Commview for WiFi (Wireless Network Monitor and Analyzer) :: Tools

CommView for WiFi is a powerful wireless network monitor and analyzer for 802.11 a/b/g/n/ac networks. Loaded with many user-friendly features, CommView for WiFi combines performance and flexibility with an ease of use unmatched in the industry.

CommView for WiFi captures every packet on the air to display important information such as the list of access points and stations, per-node and per-channel statistics, signal strength, a list of packets and network connections, protocol distribution charts, etc. By providing this information, CommView for WiFi can help you view and examine packets, pinpoint network problems, and troubleshoot software and hardware.

CommView for WiFi includes a VoIP module for in-depth analysis, recording, and playback of SIP and H.323 voice communications.

Packets can be decrypted utilizing user-defined WEP or WPA-PSK keys and are decoded down to the lowest layer. With over 70 supported protocols, this network analyzer allows you to see every detail of a captured packet using a convenient tree-like structure to display protocol layers and packet headers. Additionally, the product provides an open interface for plugging in custom decoding modules.

A number of case studies describe real-world applications of CommView for WiFi in business, government, and education sectors.

CommView for WiFi is a comprehensive and affordable tool for wireless LAN administrators, security professionals, network programmers, or anyone who wants to have a full picture of the WLAN traffic. This application runs on Windows XP / Vista/ 7 / 8 or Windows Server 2003 / 2008 / 2012 (both 32- and 64-bit versions) and requires a compatible wireless network adapter. You can also run CommView for WiFi on Macs. To view the list of the adapters that have been tested and are compatible with CommView for WiFi, click on the link below: 

What you can do with CommView for WiFi ::

• Scan the air for WiFi stations and access points.
• Capture 802.11a, 802.11b, 802.11g, 802.11n, and 802.11ac WLAN traffic.
• Specify WEP or WPA keys to decrypt encrypted packets.
• View detailed per-node and per-channel statistics.
• View detailed IP connections statistics: IP addresses, ports, sessions, etc.
• Reconstruct TCP sessions.
• Configure alarms that can notify you about important events, such as suspicious packets, high bandwidth utilization, unknown addresses, rogue access points, etc.
• View protocol "pie" charts.
• Monitor bandwidth utilization.
• Browse captured and decoded packets in real time.
• Search for strings or hex data in captured packet contents.
• Log individual or all packets to files.
• Load and view capture files offline.
• Import and export packets in Sniffer®, EtherPeek™, AiroPeek™, Observer®, NetMon, Tcpdump, hex, and text formats.
• Export any IP address to SmartWhois for quick, easy IP lookup.
• Capture data from multiple channels simultaneously using several USB adapters.
• Capture A-MPDU and A-MSDU packets.
• Simulate access points.
• And much more! 

Tutorials ::

Download :: 

Windows :: Commview for WiFi v7 (Evaluation Version)   Official Website :: http://www.tamos.com/products/commwifi/

SILICA (WiFi Penetration Testing) :: Tools

SILICA is a tool for hacking or Wi-Fi penetration testing. Understanding the vulnerabilities of your WiFi network can be challenging as users can easily create networks on demand, or even perhaps unintentionally. But as recent events have demonstrated, scanning your WiFi network is an important part of understanding your security posture.

Most vulnerability assessment tools simply take their current network scanners and point them at the wireless infrastructure. This approach does not give you the information that is unique to wireless networks. Immunity has built the first automated, WiFi specific, vulnerability assessment and penetration tool.

Unlike traditional scanners that merely identify possible vulnerabilities, SILICA determines the true risk of a particular access point. SILICA does this by unintrusively leveraging vulnerabilities and determining what assets behind the vulnerable access point can be compromised.

Additionally while traditional scanners can enumerate the vulnerabilities of a particular target, they cannot evaluate whether a mitigating control is in place on the target or in the surrounding environ- ment. With SILICA’s unique methodology it can report on whether vulnerability can be successfully exploited.

More than simple scanning, the benefits of using SILICA include:

1) Improved security posture
2) Simplified trouble shooting
3) Network mapping
4) Create real threat profiles and vulnerability assessments
5) Build WiFi risk and vulnerability analysis for PCI, SOX
6) Rogue access point detection
7) Auditing wireless client security

With SILICA You Can ::

1. Recover WEP, WPA 1,2 and LEAP keys
2. Passively hijack web application sessions for email, social networking and Intranet sites.
3. Map a wireless network and identify its relationships with associated clients and other access points.
4. Identify vendors, hidden SSIDs and equipment passively.
5. Scan and break into hosts on the network using integrated CANVAS exploit modules and commands to recover screenshots, password hashes and other sensitive information.
6. Perform man-in-the-middle attacks to find valuable information exchanged between hosts.
7. Generate reports for wireless and network data.
8. Hijack wireless client connections via access point impersonation.
9. Passively inject custom content into client's web sessions.
10. Take full control of wireless clients via CANVAS's client-side exploitation framework (clientD).
11. Decrypt and easily view all WEP and WPA 1/2 traffic.

