PDA

View Full Version : "Hacking Tools"



Symbian Hacker
23rd Jan 2010, 22:46
source:You can see links before reply

"Hacking Tools" Part I


January 22nd, 2010
Burp Suite v1.3 Released – Integrated Platform For Attacking Web Applications (You can see links before reply)

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, upstream proxies, logging, alerting and extensibility.
Burp Suite allows [...]


January 20th, 2010
BackTrack Final 4 Released – Linux Security Distribution (You can see links before reply)

BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.
Regardless if you’re making BackTrack your primary operating system, booting from a LiveDVD, or using your favorite thumbdrive, BackTrack has been customized down to every package, kernel configuration, script and patch [...]


January 18th, 2010
Microsoft SQL Server Fingerprint Tool – BETA4 (You can see links before reply)

This is a tool that performs version fingerprinting on Microsoft SQL Server 2000, 2005 and 2008, using well known techniques based on several public tools that identifies the SQL Version. The strength of this tool is that it uses probabilistic algorithm to identify the version of the Microsoft SQL Server.
The “Microsoft SQL Server Fingerprint Tool” [...]


January 11th, 2010
WAFP – Web Application Finger Printing Tool (You can see links before reply)

WAFP is a Web Application Finger Printer written in ruby using a SQLite3 DB.
How it works?
WAFP fetches the files given by the Finger Prints from a webserver and checks if the checksums of those files are matching to the given checksums from the Finger Prints. This way it is able to detect the detailed version [...]


January 5th, 2010
fimap – Remote & Local File Inclusion (RFI/LFI) Scanner (You can see links before reply)

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap is similar to sqlmap just for LFI/RFI bugs instead of sql injection. It is currently under heavy development but it’s usable.
Features
Check a Single URL, List of URLs, or Google [...]


December 30th, 2009
FindDomains v0.1.1 Released – Discover Domains/Sites/Hosts (You can see links before reply)

FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses. Provides a console interface so you can easily integrate this tool to your pentest automation system.
It retrieves domain names/web sites which are located on [...]


December 23rd, 2009
hostmap 0.2 – Automatic Hostname & Virtual Hosts Discovery Tool (You can see links before reply)

hostmap is a free, automatic, hostnames and virtual hosts discovery tool written in Ruby, licensed under GNU General Public License version 3 (GPLv3). Its goal is to enumerate all hostnames and configured virtual hosts on an IP address. The primary users of hostmap are professionals performing vulnerability assessments and penetration tests.
hostmap helps you using several [...]


December 21st, 2009
PDFResurrect v0.9 Released – PDF Analysis and Scrubbing Utility (You can see links before reply)

PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. [...]


December 8th, 2009
inSSIDer v1.2.3.1014 – Wi-Fi network scanner For Windows (You can see links before reply)

inSSIDer is an award-winning free Wi-Fi network scanner for Windows Vista and Windows XP. Because NetStumbler doesn’t work well with Vista and 64-bit XP, we built an open-source Wi-Fi network scanner designed for the current generation of Windows operating systems.
What’s Unique about inSSIDer?
Use Windows Vista and Windows XP 64-bit.
Uses the Native Wi-Fi API.
Group by Mac [...]


November 17th, 2009
Katana v1 (Kyuzo) – Portable Multi-Boot Security Suite (You can see links before reply)

The Katana: Portable Multi-Boot Security Suite is designed to fulfill many of your computer security needs. The idea behind this tool is to bring together many of the best security distributions and applications to run from one USB Flash Drive. Instead of keeping track of dozens of CDs and DVDs loaded with your favorite [...]


November 12th, 2009
Cain & Abel v4.9.35 – Password Sniffer, Cracker and Brute-Forcing Tool (You can see links before reply)

It’s been quite a while since we’ve written about Cain & Abel, one of the most powerful tools for the Windows platform (back in 2007 here).
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, [...]


November 10th, 2009
Turbodiff v1.01 BETA Released – Detect Differences Between Binaries (You can see links before reply)

Turbodiff is a binary diffing tool developed as an IDA plugin. It discovers and analyzes differences between the functions of two binaries.
Requirements
“Turbodiff 1.01 beta release 1″ works with IDA starting from v5.0.
Instructions
For the binaries:
Download the plugin and store it at the directory “..\IDA\plugins”.
If you want to compile it on your own: We have compiled it [...]


November 6th, 2009
Binging (BETA) – Footprinting & Discovery Tool (Google Hacking) (You can see links before reply)

It’s been a while since I’ve seen a tool of this type, back in the heydays of Google Hacking (which became the generic term for information gathering via search engines) there were multiple tools such as Gooscan and Goolag.
Binging is a simple tool to query Bing search engine. It will use your Bing API key [...]


October 29th, 2009
KrbGuess – Guess/Enumerate Kerberos User Accounts (You can see links before reply)

KrbGuess is a small and simple tool which can be used during security testing to guess valid usernames against a Kerberos environment. It allows you to do this by studying the response from a TGT request to the KDC server. The tool works against both Microsoft Active Directory, MIT and Heimdal Kerberos implementations. In addition [...]


October 27th, 2009
Yokoso! – Web Infrastructure Fingerprinting & Delivery Tool (You can see links before reply)

Yokoso! is a project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications. One of the most common questions we hear is “so what can you do with XSS?” and we hope that Yokoso! answers that question.
We [...]


October 22nd, 2009
Nikto 2.1.0 Released – Web Server Security Scanning Tool (You can see links before reply)

It’s been almost 2 years since the last update on Nikto, which was version 2.
For those that don’t know, Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over [...]


October 20th, 2009
Origami – Parse, Analyze & Forge PDF Documents (You can see links before reply)

origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.
Features
Create PDF [...]


October 16th, 2009
Naptha – TCP State Exhaustion Vulnerability & Tool (You can see links before reply)

The Naptha vulnerabilities are a type of denial-of-service vulnerabilities researched and documented by Bob Keyes of BindView’s RAZOR Security Team in 2000. The vulnerabilities exist in some implementations of the TCP protocol, specifically in the way some TCP implementations keep track of the state of TCP connections, and allow an attacker to exhaust the resources [...]


October 15th, 2009
Deep Packet Inspection Engine Goes Open Source (You can see links before reply)

This is great news, especially for open source tool developers. Deep packet inspection is an extremely niche area and requires great expertise (and a lot of R&D of course).
I hope a new project can spawn from this, it has many interesting applications. I think it’d be a good addition to Wireshark and IDS projects like [...]


October 14th, 2009
VIPER Lab’s VAST Live Distro – VoIP Security Testing LiveCD (You can see links before reply)

VAST is a VIPER Lab live distribution that contains VIPER developed tools such as UCsniff, VoipHopper, Videojak, videosnarf, ACE, Warvox, and more. Along with VIPER tools and other essential VoIP security tools, it also contains tools penetration testers utilize such as Metasploit, Nmap, Netcat, Hydra, Hping2 etc.
This distribution is a work in progress. If you [...]


October 9th, 2009
Nat Probe – NAT Detection Tool (You can see links before reply)

This little, but very useful program, try to sends ICMP packet out the LAN, and detect all the host that allow it. Whit this you can find bugs in your (company?) network ( or others), for example hosts that allow p2p connections.
Explanation
When we use a Gateway, we send the packets with IP destination of the [...]

ilurose_18
23rd Jan 2010, 22:48
tnx for this otor :))

Symbian Hacker
23rd Jan 2010, 22:48
"Hacking Tools" Part II


September 28th, 2009
FRHACK OS v1 alpha1 – Pentesting/Security LiveCD (You can see links before reply)

FRHACK OS is an updated/modified version of the latest BackTrack 4 ISO with many updated tools and fixes.
This means it’s a fully fledged linux pen-testing/security environment.
Some included tools & Updates
gcc-4.2
sun-java6-jre sun-java6-plugin
spoonwep-wpa-rc3.deb
airsnort-0.2.7e.tar.gz
wepbuster-1.0_beta_0.6
jbrofuzz-jar-15
wfuzz-1.4
tor-0.2.1.19
privoxy-3.0.8-stable-src
ophcrack-3.3.1
vncrack_src-1.21
fuzzgrind_090622
A new version (coming with bug fixes, included rainbow tables, wordlists, extras etc.) will be available for FRHACK 01, [...]


