ToolWar | Information Security (InfoSec) Tools: Auditor

FireEye Commando VM : Distribution

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUG0wWFAx6CM5Ug02umH4-Gc6HRmvdNUYizRu7qErUQoETWDi6nBqDxyH84E2hVlXWFsDVg3G3wT_7udATupj_wqUIRtOm37Jl6yBFvO6Bed8ykdD92751Aw067mQBmt2fRtP-fsn5CbK7/s1600/CVM+logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="commando vm fireeye" border="0" data-original-height="750" data-original-width="974" height="246" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUG0wWFAx6CM5Ug02umH4-Gc6HRmvdNUYizRu7qErUQoETWDi6nBqDxyH84E2hVlXWFsDVg3G3wT_7udATupj_wqUIRtOm37Jl6yBFvO6Bed8ykdD92751Aw067mQBmt2fRtP-fsn5CbK7/s320-rw/CVM+logo.png" title="commando vm fireeye" width="320" /></a></div>
<div style="text-align: justify;">
CommandoVM - a fully customized, Windows-based security <a href="http://www.toolwar.com/search/label/Distribution" target="_blank">distribution</a> for penetration testing and red teaming. </div>
<div style="text-align: justify;">
Penetration testers commonly use their own variants of Windows 
machines when assessing Active Directory environments. Commando VM was 
designed specifically to be the go-to platform for performing these 
internal penetration tests. The benefits of using a Windows machine 
include native support for Windows and Active Directory, using your VM 
as a staging area for C2 frameworks, browsing shares more easily (and 
interactively), and using tools such as PowerView and BloodHound without having to worry about placing output files on client assets.</div>
<div style="text-align: justify;">
Commando VM uses Boxstarter, Chocolatey, and MyGet packages
 to install all of the software, and delivers many tools and utilities 
to support penetration testing. This list includes more than 140 tools, 
including:</div>
<ul style="list-style-position: inside; text-align: justify;">
<li><a href="http://www.toolwar.com/2014/02/nmap-and-zenmap-network-discovery-and.html" target="_blank">Nmap</a></li>
<li><a href="http://www.toolwar.com/2013/09/wireshark-tools.html" target="_blank">Wireshark</a></li>
<li>Covenant</li>
<li>Python</li>
<li>Go</li>
<li>Remote Server Administration Tools</li>
<li><a href="http://www.toolwar.com/2013/09/sysinternals.html" target="_blank">Sysinternals</a></li>
<li>Mimikatz</li>
<li><a href="http://www.toolwar.com/2013/09/burp-suite-tools.html" target="_blank">Burp-Suite</a></li>
<li>x64dbg</li>
<li>Hashcat</li>
</ul>
<div style="text-align: justify;">
With such versatility, Commando VM aims to be the de facto <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows </a>machine for every penetration tester and red teamer. For the blue 
teamers reading this, don’t worry, we’ve got full blue team support as 
well! The versatile tool sets included in Commando VM provide blue teams
 with the tools necessary to audit their networks and improve their 
detection capabilities. With a library of offensive tools, it makes it 
easy for blue teams to keep up with offensive tooling and attack trends.</div>
<div style="text-align: justify;">
<br /></div>
<h4>
Requirements</h4>
<ul>
<li>Windows 7 Service Pack 1 or Windows 10</li>
<li>60 GB Hard Drive</li>
<li>2 GB RAM</li>
</ul>
<h3 style="text-align: justify;">
Installation Instruction: </h3>
<ol>
<li>Create and configure a new Windows Virtual Machine</li>
</ol>
<ul>
<li>Ensure VM is updated completely. You may have to check for updates, reboot, and check again until no more remain</li>
<li>Take a snapshot of your machine!</li>
<li>Download and copy <code>install.ps1</code> on your newly configured machine.</li>
<li>Open PowerShell as an Administrator</li>
<li>Enable script execution by running the following command:
<ul>
<li><code>Set-ExecutionPolicy Unrestricted</code></li>
</ul>
</li>
<li>Finally, execute the installer script as follows:
<ul>
<li><code>.\install.ps1</code></li>
<li>You can also pass your password as an argument: <code>.\install.ps1 -password <password></code></li>
</ul>
</li>
</ul>
<div style="text-align: justify;">
<b>Detailed Installation Instruction: </b><a href="https://github.com/fireeye/commando-vm" rel="nofollow" target="_blank">Click Here</a><b> </b></div>
<div style="text-align: justify;">
<b>Download: </b><a href="https://github.com/fireeye/commando-vm" rel="nofollow" target="_blank">Commando VM</a></div>
<div style="text-align: justify;">
<b>Official Website: </b><a href="https://www.fireeye.com/blog/threat-research/2019/03/commando-vm-windows-offensive-distribution.html" rel="nofollow" target="_blank">FireEye</a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>

FireEye Commando VM : Distribution

CommandoVM - a fully customized, Windows-based security distribution for penetration testing and red teaming. Penetration testers comm...

Echo Mirage 3.1 :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifvB-lq7ocGqBXR7di9weB76khloj25f-AdTfIHjMhY1mlB5EDYxX5kz5DJnyRjhDaI2IfKRsb65SReUbaFQn-CqfpIec1dx1biJwetM3rFPQHtE5dLix-SIWXUaIbKm9jlayP2-4whOkm/s1600/Echo+Mirage.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Download Echo Mirage" border="0" height="219" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifvB-lq7ocGqBXR7di9weB76khloj25f-AdTfIHjMhY1mlB5EDYxX5kz5DJnyRjhDaI2IfKRsb65SReUbaFQn-CqfpIec1dx1biJwetM3rFPQHtE5dLix-SIWXUaIbKm9jlayP2-4whOkm/s320-rw/Echo+Mirage.jpg" title="Echo Mirage 3.1 from ToolWar" width="320" /></a></div>
<div style="text-align: justify;">
<b>Echo Mirage</b> is a generic network proxy. It uses DLL injection and 
function hooking techniques to redirect network related function calls 
so that data transmitted and received by local applications can be 
observed and modified.<br /><br />Windows encryption and OpenSSL functions 
are also hooked so that plain text of data being sent and received over 
an encrypted session is also available.<br /><br />Traffic can be intercepted in real-time, or manipulated with regular expressions and action scripts.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Note: Echo Mirage is no longer available from author. Here is the archived copy of it. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>License: </b>Freeware<b> </b></div>
<div style="text-align: justify;">
<b>Download:: </b><a href="http://woodmann.com/collaborative/tools/images/Bin_Echo_Mirage_2014-1-11_17.28_EchoMirage-3.1.rar" rel="nofollow" target="_blank">Echo Mirage 3.1</a> (.exe) </div>
<div style="text-align: justify;">
<br /></div>

Echo Mirage 3.1 :: Tools

Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function call...

