[flunym0us] Vulnerability Scanner for Wordpress and Moodle

Flunym0us is a Vulnerability Scanner for Wordpress and Moodle designed by Flu Project Team. Flunym0us has been developed in Python. Flunym0us performs dictionary attacks against Web sites. By default, Flunym0us includes a dictionary for Wordpress and other for Moodle. Operation Flunym0us requires...

[RHEL 7] Red Hat Enterprise Linux 7 Beta

Red Hat Enterprise Linux 7 Beta showcases hundreds of new features and enhancements, including: Linux Containers - Enabling applications to be created and deployed in isolated environments with allocated resources and permissions. Performance Management – Using built in tools, you can optimize...

[Twitter Password Dump] Command-line Tool to Recover Twitter Password from Web Browsers

Twitter Password Dump is the command-line tool to instantly recover your lost Twitter password from all the popular web browsers. Currently it can recover your Twitter password from following applications, Firefox Internet Explorer v6.x - v10.x Google Chrome Chrome Canary/SXS CoolNovo Browser Ope...

[RemotePasswordWiFi] Script in Ruby, for search passwords WiFi of remote routers

Script in Ruby, for search passwords WiFi of remote routers. Support Routers: Thomson Thechnicolor in next days: bee cisco Download RemotePasswordWiFi...

[WinDbg v6.12.2.633] Debugging Tools for Windows

WinDbg is a graphical debugger from Microsoft. It is actually just one component of the Debugging Tools for Windows package, which also includes the KD, CDB, and NTSD debuggers. Its claim to fame is debugging memory dumps produced after a crash. It can even debug in kernel mode. For downloads and...

[Avivore] The Twitter-searching Data Miner

Avivore is a Python-based tool that searches Twitter for keywords and then parses any tweets that are found. When parsing, it looks for the following sort of data: Phone numbers in NPA-NXX format ex: 604-555-1212 IPv4 addresses 127.0.0.1 Blackberry PINs ABCDEF12 It presently uses a SQLite backend...

[Comodo Instant Malware Analysis] Online Automated Analysis System

If you have a suspicious file, please submit it online by using the form below. Once the file is submitted, COMODO Automated Analysis System will scan it and report back its findings. Comodo Instant Malware Analysis...

[BTS PenTesting Lab] A vulnerable web application to learn common vulnerabilities

The most common question from students who is learning website hacking techniques is "how to test my skills legally without getting into troubles?". So, i always suggest them to use some vulnerable web application such as DVWA. However, i felt dvwa is not suitable for new and advanced techniques...

[Anubis] Online Analyzing Unknown Binaries

Anubis is a service for analyzing malware. Submit your Windows executable or Android APK and receive an analysis report telling you what it does. Alternatively, submit a suspicious URL and receive a report that shows you all the activities of the Internet Explorer process when visiting this URL...

[Websecurify] Web Security Testing Runtime

A Complete Suite Of Web Security Tools The Suite provides a complete and functional marketplace of highly integrated web application security tools. You will find that different areas are covered by various domain-specific solutions. The Suite consists of automated scanners, fuzzers, utilities an...

[Bugtroid] Pentesting for Android

Bugtroid is an innovative tool developed by the team of Bugtraq-Team. The main features of this apk, is that it has more than 200 Android and Linux tools PRO for pentesting and forensics through its Smarthphone or tablet. It has a menu categorized according to the nature of the tool may find:...

[Malware Classifier] Malware Analysis Tool

Adobe Malware Classifier is a command-line tool that lets antivirus analysts, IT administrators, and security researchers quickly and easily determine if a binary file contains malware, so they can develop malware detection signatures faster, reducing the time in which users' systems are...

[Wifitap] WLAN Traffic Injection Tool

Wifitap is a proof of concept for communication over WLAN networks using traffic injection. Wifitap allows direct communication with an associated station to a given access point directly, whilst not being being associated ourselves or being handled by access point. Wifitap is written in Python,...

[VirusTotal] Online Malware Analysis Tool

VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false...

Tor Browser Bundle 3.5

The 2.x stable series of the Tor Browser Bundle has officially been deprecated, and all users are encouraged to upgrade to the 3.5 series. Packages are now available from the Tor download page as well as the Tor Package archive. For now, the Pluggable Transports-capable TBB is still a separate...

[Suricata 1.4.7] Open Source Next Generation Intrusion Detection and Prevention Engine

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. OISF is part of and funded by the Department of...

[Rhino] Java Script Deobfuscate Tool

Rhino is an open-source implementation of JavaScript written entirely in Java. It is typically embedded into Java applications to provide scripting to end users. It is embedded in J2SE 6 as the default Java scripting engine. Rhino-debugger is a Graphical User Interface GUI that enables to debug...