September 21st, 2009
Websecurify – Web Security Testing Framework (You can see links before reply)

Websecurify is a web and web2.0 security initiative specializing in researching security issues and building the next generation of tools to defeat and protect web technologies.
Key Features
JavaScript – Websecurify Security Testing Framework is the first tool of its kind to be written entirely in JavaScript using only standard technologies adopted by the leading browsers.
Multiple Environments [...]


September 10th, 2009
Haraldscan – BlueTooth Discovery Scanner (You can see links before reply)

I thought a while ago about posting some stuff on Bluetooth hacking, but never got round to it. Have posted a couple of new articles on Bluetooth but haven’t yet posted any tools. So let’s start with Haraldscan – a Bluetooth discovery scanner.
The scanner will be able to determine Major and Minor device class of [...]


September 8th, 2009
SWFScan – Free Flash Application Security Scanner (You can see links before reply)

HP SWFScan is a free tool developed by HP Web Security Research Group, which will automatically find security vulnerabilities in applications built on the Flash platform.
HP is offering SWFScan because:
Their research shows that developers and increasingly implementing applications built on the Adobe Flash platform without the required security expertise.
As a result, they are seeing a [...]


September 3rd, 2009
MySqloit – SQL Injection Takeover Tool For LAMP (You can see links before reply)

MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache, MySQL, PHP) and WAMP (Windows, Apache, MySQL, PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities. Attackers performing SQL injection on a MySQL-PHP platform must deal with several limitations and constraints.
For example, the lack [...]


August 14th, 2009
sslsniff v0.6 Released – SSL MITM Tool (You can see links before reply)

This tool was originally written to demonstrate and exploit IE’s vulnerability to a specific “basicConstraints” man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes.
It is designed to MITM all SSL connections on a LAN and dynamically generates [...]


August 10th, 2009
Xplico – Network Forensic Analysis Tool (You can see links before reply)

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic [...]


August 5th, 2009
FakeIKEd – Fake IKE Daemon Tool For MITM (You can see links before reply)

FakeIKEd, or fiked for short, is a fake IKE daemon supporting just enough of the standards and Cisco extensions to attack commonly found insecure Cisco PSK+XAUTH VPN setups in what could be described as a semi MitM attack. Fiked can impersonate a VPN gateway’s IKE responder in order to capture XAUTH login credentials; it doesn’t [...]


July 31st, 2009
sqlmap 0.7 Released – Automatic SQL Injection Tool (You can see links before reply)

We’ve been following sqlmap since it first came out in Feburary 2007 and it’s been quite some time since the last update sqlmap 0.6.3 in December 2008.
For those not familiar with the tool, sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection [...]


July 29th, 2009
crack.pl – SHA1 & MD5 Hash Cracking Tool (You can see links before reply)

crack.pl is a tool for cracking SHA1 & MD5 hashes, including a new BETA tool which can crack MD5 that have been salted. You can use a dictionary file or bruteforce and it can be used to generate tables itself.
NOTE – Salt function is currently only available for md5, you need to append ‘\’ infront [...]


July 17th, 2009
bsqlbf v2.3 Released – Blind SQL Injection Brute Forcing Tool (You can see links before reply)

This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections.
We reported bsqlbf when it first hit the net back in April 2006 with bsqlbf v1.1, then the v2.0 update in June 2008. This new [...]


July 7th, 2009
MultiISO LiveDVD v1.0 – BackTrack, Knoppix & Ophcrack (You can see links before reply)

MultiISO LiveDVD is an integrated Live DVD technology which combines some of the very popular Live CD ISOs already available on the internet. It can be used for security reconnaissance, vulnerability identification, penetration testing, system rescue, media center and multimedia, system recovery, etc. It’s a all-in-one multipurpose LiveDVD put together. There’s something in it for [...]


July 6th, 2009
Military Communications Hacking – Script Kiddy Style (You can see links before reply)

Ah now this is interesting..and scary in a way. Script Kiddies with guns!
Script kiddies going to war, or is it turning soldiers into script kiddies. Who knows.
Anyway, the US military has decided to make their soldiers walking hackers, with an all-in-one super hacking device that can penetrate satellite signals, VoIP networks and normal information systems.
As [...]


July 3rd, 2009
The Middler – User Session Cloning & MITM Tool (You can see links before reply)

The Middler is a Man in the Middle tool to demonstrate protocol middling attacks. Led by Jay Beale, the project involves a team of authors including InGuardians agents Justin Searle and Matt Carpenter. The Middler is intended to man in the middle, or “middle” for short, every protocol for which we can create code.
In [...]


June 25th, 2009
BackTrack 4 Pre Release Available For Download (You can see links before reply)

You may remember back in February the BETA of BackTrack 4 was released for download, the team have made many changes and have now released BackTrack 4 Pre Release.
For those that don’t know BackTrack is the top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly [...]


June 19th, 2009
Acunetix Web Vulnerability Scanner (WVS) 6.5 Released (You can see links before reply)

You may remember a while back we did a Review of Acunetix Web Vulnerability Scanner 6 – the very full featured web vulnerability scanning software.
Well the latest version has been released recently with some updates, bug fixes and improvements on the web application security front.
I’m hoping to try out the AcuSensor on a PHP install [...]


June 17th, 2009
fm-fsf – Freakin’ Simple Fuzzer – Cross Platform Fuzzing Tool (You can see links before reply)

fm-fsf is a new fuzzer/data scraper that works under OSX, Linux (with Mono) and Windows (.NET Framework). Fuzzing tools are always useful if you are looking at discovering some new flaws in a software or web service.
Quick Info
FSF is a plug-in based freakin’ simple fuzzer for fuzzing web applications and scraping data.
It supports some [...]


June 15th, 2009
Honeysnap – Pcap Packet Capture File Parsing Tool (You can see links before reply)

Honeysnap is designed to be a command-line tool for parsing single or multiple pcap data files and producing a ‘first-cut’ analysis report that identifies significant events within the processed data. This presents security analysts with a pre-prepared menu of high value network activity, aimed at focusing manual forensic analysis and saving significant incident investigation time. [...]


June 10th, 2009
FTPXerox v1.0 – FTP File Transfer Sniffer (You can see links before reply)

This is an old tool, but still useful. I saw someone asking for a tool to grab FTP files from the wire without using something like Wireshark, which brought me to this tool – FTPXerox.
FTPXerox grabs files that are transferred across the network using the FTP protocol. It was written to demonstrate the fact that [...]


June 4th, 2009
WEPBuster – Wireless Security Assessment Tool – WEP Cracking (You can see links before reply)

WEPBuster basically seems to be a toolkit that attempts to automate the tasks done by the various parts of the aircrack-ng suite.
The end goal of course is to crack the WEP key of a given Wireless network.
Features
The main part of this is the autonomous nature of the toolkit, it can crack all access points within [...]


May 28th, 2009
WarVOX 1.0.1 Released – Telephony Analysis & War Dialing Suite (You can see links before reply)

WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, [...]


May 18th, 2009
Samurai Web Testing Framework 0.6 Released – Web Application Security LiveCD (You can see links before reply)

You may remember we wrote about Samurai being released back in November 2008, it’s been quite a while since the last update.
The authors have updated and fixed a number of issues with the environment as well as improved performance of the java based tools. They have also included a virtual machine of the environment. [...]


May 13th, 2009
Pangolin – Automatic SQL Injection Tool (You can see links before reply)

Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management [...]


May 11th, 2009
Durzosploit v0.1 – JavaScript Exploit Generation Framework (You can see links before reply)

Durzosploit is a JavaScript exploit generation framework that works through the console. This goal of that project is to quickly and easily generate working exploits for cross-site scripting vulnerabilities in popular web applications or web sites.
Please note that Durzosploit does not find browser vulnerabilities, it only is an framework containing exploits you can use.
At present [...]


