Tails 1.2 - Privacy for anyone anywhere

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity , and helps you to: use the Internet anonymously and circumvent censorship ; all connections to the Internet are forced to go through the...

CAINE 6.0 "Dark Matter" - Distribution with a complete forensic environment

CAINE Computer Aided INvestigative Environment is an Italian GNU/Linux live distribution created as a project of Digital Forensics. Currently the project manager is Nanni Bassetti. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software...

OWASP Xenotix XSS Exploit Framework 6

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting XSS vulnerability detection and exploitation framework. Xenotix provides Zero False Positive XSS Detection by performing the Scan within the browser engines where in real world, payloads get reflected. Xenotix Scanner Module ...

mwebfp - Massive Web Fingerprinter

The "LowNoiseHG LNHG Massive Web Fingerprinter " "mwebfp " from now on was conceived in July 2013 after realizing the usefulness of webserver screenshots to pentesters, during an engagement with large external or internal IP address ranges, as a quick means of identification of critical assets,...

MASSCAN - Mass IP port scanner (fastest Internet port scanner)

This is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second. It produces results similar to nmap, the most famous port scanner. Internally, it operates more like scanrand, unicornscan, and ZMap, using asynchronous...

srm - command-line program to delete files securely

srm is a secure replacement for rm1. Unlike the standard rm, it overwrites the data in the target files before unlinking them. This prevents command-line recovery of the data by examining the raw block device. It may also help frustrate physical examination of the disk, although it's unlikely tha...

Drozer - The Leading Security Assessment Framework for Android

drozer is a comprehensive security audit and attack framework for Android. With increasing pressure to support mobile working, the ingress of Android into the enterprise is gathering momentum. Have you considered the threat posed by the Android app that supports your business function, or Android...

UFONet - DDoS attacks via Web Abuse (XSS/CSRF)

UFONet - is a tool designed to launch DDoS attacks against a target, using 'Open Redirect' vectors on third party web applications, like botnet. See this links for more info: - CWE-601:Open Redirect - OWASP:URL Redirector Abuse Main features: --version show program's version number and exit -v,...

FBHT v3.0 - Facebook Hacking Tool (Like flood, Note DDoS attack, FBFriendlyLogout, more...)

FBHTFacebook Hacking Tool is an open-source tool written in Python that exploits multiple vulnerabilities on the Facebook platform The tool provides: 1 Create accounts 2 Delete all accounts for a given user 3 Send friendship requests Test Accounts 4 Accept friendship requests Test Accounts 5...

DAWIN - Distributed Audit & Wireless Intrusion Notification

DA-WIN is the end of the manual PCI wireless scan DA-WIN provides an organisation a continuous wireless scanning capability that is light touch and simple. It utilises compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort require...

WebBrowserPassView v1.56 - Recover lost passwords stored in your Web browser

WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer Version 4.0 - 11.0, Mozilla Firefox All Versions, Google Chrome, Safari, and Opera. This tool can be used to recover your lost/forgotten password of any Website,...

NetHogs - Small 'net top' tool

NetHogs is a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and...

Lynis 1.6.1 - Version which includes a non-privileged scan (--pentest)

Lynis is a security auditing tool for the Linux, Unix and Mac platform. Being open source and free to use, it is an accessible and great solution to perform security scans. Within just a matter of minutes, it displays the weaknesses in your defenses, and tips for improving them. While Lynis was...

tinfoleak - Get detailed information about a Twitter user activity

tinfoleak is a simple Python script that allow to obtain: basic information about a Twitter user name, picture, location, followers, etc. devices and operating systems used by the Twitter user applications and social networks used by the Twitter user place and geolocation coordinates to generate ...

BurpSentintel - GUI Burp Plugin to ease discovering of security holes in web applications

A plugin for Burp Intercepting Proxy, to aid and ease the identification of vulnerabilities in web applications. Searching for vulnerabilities in web applications can be a tedious task. Most of the time consists of inserting magic chars into parameters, and looking for suspicious output. Sentinel...

Wireless Network Watcher v1.72 - Show who is connected to your wireless network

Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network. For every computer or device that is connected to your network, the following information is displayed: IP address, MAC...

Tails 1.1.1 - The Amnesic Incognito Live System

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity , and helps you to: use the Internet anonymously and circumvent censorship ; all connections to the Internet are forced to go through the...

