[Subterfuge v1.0] Automated Man-in-the-Middle Attack Framework

Subterfuge , a Framework to take the arcane art of Man-in-the-Middle Attacks and make it as simple as point and shoot. Subterfuge demonstrates vulnerabilities in the ARP Protocol by harvesting credentials that go across the network and even exploiting machines by injecting malicious code directly...

[fwknop] Single Packet Authorization and Port Knocking

fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme called Single Packet Authorization SPA. This method of authorization is based around a default-drop packet filter fwknop supports iptables on Linux, ipfw on FreeBSD and Mac OS X, and PF on OpenBSD and libpcap...

[Social Password Decryptor v4.0] All-in-one Social Network Password Recovery Software

Social Password Decryptor is the FREE software to instantly recover Passwords for popular Social Networks such as Facebook, Twitter, Google Plus etc. It can automatically discover and recover all the social passwords stored by web browsers & messengers including Firefox, Chrome, IE, GTalk and mor...

[Fing] Tool for Network Scan and Analysis for iPhone

Highlight of features: + Discovers all devices connected to a Wi-Fi network. No limitation! + Displays the MAC Address and up-to-date Vendor names. + Customize names, icons and notes. + Wake On LAN. Switch on your cable-connected devices. + History of all discovered networks. You can review...

[CIAT] Crypto Implementations Analysis Toolkit

.png The Cryptographic Implementations Analysis Toolkit CIAT is compendium of command line and graphical tools whose aim is to help in the detection and analysis of encrypted byte sequences within files executable and non-executable. Download CIAT...

[secure rm] Command-line Program to Delete Files Securely

srm secure rm is a command-line compatible rm1 which overwrites file contents before unlinking. The goal is to provide drop in security for users who wish to prevent recovery of deleted information, even if the machine is compromised. Download secure rm...

[Weevely v1.1] Stealth tiny PHP web shell

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation , and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. Weevely is currently included in Backtrack and Backbox...

[The Sleuth Kit] Library and collection of command line tools to investigate disk images

The Sleuth Kit is a C++ library and collection of open source file system forensics tools that allow you to, among other things, view allocated and deleted data from NTFS, FAT, FFS, EXT2, Ext3, HFS+, and ISO9660 images. The Sleuth Kit® TSK is a library and collection of command line tools that...

[DNSRecon v0.8.6] DNS Enumeration Script

Just updated DNSRecon to check if it can pull the Bind Version by doing a query for the TXT Record version.bind and it will now check if the RA Flag is set in responses from each of the NS servers it detects. If the server has recursion enabled it could be used for DDoS attacks and for performing...

[Browser Password Decryptor v6.0] Browser Password Recovery Tool

Browser Password Decryptor is the FREE software to instantly recover website login passwords stored by popular web browsers. Currently it can recover saved login passwords from following browsers. Firefox Internet Explorer Google Chrome Google Chrome Canary/SXS CoolNovo Browser Opera Browser Appl...

[Xplico 1.1.0] Open Source Network Forensic Analysis Tool (NFAT)

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email POP, IMAP, and SMTP protocols, all HTTP contents, each VoIP call SIP, FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is ...

[Twitter Password Decryptor v5.0] Recover Lost Twitter Password from all Web Browsers & Messengers

Twitter Password Decryptor is the FREE software to instantly recover Twitter account passwords stored by popular web browsers. Most web browsers store the login passwords for visited websites so that user don't have to remember and enter the password every time. Each of these web browsers use the...

[Vega v1.0 Build 108] Web Security Scanner

Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting XSS, inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs o...

[WiFi Password Decryptor v3.0] Wireless Password Recovery Software

WiFi Password Decryptor is the FREE software to instantly recover Wireless account passwords stored on your system. It automatically recovers all type of Wireless Keys/Passwords WEP/WPA/WPA2 etc stored by Windows Wireless Configuration Manager. For each recovered WiFi account, it displays followi...

[ChromeAnalysis] Tool for analysing Google Chrome web browser

ChromeAnalysis Plus is a software tool for extracting, viewing and analysing internet history from the Google Chrome web browser. The main features are described below: Extract History Extract history regarding bookmarks, cookies, downloads, favicons, logins, most visited sites, search terms,...

[Asterisk Password Spy] Reveal the hidden password behind asterisks (*****)

Asterisk Password Spy is the FREE tool to instantly reveal the hidden password behind asterisks . It's user friendly interface can help you to easily find the passwords from any Windows based application.You can simply drag the 'search icon' to any password box to find the real password hidden by...