May 7th, 2009
FBController – The Ultimate Utility to Control Facebook Accounts (You can see links before reply)

Just to put a downer on all the script kiddies, this utility WILL NOT hack/crack Facebook passwords or accounts.
You need to feed it biscuits (cookies) before you can do anything.
You can get the target’s cookie by sniffing, XSS, social engineering, ARP Poison-Sniffing, Scroogle search or however you like.
Once you have the cookies you can use [...]


April 27th, 2009
OAT (OCS Assessment Tool) – Office Communication Server Security Assessment Tool (You can see links before reply)

OAT is an Open Source Security tool designed to check the password strength of Microsoft Office Communication Server users. After a password is compromised, OAT demonstrates potential UC attacks that can be performed by legitimate users if proper security controls are not in place.
Features
Online Dictionary Attack
Presence Stealing
Contact List Stealing
Single User Flood Mode (Internal)
Domain Flood Mode [...]


April 13th, 2009
Watcher – Passive Analysis Tool For HTTP Web Applications (You can see links before reply)

Watcher is a run time passive-analysis tool for You can see links before reply Web applications. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads, cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.
Major Features:
Passive detection of security, privacy, [...]


April 9th, 2009
Interceptor – Wireless Wired Network Tap (Fon+) (You can see links before reply)

The Interceptor is a wireless wired network tap. Basically, a network tap is a way to listen in to network traffic as it flows past. Most tools are designed to pass a copy of the traffic onto a specified wired interface which is then plugged into a machine to allow a user to monitor the [...]


April 7th, 2009
Webtunnel 0.0.5 Released – HTTP Encapsulation and Tunnel Tool (You can see links before reply)

Webtunnel is a network utility that encapsulates arbitrary data in HTTP and transmits it through a web server.
In that regard, it is similar to You can see links before reply however, it has several key important differences: its server component runs in the context of a web server as a CGI application (with optional FastCGI support) so it does not [...]


April 3rd, 2009
UCSniff – VoIP/IP Video Sniffing Tool (You can see links before reply)

UCSniff is an exciting new VoIP Security Assessment tool that leverages existing open source software into several useful features, allowing VoIP owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping. Written in C, and initially released for Linux systems, the software is freely available for anyone to download, [...]


April 1st, 2009
winAUTOPWN – Windows Autohacking Tool (You can see links before reply)

winAUTOPWN is a TooL to Autohack your targets with least possible interaction. The aim of creating winAUTOPWN is not to compete with already existing commercial frameworks like Core Impact (Pro), Immunity Canvas, Metasploit Framework (freeware), etc. which offer autohacks, but to create a free, quick, standalone application which is easy to use and doesn’t require [...]

Symbian Hacker
23rd Jan 2010, 22:49
"Hacking Tools" Part III


March 27th, 2009
Deblaze – Remote Method Enumeration Tool For Flex Servers (You can see links before reply)

Through the use of the Flex programming model and the ActionScript language, Flash Remoting was born. Flash applications can make request to a remote server to call server side functions, such as looking up accounts, retrieving additional data and graphics, and performing complex business operations. However, the ability to call remote methods also increases the [...]


March 25th, 2009
ProxyStrike v2.1 Released – Active Web Application Proxy Tool (You can see links before reply)

In April last year we wrote about ProxyStrike, recently the developer has released a couple of new versions – the latest being v2.1.
ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that [...]


March 23rd, 2009
sqlsus 0.2 Released – MySQL Injection & Takeover Tool (You can see links before reply)

sqlsus is an open source MySQL injection and takeover tool, written in perl.
Via a command line interface that mimics a mysql console, you can retrieve the database structure, inject a SQL query, download files from the web server, upload and control a backdoor, and much more…
It is designed to maximize the amount of data gathered [...]


March 19th, 2009
Webshag 1.10 Released – Free Web Server Audit Tool (You can see links before reply)

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.
You may remember back in March 2008 we published about Webshag 1.00 being released. Now Webshag 1.10 has been released! This new version provides several feature enhancements [...]


March 17th, 2009
dnsmap 0.22 Released – Subdomain Bruteforcing Tool (You can see links before reply)

dnsmap is a subdomain bruteforcer for stealth enumeration, you could say something similar to Reverse Raider or DNSenum.
Originally released in 2006, dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain [...]


March 12th, 2009
WarVOX – Wardialing Tool Suite (Explore, Classify & Audit Telephone Systems) (You can see links before reply)

WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, [...]


March 10th, 2009
VideoJak – IP Video Security Assessment Tool (You can see links before reply)

What is VideoJak?
VideoJak is an IP Video security assessment tool that can simulate a proof of concept DoS against a targeted, user-selected video session and IP video phone. VideoJak is the first of its kind security tool that analyzes video codec standards such as H.264.
VideoJak works by first capturing the RTP port used in a [...]


March 6th, 2009
fzem – MUA (Mail User Agent) / Mail Client Fuzzer (You can see links before reply)

fzem is a MUA (mail user agent) fuzzer that fuzzes MAIL/MIME email headers as well as how clients handle SMTP, POP and IMAP responses.
Purpose
fzem’s purpose is to fuzz MUAs as they process email content and handle server reponses.
How does it work?
fzem has the three main mail protocols implemented as well as mail/mime headers. Using these [...]


March 4th, 2009
Medusa v1.5 Released – Parallel, Modular Login Brute Forcing Tool (You can see links before reply)

Finally an update to Medusa! Version 1.5 of Medusa is now available for public download. Medusa 1.4 was released quite some time back in November 2007 and before that Medusa 1.3 showed up November 2006.
You would have thought version 1.5 would have been released in November 2008! Looks like they missed by a few months.
What [...]


February 26th, 2009
SSLstrip – You can see links before reply Stripping Attack Tool (You can see links before reply)

This tool provides a demonstration of the You can see links before reply stripping attacks that was presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for You can see links before reply links and redirects, then map those links into either look-alike HTTP links or homograph-similar You can see links before reply links. It also supports modes for supplying a favicon which [...]


February 24th, 2009
WMAT Released – Web Mail Auth Tool For Testing Web Mail Logins (You can see links before reply)

WMAT is Web Mail Auth Tool that provide some essential functions for testing web mail logins, written in python with support of pyCurl.
How it works?
It is very simple, You give WMAT file with usernames, file with passwords, URL of web mail app and chose pattern for attack. Patterns are XML files that define post/get fields, [...]


February 18th, 2009
Fast-Track 4.0 – Automated Penetration Testing Suite (You can see links before reply)

The latest big buzz is Fast-Track released recently at ShmooCon by Securestate, basically Fast-Track is an automated penetration suite for penetration testers.
For those of you new to Fast-Track, Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally conceived [...]


February 16th, 2009
BackTrack BETA 4 Released for Public Download (You can see links before reply)

The Remote Exploit Development Team is happy to announce the release of BackTrack 4 Beta. In this latest version of BackTrack 4 there have been some conceptual changed and some new and exciting features. The most significant of these changes is the expansion from the realm of a Pentesting LiveCD towards a full blown “Distribution”.
Now [...]


February 11th, 2009
Webtunnel 0.0.2 – HTTP Encapsulation and Tunnel Tool (You can see links before reply)

Webtunnel is a network utility that encapsulates arbitrary data in HTTP and transmits it through a web server. In that regard, it is similar to You can see links before reply however, it has several key important differences: its server component runs in the context of a web server as a CGI application (with optional FastCGI support) so it does [...]


January 30th, 2009
Complemento v0.6 – LetDown TCP Flooder, ReverseRaider Subdomain Scanner & Httsquash HTTP Server Scanner Tool (You can see links before reply)

We first wrote about Complemento 0.4b a little while ago when it first hit the public domain just last month (December 2008).
Now there have been 2 major updated versions, the latest being 0.6.
What is Complemento?
Complemento is a collection of tools that the author originally created for his own personal toolchain for solving some problems or [...]


January 23rd, 2009
CeWL – Custom Word List Generator Tool for Password Cracking (You can see links before reply)

It seems to be trendy lately to make tools which can create custom or more specific word lists for password cracking, just last week we posted about the web application The Associative Word List Generator (AWLG), which crawls the whole web to look for associated words with a given topic.
This application is more towards creating [...]


