6011 matches found
[SterJo Wireless Passwords v.1.4] Utility for recovering your lost wireless passwords of your network
SterJo Wireless Password is FREE utility for recovering your lost wireless passwords of your network. As the number of devices using wireless network increases same as the need for more security, it often may happen your password containing letters, numbers and special characters to be forgotten ...
[Doona] Network Protocol Fuzzer
Doona is a fork of the Bruteforce Exploit Detector, it was renamed to avoid confusion as it has a large number of of changes. You should get a copy from github if you want to try it: https://github.com/wireghoul/doona. It's currently a little short on documentation, so I will let the changelog...
[Binwalk v1.2.2] Firmware Analysis Tool
Binwalk is a firmware analysis tool designed to assist in the analysis, extraction, and reverse engineering of firmware images and other binary blobs. It is simple to use, fully scriptable, and can be easily extended via custom signatures, extraction rules, and plugin modules. Binwalk supports...
[Facebook Password Decryptor v5.5 ] Facebook Password Recovery Software
Facebook Password Decryptor is the FREE software to instantly recover Facebook account passwords stored by popular Web Browsers and Messengers. It is one of our most popular software with over One Million Downloads worldwide. Here is the complete list of supported applications. Internet Explorer...
[SterJo Startup Patrol v.1.3] Disable software that delayed the boot time
Often may happen your PC to run a little slower than usual. Don't worry, it is nothing serious. You’ve probably installed some software that delayed the boot time. SterJo Startup Patrol allows you to view those files and disable them. This way you can optimize the Windows startup time but be...
[TinySHell] Ported to SCTP
You may have seen, a while ago, my post on SCTP reverse shells. I realized quite quickly that I should definately do some more research in this direction, and hence ported one of my favourite Unix backdoors which uses a TCP connection to use a SCTP connection instead. This backdoor allows for a...
[IPv6 Disable Tool] Command-line Software to Enable or Disable IPv6 on Windows
IPv6 Disable is the free command-line tool to quickly Enable or Disable IPv6 Internet Protocol version 6 on your Windows system. It automatically checks for the current status of IPv6 and then enable/disable it accordingly. It is simple & easy to use tool. Also being a command-line based tool mak...
WHMCS 0day Auto Exploiter <= 5.2.8
inurl:submitticket.php site:.com inurl:submitticket.php site:.net inurl:submitticket.php site:.us inurl:submitticket.php site:.eu inurl:submitticket.php site:.org inurl:submitticket.php site:.uk intext:"Powered by WHMCompleteSolution" intext:"Powered by WHMCompleteSolution" inurl:clientarea.php...
[Ghiro v0.1] Digital Image Forensic Analyzer
Sometime forensic investigators need to process digital images as evidence. There are some tools around, otherwise it is difficult to deal with forensic analysis with lot of images involved. Images contain tons of information, Ghiro extracts these information from provided images and display them...
[SterJo Task Manager v.2.6] Advanced utility for process managing
SterJo Task Manager is a FREE an advanced utility for process managing which allows you to get details on everything that’s running on your computer. The program is divided in several sections covering the main parts of each system. “Processes” gives you more details about all processes and also...
[AxCrypt] Open Source Windows File Encryption Software
AxCrypt is the leading open source Windows file encryption software. It integrates seamlessly with Windows to compress, encrypt, decrypt, store, send and work with individual files. Personal Privacy and Security with AES-128 File Encryption and Compression for Windows 2000/2003/XP/Vista/2008/7...
[FruityWifi v1.0] Wireless network auditing tool
FruityWifi is a wireless network auditing tool based in the wifi Pineapple. The application can be installed in any Debian based system adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM Raspberry Pi, Raspbian Raspberry Pi. Services Wireless: Start|Stop wireless access point...
[Router Password Decryptor] Tool to Recover Login/PPPoE/WEP/WPA/WPA2 Passwords from Router/Modem Config file
Router Password Decryptor is the FREE tool to instantly recover internet login/PPPoE authentication passwords, Wireless WEP keys, WPA/WPA2 Passphrases from your Router/Modem configuration file. Currently it supports password recovery from following type of Routers/Modems Cisco Juniper DLink BSNL ...
[SterJo NetStalker v.1.0] Security software able to detect all authorized and unauthorized connections
SterJo NetStalker is innovative and FREE security software able to detect all authorized and unauthorized connections to your computer and send you alert for each new connection. The software is based on similar principles as most firewalls work and also could create a custom security policies wi...
Nmap CheatSheet
Download PDF Nmap CheatSheet By SANS...
[Firebind Reflector v0.53] Portable Network Path Scanning Tool
Firebind Reflector is a portable network path scanning tool that can profile firewall and other network device rules for port blocking, such as perform egresss/exfiltration testing. Reflector has a client side and listener server-side like Netcat and Ncat, except Reflector can dynamically be told...
