Clik here to view.
Blackhash – Audit Passwords Without Hashes
A traditional password audit typically involves extracting password hashes from systems and then sending those hashes to a third-party security auditor or an in-house security team. These security...
View ArticleClik here to view.
RAWR – Rapid Assessment of Web Resources
Introducing RAWR (Rapid Assessment of Web Resources). There’s a lot packed in this tool that will help you get a better grasp of the threat landscape that is your client’s web resources. It has been...
View ArticleClik here to view.
BlindElephant – Web Application Fingerprinter
The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of...
View ArticleClik here to view.
Host-Extract – Enumerate All IP/Host Patterns In A Web Page
host-extract is a little ruby script that tries to extract all IP/Host patterns in page response of a given URL and JavaScript/CSS files of that URL. With it, you can quickly identify internal...
View ArticleClik here to view.
Moscrack – Cluster Cracking Tool For WPA Keys
Moscrack is a PERL application designed to facilitate cracking WPA keys in parallel on a group of computers. This is accomplished by use of either Mosix clustering software, SSH or RSH access to a...
View ArticleClik here to view.
OWASP NINJA-PingU – High Performance Large Scale Network Scanner
NINJA-PingU (NINJA-PingU Is Not Just A Ping Utility) is a free open-source high performance network scanner tool for large scale analysis. It has been designed with performance as its primary goal and...
View ArticleClik here to view.
OWASP Mantra 0.92 – Browser Based Security Framework
OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals...
View ArticleClik here to view.
SHODAN – Expose Online Devices (Wind Turbines, Power Plants & More!)
SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of...
View ArticleClik here to view.
ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security
ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that test Oracle database security remotely. Usage examples of ODAT: You have an Oracle database listening remotely and...
View ArticleClik here to view.
dirs3arch – HTTP File & Directory Brute Forcing Tool
dirs3arch is a simple command line tool designed to brute force directories and files in websites. It’s a HTTP File & Directory Brute Forcing Tool similar to DirBuster. Features Keep alive...
View ArticleClik here to view.
clipcaptcha – CAPTCHA Service Impersonation Tool
clipcaptcha is an extensible and signature based CAPTCHA Provider impersonation tool based off Moxie Marlinspike’s sslstrip codebase, which we mentioned back in 2009 – SSLstrip – HTTPS Stripping Attack...
View ArticleClik here to view.
XSSYA – Cross Site Scripting (XSS) Scanner Tool
XSSYA is a Cross Site Scripting Scanner & Vulnerability Confirmation Tool, it’s written in Python and works by executing an encoded payload to bypass Web Application Firewalls (WAF) which is the...
View ArticleClik here to view.
ParanoiDF – PDF Analysis & Password Cracking Tool
ParanoiDF is a PDF Analysis Suite based on PeePDF by Jose Miguel Esparza. The tools/features that have been added are – Password cracking, redaction recovery, DRM removal, malicious JavaScript...
View ArticleClik here to view.
Garmr – Automate Web Application Security Tests
Garmr is a tool to inspect the responses from websites for basic security requirements. It includes a set of core test cases implemented in corechecks that are derived from the Mozilla Secure Coding...
View ArticleClik here to view.
BurpSentintel – Vulnerability Scanning Plugin For Burp Proxy
BurpSentintel is a plugin for Burp Intercepting Proxy, to aid and ease the identification of vulnerabilities in web applications. Searching for vulnerabilities in web applications can be a tedious...
View ArticleClik here to view.
tinfoleak – Get Detailed Info About Any Twitter User
tinfoleak is basically an OSINT tool for Twitter, there’s not a lot of stuff like this around – the only one that comes to mind in fact is creepy – Geolocation Information Aggregator. tinfoleak is a...
View ArticleClik here to view.
drozer – The Leading Security Testing Framework For Android
drozer (formerly Mercury) is the leading security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and...
View ArticleClik here to view.
masscan – The Fastest TCP Port Scanner
masscan is the fastest TCP port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second. It produces results similar to nmap, the most famous port...
View ArticleClik here to view.
iSniff-GPS – Passive Wifi Sniffing Tool With Location Data
iSniff GPS is a passive wifi sniffing tool which sniffs for SSID probes, ARPs and MDNS (Bonjour) packets broadcast by nearby iPhones, iPads and other wireless devices. The aim is to collect data which...
View ArticleClik here to view.
Arachni v1.0 Released – Web Application Security Scanner Framework
Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it...
View Article