January 20th, 2009
Acunetix Web Vulnerability Scanner 6 Review (You can see links before reply)

As you might know if you’ve been reading for some time, I do occasionally review commercial software if it’s interesting and relevant – the last one I remember doing was back in 2007 “Outpost Security Suite PRO Review“.
This time it’s for a much more relevant piece of software IMHO, and one which I actually like [...]


January 16th, 2009
FireCAT 1.5 Released – Firefox Catalog of Auditing Extensions (You can see links before reply)

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment
FireCAT 1.5 will be the last release of this 1.x branch. In fact, we are working on a new improved version 2.0 (management of plugins, instant download from security-database, ability to add [...]


January 14th, 2009
The Associative Word List Generator (AWLG) – Create Related Wordlists for Password Cracking (You can see links before reply)

You may remember some time back we did a fairly exhaustive post on Password Cracking Wordlists and Tools for Brute Forcing.
Wyd the Password Profiling Tool also does something similar to AWLG but it’s a PERL script rather than being based online.
I’d prefer if AWLG let us download an offline version too personally.
About AWLG
The Associative Word [...]


January 6th, 2009
WITOOL v0.1 – GUI Based SQL Injection Tool in .NET (You can see links before reply)

WITOOL is an graphical based SQL Injection Tool written in dotNET.
- For SQL Server, Oracle
- Error Base and Union Base
Interface
Features
Retrieve schema : DB/TableSpace, Table, Column, other object
Retrieve data : retrive paging, dump xml file
Log : View the raw data HTTP log
Environment
OS: Windows 2000/XP/VISTA
Requirement: Microsoft .NET(2.0) Library (Download Here).
You can download WITOOL v0.1 here:
WITOOL_V0.1_081231.zip
Or read more [...]

Symbian Hacker
23rd Jan 2010, 22:49
"Hacking Tools" Part IV


December 30th, 2008
Burp Suite v1.2 Released – Web Application Security Testing & Attack Platform (You can see links before reply)

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, downstream proxies, logging, alerting and extensibility.
Burp Suite [...]


December 22nd, 2008
MultiInjector v0.3 Released – Automatic SQL Injection and Defacement Tool (You can see links before reply)

You might remember a while ago we posted about MultiInjector which claims to the first configurable automatic website defacement tool, it got quite a bit of interest and shortly after that it was updated. Anyway, good or bad I think people deserve to know what is out there.
Features
Receives a list of URLs as input
Recognizes the [...]


December 18th, 2008
sqlmap 0.6.3 Released – Automatic SQL Injection Tool (You can see links before reply)

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back end database management system [...]


December 16th, 2008
Complemento v0.4b – LetDown TCP Flooder, ReverseRaider Subdomain Scanner & Httsquash HTTP Server Scanner Tool (You can see links before reply)

An interesting collection of tools for pen-testing including a DoS tool (something you don’t often see publicly released).
Complemento is a collection of tools that the author originally created for his own personal toolchain for solving some problems or just for fun. Now he has decided to release it to the public.
The Tools
LetDown is a TCP [...]


December 12th, 2008
sapyto v0.98 Released – SAP Penetration Testing Framework Tool (You can see links before reply)

sapyto is the first SAP Penetration Testing Framework, sapyto provides support to information security professionals in SAP platform discovery, investigation and exploitation activities.
sapyto is periodically updated with the outcome of the deep research on the various security aspects in SAP systems.
Although sapyto is a versatile and powerful tool, it is of major importance for it [...]


December 5th, 2008
The World’s Fastest MD5 Cracker – BarsWF (You can see links before reply)

BarsWF is basically an MD5 cracking tool and at the moment, is currently the fastest. Right now on nVidia 9600GT/C2D 3Ghz CUDA version does 350 M keys/sec, SSE2 version does 108 M keys/sec. You may check benchmarks of all known good MD5 bruteforcers here.
Changes in 0.8
Added checks for errors when calling CUDA kernel.
Now you [...]


November 27th, 2008
FireCAT 1.4 Released – Firefox Catalog of Auditing Extensions (You can see links before reply)

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment
You can find an online map of Firecat v1.4 here.
Changes for version 1.4
Information Gathering (Enumeration and Fingerprinting)
Passive Recon : PassiveRecon allows Information Security professionals the ability to perform “packetless” discovery of target [...]


November 25th, 2008
Browser Rider – Web Browser Exploitation Framework (You can see links before reply)

Browser Rider is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.
Browser Rider is not a new concept. Similar tools such as BeEF or Backframe exploited the same concept. However most of the other existing tools out there [...]


November 20th, 2008
ike-scan – IPsec VPN Scanning, Fingerprinting and Testing Tool (You can see links before reply)

ike-scan is a command-line tool for discovering, fingerprinting and testing IPsec VPN systems. It constructs and sends IKE Phase-1 packets to the specified hosts, and displays any responses that are received.
ike-scan allows you to:
Send IKE packets to any number of destination hosts, using a configurable output bandwidth or packet rate. (This is useful for VPN [...]


November 12th, 2008
Samurai Web Testing Framework – Web Application Security LiveCD (You can see links before reply)

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use [...]


November 7th, 2008
SARA – Security Auditor’s Research Assistant – Network Analysis Tool (You can see links before reply)

This tool has been around for a LONG time in some form or another, some of you old-skool guys may remember a package called SATAN, this was the best semi-automatic security analysis tool around back then. From SATAN and it’s development came SARA, which is now in it’s 3rd generation.
Advanced Research’s philosophy relies heavily on [...]


November 5th, 2008
MultiInjector – Automated Stealth SQL Injection Tool (You can see links before reply)

MultiInjector claims to the first configurable automatic website defacement software, I’m not sure if that’s a good thing – or a bad thing.
But well here it is anyway.
Features
Receives a list of URLs as input
Recognizes the parameterized URLs from the list
Fuzzes all URL parameters to concatenate the desired payload once an injection is successful
Automatic defacement – [...]


November 3rd, 2008
Gooscan – Automated Google Hacking Tool (You can see links before reply)

Whilst reading an article the other day I saw this mentioned and realised I haven’t written about this yet either, although I have written about the similar tool Goolag.
What is Gooscan?
Gooscan is a tool that automates queries against Google search appliances, but with a twist. These particular queries are designed to find potential vulnerabilities on [...]


October 28th, 2008
sqlmap 0.6.1 released – Automatic SQL Injection Tool (You can see links before reply)

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, [...]


October 23rd, 2008
XSS-Proxy – Cross Site Scripting Attack Tool (You can see links before reply)

XSS-Proxy is an advanced Cross-Site-Scripting (XSS) attack tool. The documents, tools and other content on this site assume you have a basic understanding of XSS issues and existing exploitation methods. If you are not famliar with XSS, then I recommend you check out the primer links/docs below to get a better of idea of what [...]


October 21st, 2008
lm2ntcrack – Microsoft Windows NT Hash Cracker (MD4 -LM) (You can see links before reply)

We have covered quite a lot of Password Cracking tools and it’s not often a new one comes out, this one is for quite a specialised purpose (not a general all-purpose password cracker like John the Ripper or Cain & Abel), although you do need to use it alongside JTR.
This tool is for instantly cracking [...]


October 17th, 2008
Web-Harvest – Web Data Extraction Tool (You can see links before reply)

Web-Harvest is Open Source Web Data Extraction tool written in Java. It offers a way to collect desired Web pages and extract useful data from them. In order to do that, it leverages well established techniques and technologies for text/xml manipulation such as XSLT, XQuery and Regular Expressions. Web-Harvest mainly focuses on HTML/XML based [...]


October 13th, 2008
p0f – Advanced Passive OS Fingerprinting Tool (You can see links before reply)

Ah can’t believe I haven’t posted about this one before, one of my favourite tools! It was a big breakthrough to have a passive OS-fingerprinting tool after relying on Nmap and Xprobe2 for the longest time.
OS fingerprinting is a very important part of a pen-test during the information gathering stage.
P0f v2 is a versatile passive [...]


October 9th, 2008
NetStumbler – Windows Freeware to Detects Insecure Wireless Networks (You can see links before reply)

Another one from the old school, this tool has been around forever since way before wardriving was fashionable and when people still used pringles cans for antenna boosting.
It’s a favourite amongst Windows users, although it can’t do any real hacking (like breaking a WEP key) – it’s extremely fast and effecient in the detection of [...]