Tutorial ::

Videos :: Silica Videos Tutorials

Download ::

Windows :: SILICA_VM

WiFinger (Wireless LAN Detection Spoofing Detection) :: Tools

WiFinger was planed to become the first available wireless LAN spoofing detection tool. WiFinger is a passively identifies wireless access points based on matching the Information Elements in their beacon packets against a fingerprint database. It is written in Python and uses Scapy, and has been tested in Linux.

Currently we only have a handful of signatures, so if you want to contribute to this tool, here’s what you can do:

1. Get your access point and enable WPA and WPS (if supported).
2. Capture the beacon frames that your access point is broadcasting and save them to a pcap file.
3. Send us the pcap file along with as much information about the access point as you can (make, model, firmware version, hardware revision, ESSID and BSSID).

Download ::

Linux :: WiFinger.tar.gz
Official Website :: http://wifinger.sourceforge.net/

Haraldscan (Bluetooth Scanner) :: Tools

 

Harald Scan is a Bluetooth Scanner for Linux and Mac OS X. Harald Scan is able to determine Major and Minor device class of device, as well as attempt to resolve the device's MAC address to the largest known Bluetooth MAC address Vendor list. 

Tutorial ::

Installation :: Click Here 

Download ::

Mac :: HaraldScan-osx-0.42

Linux :: Haraldscan-dist-32-0.42

Blue|Smash (Bluetooth Penetration Testing Suite) :: Tools

Blue|Smash is a free open source Bluetooth Pentest Suite, powered by python for linux. I built Blue|Smash to aid me in my bluetooth adventures and thought others might benefit from my work . Here is a list of some of the tools included.

• Sorbo's Front-line Bluetooth sniffer.
• A brute-force scanner
• Mac address spoofer
• Load's of exploits
• Autopwn vulnerability checker
• CSR Firmware Backup/Updater

Download ::

Linux :: Blue-Smash-v1.0e.tar.gz
Official Website ::  http://bluesmash.sourceforge.net/

Blooover (J2ME Phone Autditing) :: Tools

Blooover is a J2ME Phone Auditing Tool. Since Adam Laurie's BlueSnarf experiment and the subsequent BlueBug experiment it is proven that some Bluetooth-enabled phones have security issues. Until now, attackers need laptops for the snarfing of other people's information. Unless attackers do a long-distance-snarf, people would see that there is somebody with a laptop trying to do strange things. Blooover is a proof-of-concept tool that is intended to run on J2ME-enabled cell phones that appear to be comparably seamless. Blooover is a tool that is intended to serve as an audit tool that people can use to check whether their phones and phones of friends and employees are vulnerable.

Since the application runs on handheld devices and sucks information, it has been called Blooover (derived from Bluetooth Hoover).

We had some objections to release a tool that actually does a bluebug-attack before eventual victims were not in the position of doing something against it. Now, that Nokia announced a firmware upgrade for their vulnerable models, these objections are no longer present.

Tutorial ::

Installation ::

When you intend to install the application, you should be using a phone that has the Java Bluetooth API implemented. Phones with this feature are listed on this, very useful page.
Once you downloaded the file, make sure that it is called Bloover.jar (not Blooover.zip). After this you can either transfer the application to your phone via (1) the phone software on your pc, or (2) via Obex Push over Bluetooth or (3) via OTA (over-the-air application provisioning) which will use your phone's data services.

Download ::

Jar :: Blooover.jar

BlueBugger (Information Gathering) :: Tools

BlueBugger is a tool for bluetooth devices. You can get all informations, phonebook entries and messages with a simply run. Bluebugger is an implementation of the bluebug technique which was discovered by Martin Herfurt.

Uses ::

bluebugger 0.1 (cant post urls :D)
-----------------------------------------

Usage: bluebugger [OPTIONS] -a <addr> [MODE]

       -a <addr>     = Bluetooth address of target

       Options:
       --------
       -m <name>     = Name to use when connecting (default: '')
       -d <device>   = Device to use (default: '/dev/rfcomm')
       -c <channel>  = Channelto use (default: 17)
       -n            = No device name lookup
       -t <timeout>  = Timeout in seconds for name lookup (default: 5)
       -o <file>     = Write output to <file>

       Mode:
       -----
       info                   = Read Phone Info   (default)
       phonebook              = Read Phonebook    (default)
       messages               = Read SMS Messages (default)
       dial <num>             = Dial number
       ATCMD                  = Custom Command (e.g. '+GMI')

       Note: Modes can be combined, e.g. 'info phonebook +GMI'

Tutorial ::
Text :: Click Here

Download ::

Linux :: BlueBugger Source

Btscanner (Bluetooth Scanner) :: Tools

Btscanner is a Bluetooth scanner and Information Gathering tool. Btscanner is a tool that extracts as much information as possible from a Bluetooth device without the requirement to pair. A detailed information screen extracts HCI and SDP information, and maintains an open connection to monitor the RSSI and link quality. btscanner is based on the BlueZ Bluetooth stack, which is included with recent Linux kernels, and the BlueZ toolset. Using the information gathered from these sources, it is possible to make educated guesses as to the host device type. 