[WiFi Password Dump] Command-line Tool to Recover Wireless Passwords
WiFi Password Dump is the free command-line tool to quickly recover all the Wireless account passwords stored on your system. It automatically recovers all type of Wireless Keys/Passwords WEP/WPA/WPA2 etc stored by Windows Wireless Configuration Manager. For each recovered WiFi account, it displa...
[Mutator v0.2.2.1] Wordlist mutator
This project aims to be a wordlist mutator with hormones, which means that some mutations will be applied to the result of the ones that have been already done, resulting in something like: corporation - C0rp0r4t10n2012 This software is usefull when applied to a few words, like company name and/o...
[Browser Password Decryptor v5.5] Software to instantly recover website login passwords stored by popular web browsers
Browser Password Decryptor is the FREE software to instantly recover website login passwords stored by popular web browsers. Currently it can recover saved login passwords from following browsers. --- Firefox Internet Explorer Google Chrome Google Chrome Canary/SXS CoolNovo Browser Opera Browser...
[LinEnum v0.2] Automating local information gathering tasks on Linux hosts
LinEnum is a shell script that automates local information gathering tasks on Linux hosts.Over 65 checks are performed, obtaining anything from kernel information to locating possible escalation points such as potentially useful SUID/GUID files and Sudo/rhost mis-configurations etc. Additionally,...
[Sandy v0.1] Open-source Samsung phone encryption assessment framework
Sandy is an open-source Samsung phone encryption assessment framework. Sandy has different modules that allow you to carry out different attack scenarios against encrypted Samsung phones. For the details check our Derbycon 3.0 presentation What’s common in Oracle and Samsung? They tried to think...
[Smbexec v2.0] A rapid tool based on psexec style attack with samba tools
A rapid tool based on psexec style attack with samba tools. Key features Enumerate systems with domain admin logged in Grab hashes Extract cached creds based on cachedump Remote Login Validation Dump cleartext credentials Pop shells Includes smbexec.sh installer.sh patches to compile binaries...
[PoshSec Framework v0.2] Graphical Interface for Powershell scripts
The PoshSec Framework is a tool that is designed to provide a graphical interface for powershell scripts, functions, modules, and cmdlets. It allows the community to write scripts that can interact with the interface by providing alerts, and output directly from their powershell scripts. This...
[jSQL Injection v0.5] Java tool for automatic database injection
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. jSQL Injection change log - version 0.5 0.5 SQL shell Uploader 0.4 Admin page checker and preview Brute forcer md5...
[Matriux Leandros v3.0 rc1] The pentesting distrib (Now added Blackhat Arsenal 2013 Tools)
Matriux is a Debian-based security distribution designed for penetration testing and forensic investigations. Although it is primarily designed for security enthusiasts and professionals, it can also be used by any Linux user as a desktop system for day-to-day computing. Besides standard Debian...
[Kvasir] Tools for effective data management during a Penetration Test
Welcome to Kvasir! Herein these directories lay the groundwork tools for effective data management during a Penetration Test. Penetration tests can be data management nightmares because of the large amounts of information that is generally obtained. Vulnerability scanners return lots of actual an...
[Hook Analyser v2.6] Application (and Malware) Analysis tool
Application and Malware Analysis tool. Hook Analyser is a hook tool which could be potentially helpful in reversing application and analysing malwares. Changelog v2.6 Added new signatures and removed redundant ones Bug fixes – Many thanks for community users to reporting them. Fixed start-up erro...
[ByteScanner] Check your file that dangerous or not
This website is web service for checking file that you're uploaded is the malicious file or not. It's similar Virustotal.com, try it by yourself. ByteScanner...
[Syhunt Sandcat Browser v4.1] A Penetration-oriented browser (extented to Web Application Assessment)
Sandcat Browser 4 brings unique features that are useful for pen-testers and web developers. Sandcat is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua programming language to provide extensions and scripting support. Features Live HTTP Headers —...
[iodine] Tunnel application to forward IPv4 traffic through DNS servers (IP over DNS)
iodine lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed. It runs on Linux, Mac OS X, FreeBSD, NetBSD, OpenBSD and Windows and needs a TUN/TAP device. The bandwidth is asymmetrical with limit...
[WhatWeb v0.4.7] The Content Management Systems (CMS) Technology Scanner
WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900...
[ThreatFactor NSIA v1.0.6] Network System Integrity Analysis
ThreatFactor NSIA is a website scanner that monitors websites in real-time in order to detect defacements, compliance violations, exploits, sensitive information disclosure and other issues. ThreatFactor detects issues remotely and therefore requires no software to install, does not introduce any...
[vFeed & vFeed API] The open source cross-linked local vulnerability database
vFeed is an open source naming scheme concept that provides extra structured detailed 3rd parties references for a CVE entry. While the emergence of the Open Standards helped undeniably to shape a new way to communicate about vulnerabilities1, the new vFeed is adding an intelligent structured xml...