WAIDPS (Wireless Auditing and IDS/IPS) :: Tools

<div class="MsoNormal" style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP2brw15uNZM6cni3F7-EtWQHYhj-0aNTw7yRP5neqqvJNHGdMiVN1N_0W3-Viquk330eFmeUtUUvL8svfYNwbfTIeN9EHznj0wezjqVUp-xF_BlO8Gs1EjB_PoXg6gp8JdoTV0ztUiuyz/s1600/WAIDPS.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="281" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP2brw15uNZM6cni3F7-EtWQHYhj-0aNTw7yRP5neqqvJNHGdMiVN1N_0W3-Viquk330eFmeUtUUvL8svfYNwbfTIeN9EHznj0wezjqVUp-xF_BlO8Gs1EjB_PoXg6gp8JdoTV0ztUiuyz/s1600-rw/WAIDPS.png" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Arial;"><b>WAIDPS</b> (Wireless Auditing, Intrusion Detection and Prevention System) is an open source <b>wireless swissknife</b> written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> and work on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> environment. This is a multipurpose tools designed for audit (<a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a>) networks, detect wireless intrusion (WEP/WPA/WPS attacks) and also intrusion prevention (stopping station from associating to access point). Apart from these, it will harvest all <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">WiFi</a> information in the surrounding and store in databases. This will be useful when it comes to auditing a <a href="http://www.toolwar.com/search/label/Network" target="_blank">network </a>if the access point is ‘MAC filtered’ or ‘hidden SSID’ and there isn’t any existing client at that moment. </span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;"><b>WAIDPS</b> may be useful to penetration testers, <a href="http://www.toolwar.com/search/label/Wireless" target="_blank">wireless</a> trainers, law enforcement agencies and those who is interested to know more about wireless auditing and protection. The primarily purpose for this script is to detect intrusion. Once wireless detect is found, it display on screen and also log to file on the attack. Additional features are added to current script where previous WIDS does not have are :</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">automatically save the attack packets into a file</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">interactive mode where users are allow to perform many functions</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">allow user to analyse captured packets</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">load previously saved pcap file or any other pcap file to be examine</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">customizing filters</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">customize detection threshold (sensitivity of IDS in detection)</span></div>
<div class="MsoNormal" style="margin-left: 0.5in; text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">At present, <b>WAIDPS</b> is able to detect the following wireless attacks and will subsequently add other detection found in the previous WIDS.</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Association / Authentication flooding</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect mass deauthentication which may indicate a possible WPA attack for handshake </span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WEP attack using the ARP request replay method</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WEP attack using chopchop method</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WPS pin bruteforce attack by Reaver, Bully, etc.</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detection of Evil-Twin</span></div>
<div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detection of Rogue Access Point</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">The whole structure of the <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">Wireless Auditing</a>, <a href="http://www.toolwar.com/search/label/IDS" target="_blank">Intrusion Detection</a> & <a href="http://www.toolwar.com/search/label/IPS" target="_blank">Prevention System</a> will comprise of </span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Harvesting WiFi Information         [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Intrusion Detection                         [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Intrusion Prevention                       [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Auditing (Testing network)            [Done]</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">Other additional item include analyzing of packets, display of captured dump, display network barchart and much more.</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<b><span style="font-family: Arial;">Requirements</span></b></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">No special equipment is required to use this script as long as you have the following :</span></div>
<div class="MsoNormal" style="text-align: justify;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   1. Root access (admin)</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">2. Wireless interface which is capable of monitoring and injection</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">3. Python 2.7 installed </span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">4. <a href="http://www.toolwar.com/2013/09/aircrack-ng-12-beta.html" target="_blank">Aircrack-NG suite</a>installed</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">5. TShark installed</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">6 TCPDump installed</span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">7 Mergecap installed (for joining pcap files)</span></div>
<div style="text-align: justify;">
<span style="font-family: Arial;">   </span><span style="font-family: Arial;">8 xterm  installed</span></div>
<div style="text-align: justify;">
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<b><span style="font-weight: normal;"><span style="font-family: Arial;"><b>Structure of WAIDS’ Display :: </b></span></span></b></div>
<div class="MsoNormal">
<span style="font-family: Arial;">Before starting with the detail description of the whole application, WAIDPS display structures are separated in several parts. For better understanding, the structures are as below.</span></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<b><span style="font-family: Arial;">WiFi-Harvesting Module</span></b></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Collecting/Storing of Access Points/Stations details and the relationship with each other. [<b>Access Points / Wireless Clients Listing</b>]</span></div>
<span style="font-family: Arial;">- Displaying of unassociated station information and its probe </span></div>
<div style="text-align: justify;">
<span style="font-family: Arial;">[<b>Unassociated Stations</b>]</span> <br />
<div class="MsoNormal">
<span style="font-family: Arial;">- Allowing user to enter MAC addresses / Names to be monitored </span></div>
<div class="MsoNormal">
<span style="font-family: Arial;">[<b>Monitoring Panel</b>]</span></div>
<span style="font-family: Arial;">- Association of stations to access point, station switch from one access point to another, station acting as both a wireless client and access point, etc </span></div>
<div style="text-align: justify;">
<span style="font-family: Arial;">[<b>Association/Connection Alert</b>]</span> <br />
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<b><span style="font-family: Arial;">Intrusion Detection</span></b></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Capture/Analyzing of packets </span></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Displaying of Station/Access Point MAC addresses and detected suspicious data count [<b>Suspicious Activity Listing</b>]</span></div>
<div class="MsoNormal">
<span style="font-family: Arial;">- Displaying of analysed WEP/WPA/WPS attack pattern and its detail [<b>Attack Detected</b>]</span></div>
<div class="MsoNormal">
</div>
</div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Screenshots ::  </b><a href="http://syworks.blogspot.in/2014/04/waidps-wireless-auditing-intrusion.html" target="_blank">Click Here</a><br />
<b>Text & Image Tutorial :: </b><a href="http://syworks.blogspot.in/2014/04/waidps-wireless-auditing-intrusion.html" target="_blank">Click Here</a><br />
<b>Installation Tutorial::</b><br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/aGTQAWoeujA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<span id="goog_894600077"></span><span id="goog_894600078"></span>
</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>More Video Tutorials: </b> <a href="https://www.youtube.com/watch?v=s7kzQqOY3X0&index=2&list=PLrekpjW7JwW-T0CeXP8GwudtJmTJ6KZ8O" target="_blank">Click Here</a></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="https://github.com/SYWorks/waidps/archive/master.zip" target="_blank">WAIDPS</a><b> (.py)</b></div>
<div style="text-align: justify;">
<b>Source ::</b> <a href="https://github.com/SYWorks/waidps" target="_blank">https://github.com/SYWorks/waidps</a> </div>
<div style="text-align: justify;">
<b>Submitted By :: </b>SYChua</div>

