ToolWar | Information Security (InfoSec) Tools: Frameworks

Revealer Toolkit (Forensics) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<img alt="Computer Forensics" border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8e3p7c82cxcOtvuuFyaZfuwteN-5PuOGb4hjr_eqQM0XsdOx3B6JtMf0p2-3aV7hm2q1UkbKhCdPSeBde9jJsffYi7TsG-AJJ7pmNgOPo-OkvXlubRiq52JKd9tI0FQb1R6NnbPKhXF-V/s400/computer-forensics.jpg" title="Computer Forensics" width="400" /></div>
<div style="text-align: justify;">
<strong>Revealer Toolkit</strong> is a <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> and simple 
scripts for <b>computer forensics</b>. It uses Brian Carrier's <a href="http://www.toolwar.com/2014/01/the-sleuth-kit-tsk-forensics-framework.html" target="_blank">The Sleuth Kit</a> 
as the backbone, as well as other <a href="http://www.toolwar.com/search/label/Free" target="_blank">free tools</a>. </div>
<div style="text-align: justify;">
The aim of the <b>
Revealer Toolkit</b> is to automate rutinary tasks and to manage sources and
 results from another perspective than the usual forensic frameworks. It
 will be specially useful in cases with several computers and digitals 
forensic sources.  </div>
<div style="text-align: justify;">
RVT is developed and actively tested by computer <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensic</a> investigators working at EVIDENTIA  and INCIDE, spanish companies sited at the beautiful city of Barcelona.</div>
<h3 style="text-align: justify;">
Introduction to version 0.2.1</h3>
<div style="text-align: justify;">
The current state of the project can be described as a <i>proof of concept</i>,
 that is, RVT version 0.2 proofs that the objectives we are looking for 
are reachable, but further work is necessary in order to have a stable 
version. </div>
<div style="text-align: justify;">
Therefore, RVT v0.2 can be used to automate computer 
forensic tasks on a group of several digital forensic images, but the 
code is still buggy, some tasks have to be run manually, and the 
interface has to be improved.</div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Wiki :: </b><a href="http://code.google.com/p/revealertoolkit/w/list" target="_blank">Click Here </a><b><br /></b></div>
<div style="text-align: justify;">
<b>Revealer User Guide ::</b> <a href="http://revealertoolkit.googlecode.com/files/RVT-userGuide.pdf" target="_blank">Click Here</a> (.pdf)</div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Windows ::</b> <a href="http://revealertoolkit.googlecode.com/files/RVT_v0.2.1.zip" target="_blank">Revealer Toolkit 0.2.1 </a></div>
<div style="text-align: justify;">
<b>Source Website ::</b> <a href="http://code.google.com/p/revealertoolkit/" target="_blank">http://code.google.com/p/revealertoolkit/</a></div>

Revealer Toolkit (Forensics) :: Framework

Revealer Toolkit is a framework and simple scripts for computer forensics . It uses Brian Carrier's The Sleuth Kit as the backbo...

Xenotix XSS Exploit Framework v4.5 :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.owasp.org/images/9/98/Xenotix.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Xenotix XSS Framework" border="0" height="237" src="https://www.owasp.org/images/9/98/Xenotix.png" title="Xenotix XSS Framework" width="400" /></a></div>
<div style="text-align: justify;">
<b>OWASP Xenotix XSS Exploit Framework</b> is an advanced <a href="http://www.toolwar.com/search/label/XSS" target="_blank">Cross Site  Scripting (XSS)</a> vulnerability detection and exploitation <a href="http://www.toolwar.com/search/label/Framework" target="_blank">framework</a>. It  provides Zero False Positive scan results with its unique Triple Browser  Engine (Trident, WebKit, and Gecko) embedded <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner.</a> It is claimed to  have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS  Payloads for effective XSS vulnerability detection and WAF Bypass. It  is incorporated with a feature rich <a href="http://www.toolwar.com/search/label/Information-Gathering" target="_blank">Information Gathering</a> module for  target Reconnaissance. The Exploit Framework includes highly offensive  XSS <a href="http://www.toolwar.com/search/label/Exploitation" target="_blank">exploitation</a> modules for <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">Penetration</a> Testing and Proof of Concept  creation. </div>
<div style="text-align: justify;">
<div style="border: none; color: black; font-size: 120%; margin: 0;">
<br />
<span style="font-size: small;"><b>SCANNER MODULES</b></span>
<br />
<span style="font-size: small;">
</span><ul>
<li><span style="font-size: small;">Manual Mode Scanner
</span></li>
<li><span style="font-size: small;">Auto Mode Scanner
</span></li>
<li><span style="font-size: small;">DOM Scanner
</span></li>
<li><span style="font-size: small;">Multiple Parameter Scanner
</span></li>
<li><span style="font-size: small;">POST Request Scanner
</span></li>
<li><span style="font-size: small;">Header Scanner
</span></li>
<li><span style="font-size: small;">Fuzzer
</span></li>
<li><span style="font-size: small;">Hidden Parameter Detector
</span></li>
</ul>
<span style="font-size: small;">
</span><span style="font-size: small;"><b>INFORMATION GATHERING MODULES</b></span>
<br />
<span style="font-size: small;">
</span><ul>
<li><span style="font-size: small;">WAF Fingerprinting
</span></li>
<li><span style="font-size: small;">Victim Fingerprinting
</span></li>
<li><span style="font-size: small;">Browser Fingerprinting
</span></li>
<li><span style="font-size: small;">Browser Features Detector
</span></li>
<li><span style="font-size: small;">Ping Scan
</span></li>
<li><span style="font-size: small;">Port Scan
</span></li>
<li><span style="font-size: small;">Internal Network Scan
</span></li>
</ul>
<span style="font-size: small;">
</span><span style="font-size: small;"><b>EXPLOITATION MODULES</b></span>
<br />
<span style="font-size: small;">
</span><ul>
<li><span style="font-size: small;">Send Message
</span></li>
<li><span style="font-size: small;">Cookie Thief
</span></li>
<li><span style="font-size: small;">Phisher
</span></li>
<li><span style="font-size: small;">Tabnabbing
</span></li>
<li><span style="font-size: small;">Keylogger
</span></li>
<li><span style="font-size: small;">HTML5 DDoSer
</span></li>
<li><span style="font-size: small;">Load File
</span></li>
<li><span style="font-size: small;">Executable Drive By
</span></li>
<li><span style="font-size: small;">JavaScript Shell
</span></li>
<li><span style="font-size: small;">Reverse HTTP WebShell
</span></li>
<li><span style="font-size: small;">Drive-By Reverse Shell
</span></li>
<li><span style="font-size: small;">Metasploit Browser Exploit
</span></li>
<li><span style="font-size: small;">Firefox Reverse Shell Addon (Persistent)
</span></li>
<li><span style="font-size: small;">Firefox Session Stealer Addon (Persistent)
</span></li>
<li><span style="font-size: small;">Firefox Keylogger Addon (Persistent)
</span></li>
<li><span style="font-size: small;">Firefox DDoSer Addon (Persistent)
</span></li>
<li><span style="font-size: small;">Firefox Linux Credential File Stealer Addon (Persistent)
</span></li>
<li><span style="font-size: small;">Firefox Download and Execute Addon (Persistent)
</span></li>
</ul>
<span style="font-size: small;">
</span><span style="font-size: small;"><b>UTILITY MODULES</b></span>
<br />
<span style="font-size: small;">
</span><ul>
<li><span style="font-size: small;">WebKit Developer Tools
</span></li>
<li><span style="font-size: small;">Payload Encoder
</span></li>
<li><span style="font-size: small;">JavaScript Beautify
</span></li>
<li><span style="font-size: small;">Hash Calculator
</span></li>
<li><span style="font-size: small;">Hash Detector
</span></li>
</ul>
</div>
<h3>
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/dCo5BCJWOdA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
Download ::</h3>
<b>Windows :: </b><span style="color: #3d85c6;"><span style="background-color: white;"><a href="http://opensecurity.in/downloads/Xenotix_XSS_Exploit_Framework_v4.5.rarhttp://opensecurity.in/downloads/Xenotix_XSS_Exploit_Framework_v4.5.rar" target="_blank">OWASP Xenotix v4.5</a> </span></span></div>
<div style="text-align: justify;">
<b>Official Websites :: </b>http://www.owasp.org/</div>
</div>