[SpiderFoot v2.1.0] The Open Source Footprinting tool

SpiderFoot is a free, open-source footprinting tool, enabling you to perform various scans against a given domain name in order to obtain information such as sub-domains, e-mail addresses, owned netblocks, web server versions and so on. The main objective of SpiderFoot is to automate the...

[IE Password Decryptor] Internet Explorer Password Recovery Tool

IE Password Decryptor is the FREE software to quickly and easily recover all the stored passwords from Internet Explorer. It automatically detects the installed IE version and use appropriate technique to successfully decrypt all the stored passwords. It can recover passwords from all versions of...

[WebSploit Framework] Scan And Analysis Remote System From Vulnerability

WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability. WebSploit Is An Open Source Project For : Social Engineering Works Scan,Crawler & Analysis Web Automatic Exploiter Support Network Attacks +Autopwn - Used From Metasploit For Scan and Exploit Target Servic...

[Memoryze] Find Evil in Live Memory (Memory Forensic Software)

Mandiant’s Memoryze is free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images, and on live systems, can include the paging file in its analysis. Mandiant’s Memoryze features: image the full range of system memory no...

[Kali Linux 1.0.6] with LUKS Self-Destruction Feature

Offensive Security, the creator of the famous BackTrack Linux operating system, has announced on January 9 that a new maintenance release for its Kali Linux distribution is now available for download. Kali Linux 1.0.6 is the first release to introduce an amazing feature called "emergency...

[THC-Hydra v7.6] Fast Parallel Network Logon Cracker

Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast. Features IPv6 Support Graphic User Interface Internationalized support RFC 4013 HTTP proxy support SOCKS proxy support The tool suppor...

[FirePasswordViewer v5.5] Firefox Sign-on Secrets Recovery Software

Like other browsers, Firefox also stores the login details such as username, password for every website visited by the user at the user consent. All these secret details are stored in Firefox sign-on database securely in an encrypted format. FirePasswordViewer can instantly decrypt and recover...

[Haveged] A simple Entropy Daemon

The haveged project is an attempt to provide an easy-to-use, unpredictable random number generator based upon an adaptation of the HAVEGE algorithm. Haveged was created to remedy low-entropy conditions in the Linux random device that can occur under some workloads, especially on headless servers...

[Pinpoint] Enumerates WebPage Components to help identify the Infected Files

Pinpoint works like wget/curl in that it just fetches a webpage without rendering any script. Pinpoint will then try to determine which links are used to make up the webpage such as Javascript, CSS, frames, and iframes and downloads those files too some Javascript content will produce incorrect...

[Router Password Kracker] Router Password Recovery Software

Router Password Kracker is a free software to recover the lost password of your Router. It can also be used to recover password from your internet Modem or Web sites which are protected by HTTP BASIC Authentication. Generally Routers or Modems control their access by using HTTP BASIC authenticati...

[MoonSols] Windows Memory Toolkit

MoonSols Windows Memory Toolkit is a powerful toolkit containing all the utilities needed to perform any kind of memory acquisition or conversion during an incident response, or a forensic analysis for Windows desktops, servers or virtualized environment. The version 2.0 is a refresh and updated...

[Network Password Decryptor v6.5] Windows Network Password Recovery Tool

Network Password Decryptor is the free tool to instantly recover network authentication passwords. In addition to the network authentication passwords it can also recover passwords stored by other windows apps such as Outlook , Windows Live Messenger , Remote Destktop etc. These network passwords...

[DAVOSET] Tool for conducting DDoS attacks

DAVOSET – it is console command line tool for conducting DDoS attacks on the sites via Abuse of Functionality vulnerabilities at other sites. Changelog v1.1.5 Added error handler in GetCookie. Added new services into lists of zombies. Removed non-working services from lists of zombies. Usage 1...

[Creepy] Geolocation information Gathering through Social Networking Platforms

Creepy is a geolocation OSINT tool. Gathers geolocation related information from online sources, and allows for presentation on map, search filtering based on exact location and/or date, export in csv format or kml for further analysis in Google Maps. What's new in v1.0.x ? Creepy now uses Qt 4,...

[FoxAnalysis] Firefox Internet History Analysis Software

FoxAnalysis Plus is a software tool for extracting, viewing and analysing internet history from the Mozilla Firefox web browser. The main features are described below: Extract History :: Extract history regarding bookmarks, cookies, downloads, favicons, form entries, logins, saved sessions and...