WAIDPS (Wireless Auditing and IDS/IPS) :: Tools

WAIDPS (Wireless Auditing, Intrusion Detection and Prevention System) is an open source wireless swissknife written in Python and wo...

Daphne (Task Manager Replacement) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPk3IFMMVNghW3amCSO5HL1MSHkmgh9FFcm1fyXH5s8whXg9TR8FkRHaiOoD9loJg_0NKmceu7vjF_m41L8G0my5JXOjdLhGzlANuU-iBeHOQFICsDUmwp49IsgjtHJ5OTi30hdPcMR4zZ/s1600/dap3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Daphne Windows Tool" border="0" height="263" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPk3IFMMVNghW3amCSO5HL1MSHkmgh9FFcm1fyXH5s8whXg9TR8FkRHaiOoD9loJg_0NKmceu7vjF_m41L8G0my5JXOjdLhGzlANuU-iBeHOQFICsDUmwp49IsgjtHJ5OTi30hdPcMR4zZ/s1600-rw/dap3.png" title="Daphne Windows Tool" width="400" /></a></div>
</div>
<div style="text-align: justify;">
<b>Daphne</b> is a small (system tray) application for <b>killing, controlling and debugging Windows' processes.</b> It was born to kill a <a href="http://www.toolwar.com/search/label/Windows" target="_blank">windows</a> process and became almost a task manager replacement. You can kill a process by dragging the mouse over the windows, by right-clicking the process in the main process list, or by typing its name with the "Kill all by name" command. You can set a any window to be always on top, to be transparent, to be enable.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Features :: </div>
<ul style="text-align: justify;">
<li>Main window</li>
<ul>
<li>CPU and memory information</li>
<li>Comprehensive process list </li>
<li>Access to drag-and-drop tool</li>
</ul>
</ul>
<div style="text-align: justify;">
</div>
<ul style="text-align: justify;">
<li>Drag-and-drop tool (Drop tool over any window)</li>
<ul>
<li> Find the process which owns a given window</li>
<li>Find the window in the process windows tree</li>
<li>Kill the process which owns a given window</li>
<li>Hide window and remove application from task bar (application keeps running completely hidden, and can be restored later)</li>
<li>Set or remove always on top property</li>
<li>Set or remove transparency (alpha)</li>
<li>Enable or disable window or control</li>
<li>Change window size using numbers (ie 640x480)</li>
<li>Save window position and size and restore when the process is started</li>
</ul>
</ul>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
</div>
<ul style="text-align: justify;">
<li> Process list</li>
<ul>
<li> Including CPU usage, PID, full path and arguments, owner, class (process or service), memory and swap usage, I/O count.</li>
<li>Item highlighting with colors for custom, system and high CPU-consumption processes.<br />
Sortable by any column</li>
<li>Quick search-as-you-type find by process name when sorted by Process column</li>
<li>Customizable column position and width</li>
</ul>
</ul>
<div style="text-align: justify;">
</div>
<ul style="text-align: justify;">
<li> Contextual menu allows for:<br />
<ul>
<li>Kill the process or ask it to finish execution</li>
<li>Schedule process kill for later</li>
<li>Set focus</li>
<li>Set or remove always on top</li>
<li>Create a trap</li>
<li>Change processor affinity mask and optionally trap this configuration</li>
<li>Change process priority</li>
<li>Handle service (start, stop, pause and continue)</li>
<li>Copy process name, PID or path to clipboard</li>
<li>Open containing folder</li>
<li>Look for or submit to DRK process database.</li>
<li>Access to process properties window</li>
</ul>
 </li>
<li>Process properties window<br />
<ul>
<li>Full command line</li>
<li>Parent process and user</li>
<li>Startup timestamp</li>
<li>Kernel and user time</li>
<li>Show and handle minimum and maximum working set size</li>
</ul>
 </li>
<li>Windows tree allows for:<br />
<ul>
<li>Set focus</li>
<li>Show or hide window or application</li>
<li>Handle always on top</li>
<li>Make window resizable</li>
<li>Turn caption on and off</li>
<li>Send a window message (ie. WM_ACTIVATE) with lParam and wParam values</li>
<li>Thread list with priority and CPU time</li>
<li>Loaded modules</li>
<li>Environment variables</li>
<li>I/O information</li>
</ul>
 </li>
<li>Daphne main menu (accesible from tray icon too)<br />
<ul>
<li>Run process as other user</li>
<li>Close windows by matching title</li>
<li>Schedule popup message</li>
<li>Schedule system shutdown</li>
<li>Access CPU usage graph</li>
<li>Open process hierarchy tree</li>
<li>Installed software list for inspecting installed software available in tray icon menu. Installed software</li>
<li>Control inspector window for revealing hidden passwords and other control information</li>
<li>Hidden applications and scheduled tasks list</li>
<li>Copy process list to clipboard</li>
<li>Windows 7 God Mode and Problem steps recorder</li>
<li>Kill all process by matching name </li>
</ul>
 </li>
<li>Traps<br />
<ul>
<li>Apply to any process, when its startup is detected.</li>
<li>Notify process has been created</li>
<li>Kill it</li>
<li>Hide the application</li>
<li>Set always on top on/off</li>
<li>Set transparency (alpha)</li>
<li>Set desired priority</li>
<li>Notify process destroyed/exited</li>
<li>Set process affinity mask</li>
<li>Keep windows position and size</li>
</ul>
 </li>
<li>Kill menu: </li>
<ul>
<li>User-defined menu items. </li>
<li>Every item has a process list and kill them when activated</li>
<li>Four user-defined command lines to be executed if Ctrl-Shift-F1 to F4 combination is pressed. Works globally.</li>
<li>Windows explorer contextual menu integration for files and folders</li>
<li>Copy name of full path to clipboard</li>
<li>Copy folder file listing to clipboard</li>
<li>Open command line (CMD) in folder</li>
<li>Check which process has a file opened</li>
<li>Google folder or file name</li>
</ul>
</ul>
<div style="text-align: justify;">
Optional global and customizable activation shortcut for showing <b>Daphne</b>  main window. Tool for creating log file od every started and stopped  process and applied traps. You can make configuration portable using INI file instead of <a href="http://www.toolwar.com/search/label/Registry" target="_blank">registry</a> base configuration. </div>
<ul>
<li>Take care: </li>
<ul>
<li>process names may be eclipsed by <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malicious</a> software.</li>
<li>Command line tool for accesing process list, and kill process by name or kill menu item</li>
</ul>
</ul>
<div style="text-align: justify;">
Internationalization:  Spanish, Italian, German, French, Chinese, Swedish, Valencian, Polish,  Russian, Portuguese, Japanese, Arabic and Greek support.</div>
<div style="text-align: justify;">
<br />
Enhanced (experimental) multidesktop feature: use up to four windows desktops using WindowsKey + F5 to F8. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Video Tutorials :: </b><a href="http://www.drk.com.ar/daphne.php" target="_blank">Click Here </a></div>
<h3 style="text-align: justify;">
</h3>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Windows :: </b><a href="http://www.drk.com.ar/daphne/Daphne_setup_x86.msi" target="_blank">Daphne-x86</a> (.msi) | <a href="http://www.drk.com.ar/daphne/Daphne_setup_x64.msi" target="_blank">Daphne-x64</a> (.msi)<b></b></div>
<div style="text-align: justify;">
<b>Source Code :: </b><a href="http://www.drk.com.ar/daphne/Daphne-src.7z" target="_blank">Daphne Source Code</a> (.7z) <b>Official Website :: </b><a href="http://www.drk.com.ar/daphne.php">http://www.drk.com.ar/daphne.php</a><b> Submitted By ::</b> Leandro Fernández</div>