Xenotix XSS Exploit Framework v4.5 :: Framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework . It...

Bizploit (ERP Penetration Testing) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<img alt="onapsis logo" border="0" height="157" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEin6I42nzkLY76YbK6quX_PVYjdXrZ8ZpxDui0742p564fJp9gziwUTmwc3CRFGoTz5et3sDfyb3dBOMb7o0I9stsuh20N8o7GqsAhA_mdKp5AO_osq2EkqNGSDHp9JvasUAXoL_9P3L4Ce/s400/onapsis+logo.png" title="onapsis logo" width="400" /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="text-align: justify;">
<b>Bizploit</b> is the first Opensource <i>ERP Penetration Testing framework</i>. 
Developed by the <b>Onapsis Research Labs,</b> <b>Bizploit</b> assists security 
professionals in the discovery, exploration, vulnerability assessment 
and exploitation phases of specialized <b>ERP Penetration Tests</b>.<br />
Currently, <b>Bizploit</b> is shipped with many plugins to assess the security 
of SAP business platforms. Plugins for other popular ERPs will be 
included in the short term.</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorials :: </h3>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a class="download" href="http://www.onapsis.com/get.php?resid=bizploit-linux-1-5">Bizploit v1.50-rc1</a></div>
<div style="text-align: justify;">
<b>Windows ::</b> <a class="download" href="http://www.onapsis.com/get.php?resid=bizploit-win32-1-5">Bizploit v1.50-rc1</a><br />
<b>Official Website :: </b><a href="http://www.onapsis.com/">http://www.onapsis.com</a>/</div>

Bizploit (ERP Penetration Testing) :: Framework

Bizploit is the first Opensource ERP Penetration Testing framework . Developed by the Onapsis Research Labs, Bizploit assists secur...

DVWA (Damn Vulnerable Web Application) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6lDm7-Ac-rSmIX0YYaz1CD7DrJi4lxkPqEbHy1wd3ZlxeWqM20xjQXp8T9E5nT1CDbMuyH4AGydtLIqMTwMKyQ_aHiKCwQDdUYZjvXHUR36d_Axi8Fxb1iAFQfaMoXTPwxnu2yp6flOqQ/s1600/Screenshot-Damn+Vulnerable+Web+App+(DVWA).png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Screenshot-Damn Vulnerable Web App (DVWA)" border="0" height="280" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6lDm7-Ac-rSmIX0YYaz1CD7DrJi4lxkPqEbHy1wd3ZlxeWqM20xjQXp8T9E5nT1CDbMuyH4AGydtLIqMTwMKyQ_aHiKCwQDdUYZjvXHUR36d_Axi8Fxb1iAFQfaMoXTPwxnu2yp6flOqQ/s400/Screenshot-Damn+Vulnerable+Web+App+(DVWA).png" title="Screenshot-Damn Vulnerable Web App (DVWA)" width="400" /></a></div>
<div style="text-align: justify;">
<b>Damn Vulnerable Web App (DVWA)</b> is a <i>PHP/MySQL web application</i> that  is <i>damn vulnerable</i>. Its main goals are to be an aid for security  professionals to test their skills and tools in a legal environment,  help web developers better understand the processes of securing web  applications and aid teachers/students to teach/learn web application  security in a class room environment.</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/ywnVlyuP7SY?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe> </div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
 <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/B75FgRT2npc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Zip ::</b> <a href="https://github.com/RandomStorm/DVWA/archive/v1.0.8.zip" target="_blank">DVWA 1.0.8</a></div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://www.dvwa.co.uk/">http://www.dvwa.co.uk/</a></div>

DVWA (Damn Vulnerable Web Application) :: Framework

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable . Its main goals are to be an aid for security ...