Tutorial ::

Download ::

Windows XP:: Btscanner v1.0.0

Linux :: Btscanner v2.1

Bluediving (Bluetooth Penetration Testing) :: Tools

Bluediving is a Bluetooth penetration testing suite. Bluediving implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, has features such as Bluetooth address spoofing, an AT and a RFCOMM socket shell and implements tools like carwhisperer, bss, L2CAP packetgenerator, L2CAP connection resetter, RFCOMM scanner and greenplaque scanning mode (using more than one hci device).
Programming languages: Perl and C
Supported operating systems: GNU Linux 2.4 / 2.6 and FreeBSD
Requirements: BlueZ, Sox, obexftp, Gnu Readline library, XML::Simple

Download ::

Linux :: Bluediving v0.9

Tutorial ::

Click Here

Car Whisperer (Hack Carkit Bluetooth) :: Tools

Carwhisperer project intends to sensibilise manufacturers of carkits and other Bluetooth appliances without display and keyboard for the possible security threat evolving from the use of standard passkeys.

A Bluetooth passkey is used within the pairing process that takes place, when two Bluetooth enabled devices connect for the first time. Besides other public data, the passkey is a secret parameter used in the process that generates and exchanges the so-called link key. In Bluetooth communication scenarios the link key is used for authentication and encryption of the information that is exchanged between the counterparts of the communication.

The cw_scanner script is repeatedly performing a device inquiry for visible Bluetooth devices of which the class matches the one of Bluetooth Headsets and Hands-Free Units. Once a visible Bluetooth device with the appropriate
device class is found, the cw_scanner script executes the carwhisperer binary that connects to the found device (on RFCOMM channel 1) and opens a control connection and connects the SCO links.

The carwhiperer binary connects to the device found by the cw_scanner. The passkey that is required for the initial connection to the device is provided by the cw_pin.pl script that replaces the official Bluez PIN helper (graphical application that usually prompts for the passkey). The cw_pin.pl script provides the passkey depending on the Bluetooth address that requests it. Depending on the first three bytes of the address, which references the manufacturer, different passkeys are returned by the cw_pin.sh script. In quite a few cases the preset standard passkey on headsets and handsfree units is '0000' or '1234'.

Once the connection has been successfully established, the carwhisperer binary starts sending audio to, and recording audio from the headset. This allows attackers to inject audio data into the car. This could be fake
traffic announcements or nice words. Attackers are also able to eavesdrop conversations among people sitting in the car.

Ideally, the carwhisperer is used with a toooned dongle and a directional antenna that enhances the range of a Bluetooth radio quite a bit.

Tutorials ::

Download ::

Linux :: Car Whisperer v0.2

BlueMaho (Bluetooth Devices Security Testing) :: Tools

BlueMaho is GUI-shell (interface) for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do - testing to find unknown vulns. Also it can form nice statistics. 

What it can do? (features)

• Scan for devices, show advanced info, SDP records, vendor etc
• Track devices - show where and how much times device was seen, its name changes
• loop scan - it can scan all time, showing you online devices
• alerts with sound if new device found
• on_new_device - you can spacify what command should it run when it founds new device
• it can use separate dongles - one for scaning (loop scan) and one for running tools or exploits
• send files
• change name, class, mode, BD_ADDR of local HCI devices
• save results in database
• form nice statistics (uniq devices by day/hour, vendors, services etc)
• test remote device for known vulnerabilities (see exploits for more details)
• test remote device for unknown vulnerabilities (see tools for more details)
• themes! you can customize it

What tools and exploits it consist of?

• Tools:
• atshell.c by Bastian Ballmann (modified attest.c by Marcel Holtmann)
• bccmd by Marcel Holtmann
• bdaddr.c by Marcel Holtmann
• bluetracker.py by smiley
• carwhisperer v0.2 by Martin Herfurt
• psm_scan and rfcomm_scan from bt_audit-0.1.1 by Collin R. Mulliner
• BSS (Bluetooth Stack Smasher) v0.8 by Pierre Betouin
• btftp v0.1 by Marcel Holtmann
• btobex v0.1 by Marcel Holtmann
• greenplaque v1.5 by digitalmunition.com
• L2CAP packetgenerator by Bastian Ballmann
• obex stress tests 0.1
• redfang v2.50 by Ollie Whitehouse
• ussp-push v0.10 by Davide Libenzi
• exploits/attacks:
• Bluebugger v0.1 by Martin J. Muench
• bluePIMp by Kevin Finisterre
• BlueZ hcidump v1.29 DoS PoC by Pierre Betouin
• helomoto by Adam Laurie
• hidattack v0.1 by Collin R. Mulliner
• Mode 3 abuse attack
• Nokia N70 l2cap packet DoS PoC Pierre Betouin
• opush abuse (prompts flood) DoS attack
• Sony-Ericsson reset display PoC by Pierre Betouin
• you can add your own tools by editing 'exploits/exploits.lst' and 'tools/tools.lst'

