[Wireshark v1.10.0 RC1] The world’s foremost network protocol analyzer

Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto and often de jure standard across many industries and educational institutions. Wireshark development thrives thanks to the...

[Salted Hash Kracker v1.0] Tool to recover the Password from Salted Hash text

Salted Hash Kracker is the free all-in-one tool to recover the Password from Salted Hash text. These days most websites and applications use salt based hash generation to prevent it from being cracked easily using precomputed hash tables such as Rainbow Crack. In such cases, 'Salted Hash Kracker'...

[IPv6 Toolkit v1.3.4] A security assessment and troubleshooting tool for the IPv6 protocols

A security assessment and troubleshooting tool for the IPv6 protocols. The SI6 Networks’ IPv6 toolkit is a set of IPv6 security/trouble-shooting tools, that can send arbitrary IPv6-based packets. Changelog v1.3.4 IPv6-host tracking support in the scan6 tool. A new tool, address6, to analyze IPv6...

[Sanewall 1.0.0] Making sense of firewalling

Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful as well as easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almo...

[Arachni v0.4.2] web application security scanner (Boosted with new UI)

Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is...

[MSF-Installer] Script to Automate Metasploit Framework Installation

Script to help with installing and configuring Metasploit Framework, Armitage and the Plugins I have written on OSX and Linux To use the script on OSX Java, Xcode and Command Development Tools from Xcode must be installed before running the script. In the case of OSX I also added the option of...

[Mercury v2.2.0] The Android Assessment Framework

Mercury is a security assessment framework for the Android platform. It allows you to dynamically interact with the Inter-Process Communication IPC endpoints exported by an application installed on a device. Mercury provides similar functionality to a number of static analysis tools, such as aapt...

[File Time Changer] Command-line Tool to quickly change the Date/Time stamp of the file

File Time Changer is the Free Command-line tool to quickly change the Date/Time stamp of the file. It also allows you to view the current date/time of the file before modifying it. You can view or modify all the 3 types of timestamp for the file, Creation Time Last Access Time Last Modified Time...

[Kali Linux v1.0.3] Penetration Testing Distribution

Kali Linux is the new generation of the industry-leading BackTrack Linux penetration testing and security auditing Linux distribution. Kali is a complete re-build of BackTrack Linux, adhering completely to Debian development standards. All-new infrastructure has been put in place, all tools were...

[WAF-FLE] Web application firewall: fast log and event console

WAF-FLE is a OpenSource Console for ModSecurity, it allow the modsec admin to view and search events sent by mlogc modsecurity event log handler. Features : Central event console Support Modsecurity in “traditional” and “Anomaly Scoring” Able to receive events sent from mlogc in real time or in...

[Resolver 1.0.9] Reverse DNS Lookup for a range of IP’s

Resolver is a windows based tool which designed to preform a reverse DNS Lookup for a given IP address or for a range of IP’s in order to find its PTR. Updated to Version 1.0.3 added dns records brute force. Version 1.0.4 added stop button. Features Resolve a single IP address Resolve a C class I...

[Nessus 5.2] Nessus Vulnerability Scanner

New release of the Nessus vulnerability scanner! This is a major release moving from 5.0.3 to 5.2.0 and includes several new features and enhancements, including: IPv6 is now supported on all platforms including Windows Nessus server support for Windows 8 and Windows 2012 Add attachments within...

[Fern Wifi Cracker] Wireless security auditing and attack software to crack and recover WEP/WPA/WPS keys

Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks...

[Hidden CMD Detector] Discover Hidden Command prompts

Hidden CMD Detector is the free tool to discover Hidden Command prompts and detect any Hacker presence on your system. The first thing any Hacker does on getting access to remote system is to run a hidden Command shell. This tool can help you to automatically detect any such hidden cmd prompts an...

[Vega v1.0] Web Application Security Scanner

Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting XSS, inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux , OS X , and Window...

[SPF v0.1.7] Smartphone Pentest Framework - Support of the SMS shell pivot

The smartphone penetration testing framework, the result of a DARPA Cyber Fast Track project, aims to provide an open source toolkit that addresses the many facets of assessing the security posture of these devices. We will look at the functionality of the framework including information gatherin...

[Brakeman v1.9.5] The Static analysis security scanner for Ruby on Rails

Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development. Unlike many web security scanners, Brakeman looks at the source code of your application. This...

[Open SCAP v0.9.5] Support of SCE - Script Check Engine

SCAP is a line of standards managed by NIST. It was created to provide a standardized approach to maintaining the security of enterprise systems, such as automatically verifying the presence of patches, checking system security configuration settings, and examining systems for signs of compromise...