SRDF - Security Research and Development Framework :: Framework

<div class="separator" style="clear: both; text-align: center;">
<img alt="SRDF - Security Research and Development Framework" border="0" height="312" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGnFfLl9tWVJH2zHKe7QLRdJ4tE1-4JAVwWqtOKo-ds-ItC_74qf8W7on7y6J8LHN7QOoORnyUYL9kjj92u8pROLRqs2-pzuPS2_fdPhfbbIAtfarXwCUSP_srtZSZgrFQ8NKSyvpKJCAy/s640/SRDF+Logo.jpg" title="SRDF - Security Research and Development Framework" width="640" /></div>
<div style="text-align: justify;">
<b>SRDF - Security Research and Development Framework</b> is a free open source <i>Development Framework</i> created to support <i>
writing security tools and malware analysis tools</i>. And to convert the 
security researches and ideas from the theoretical approach to the 
practical implementation.  </div>
<div style="text-align: justify;">
This development framework created 
mainly to support the malware field to create malware analysis tools and
 anti-virus tools easily without reinventing the wheel and inspire the 
innovative minds to write their researches on this field and implement 
them using SRDF. </div>
<h3 style="text-align: justify;">
<span style="font-size: large;"><b>Introduction:</b></span> </h3>
<div style="text-align: justify;">
In the 
last several years, the malware black market grows widely. The 
statistics shows that the number of new viruses increased from 300,000 
viruses to millions and millions nowadays. </div>
<div style="text-align: justify;">
The complexity of malware attacks also increased from small amateur viruses to stuxnet, duqu and flame. </div>
<div style="text-align: justify;">
The
 malware field is searching for new technologies and researches, 
searching for united community can withstand against these attacks. And 
that’s why SRDF </div>
<div style="text-align: justify;">
The SRDF is not and will not be developed by one 
person or a team. It will be developed by a big community tries to share
 their knowledge and tools inside this Framework </div>
<div style="text-align: justify;">
SRDF still not 
finished … and it will not be finished as it’s a community based 
framework developed by the contributors. We just begin the idea. </div>
<div style="text-align: justify;">
The SRDF is divided into 2 parts: User-Mode and Kernel-Mode. And we will describe each one in the next section. </div>
<h3 style="text-align: justify;">
<span style="font-size: large;"><b>The Features:</b></span> </h3>
<div style="text-align: justify;">
Before
 talking about SRDF Design and structure, I want to give you what you 
will gain from SRDF and what it could add to your project. </div>
<div style="text-align: justify;">
In User-Mode part, SRDF gives you many helpful tools … and they are: </div>
<ul style="text-align: justify;">
<li>Assembler and Disassembler </li>
</ul>
<ul style="text-align: justify;">
<li>x86 Emulator </li>
</ul>
<ul style="text-align: justify;">
<li>Debugger </li>
</ul>
<ul style="text-align: justify;">
<li>PE Analyzer </li>
</ul>
<ul style="text-align: justify;">
<li>Process Analyzer (Loaded DLLs, Memory Maps … etc) </li>
</ul>
<ul style="text-align: justify;">
<li>MD5, SSDeep and Wildlist Scanner (YARA) </li>
</ul>
<ul style="text-align: justify;">
<li>API Hooker and Process Injection </li>
</ul>
<ul style="text-align: justify;">
<li>Backend Database, XML Serializer </li>
</ul>
<ul style="text-align: justify;">
<li>And many more </li>
</ul>
<div style="text-align: justify;">
In
 the Kernel-Mode part, it tries to make it easy to write your own filter
 device driver (not with WDF and callbacks) and gives an easy, object 
oriented (as much as we can) development framework with these features: </div>
<ul style="text-align: justify;">
<li>Object-oriented and easy to use development framework </li>
</ul>
<ul style="text-align: justify;">
<li>Easy IRP dispatching mechanism </li>
</ul>
<ul style="text-align: justify;">
<li>SSDT Hooker </li>
</ul>
<ul style="text-align: justify;">
<li>Layered Devices Filtering </li>
</ul>
<ul style="text-align: justify;">
<li>TDI Firewall </li>
</ul>
<ul style="text-align: justify;">
<li>File and Registry Manager </li>
</ul>
<ul style="text-align: justify;">
<li>Kernel Mode easy to use internet sockets </li>
</ul>
<ul style="text-align: justify;">
<li>Filesystem Filter </li>
</ul>
<div style="text-align: justify;">
Still the Kernel-Mode in progress and many features will be added in the near future. </div>
<h3 style="text-align: justify;">
Download ::  </h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://srdf.googlecode.com/files/SRDF-v1.00.rar" target="_blank">SRDF v1.0</a></div>
<div style="text-align: justify;">
<b>Help & Official Website :: </b>https://www.owasp.org/</div>

SRDF - Security Research and Development Framework :: Framework

SRDF - Security Research and Development Framework is a free open source Development Framework created to support writing security too...

Social Engineering Toolkit (SET) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="Social-Engineering-Toolkit Logo" border="0" height="203" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZp5OAjBJvIyr5zI3tkhYhzWyUadCCpXmfibfXqc_q0jgKSbkicYCNzA91NhgcYEyKkp2mjzZCDl-toVTu6AEL96HjxPEnEHhMAHpZfVw79c4kmp13o5fXXigNVPUL_aBkNQUqsT7-aH5u/s400/SET+Logo.jpg" title="Social-Engineering-Toolkit Logo" width="400" /></div>
<div style="text-align: justify;">
The <b>Social-Engineer Toolkit (SET)</b> was created and written by the  founder of <b>TrustedSec</b>. It is an open-source Python-driven tool aimed at  <b>penetration testing around Social-Engineering.</b> SET has been presented at  large-scale conferences including Blackhat, DerbyCon, Defcon, and  ShmooCon. With over two million downloads, SET is the standard for  social-engineering penetration tests and supported heavily within the  security community. </div>
<div style="text-align: justify;">
<b>The Social-Engineer Toolkit</b> has over 2 million downloads and is aimed  at leveraging advanced technological attacks in a social-engineering  type environment. TrustedSec believes that social-engineering is one of  the hardest attacks to protect against and now one of the most  prevalent. The toolkit has been featured in a number of books including  the number one best seller in security books for 9 months since its  release,“Metasploit: The Penetrations Testers Guide” written by TrustedSec’s founder as well as Devon Kearns, Jim O’Gorman, and Mati Aharoni.</div>
<div style="text-align: justify;">
<b>SET</b> is included in the latest version of the most popular Linux  distribution focused on security, Back|Track.  </div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Q9oDyd2yAFc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br />
<b>For More Video Tutorial :: </b><a href="https://www.trustedsec.com/downloads/social-engineer-toolkit/" target="_blank">Click Here </a><b> </b><br />
<b>Download Here :: </b><span style="font-size: x-small;"><span style="font-family: "Courier New",Courier,monospace;"><span class="crayon-e">git </span><span class="crayon-r">clone</span><span class="crayon-h"> </span><span class="crayon-i">https</span><span class="crayon-o">:</span><span class="crayon-c">//github.com/trustedsec/social-engineer-toolkit/ set/</span></span></span></div>
<div class="crayon-pre" style="font-size: 12px !important; line-height: 15px !important;">
<div class="crayon-line" id="crayon-526c3fed2a2ac390979488-1">
</div>
<div class="crayon-line" id="crayon-526c3fed2a2ac390979488-1">
</div>
<div class="crayon-line" id="crayon-526c3fed2a2ac390979488-1">
</div>
<div class="crayon-line" id="crayon-526c3fed2a2ac390979488-1">
</div>
<div class="crayon-line" id="crayon-526c3fed2a2ac390979488-1">
<b><span class="crayon-c"></span></b><span class="crayon-c"><b><span style="font-size: small;">Official Website :: </span></b><span style="font-size: small;">https://www.trustedsec.com/</span><b> </b></span><span class="crayon-c"></span></div>
</div>
<div style="text-align: justify;">
</div>
</div>

Social Engineering Toolkit (SET) :: Tools

The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec . It is an open-source Python-driven tool aimed...