Requirements

• OS (tested with Debian 4.0 Etch / 2.6.18)
• python (python 2.4 http://www.python.org)
• wxPython (python-wxgtk2.6 http://www.wxpython.org)
• BlueZ (3.9/3.24) http://www.bluez.org
• Eterm to open tools somewhere, you can set another term in 'config/defaul.conf' changing the value of 'cmd_term' variable. (tested with 1.1 ver)
• pkg-config(0.21), 'tee' used in tools/showmaxlocaldevinfo.sh, openobex, obexftp
• libopenobex1 + libopenobex-dev (needed by ussp-push)
• libxml2, libxml2-dev (needed by btftp)
• libusb-dev (needed by bccmd)
• libreadline5-dev (needed by atshell.c)
• lightblue-0.3.3 (needed by obexstress.py)
• hardware: any bluez compatible bluetooth-device

Configuration

1. all configuration is in 'config' dir.
2. for using bluemaho propertly you need to build tools and exploits. check if you satisfy 'requirements' for bluemaho. then run 'build.sh'. if you see 'Building complete!' message, than all went OK. if not - try to play around requirements.
3. 'default.conf' is a default configuration file, you can edit it if you need to change some options, path to files and commands used by bluemaho, theme etc. by default you don't need to change it if you do all from 'requirements' chapter. but, please, view it, for example just for setting 'user_location' variable for defining you location, which will be used for tracking function.
4. 'themes' - directory with themes for bluemaho GUI. You can set path to default theme with 'theme' variable in 'default.conf'

Run and use

you can run BlueMaho typing in console 'bluemaho.py'. For verbose output in console (and redirecting std_err and std_out) run 'bluemaho.py -v'. it saves founded devices to 'bluemaho.log' by default, you can change it in 'config/defaul.conf'. enjoy! 

Download ::

Linux ::  BlueMaho.tgz

Tutorial ::

Text :: Bluetooth for Windows Remote Audio Eavesdropping

WirelessKeyView :: Tools

WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer by the 'Wireless Zero Configuration' service of Windows XP or by the 'WLAN AutoConfig' service of Windows Vista, Windows 7, Windows 8, and Windows Server 2008. It allows you to easily save all keys to text/html/xml file, or copy a single key to the clipboard. You can also export your wireless keys into a file and import these keys into another computer. 

System Requirement

• Windows XP with SP1 or greater.
• You must login to windows with admin user.

Using WirelessKeyView

WirelessKeyView doesn't require any installation process or additional DLL files. Just copy the executable file (WirelessKeyView.exe) to any folder you like, and run it.
After you run it, the main window should displayed all WEP/WPA keys stored in your computer by Windows 'Wireless Zero Configuration' service. For WEP keys, the key is also displayed in Ascii form. Be aware that this utility can only reveal the network keys stored by Windows operating system. It cannot recover network keys stored by any other third-party software.

Notice About WPA-PSK Keys

When you type a WPA-PSK key in Windows XP, the characters that you type are automatically converted into a new binary key that contains 32 bytes (64 Hexadecimal digits). This binary key cannot instantly be converted back to the original key that you typed, but you can still use it for connecting the wireless network exactly like the original key. In this case, WirelessKeyView displays this binary key in the Hex key column, but it doesn't display the original key that you typed.
As opposed to Windows XP, Windows Vista doesn't convert the WPA-PSK Key that you type into a new binary key, but it simply keep the original key that you type. So under Windows Vista, the original WPA-PSK key that you typed is displayed in the Ascii key column.

Registry/File Location of The Stored Keys

Windows XP and Windows Vista stores the wireless keys in completely different locations:

• Windows XP: The wireless keys are stored in the Registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WZCSVC\Parameters\Interfaces\[Interface Guid].
• Windows Vista: The wireless keys are stored in the file system, under c:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\[Interface Guid]. The encrypted keys are stored in .xml file.

Deleting Wireless Keys Of Old Network Adapters

Starting from version 1.15 of WirelessKeyView, you can delete wireless keys/passwords of old network adapters that are no longer plugged to your computer, by using the 'Delete Selected Items' option.
Be aware that this delete option only works for network adapters that are not active anymore. If your network adapter is active, use the standard user interface of Windows to delete the unwanted keys.

Export And Import Wireless Keys

Starting from version 1.50, you can select one or more wireless keys, export them into a text file by using the 'Export Selected Items' under the File menu, and then import these keys into another computer by using the 'Import Keys From Export File' option.