October 1st, 2008
Superscan v4.0 – Fast TCP & UDP Port Scanner for Windows (You can see links before reply)

This is another tool that has been around for a long time and I’ve been using it for years since it’s earliest versions, oddly however I’ve never posted about it.
So here it for the few of you that haven’t heard of it, probably the best port scanner on the Windows platform, very fast and compact [...]


September 29th, 2008
dnsscan – DNS Open Recursive Resolver Scanner/Scanning Tool (You can see links before reply)

Dnsscan is a tool for finger printing open recursive resolvers. It runs in conjuction with a small server that knows how to reply to queries forwarded from probed resolvers. For example, assume that you have delegated osd.example.org:
osd.example.org. 900 IN [...]


September 25th, 2008
BSQL Hacker – Automated SQL Injection Framework (You can see links before reply)

BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities in virtually any database.
It ships with Automated Attack modules which allows the dumping of whole databases for the following DBMS:
MS-SQL Server
ORACLE
MySQL (experimental)
Attack Templates for:
MS Access
MySQL
ORACLE
PostgreSQL
MS-SQL Server
Also you can write your own attack template for any other database as well [...]


September 23rd, 2008
ohrwurm – RTP Fuzzing Tool (SIP Phones) (You can see links before reply)

ohrwurm is a small and simple RTP fuzzer, it has been tested it on a small number of SIP phones, none of them withstood the fuzzing.
Features:
reads SIP messages to get information of the RTP port numbers
reading SIP can be omitted by providing the RTP port numbers, so that any RTP traffic can be fuzzed
RTCP traffic [...]


September 19th, 2008
Surf Jack – Cookie Session Stealing Tool (You can see links before reply)

A tool which allows one to hijack HTTP connections to steal cookies – even ones on You can see links before reply sites! Works on both Wifi (monitor mode) and Ethernet.
Features:
Does Wireless injection when the NIC is in monitor mode
Supports Ethernet
Support for WEP (when the NIC is in monitor mode)
Known issues:
Sometimes the victim is not redirected correctly (particularly seen when [...]


September 15th, 2008
PorkBind v1.3 – Nameserver (DNS) Security Scanner (You can see links before reply)

This program retrieves version information for the nameservers of a domain and produces a report that describes possible vulnerabilities of each.
Vulnerability information is configurable through a configuration file; the default is porkbind.conf. Each nameserver is tested for recursive queries and zone transfers. The code is parallelized with libpthread.
Changes for v1.3
Wrote in-a-bind shell script that [...]


September 10th, 2008
reDuh – TCP Redirection over HTTP (You can see links before reply)

What Does reDuh Do?
reDuh is actually a tool that can be used to create a TCP circuit through validly formed HTTP requests.
Essentially this means that if we can upload a JSP/PHP/ASP page on a server, we can connect to hosts behind that server trivially
What is it for?
a) Bob.Hacker has the ability to upload / create [...]


September 8th, 2008
onesixtyone 0.3.2 – An Efficient SNMP Scanner (You can see links before reply)

The SNMP protocol is a stateless, datagram oriented protocol. An SNMP scanner is a program that sends SNMP requests to multiple IP addresses, trying different community strings and waiting for a reply. Unfortunately SNMP servers don’t respond to requests with invalid community strings and the underlying UDP protocol does not reliably report closed UDP ports. [...]


September 4th, 2008
XTest – VoIP Infrastructure Security Testing Tool (You can see links before reply)

What is XTest?
XTest is a simple, practical, and free, wired 802.1x supplicant security tool implementing the RFC 3847 EAP-MD5 Authentication method. It can be used to assess the password strength within wired ethernet environments that rely on 802.1x to protect IP Phones and the VoIP Infrastructure against rogue PC access. XTest is developed in C [...]

Symbian Hacker
24th Jan 2010, 00:02
Hack Tools, Utilities and Exploits

Astalavista Tools and Utilities



Packetstorm Last 10 Files



IntelliTamper.rb.txt (You can see links before reply) - This Metasploit module exploits a stack overflow in the IntelliTamper. By sending an overly long string to the defer script, an attacker may be able to execute arbitrary code.
sonique2-dos.txt (You can see links before reply) - Sonique2 version 2.0 Beta build 103 local denial of service proof of concept exploit.
dsa-1976-1.txt (You can see links before reply) - Debian Linux Security Advisory 1976-1 - Several vulnerabilities have been discovered in dokuwiki, a standards compliant simple to use wiki.
joomlagurujibook-sql.txt (You can see links before reply) - The Joomla Gurujibook component suffers from a remote SQL injection vulnerability.
joomlatennisladders-sql.txt (You can see links before reply) - The Joomla Tennis Ladders component suffers from a remote blind SQL injection vulnerability.
ncrack-0.01ALPHA.tar.gz (You can see links before reply) - Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts. Ncrack's features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap's and many more.
fortinet-ie.txt (You can see links before reply) - Fortinet's FortiGuard Labs has discovered a memory corruption vulnerability in Microsoft's Internet Explorer. In order to compromise a system / remotely execute code, an attacker would lure a user to a maliciously crafted website. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
joomlaarticle-sql.txt (You can see links before reply) - The Joomla Article component suffers from a remote SQL injection vulnerability.
joomlaiotaphotogallery-sql.txt (You can see links before reply) - The Joomla IotaPhotoGallery suffers from a remote SQL injection vulnerability.
USN-890-3.txt (You can see links before reply) - Ubuntu Security Notice 890-3 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.4. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.

Packetstorm Tools



ncrack-0.01ALPHA.tar.gz (You can see links before reply) - Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts. Ncrack's features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap's and many more.
tor-0.2.1.22.tar.gz (You can see links before reply) - Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
stunnel-4.30.tar.gz (You can see links before reply) - Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
nmap-5.20.tgz (You can see links before reply) - Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
sipwitch-0.6.0.tar.gz (You can see links before reply) - GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
john-1.7.4.2.tar.gz (You can see links before reply) - John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, and BeOS. Its primary purpose is to detect weak Unix passwords, but a number of other hash types are supported as well.
scannedonly-0.16.tar.gz (You can see links before reply) - Scannedonly is a samba VFS module that ensures that only files that have been scanned for viruses are visible and accessible to the end user. Scannedonly was developed because of scalability problems with samba-vscan. Scannedonly comes in two parts: a Samba VFS module and (one or more) daemons. The daemon scans files and marks them when they are known to be clean. The samba module simply filters out files that aren't marked clean.
malheur-0.4.6.tar.gz (You can see links before reply) - Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
tor.uclibc.i686.20100115.iso (You can see links before reply) - Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP.
prism.c (You can see links before reply) - PRISM is an user space reverse shell backdoor. It offers ICMP mode where it awaits a packet containing a security key and host ip / port destination information. It also offers static mode where it can connect to a hardcoded ip / port.



Packetstorm Exploits



sonique2-dos.txt (You can see links before reply) - Sonique2 version 2.0 Beta build 103 local denial of service proof of concept exploit.
joomlagurujibook-sql.txt (You can see links before reply) - The Joomla Gurujibook component suffers from a remote SQL injection vulnerability.
joomlatennisladders-sql.txt (You can see links before reply) - The Joomla Tennis Ladders component suffers from a remote blind SQL injection vulnerability.
joomlaarticle-sql.txt (You can see links before reply) - The Joomla Article component suffers from a remote SQL injection vulnerability.
joomlaiotaphotogallery-sql.txt (You can see links before reply) - The Joomla IotaPhotoGallery suffers from a remote SQL injection vulnerability.
ievbdevkit-exec.txt (You can see links before reply) - Microsoft Internet Explorer vbDevKit.dll Active-X control code execution exploit.
qtweb3-dos.txt (You can see links before reply) - QtWeb web browser version 3.0 denial of service crash exploit.
joomlabiographies-lfi.txt (You can see links before reply) - The Joomla Biographies component suffers from a local file inclusion vulnerability.
iewshomocx-addadmin.txt (You can see links before reply) - Microsoft Internet Explorer wshom.ocx Active-X remote add administrator exploit.
iboutique-xss.txt (You can see links before reply) - iBoutique version 4.0 suffers from a cross site scripting vulnerability.