[JBrute v0.9.4] Open Source Security tool to audit hashed passwords
JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-auditing scenarios. Java Runtime version 1....
[ollydbg-binary-execution-visualizer] New Tool for Visualizing Binaries With Ollydbg and Graphvis
Sometimes crackme’s or something you might be reversing will constantly bug you due to the excessive usage of f7 & f8. It will be quiet neat if you can see how the application is executing visually and set your break points accordingly. Requirements: o Ollyscript plugin o Bunch of your favorite...
[Arachni v0.4.5.1-0.4.2] Open Source Web Application Security Scanner Framework
Arachni is a Free/Open Source project, the code is released under the Apache License Version 2.0 and you are free to use it as you see fit. Initially started as an educational exercise, it has since evolved into a powerful and modular framework allowing for fast, accurate and flexible...
[OWASP Zed Attack Proxy 2.2.1] Tool for finding vulnerabilities in web applications (Now supports CWE)
OWASP Zed Attack Proxy ZAP An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing...
[Binrev] Automate Reversing Windows Binaries for Pentesters
What you can do with this? Static analysis: you can do a basic manual code review for decompiled sources to discover hidden communication channels, search for hard-coded passwords, or SQL injection vulnerabilities. Import decompiled projects to an IDE to reconstruct and modify the original source...
[Capture the flag] Remaster Linux Live CD images for wargames
Remaster Linux Live CD images for the purpose of creating ready to use security wargames with pre-installed vulnerabilities to exploit. Requirements You will need the following in order to build the Live CD using the scripts in this project: Linux, with root access using sudo git make, gcc -- for...
[SuperPutty Password Decryptor] SuperPutty Session Login Password Recovery Software
SuperPutty Password Decryptor is the Free desktop tool to instantly recover all the login passswords from SuperPutty session history. SuperPutty is a Windows GUI Application that allows PuTTY SSH Client to be opened in Tabs. It also stores the session details allowing users to automatically login...
[sslnuke] SSL without verification isn't secure!
We have all heard over and over that SSL without verification is not secure. If an SSL connection is not verified with a cached certificate, it can easily be hijacked by any attacker. So in 2013, one would think we had totally done away with this problem. Browsers cache certificates and very loud...
[OS X Auditor] free Mac OS X computer forensics tool
OS X Auditor parses and hashes the following artifacts on the running system or a copy of a system you want to analyze: the kernel extensions the system agents and daemons the third party's agents and daemons the old and deprecated system and third party's startup items the users' agents the user...
[SpearPhisher] A Simple Phishing Email Generation Tool
SpearPhisher is a simple point and click Windows GUI tool designed for mostly non-technical people who would like to supplement the education and awareness aspect of their information security program. Not only is it useful to non-technical folks, penetration testers may find it handy for sending...
[SecureCheq v1.0] The Security Configuration Management made easy!
SecureCheq is a fast, simple utility for Windows servers and desktops that answers these questions while it tests for common configuration risks. This free utility: Tests for a subset of typical and often dangerous Windows configuration errors Provides detailed remediation and repair advice Tests...
[OWASP Broken Web Applications Project VM v1.1] Collection of vulnerable web applications
The Broken Web Applications BWA Project is a collection of vulnerable web applications that is distributed on a Virtual Machine. The Broken Web Applications BWA Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in: Learning about...
[Facebook Password Dump] Tool to instantly recover your lost Facebook password
Facebook Password Dump is the command-line tool to instantly recover your lost Facebook password from popular web browsers and messengers. It automatically discovers installed applications on your system and recovers all the stored Facebook login passwords within seconds. Being command-line tool...
[wEAPe] Weape-Wireless-EAP-Extractor Script
Auto extracts EAP 802.1x user names Features Sets up wireless card into monitor mode Lists all APs Associates with AP's you wish Extracts domain user names from any connects using EAP Requirements airodump tool set Tested on Backtrack 5 and Kali. Download wEAPe...
[Nimbostratus] Tools for fingerprinting and exploiting Amazon cloud infrastructures
Nimbostratus are tools for fingerprinting and exploiting Amazon cloud infrastructures. Nimbostratus is the first toolset to help you in the process of pivoting in Amazon AWS clouds Features Enumerate permissions to AWS services for current IAM role Use poorly configured IAM role to create new AWS...
[Bluebox-ng] UC/VoIP Security Tool
Bluebox-ng is a next generation UC/VoIP security tool. It has been written in CoffeeScript using Node.js powers. This project is "our 2 cents" to help to improve information security practices in VoIP/UC environments. GitHub repo : https://github.com/jesusprubio/bluebox-ng IRCFreenode :...
[(D)DoS Deflate] Script designed to block a denial of service attack
DoS+Deflate.gif DDoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It utilizes the command below to create a list of IP addresses connected to the server, along with their total number of connections. It is one of the simplest...