Daphne (Task Manager Replacement) :: Tools

Daphne is a small (system tray) application for killing, controlling and debugging Windows' processes. It was born to kill a wind...

Shellter (Dynamic Shellcode Injection) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="Shellter Tool Image" border="0" height="361" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoCFTJcSTQINV_sfK7AZLw_70-JcIoAkc47RndYmYREK6nCYviWJX0NHZWC8v57DqpRcode3mTmcXkovY1gp7aZNEH08v3-Wcd-bg13_CPfeQuMQt7Fq7GftMh4LemIyth1rYp_V2KlFPS/s1600-rw/Shellter+Image.JPG" title="Shellter Tool Image" width="640" /></div>
<div style="text-align: justify;">
<b>Shellter</b> is a <b>dynamic shellcode injection tool</b>, and probably the first dynamic PE infector ever created. It can be used in order to inject shellcode into native <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> applications (currently 32-bit apps only). The shellcode can be something yours or something generated through a <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a>, such as Metasploit.</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>Shellter </b>takes advantage of the original structure of the PE file and
 doesn’t apply any modification such as changing <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> access 
permissions in sections, adding an extra section with RWE access,and 
whatever would look dodgy under an AV scan.</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>Shellter</b> uses a unique dynamic approach which is based on the execution flow of the target application.</div>
<div style="text-align: justify;">
<b>Shellter</b> uses a unique dynamic approach which is based on the execution flow of
the target application. This means that no static/predefined locations are used
for shellcode injection. <b>Shellter </b>will launch and trace the target, while at the
same time will log the execution flow of the application.
</div>
<div style="text-align: justify;">
<b>Shellter</b> traces the entire execution flow that occurs in userland. That means,
code inside the target application itself (PE image), and code outside of it
that might be in a system dll or on a heap, etc. This happens in order to ensure
that functions actually belonging to the target executable, but are only used as
callback functions for Windows APIs will not be missed.

However, the tracing engine will not log any instructions that are not in the
memory range of the PE image of the target application, since these cannot be
used as a reference to permanently inject the shellcode.</div>
<div style="text-align: justify;">
<b>Why Need :: </b>Executables created through <a href="http://www.toolwar.com/2013/09/metasploit-framework.html" target="_blank">Metasploit</a> are most likely detected by most AV
vendors. By using Shellter, you automatically have an infinitely polymorphic
executable template, since you can use any 32-bit 'standalone' native Windows
executable to host your shellcode. By 'standalone' means an executable that 
doesn't need any proprietary DLLs, apart from the system DLLs to load and run.
For example, notepad.exe, and many other applications you can find online, or 
create by yourself as your own custom templates.

You can also use applications that make use of proprietary DLLs if those are
not required to create the process in the first place, and are normally loaded
later on if needed to execute code for a specific task. In case you select an
application that needs one or more proprietary DLLs to create the process in the
first place then you will have to include them in the same directory from where
you load the main executable. However, this is not recommended since it is more
convenient to have just a single executable to upload to the target. </div>
<h3>
Tutorials ::</h3>
<b>System Requirement ::</b> Windows XP SP3 (x32/x64) or Higher <br />
<b>Full Description :: </b><a href="https://www.shellterproject.com/Downloads/Shellter/Readme.txt" target="_blank">Click Here</a><br />
<b>Video Tutorial :: </b><a href="https://www.youtube.com/watch?v=91QmSy-dUEA" target="_blank">Click Here</a><br />
<h3>
Download ::</h3>
<div style="text-align: justify;">
<b>Windows :: </b><a href="https://www.shellterproject.com/Downloads/Shellter/Old/Shellter_v1.0.rar" target="_blank">Shellter v1.0 </a>(.rar)<b><br /></b></div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="https://www.shellterproject.com/introducing-shellter/">https://www.shellterproject.com/introducing-shellter/</a></div>

Shellter (Dynamic Shellcode Injection) :: Tools

Shellter is a dynamic shellcode injection tool , and probably the first dynamic PE infector ever created. It can be used in order to inj...