Before you start using this feature, you should be aware that there are some problems/limitations:

• The import feature only works on Windows XP with Service Pack 3 or later, including Windows 7, Windows 2008, and Windows Vista. You cannot use the import feature on Windows XP with Service Pack 1 or Service Pack 2. As opposed to the import feature, the export feature works on any system, including Windows XP with Service Pack 1 or Service Pack 2.
• The import feature on Windows XP/SP3 is very slow, and WirelessKeyView may temporary hang during the import process.
• The wireless keys stored inside the export file are not encrypted, so if you're concerned about the security of your network, you should keep this file in a place where unauthorized users cannot read it, or simply delete it after the import process is finished.
• The import feature only works with a text file created with the 'Export Selected Items' option. You cannot use the import feature with the files created by the 'Save Selected Items' option.
• Your wireless network adapter must be active when using the import feature. If you have a USB wireless adapter, you must plug it before you start the import process.
• If you have multiple wireless network adapters, a separated key entry will be added for each adapter.

Download ::

Windows :: WirelessKeyView 1.68

Official Website :: http://www.nirsoft.net/utils/wireless_key.html

LSASecretsDump :: Tools

LSASecretsDump is a small console application that extract the LSA secrets from the Registry, decrypt them, and dump them into the console window.
The LSA secrets key is located under HKEY_LOCAL_MACHINE\Security\Policy\Secrets and may contain your RAS/VPN passwords, Autologon password, and other system passwords/keys. 

Using LSASecretsDump

LSASecretsDump is a console application, so in order the view the output, you have to run it in console (Command-Prompt) window.
As with any console application, you dump the output into a file, for example:
LSASecretsDump.exe > c:\temp\lsa.txt 

System Requirement

This utility works on Windows 2000/XP/2003/2008/Vista/7. Windows 98/ME is not supported.

Download ::

Windows :: LSASecretsDump 1.21

Official Website :: http://www.nirsoft.net/utils/lsa_secrets_dump.html

WebBrowserPassView :: Tools

WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 10.0), Mozilla Firefox (All Versions), Google Chrome, Safari, and Opera. This tool can be used to recover your lost/forgotten password of any Website, including popular Web sites, like Facebook, Yahoo, Google, and GMail, as long as the password is stored by your Web Browser.

After retrieving your lost passwords, you can save them into text/html/csv/xml file, by using the 'Save Selected Items' option (Ctrl+S). 

System Requirements And Limitations

• This utility works on any version of Windows starting from Windows 2000, and up to Windows 8, including 64-bit systems. Older versions of Windows (Windows 98/ME) are not supported, because this utility is a Unicode application.
• Currently, WebBrowserPassView cannot retrieve the passwords if they are encrypted with a master password. Support for master password will probably be added in future versions.
• Currently, WebBrowserPassView cannot retrieve passwords from external hard-drive. Support for that might be added in future versions.
• On Internet Explorer 7.0-9.0, the passwords are encrypted with the URL of the Web site, so WebBrowserPassView uses the history file of Internet Explorer to decrypt the passwords. If you clear the history of Internet Explorer, WebBrowserPassView won't be able to decrypt the passwords.
• On Google Chrome - passwords originally imported from Internet Explorer 7.0-9.0, cannot be decrypted. 

Using WebBrowserPassView

WebBrowserPassView doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file - WebBrowserPassView.exe

After running it, the main window of WebBrowserPassView displays the list of all Web browser passwords found in your system. You can select one or more passwords and then copy the list to the clipboard (Ctrl+C) or export them into text/xml/html/csv file (Ctrl+S).

False Virus/Trojan Warning

WebBrowserPassView is a tool that retrieves secret passwords stored in your system, and thus your Antivirus may falsely detect this tool is infected with Trojan/Virus. Click here to read more about false alerts in Antivirus programs.

Download ::

Windows :: WebBrowserPassView 1.45

Official Website :: http://www.nirsoft.net/utils/web_browser_password.html

ChromePass (Chrome Password Recovery) :: Tools

ChromePass is a small password recovery tool that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry, the following information is displayed: Origin URL, Action URL, User Name Field, Password Field, User Name, Password, and Created Time.
You can select one or more items and then save them into text/html/xml file or copy them to the clipboard. 

Using ChromePass

ChromePass doesn't require any installation process or additional DLL files. In order to start using ChromePass, simply run the executable file - ChromePass.exe After running it, the main window will display all passwords that are currently stored in your Google Chrome browser.

Reading ChromePass passwords from external drive

Starting from version 1.05, you can also read the passwords stored by Chrome Web browser from an external profile in your current operating system or from another external drive (For example: from a dead system that cannot boot anymore). In order to use this feature, you must know the last logged-on password used for this profile, because the passwords are encrypted with the SHA hash of the log-on password, and without that hash, the passwords cannot be decrypted.
You can use this feature from the UI, by selecting the 'Advanced Options' in the File menu, or from command-line, by using /external parameter. The user profile path should be something like "C:\Documents and Settings\admin" in Windows XP/2003 or "C:\users\myuser" in Windows Vista/2008.