WPHardening - WPHardening fortification is a security tool for WordPress

WPHardening is a security tool for WordPress. Different tools to hardening WordPress. Usage $ python wphardening.py -h Options: --version show program's version number and exit -h, --help show this help message and exit -v, --verbose Active verbose mode output results --update Check for WPHardeni...

XSScrapy - Fast, thorough XSS vulnerability spider

Fast, thorough, XSS spider. Give it a URL and it'll test every link it finds for cross-site scripting vulnerabilities. XSS attack vectors xsscrapy will test Referer header way more common than I thought it would be! User-Agent header Cookie header added 8/24/14 Forms, both hidden and explicit URL...

PHP Secure Configuration Checker - Check current PHP configuration for potential security flaws

Among the most tedious tasks of PHP security testing is the check for insecure PHP configuration. As a successor of our PHP Security Poster, we have created a script to help system administrators as well as security professionals to assess the state of php.ini and related topics as quickly and as...

LinSSID - Graphical wireless scanning for Linux (similar to Inssider)

LinSSID is graphically and functionally similar to Inssider Microsoft™ Windows®. It is written in C++ using Linux wireless tools, Qt5, and Qwt 6.1. LinSSID may be installed either by downloading source or binary from this site, or if you're using Debian/Ubuntu or one of its brethren, adding a ppa...

zAnti - Android Penetration Testing Toolkit (Free!)

zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety. zANTI offers a comprehensive range of fully customizable scans to...

Lynis 1.6.0 - Security auditing tool for Unix/Linux systems

Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system including Mac. Even the installation of the software itself is optional! How it works...

Nmap 6.47 - Free Security Scanner For Network Exploration & Security Audits

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols UDP, TCP, ICMP, etc...

WiFi software Acrylic WiFi Free v2.0 - Real-time WLAN information and network analysis

New Acrylic WiFi software update. WiFi software for network analysis has gone through many changes since the first free version and finally reaches version v2.0 with more power than ever and long awaited features for network and channel analysis under Windows and with any wireless card. Acrylic...

dos_ssh - Use BIOS ram hacks to make a SSH server

Use BIOS ram hacks to make a SSH server out of any INT 10 13h app MS-DOS is one of those You can find a demo Youtube Video here below: Download dosssh...

Mobius - Forensic Framework written in Python/GTK

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tool. Release 0.5.20 published This release...

CipherShed - Secure Encryption Software (fork of the TrueCrypt Project)

CipherShed is free as in free-of-charge and free-speech encryption software for keeping your data secure and private. It started as a fork of the now-discontinued TrueCrypt Project. CipherShed is a program that can be used to create encrypted files or encrypt entire drives including USB flash...

Viproy v2.0 - VoIP Penetration Testing and Exploitation Kit

Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It supports signalling analysis for SIP and Skinny protocols, IP phone services and network infrastructure. Viproy 2.0 is released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extentions support,...

Passera - Tool to generate strong unique passwords for each website

A simple tool that allows users to have strong unique passwords for each website, without the need to store them either locally or with an online service. It is available as a command-line tool for Linux/Mac/Windows and an Android app. Passera turns any entered text into a strong password up to 6...

SearchMyFiles v2.50 - Alternative to 'Search For Files And Folders' module of Windows + Duplicates Search

SearchMyFiles is an alternative to the standard "Search For Files And Folders" module of Windows. It allows you to easily search files in your system by wildcard, by last modified/created/last accessed time, by file attributes, by file content text or binary search, and by the file size...

WAF-FLE v0.6.4 - OpenSource ModSecurity Console

WAF-FLE is a OpenSource ModSecurity Console, allows modsecurity admin to store, view and search events sent by sensors using a graphical dashboard to drill-down and find quickly the most relevant events. It is designed to be fast and flexible, while keeping a powerful and easy to use filter, with...

GnuPG - Complete and free implementation of the OpenPGP

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG, also know...

FBCacheView v1.03 - View Facebook images stored in the cache of your Web browser

FBCacheView is a simple tool that scans the cache of your Web browser Internet Explorer, Firefox, or Chrome, and lists all images displayed in Facebook pages that you previously visited, including profile pictures, images uploaded to Facebook, and images taken from other Web sites. For every...