XVI32 (Hex Editor) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfKbk21vbvXwrLz_cmg0bxQMruPCPz2nvYnXxCk0sGxdW_whra8hYD4-XctyMjpvphrhLmUTc5-BXdHG-0e4EvoZxnwCbNAiK9EGQ3-83G9vab2BkutNSQZnQsPXFbnxtipbJvB2WVb9Rw/s1600/XVI32+Hex+Editor+Screenshot.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="XVI32 Hex Editor Screenshot" border="0" height="265" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfKbk21vbvXwrLz_cmg0bxQMruPCPz2nvYnXxCk0sGxdW_whra8hYD4-XctyMjpvphrhLmUTc5-BXdHG-0e4EvoZxnwCbNAiK9EGQ3-83G9vab2BkutNSQZnQsPXFbnxtipbJvB2WVb9Rw/s1600-rw/XVI32+Hex+Editor+Screenshot.gif" title="XVI32 Hex Editor Screenshot" width="400" /></a></div>
</div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;"><b>XVI32</b> is a freeware hex editor running under <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> 9x/NT/2000/XP/Vista/7.
The name <b>XVI32</b> is derived from <i>XVI</i>, the roman notation for the number 16.
XVI32 and all of its components are developed by myself.
</span></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;">The current release 2.55 is available since June 26, 2012. It comes with a complete online 
help and requires only 1.02 MB of hard disk space. There is no setup program needed - 
just unzip the downloaded archive to your hard disk! <b>XVI32</b> doesn't write any data to your registry. </span></span></div>
<h2 style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;">Features</span></span></h2>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;">
<b>XVI32</b> has the following main features. Especially note the <b>highlighted</b> advantages of XVI32.
</span></span></div>
<ul style="text-align: justify;">
<li><span style="font-family: inherit;"><span style="font-size: small;">XVI32 is a <b>portable application</b>, i.e. no setup program is needed, you can run <b>XVI32</b> from your <a href="http://www.toolwar.com/search/label/USB" target="_blank">USB</a> stick, no data is written to the registry 
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;"><b>data inspector</b> to view decoded numbers (see screen shot; can be turned off).
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Has <b>built-in script interpreter</b>.
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;"><b>Easily works with huge files.</b> Try to open a 60 MB sized text file with some other hex editor 
        (not to speak about Wordpad), then use XVI32... If you don't have such a huge text file, use my <a href="http://www.toolwar.com/search/label/Tools" target="_blank">freeware        tool</a> RndFile to create one
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;"><b>XVI32</b> allows to edit files <b>up to 2 GB</b> (enough virtual memory provided, of course)
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">For your convenience, <b>XVI32 stores settings</b> and last used search strings etc. in XVI32.INI file
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;"><b>Progress indication in percent</b> for most operations
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">You can <b>abort nearly all operations</b> (reading/writing files, search, replace, print...)
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Display of both text (ASCII/ANSI) and hexadecimal representation
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;"><b>Two synchronous cursors</b> in text and hex area
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Fully resizeable window (change number of rows and columns)
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Font and font size adjustable
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Overwrite or <b>insert</b> characters
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Insert text or hex string <b>n times</b></span></span>
        
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Switch byte offset (address) of first byte between <b>0 or 1</b> to examine also record structure of plain text files
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;"><b>Search text or hex string</b>, e.g. find "this text" or find "0D 0A"
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;"><b>Simplified search for Unicode Latin (UTF-16) strings</b></span></span>
        
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;"><b>Search optionally with joker (wildcard) char</b> that will match any character, e.g. find "A.C" or "00 2E 2E 00" where "." = "2E" (user-defined) stands for any character
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Fast searching algorithm <b>(Quicksearch)</b> for <b>both</b> search directions (down/up)
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;"><b>Count</b> occurences of text or hex string
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;"><b>Replace</b> text or hex string, e.g. replace "0D 0A" by "0A" or replace "0D 0A" by text "EOL"
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;"><b>Extremely fast "replace all"</b> mode (if needed, additional memory is allocated <i>beforehead</i>,
            not at every single replacing operation)
    </span></span></li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Menu item <b><i>Shredder data</i></b> to overwrite all bytes of a file with binary zeroes
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;"><b>Auto-fill</b> feature to copy bytes from current address into input field for hex string using right arrow key
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;"><b>Character conversion using self-defined character table</b></span></span>
        
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Easy <b>converting of text to hex string</b> in dialogs (e.g. "abc" -> "61 62 63")
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;"><b>Decoding and encoding of 1, 2, 4, and 8 byte integers or 4/8 byte floats</b> in 2 possible byte orders
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;"><b>Bit manipulation</b> (view or set bits)
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Open file in <b>Read Only Mode</b> (e.g. if opened by another application or to avoid unintentional modifications)
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;"><b>Insert file contents</b> into file
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;"><b>Write block to file</b></span></span>
        
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Copy, move or delete block
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Clipboard support
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Goto address <b>(absolute or relative up/down)</b></span></span>
        
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Up to <b>9 named bookmarks</b></span></span>
        
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Enter jump width and jump up/down <b>(useful for files with fixed record length)</b></span></span>
        
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;"><b>Patch BORLAND PASCAL 7.0 EXE files</b> for execution on processors > 200 MHz
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;"><b>Printing with preview</b> or print to file
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Simplified search for Unicode Latin (UTF-16) strings
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Command "Reload" to open current file again
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">Easily access most recently used files
        </span></span>
    </li>
<li><span style="font-family: inherit;"><span style="font-size: small;">And last, but not least: <b>XVI32 is free!</b></span></span>
        
</li>
</ul>
<h3 style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;">Tutorials ::</span></span></h3>
<div style="text-align: justify;">
<span style="font-size: small;">
<span style="font-weight: normal;"><b>Installation :: </b></span></span></div>
<h3 style="text-align: justify;">
<span style="font-size: small;"><span style="font-weight: normal;">You don't need to execute a setup programm writing obscure data to 
your registry or updating DLLs in your Windows system folder. Simply
proceed as follows:

</span><ol>
<li><span style="font-weight: normal;">Create a directory on your hard disk, e.g. C:\Program Files\XVI32</span>
  </li>
<li><span style="font-weight: normal;">Unzip the downloaded archive xvi32.zip completely into this directory</span>
  </li>
<li><span style="font-weight: normal;">Run XVI32.EXE </span>
</li>
</ol>
</span></h3>
<span style="font-size: small;"><b>Screenshots :: </b><a href="http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm#screenshots" target="_blank">Click Here</a> </span><br />
<b>Video Tutorials ::</b> <a href="https://www.youtube.com/watch?v=MLRayJkJUCQ" target="_blank">Click Here</a><br />
<h3 style="text-align: justify;">
<span style="font-size: small;">Download ::</span></h3>
<div style="text-align: justify;">
<span style="font-family: inherit;"><b><span style="font-size: small;">Windows :: </span></b><span style="font-size: small;"><a href="http://www.handshake.de/user/chmaas/delphi/download/xvi32.zip" target="_blank">XVI32</a> (.zip)</span></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;"><b>Official Website :: </b><a href="http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm">http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm</a></span></span></div>

XVI32 (Hex Editor) :: Tools

XVI32 is a freeware hex editor running under Windows 9x/NT/2000/XP/Vista/7. The name XVI32 is derived from XVI , the roman notation ...

