PatrowlHears (Vulnerability Intelligence Center) :: Tools

<p style="text-align: center;"> <a href="#" style="margin-left: 1em; margin-right: 1em;"><img alt="PatrowlHears - Vulnerability Intelligence Center" border="0" data-original-height="95" data-original-width="426" height="142" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg78Yi-fUn6UnelJNfinTL6GmFcle_rN2kJVvbZkCeqyMWPTE-1c0Uo0rhirqcu-htF2eTBr5F4EYy0qj6L6eKHXBSOd387DApVooZ6SjJo612jyJVpfoFrQ1IfveC9EfrYrc_MsYqZrVpm/w640-h142-rw/logo-patrowl-light.png" title="PatrowlHears - Vulnerability Intelligence Center" width="640" /> </a></p><p style="text-align: justify;"><span style="font-size: medium;"><span style="font-family: arial;"><span>PatrowlHears provides a unified source of vulnerability, exploit and threat Intelligence feeds. Users accesses a comprehensive and continuously updated vulnerability database scored and enriched with exploit and threat news information. These metadata are collected from public OSINT and private feeds. As today, it’s one of the most extended database.</span></span></span></p><code></code><p style="text-align: justify;"><span style="font-size: medium;"><b>Tutorial: </b><a href="https://makyotox.medium.com/patrowlhears-open-source-vulnerability-intelligence-center-a8577c462257" rel="nofollow" target="_blank">Click Here</a></span></p><p style="text-align: justify;"><span style="font-size: medium;"></span></p><div class="separator" style="clear: both; text-align: center;"><span style="font-size: medium;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgESDSSt8WN9e9FE8jTgauibslgmGYU-gxlA2KUNFhYXA77F5I2MfmxBDStpGCL335dQ6qq1X5nkgMYcGg91nl3KL7F1-bI7rb4o9QUYieLnTPuGrttTYC1Dd5UiZuR_jFIOTJWyPrO0p25/s700/1+2BX5kinORfnh_Y0cJA5XFA.png" rel="nofollow" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img alt="PatrowlHears" border="0" data-original-height="313" data-original-width="700" height="179" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgESDSSt8WN9e9FE8jTgauibslgmGYU-gxlA2KUNFhYXA77F5I2MfmxBDStpGCL335dQ6qq1X5nkgMYcGg91nl3KL7F1-bI7rb4o9QUYieLnTPuGrttTYC1Dd5UiZuR_jFIOTJWyPrO0p25/w400-h179-rw/1+2BX5kinORfnh_Y0cJA5XFA.png" title="PatrowlHears" width="400" /></a></span></div><p></p><p style="text-align: justify;"><span style="font-size: medium;"><b>Download</b>: </span></p><p style="text-align: justify;"><span style="font-size: medium;">Linux: </span></p><pre><code>git clone https://github.com/Patrowl/PatrowlHears cd PatrowlHears ./install.sh </code></pre><pre><code><span style="font-size: small;"><code><span style="font-family: arial;"><b>For Detailed Installation Guide:</b> <a href="https://github.com/Patrowl/PatrowlHears/blob/master/INSTALL.md" rel="nofollow" target="_blank">Click Here</a></span> </code></span> </code></pre><p style="text-align: justify;"><span style="font-size: medium;"><b>Submitted By:</b> <a href="https://twitter.com/makyotox" rel="nofollow" target="_blank">makyotox</a></span><br /></p>

PatrowlHears (Vulnerability Intelligence Center) :: Tools

    PatrowlHears provides a unified source of vulnerability, exploit and threat Intelligence feeds. Users accesses a comprehensive and conti...

Read more »

KillerBee (Exploiting ZigBee and IEEE 802.15.4 Networks) :: Framework

<div class="separator" style="clear: both; text-align: center;"> <img alt="KillerBee Image" border="0" height="329" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7xn4xzkvBYoqeDLAxh3GYVmNcCIj8wfF43o7uU-YZX4qDFqdlP91terOVNJqb8Zo0hS94LsqWhLGHvoJXzHFJkVYwmnD8YzrW6f-H_ndMaXeF-7iquPRYHz01XL2GKY3V2yXWvycWpApy/s1600-rw/KillerBee+Image.jpg" title="KillerBee Image" width="640" /></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>KillerBee</b> is a Python based <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> and tool set for <b>exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks.</b> Using <b>KillerBee</b> tools and a compatible IEEE 802.15.4 radio interface, you can eavesdrop on ZigBee networks, replay traffic, attack cryptosystems and much more. Using the <b>KillerBee framework</b>, you can build your own <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>, implement ZigBee fuzzing, emulate and attack end-devices, routers and coordinators and much more. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Install on Linux :: </b><a href="https://code.google.com/p/killerbee/wiki/InstallLinuxBackTrack" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <b>Install on Mac :: </b><a href="https://code.google.com/p/killerbee/wiki/InstallOSX" target="_blank">Click Here</a></div> <b>Wiki :: </b><a href="https://code.google.com/p/killerbee/w/list" target="_blank">Click Here</a><br /> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux | Mac :: </b><a href="https://killerbee.googlecode.com/files/killerbee_1_0.tar" target="_blank">KillerBee v1.0</a> (.tar.gz)</div> <div style="text-align: justify;"> <b>Source Website :: </b><a href="https://code.google.com/p/killerbee/">https://code.google.com/p/killerbee/</a></div>

KillerBee (Exploiting ZigBee and IEEE 802.15.4 Networks) :: Framework

KillerBee is a Python based framework and tool set for exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks. ...

Read more »

Shellter (Dynamic Shellcode Injection) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Shellter Tool Image" border="0" height="361" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoCFTJcSTQINV_sfK7AZLw_70-JcIoAkc47RndYmYREK6nCYviWJX0NHZWC8v57DqpRcode3mTmcXkovY1gp7aZNEH08v3-Wcd-bg13_CPfeQuMQt7Fq7GftMh4LemIyth1rYp_V2KlFPS/s1600-rw/Shellter+Image.JPG" title="Shellter Tool Image" width="640" /></div> <div style="text-align: justify;"> <b>Shellter</b> is a <b>dynamic shellcode injection tool</b>, and probably the first dynamic PE infector ever created. It can be used in order to inject shellcode into native <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> applications (currently 32-bit apps only). The shellcode can be something yours or something generated through a <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a>, such as Metasploit.</div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Shellter </b>takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> access permissions in sections, adding an extra section with RWE access,and whatever would look dodgy under an AV scan.</div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Shellter</b> uses a unique dynamic approach which is based on the execution flow of the target application.</div> <div style="text-align: justify;"> <b>Shellter</b> uses a unique dynamic approach which is based on the execution flow of the target application. This means that no static/predefined locations are used for shellcode injection. <b>Shellter </b>will launch and trace the target, while at the same time will log the execution flow of the application. </div> <div style="text-align: justify;"> <b>Shellter</b> traces the entire execution flow that occurs in userland. That means, code inside the target application itself (PE image), and code outside of it that might be in a system dll or on a heap, etc. This happens in order to ensure that functions actually belonging to the target executable, but are only used as callback functions for Windows APIs will not be missed. However, the tracing engine will not log any instructions that are not in the memory range of the PE image of the target application, since these cannot be used as a reference to permanently inject the shellcode.</div> <div style="text-align: justify;"> <b>Why Need :: </b>Executables created through <a href="http://www.toolwar.com/2013/09/metasploit-framework.html" target="_blank">Metasploit</a> are most likely detected by most AV vendors. By using Shellter, you automatically have an infinitely polymorphic executable template, since you can use any 32-bit 'standalone' native Windows executable to host your shellcode. By 'standalone' means an executable that doesn't need any proprietary DLLs, apart from the system DLLs to load and run. For example, notepad.exe, and many other applications you can find online, or create by yourself as your own custom templates. You can also use applications that make use of proprietary DLLs if those are not required to create the process in the first place, and are normally loaded later on if needed to execute code for a specific task. In case you select an application that needs one or more proprietary DLLs to create the process in the first place then you will have to include them in the same directory from where you load the main executable. However, this is not recommended since it is more convenient to have just a single executable to upload to the target. </div> <h3> Tutorials ::</h3> <b>System Requirement ::</b> Windows XP SP3 (x32/x64) or Higher <br /> <b>Full Description :: </b><a href="https://www.shellterproject.com/Downloads/Shellter/Readme.txt" target="_blank">Click Here</a><br /> <b>Video Tutorial :: </b><a href="https://www.youtube.com/watch?v=91QmSy-dUEA" target="_blank">Click Here</a><br /> <h3> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="https://www.shellterproject.com/Downloads/Shellter/Old/Shellter_v1.0.rar" target="_blank">Shellter v1.0 </a>(.rar)<b><br /></b></div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="https://www.shellterproject.com/introducing-shellter/">https://www.shellterproject.com/introducing-shellter/</a></div>

Shellter (Dynamic Shellcode Injection) :: Tools

Shellter is a dynamic shellcode injection tool , and probably the first dynamic PE infector ever created. It can be used in order to inj...