Metasploit Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="Metasploit Framework" border="0" height="210" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRSOyPh20yguq6DjZOgkEcBHC8wQ_Io1QDFE0-kXz-N9y7eoKn8qmNGwMSzoLNGU14xryBBHoTyJIlzutFs5ok3tgblKnFB2yXitsliLOPa4eGDX0ubGavMFLynPT0JKFv4f_tnTkl8Hdn/s320/metasploit-framework-toolwar.png" title="Metasploit Framework" width="320" /></div>
<div style="text-align: justify;">
<b>Metasploit Framework</b> is a most usable framework for exploiting network or servers. <b>Metasploit</b> <b>Framework</b> took the security world by storm when it was released in  2004. It is an advanced open-source platform for developing, testing,  and using exploit code. The extensible model through which payloads,  encoders, no-op generators, and exploits can be integrated has made it  possible to use the <b>Metasploit Framework</b> as an outlet for cutting-edge  exploitation research. It ships with hundreds of exploits, as you can  see in their list of modules.  This makes writing your own exploits easier, and it certainly beats  scouring the darkest corners of the Internet for illicit shellcode of  dubious quality.  One free extra is <i>Metasploitable,</i>  an intentionally insecure Linux virtual machine you can use for testing  Metasploit and other exploitation tools without hitting live servers.  </div>
<div style="text-align: justify;">
<i><b>Metasploit</b></i> was completely free, but the project was acquired by Rapid7  in 2009 and it soon sprouted commercial variants.  The Framework itself  is still free and open source, but they now also offer a  free-but-limited Community edition, a more advanced Express edition  (<i>$3,000</i> per year per user), and a full-featured Pro edition (<i>$15,000</i> per  user per year).  Other paid exploitation tools to consider are Core Impact (more expensive) and Canvas (less).  </div>
<div style="text-align: justify;">
The Metasploit Framework now includes an official Java-based GUI and also Raphael Mudge's excellent Armitage.  The Community, Express, and Pro editions have web-based GUIs.</div>
<div style="text-align: justify;">
The <b>Metasploit Project</b> is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.<br />
Its best-known sub-project is the open source.<sup class="reference" id="cite_ref-bsdlicense_1-1"></sup> <b>Metasploit Framework</b>, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.<br />
The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/q0xkf1g2mbY?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: left;">
<br />
<b>Download Here</b><b> ::</b> <a href="http://www.rapid7.com/products/metasploit/metasploit-community-registration.jsp" target="_blank">Metasploit Community Eddition</a></div>
<div style="text-align: left;">
<u><b>Official Website</b> </u>:: http://www.metasploit.com/</div>
</div>
</div>

Metasploit Framework

Metasploit Framework is a most usable framework for exploiting network or servers. Metasploit Framework took the security world by st...

OpenSCAP :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="openscap logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXQFj4zLeCW14YEVKoqD8MA3fWadKIZo-_UJ6_GUaXS8XEx85KgovsQNqIQM9VbWcOQV7B_waPPpDlc9txypQddRoEgzz-bnZoHLzIalEcR8xhVoDKoglRqmBHG6aSJZNh5NyrnFUrUOCe/s1600/open-scap-logo_small.png" title="openscap logo" /></div>
<div style="text-align: justify;">
The <b>OpenSCAP </b>Project is created to provide an open-source framework 
to the community which enables integration with the <i>Security Content 
Automation Protocol (SCAP) suite</i> of standards and capabilities. It is 
the goal of OpenSCAP to provide a simple, easy to use set of interfaces 
to serve as the framework for community use of SCAP.
</div>
<div style="text-align: justify;">
<b>SCAP </b>is a line of standards managed by NIST. It was created to 
provide a standardized approach to maintaining the security of 
enterprise systems, such as automatically verifying the presence of 
patches, checking system security configuration settings, and examining 
systems for signs of compromise. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Text Tutorial :: </b><a href="http://www.open-scap.org/page/Documentation" target="_blank">Click Here </a></div>
<div style="text-align: justify;">
<b>Download Here ::</b> <a href="http://www.open-scap.org/page/Download" target="_blank">Click Here</a></div>
<div style="text-align: justify;">
<b>Official Website :: </b>http://www.open-scap.org/page/Main_Page </div>
</div>

OpenSCAP :: Framework

The OpenSCAP Project is created to provide an open-source framework to the community which enables integration with the Security Conten...

AppUse (Android Penetest Platform Unified Standalone Environment) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="AppUse Logo Toolwar" border="0" height="83" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAGd8j-mE-M4Gmc0wQX2ZY7qpYdv95XXv4NpOzK9WLTHwYqqFV8nnfozdqxXwDM2PNNsHequwQfXkRNV_q-R9pGjLcTjhUeWZ0rqyhycnqLPeKsd_XvMc0gDSFoBWQA_Zfa-tNuu36nUjh/s320/AppUse+logo.png" title="AppUse Logo Toolwar" width="320" /></div>
<div style="text-align: justify;">
<span style="text-align: justify;"><b>AppUse</b> is a <i>Android Penetest Platform Unified Standalone Environment</i>. <b>AppSec Labs</b> recently developed the </span><b style="text-align: justify;">AppUse Virtual Machine</b><span style="text-align: justify;">. This system is a unique, </span><b style="text-align: justify;">free</b><span style="text-align: justify;">,  platform for mobile application security testing in the android  environment, and it includes unique custom-made tools created by AppSec  Labs.</span></div>
<div style="text-align: justify;">
The system is a blessing to security  teams, who from now on can easily perform security tests on Android  applications. It was created as a virtual machine targeted for  penetration testing teams who are interested in a convenient,  personalized platform for android application security testing, for  catching security problems and analysis of the application traffic.</div>
<div style="text-align: justify;">
Now, in order to test Android applications, all you will need is to download <b>AppUse Virtual Machine</b>, activate it, load your application and test it.</div>
<div style="text-align: justify;">
There is no need for installation of  simulators and testing tools, no need for SSL certificates of the proxy  software, everything comes straight out of the box pre-installed and  configured for an ideal user experience.</div>
<div style="text-align: justify;">
Security experts who have seen the  machine were very excited, calling it the next ‘BackTrack’ (a famous  system for testing security problems), specifically adjusted for android  application security testing.</div>
<div style="text-align: justify;">
<b>AppUse VM</b> closes gaps  in the world of security, now there is a special and customized testing  environment for android applications; an environment like this has not  been available until today, certainly not with the rich format offered  today by <b>AppUse VM</b>.</div>
<div style="text-align: justify;">
This machine is intended for the daily  use of security testers everywhere for Android applications, and is a  must-have tool for any security person.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="text-align: justify;"><b>Tutorial File :: </b><a href="https://appsec-labs.com/AppUse_guide" target="_blank">Click Here </a></span></div>
<div style="text-align: justify;">
<b><span style="text-align: justify;">Download Here :: </span></b><span style="text-align: justify;"><a href="http://sourceforge.net/projects/appuse-android-pentest/files/AppUse%201.6_release.rar/download" target="_blank">AppUse-1.6.rar</a></span><b><span style="text-align: justify;"><br />
</span></b></div>
<div style="text-align: justify;">
<span style="text-align: justify;"><b>Official Website :: </b>https://appsec-labs.com/ </span></div>
</div>