Nipper Studio (Network Security Audit for Firewall, Switches and Router) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjog3YqJ3FIoxb_rLEWgJPXiIWYhWS7Ihd2IOrLYGhAqOaRm7ioEB6gatr6PgzNw7OJf7ol2pC-Z9-TVfpQewGb_ryDyAt_h2uNqzrlhRtW194rN4xFfH7jYM3ivYb0TPmgsj7rIChoKIYR/s1600/Nipper+Home+Report+2.2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="nipper tutorial" border="0" height="333" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjog3YqJ3FIoxb_rLEWgJPXiIWYhWS7Ihd2IOrLYGhAqOaRm7ioEB6gatr6PgzNw7OJf7ol2pC-Z9-TVfpQewGb_ryDyAt_h2uNqzrlhRtW194rN4xFfH7jYM3ivYb0TPmgsj7rIChoKIYR/s1600-rw/Nipper+Home+Report+2.2.jpg" title="nipper tutorial" width="400" /></a></div>
<div style="text-align: justify;">
<b>Nipper (short for Network Infrastructure Parser, previously known as 
CiscoParse)</b> audits the security of network devices such as switches, 
routers, and firewalls.  It works by parsing and analyzing device 
configuration file which the <b>Nipper</b> user must supply.  This was an open 
source tool until its developer (Titania) released a commercial version 
and tried to hide their old GPL releases. During a <b>network audit Nipper Studio</b> processes the devices’ native configurations and enables you to create a variety of different audit reports. By using traditional methodology for your <a href="http://www.toolwar.com/search/label/Network" target="_blank">network audit</a>, such as manual <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">Penetration Testing</a>, Agent-based software and <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">Network Scanners</a>, you could experience various drawbacks, which does not affect Nipper Studio <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> audit software:<br />
<ul>
<li>Network scanners send huge numbers of network probes to a device and can impact performance. Only exposed vulnerabilities are identified, potentially missing many issues.</li>
<li>Agent-based audit software requires software to be installed on the devices during the network audit. This is not possible for all devices and can introduce additional security vulnerabilities.</li>
<li>Manual Penetration Tests examine individual <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> devices in detail. However this is slow, expensive and results in point in time audits of only a sample of devices.</li>
<li>Flatten the <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability assessment</a> process and reduce human error by automatically producing an instant, device specific configuration report, readable by non-technical experts.  </li>
<li>Achieve significant cost savings by automating a detailed configuration vulnerability analysis, typically provided by costly external Penetration Testing. </li>
<li>Improve the productivity and scope of the network audit by quickly performing a thorough vulnerability assessment of multiple complex network devices, providing a detailed security audit report, unachievable with vulnerability scanning technologies. </li>
<li>Stay secure as our security audit software requires no additional services on the device or agents to be installed and can audit the network devices without connecting or scanning them</li>
</ul>
<h3>
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/wUtAmowwVD8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
 </h3>
<h3>
Download ::</h3>
<b>Windows | Linux | Mac :: </b>
<b> </b><br />
<b>Buy :: </b><a href="https://www.titania.com/shop" target="_blank">Click Here</a><b> </b>
<b> </b><br />
<b>Evaluate Copy :: </b><a href="https://www.titania.com/evaluate" target="_blank">Click Here</a><b>  </b>
<b> </b><br />
<b>Official Website :: </b><a href="https://www.titania.com/nipperstudio" target="_blank">https://www.titania.com/nipperstudio </a></div>

Nipper Studio (Network Security Audit for Firewall, Switches and Router) :: Tools

Nipper (short for Network Infrastructure Parser, previously known as CiscoParse) audits the security of network devices such as switche...