[Tor-ramdisk] Micro Linux distribution whose sole purpose is to securely host a Tor server purely in RAM

Tor-ramdisk is a uClibc-based micro Linux distribution whose sole purpose is to securely host a Tor server purely in RAM. For those not familiar with Tor, it is a system which allows the user to construct encrypted virtual tunnels which are randomly relayed between Tor servers nodes until the...

[PDFMiner] Python PDF parser and analyzer

PDFMiner is a tool for extracting information from PDF documents. Unlike other PDF-related tools, it focuses entirely on getting and analyzing text data. PDFMiner allows one to obtain the exact location of text in a page, as well as other information such as fonts or lines. It includes a PDF...

[GNU Privacy Guard] Complete and free implementation of the OpenPGP standard

GnuPG is the GNU project's complete and free implementation of the OpenPGP standard as defined by RFC4880. GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG, also known ...

[evasi0n7] iOS 7.x Jailbreak

Evasi0n Jailbreaking tools available for Apple iOS 7 users. This jailbreak utility/tool made by Evad3rs team after 3 months of iOS 7 launched. evasi0n is available for Mac and Windows, and is untethered. Here are the requirements posted on the evasi0n website: A computer, running Windows XP...

[WinAppDbg 1.5] Python Debugger

The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach...

[Hook Analyser 3.0] A Freeware Malware Analysis and Cyber Threat Intelligence Software

In terms of improvements, a new module has been added - Cyber Threat Intelligence. Threat Intel module is being created to gather and analyse information related to Cyber Threats and vulnerabilities. The module can be run using HookAnalyser.exe via Option 6 , or can be run directly. The module...

TestingWhiz - Test Automation Tool

TestingWhiz is a test automation tool for web, database, cloud, mobile and web services/API testing from Cygnet Infotech. It has a codeless architecture based on FAST Automation Engine with 290+ readily available test commands that provide easy, intuitive and fast automation solution without...

[ModSecurity v2.7] Open Source Web Application Firewall

ModSecurity is an embeddable web application firewall, which means it can be deployed as part of your existing web server infrastructure Apache, IIS7 and Nginx. This deployment method has certain advantages: 1. No changes to existing network. It only takes a few minutes to add ModSecurity to your...

[CrowdRE] Reverse Engineering Tool

A new project called CrowdRE aims to make it easy for the reverse engineering of complex applications working in collaboration with other users. Normally, the process reversing software from a complicated binary can consume much time, CrowdRE will help accelerate this process through teamwork...

[OWASP CSRFTester] Facilitates Ability to Test Applications for CSRF

OWASP CSRFTester is a tool for testing CSRF vulnerability in websites. Just when developers are starting to run in circles over Cross Site Scripting, the 'sleeping giant' awakes for yet another web-catastrophe. Cross-Site Request Forgery CSRF is an attack whereby the victim is tricked into loadin...

[Faraday] Penetration Test IDE

Faraday introduces a new concept IPE Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the...

[APKinspector] Powerful GUI tool to analyze the Android applications

The goal of this project is to aide analysts and reverse engineers to visualize compiled Android packages and their corresponding DEX code. APKInspector provides both analysis functions and graphic features for the users to gain deep insight into the malicious apps: CFG Call Graph Static...

[SSLSmart] Smart SSL Cipher Enumeration

SSLSmart is a highly flexible and interactive tool aimed at improving efficiency and reducing false positives during SSL testing. A number of tools allow users to test for supported SSL ciphers suites, but most only provide testers with a fixed set of cipher suites. Further testing is performed b...

[SSL Audit] Remotely scans web servers for SSL support

SSL Audit remotely scans web servers for SSL support, unlike other tools it is not limited to ciphers supported by SSL engines such as OpenSSL or NSS but can detect all known cipher suites. It features an innovative Fingerprinting engine that was never seen before. Fingerprint mode Experimental...

[SSLDigger v1.02] Tool to assess the strength of SSL

SSLDigger v1.02 is a tool to assess the strength of SSL servers by testing the ciphers supported. Some of these ciphers are known to be insecure. Features: full Browser Support using Microsoft Internet Explorer Browser Control support for operating the tool in batch modefor operating on multiple...

[BTCrack v1.1] The worlds first Bluetooth Pass phrase (PIN) Bruteforce Tool

BTCrack is the worlds first Bluetooth Pass phrase PIN bruteforce tool, BTCrack will bruteforce the Passkey and the Link key from captured pairing exchanges. BTcrack was demoed and realeased at Hack.lu 2007 and 23C3 in Berlin, the video of the presentation is available on Google Video . To capture...

[Harden SSL/TLS] Hardening the SSL/TLS settings

“Harden SSL/TLS” allows hardening the SSL/TLS settings of Windows 2000,2003,2008,2008R2, XP,Vista,7. It allows locally and remotely set SSL policies allowing or denying certain ciphers/hashes or complete ciphersuites. This tool specific allows setting policies with regards to what ciphers and...