Read more »

Liffy (Local File Inclusion Exploitation) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEHgUv3G2cSh18uLQRim8Gb5IXVYRmDrm0RRYDS4PNvOY9nqx1BixII41qCSV_QuR3s_OemRkq0lnNGMxMxDVuUZSsKF7L_yVBxEjzkNtuPb0tWrQVme-kk6yZvRanaLs-Vo9GRkRU6CSJ/s1600/Liffy.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Liffy Tool" border="0" height="260" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEHgUv3G2cSh18uLQRim8Gb5IXVYRmDrm0RRYDS4PNvOY9nqx1BixII41qCSV_QuR3s_OemRkq0lnNGMxMxDVuUZSsKF7L_yVBxEjzkNtuPb0tWrQVme-kk6yZvRanaLs-Vo9GRkRU6CSJ/s1600-rw/Liffy.jpg" title="Liffy Tool" width="400" /></a></div> <div style="text-align: justify;"> <b>Liffy</b> is a tool to exploit local file inclusion <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> using the built-in wrappers php://input, data://, and a process control extension called 'expect'. <b>Liffy</b> is written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>.</div> <ul class="task-list" style="text-align: justify;"> <li>Updates * Now comes with ability to use poisoned Apache access logs, and php://filter for code execution and arbitrary file reads.</li> </ul> <div style="text-align: justify;"> <b>Liffy</b> requires the following libraries: requests, argparse, blessings, urlparse In order to host the payload you may use Node's HTTP server. Or you can simply spawn python's SimpleHTTPServer in /tmp on port 8000. Further development of the tool will eventually include spawning a built-in web server in order to download, for now you can adjust the location and port in the source code for your needs. These can be changed in core.py under the execute functions.</div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Example Use ::</b> ./liffy --url http://target/pdfs/vulnerable.php?= --data </div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Linux | Windows | Mac :: </b><a href="https://github.com/rotlogix/liffy/archive/master.zip" target="_blank">Click Here</a><b><br /></b></div> <div style="text-align: justify;"> <b>Source Website :: </b><a href="https://github.com/rotlogix/liffy">https://github.com/rotlogix/liffy</a></div>

Liffy (Local File Inclusion Exploitation) :: Tools

Liffy is a tool to exploit local file inclusion vulnerability using the built-in wrappers php://input, data://, and a process control ...

Read more »

Immunity Canvas (Vulnerability Exploitation) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqwXRB2JW_wTRBZeFsPrNZqP7KK7Xyn3JC7nG4SvaFbLePxH0hRCMjN9Qmahzts9eQvlEvfqI-ZtbOgvXHS6d2EBgXNSHvEgPXs_l3QYQyy_cg2IrSmwwJThp4ddWSXS5oV4GoJEOJbLUo/s1600/img-canvas.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Immunity Canvas" border="0" height="171" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqwXRB2JW_wTRBZeFsPrNZqP7KK7Xyn3JC7nG4SvaFbLePxH0hRCMjN9Qmahzts9eQvlEvfqI-ZtbOgvXHS6d2EBgXNSHvEgPXs_l3QYQyy_cg2IrSmwwJThp4ddWSXS5oV4GoJEOJbLUo/s1600-rw/img-canvas.gif" title="Immunity Canvas" width="400" /></a></div> <b>Immunity Canvas</b> is a commercial <b>vulnerability exploitation tool </b>from Dave Aitel's ImmunitySec. It includes more than 370 exploits and is less expensive than Core Impact or the commercial versions of <a href="http://www.toolwar.com/2013/09/metasploit-framework.html" target="_blank">Metasploit</a>. It comes with full source code, and occasionally even includes zero-day exploits.<b> </b><br /> <b>Immunity's CANVAS</b> makes available hundreds of exploits, an automated <a href="http://www.toolwar.com/search/label/Exploitation" target="_blank">exploitation</a> system, and a comprehensive, reliable exploit development framework to <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration</a> testers and <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> professionals worldwide. To see CANVAS in action please see our movies. For users new to CANVAS or experienced users looking to get just a little more out of CANVAS we have <a href="http://www.toolwar.com/search/label/PDF" target="_blank">PDF</a> based tutorials available for download.</div> <div style="text-align: justify;">   </div> <div style="text-align: justify;"> <b>Supported Platforms and Installations</b><br /> - <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (requires Python & PyGTK)<br /> - <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a><br /> - <a href="http://www.toolwar.com/search/label/Mac" target="_blank">MacOSX</a> (requires PyGTK)<br /> - All other <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> environments such as mobile phones and commercial Unixes (command line version only supported, GUI may also be available)</div> <div style="text-align: justify;"> <b>Architecture</b><br /> - CANVAS' completely open design allows a team to adapt CANVAS to their environment and needs. </div> <div style="text-align: justify;"> <b>Documentation</b><br /> - all documentation is delivered in the form of demonstration movies<br /> - exploit modules have additional information windows</div> <div style="text-align: justify;"> <b> Exploits</b><br /> - currently over 490 exploits, an average of 4 exploits added every monthly release<br /> - Immunity carefully selects vulnerabilities for inclusion as CANVAS exploits. Top priorities are high-value vulnerabilities such as remote, pre-authentication, and new vulnerabilities in mainstream software.<br /> - Exploits span all common platforms and applications</div> <div style="text-align: justify;"> <b> Payload Options</b><br /> - to provide maximum reliability, exploits always attempt to reuse socket<br /> - if socket reuse is not suitable, connect-back is used<br /> - subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions (file management, screenshots, etc)<br /> - bouncing and split-bouncing automatically available via MOSDEF<br /> - adjustable covertness level</div> <div style="text-align: justify;"> <b> Exploit Delivery</b><br /> - regular monthly updates made available via <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a><br /> - exploit modules and CANVAS engine are updated simultaneously<br /> - customers reminded of monthly updates via email</div> <div style="text-align: justify;"> <b> Exploit Creation Time</b><br /> - exploits included in next release as soon as they are stable</div> <div style="text-align: justify;"> <b> Effectiveness of Exploits</b><br /> - all exploits fully QA'd prior to release<br /> - exploits demonstrated via flash movies<br /> - exploit development team available via direct email for support</div> <div style="text-align: justify;"> <b> Ability to make Custom Exploits</b><br /> - unique MOSDEF development environment allows rapid exploit development</div> <div style="text-align: justify;"> <b> Product Support and Maintenance</b><br /> - subscriptions include email and phone support M-F 9am - 5pm EST, directly with development team<br /> - minimum monthly updates</div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <h3> Tutorials ::</h3> <ol> <li><a href="http://www.immunitysec.com/documentation/tutorials/Windows_Install.pdf">Detailed Windows Installation Instructions</a></li> <li><a href="http://www.immunitysec.com/documentation/tutorials/canvas101-part1.pdf">CANVAS 101 (Part 1)</a></li> <li><a href="http://www.immunitysec.com/documentation/tutorials/canvas101-part2.pdf">CANVAS 101 (Part 2)</a></li> <li><a href="http://www.immunitysec.com/documentation/tutorials/HCN-Part1.pdf">HCN Rootkit (Part 1)</a></li> <li><a href="http://www.immunitysec.com/documentation/tutorials/ties-that-binder-dot-py.pdf">The Ties That Binder.py</a></li> </ol> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/FAz-Bek4RfU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <ol></ol> </div> <div style="text-align: justify;"> <h3> Download ::</h3> </div> <div style="text-align: justify;"> <b>Linux | Mac | Windows :: Contact Here ::</b> sales@immunityinc.com <b> </b><br /> <b>Official Website ::</b> <a href="https://www.immunitysec.com/products-canvas.shtml">https://www.immunitysec.com/products-canvas.shtml</a></div>

Immunity Canvas (Vulnerability Exploitation) :: Tools

Immunity Canvas is a commercial vulnerability exploitation tool from Dave Aitel's ImmunitySec. It includes more than 370 exploits an...