Tor Browser 3.6.4 and 4.0-alpha-1 are released

The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical...

Netsparker v3.5.5 - Web Application Security Scanner

Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting XSS and security issues on all web applications and websites regardless of the platform and the technology they are built on. Netsparker is very easy to u...

ParanoiDF - PDF Analysis Suite: Password cracking, redaction recovery, DRM removal, malicious JavaScript extraction, and more

The swiss army knife of PDF Analysis Tools. Based on peepdf - http://peepdf.eternal-todo.com. Features Interactive Console: Type "help" to get a list of commands. Type "help command" to get a description/usage on specific command. crackpw This executes Nacho Barrientos Arias's PDFCrack tool by...

Suricata IDPE 2.0.3 - Open Source Next Generation Intrusion Detection and Prevention Engine

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. OISF is part of and funded by the Department of...

SAMHAIN v3.1.2 - File Integrity Checker / Host-Based Intrusion Detection System

The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis , as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially...

SimpleProgramDebugger - Simple program debugger that shows all debug events

SimpleProgramDebugger is a simple debugging tool for Windows that attaches to existing running program or starts a new program in debugging mode, and then displays all major debugging events occurs while the program is running, including Exception, Create Thread, Create Process, Exit Thread, Exit...

PWGen - Generator of cryptographically-strong passwords

PWGen is a professional password generator capable of creating large amounts of cryptographically-secure passwords or passphrases consisting of words from a word list. It uses a “random pool ” technique to generate random data based on user inputs keystrokes, mouse handling and volatile system...

XCat - Tool that aides in the exploitation of blind XPath injection vulnerabilities

XCat is a command line program that aides in the exploitation of blind XPath injection vulnerabilities. It can be used to retrieve the whole XML document being processed by a vulnerable XPath query, read arbitrary files on the hosts filesystem and utilize out of bound HTTP requests to make the...

NTFSLinksView - View NTFS symbolic links and junction points

Starting from Windows Vista, Microsoft uses symbolic links and junction points of NTFS file system in order to make changes in the folders structure of Windows and keep the compatibility of applications written for older versions of Windows. This utility simply shows you a list of all symbolic...

Shellter v1.7 - Dynamic ShellCode Injector Tool

Shellter is a dynamic shellcode injection tool, and probably the first dynamic PE infector ever created. It can be used in order to inject shellcode into native Windows applications currently 32-bit apps only. The shellcode can be something yours or something generated through a framework, such a...

Unicorn - Tool for using a PowerShell downgrade attack and inject shellcode straight into memory

Magic Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique presented by David Kennedy TrustedSec and Josh Kelly at Defcon 18. Usage is simple, just run Magic...

HoneyDrive 3 - The Premier Honeypot Linux Distro

HoneyDrive is the premier honeypot Linux distro. It is a virtual appliance OVA with Xubuntu Desktop 12.04.4 LTS edition installed. It contains over 10 pre-installed and pre-configured honeypot software packages such as Kippo SSH honeypot, Dionaea and Amun malware honeypots, Honeyd low-interaction...

Web-Fu - Chrome extension for pentesting web applications

Chrome extension for pentesting web applications. Web-fu Is a web hacking tool focused on discovering and exploiting web vulnerabilitites. Is a Browser embedded webhacking tool. Some tools, doesn't support certifiacte auhtentication or web vpn accesses. If the browser can authenticate on the...

DomainHostingView v1.61 - Show domain hosting information

DomainHostingView is a utility for Windows that collects extensive information about a domain by using a series of DNS and WHOIS queries, and generates HTML report that can be displayed in any Web browser. The information displayed by the report of DomainHostingView includes: the hosting company ...

Facebook Password Remover - All-in-one Facebook Login Password Removal Tool

Facebook Password Remover is the free all-in-one tool to quickly remove the stored Facebook Login passwords from your system. This helps you to delete any accidently or otherwise stored Facebook password on any public/shared computers so that your Facebook account remains safe. Currently it...

VNCPassView - Recover the passwords stored by VNC

VNCPassView is a small utility that recover the passwords stored by the VNC tool. It can recover 2 of passwords: password stored for the current logged-on user HKEYCURRENTUSER in the Registry, and password stored for the all users. Using VNCPassView This utility doesn't require any installaion...