[WifiInfoView] WiFi Scanner for Windows 7/8/Vista

WifiInfoView scans the wireless networks in your area and displays extensive information about them, including: Network Name SSID, MAC Address, PHY Type 802.11g or 802.11n, RSSI, Signal Quality, Frequency, Channel Number, Maximum Speed, Company Name, Router Model and Router Name Only for routers...

[BlindElephant] Web Application Fingerprinter

The BlindElephant Web Application Fingerprinter attempts to discover the version of a known web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generi...

[EyeWitness] A Rapid Web Application Triage Tool

EyeWitness is a rapid web application triage tool designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. The author would love for EyeWitness to identify more default credentials of various web applications. So as you find devices...

[MobiSec] Mobile Security Testing Live Environment

The MobiSec Live Environment Mobile Testing open source project is a live environment for testing mobile environments, including devices, applications, and supporting infrastructure. The purpose is to provide attackers and defenders the ability to test their mobile environments to identify design...

[GoldenEye v2.1] DoS Tool

GoldenEye is a HTTP/S Layer 7 Denial-of-Service Testing Tool. It uses KeepAlive and Connection: keep-alive paired with Cache-Control options to persist socket connection busting through caching when possible until it consumes all available sockets on the HTTP/S server. Changelog v2.1 2014-02-20...

[USBDeview] View all installed/connected USB devices on your system

USBDeview is a small utility that lists all USB devices that currently connected to your computer, as well as all USB devices that you previously used. For each USB device, extended information is displayed: Device name/description, device type, serial number for mass storage devices, the date/ti...

[USBLogView] Records the details of any USB device that is plugged or unplugged into your system

USBLogView is a small utility that runs in the background and records the details of any USB device that is plugged or unplugged into your system. For every log line created by USBLogView, the following information is displayed: Event Type Plug/Unplug, Event Time, Device Name, Description, Device...

[Parsero] Robots.txt audit tool

.PNG Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries. The Disallow entries are the URL path of directories or files hosted on a web server which the administrators don't want to be indexed by the crawlers. For example,...

[WiFi Network Monitor] Tool to Watch/Monitor your Wireless network from hackers/rogue/unauthorised users

WiFi Network Monitor is the free tool to remotely scan and discover all the systems connected to your Wireless network. It helps you to keep a watch on your Wi-Fi network and safe guard it from Hackers as well as other unauthorised users. Its swift scan powered by 'ARP based Multi-threading'...

[WirelessKeyView] Recover lost wireless network key

WirelessKeyView recovers all wireless network security keys/passwords WEP/WPA stored in your computer by the 'Wireless Zero Configuration' service of Windows XP or by the 'WLAN AutoConfig' service of Windows Vista, Windows 7, Windows 8, and Windows Server 2008. It allows you to easily save all ke...

[Microsoft Network Monitor 3.4] Tool to allow capturing and protocol analysis of network traffic

Microsoft's Network Monitor is a tools that allow capturing and protocol analysis of network traffic. Network Monitor 3 is a protocol analyzer. It enables you to capture, to view, and to analyze network data. You can use it to help troubleshoot problems with applications on the network. This...

[bWAPP] an extremely buggy web application!

bWAPP, or a buggy web application, is a deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so uniqu...

[VNC Password Recovery v2.0] All-in-one VNC Password Decoder Tool

VNC Password Recovery is the FREE software to instantly recover VNC password stored by popular VNC Servers. It automatically detects the encrypted VNC password stored in the file system or registry by various VNC server applications. Then it quickly decrypts it and display the original VNC...

[Responder] a LLMNR and NBT-NS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server

Responder is a LLMNR and NBT-NS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. This tool is first an LLMNR and NBT-NS responder, it will answer to specific NBT-NS NetBIOS Name...

[CSVFileView] CSV/Tab-delimited file viewer and converter

CSVFileView is a simple CSV file viewer/converter utility that allows you to easily view the content of CSV or tab-delimited file created by NirSoft utilities or by any other software, in a simple table viewer. You can sort the lines according to one of the fields, remove unwanted fields and chan...

[Ncrack] High-Speed Network Authentication Cracker

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a...

[IronWASP v0.9.7.5] Open Source Advanced Web Security Testing Platform

IronWASP Iron Web application Advanced Security testing Platform is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripti...

[Directory Scanner v3.0] Remote Directory Server Fingerprinting Tool

Directory Scanner is the FREE Directory Server fingerprinting tool. It can help you to remotely detect the type of Directory servers such as Microsoft Active Directory, Novell eDirectory etc running on the local network as well as Internet. In addition to this, it can greatly help administrators ...

