web-sorrow – Remote Web Security Scanner (Enumeration/Version Detection etc)
web-sorrow is a PERL based tool used for checking a Web server for misconfiguration, version detection, enumeration, and server information. It is NOT a vulnerability scanner, inspection proxy, DDoS...
View ArticleNfSpy – ID-spoofing NFS Client Tool – Mount NFS Shares Without Account
We wrote about this tool originally last year – NfSpy – ID-spoofing NFS Client – Falsify NFS Credentials – and a new version just came out! NfSpy has just been updated to support NFSv3, a more...
View ArticleBasic Fuzzing Framework (BFF) From CERT – Linux & Mac OSX Fuzzer Tool
The CERT Basic Fuzzing Framework (BFF) is a software testing tool that finds defects in applications that run on the Linux and Mac OS X platforms. BFF performs mutational fuzzing on software that...
View ArticleClik here to view.
Nmap 6 Released For Download – Free Network Discovery & Security Auditing Tool
It’s been a while since the last major release of Nmap, the last time we reported on it was when Nmap v5.20 was Released (February 2010). The latest major version has just been released, version 6 –...
View ArticleClik here to view.
The Mole v0.3 Released For Download – Automatic SQL Injection Exploitation Tool
The Mole is an automatic SQL Injection exploitation tool. All you need to do is provide a vulnerable URL and a valid string on the site you are testing and The Mole will detect the injection and...
View ArticleClik here to view.
Hcon Security Testing Framework (HconSTF) v0.4 – Fire Base
HconSTF is an Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning...
View Articlechapcrack – A tool for parsing and decrypting MS-CHAPv2 network handshakes.
chapcrack is a tool for parsing and decrypting MS-CHAPv2 network handshakes, it was announced recently at Defcon as we read over here – Marlinspike demos MS-CHAPv2 crack. The process is as follows:...
View ArticleXMPPloit – A Tool to Attack XMPP Connections
XMPPloit is a command-line tool to attack XMPP connections, allowing the attacker to place a gateway between the client and the server and perform different attacks on the client stream. The tool...
View ArticleClik here to view.
CrowdRE – Crowdsourced Reverse Engineering Service From CrowdStrike
Reversing complex software quickly is challenging due to the lack of professional tools that support collaborative analysis. The CrowdRE project aims to fill this gap. Rather than using a live...
View ArticleWeb-Sorrow v1.48 – Version Detection, CMS Identification, Enumeration &...
Web-Sorrow is a PERL based tool for misconfiguration, version detection, enumeration, and server information scanning. It’s entirely focused on enumeration and collecting information about a target...
View ArticleClik here to view.
ARPwner – ARP & DNS Poisoning Attack Tool
ARPwner is a tool to do ARP poisoning and DNS poisoning attacks, with a simple GUI and a plugin system to do filtering of the information gathered, also has a implementation of sslstrip and is coded...
View ArticleWeevely – PHP Stealth Tiny Web Shell
Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage...
View ArticleaidSQL – PHP Application For SQL Injection Detection & Exploitation
aidSQL a PHP application provided for detecting security holes in your website/s. It’s a modular application, meaning that you can develop your very own plugins for SQL injection detection &...
View ArticleClik here to view.
hashcat – Multi-Threaded Password Hash Cracking Tool
hashcat claims to be the world’s fastest CPU-based password recovery tool, while not as fast as GPU powered hash brute forcing (like CUDA-Multiforcer), it is still pretty fast. hashcat was written...
View ArticleLANs.py ARP Spoofer – Multithreaded Asynchronous Packet Parsing/Injecting
LANs.py is a multithreaded asynchronous packet parsing/injecting ARP spoofer & poisoner. Individually poisons the ARP tables of the target box, the router and the DNS server if necessary. Does not...
View Articleike-scan – Discover & Fingerprint IKE Hosts (IPsec VPN Servers)
ike-scan discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern. ike-scan can perform the following functions: Discovery Determine which hosts in a given IP range...
View Articlexssless – An Automated XSS Payload Generator Written In Python
xssless is an automated XSS payload generator written in python. Usage Record request(s) with Burp proxy Select request(s) you want to generate, then right click and select “Save items” Use xssless to...
View ArticleCapstone – Multi-platform, Multi-architecture Disassembly Framework
Capstone is a lightweight multi-platform, multi-architecture disassembly framework. The target of the author is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the...
View Articlewig – WebApp Information Gatherer – Identify CMS
wig is a Python tool that identifies a websites CMS by searching for fingerprints of static files and extracting version numbers from known files. OS identification is done by using the value of the...
View ArticleClik here to view.
EyeWitness – A Rapid Web Application Triage Tool
EyeWitness is a rapid web application triage tool designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. The author would love for...
View Article