Read more »

Cisco Torch (Scanning, Fingerprinting and Exploitation) :: Tools

<div style="text-align: justify;"> </div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrDBORXGRkO4-BVNT3r3mNPK_ogJ94i5y-vnarwHNshmXWd2qBKmXLLFyAlwuJM32ULoRNrOznorFUhaZ4b3jXomvwheUARBWfq9WYFeRUL_t0fvlOOf1yW2UUaYIEdzhS7mtfN0guCsfD/s1600/cisco-torch.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Cisco Torch" border="0" height="294" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrDBORXGRkO4-BVNT3r3mNPK_ogJ94i5y-vnarwHNshmXWd2qBKmXLLFyAlwuJM32ULoRNrOznorFUhaZ4b3jXomvwheUARBWfq9WYFeRUL_t0fvlOOf1yW2UUaYIEdzhS7mtfN0guCsfD/s1600-rw/cisco-torch.PNG" title="Cisco Torch" width="640" /></a></div> <div style="text-align: justify;"> <b>Cisco Torch</b> is a <b>mass scanning, fingerprinting, and exploitation tool</b> was written while working on the next edition of the "Hacking Exposed Cisco Networks", since the <a href="http://www.toolwar.com/search/label/Tools">tools</a> availalbe on the market could not meet our needs. <br />The main feature that makes<b> Cisco-torch</b> different from similar tools is the extensive use of forking to launch multiple scanning processes on the background for maximum <a href="http://www.toolwar.com/search/label/Scanner">scanning</a> efficiency. Also, it uses several methods of application layer fingerprinting simultaneously, if needed. We wanted something fast to discover remote Cisco hosts running Telnet, SSH, Web, NTP and SNMP services and launch dictionary attacks against the services discovered. </div> <br /><h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows | Mac | Linux :: </b><a href="http://www.arhont.com/en/wp-content/uploads/2010/01/cisco-torch-0.4b.tar.gz" target="_blank">Cisco-Torch v0.4b</a> (.tar.bz2)<b> | Language ::</b> Perl<b><br /></b></div> <div style="text-align: justify;"> <b>Official Website :: </b> <a href="http://www.arhont.com/en/category/resources/tools-utilities/">http://www.arhont.com/en/category/resources/tools-utilities/</a></div>

Cisco Torch (Scanning, Fingerprinting and Exploitation) :: Tools

Cisco Torch is a mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the "Hac...

Read more »

SAINT 8 (Security Auditing Suite) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="SAINT LOGO" border="0" height="107" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA7ITNbIsTcKUwW4ShEmmGIi_tc3r93_yUAm8uaCmmHsBBhYfr3EemJ8Cqkmicl1Fhpd9D3UxPy_DS7kuqAJEVvVADbttEn7PYmcWl3xA3gQEQWKeMojScYzNb7yO1L08sAs_4K6kEYXHm/s1600-rw/SAINT.jpg" title="SAINT LOGO" width="200" /></div> <b>SAINT 8</b> is a <b>fully-integrated security tool suite</b> that combines <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability scanning</a>, with <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a>, social engineering tools and configuration assessments. Use the combined power of these tools to identify vulnerabilities on <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> devices, operating systems, desktop applications, <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web applications</a>, databases, and more; run packaged penetration tests through pre-configured policies, run vulnerability-specific exploits for target-directed investigation; execute social engineering through packaged exploit Tools; and execute platform-specific configuration auditing, using NIST’s SCAP standards and protocols.  <b>SAINT 8 </b>then provides a robust set of <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> and reporting features to perform ad hoc analytics, view strategic level results across 1 or many assessments, and then build reports from pre-defined templates, compliance reports or build your own custom reports from over 150 customizable settings. <b>SAINT's</b> current repository includes over 4,200 <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> checks and 900+ exploits - which span over 48,000 Common Vulnerability Exposures (CVEs), plus numerous vulnerabilities that do not currently have a CVE assigned. Vulnerability checks and exploit development is a daily activity, that includes delivery of new checks twice a week, through an automated plug-in. This agentless scanning solution can be delivered via a cloud-based version <b> (WebSAINT Pro 8)</b>, deployed standalone, shared as a server-based solution, or as a multi-<a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner</a> architecture for large enterprise or load balanced scanning.</div> <br /> <h3> Tutorials ::</h3> <b>Video Tutorial :: </b><a href="http://www.youtube.com/watch?v=ibW6gLNYrf8" target="_blank">Click Here </a><br /> <b>Exploit Tools List :: </b><a href="http://www.saintcorporation.com/solutions/exploitTools.html" target="_blank">Click Here</a><b></b><br /> <br /> <h3> Download :: </h3> <b>Windows :: </b><a href="https://www.saintcorporation.com/resources/requestEvaluation.html" target="_blank">Request a Evaluation Copy</a><b> </b><br /> <b>Official Website :: </b><a href="https://www.saintcorporation.com/products/SAINT8.html">https://www.saintcorporation.com/products/SAINT8.html</a><br /> <b>Submitted By :: </b>SAINT Corporation <br /> <div style="text-align: justify;"> <br /></div>

SAINT 8 (Security Auditing Suite) :: Framework

SAINT 8 is a fully-integrated security tool suite that combines vulnerability scanning , with penetration testing , social engineering ...

Read more »

Cisco Global Exploiter (CGE) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjE95qKAuiFSSG89yP0adW44_GbFhQyPv25VQtzfb0sXlcZULk_kYsSmrKlhrhZGj95J1CaXicGo9aMbA-IJhRw9fBfpplvCZg7YWDn-cmp9n3DCvhhPeuPYQ-IYA8jjcmpyRd95Mee7XKc/s1600/Cisco+Global+Exploiter.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="CISCO Global Exploiter" border="0" height="285" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjE95qKAuiFSSG89yP0adW44_GbFhQyPv25VQtzfb0sXlcZULk_kYsSmrKlhrhZGj95J1CaXicGo9aMbA-IJhRw9fBfpplvCZg7YWDn-cmp9n3DCvhhPeuPYQ-IYA8jjcmpyRd95Mee7XKc/s1600-rw/Cisco+Global+Exploiter.PNG" title="CISCO Global Exploiter" width="320" /></a></div> <div style="text-align: justify;"> <b>Cisco Global Exploiter (CGE)</b>, is an advanced, simple and fast <a href="http://www.toolwar.com/search/label/Security" target="_blank"> security</a> testing tool/ exploit engine, that is able to exploit 14 <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank"> vulnerabilities</a> in disparate Cisco switches and routers.  CGE is <a href="http://www.toolwar.com/search/label/CLI" target="_blank">command-line</a> driven <a href="http://www.toolwar.com/2013/09/perl-language.html" target="_blank">perl </a>script which has a simple and easy to use front-end.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> CGE can exploit the following 14 vulnerabilities:</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[1] - Cisco 677/678 Telnet Buffer Overflow Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[2] - Cisco IOS Router Denial of Service Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[3] - Cisco IOS HTTP Auth Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[4] - Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability[5] - Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[6] - Cisco 675 Web Administration Denial of Service Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[7] - Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[8] - Cisco IOS Software HTTP Request Denial of Service Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[9] - Cisco 514 UDP Flood Denial of Service Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[10] - CiscoSecure ACS for Windows NT Server Denial of Service Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[11] - Cisco Catalyst Memory Leak Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[12] - Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[13] - 0 Encoding IDS Bypass Vulnerability (UTF)</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[14] - Cisco IOS HTTP Denial of Service Vulnerability</span></div> <div style="text-align: justify;"> <br /></div> <h3 style="margin-bottom: 0px; margin-top: 0px; text-align: justify;"> Tutorial :: </h3> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Installation:</b></div> <div style="text-align: justify;"> <span style="font-family: Courier New;">tar -zxvf cge-13.tar.gz</span></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b><span style="font-family: Times New Roman;">Execution:</span></b></div> <div style="text-align: justify;"> <span style="font-family: Courier New; font-size: x-small;">perl cge.pl <target> <vulnerability number></span></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Example output:</b></div> <div style="text-align: justify;"> <span style="font-size: x-small;"><span style="font-family: Courier New;">[root@hacker cge-13]# perl cge.pl 192.168.1.254 3</span><br /> <span style="font-family: Courier New;">Vulnerability successful exploited with [http://192.168.1.254/level/17/exec/....] ...</span></span></div> <div style="margin-bottom: 0px; margin-top: 0px; text-align: justify;"> The above is trying to exploit <span style="font-family: Times New Roman;">the Cisco IOS HTTP Auth Vulnerability and hopefully using the nice link provided we should have basic access to the switch we are attacking, (not enable):</span></div> <div style="margin-bottom: 0px; margin-top: 0px; text-align: justify;">   </div> <h3 style="margin-bottom: 0px; margin-top: 0px; text-align: justify;"> Download ::</h3> <div style="margin-bottom: 0px; margin-top: 0px; text-align: justify;"> <b>Linux :: </b><a href="http://packetstormsecurity.org/0405-exploits/cge-13.tar.gz" target="_blank">Cisco Global Exploiter</a> (.tar.gz)<b><br /></b></div> <div style="margin-bottom: 0px; margin-top: 0px; text-align: justify;"> <b>Official Website :: </b><a href="http://www.vulnerabilityassessment.co.uk/cge.htm">http://www.vulnerabilityassessment.co.uk/cge.htm</a></div>

Cisco Global Exploiter (CGE) :: Tools

Cisco Global Exploiter (CGE) , is an advanced, simple and fast security testing tool/ exploit engine, that is able to exploit 14...