[RouterPassView] Recover lost password from router backup file

Most modern routers allow you to backup the configuration of the router into a file, and then restore the configuration from the file when it's needed. The backup file of the router usually contains important data like your ISP user name/password, the login password of the router, and wireless...

[Maltrieve] A tool to retrieve malware directly from the source for security researchers

Maltrieve originated as a fork of mwcrawler. It retrieves malware directly from the sources as listed at a number of sites, including: Malc0de Malware Black List Malware Domain List Malware Patrol Sacour.cn VX Vault URLqery CleanMX These lists will be implemented if/when they return to activity...

[Burp Co2] A collection of enhancements for Portswigger's popuplar Burp Suite web penetration testing tool

Co2 includes several useful enhancements bundled into a single Java-based Burp Extension. The extension has it's own configuration tab with multiple sub-tabs for each Co2 module. Modules that interact with other Burp tools can be disabled from within the Co2 configuration tab, so there is no need...

[DomainHostingView] Show domain hosting information

DomainHostingView is a utility for Windows that collects extensive information about a domain by using a series of DNS and WHOIS queries, and generates HTML report that can be displayed in any Web browser. The information displayed by the report of DomainHostingView includes: the hosting company ...

[Dumb0] A simple tool to dump users in popular forums and CMS

A simple tool to dump users forums popular forums and CMS like: WordPress SMF vBulletin IP Board XEN forums myBB useBB vanilla bbPress etc... Download Dumb0...

[OutlookAttachView] View/Extract/Save Outlook Attachments

OutlookAttachView scans all messages stored in your Outlook, and displays the list of all attached files that it finds. You can easily select one or more attachments and save all of them into the desired folder, as well as you can delete unwanted large attachments that take too much disk space in...

[ParameterFuzz v1.8] Parameter´s auditor for web applications

ParameterFuzz is a tool to check the level of fortification in web applications, try to cover the field more exploited by hackers, as the majority of known attacks are based on exploiting poorly filtered parameters. Just as SQL injection, Cross Site Scripting or RFI among others. This tool is...

[WAF-FLE v0.6.3] Web application firewall: fast log and event console

WAF-FLE is a OpenSource Console for ModSecurity, it allow the modsec admin to view and search events sent by mlogc modsecurity event log handler. Features : Central event console Support Modsecurity in “traditional” and “Anomaly Scoring” Able to receive events sent from mlogc in real time or in...

[FacebookPasswordDump v2.0] Command-line Tool to Recover Facebook Password from Browsers and Messengers

Facebook Password Dump is the command-line tool to instantly recover your lost Facebook password from popular web browsers and messengers. Currently it can recover your Facebook password from following applications, Firefox Internet Explorer v6.x - v10.x Google Chrome Chrome Canary/SXS CoolNovo...

[DVIA] Damn Vulnerable iOS Application

.png Damn Vulnerable iOS App DVIA is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This application covers all the common...

[WebCacheImageInfo] Displays the software/camera model of images stored in the cache of your Web browser

WebCacheImageInfo is a simple tool that searches for JPEG images with EXIF information stored inside the cache of your Web browser Internet Explorer, Firefox, or Chrome, and then it displays the list of all images found in the cache with the interesting information stored in them, like the softwa...

[Havij 1.17] Automated and Advanced SQL Injection

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software, user can perform back-end database fingerprinting, retrieve DBMS login names and...

[GoLismero v2.0] Merge results of security tools (OpenVas, Wfuzz, SQLMap, DNS recon, robot analyzer...)

GoLismero is an Open Source security tools that can run their own security tests and manage a lot of well known security tools OpenVas, Wfuzz, SQLMap, DNS recon, robot analyzer... take their results, feedback to the rest of tools and merge all of results. And all of this automatically. Changelog...

[FGscanner] Find hidden contents using dictionary-like attack

FGscanner is a completely rewritten version of littlescanner script. FGscanner is an opensource advanced web directory scanner to find hidden contents on a web server using dictionary-like attack with proxy and tor support. Quick reference for switches Usage: ./fgscan.pl --host=hostname...

[Lynis 1.4.2] Security and System Auditing Tool to Harden Linux Systems

Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information,...

[CGE] Cisco Global Exploiter

Cisco Global Exploiter CGE, is an advanced, simple and fast security testing tool/ exploit engine, that is able to exploit 14 vulnerabilities in disparate Cisco switches and routers. CGE is command-line driven perl script which has a simple and easy to use front-end. CGE can exploit the following...

[IPNetInfo v1.53] Retrieves IP Address Information

IPNetInfo is a small utility that allows you to easily find all available information about an IP address: The owner of the IP address, the country/state name, IP addresses range, contact information address, phone, fax, and email, and more. This utility can be very useful for finding the origin ...