Securiteam Exploits



Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability (You can see links before reply) - Insecure permissions have been detected in the multiple Kaspersky Lab antivirus products.
Piwik Cookie Unserialize Vulnerability (You can see links before reply) - Piwik unserializes() user input which allows an attacker to send a carefully crafted cookie that when unserialized utilizes Piwik's classes to upload arbitrary files or execute arbitrary PHP code.
Invision Power Board SQL PHP File Inclusion and SQL Injection (You can see links before reply) - Invision Power Board has a PHP file inclusion vulnerability that is trivial to exploit with a web browser and a known location of a php file residing on the target system. Authorisation is not required. The SQL injection vulnerability is somewhat tricky to exploit as there are quite a few restrictions that make creating a successful sql attack vector difficult. Nevertheless a crafty attacker might issue a series of requests that might allow him to gain some information about the target system or even read files from the disk depending on permissions granted to the db account that is used by the forum.
U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) Vulnerability (You can see links before reply) - The U.S. Defense Information Systems Agency (DISA) publishes Security Readiness Review scripts (SRRs) to ensure systems and software meet security baselines required by the Department of Defense. Unprivileged local users can obtain root access on Unix systems where the DISA SRR scripts are run.
DevIL DICOM Buffer Overflow Vulnerability (You can see links before reply) - A vulnerability in DevIL DICOM "GetUID()" can be exploited by a malicious party to compromise an application using the library.

Symbian Hacker
24th Jan 2010, 00:03
Hack Tools, Utilities and Exploits


Astalavista Tools and Utilities

Packetstorm Last 10 Files



IntelliTamper.rb.txt (You can see links before reply) - This Metasploit module exploits a stack overflow in the IntelliTamper. By sending an overly long string to the defer script, an attacker may be able to execute arbitrary code.
sonique2-dos.txt (You can see links before reply) - Sonique2 version 2.0 Beta build 103 local denial of service proof of concept exploit.
dsa-1976-1.txt (You can see links before reply) - Debian Linux Security Advisory 1976-1 - Several vulnerabilities have been discovered in dokuwiki, a standards compliant simple to use wiki.
joomlagurujibook-sql.txt (You can see links before reply) - The Joomla Gurujibook component suffers from a remote SQL injection vulnerability.
joomlatennisladders-sql.txt (You can see links before reply) - The Joomla Tennis Ladders component suffers from a remote blind SQL injection vulnerability.
ncrack-0.01ALPHA.tar.gz (You can see links before reply) - Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts. Ncrack's features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap's and many more.
fortinet-ie.txt (You can see links before reply) - Fortinet's FortiGuard Labs has discovered a memory corruption vulnerability in Microsoft's Internet Explorer. In order to compromise a system / remotely execute code, an attacker would lure a user to a maliciously crafted website. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
joomlaarticle-sql.txt (You can see links before reply) - The Joomla Article component suffers from a remote SQL injection vulnerability.
joomlaiotaphotogallery-sql.txt (You can see links before reply) - The Joomla IotaPhotoGallery suffers from a remote SQL injection vulnerability.
USN-890-3.txt (You can see links before reply) - Ubuntu Security Notice 890-3 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.4. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.

Packetstorm Tools



ncrack-0.01ALPHA.tar.gz (You can see links before reply) - Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts. Ncrack's features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap's and many more.
tor-0.2.1.22.tar.gz (You can see links before reply) - Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
stunnel-4.30.tar.gz (You can see links before reply) - Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, NNTP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
nmap-5.20.tgz (You can see links before reply) - Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
sipwitch-0.6.0.tar.gz (You can see links before reply) - GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
john-1.7.4.2.tar.gz (You can see links before reply) - John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, and BeOS. Its primary purpose is to detect weak Unix passwords, but a number of other hash types are supported as well.
scannedonly-0.16.tar.gz (You can see links before reply) - Scannedonly is a samba VFS module that ensures that only files that have been scanned for viruses are visible and accessible to the end user. Scannedonly was developed because of scalability problems with samba-vscan. Scannedonly comes in two parts: a Samba VFS module and (one or more) daemons. The daemon scans files and marks them when they are known to be clean. The samba module simply filters out files that aren't marked clean.
malheur-0.4.6.tar.gz (You can see links before reply) - Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It is designed to support the regular analysis of malicious software and the development of detection and defense measures. It allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. It can be applied to recorded program behavior of various formats as long as monitored events are separated by delimiter symbols, e.g. as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox, and Joebox.
tor.uclibc.i686.20100115.iso (You can see links before reply) - Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP.
prism.c (You can see links before reply) - PRISM is an user space reverse shell backdoor. It offers ICMP mode where it awaits a packet containing a security key and host ip / port destination information. It also offers static mode where it can connect to a hardcoded ip / port.

Packetstorm Exploits



sonique2-dos.txt (You can see links before reply) - Sonique2 version 2.0 Beta build 103 local denial of service proof of concept exploit.
joomlagurujibook-sql.txt (You can see links before reply) - The Joomla Gurujibook component suffers from a remote SQL injection vulnerability.
joomlatennisladders-sql.txt (You can see links before reply) - The Joomla Tennis Ladders component suffers from a remote blind SQL injection vulnerability.
joomlaarticle-sql.txt (You can see links before reply) - The Joomla Article component suffers from a remote SQL injection vulnerability.
joomlaiotaphotogallery-sql.txt (You can see links before reply) - The Joomla IotaPhotoGallery suffers from a remote SQL injection vulnerability.
ievbdevkit-exec.txt (You can see links before reply) - Microsoft Internet Explorer vbDevKit.dll Active-X control code execution exploit.
qtweb3-dos.txt (You can see links before reply) - QtWeb web browser version 3.0 denial of service crash exploit.
joomlabiographies-lfi.txt (You can see links before reply) - The Joomla Biographies component suffers from a local file inclusion vulnerability.
iewshomocx-addadmin.txt (You can see links before reply) - Microsoft Internet Explorer wshom.ocx Active-X remote add administrator exploit.
iboutique-xss.txt (You can see links before reply) - iBoutique version 4.0 suffers from a cross site scripting vulnerability.

Securiteam Exploits



Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability (You can see links before reply) - Insecure permissions have been detected in the multiple Kaspersky Lab antivirus products.
Piwik Cookie Unserialize Vulnerability (You can see links before reply) - Piwik unserializes() user input which allows an attacker to send a carefully crafted cookie that when unserialized utilizes Piwik's classes to upload arbitrary files or execute arbitrary PHP code.
Invision Power Board SQL PHP File Inclusion and SQL Injection (You can see links before reply) - Invision Power Board has a PHP file inclusion vulnerability that is trivial to exploit with a web browser and a known location of a php file residing on the target system. Authorisation is not required. The SQL injection vulnerability is somewhat tricky to exploit as there are quite a few restrictions that make creating a successful sql attack vector difficult. Nevertheless a crafty attacker might issue a series of requests that might allow him to gain some information about the target system or even read files from the disk depending on permissions granted to the db account that is used by the forum.
U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) Vulnerability (You can see links before reply) - The U.S. Defense Information Systems Agency (DISA) publishes Security Readiness Review scripts (SRRs) to ensure systems and software meet security baselines required by the Department of Defense. Unprivileged local users can obtain root access on Unix systems where the DISA SRR scripts are run.
DevIL DICOM Buffer Overflow Vulnerability (You can see links before reply) - A vulnerability in DevIL DICOM "GetUID()" can be exploited by a malicious party to compromise an application using the library.

jailbreak
24th Jan 2010, 01:35
thanks......

lanchao
24th Jan 2010, 01:41
anlufet.. hehehe thx

emphasis
24th Jan 2010, 03:35
,,cool nakakahilong tools sa dami...haha

krameoj
24th Jan 2010, 10:29
anong facebook apps na ang nahack mo????

panget214
24th Jan 2010, 10:45
hacking tools ahehehe.... nice.... sa mga want maging true hacker, don't use any premade applications, gawa lang din sila ng mga HACKERS talaga ahehehe....thanks otor

SITSIT
24th Jan 2010, 10:58
can you give me this hacking tool:

-fly crypter v2.3 and USG 0.7
-ISTEALER V6
-icrypt crypter
-fly stealer v2.3

thanks in advance....