Read more »

Immunity Debugger :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Immunity Debugger logo" border="0" height="340" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9Tz7osQXiMIGssd8NGbnuYt2UuNlyHH6exkoSIEvMi6eJWYewN-waCLbYG-2ZjR-PbZhLWL2A9wBOmtAo9V0AKXaUBpGgoDlDoMAhMep5Qott6zJB-zoqQuUaLf0pzc5oMPvczcOOL0pJ/s400-rw/debugger-logo.png" title="Immunity Debugger logo" width="400" /></div> <div style="text-align: justify;"> <b>Immunity Debugger</b> is a powerful new way to <i>write exploits, <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analyze</a> <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a>, and reverse engineer binary files.</i> It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> API for easy extensibility.</div> <div style="text-align: justify;"> <img border="0" loading="lazy" src="http://www.immunityinc.com/bullet.gif" /> A <a href="http://www.toolwar.com/search/label/Debugger" target="_blank">debugger</a> with functionality designed specifically for the security industry<br /> <img border="0" loading="lazy" src="http://www.immunityinc.com/bullet.gif" />Cuts exploit development time by 50%<br /> <img border="0" loading="lazy" src="http://www.immunityinc.com/bullet.gif" />Simple, understandable interfaces<br /> <img border="0" loading="lazy" src="http://www.immunityinc.com/bullet.gif" />Robust and powerful scripting language for automating intelligent debugging<br /> <img border="0" loading="lazy" src="http://www.immunityinc.com/bullet.gif" />Lightweight and fast debugging to prevent corruption during complex analysis<br /> <img border="0" loading="lazy" src="http://www.immunityinc.com/bullet.gif" />Connectivity to fuzzers and exploit development <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/fIUOiwYTpho?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/KlcLLzdtT2U?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> </div> <div style="text-align: justify;"> <h3> Download ::</h3> </div> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://debugger.immunityinc.com/ID_register.py" target="_blank">Immunity Debugger </a><b> </b></div> <div style="text-align: justify;"> <b>Official Website ::</b>  <a href="http://debugger.immunityinc.com/">http://debugger.immunityinc.com/</a></div>

Immunity Debugger :: Tools

Immunity Debugger is a powerful new way to write exploits, analyze malware , and reverse engineer binary files. It builds on a solid ...

Read more »

Ardamax Keylogger :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKetu8Xus_BjvV3rk63-tZDAyPcmhnmWc0da71GaTnL9NLYdt5WXx5blf98p4tTADVATkzma8ZWwBsiqpSZvVNbpAkmHM3yKvGH3J00B4mXZyWlJdl9UCxoFSE7T4kq9gmMSUd3UTFgCwm/s1600/ardamax+keylogger+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="ardamax keylogger " border="0" height="267" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKetu8Xus_BjvV3rk63-tZDAyPcmhnmWc0da71GaTnL9NLYdt5WXx5blf98p4tTADVATkzma8ZWwBsiqpSZvVNbpAkmHM3yKvGH3J00B4mXZyWlJdl9UCxoFSE7T4kq9gmMSUd3UTFgCwm/s400-rw/ardamax+keylogger+screenshot.png" title="ardamax keylogger " width="400" /></a></div> <b>Ardamax Keylogger </b>is a <b><i>keystroke recorder</i></b> that captures user's activity and saves it to an encrypted log file. The log file can be viewed with the powerful Log Viewer. Use this <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tool</a> to find out what is happening on your computer while you are away, maintain a backup of your typed data automatically or use it to <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">monitor</a> your kids. Also you can use it as a monitoring device for detecting unauthorised access. Logs can be automatically sent to your e-mail address, access to the keylogger is <a href="http://www.toolwar.com/search/label/Password" target="_blank">password</a> protected. Besides, <b>Ardamax Keylogger</b> logs information about the Internet addresses the user has visited. This invisible spy application is designed for 2000, XP, 2003, Vista, 7 and <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> 8.</div> <h3> <b>Keylogger Features:</b></h3> <ul> <li><b>Email log delivery</b> - keylogger can send you recorded logs through e-mail delivery at set times - perfect for remote monitoring!</li> <li><b>FTP delivery</b> - Ardamax Keylogger can upload recorded logs through FTP delivery.</li> <li><b>Network delivery</b> - sends recorded logs through via LAN.</li> <li><b>Clipboard logging</b> - capture all text copied to the Windows Clipboard. </li> <li><b>Invisible mode</b> makes it absolutely invisible to anyone. <b>Ardamax Keylogger</b> is not visible in the task bar, system tray, Windows 2000/XP/2003/Vista/Windows 7 Task Manager, process viewers (Process Explorer, WinTasks etc.), Start Menu and Windows Startup list.</li> <li><b>Visual surveillance</b> - periodically makes screenshots and stores the compressed images to log.</li> <li><b>Chat monitoring</b> - Ardamax Keylogger is designed to record and monitor both sides of a conversation in following chats: <ul> <li>AIM</li> <li>Windows Live Messenger 2011</li> <li>ICQ 7</li> <li>Skype 4</li> <li>Yahoo Messenger 10</li> <li>Google Talk</li> <li>Miranda</li> <li>QiP 2010</li> </ul> </li> <li><b>Security</b> - allows you to protect program settings, Hidden Mode and Log file.</li> <li><b>Application monitoring</b> - keylogger will record the application that was in use that received the keystroke!</li> <li><b>Time/Date tracking</b> - it allows you to pinpoint the exact time a window received a keystroke!</li> <li><b>Powerful Log Viewer</b> - you can view and save the log as a HTML page or plain text with keylogger Log Viewer.</li> <li><b>Small size </b>– Ardamax Keylogger is several times smaller than other programs with the same features. It has no additional modules and libraries, so its size is smaller and the performance is higher.</li> <li>Ardamax Keylogger fully supports <b>Unicode</b> characters which makes it possible to record keystrokes that include characters from Japanese, Chinese, Arabic and many other character sets.</li> <li>It records every keystroke. Captures passwords and all other invisible text.</li> </ul> <b>Other Features:</b><br /> <ul> <li>Windows 2000/2003/XP/Vista/Windows 7/Windows 8 support</li> <li>Monitors multi-user machines</li> <li>Automatic startup</li> <li>Friendly interface</li> <li>Easy to install</li> </ul> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/iJ2udtA48hg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;">  </h3> Screenshots :: <a href="http://www.ardamax.com/keylogger/screenshots.html" target="_blank">Click Here</a> <br /> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://www.snapfiles.com/php/sfdwnld.php?id=107631&a=7115070&loc=x" target="_blank">Ardamax Keylogger (Trial Version)</a><b> </b></div> <div style="text-align: justify;"> <b>Buy $ ::</b> <a href="https://sites.fastspring.com/ardamax/instant/keylogger" target="_blank">Ardamax Keylogger (Buy Here)</a></div>

Ardamax Keylogger :: Tools

Ardamax Keylogger is a keystroke recorder that captures user's activity and saves it to an encrypted log file. The log file can be ...

Read more »

Bizploit (ERP Penetration Testing) :: Framework

<div class="separator" style="clear: both; text-align: center;"> <img alt="onapsis logo" border="0" height="157" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEin6I42nzkLY76YbK6quX_PVYjdXrZ8ZpxDui0742p564fJp9gziwUTmwc3CRFGoTz5et3sDfyb3dBOMb7o0I9stsuh20N8o7GqsAhA_mdKp5AO_osq2EkqNGSDHp9JvasUAXoL_9P3L4Ce/s400-rw/onapsis+logo.png" title="onapsis logo" width="400" /></div> <div class="separator" style="clear: both; text-align: center;"> </div> <div style="text-align: justify;"> <b>Bizploit</b> is the first Opensource <i>ERP Penetration Testing framework</i>. Developed by the <b>Onapsis Research Labs,</b> <b>Bizploit</b> assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized <b>ERP Penetration Tests</b>.<br /> Currently, <b>Bizploit</b> is shipped with many plugins to assess the security of SAP business platforms. Plugins for other popular ERPs will be included in the short term.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials :: </h3> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a class="download" href="http://www.onapsis.com/get.php?resid=bizploit-linux-1-5">Bizploit v1.50-rc1</a></div> <div style="text-align: justify;"> <b>Windows ::</b> <a class="download" href="http://www.onapsis.com/get.php?resid=bizploit-win32-1-5">Bizploit v1.50-rc1</a><br /> <b>Official Website :: </b><a href="http://www.onapsis.com/">http://www.onapsis.com</a>/</div>

Bizploit (ERP Penetration Testing) :: Framework

Bizploit is the first Opensource ERP Penetration Testing framework . Developed by the Onapsis Research Labs, Bizploit assists secur...