Argus (Auditing Network Activity) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="Argus Logo" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhB9EePKFj7bOOAmUlulpXxUps3bKmylywSIIPNjOKR95TlmXfzBpotmDPvTpombemgv5gs8g-qGAFLcjAB8y7S0iSCjatcaY9LTAFt-OoP0EOMiONWPCNZ_119wIkga4ZTRn1ILz9jhpfa/s1600-rw/ArgusOptimizationCycle.gif" title="Argus Logo" /></div>
<div style="text-align: justify;">
<b>Argus</b> is a fixed-model Real Time Flow <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">Monitor</a> designed to track and 
report on the status and performance of all network transactions seen in
 a data <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> traffic stream. Argus provides a common data format for 
reporting flow metrics such as connectivity, capacity, demand, loss, 
delay, and jitter on a per transaction basis. The record format that 
Argus uses is flexible and extensible, supporting generic flow 
identifiers and metrics, as well as application/protocol specific 
information.</div>
<div style="text-align: justify;">
<br /></div>
<div class="plaintext" style="text-align: justify;">
 <b>Argus </b>is composed of an advanced comprehensive 
network flow data generator, the<b> Argus</b> sensor, which processes packets 
(either capture files or live <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packet</a> data) and generates detailed 
network flow status reports of all the flows  in the packet stream.  
Argus  captures much of the packet dynamics and semantics of each
                             flow,  with a great deal of data reduction,
 so you can store, process, inspect and <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analyze</a> large amounts of network
 data
                             efficiently. <b>Argus</b> provides reachability, 
availability, connectivity, duration, rate, load, good-put, loss,
                             jitter, retransmission, and delay metrics 
for all network flows, and captures most attributes that are available 
from the
                             packet contents, such as L2 addresses, 
tunnel identifiers (MPLS, GRE, ESP, etc...), <a href="http://www.toolwar.com/search/label/IDS" target="_blank">protocol ids</a>, SAP's, 
hop-count, options,
                             L4 transport identification (RTP, RTCP 
detection), host flow control indications, etc...</div>
<div class="plaintext" style="text-align: justify;">
<br /></div>
<div class="plaintext" style="text-align: justify;">
Argus is used by many sites to generate 
network activity reports for every network transaction on their  
networks. The network audit data that <b>Argus</b> generates is great for 
<a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a>, operations and performance management. The data is used for 
network forensics, non-repudiation,
                             network asset and service inventory,  
behavioral baselining of server and client relationships, detecting 
covert channels, and analyzing Zero day events.</div>
<div class="plaintext" style="text-align: justify;">
<br /></div>
<div class="plaintext" style="text-align: justify;">
Argus is an Open Source project, currently 
running on <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X,</a> <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, 
IRIX, <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (under Cygwin) 
                             and OpenWrt, and has been ported to many 
hardware accelerated platforms, such as Bivio, Pluribus, Arista, and 
Tilera. The software should be portable to many other
                             environments  with littleor no 
modifications. Performance is such that auditing an entire enterprise's 
Internet activity
                             can be accomplished using modest computing 
resources.</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>How To :: </b><a href="http://www.qosient.com/argus/howto.shtml" target="_blank">Click Here</a><b><br /></b></div>
<b>Wiki :: </b><a href="http://nsmwiki.org/index.php?title=Argus" target="_blank">Click Here</a><br />
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Windows | Mac | Linux ::  </b><a href="http://qosient.com/argus/src/argus-3.0.6.1.tar.gz" target="_blank">Argus v3.0.6.1</a><b> | </b><a href="http://qosient.com/argus/src/argus-clients-3.0.6.2.tar.gz" target="_blank">Argus v3.0.6.1 Client</a><b> </b></div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://www.qosient.com/argus/">http://www.qosient.com/argus/</a><b><br /></b></div>
<div style="text-align: justify;">
<br /></div>

Argus (Auditing Network Activity) :: Tools

Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions s...

GoLismero (The Web Knife) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJYxDNAmrpLOxGHjpb6huddkmpfTYX3pDCUkzAP5ZvTN4YHVhKeSoNVz0mP3edsRRLaggj3y4jcannl6jCd928BDdVuz0XMqsJrc4uaybV2Vo1azKfWDoSHkN3sWgH2iEF7wp3DJ79MdTj/s1600/Golismero+WIndows+Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Golismero " border="0" height="380" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJYxDNAmrpLOxGHjpb6huddkmpfTYX3pDCUkzAP5ZvTN4YHVhKeSoNVz0mP3edsRRLaggj3y4jcannl6jCd928BDdVuz0XMqsJrc4uaybV2Vo1azKfWDoSHkN3sWgH2iEF7wp3DJ79MdTj/s1600-rw/Golismero+WIndows+Screenshot.png" title="Golismero " width="640" /></a></div>
<div style="text-align: justify;">
<b>GoLismero</b> is an open source framework for <a href="http://www.toolwar.com/search/label/Security" target="_blank"><b>security testing</b></a>. It's 
currently geared towards <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> security, but it can easily be expanded to 
other kinds of scans.</div>
<div style="text-align: justify;">
The most interesting features of the <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> are:</div>
<ul style="text-align: justify;">
<li>Real platform independence. Tested on <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, *BSD and <a href="http://www.toolwar.com/search/label/Mac" target="_blank">OS X</a>.</li>
<li>No native library dependencies. All of the framework has been written in pure Python.</li>
<li>Good performance when compared with other frameworks written in Python and other scripting languages.</li>
<li>Very easy to use.</li>
<li>Plugin development is extremely simple.</li>
<li>The framework also collects and unifies the results of well known tools: <a href="http://www.toolwar.com/2013/09/sqlmap-tools.html" target="_blank">sqlmap</a>, xsser, <a href="http://www.toolwar.com/2013/09/openvas-is-advanced-open-source.html" target="_blank">openvas</a>, <a href="http://www.toolwar.com/2013/10/dnsrecon-tools.html" target="_blank">dnsrecon</a>, <a href="http://www.toolwar.com/2013/09/theharvester-tools.html" target="_blank">theharvester</a>...</li>
<li>Integration with standards: CWE, CVE and OWASP.</li>
<li>Designed for cluster deployment in mind (not available yet).</li>
</ul>
<h3>
Tutorials ::</h3>
<b>Installation :: </b> <br />
Strictly speaking, GoLismero doesn't require installation - only its 
dependencies do. So if you want to use it on a system where you don't 
have root privileges, you can ask the system administrator to install 
them for you, and just run the "git checkout" command on your home 
folder.<br />
<b>Briefly Tutorial of Installation :: </b> <a href="https://github.com/golismero/golismero">Click Here</a><br />
<b>Basic Usages ::</b> <a href="https://github.com/golismero/golismero" target="_blank">Click Here</a><br />
<h3>
Download ::</h3>
<b>Linux | Mac | Windows :: </b><a href="https://github.com/golismero/golismero/archive/master.zip" target="_blank">GoLismero Archive</a> (.zip)<b> </b><br />
<b>Official Website :: </b><a href="https://github.com/golismero/golismero" target="_blank">https://github.com/golismero/golismero</a>

GoLismero (The Web Knife) :: Framework

GoLismero is an open source framework for security testing . It's currently geared towards web security, but it can easily be expa...