AppUse (Android Penetest Platform Unified Standalone Environment) :: Framework

AppUse is a Android Penetest Platform Unified Standalone Environment . AppSec Labs recently developed the AppUse Virtual Machine . Thi...

ReFrameworker :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoFnuAWV-aVgL3wC50yN4F7GTHTD8Tef37-UNLYiFkWuY2DrdUN4uwjtJp3QTQBTH22ELF59dCN8zgJ7lkNFEtWfkQ0judpnIw7w4W2E3QqWMy0eOW59qoSXpMVVffNuWtRgZi0yLKlM9w/s1600/ReFrameworker+logo+toolwar.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="reframeworker logo toolwar" border="0" height="215" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoFnuAWV-aVgL3wC50yN4F7GTHTD8Tef37-UNLYiFkWuY2DrdUN4uwjtJp3QTQBTH22ELF59dCN8zgJ7lkNFEtWfkQ0judpnIw7w4W2E3QqWMy0eOW59qoSXpMVVffNuWtRgZi0yLKlM9w/s320/ReFrameworker+logo+toolwar.jpg" title="reframeworker logo toolwar" width="320" /></a></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;"><span style="text-align: justify;"><b>ReFrameworker</b>
 is a general purpose <i>Framework modifier</i>, used to <i>reconstruct framework 
Runtimes</i> by creating modified versions from the original implementation 
that was provided by the framework vendor. ReFrameworker performs the 
required steps of runtime manipulation by tampering with the binaries 
containing the framework's classes, in order to produce modified 
binaries that can replace the original ones. It was developed to 
experiment with and demonstrate deployment of MCR (Managed Code 
Rootkits) code into a given framework. Among its features: - Performs 
all the required steps needed for modifying framework binaries 
(disassemble, code injection, reassemble, precompiled images cleaning, 
etc.) - Fast development and deployment of a modified behavior into a 
given framework - Auto generated deployers - Modules: a separation 
between general purpose "building blocks" that can be injected into any 
given binary, allowing the users to create small pieces of code that can
 be later combined to form a specific injection task. - Can be easily 
adapted to support multiple frameworks by minimal configuration 
(currently comes preconfigured for the .NET framework) - Comes with many
 "preconfigured" proof-of-concept attacks (implemented as modules) that 
demonstrate its usage that can be easily extended to perform many other 
things. ReFrameworker, as a general purpose framework modification tool,
 can be used in other contexts besides security such as customizing 
frameworks for performance tuning, Runtime tweaking, virtual patching, 
hardening, and probably other usages - It all depends on what it is 
instructed to do.</span></span></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;"><span style="text-align: justify;"><br /></span></span></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;"><span style="text-align: justify;"><b>Tutorial File ::</b> <a href="https://appsec-labs.com/system/files/Managed%20Code%20Rootkits%20presentation%20%28SOURCE%202010%29.pdf" target="_blank">Click Here</a></span></span></span></div>
<div style="text-align: justify;">
<b><span style="font-family: inherit;"><span style="font-size: small;"><span style="text-align: justify;">Download Here :: </span></span></span></b><span style="font-family: inherit;"><span style="font-size: small;"><span style="text-align: justify;"><a href="https://appsec-labs.com/system/files/ReFrameworker_V1.1.zip" target="_blank">ReFrameworker v1.1.zip</a>  <b>(</b>Windows)<b> </b></span></span></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;"><span style="text-align: justify;"><b>Official Website :: </b>https://appsec-labs.com/ </span></span></span></div>
</div>

ReFrameworker :: Framework

ReFrameworker is a general purpose Framework modifier , used to reconstruct framework Runtimes by creating modified versions from th...

OWASP Bricks (Web Application Security Learning Platform) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="owasp bricks logo toolwar" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxsW3jxRxCdfOllufBaZ0_uBwcmN-L7j2Fru8xOc1lTFeRLUMkcvyN_lnUYOrjG-Cv-Kr7b_qYk_j1a9LcRAikKyTgFkdJ9FQiNFFmJxMlrHdzndXtyTN6QhxPsCgBWGFX6oyy1lcxLLeR/s200/owasp+bricks+logo+toolwar.png" title="owasp bricks logo toolwar" width="199" /></div>
<div style="text-align: justify;">
<b>OWASP Bricks</b> is a <i>Web application security learning platform</i> built on PHP and MySQL. <b>Bricks</b> is a deliberately vulnerable web application built on PHP and MySQL. The project focuses on variations of commonly seen application security vulnerabilities and exploits. Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br />
<br />
<b>Bricks</b> is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.<br />
<br />
<b>Bricks</b> is a completely free and open source project brought to you by OWASP. The complete documentation and instruction videos can also be accessed or downloaded for free. Bricks are classified into three different sections: login pages, file upload pages and content pages.</div>
<b></b><br />
<b></b><br />
<b></b><br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/j5I0wPvQxTg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/mCo6ajvBv50?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<br />
<b>D</b><b>ownload Here :: </b><a href="http://sourceforge.net/projects/owaspbricks/files/Atrai%20-%201.8/OWASP%20Bricks%20-%20Atrai.zip/download" target="_blank">OWASP Bricks v1.8</a><br />
<b>Official Website :: </b>http://sechow.com/<b><br /></b></div>

OWASP Bricks (Web Application Security Learning Platform) :: Framework

OWASP Bricks is a Web application security learning platform built on PHP and MySQL. Bricks is a deliberately vulnerable web applicat...