Read more »

CSRFTester (CSRF Vulnerability Tester) :: Tools

<div style="text-align: justify;"> <div style="text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiknqrcJ0AaQrbIi2UugREgBG1Z7upbwf_PCp5NSgxfWNpFLOAh1v96V2StvLmvgsPEtP2oPyKdCM89YAwgSZIES4vC0cqy0W8AduQVObDEuZoVJVWEKAAnYQeQDeGbotNoS0AoMnH2kYv7/s1600/CSRF-tester+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="csrf tester screenshot" border="0" height="250" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiknqrcJ0AaQrbIi2UugREgBG1Z7upbwf_PCp5NSgxfWNpFLOAh1v96V2StvLmvgsPEtP2oPyKdCM89YAwgSZIES4vC0cqy0W8AduQVObDEuZoVJVWEKAAnYQeQDeGbotNoS0AoMnH2kYv7/s400-rw/CSRF-tester+screenshot.png" title="csrf tester screenshot" width="400" /></a> </div> <b>OWASP CSRFTester</b> is a tool for <b>testing CSRF vulnerability in websites</b>. Just when developers are starting to run in circles over Cross Site Scripting, the 'sleeping giant' awakes for yet another web-catastrophe.<b> Cross-Site Request Forgery (CSRF) </b>is an attack whereby the victim is tricked into loading information from or submitting information to a web application for which they are currently authenticated. The problem is that the web application has no means of verifying the integrity of the request. The <b>OWASP CSRFTester </b>Project attempts to give developers the ability to test their applications for CSRF flaws. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Luocnr0t8_o?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Zip :: </b><a href="https://www.owasp.org/images/0/08/CSRFTester-1.0.zip" target="_blank">CSRFTester-1.0.zip</a><br /> <b>Official Website :: </b> <a href="https://www.owasp.org/">https://www.owasp.org/</a></div>

CSRFTester (CSRF Vulnerability Tester) :: Tools

  OWASP CSRFTester is a tool for testing CSRF vulnerability in websites . Just when developers are starting to run in circles over Cross...

Read more »

SILICA (WiFi Penetration Testing) :: Tools

<div style="text-align: justify;"> <span style="font-size: small;"></span></div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3Pvv_IBiRa-8oX-3aa_2A22D5nvUsowumkAz3fTkG5t9hmCiUfG5XBQ9K7MtHa4Kch16v2V0fOiVRZCFh1GtfuGsYF9YsTitnsPUXCPQgDqqoijMqSka4DOSumJJFHujYBuhicQzLzSR-/s1600/Silica+Wireless+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Silica Wireless Screenshot" border="0" height="213" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3Pvv_IBiRa-8oX-3aa_2A22D5nvUsowumkAz3fTkG5t9hmCiUfG5XBQ9K7MtHa4Kch16v2V0fOiVRZCFh1GtfuGsYF9YsTitnsPUXCPQgDqqoijMqSka4DOSumJJFHujYBuhicQzLzSR-/s400-rw/Silica+Wireless+screenshot.png" title="Silica Wireless Screenshot" width="400" /></a></div> <div style="text-align: justify;"> <span style="font-size: small;"><b>SILICA</b> is a tool for hacking or <i>Wi-Fi penetration testing</i>. Understanding the <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerabilities</a> of your <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">WiFi</a> network can be challenging as users can easily create networks on demand, or even perhaps unintentionally. But as recent events have demonstrated, scanning your <i>WiFi network</i> is an important part of understanding your <a href="http://www.toolwar.com/search/label/Security" target="_blank">security </a>posture.</span></div> <div style="text-align: justify;"> <span style="font-size: small;"> Most vulnerability assessment tools simply take their current network scanners and point them at the wireless infrastructure. This approach does not give you the information that is unique to <a href="http://www.toolwar.com/search/label/Wireless" target="_blank">wireless </a>networks. Immunity has built the first automated, WiFi specific, vulnerability assessment and penetration tool.</span></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> Unlike traditional scanners that merely identify possible vulnerabilities, <b>SILICA</b> determines the true risk of a particular access point. <b>SILICA</b> does this by unintrusively leveraging vulnerabilities and determining what assets behind the vulnerable access point can be compromised.</div> <div style="text-align: justify;"> Additionally while traditional <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanners</a> can enumerate the vulnerabilities of a particular target, they cannot evaluate whether a mitigating control is in place on the target or in the surrounding environ- ment. With<b> SILICA</b>’s unique methodology it can report on whether vulnerability can be successfully exploited.</div> <div style="text-align: justify;"> <b>More than simple scanning, the benefits of using SILICA include:</b></div> <div style="text-align: justify;"> 1) Improved security posture<br /> 2) Simplified trouble shooting<br /> 3) <a href="http://www.toolwar.com/search/label/Network" target="_blank">Network</a> mapping<br /> 4) Create real threat profiles and vulnerability assessments<br /> 5) Build WiFi risk and vulnerability analysis for PCI, SOX<br /> 6) Rogue access point detection<br /> 7) Auditing wireless client security</div> <h3 style="text-align: justify;"> <span style="font-size: small;">With SILICA You Can ::</span></h3> <div style="text-align: justify;"> <span style="font-size: small;">1. Recover WEP, WPA 1,2 and LEAP keys<br />2. Passively hijack web application sessions for email, social networking and Intranet sites.<br />3. Map a wireless network and identify its relationships with associated clients and other access points.<br />4. Identify vendors, hidden SSIDs and equipment passively.<br />5. Scan and break into hosts on the network using integrated CANVAS exploit modules and commands to recover screenshots, password hashes and other sensitive information.<br />6. Perform man-in-the-middle attacks to find valuable information exchanged between hosts.<br />7. Generate reports for wireless and network data.<br />8. Hijack wireless client connections via access point impersonation.<br />9. Passively inject custom content into client's web sessions.<br />10. Take full control of wireless clients via CANVAS's client-side exploitation framework (clientD).<br />11. Decrypt and easily view all WEP and WPA 1/2 traffic.</span></div> <h3 style="text-align: justify;"> Tutorial ::</h3> <div style="text-align: justify;"> <b>Videos :: </b><a href="http://www.immunitysec.com/products-silica.shtml" target="_blank">Silica Videos Tutorials</a> </div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://downloads.immunityinc.com/SILICA_VM.zip" target="_blank">SILICA_VM</a></div> <div style="text-align: justify;"> <span style="font-size: small;"></span></div> <div style="text-align: justify;"> </div>

SILICA (WiFi Penetration Testing) :: Tools

SILICA is a tool for hacking or Wi-Fi penetration testing . Understanding the vulnerabilities of your WiFi network can be challengin...

Read more »

Blooover (J2ME Phone Autditing) :: Tools

<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsTpT9cfrEeVdY-n-9KwBEegNMoVSM-KW02xdTM_5zftMZe0MF7XjeQXlKWs_21jAnKaWACK6JxwmHue-4BheAZXFM3vfoX_PrI20ajZNTvLbHyjvuCkSONRBN9o26QhHqh1lhf5AcG7Mh/s1600/blooover+logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Blooover Logo" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsTpT9cfrEeVdY-n-9KwBEegNMoVSM-KW02xdTM_5zftMZe0MF7XjeQXlKWs_21jAnKaWACK6JxwmHue-4BheAZXFM3vfoX_PrI20ajZNTvLbHyjvuCkSONRBN9o26QhHqh1lhf5AcG7Mh/s1600-rw/blooover+logo.png" title="Blooover Logo" /></a></div><div style="text-align: justify;"><b>Blooover</b> is a <i>J2ME Phone Auditing Tool</i>. Since <b>Adam Laurie's</b> BlueSnarf experiment and the subsequent BlueBug experiment it is proven that some <a href="http://www.toolwar.com/search/label/Bluetooth" target="_blank">Bluetooth</a>-enabled phones have <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> issues. Until now, attackers need laptops for the snarfing of other people's information. Unless attackers do a long-distance-snarf, people would see that there is somebody with a laptop trying to do strange things. <b>Blooover</b> is a proof-of-concept tool that is intended to run on J2ME-enabled cell phones that appear to be comparably seamless. <b>Blooover </b>is a tool that is intended to serve as an audit tool that people can use to check whether their phones and phones of friends and employees are vulnerable.<br /> <br /> Since the application runs on handheld devices and sucks information, it has been called <b>Blooover</b> (derived from <b>Bluetooth Hoover</b>).<br /> <br /> We had some objections to release a tool that actually does a bluebug-attack before eventual victims were not in the position of doing something against it. Now, that Nokia announced a <a href="http://www.toolwar.com/search/label/Firmware" target="_blank">firmware </a>upgrade for their vulnerable models, these objections are no longer present.</div><div style="text-align: justify;"><h3>Tutorial ::</h3><h4>Installation ::</h4>When you intend to install the application, you should be using a phone that has the Java Bluetooth API implemented. Phones with this feature are listed on this, very useful page.<br /> Once you downloaded the file, make sure that it is called Bloover.jar (not Blooover.zip). After this you can either transfer the application to your phone via (1) the phone software on your pc, or (2) via Obex Push over Bluetooth or (3) via OTA (over-the-air application provisioning) which will use your phone's data services.</div><div style="text-align: justify;"><h3>Download ::</h3><b>Jar :: </b><a href="http://trifinite.org/Downloads/Blooover.jar" target="_blank">Blooover.jar </a></div>

Blooover (J2ME Phone Autditing) :: Tools

Blooover is a J2ME Phone Auditing Tool . Since Adam Laurie's BlueSnarf experiment and the subsequent BlueBug experiment it is proven t...