[Arachni v0.4.6 - Web User Interface v0.4.3] Open Source Web Application Security Scanner Framework

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process. Unlike other...

[Xelenium] Security Testing with Selenium

Xelenium is a security testing tool that can be used to identify the security vulnerabilities present in the web application. Xelenium uses the open source functional test automation tool 'Selenium' as its engine and has been built using Java swing. Xelenium has been designed considering that it...

[Social Password Dump] Command-line Tool to Recover Social Network Password from Browsers and Messengers

Social Password Dump is the free command-line based all-in-one tool to recover your lost password for all social networks like Facebook, Twitter, Pinterest etc. Currently it can recover passwords for following popular Social Networks, Facebook Twitter Google Plus Linkedin Pinterest Myspace Badoo ...

[Orbot] Mobile Anonymity + Circumvention

Orbot is a free proxy app that empowers other apps to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. Tor is free software and an open network that helps you defend against a form of...

[Sandcat Browser 4.4] The fastest web browser combined with the fastest scripting language packed with features for pen-testers

Sandcat Browser is the fastest web browser combined with the fastest scripting language packed with features for pen-testers. Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team. The Sandcat Browser is built on top...

[DirBuster] Brute Force Directories and Files Names on Web/Application Servers

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts...

[Binwalk] Firmware Analysis Tool

Binwalk is a firmware analysis tool designed to assist in the analysis, extraction, and reverse engineering of firmware images and other binary blobs. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules. Binwalk supports...

[dotDefender] Web Application Security

dotDefender is the market-leading software Web Application Firewall WAF. dotDefender boasts enterprise-class security, advanced integration capabilities, easy maintenance and low total cost of ownership TCO. dotDefender is the perfect choice for protecting your web site and web applications today...

[Malheur v0.5.4] Malware Analyzer

Malheur is a tool for the automatic analysis of malware behavior program behavior recorded from malicious software in a sandbox environment. It has been designed to support the regular analysis of malicious software and the development of detection and defense measures. Malheur allows for...

[TheHarvester v2.2] The Information Gathering Suite

The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration te...

[Hashcat v0.47] The world’s fastest CPU-based password recovery tool

Hashcat is the world’s fastest CPU-based password recovery tool. While it’s not as fast as its GPU counterparts oclHashcat-plus and oclHashcat-lite, large lists can be easily split in half with a good dictionary and a bit of knowledge of the command switches. Changelog v0.47 added -m 123 = EPi...

[Ghost Phisher v1.5] GUI suite for phishing and penetration attacks

Ghost Phisher is an application of security which comes built-in with a fake DNS server ,DHCP server fake, fake HTTP Server and also has a space for the automatic capture and recording credentials HTTP method of the form to a database. The program could be used for on-demand service of DHCP, DNS,...

[Kacak] Enumerate Users in Subnets

Kacak is a tool that can enumerate users specified in the configuration file for windows based networks. It uses metasploit smbenumusersdomain module in order to achieve this via msfrpcd service. If you are wondering what the msfrpcd service is, please look at the...

[Lynis v1.3.8] The Unix/Linux Hardening tool

Lynis is a security tool to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks, looks for installed software and determines compliance to standards. Also will it detects security issues and errors in configuration. At the end of the scan ...

[XSSless] An automated XSS payload generator written in python

An automated XSS payload generator written in python. Usage 1. Record requests with Burp proxy 2. Select requests you want to generate, then right click and select "Save items" 3. Use xssless to generate your payload: ./xssless.py burpexportfile 4. Pwn! A more detailed tutorial can be found here...

[GDB] GNU Project Debugger

GDB, the GNU Project debugger, allows you to see what is going on inside' another program while it executes - or what another program was doing at the moment it crashed. GDB can do four main kinds of things plus other things in support of these to help you catch bugs in the act: Start your progra...

[Capstone] Ultimate Disassembly Framework

Capstone is a lightweight multi-platform, multi-architecture disassembly framework. Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community. Features Support hardware architectures: ARM, ARM64 aka ARMv8, Mips & X86 more details...

[Beast-Check] SSL/TLS BEAST Vulnerability Check

A small perl script that checks a target server whether it is prone to BEAST vulnerability via target preferred cipher. It assumes no workaround i.e. EMPTY FRAGMENT applied in target server. Some sources said this workaround was disabled by default for compatibility reasons. This may be the reaso...

[Watcher] passive Web-security scanner

Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...