Symbian Hacker
24th Jan 2010, 20:35
can you give me this hacking tool:

-fly crypter v2.3 and USG 0.7
-ISTEALER V6
-icrypt crypter
-fly stealer v2.3

thanks in advance....
try looking here:
100 Best Hacking Sites
You can see links before reply

SITSIT
24th Jan 2010, 22:55
try looking here:
100 Best Hacking Sites
You can see links before reply

that site is from progenic.com.

can you give me a good crypter:)

ken_2006
18th Aug 2010, 13:08
Ang dami at ang lupet!

nicegretchen26
18th Aug 2010, 15:03
Ang Galing Nito Sir....:thumbsup::thumbsup:

Ma try na din....:thumbsup::thumbsup:

kasymbianyoko1905
18th Aug 2010, 18:10
hmm galing nila. . thanks for sharing these. .

jagzeer
23rd Aug 2010, 22:18
bravo... ur so cool!!!!!!tanx.. d best

heimacki.
23rd Aug 2010, 22:48
Waaaah. Nasan na ako?
haha dami ah. thanks po!
I'll try it soon :)

jagzeer
26th Aug 2010, 21:00
thanks... how bout visiting You can see links before reply usefull tools for security!

warlordc1
28th Aug 2010, 14:22
guyz meron kau MD5 harsh encrypter and descrpter.. and by the way need ko tools for hacking yahoo or face book

RICKYYYY
31st Aug 2010, 18:49
:thanks: !!!

ichooseyou
31st Aug 2010, 19:16
dame ah. haha kaso parang hirap pag aralan neto.

yaniputo12
4th Sep 2010, 19:57
salamat dito otor!...

pterpol
5th Sep 2010, 16:07
pa subscribe.... :D

mhelvs123
27th Sep 2010, 21:54
September 21st, 2009
Websecurify – Web Security Testing Framework

Websecurify is a web and web2.0 security initiative specializing in researching security issues and building the next generation of tools to defeat and protect web technologies.
Key Features
JavaScript – Websecurify Security Testing Framework is the first tool of its kind to be written entirely in JavaScript using only standard technologies adopted by the leading browsers.
Multiple Environments [...]


mga boss may nakatry na po ba nito?? anu use nito at panu e2 gamitin?? TIA

FlashCorp
27th Sep 2010, 21:59
Want hacking..??
Use Linux.. Better TCP/IP controling.. :D
Best hackers use Linux..
:)

a_wonder
28th Sep 2010, 22:47
Do yo know where i can download MAFIA(Metasploit Anti-Forensic.......)????
and Transmogrify as well..........?????

a_wonder
28th Sep 2010, 22:50
guyz meron kau MD5 harsh encrypter and descrpter.. and by the way need ko tools for hacking yahoo or face book

Use backtrack.... there's no "one" tool for hacking the sites..... backtrack all of them.....

weymardgomez
8th Oct 2010, 19:05
san po ba makakapag download ng facebook password recovery please sir maam help me thank you reply po thanks

alecz18
8th Oct 2010, 21:31
ty d2 sir! :D

animelover_manga
8th Oct 2010, 22:32
bookmark na muna :D thanks to this author

balkris
8th Oct 2010, 23:16
wow ang dami a. pag aralan ko pag uwi ko sa amin tnx po ..

tag2114
9th Nov 2010, 19:18
wat naman kaya pinaka da best jan? hmmm...:salute:

faustvii13
9th Nov 2010, 20:36
ayos to pa bookmark muna..

thanks..

uchihasasuke000
9th Nov 2010, 23:02
pa try sir thanks

misheru21
1st Dec 2010, 10:45
:help::help: waahhh... sino po nakakaalam magretrieve ngn password sa SF (special force) ??... nahack po yung account ko... :weep::weep:

antukin028
1st Dec 2010, 11:56
kaka duling!! hahah

ohhmymomay
1st Dec 2010, 12:10
rami.. pa subbscribe..

robine89
1st Dec 2010, 12:28
and dami... panu ba gagamitin mga to? haha! astig nice TS!

BackTrack
12th Dec 2010, 18:03
tnx pre....

kokkie123
12th Dec 2010, 18:22
wat naman kaya pinaka da best jan? hmmm...:salute:

mysql injection attack.

maestrodos
12th Dec 2010, 22:28
Wow,thanks ts,

mr.chulli
15th Dec 2010, 02:35
TS dami ah.. thanks! :clap:

unknown_entity
20th Dec 2010, 14:02
Thanks TS may basis na din ako sa code line ng mga to para macompare at makagawa hehehehehe!!! Salamat ng marami :thanks: hitted

jerry_08
2nd Jul 2011, 14:03
salamat dito sir...:)

mikehacker182
4th Jul 2011, 09:55
source:You can see links before reply

"Hacking Tools" Part I


January 22nd, 2010
Burp Suite v1.3 Released – Integrated Platform For Attacking Web Applications (You can see links before reply)

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, upstream proxies, logging, alerting and extensibility.
Burp Suite allows [...]


January 20th, 2010
BackTrack Final 4 Released – Linux Security Distribution (You can see links before reply)

BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking.
Regardless if you’re making BackTrack your primary operating system, booting from a LiveDVD, or using your favorite thumbdrive, BackTrack has been customized down to every package, kernel configuration, script and patch [...]


January 18th, 2010
Microsoft SQL Server Fingerprint Tool – BETA4 (You can see links before reply)

This is a tool that performs version fingerprinting on Microsoft SQL Server 2000, 2005 and 2008, using well known techniques based on several public tools that identifies the SQL Version. The strength of this tool is that it uses probabilistic algorithm to identify the version of the Microsoft SQL Server.
The “Microsoft SQL Server Fingerprint Tool” [...]


January 11th, 2010
WAFP – Web Application Finger Printing Tool (You can see links before reply)

WAFP is a Web Application Finger Printer written in ruby using a SQLite3 DB.
How it works?
WAFP fetches the files given by the Finger Prints from a webserver and checks if the checksums of those files are matching to the given checksums from the Finger Prints. This way it is able to detect the detailed version [...]


January 5th, 2010
fimap – Remote & Local File Inclusion (RFI/LFI) Scanner (You can see links before reply)

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap is similar to sqlmap just for LFI/RFI bugs instead of sql injection. It is currently under heavy development but it’s usable.
Features
Check a Single URL, List of URLs, or Google [...]


December 30th, 2009
FindDomains v0.1.1 Released – Discover Domains/Sites/Hosts (You can see links before reply)

FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses. Provides a console interface so you can easily integrate this tool to your pentest automation system.
It retrieves domain names/web sites which are located on [...]


December 23rd, 2009
hostmap 0.2 – Automatic Hostname & Virtual Hosts Discovery Tool (You can see links before reply)

hostmap is a free, automatic, hostnames and virtual hosts discovery tool written in Ruby, licensed under GNU General Public License version 3 (GPLv3). Its goal is to enumerate all hostnames and configured virtual hosts on an IP address. The primary users of hostmap are professionals performing vulnerability assessments and penetration tests.
hostmap helps you using several [...]


December 21st, 2009
PDFResurrect v0.9 Released – PDF Analysis and Scrubbing Utility (You can see links before reply)

PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. [...]


December 8th, 2009
inSSIDer v1.2.3.1014 – Wi-Fi network scanner For Windows (You can see links before reply)

inSSIDer is an award-winning free Wi-Fi network scanner for Windows Vista and Windows XP. Because NetStumbler doesn’t work well with Vista and 64-bit XP, we built an open-source Wi-Fi network scanner designed for the current generation of Windows operating systems.
What’s Unique about inSSIDer?
Use Windows Vista and Windows XP 64-bit.
Uses the Native Wi-Fi API.
Group by Mac [...]


November 17th, 2009
Katana v1 (Kyuzo) – Portable Multi-Boot Security Suite (You can see links before reply)

The Katana: Portable Multi-Boot Security Suite is designed to fulfill many of your computer security needs. The idea behind this tool is to bring together many of the best security distributions and applications to run from one USB Flash Drive. Instead of keeping track of dozens of CDs and DVDs loaded with your favorite [...]