Read more »

BlueBugger (Information Gathering) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRWT68-7tScmEGFEeFKiWmc_SNYITCODD2zGkNWWOzAUPw4hq4hChN30UixXPrJSG3j39xnPJgcKk33X8rIq0wkbX4rR672Zv0AJIL98ExNJdQWelFIit93JhVGj1YnzgXt1zo8PwXMYdq/s1600/bluebugger.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="bluebugger" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRWT68-7tScmEGFEeFKiWmc_SNYITCODD2zGkNWWOzAUPw4hq4hChN30UixXPrJSG3j39xnPJgcKk33X8rIq0wkbX4rR672Zv0AJIL98ExNJdQWelFIit93JhVGj1YnzgXt1zo8PwXMYdq/s1600-rw/bluebugger.jpg" title="bluebugger " /></a></div> <div style="text-align: justify;"> <b>BlueBugger </b>is a tool for bluetooth devices. You can get all informations, phonebook entries and messages with a simply run. <b>Bluebugger</b> is an implementation of the <b>bluebug</b> technique which was discovered by Martin Herfurt.</div> <h3> Uses ::</h3> <span style="font-size: x-small;"><span style="font-weight: normal;"><span style="font-family: "Courier New",Courier,monospace;">bluebugger 0.1 (cant post urls :D)<br /> -----------------------------------------<br /> <br /> Usage: bluebugger [OPTIONS] -a <addr> [MODE]<br /> <br />        -a <addr>     = Bluetooth address of target<br /> <br />        Options:<br />        --------<br />        -m <name>     = Name to use when connecting (default: '')<br />        -d <device>   = Device to use (default: '/dev/rfcomm')<br />        -c <channel>  = Channelto use (default: 17)<br />        -n            = No device name lookup<br />        -t <timeout>  = Timeout in seconds for name lookup (default: 5)<br />        -o <file>     = Write output to <file><br /> <br />        Mode:<br />        -----<br />        info                   = Read Phone Info   (default)<br />        phonebook              = Read Phonebook    (default)<br />        messages               = Read SMS Messages (default)<br />        dial <num>             = Dial number<br />        ATCMD                  = Custom Command (e.g. '+GMI')<br /> <br />        Note: Modes can be combined, e.g. 'info phonebook +GMI' </span></span></span><br /> <br /> Tutorial ::<br /> <b>Text :: </b><a href="https://github.com/pwnieexpress/pwn_plug_sources/tree/master/src/bluetooth/bluebugger" target="_blank">Click Here </a><br /> <h3> Download ::</h3> <b>Linux :: </b><a href="https://github.com/pwnieexpress/pwn_plug_sources/tree/master/src/bluetooth/bluebugger/source" target="_blank">BlueBugger Source </a><br /> <br />

BlueBugger (Information Gathering) :: Tools

BlueBugger is a tool for bluetooth devices. You can get all informations, phonebook entries and messages with a simply run. Bluebugger i...

Read more »