[EMET v4.0 Beta] Enhanced Mitigation Experience Toolkit

The enhanced Mitigation Experience Toolkit EMET is designed to help prevent hackers from gaining access to your system. Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of...

[ADEL] Android Data Extractor Lite

ADEL which is meant as an abbreviation of “Android Data Extractor Lite ”. ADEL was developed for versions 2.x of Android and is able to automatically dump selected SQLite database files from Android devices and extract the contents stored within the dumped files. In this section we describe the...

[Cuckoo Sandbox v0.6] Software for Automating Analysis of Suspicious Files

Cuckoo Sandbox is an Open Source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment. Cuckoo generates a handful of different raw data which include: Native...

[SET Version 5.0] The Social-Engineer Toolkit "The Wild West"

Social-Engineer Toolkit SET v5.0 codename: The Wild West is a culmination of six months of development, bug squashing, and user feedback. New with this version includes a completely redesigned multiprocessing web server that handles non-rfc compliant HTTP information. The builtin SET web server...

[Topera] The IPv6 port scanner invisible to Snort (IDS)

Topera is a brand new TCP port scanner under IPv6 , with the particularity that these scans are not detected by Snort. Snort is the most known IDS/IPS and is widely used in many different critical environments. Some commercial tools Juniper or Checkpoint ones use it as detection engine also...

[Canari Framework] Maltego Rapid Transform Development Framework

Canari is a rapid transform development framework for Maltego written in Python. The original focus of Canari was to provide a set of transforms that would aid in the execution of penetration tests, and vulnerability assessments. Ever since it's first prototype, it has become evident that the...

[REMnux] A Linux Distribution for Malware Analysis

REMnux incorporates a number of tools for analyzing malicious executables that run on Microsoft Windows, as well as browser-based malware, such as Flash programs and obfuscated JavaScript. This popular toolkit includes programs for analyzing malicious documents, such PDF files, and utilities for...

[ExploitSearch.net] Exploit / Vulnerability Search Engine

Exploitsearch.net , is an attempt at cross referencing/correlating exploits and vulnerability data from various sources and making the resulting database available to everyone. Unlike other exploit search engines which are simply custom google searches, this site actually crawls the source...

[Panoptic] Automates the process of search and retrieval of content for common log and config files through LFI vulnerability

Panoptic is an open source penetration testing tool that automates the process of search and retrieval of content for common log and config files through LFI vulnerability. Official introductionary post can be found here. Also, you can find a sample run here. Help Menu Usage: panoptic.py --url...

[SAMHAIN v3.0.11 & BELTANE v2.4.6] Host-based intrusion detection system (HIDS)

The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis , as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially...

[Viproy] VoIP Penetration Testing Kit

Viproy Voip Pen-Test Kit is developed to improve quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 7 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and...

[Ghost Phisher] GUI suite for phishing and penetration attacks

Ghost Phisher is a Wireless and Ethernet security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to emulate access points and deploy various internal networking servers for networking, penetration testing and...

[Hackersh] Free shell (command interpreter) written in Python

Hackersh "Hacker Shell " is a free and open source license shell command interpreter written in Python with Pythonect-like syntax, builtin security commands, and out of the box wrappers for various security tools. It is like Unix pipeline, but for processing security information and metadata rath...

[HoneyDrive Desktop v0.2] Honeypot LiveCD

HoneyDrive is a virtual appliance OVA with Xubuntu Desktop 12.04 32-bit edition installed. It contains various honeypot software packages such as Kippo SSH honeypot, Dionaea malware honeypot, Honeyd low-interaction honeypot, Glastopf web honeypot along with Wordpot, Thug honeyclient and more...

[AppUse] Android Pentest Platform Unified Standalone Environment

AppSec Labs recently developed the AppUse Virtual Machine. This system is a unique, free, platform for mobile application security testing in the android environment, and it includes unique custom-made tools created by AppSec Labs. There is no need for installation of simulators and testing tools...

[Acunetix Web Vulnerability Scanner 8] Automated Web Application Security Testing Tool

Acunetix W eb V ulnerability S canner WVS is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive...

[Binwalk v1.2] Firmware Analysis Tool

Binwalk is a tool for searching a given binary image for embedded files and executable code. Specifically, it is designed for identifying files and code embedded inside of firmware images. Binwalk uses the libmagic library, so it is compatible with magic signatures created for the Unix file...

[360-FAAR v0.4.1] Firewall Analysis Audit And Repair

360-FAAR Firewall Analysis Audit and Repair is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file! Changes: This release...