Download ::

Windows :: ChromePass 1.25

Official Website :: http://www.nirsoft.net/

PasswordFox (Firefox Password Recovery) :: Tools

PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename.

System Requirements

This utility works under Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows 7. Firefox should also be installed on your system in order to use this utility.

Known Problems

False Alert Problems: Some Antivirus programs detect PasswordFox utility as infected with Trojan/Virus. Click here to read more about false alerts in Antivirus programs 

Using PasswordFox

PasswordFox doesn't require any installation process or additional DLL files. However, Firefox browser must be installed on your computer in order allow PasswordFox to grab the passwords list.
In order to start using PasswordFox, simply run the executable file - PasswordFox.exe
After running it, the main window will display all your passwords list for the last profile that you used. If PasswordFox chose the wrong profile folder, you can use the 'Select Profile Folder' option to choose the right one. 

Download ::

Windows :: PasswordFox 1.36

Official Website :: http://www.nirsoft.net/

Skype Log Viewer :: Tools

SkypeLogView reads the log files created by Skype application, and displays the details of incoming/outgoing calls, chat messages, and file transfers made by the specified Skype account. You can select one or more items from the logs list, and then copy them to the clipboard, or export them into text/html/csv/xml file.

System Requirements

This utility works on any version of Windows starting from Windows 2000 and up to Windows 2008. You don't have to install Skype in order to use this utility. You only need the original log files created by skype, even if they are on an external drive. 

Download :: 

Windows ::  Skype Log Viewer

Vulture (Reverse Proxy and Web Application Firewall) :: Tools

Vulture is a Open Source Reverse Proxy / Web Application Firewall. Vulture is a Web-SSO solution based on technology reverse proxy implemented on a base Apache 2.2. Vulture also provides application firewall functionality and interfaces between Web applications and Internet to provide unified security and authentication.

Features ::

The authentication of users with many methods supported LDAP, SQL, text file, radius server, digital certificates ... Modular design allows you to add new authentication methods The spread of authentication on protected applications The encryption flow Filtering and rewriting content Some features to protect against injection attacks Load balancing .

Download ::

Windows :: Vulture 2.0.7

Comodo Firewall :: Tools

Comodo Firewall Pro introduces the next evolution in computer security: Default Deny Protection (DDP™). What is DDP? Most security programs maintain a list of known malware, and use that list to decide which applications and files shouldn't access a PC. The problem here is obvious. What if the list of malware is missing some entries, or isn't up to date?

Comodo Firewall is the best choice for users seeking a full featured security suite. This latest release is suitable for both lightly-skilled users (still must have knowledge of installed programs) and technically advanced users. Its robust and active HIPS (or application monitoring feature), called "Defense+", matches or exceeds the security performance of pay products. Comodo allows for much control and customization for the curious or the paranoid.

Comodo includes a "memory firewall" (against buffer overflow attacks) and a light sandbox component to limit the way unknown applications and new software installations affect your computer. The use of sandbox protection limits the negative effects of malware. It maintains a lengthy list of known safe applications, but if an unknown application attempts entry through the firewall, Comodo will deny the application and ask the user what to do. The new release contains user friendly features by default while allowing experienced users to maintain control over ports, protocols, and configurations.

DDP fixes this problem to ensure complete security. The firewall references a list of over two million known PC-friendly applications. If a file that is not on this safe-list knocks on your PC's door, the Firewall immediately alerts you to the possibility of attacking malware. All this occurs before the malware infects your computer. It's prevention-based security, the only way to keep PCs totally safe.

5 top secrets why Comodo Firewall is different

• No complex configuration issues—perfect for amateur users
• Quickly learns user behavior to deliver personalized protection
• User-friendly, attractive graphical interface
• Lots of configuration options let techies configure things just as they like
• DDP-based security keeps you informed and PCs safe

One of the first steps in securing a computer is downloading and activating a quality firewall to repel intruders. Only this free firewall software has access to Comodo's extensive safe-list of PC-friendly applications, a key component of Default Deny Protection™.

System Requirements:

Windows 7 / Vista / XP SP2 / Windows 8, 152 MB RAM / 400 MB space

Tutorial :: 

Download :: 

Windows :: Comodo Firewall

Patriot NG (Changes Detection in Windows or in Network) :: Tools

Patriot NG is a 'Host IDS' tool which allows real time monitoring of changes in Windows systems or Network attacks.