BlueMaho (Bluetooth Devices Security Testing) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNVahVyEcfeuzVD5lawFbk1swmp1o1H7I7v9E-pH4ejkRPZhlmFkUjvKXrBJxfz9ompBZO3fgIelIXorjmjWxOxR6sP7Oeyr968W6YoaZ1rdyC2xxbsgMJUT4ysmHVpx8skquk_Zn5LVOb/s1600/bluemaho+screenshot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="bluemaho screenshot" border="0" height="240" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNVahVyEcfeuzVD5lawFbk1swmp1o1H7I7v9E-pH4ejkRPZhlmFkUjvKXrBJxfz9ompBZO3fgIelIXorjmjWxOxR6sP7Oeyr968W6YoaZ1rdyC2xxbsgMJUT4ysmHVpx8skquk_Zn5LVOb/s320-rw/bluemaho+screenshot.jpg" title="bluemaho screenshot" width="320" /></a></div> <div style="text-align: justify;"> <b>BlueMaho</b> is GUI-shell (interface) for suite of <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> for <i>testing security of bluetooth devices</i>. It is freeware, opensource, written on <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a>, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do - testing to find unknown vulns. Also it can form nice statistics. </div> <h3 id="head-679ba20470ace2c0c9be33f0c0f8dc38db4b8bae" style="text-align: justify;"> What it can do? (features)</h3> <div style="text-align: justify;"> <span class="anchor" id="line-18"></span></div> <ul style="text-align: justify;"> <li><a href="http://www.toolwar.com/search/label/Scanner" target="_blank">Scan</a> for devices, show advanced info, SDP records, vendor etc <span class="anchor" id="line-19"></span></li> <li>Track devices - show where and how much times device was seen, its name changes <span class="anchor" id="line-20"></span></li> <li>loop scan - it can scan all time, showing you online devices <span class="anchor" id="line-21"></span></li> <li>alerts with sound if new device found <span class="anchor" id="line-22"></span></li> <li>on_new_device - you can spacify what command should it run when it founds new device <span class="anchor" id="line-23"></span></li> <li>it can use separate dongles - one for scaning (loop scan) and one for running tools or exploits <span class="anchor" id="line-24"></span></li> <li>send files <span class="anchor" id="line-25"></span></li> <li>change name, class, mode, BD_ADDR of local HCI devices <span class="anchor" id="line-26"></span></li> <li>save results in database <span class="anchor" id="line-27"></span></li> <li>form nice statistics (uniq devices by day/hour, vendors, services etc) <span class="anchor" id="line-28"></span></li> <li>test remote device for known vulnerabilities (see <a href="http://www.toolwar.com/search/label/Exploitation" target="_blank">exploits</a> for more details) <span class="anchor" id="line-29"></span></li> <li>test remote device for unknown vulnerabilities (see tools for more details) <span class="anchor" id="line-30"></span></li> <li>themes! you can customize it <span class="anchor" id="line-31"></span><span class="anchor" id="line-32"></span></li> </ul> <div class="line867" style="text-align: justify;"> </div> <h3 id="head-be34a21c5d08001e482450faeb1c54cf3a8d0fab" style="text-align: justify;"> What tools and exploits it consist of?</h3> <div style="text-align: justify;"> <span class="anchor" id="line-33"></span></div> <ul style="text-align: justify;"> <li style="list-style-type: none;"><b>Tools: </b><span class="anchor" id="line-34"></span></li> <li>atshell.c by Bastian Ballmann (modified attest.c by Marcel Holtmann) <span class="anchor" id="line-35"></span></li> <li>bccmd by Marcel Holtmann <span class="anchor" id="line-36"></span></li> <li>bdaddr.c by Marcel Holtmann <span class="anchor" id="line-37"></span></li> <li>bluetracker.py by smiley <span class="anchor" id="line-38"></span></li> <li>carwhisperer v0.2 by Martin Herfurt <span class="anchor" id="line-39"></span></li> <li>psm_scan and rfcomm_scan from bt_audit-0.1.1 by Collin R. Mulliner <span class="anchor" id="line-40"></span></li> <li>BSS (Bluetooth Stack Smasher) v0.8 by Pierre Betouin <span class="anchor" id="line-41"></span></li> <li>btftp v0.1 by Marcel Holtmann <span class="anchor" id="line-42"></span></li> <li>btobex v0.1 by Marcel Holtmann <span class="anchor" id="line-43"></span></li> <li>greenplaque v1.5 by digitalmunition.com <span class="anchor" id="line-44"></span></li> <li>L2CAP packetgenerator by Bastian Ballmann <span class="anchor" id="line-45"></span></li> <li>obex stress tests 0.1 <span class="anchor" id="line-46"></span></li> <li>redfang v2.50 by Ollie Whitehouse <span class="anchor" id="line-47"></span></li> <li>ussp-push v0.10 by Davide Libenzi <span class="anchor" id="line-48"></span><span class="anchor" id="line-49"></span></li> <li class="gap" style="list-style-type: none;">exploits/attacks: <span class="anchor" id="line-50"></span></li> <li>Bluebugger v0.1 by Martin J. Muench <span class="anchor" id="line-51"></span></li> <li>bluePIMp by Kevin Finisterre <span class="anchor" id="line-52"></span></li> <li>BlueZ hcidump v1.29 DoS PoC by Pierre Betouin <span class="anchor" id="line-53"></span></li> <li>helomoto by Adam Laurie <span class="anchor" id="line-54"></span></li> <li>hidattack v0.1 by Collin R. Mulliner <span class="anchor" id="line-55"></span></li> <li>Mode 3 abuse attack <span class="anchor" id="line-56"></span></li> <li>Nokia N70 l2cap packet DoS PoC Pierre Betouin <span class="anchor" id="line-57"></span></li> <li>opush abuse (prompts flood) DoS attack <span class="anchor" id="line-58"></span></li> <li>Sony-Ericsson reset display PoC by Pierre Betouin <span class="anchor" id="line-59"></span><span class="anchor" id="line-60"></span></li> <li class="gap" style="list-style-type: none;">you can add your own tools by editing 'exploits/exploits.lst' and 'tools/tools.lst' <span class="anchor" id="line-61"></span><span class="anchor" id="line-62"></span></li> </ul> <div class="line867" style="text-align: justify;"> </div> <h3 id="head-e627522f4fdfdbf663d44878db163eb1f1439774" style="text-align: justify;"> Requirements</h3> <div style="text-align: justify;"> <span class="anchor" id="line-63"></span></div> <ul style="text-align: justify;"> <li>OS (tested with Debian 4.0 Etch / 2.6.18) <span class="anchor" id="line-64"></span></li> <li><div class="line862"> <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a> (python 2.4 http://www.python.org) <span class="anchor" id="line-65"></span></div> </li> <li><div class="line862"> wxPython (python-wxgtk2.6 http://www.wxpython.org) <span class="anchor" id="line-66"></span></div> </li> <li><div class="line862"> BlueZ (3.9/3.24) http://www.bluez.org <span class="anchor" id="line-67"></span></div> </li> <li>Eterm to open tools somewhere, you can set another term in 'config/defaul.conf' changing the value of 'cmd_term' variable. (tested with 1.1 ver) <span class="anchor" id="line-68"></span></li> <li>pkg-config(0.21), 'tee' used in tools/showmaxlocaldevinfo.sh, openobex, obexftp <span class="anchor" id="line-69"></span></li> <li>libopenobex1 + libopenobex-dev (needed by ussp-push) <span class="anchor" id="line-70"></span></li> <li>libxml2, libxml2-dev (needed by btftp) <span class="anchor" id="line-71"></span></li> <li>libusb-dev (needed by bccmd) <span class="anchor" id="line-72"></span></li> <li>libreadline5-dev (needed by atshell.c) <span class="anchor" id="line-73"></span></li> <li>lightblue-0.3.3 (needed by obexstress.py) <span class="anchor" id="line-74"></span></li> <li>hardware: any bluez compatible bluetooth-device <span class="anchor" id="line-75"></span><span class="anchor" id="line-76"></span></li> </ul> <div class="line867" style="text-align: justify;"> </div> <h3 id="head-24caaa99fac9202edff5973b243c88b76a030b49" style="text-align: justify;"> Configuration</h3> <div style="text-align: justify;"> <span class="anchor" id="line-77"></span></div> <ol style="text-align: justify;" type="1"> <li>all configuration is in 'config' dir. <span class="anchor" id="line-78"></span></li> <li>for using bluemaho propertly you need to build tools and exploits. check if you satisfy 'requirements' for bluemaho. then run 'build.sh'. if you see 'Building complete!' message, than all went OK. if not - try to play around requirements. <span class="anchor" id="line-79"></span></li> <li>'default.conf' is a default configuration file, you can edit it if you need to change some options, path to files and commands used by bluemaho, theme etc. by default you don't need to change it if you do all from 'requirements' chapter. but, please, view it, for example just for setting 'user_location' variable for defining you location, which will be used for tracking function. <span class="anchor" id="line-80"></span></li> <li>'themes' - directory with themes for bluemaho GUI. You can set path to default theme with 'theme' variable in 'default.conf' <span class="anchor" id="line-81"></span><span class="anchor" id="line-82"></span></li> </ol> <div class="line867" style="text-align: justify;"> </div> <h3 id="head-2670038111a3c9008f5b357412c4e536fda3337a" style="text-align: justify;"> Run and use</h3> <div style="text-align: justify;"> <span class="anchor" id="line-83"></span><br /> <div class="line862"> you can run <b>BlueMaho</b> typing in console 'bluemaho.py'. For verbose output in console (and redirecting std_err and std_out) run 'bluemaho.py -v'. it saves founded devices to 'bluemaho.log' by default, you can change it in 'config/defaul.conf'. <span class="anchor" id="line-84"></span>enjoy! </div> <h3 class="line862"> Download ::</h3> <div class="line862"> <b>Linux :: </b> <a href="https://wiki.thc.org/BlueMaho?action=AttachFile&do=get&target=bluemaho_v090417.tgz" target="_blank">BlueMaho.tgz</a></div> <div class="line862"> <br /></div> <h3 class="line862"> Tutorial ::</h3> <div class="line862"> Text :: <a class="external text" href="http://www.digitalmunition.com/DMA%5B2005-1214a%5D.txt" rel="nofollow">Bluetooth for Windows Remote Audio Eavesdropping</a></div> </div>

BlueMaho (Bluetooth Devices Security Testing) :: Tools

BlueMaho is GUI-shell (interface) for suite of tools for testing security of bluetooth devices . It is freeware, opensource, written ...

Read more »

Social Engineering Toolkit (SET) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Social-Engineering-Toolkit Logo" border="0" height="203" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZp5OAjBJvIyr5zI3tkhYhzWyUadCCpXmfibfXqc_q0jgKSbkicYCNzA91NhgcYEyKkp2mjzZCDl-toVTu6AEL96HjxPEnEHhMAHpZfVw79c4kmp13o5fXXigNVPUL_aBkNQUqsT7-aH5u/s400-rw/SET+Logo.jpg" title="Social-Engineering-Toolkit Logo" width="400" /></div> <div style="text-align: justify;"> The <b>Social-Engineer Toolkit (SET)</b> was created and written by the founder of <b>TrustedSec</b>. It is an open-source Python-driven tool aimed at <b>penetration testing around Social-Engineering.</b> SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two million downloads, SET is the standard for social-engineering penetration tests and supported heavily within the security community. </div> <div style="text-align: justify;"> <b>The Social-Engineer Toolkit</b> has over 2 million downloads and is aimed at leveraging advanced technological attacks in a social-engineering type environment. TrustedSec believes that social-engineering is one of the hardest attacks to protect against and now one of the most prevalent. The toolkit has been featured in a number of books including the number one best seller in security books for 9 months since its release,“Metasploit: The Penetrations Testers Guide” written by TrustedSec’s founder as well as Devon Kearns, Jim O’Gorman, and Mati Aharoni.</div> <div style="text-align: justify;"> <b>SET</b> is included in the latest version of the most popular Linux distribution focused on security, Back|Track.  </div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Q9oDyd2yAFc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>For More Video Tutorial :: </b><a href="https://www.trustedsec.com/downloads/social-engineer-toolkit/" target="_blank">Click Here </a><b> </b><br /> <b>Download Here :: </b><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"><span class="crayon-e">git </span><span class="crayon-r">clone</span><span class="crayon-h"> </span><span class="crayon-i">https</span><span class="crayon-o">:</span><span class="crayon-c">//github.com/trustedsec/social-engineer-toolkit/ set/</span></span></span></div> <div class="crayon-pre" style="font-size: 12px !important; line-height: 15px !important;"> <div class="crayon-line" id="crayon-526c3fed2a2ac390979488-1"> </div> <div class="crayon-line" id="crayon-526c3fed2a2ac390979488-1"> </div> <div class="crayon-line" id="crayon-526c3fed2a2ac390979488-1"> </div> <div class="crayon-line" id="crayon-526c3fed2a2ac390979488-1"> </div> <div class="crayon-line" id="crayon-526c3fed2a2ac390979488-1"> <b><span class="crayon-c"></span></b><span class="crayon-c"><b><span style="font-size: small;">Official Website :: </span></b><span style="font-size: small;">https://www.trustedsec.com/</span><b> </b></span><span class="crayon-c"></span></div> </div> <div style="text-align: justify;"> </div> </div>

Social Engineering Toolkit (SET) :: Tools

The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec . It is an open-source Python-driven tool aimed...