[Bluelog v1.1.1] Simple Bluetooth Scanner

Bluelog is a simple Bluetooth scanner designed to tell you how many discoverable devices there are in an area as quickly as possible. It is intended to be used as a site survey tool, identifying the number of possible Bluetooth targets there are in the surrounding environment. Changelog v1.1.1...

[Wireshark v1.9.2] World’s Foremost Network Protocol Analyzer

Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto and often de jure standard across many industries and educational institutions. Wireshark development thrives thanks to the...

[DynDNS Password Decryptor] Free Desktop Tool to Recover DynDNS Password

DynDNS Password Decryptor is a free desktop tool to instantly decode and recover DynDNS password. DynDNS - a popuar Dynamic DNS management solution offering enterprise-level DNS performance and reliability. This tool automatically detects locally installed 'DynDNS Updater Client' and displays the...

[HTTrack Website Copier] Download a Website from the Internet to a Local Directory

HTTrack is a free GPL, libre/free software and easy-to-use offline browser utility. It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arrange...

[Matriux] The Open Source Security Distribution for Ethical Hackers and Penetration Testers and Forensic Experts

The Matriux is a phenomenon that was waiting to happen. It is a fully featured security distribution based on Debian consisting of a powerful bunch of more than 300 open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking...

[DLink Password Decryptor] Tool to recover the Login Password of D-Link modem/router

DLink Password Decryptor is a free desktop tool to instantly recover the Login Password of D-Link modem/router. If you have lost login authentication password of your D-link modem and you have backup configuration file then you can use this tool to quickly get back your password. It supports dual...

[HoneyProxy] A man-in-the-middle SSL Proxy & Traffic Analyzer

HoneyProxy is a lightweight tool that allows live HTTPS traffic inspection and analysis. It focuses on features that are useful for malware analysis and network forensics. Features Analyze HTTPS traffic on the fly Filter and highlight traffic, regex support included. Report Generation for saved...

[Hash Kracker Console] Tool to find out the password from the Hash

Hash Kracker Console is the all-in-one command-line tool to find out the password from the Hash. Currently it supports password recovery from following popular Hash types MD5 SHA1 SHA256 SHA384 SHA512 Also it offers 4 types of Password Recovery methods based on the complexity of password Dictiona...

[oclHashcat-lite v0.15] Worlds fastest NTLM, MD5, SHA1, SHA256 and Descrypt Cracker

Features Worlds fastest NTLM, MD5, SHA1, SHA256 and descrypt cracker Free Multi-GPU up to 128 gpus Multi-OS Linux & Windows native binaries Multi-Platform OpenCL & CUDA support Multi-Algo see below Low resource utilization, you can still watch movies or play games while cracking Focuses one-shot,...

[oclHashcat-plus v0.14] Worlds fastest md5crypt, phpass, mscash2 and WPA/WPA2 cracker

Features Worlds fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker Worlds first and only GPGPU based rule engine Free Multi-GPU up to 128 gpus Multi-Hash up to 15 million hashes Multi-OS Linux & Windows native binaries Multi-Platform OpenCL & CUDA support Multi-Algo see below Low resource...

[Hashcat v0.44] Advanced Password Recovery

Features Multi-Threaded Free Multi-Hash up to 24 million hashes Multi-OS Linux, Windows and OSX native binaries Multi-Algo MD4, MD5, SHA1, DCC, NTLM, MySQL, ... SSE2 accelerated All Attack-Modes except Brute-Force and Permutation can be extended by rules Very fast Rule-engine Rules compatible wit...

[Juniper Password Decryptor] Tool to Decode and Recover Juniper $9$ Passwords

Juniper Password Decryptor is a free desktop tool to instantly decode and recover Juniper $9$ Passwords. Juniper Router allows you to configure 2 types of passwords, Juniper $1$ Password: Here MD5 hash of the password is stored. It starts with $1$ and requires brute-force technique to recover the...

[XSSF v.3.0] Cross-Site Scripting Framework

The Cross-Site Scripting Framework XSSF is a security tool designed to turn the XSS vulnerability exploitation task into a much easier work. The XSSF project aims to demonstrate the real dangers of XSS vulnerabilities, vulgarizing their exploitation. This project is created solely for education,...

[Dexter] A Free Tool for Mobile (Android) Malware Analysis

Bluebox Labs just released Dexter, a free tool which wants to help information security professionals and malware analysts to analyze Android mobile applications in order to find malware and vulnerabilities. .png Dexter combines manual and automatic static program analysis to provide a better...