WebSploit (Social Engineering) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="websploit toolwar" border="0" height="168" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEje9oakw4MwuEK6iy3HIek2xj5mb_LsZOay9_XMRBRyU35SQN-xtsA4v-gwp4fWeo1cV1b8_dEqn9HhojRyIDzb7nJoYNan32e9z42TsFIncTz5P9HCekjl9StYeAHMUqCPD7VGIrOiOAZI/s200/websploit+toolwar.png" title="websploit toolwar" width="200" /></div>
<div style="text-align: justify;">
<b>WebSploit</b> is a <b>Framework</b> for Social Engineering Works, Scan, Crawler & Analysis Web, Automatic Exploiter, Network Attacks and done a lot things.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service</div>
<div style="text-align: justify;">
[+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin</div>
<div style="text-align: justify;">
[+]format infector - inject reverse & bind payload into file format</div>
<div style="text-align: justify;">
[+]phpmyadmin Scanner</div>
<div style="text-align: justify;">
[+]LFI Bypasser</div>
<div style="text-align: justify;">
[+]Apache Users Scanner</div>
<div style="text-align: justify;">
[+]Dir Bruter </div>
<div style="text-align: justify;">
[+]admin finder </div>
<div style="text-align: justify;">
[+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks</div>
<div style="text-align: justify;">
[+]MITM - Man In The Middle Attack</div>
<div style="text-align: justify;">
[+]Java Applet Attack</div>
<div style="text-align: justify;">
[+]MFOD Attack Vector </div>
<div style="text-align: justify;">
[+]USB Infection Attack </div>
<div style="text-align: justify;">
[+]ARP Dos Attack</div>
<div style="text-align: justify;">
[+]Web Killer Attack</div>
<div style="text-align: justify;">
[+]Fake Update Attack</div>
<div style="text-align: justify;">
[+]Fake Access point Attack</div>
<div style="text-align: justify;">
[+]Wifi Honeypot</div>
<div style="text-align: justify;">
[+]Wifi Jammer</div>
<div style="text-align: justify;">
[+]Wifi Dos</div>
<div style="text-align: justify;">
[+]Bluetooth POD Attack</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/E80oxU4qH_k?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<br />
<b>Download Here :: </b><a href="http://sourceforge.net/projects/websploit/files/latest/download" target="_blank">WebSploit Framework v2.0.4</a> (for Linux)<br />
<b>Source ::</b> http://sourceforge.net/projects/websploit/</div>

WebSploit (Social Engineering) :: Framework

WebSploit is a Framework for Social Engineering Works, Scan, Crawler & Analysis Web, Automatic Exploiter, Network Attacks and done...

Owasp Mantra (Browser Based Web Security Framework) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="Owasp Mantra logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRrctdBWOhmYDQr246V7zjjW9kQoBxnS08108GujNouk7J1REEDUIjd6xdFgb7tlZvc9AGb1xJ1_E1wXBIkhT4Rg6ILFmQmUQkgns4JDBPiUh4Juv9Xy6p3vvVRuT2Wt2AqC8o3fI5OSGf/s1600/Owasp+Mantra+Logo.jpg" title="Owasp Mantra logo" /></div>
<b></b><br />
<div style="text-align: justify;">
<b><span itemprop="description">OWASP Mantra</span></b><span itemprop="description"> is a  Free and Open Source <i>Browser Based Web Security Framework</i></span><b>. OWASP Mantra</b> is a collection of free and open source  tools integrated into a web browser, which can become handy for  students, penetration testers, web application developers,security  professionals etc. It is portable, ready-to-run, compact and follows the  true spirit of free and open source software. </div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>OWASP Mantra</b>  is lite, flexible, portable and user friendly with a nice graphical  user interface. You can carry it in memory cards, flash drives, CD/DVDs,  etc. It can be run natively on Linux, Windows and Mac platforms. It can  also be installed on to your system within minutes. Mantra is  absolutely free of cost and takes no time for you to set up. </div>
<div style="text-align: justify;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/CRJkGZlV6Vk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>Download Here :: </b><a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download" target="_blank">OWASP Mantra</a> (for Windows)<b>
</b></div>
<div style="text-align: justify;">
                              <a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download" target="_blank"> OWASP Mantra</a> (for Linux)<b> </b></div>
<div style="text-align: justify;">
                              <a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download" target="_blank"> OWASP Mantra </a>(for MAC)<b> </b></div>
<div style="text-align: justify;">
<b>Official Website ::</b>  http://www.getmantra.com/</div>
</div>

Owasp Mantra (Browser Based Web Security Framework) :: Framework

OWASP Mantra is a Free and Open Source Browser Based Web Security Framework . OWASP Mantra is a collection of free and open source ...

XSSF (Cross Site Scripting Framework) :: Frameworks

<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: center;">
 <img alt="xssf logo" border="0" height="78" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRD7_Qf3uczuo0jjl0Zn_xPYsVPilG-slUfjqxWr6RMznK9kSfykhHi_5W-1840tZGKc1ZvtGq8u5QN8FR7UESwAG-5eb_FgAwzBqGQGXISA38J5LPbFteBRt4N5f9hiDXxFAsRLttzrq9/s1600/xssf+logo.png" title="xssf logo" width="200" /> </div>
<div style="text-align: justify;">
The <b>Cross-Site Scripting Framework </b>(<b>XSSF</b>) is a  security tool designed to turn the XSS vulnerability exploitation task  into a much easier work. The <b>XSSF</b> project aims to demonstrate the real  dangers of XSS vulnerabilities, vulgarizing their exploitation. This  project is created solely for education, penetration testing and lawful  research purposes.  </div>
<div style="text-align: justify;">
XSSF allows creating a <b>communication channel</b>  with the targeted browser (from a XSS vulnerability) in order to  perform further attacks. Users are free to select existing modules (a  module = an attack) in order to target specific browsers. </div>
<div style="text-align: justify;">
XSSF  provides a powerfull documented API, which facilitates development of  modules and attacks. In addition, its integration into the <b>Metasploit Framework</b> allows users to launch MSF browser based exploit easilly from an XSS vulnerability. </div>
<div style="text-align: justify;">
In  addition, an interesting though exploiting an XSS inside a victim's  browser could be to browse website on attacker's browser, using the  connected victim's session. In most of cases, simply stealing the victim  cookie will be sufficient to realize this action. But in minority of  cases (intranets, network tools portals, etc.), cookie won't be useful  for an external attacker. That's why <b>XSSF Tunnel</b> was created to help the attacker to help the attacker browsing on affected domain using the victim's session. </div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/AhUhOirEfTE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: left;">
<br />
<b>Download Here ::</b> <a href="https://xssf.googlecode.com/files/XSSF-3.0.zip" target="_blank">XSSF-3.0.zip</a></div>
<div style="text-align: left;">
<b>Source :: </b>https://code.google.com/p/xssf/</div>
</div>

XSSF (Cross Site Scripting Framework) :: Frameworks

The Cross-Site Scripting Framework ( XSSF ) is a security tool designed to turn the XSS vulnerability exploitation task into a much...