Read more »

Kali Linux :: ToolWar

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Kali Linux :: ToolWar" border="0" height="219" loading="lazy" src="http://www.kali.org/wp-content/uploads/2013/03/kali-home-large-slider2.jpg" title="Kali Linux :: ToolWar" width="320" /></div> <br /> <div style="text-align: justify;"> <b>Kali Linux</b> is a newer version of BackTrack with additional tools. <b>Kali Linux</b> is a <b>Debian-derived Linux distribution</b> designed for forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. Mati Aharoni and Devon Kearns of Offensive Security developed it by rewriting BackTrack, their previous forensics Linux distribution.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <sup class="reference" id="cite_ref-1"></sup></div> <div style="text-align: justify;"> <a href="http://sdfa/" target="_blank"> </a></div> <div style="text-align: justify;"> Kali is preinstalled with numerous penetration-testing programs, including nmap (a port scanner), <i>Wireshark</i> (a packet analyzer), <i>John the Ripper</i> (a password cracker), and <i>Aircrack-ng</i> (a software suite for penetration-testing wireless LANs).<sup class="reference" id="cite_ref-arrives_2-0"></sup> Users may run <b>Kali Linux</b> from a hard disk, live CD, or live USB. It is a supported platform of the Metasploit Project's Metasploit Framework, a tool for developing and executing security exploits.<sup class="reference" id="cite_ref-arrives_2-1"></sup></div> <div style="text-align: justify;"> <a href="http://sdfa/" target="_blank"> </a></div> <div style="text-align: justify;"> <b>Kali Linux</b> is distributed in 32- and 64-bit images for use on hosts based on the x86 instruction set, as well as an image for the ARM architecture for use on the Raspberry Pi computer and on Samsung's ARM Chromebook.</div> <div style="text-align: justify;"> Kali is a complete re-build of BackTrack Linux, adhering completely to Debian development standards. All-new infrastructure has been put in place, all tools were reviewed and packaged, and we use Git for our VCS.</div> <ul style="text-align: justify;"> <li><b>More than 300 penetration testing tools:</b> After reviewing every tool that was included in BackTrack, we eliminated a great number of tools that either did not work or had other tools available that provided similar functionality.</li> <li><b>Free and always will be:</b> Kali Linux, like its predecessor, is completely free and always will be. You will never, ever have to pay for Kali Linux.</li> <li><b>Open source Git tree:</b> We are huge proponents of open source software and our development tree is available for all to see and all sources are available for those who wish to tweak and rebuild packages.</li> <li><b>FHS compliant:</b> Kali has been developed to adhere to the Filesystem Hierarchy Standard, allowing all Linux users to easily locate binaries, support files, libraries, etc.</li> <li><b>Vast wireless device support:</b> We have built Kali Linux to support as many wireless devices as we possibly can, allowing it to run properly on a wide variety of hardware and making it compatible with numerous USB and other wireless devices.</li> <li><b>Custom kernel patched for injection:</b> As penetration testers, the development team often needs to do wireless assessments so our kernel has the latest injection patches included.</li> <li><b>Secure development environment:</b> The Kali Linux team is made up of a small group of trusted individuals who can only commit packages and interact with the repositories while using multiple secure protocols.</li> <li><b>GPG signed packages and repos:</b> All Kali packages are signed by each individual developer when they are built and committed and the repositories subsequently sign the packages as well.</li> <li><b>Multi-language:</b> Although pentesting tools tend to be written in English, we have ensured that Kali has true multilingual support, allowing more users to operate in their native language and locate the tools they need for the job.</li> <li><b>Completely customizable:</b> We completely understand that not everyone will agree with our design decisions so we have made it as easy as possible for our more adventurous users to customize Kali Linux to their liking, all the way down to the kernel.</li> </ul> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/cLQ8Yd0C7sM?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: center;"> </div> <div style="text-align: left;"> <b>Download Here :: </b><a href="http://cdimage.kali.org/kali-images/kali-1.0.5/kali-linux-1.0.5-i386.iso" target="_blank">Kali Linux 1.0.5 32-bit ISO</a><b> </b></div> <div style="text-align: left;"> <b>Official Website :: </b> http://www.kali.org/</div> <div style="text-align: justify;"> </div> <sup class="reference" id="cite_ref-3"></sup> <sup class="reference" id="cite_ref-3"></sup></div>

Kali Linux :: ToolWar

Kali Linux is a newer version of BackTrack with additional tools. Kali Linux is a Debian-derived Linux distribution designed for for...

Read more »

Aircrack-ng 1.2 Beta :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: justify;"> </div> <div class="separator" style="clear: both; text-align: center;"> <img alt="Aircrack-ng logo" border="0" loading="lazy" src="http://www.aircrack-ng.org/resources/aircrack-ng-new-logo.jpg" title="Aircrack-ng logo" /></div> <div style="margin-left: 1em; margin-right: 1em; text-align: justify;"> <b>Aircrack-ng</b> is a free open source tool for cracking 802.11 WEP and WPA-PSK that can (crack the key through the enough data packets or weak IVs captured in a file. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, <b>Aircrack-ng </b>suite is a collection of tools for auditing wireless networks.</div> <div style="text-align: center;"> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/GLO9HGDwOY0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> </div> <div style="text-align: justify;"> <br /> <b>Download Here</b><b> :: </b><span style="color: #3d85c6;"><a href="http://download.aircrack-ng.org/aircrack-ng-1.2-beta1.tar.gz" target="_blank">Aircrack-NG (for Linux)</a> </span><br /> <span style="color: #3d85c6;"><a href="http://download.aircrack-ng.org/aircrack-ng-1.2-beta1-win.zip" target="_blank">Aircrack-NG (for Windows)</a></span></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Official Website  ::</b> http://www.aircrack-ng.org/</div> <div style="text-align: justify;"> </div> </div>

Aircrack-ng 1.2 Beta :: Tools

Aircrack-ng is a free open source tool for cracking 802.11 WEP and WPA-PSK that can (crack the key through the enough data packets o...

Read more »

Metasploit Framework

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Metasploit Framework" border="0" height="210" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRSOyPh20yguq6DjZOgkEcBHC8wQ_Io1QDFE0-kXz-N9y7eoKn8qmNGwMSzoLNGU14xryBBHoTyJIlzutFs5ok3tgblKnFB2yXitsliLOPa4eGDX0ubGavMFLynPT0JKFv4f_tnTkl8Hdn/s320-rw/metasploit-framework-toolwar.png" title="Metasploit Framework" width="320" /></div> <div style="text-align: justify;"> <b>Metasploit Framework</b> is a most usable framework for exploiting network or servers. <b>Metasploit</b> <b>Framework</b> took the security world by storm when it was released in 2004. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the <b>Metasploit Framework</b> as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their list of modules. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. One free extra is <i>Metasploitable,</i> an intentionally insecure Linux virtual machine you can use for testing Metasploit and other exploitation tools without hitting live servers. </div> <div style="text-align: justify;"> <i><b>Metasploit</b></i> was completely free, but the project was acquired by Rapid7 in 2009 and it soon sprouted commercial variants. The Framework itself is still free and open source, but they now also offer a free-but-limited Community edition, a more advanced Express edition (<i>$3,000</i> per year per user), and a full-featured Pro edition (<i>$15,000</i> per user per year). Other paid exploitation tools to consider are Core Impact (more expensive) and Canvas (less). </div> <div style="text-align: justify;"> The Metasploit Framework now includes an official Java-based GUI and also Raphael Mudge's excellent Armitage. The Community, Express, and Pro editions have web-based GUIs.</div> <div style="text-align: justify;"> The <b>Metasploit Project</b> is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.<br /> Its best-known sub-project is the open source.<sup class="reference" id="cite_ref-bsdlicense_1-1"></sup> <b>Metasploit Framework</b>, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.<br /> The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework.<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/q0xkf1g2mbY?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: left;"> <br /> <b>Download Here</b><b> ::</b> <a href="http://www.rapid7.com/products/metasploit/metasploit-community-registration.jsp" target="_blank">Metasploit Community Eddition</a></div> <div style="text-align: left;"> <u><b>Official Website</b> </u>:: http://www.metasploit.com/</div> </div> </div>

Metasploit Framework

Metasploit Framework is a most usable framework for exploiting network or servers. Metasploit Framework took the security world by st...

Read more »