November 12th, 2009
Cain & Abel v4.9.35 – Password Sniffer, Cracker and Brute-Forcing Tool (You can see links before reply)

It’s been quite a while since we’ve written about Cain & Abel, one of the most powerful tools for the Windows platform (back in 2007 here).
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, [...]


November 10th, 2009
Turbodiff v1.01 BETA Released – Detect Differences Between Binaries (You can see links before reply)

Turbodiff is a binary diffing tool developed as an IDA plugin. It discovers and analyzes differences between the functions of two binaries.
Requirements
“Turbodiff 1.01 beta release 1″ works with IDA starting from v5.0.
Instructions
For the binaries:
Download the plugin and store it at the directory “..\IDA\plugins”.
If you want to compile it on your own: We have compiled it [...]


November 6th, 2009
Binging (BETA) – Footprinting & Discovery Tool (Google Hacking) (You can see links before reply)

It’s been a while since I’ve seen a tool of this type, back in the heydays of Google Hacking (which became the generic term for information gathering via search engines) there were multiple tools such as Gooscan and Goolag.
Binging is a simple tool to query Bing search engine. It will use your Bing API key [...]


October 29th, 2009
KrbGuess – Guess/Enumerate Kerberos User Accounts (You can see links before reply)

KrbGuess is a small and simple tool which can be used during security testing to guess valid usernames against a Kerberos environment. It allows you to do this by studying the response from a TGT request to the KDC server. The tool works against both Microsoft Active Directory, MIT and Heimdal Kerberos implementations. In addition [...]


October 27th, 2009
Yokoso! – Web Infrastructure Fingerprinting & Delivery Tool (You can see links before reply)

Yokoso! is a project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications. One of the most common questions we hear is “so what can you do with XSS?” and we hope that Yokoso! answers that question.
We [...]


October 22nd, 2009
Nikto 2.1.0 Released – Web Server Security Scanning Tool (You can see links before reply)

It’s been almost 2 years since the last update on Nikto, which was version 2.
For those that don’t know, Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over [...]


October 20th, 2009
Origami – Parse, Analyze & Forge PDF Documents (You can see links before reply)

origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.
Features
Create PDF [...]


October 16th, 2009
Naptha – TCP State Exhaustion Vulnerability & Tool (You can see links before reply)

The Naptha vulnerabilities are a type of denial-of-service vulnerabilities researched and documented by Bob Keyes of BindView’s RAZOR Security Team in 2000. The vulnerabilities exist in some implementations of the TCP protocol, specifically in the way some TCP implementations keep track of the state of TCP connections, and allow an attacker to exhaust the resources [...]


October 15th, 2009
Deep Packet Inspection Engine Goes Open Source (You can see links before reply)

This is great news, especially for open source tool developers. Deep packet inspection is an extremely niche area and requires great expertise (and a lot of R&D of course).
I hope a new project can spawn from this, it has many interesting applications. I think it’d be a good addition to Wireshark and IDS projects like [...]


October 14th, 2009
VIPER Lab’s VAST Live Distro – VoIP Security Testing LiveCD (You can see links before reply)

VAST is a VIPER Lab live distribution that contains VIPER developed tools such as UCsniff, VoipHopper, Videojak, videosnarf, ACE, Warvox, and more. Along with VIPER tools and other essential VoIP security tools, it also contains tools penetration testers utilize such as Metasploit, Nmap, Netcat, Hydra, Hping2 etc.
This distribution is a work in progress. If you [...]


October 9th, 2009
Nat Probe – NAT Detection Tool (You can see links before reply)

This little, but very useful program, try to sends ICMP packet out the LAN, and detect all the host that allow it. Whit this you can find bugs in your (company?) network ( or others), for example hosts that allow p2p connections.
Explanation
When we use a Gateway, we send the packets with IP destination of the [...]


nice author

limedust17
5th Jul 2011, 19:35
anu kaya gagamitin ko dito....hmmm lahat na...he he :thanks: ts

intex_16
5th Jul 2011, 22:53
woYou can see links before reply wata tread! d bezt for the hackers!thnxxx a lot

princesamrud
14th Jun 2012, 08:58
salamat d2 wow ang galing
nito sana maging ganyan din
ako keep lang po sa pagshare kc
marami kaung na22lungan
kagaya ko at lalo na sa mga
newbies at sana ipagpa2loy nyo pa
ang pagshare kc maraming
kayong na2xlungan at
dagdag kaalaman pa i2 sa
aking at pati sa iba.. kaya maraming salamat kc
ang galing n2 SALAMAT!!! pleas visit lang po sa profile
ko..Salamat,thaks!!

mobhack
14th Jun 2012, 09:09
thanks TS

lead.sei_24
19th Jun 2012, 13:49
:thanks: ang daming pag-aaralan

bryce211
19th Jun 2012, 13:52
la ba jan pwdng pang hack ng id sa camfrog ts????;)

flashdrive05
11th Jul 2012, 14:03
gandang hapon po sa lahat....

ganex99
27th Jul 2012, 01:11
bookmark

ganex99
27th Jul 2012, 01:13
TS not working na ung FBController, meron ba version 4 nyan? version1 lang kasi ung nsa DL link..

Darwin09061986
27th Jul 2012, 02:00
Ang dami neto TS ah, nakakahilo sa dami :lol: marka muna

johnny.villastiqui
27th Jul 2012, 04:08
aw! grabe! galing mo ts! thanks dito.

khiya
27th Jul 2012, 07:32
thanks for this thread :) meron akong nakuha hahaha regarding sa wireless sniffing and monitoring

:thanks: :thumbsup:

ganex99
27th Jul 2012, 15:24
TS version 4 naman po ng FBcontroller, di na daw kasi working ang version1.. di ako makahanap sa google, may bayad nahanap ko asar..

merlinmeraldo
27th Jul 2012, 19:03
bookmark muna po ts.. thx for sharing

kobekoy
30th Jul 2012, 14:28
Thanks TS... :thumbsup:

Fallen31
20th Oct 2012, 15:07
ang dami po nito..salamat po.. :thanks:

atienza26
20th Oct 2012, 15:43
sana my tutorial kung panu gamitin hehe

bilat86
20th Oct 2012, 16:33
pa marka papz

akosidoShong
7th Feb 2013, 09:39
:thanks:

shadowvolt
7th Feb 2013, 09:57
:clap: ma try nga ts total miss ko narin mga programs ng hacking tools, thanks

ariel_atams
11th Feb 2013, 22:01
salamat d2 TS, marami-rami din 2

dezpaired
12th Feb 2013, 00:58
wow sobrang dami..thanks d2 bossss..... :)

carlo098
12th Feb 2013, 09:47
Try ko DL may Virus,,MSE gamit ko

dodge2012
22nd Mar 2013, 09:20
ang dami nga tol, ang galing mo tol, maraming salamat.:clap:

blinkguest
23rd Mar 2013, 01:47
taga saan ka ts? parang kilala kita, "darknet". kahit initial lang.

javi527
23rd Mar 2013, 10:48
dami naman ....btw thanks sa pag share

weedsta
30th Mar 2013, 06:53
thank you

max2p
30th Mar 2013, 08:43
very usefull thread... up ko lang

samsung101
31st Mar 2013, 09:16
Hahaha thanks check din muna baka mafffffuuuddds.

dLinKx
31st Mar 2013, 10:59
nice Thread :) gagaling tayo neto

embrose29
25th May 2013, 23:54
Thanks sa share TS :clap:

lead.sei_24
26th May 2013, 00:43
:thanks: TS! sa info ang dami nito

flyinghunter22
26th Aug 2013, 01:58
:thanks: ts

jerhed12
28th Aug 2013, 20:42
dami :clap:

winky
29th Aug 2013, 00:18
pa bm t.s salamat

shontlewakwak
21st Jul 2014, 14:37
thank you dito

Midnite
30th Jul 2014, 16:55
salamat po dto:thumbsup::thumbsup:

koneckulin
15th Aug 2014, 20:04
pa bm po boss..
maraming salamat..