Patriot monitors:

• New files in 'Startup' directories
• Changes in Registry keys: Indicating whether any sensitive key (autorun, internet explorer settings...) is altered
• New Users in the System
• New Services installed
• Changes in the hosts file
• New scheduled jobs
• Alteration of the integrity of Internet Explorer: (New BHOs, configuration changes, new toolbars)
• Changes in ARP table (Prevention of MITM attacks)
• Installation of new Drivers
• New Netbios shares
• TCP/IP Defense (New open ports, new connections made by processes, PortScan detection...)
• Files in critical directories (New executables, new DLLs...)
• New hidden windows (cmd.exe / Internet Explorer using OLE objects)
• Netbios connections to the System
• ARP Watch (New hosts in your network)
• NIDS (Detect anomalous network traffic based on editable rules)

Download ::

Windows :: Patriot NG 2.01

Official Website ::

http://www.security-projects.com/

RadioGraPhy (Windows Forensics):: Tools

Radiography is a forensic tool which grabs as much information as possible from a Windows system.

Its checks:

• Registry keys related to startup process
• Registry keys with Internet Explorer settings
• System Accounts and properties
• Startup files
• System services
• Hosts file contents
• TaskScheduler tasks
• Loaded System Drivers
• NetBios Shares
• Hidden Windows
• System processes running (and their location if possible)
• Network information (Open connections, listening ports ...) 

It has also unique features:

-When it identifies a process (running or configured in registry keys, startup directories or task scheduler) it checks its hash with Team Cymru's MALWARE HASH REGISTRY service to identify potential threats

-RadioGraPhy does a process integrity test using 'WinUnhide' to catch hidden processes

-Dump a copy of Eventlog and grab a copy of the process binaries for later review 

RadioGraPhy is OpenSource (GPL License) and come with a CLI version and a graphic frontend (please have a look to Screenshots section)

 

Download ::  

Windows :: RadioGraPhy 2.0

Official Website :: 

http://www.security-projects.com/

SRDF - Security Research and Development Framework :: Framework

SRDF - Security Research and Development Framework is a free open source Development Framework created to support writing security tools and malware analysis tools. And to convert the security researches and ideas from the theoretical approach to the practical implementation.

This development framework created mainly to support the malware field to create malware analysis tools and anti-virus tools easily without reinventing the wheel and inspire the innovative minds to write their researches on this field and implement them using SRDF.

Introduction:

In the last several years, the malware black market grows widely. The statistics shows that the number of new viruses increased from 300,000 viruses to millions and millions nowadays.

The complexity of malware attacks also increased from small amateur viruses to stuxnet, duqu and flame.

The malware field is searching for new technologies and researches, searching for united community can withstand against these attacks. And that’s why SRDF

The SRDF is not and will not be developed by one person or a team. It will be developed by a big community tries to share their knowledge and tools inside this Framework

SRDF still not finished … and it will not be finished as it’s a community based framework developed by the contributors. We just begin the idea.

The SRDF is divided into 2 parts: User-Mode and Kernel-Mode. And we will describe each one in the next section.

The Features:

Before talking about SRDF Design and structure, I want to give you what you will gain from SRDF and what it could add to your project.

In User-Mode part, SRDF gives you many helpful tools … and they are:

• Assembler and Disassembler

• x86 Emulator

• Debugger

• PE Analyzer

• Process Analyzer (Loaded DLLs, Memory Maps … etc)

• MD5, SSDeep and Wildlist Scanner (YARA)

• API Hooker and Process Injection

• Backend Database, XML Serializer

• And many more

In the Kernel-Mode part, it tries to make it easy to write your own filter device driver (not with WDF and callbacks) and gives an easy, object oriented (as much as we can) development framework with these features:

• Object-oriented and easy to use development framework

• Easy IRP dispatching mechanism

• SSDT Hooker

• Layered Devices Filtering

• TDI Firewall

• File and Registry Manager

• Kernel Mode easy to use internet sockets

• Filesystem Filter

Still the Kernel-Mode in progress and many features will be added in the near future. 

Download :: 

Linux :: SRDF v1.0

Help & Official Website :: https://www.owasp.org/

USBDeviceForensics :: Tools

USBDeviceForensics is an application to extract numerous bits of information regarding USB devices. It uses the information from a SANS blog posting to retrieve operating system specific information. It now has the ability to process multiple NTUSER.dat registry hives in one go.

It should be noted that whilst the information in the blog posting is accurate, there is a caveat to be aware of. During my testing I have found that an unknown process can update the Date/Time values across all keys, in particular the USBSTOR keys. Therefore, you could see the same Last Written Date/Time value on each device key. If you see this occurring, then you obviously cannot rely on the values retrieved. All of the dates should be UTC.

It is possible to set a time zone offset by using the Time Zone window e.g. Tools->Time Zone menu item. The Install date time zone appears to be the local time zone.

Download ::

Windows :: USB Device Forensics 

OSForensics :: Tools

OSForensics provides one of the fastest and most powerful ways to locate files on a Windows computer. You can search by filename, size, creation and modified dates, and other criteria.Results are returned and made available in several different useful views. This includes the Timeline View which allows you to sift through the matches on a timeline, making evident the pattern of user activity on the machine. 