[CommView for WiFi 7.0] Wireless Network Monitor and Analyzer

CommView for WiFi is a powerful wireless network monitor and analyzer for 802.11 a/b/g/n/ac networks. Loaded with many user-friendly features, CommView for WiFi combines performance and flexibility with an ease of use unmatched in the industry. CommView for WiFi captures every packet on the air t...

[XSS Cheat Sheet] Bypassing Modern Web Application Firewall XSS Filters

While we doing web application penetration testing for our clients, we may some time have to face the Web application Firewall that blocks every malicious request/payload. There are some Cheat sheets available on internet that helped to bypass WAF in the past. However, those cheats won't work wit...

[Hasere v0.2] Discover vHosts using Google and Bing

Hasere is a tool that can discovery the virtual hosts and related filetype using google and bing search engines. Optionally, it uses the nmap to determine the ip addresses which have 80 or 443 opened port. After that it uses the bing search engine to determine which domains were hosted or have be...

[Cryptocat] Chat Client with encrypted conversations on iPhone and Android

Cryptocat is an experimental browser-based chat client for easy to use, encrypted conversations. It aims to make encrypted, private chat easy to use and accessible. We want to break down the barrier that prevents the general public from having an accessible privacy alternative that they already...

[Harald scan] Bluetooth discovery scanning

Harald Scan is able to determine Major and Minor device class of device, as well as attempt to resolve the device's MAC address to the largest known Bluetooth MAC address Vendor list. If you are running Harald Scan and see a entry with 'Unknown' in the vendor column pleaseemail me the file which ...

[IP-reputation-snort-rule-generator] A tool to generate Snort rules based on public IP reputation data

A tool to generate Snort rules or Cisco IDS signatures based on public IP/domain reputation data. Usage ./tepig.pl --file=LOCALFILE | --url=URL --csv=FIELDNUM --sid=INITIALSID --ids=snort|cisco | --help LOCALFILE is a file stored locally that contains a list of malicious domains, IP addresses...

[Sahi] Web Test Automation Tool

Sahi Pro is a powerful tool for automation of web application testing. Sahi Pro helps test web applications across different browsers with high reliability and low maintenance. Existing testing teams with minimal programming knowledge can easily get started and contribute to test automation. Sahi...

[THC-Hydra 7.5] Fast Parallel Network Logon Cracker

Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast. Features IPv6 Support Graphic User Interface Internationalized support RFC 4013 HTTP proxy support SOCKS proxy support The tool suppor...

[Blue|Smash] Bluetooth Penetration Testing Suite

Blue|Smash is a free open source bluetooth pentest suite, powered by python for linux. I built Blue|Smash to aid me in my bluetooth adventures and thought others might benefit from my work :D. Here is a list of some of the tools included. Sorbo's Frontline bluetooth sniffer. A bruteforce scanner...

[Sandboxie] Sandbox Your Browser / Software / Programs In Windows

Sandboxie enables you to easily sandbox your browser and other programs, it runs your applications in an isolated abstraction area called a sandbox. Under the supervision of Sandboxie, an application operates normally and at full speed, but can’t effect permanent changes to your computer. Instead...

[Evil Foca] IPv4 and IPv6 Penetration testing tool

Evil Foca is a tool for Pentesters and Security Auditors to perform security testing in IPv4/ IPv6 data networks. The tool is capable to do different attacks such as: MITM on IPv4 networks using ARP Spoofing and DHCP ACK injection. MITM on IPv6 networks using Neighbor Advertisement Spoofing, SLAA...

[NOSQLMap] NoSQLMap-Automated NoSQL Database pwnage

What is NoSQLMap? NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases, as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to...

[Python eBooks] Free eBooks to learn Python

Think Python Learn Python the Hard way, 3rd edition Advance Python Features Gone Bad Invent Your Own Computer Game With Python Hacking Secret Ciphers With Python...

[SkyJack] Drone engineered to autonomously seek out, hack, and wirelessly take full control over any other drones

SkyJack is a drone engineered to autonomously seek out, hack, and wirelessly take full control over any other drones within wireless or flying distance, creating an army of zombie drones under your control. by @SamyKamkar // [email protected] // http://samy.pl // Dec 2, 2013 Overview Today...

[Orchid] Tor Client for Java

Orchid is a Tor client implementation and library written in pure Java. It was written from the Tor specification documents, which are available here. Orchid runs on Java 5+ and the Android devices. How can Orchid be used? In a basic use case, running Orchid will open a SOCKS5 listener which can ...

[MKBRUTUS] Password bruteforcer for MikroTik devices or boxes running RouterOS

Mikrotik brand devices www.mikrotik.com, which runs the RouterOS operative system, are worldwide known and popular with a high networking market penetration. Many companies choose them as they are a great combination of low-cost and good performance. RouterOS can be also installed on other device...