Subterfuge (Automated Man-in-the-Middle Attack Framework) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="subterfuge logo" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGb-vG4899yTmXjSo7XRKez6Aw4wrLKvoCwFgYGJNWwt-n_CXvFKygAPCymPWbyBraF_uuQ3LfM_MebI3suMkXGpU4X_-Gv0pruqQOLbTtYCDYO20zetlTAkXFvP6YhHiTyxEeaoUFa6d0/s1600/subterfuge+logo.png" title="subterfuge logo" width="196" /></div>
<div style="text-align: justify;">
<b>Subterfuge </b>is a <i>Automated Man-in-the-Middle Attack Framework</i>. Enter<b> Subterfuge</b>, a <b>Framework</b> to take the arcane  art of<i> Man-in-the-Middle Attack</i> and make it as simple as point and  shoot. A beautiful, easy to use interface which produces a more  transparent and effective attack is what sets <b>Subterfuge</b> apart from  other attack tools. Subterfuge demonstrates vulnerabilities in the ARP  Protocol by harvesting credentials that go across the network, and even  exploiting machines through race conditions. Now walk into a  corporation… </div>
<div style="text-align: justify;">
A rapidly-expanding portion of today’s Internet  strives to increase personal efficiency by turning tedious or complex  processes into a framework which provides instantaneous results. On the  contrary, much of the information security community still finds itself  performing manual, complicated tasks to administer and protect their  computer networks. Given the increase in automated hacking tools, it is  surprising that a simplistic, “push-button” tool has not been created  for information security professionals to validate their networks’  ability to protect against a <i>Man-In-The-Middle attack. </i><b>Subterfuge</b> is a  small but devastatingly effective credential-harvesting program which  exploits a vulnerability in the Address Resolution Protocol. It does  this in a way that a non-technical user would have the ability, at the  push of a button, to harvest all of the usernames and passwords of  victims on their connected network, thus equipping information and  network security professionals with a “push-button” security validation  tool. </div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/x-L80d1USn4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
</div>
<div style="text-align: left;">
<b> Download Here :: </b><a href="https://subterfuge.googlecode.com/files/SubterfugePublicBeta5.0.tar.gz" target="_blank">SubterfugePublicBeta5.0</a></div>
<div style="text-align: left;">
<b> Source :: </b>https://code.google.com/p/subterfuge/</div>
</div>

Subterfuge (Automated Man-in-the-Middle Attack Framework) :: Framework

Subterfuge is a Automated Man-in-the-Middle Attack Framework . Enter Subterfuge , a Framework to take the arcane art of Man-in-the-M...

HconSTF Firebase :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="HconSTF Firebase logo" border="0" height="124" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie59x9tAQk0z4gWdFP2_zVG1GYhru2Q-ffsIeHFz0fVVWbmFlESGeDp_0EaPo_5EBjV7q8jPR-ll7DpTFN_Ry2bbhg6_OaVIhavnDlThkzqn_f9SWnf0Z5zRxonm4_2do3wWOoioBCWC6d/s640/HconSTF+Logo.jpg" title="HconSTF Firebase logo" width="640" /></div>
<br />
<div style="text-align: justify;">
<b>HconSTF Firebase</b> is Fully 
Customizable, Versatile in Usage can be used in many Web related hacking
 needs, Simple and easy to use interface, small in size and light on 
resources. contains hundreds of features for :</div>
<ul style="text-align: justify;">
<li>Web Penetration Testing</li>
<li>Web Exploits Development</li>
<li>Web Malware Analysis</li>
<li>OSINT & Cyber spying </li>
</ul>
<div style="text-align: justify;">
Very comprehensive and plenty of tools for exploitation and supports verbose debugging features for Web Exploit Development. <span style="clear: left; float: left; margin-top: 0px; margin-top: 0px; position: relative; z-index: 10;"></span>
<b>HconSTF</b> <b>Firebase</b> contains blend of online and offline tools for Pentesting called 'WebUI'. includes scanners, encoders, and much more. IDB is Integrated database with huge amount of Web payload. Helps in many Open source intelligence based tasks like</div>
<ul style="text-align: justify;">
<li>Passive Web & Network Reconnaissance</li>
<li>Doxing <br /></li>
<li>Cyber Spying</li>
<li>Hash cracking</li>
</ul>
<div style="text-align: justify;">
Encoding / Decoding & hashing Features and tools, supports wide 
variety of formats, character set and algorithms for making payloads 
undetectable. Darknets and proxies integrated, Spoofing tools. supports integration 
with many decoy options, includes many tools for proxies and anonymizing
 networks.  </div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b> PDF Tutorials :: </b><a href="http://www.hcon.in/uploads/1/8/1/9/1819392/quick_malware_analysis_using_hconstf.pdf" target="_blank">Quick Malware Analysis Using HconSTF</a><br />
                              <a href="http://www.hcon.in/uploads/1/8/1/9/1819392/http_headers_spoofing_using_hconstf.pdf" target="_blank">HTTP Headers Spoofing Using HconSTF</a></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>Download Here :: </b><a href="http://sourceforge.net/projects/hconframework/files/HconFramework-Fire/HconSTF_0.5_Prime/HconSTF_v0.5_Prime.exe" target="_blank">Firebase_0.5.exe</a><b> </b>(for Windows)<b> </b></div>
<div style="text-align: justify;">
                               <a href="http://sourceforge.net/projects/hconframework/files/HconFramework-Fire/HconSTF_0.5_Prime/HconSTF_v0.5_Linux_x86.tar.bz2" target="_blank">Firebase_0.5.tar.bz2</a> (for Linux)<b><br /></b></div>
<div style="text-align: justify;">
<b>Official Website ::</b> http://www.hcon.in/</div>
</div>

HconSTF Firebase :: Framework

HconSTF Firebase is Fully Customizable, Versatile in Usage can be used in many Web related hacking needs, Simple and easy to use int...