OSForensics allows you to identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data. OSForensics lets you extract forensic evidence from computers quickly with advanced file searching and indexing and enables this data to be managed effectively.

Features

Discover Forensic Evidence Faster

• Find files faster, search by filename, size and time
• Search within file contents using the Zoom search engine
• Search through email archives from Outlook, ThunderBird, Mozilla and more
• Recover and search deleted files
• Uncover recent activity of website vists, downloads and logins
• Collect detailed system information
• Password recovery from web browsers, decryption of office documents
• Discover and reveal hidden areas in your hard disk
• Browse Volume Shadow copies to see past versions of files

Identify Suspicious Files and Activity

• Verify and match files with MD5, SHA-1 and SHA-256 hashes
• Find misnamed files where the contents don't match their extension
• Create and compare drive signatures to identify differences
• Timeline viewer provides a visual representation of system activity over time
• File viewer that can display streams, hex, text, images and meta data
• Email viewer that can display messages directly from the archive
• Registry viewer to allow easy access to Windows registry hive files

Manage Your Digital Investigation

• Case management enables you to aggregate and organize results and case items
• HTML case reports provide a summary of all results and items you have associated with a case
• Rebuild RAID arrays from individual disk images
• OSForensics can be installed on a USB flash drive for more portability

System requirements

Windows XP SP2, Vista & Win 7
Windows Server 2000, 2003, 2008
32bit and 64bit support, (64bit recommended)
Minimum 1GB of RAM. (4GB+ recommended)
30MB of free disk space, or can be run from USB drive

Tutorials ::

Download :: 

Windows :: OSForensics 2.3.1 Beta

For More Videos :: Click Here  
Official Website :: http://www.osforensics.com/

Tortilla :: Tools

Tortilla is an open source tool that allows users to securely, anonymously, and transparently route all TCP/IP and DNS traffic through Tor, regardless of the client software, and without relying on VPNs or additional hardware or virtual machines.
Supported Operating Systems: The tool runs on 32 bit and 64 bit versions of Windows from XP and above.

Download :: 

Windows :: Tortilla 1.1.0
Official Website :: http://www.crowdstrike.com/

MagicRescue (File Carving) :: Tools

MagicRescue is a file carving utility it scans a block device for file types it knows how to recover and calls an external program to extract them. It looks at "magic bytes" in file contents, so it can be used both as an undelete utility and for recovering a corrupted drive or partition. As long as the file data is there, it will find it.

MagicRescue works on any file system, but on very fragmented file systems it can only recover the first chunk of each file. Practical experience (this program was not written for fun) shows, however, that chunks of 30-50MB are not uncommon.

Tutorial ::

Download ::

Linux :: MagicRescue 1.1.9

Xplico (Internet Traffic Capture) :: Tools

Xplico is extract from an internet traffic capture the applications data contained.  For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).
Xplico is released under the GNU General Public License and with some scripts under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported (CC BY-NC-SA 3.0) License. For more details see License.

Features

• Protocols supported: HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv6.
• Port Independent Protocol Identification (PIPI) for each application protocol;
• Multithreading;
• Output data and information in SQLite database or Mysql database and/or files;
• At each data reassembled by Xplico is associated a XML file that uniquely identifies the flows and the pcap containing the data reassembled;
• Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer -RAM, CPU, HD access time.
• TCP reassembly with ACK verification for any packet or soft ACK verification;
• Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server;
• No size limit on data entry or the number of files entrance (the only limit is HD size);
• IPv4 and IPv6 support;
• Modularity. Each Xplico component is modular. The input interface, the protocol decoder (Dissector) and the output interface (dispatcher) are all modules;
• The ability to easily create any kind of dispatcher with which to organize the data extracted in the most appropriate and useful to you.

Tutorial ::

Download ::

Ubuntu :: Download here
OR
sudo bash -c 'echo "deb http://repo.xplico.org/ $(lsb_release -s -c) main" >> /etc/apt/sources.list'
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 791C25CE
sudo apt-get update
sudo apt-get install xplico

Deafult Users ::
user: admin, xplico
password: xplico, xplico

Orion Browser Dumper (Browser History Dumper) :: Tools

Orion Browser Dumper is an advanced local browser history extractor (dumper), in less than few seconds (like for Browser Forensic Tool) it will extract the whole history content of most famous web browser, Actually Internet Explorer, Mozilla FireFox, Google Chrome, COMODO Dragon, Rockmelt and Opera. 

Orion Browser Dumper is a console application which means runs under a MS-DOS environment (No User Interface or UI). Console applications are very useful in case you want to make some sort of automatism or want to use a simple BATCH script to launch the dump process (from, say, a USB Device).We designed this tool to be very easy to understand for every user. It even simulates progress bars to show the progress of each browser scan. 

Tutorials ::

Download ::

Windows ::  Orion Browser Dumper  v1.0