Fragroute :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ7jo1_vjG2XgLQxevu8HSHLP5HXWK9U13ZtsPZ-8BjIWb42nfMZoi3lZP38PUekGaUY_b7EUj2OB5KGIYr97sJmVvd8ToD6esQTAUUuliELCScxrLNogl82uw6gc38sPZXclTroqB0vzd/s1600/fragroute.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="fragroute screenshot" border="0" height="235" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ7jo1_vjG2XgLQxevu8HSHLP5HXWK9U13ZtsPZ-8BjIWb42nfMZoi3lZP38PUekGaUY_b7EUj2OB5KGIYr97sJmVvd8ToD6esQTAUUuliELCScxrLNogl82uw6gc38sPZXclTroqB0vzd/s1600-rw/fragroute.JPG" title="fragroute screenshot" width="400" /></a></div>
<div style="text-align: justify;">
<b>Fragroute</b> intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998. </div>
<div style="text-align: justify;">
It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. </div>
<div style="text-align: justify;">
This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour.  Please do not abuse this software. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<b> Required libraries ::</b> <br />
<ul>
<li>libdnet </li>
<li>libpcap </li>
<li>libevent (for non-Windows platforms) </li>
</ul>
<div style="text-align: justify;">
<b>Installation :: </b><a href="http://www.monkey.org/~dugsong/fragroute/INSTALL" target="_blank">Click Here</a></div>
<div style="text-align: justify;">
<b>ManPage :: </b><a href="http://www.monkey.org/~dugsong/fragroute/fragroute.8.txt" target="_blank">Click Here</a><br />
<b>Video Tutorial :: </b> </div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/k7viy_NN8f4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://www.monkey.org/~dugsong/fragroute/fragroute-1.2.tar.gz" target="_blank">Fragroute v1.2</a> (.tar.gz)</div>
<div style="text-align: justify;">
<b>Official Website :: </b> <a href="http://www.monkey.org/~dugsong/fragroute/">http://www.monkey.org/~dugsong/fragroute/</a></div>

Fragroute :: Tools

Fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in...

DLL Hijack Auditor (Audit DLL Hijacking Vulnerability) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOMHBbtHY3M6lvqsdBgjSk97gxPEL_jkS-pkAh5TEJuqCY9FzYDNWnoURsXelk8hGovQ8lYwslQO2KHcGTN-_ojdmJ42ufcLJfz-U3TZ9vZzCfTJ7HrP4jFfCwaVRaSa2v93a91_Jkh7zO/s1600/dllhijackauditor_screenshot1_main_small.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="dllhijackauditor" border="0" height="303" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOMHBbtHY3M6lvqsdBgjSk97gxPEL_jkS-pkAh5TEJuqCY9FzYDNWnoURsXelk8hGovQ8lYwslQO2KHcGTN-_ojdmJ42ufcLJfz-U3TZ9vZzCfTJ7HrP4jFfCwaVRaSa2v93a91_Jkh7zO/s1600-rw/dllhijackauditor_screenshot1_main_small.jpg" title="dllhijackauditor" width="400" /></a></div>
<div style="text-align: justify;">
<b>Dll Hijack Auditor</b> is the smart tool to <b>Audit against the Dll Hijacking Vulnerability</b> in any <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> application. This is one of the critical security issue affecting almost all Windows systems. Though most of the apps have been fixed, but still many Windows applications are susceptible to this <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> which can allow any attacker to completely take over the system. DllHijackAuditor helps in discovering all such Vulnerable Dlls in a Windows application which otherwise can lead to successful exploitation resulting in total compromise of the system.<br /><br />With its simple <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI interface</a> <b>DllHijackAuditor</b> makes it easy for anyone to instantly perform the auditing operation. It also presents detailed technical Audit report which can help the developer in fixing all vulnerable points in the application. <b>DllHijackAuditor</b> is a standalone portable application which also comes with Installer for local Installation & Uninstallation of software. </div>
<div style="text-align: justify;">
It works on wide range of platforms starting from Windows XP to latest operating system, Windows 8.<br /><h3>
Features ::</h3>
<ul>
<li>Here are some of the smart features of<b> DllHijackAuditor,</b></li>
<li>Directly & Instantly audit any Windows Application.</li>
<li>Allows complete testing to uncover all Vulnerable points in the target Application</li>
<li>Smart <a href="http://www.toolwar.com/search/label/Debugger" target="_blank">Debugger</a> based 'Interception Engine' for consistent and efficent performance without intrusion.</li>
<li>Support for specifying as well as auditing of application with custom & multiple Extensions.</li>
<li>Timeout Configuration to alter the waiting time for each Application.</li>
<li>Generates complete auditing report (in HTML format) about all vulnerable hijack points in the Application.</li>
<li>GUI based tool, makes it easy for anyone with minimum knowledge to perform the auditing operation.</li>
<li>Does not require any special privilege for auditing of the application (unless target application requires)</li>
<li>Free from Antivirus as it does not use any shellcodes or exploit codes which trigger Antivirus to terminate the operation.</li>
<li>Fully portable tool which can be run directly on any system.</li>
<li>Support for local Installation and uninstallation of the software. </li>
</ul>
<h3>
Tutorials :: </h3>
</div>
<div style="text-align: justify;">
<b>Installation & Uninstallation ::</b><br />It comes with simple Instaler that helps you to install it locally on your system for regular usage. It has intuitive setup wizard which guides you through series of steps in completion of installation. At any point of time, you can uninstall the product using the Uninstaller located at following location (by default)</div>
<div style="text-align: justify;">
<br />[Windows 32 bit]<br />C:\Program Files\SecurityXploded\DllHijackAuditor<br /><br />[Windows 64 bit]<br />C:\Program Files (x86)\SecurityXploded\DllHijackAuditor<br /><br /><b>How to use ::</b><br /><ul>
<li>Here are simple tests to use <b>DllHijackAuditor</b> for auditing of any Windows application.</li>
<li>Launch the DllHijackAuditor after copying it or installing it on your local system. </li>
<li>Now click on 'Browse' button to select application and then click on 'Start Audit' to begin the operation.</li>
<li>Next click on 'Exploit' button (only if it has found any vulnerable DLLs in the previous phase) to perform real Exploitation test.</li>
<li>Finally click on 'Report' button to generate complete Audit report. </li>
</ul>
You can tick the check box ( 'Do not terminate application' ) to make DllHijackAuditor to wait until you perform complete testing of all vulnerable points within the application. Once you are done with the testing, close the application so that <b>DllHijackAuditor</b> will continue with auditing operation.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Video :: </b></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/EBXGA8eMrT4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
<b> </b></div>
<div style="text-align: justify;">
<h3>
<b>Download ::</b></h3>
</div>
<div style="text-align: justify;">
<b>Windows :: </b><a href="http://securityxploded.com/download-file.php?id=7777" target="_blank">DLL Hijack Auditor v3.0 </a><b><br /></b></div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://securityxploded.com/dllhijackauditor.php">http://securityxploded.com/dllhijackauditor.php</a></div>

DLL Hijack Auditor (Audit DLL Hijacking Vulnerability) :: Tools

Dll Hijack Auditor is the smart tool to Audit against the Dll Hijacking Vulnerability in any Windows application. This is one of the c...

Subscribe to: Comments ( Atom )