing professionals.

Add firebug to your browser :

https://addons.mozilla.org/en-US/firefox/addon/firebug/

3. Hackbar

Hackbar is a simple penetration tool for Firefox. It helps in testing simple SQL injection and XSS holes. You cannot execute standard exploits but you can easily use it to test whether vulnerability exists or not. You can also manually submit form data with GET or POST requests. It also has encryption and encoding tools. Most of the times, this tool helps in testing XSS vulnerability with encoded XSS payloads. It also supports keyboard shortcuts to perform various tasks.I am sure, most of the persons in the security field already know about this tool. This tool is mostly used in finding POST XSS vulnerabilities because it can send POST data manually to any page you like. With the ability of manually sending POST form data, you can easily bypass client side validations of the page. If your payload is being encoded at client side, you can use an encoding tool to encode your payload and then perform the attack. If the application is vulnerable to the XSS, I am sure you will find the vulnerability with the help of the Hackbar add-on on Firefox browser.

Add Hackbar to Firefox:

https://addons.mozilla.org/en-US/firefox/addon/hackbar/

4. Cookies Manager +

Cookie Manager is one of the greatest tool ever made. Using this tool you can actually play with cookies. You can alter almost all cookie using this tool. You can use Cookies manager to view, edit and create new cookies. It also shows extra information about cookies, allows edit multiple cookies at once and backup/restore them.

Add Cookies Manager to Firefox:

https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/

5. NoScript

No Script add-ons greatness is beyond imagination. With this tool you can monitor each an every script running on website, you can block any of scripts and see what actually that scripts does on website. But this add-on is for experts, newbies will face problems using this. Note: If you are testing XSS, HTTPS header modifications, Injection attacks on any website you need to disable this plugin because it will not allow you to do so. 

Add NoScript to Firefox:

https://addons.mozilla.org/en-us/firefox/addon/noscript/

6. Grease Monkey

Grease Monkey is an counter part of No Script, its actually behaves opposite of Noscript. We use Noscript to block the scripts and use GreaseMonkey to run the scripts. It allows you to customize the way a web page displays or behaves, by using small bits of JavaScript. 

Add Grease Monkey to Firefox :

https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/

7. User Agent Switcher

User Agent Switcher add-on; adds a one click user agent switch to the browser. It adds a menu and tool bar button in the browser. Whenever you want to switch the user agent, use the browser button. User Agent add on helps in spoofing the browser while performing some attack.

Add user agent Switcher to Firefox:

https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/

8. CryptoFox

CryptoFox is an encryption or decryption tool for Mozilla Firefox. It supports most of the available encryption algorithm. So, you can easily encrypt or decrypt data with supported encryption algorithm. This add-on comes with dictionary attack support, to crack MD5 cracking passwords. Although, it hasn’t have good reviews, it works satisfactorily.

Add CryptoFox to Firefox:

https://addons.mozilla.org/en-US/firefox/addon/cryptofox/

9. SQL Inject Me

SQL Inject Me is another nice Firefox add-on used to find SQL injection vulnerabilities in web applications. This tool does not exploit the vulnerability but display that it exists. SQL injection is one of the most harmful web application vulnerabilities, it can allow attackers to view, modify, edit, add or delete records in a database.The tool sends escape strings through form fields, and tries to search database error messages. If it finds a database error message, it marks the page as vulnerable. Hackers can use this tool for SQL injection testing.

Add SQL Inject Me to Firefox:

https://addons.mozilla.org/en-us/firefox/addon/sql-inject-me/

10.  XSS ME

Cross Site Scripting is the most found web application vulnerability. For detecting XSS vulnerabilities in web applications, this add-on can be a useful tool. XSS-Me is used to find reflected XSS vulnerabilities from a browser. It scans all forms of the page, and then performs an attack on the selected pages with pre-defined XSS payloads. After the scan is complete, it lists all the pages that renders a payload on the page, and may be vulnerable to XSS attack. Now, you can manually test the web page to find whether the vulnerability exists or not.

Add XSS ME to Firefox:

https://addons.mozilla.org/en-us/firefox/addon/xss-me/

11.  Passive Recon

Last but not the least. Passive recon is a good information gathering tool. 

PassiveRecon provides information security professionals with the ability to perform "packetless" discovery of target resources utilizing publicly available information. It gathers information like DnsStuff tool available on backtrack.

Add Passive Recon to Firefox:

https://addons.mozilla.org/en-US/firefox/addon/passiverecon/

Source

Read More