[Gmail Password Dump v.20] Command-line Tool to Recover Google Password from GTalk, Picasa, GDesktop, Browsers and Messengers

Gmail Password Dump is the command-line tool to instantly recover your lost gmail password from various Google applications as well as popular web browsers and messengers. Currently it can recover your Gmail password from following applications, Google Talk Google Picassa Google Desktop Seach Gma...

[WhoisThisDomain] Domain Registration Lookup Utility

WhoisThisDomain is a domain registration lookup utility allows you to easily get information about a registered domain. It automatically connect to the right WHOIS server, according to the top-level domain name, and retrieve the WHOIS record of the domain. It support both generic domains and...

[Haveged 1.9.1] A simple entropy daemon

The haveged project is an attempt to provide an easy-to-use, unpredictable random number generator based upon an adaptation of the HAVEGE algorithm. Haveged was created to remedy low-entropy conditions in the Linux random device that can occur under some workloads, especially on headless servers...

[Advanced Encryption Package 2014] Strong encryption algorithms to protect your confidential documents

Strong and proven encryption algorithms to protect your confidential documents To secure sensitive data AEP PRO file encryption software uses 20 proven and strong encryption algorithms including AES, Blowfish, Twofish, GOST, Serpent and others. Easy to use for novices. Integration with Windows...

[Pac4Mac] Forensics Framework for Mac OS X

Pac4Mac Plug And Check for Mac OS X is a portable Forensics framework to launch from USB storage allowing extraction and analysis session informations in highlighting the real risks in term of information leak history, passwords, technical secrets, business secrets, .... Pac4Mac can be used to...

[Twitter Password Dump v2.0] Command-line Tool to Recover Twitter Password from Web Browsers

Twitter Password Dump is the command-line tool to instantly recover your lost Twitter password from all the popular web browsers. Currently it can recover your Twitter password from following applications, Firefox Internet Explorer v6.x - v10.x Google Chrome Chrome Canary/SXS CoolNovo Browser Ope...

[Azazel] Userland Anti-debugging & Anti-detection Rootkit

Azazel is a userland rootkit based off of the original LDPRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-detection. Features Anti-debugging Avoids unhide, lsof, ps, ldd detection Hides files and directories Hid...

[Killtrojan Syslog] Tool to detect malware activity on a system

Killtrojan Syslog is a free application to create a report about characteristics of the system to further analyze and look for signs of malware, also is intended to put the report in a specialized forum for users to help. The tool has a very intuitive and easy to use for non-technical users to...

[pMap v1.10] Passive Discovery, Scanning, and Fingerprinting

Discovery, Scanning, and Fingerprinting via Broadcast and Multicast Traffic Features Reveals open TCP and UDP ports Uses UDP, mDNS, and SSDP to identify PCs, NAS, Printers, Phones, Tablets, CCTV, DVR, and Others Device Type, Make, and Model Operating Systems and Version Service Versions and...

[Browser Password Dump v2.0] Command-line Tool to Recover Login Password from Web Browsers

Browser Password Dump is the free command-line tool to instantly recover your lost password from all the popular web browsers. Currently it can recover stored web login passwords from following browsers. Firefox Internet Explorer Google Chrome Chrome Canary/SXS CoolNovo Browser Opera Browser Appl...

OWASP Xenotix XSS Exploit Framework v5

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting XSS vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine Trident, WebKit, and Gecko embedded scanner. It is claimed to have the world’s 2nd...

[Charles] Web Debugging Proxy Application

Charles is a web proxy HTTP Proxy / HTTP Monitor that runs on your own computer. Your web browser or any other Internet application is then configured to access the Internet through Charles, and Charles is then able to record and display for you all of the data that is sent and received. In Web a...

[OWASP iGoat] Security learning tool for iOS developers

The OWASP iGoat project is a security learning tool for iOS developers to learn about security weaknesses in iOS -- by breaking things as well as fixing them. iGoat is available ONLY in source code format, and this is the official repository for that code. On the Downloads tab here, you will find...

[Introspy] Security profiling for blackbox iOS

Blackbox tool to help understand what an iOS application is doing at runtime and assist in the identification of potential security issues. The tracer can be installed on a jailbroken device to hook and log security-sensitive iOS APIs called by applications running on the device. The tool records...

[Wi-Fi Password Dump] Command-line Tool to Recover Wireless Passwords

WiFi Password Dump is the free command-line tool to quickly recover all the Wireless account passwords stored on your system. It automatically recovers all type of Wireless Keys/Passwords WEP/WPA/WPA2 etc stored by Windows Wireless Configuration Manager. For each recovered WiFi account, it displa...