Dradis (Information Gathering) :: Frameworks

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="Dradis Logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlQ5OieIfUDgzBnPRx8xlB_A8HSBdiFnEBhMuD8Wxg47YwBg8Hz4VvIEXZYajHlZ334XLnrSq7A7bdFpJ5rvU0_wysWKSv0h8dxHRZ9X2Ed2HY4LJOYI4ARHF0IU_ccBLqhGBXsLnwAPnR/s1600/dradis+logo.png" title="Dradis Logo" /></div>
<div style="text-align: justify;">
<b>Dradis</b> is an open source framework to enable you to work efficiently by gathering information from different tools and presenting it in a variety of formats.</div>
<div style="text-align: justify;">
<b>Dradis</b> is an open source framework to enable effective sharing of  information among participants in a penetration test. It is a  self-contained web application that provides a centralised repository of  information to keep track of what has been done so far, and what is  still ahead. It has plugins to read and collect the output of a variety  of network scanning tools, like Nmap, Burp Suite, and Nikto.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/WQF8e7eLDhc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>Download Here :: </b><a class="prominent" href="http://downloads.sourceforge.net/dradis/dradis-v2.9.0-setup.exe">dradis-v2.9.0-setup.exe</a><br />
                               
            <a class="prominent" href="http://downloads.sourceforge.net/dradis/dradis-v2.9.0.tar.gz">dradis-v2.9.0.tar.gz</a> </div>
<div style="text-align: justify;">
<b>Official Website ::</b> http://dradisframework.org/</div>
</div>

Dradis (Information Gathering) :: Frameworks

Dradis is an open source framework to enable you to work efficiently by gathering information from different tools and presenting it in...

WebScarab :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="WebScarab logo" border="0" height="159" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhkWpAj2eaWjfaiRF-kl2zXVpEPL7S4jyMW_aEtMjXRwyMaX4VfXV0KE0OQ1qDGVg9eWIyjep_NOmHixtl2M4v5vjJyd-Fiv8Q-BjtyY0HjYLNLPnZIZdw9WPscVa1OREn53vB1oEb8Hod/s200/webscarab.png" title="WebScarab logo" width="159" /></div>
<div style="text-align: justify;">
<b>WebScarab</b> is a framework that analyze applications that communicate  using the HTTP and HTTPS protocols. It is <i>written in Java</i>, and is thus  portable to many platforms. <b>WebScarab</b> has several modes of operation,  implemented by a number of plugins. In its most common usage, <b>WebScarab</b>  operates as an intercepting proxy, allowing the operator to review and  modify requests created by the browser before they are sent to the  server, and to review and modify responses returned from the server  before they are received by the browser. <b>WebScarab</b> is able to intercept  both HTTP and HTTPS communication. The operator can also review the  conversations (requests and responses) that have passed through  <b>WebScarab. </b></div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/je8WEuV320g?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br />
<b>Download Here :: </b><a class="name" href="http://sourceforge.net/projects/owasp/files/WebScarab/20070504-1631/webscarab-installer-20070504-1631.jar/download" title="Click to download webscarab-installer-20070504-1631.jar">webscarab-installer-20070504-1631.jar</a></div>
<div style="text-align: justify;">
                               <a class="name" href="http://sourceforge.net/projects/owasp/files/WebScarab/20070504-1631/webscarab-src-20070504-1631.zip/download" title="Click to download webscarab-src-20070504-1631.zip">webscarab-src-20070504-1631.zip</a></div>
<div style="text-align: justify;">
<b>Official Website :: </b>https://www.owasp.org/<b> </b></div>
</div>

WebScarab :: Tools

WebScarab is a framework that analyze applications that communicate using the HTTP and HTTPS protocols. It is written in Java , and is...

OpenVAS (Advanced Open Source Vulnerability Scanner and Manager) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="OpenVAS :: ToolWar" border="0" height="110" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj34ggfevoV_ryWXrwJQuud9cRyZVvR6pKzQxbL8BN9SxP0SLouqXvWbvK0FrPnIjosS9N7ep5Z2QKxkmw59NkZC87BfWDSDWjRfcOmxPalo3joS-HxDIHdFVKcECJLvEPe-hmbw_D9Pc1K/s400/OpenVAS-logo.png" title="OpenVAS :: Toolwar" width="400" /></div>
<div style="text-align: justify;">
<b>OpenVAS</b> is a<span style="font-size: small;"> <i>advanced Open Source vulnerability scanner and manager.  </i></span>The <i><b>Open Vulnerability Assessment System</b></i> (<b>OpenVAS</b>) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. </div>
<div style="text-align: justify;">
The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 30,000 in total (as of April 2013). </div>
<div style="text-align: justify;">
All OpenVAS products are Free Software. Most components are licensed under the GNU General Public License (GNU GPL). </div>
<div style="text-align: justify;">
<b>OpenVAS</b> is a vulnerability scanner that was forked from the last free version of <a class="local" href="http://sectools.org/tool/nessus/">Nessus</a>  after that tool went proprietary in 2005. <b>OpenVAS </b>plugins are still  written in the <i>Nessus NASL language</i>. The project seemed dead for a  while, but development has restarted.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/0b4SVyP0IqI?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
</div>
<div style="text-align: left;">
<br />
<b>Download Here :: </b><a href="http://www.openvas.org/download.html" target="_blank">OpenVAS</a></div>
<div style="text-align: left;">
<b>Official Website ::<i> </i></b><i>http://www.openvas.org/</i></div>
</div>

OpenVAS (Advanced Open Source Vulnerability Scanner and Manager) :: Framework

OpenVAS is a advanced Open Source vulnerability scanner and manager. The Open Vulnerability Assessment System ( OpenVAS ) is a frame...

w3af (Web Application Security Scanner) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="w3af framework" border="0" height="121" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh64FcDATU9QTFYiVVR5bKHDAu351WePSLxj8CrwndRD9_1OJLupKc9aKtZP3EoCHKg85zUONoJj3rMcisiwLWr_f4Ki7jOgi6uzQElIKSxgHyqJjF4BoX_FfWaRoRjF2P0IoeBSvw84hv8/s400/w3af_dilan.png" title="w3af framework" width="400" /></div>
<div style="text-align: justify;">
<b>W3af</b> is a <i>open source web application security scanner framework</i>. <b>w3af</b> is a <i>Web Application Attack and Audit Framework</i>.  The project’s goal is to create a framework to help you secure your web  applications by finding and exploiting all web application  vulnerabilities.</div>
<div style="text-align: justify;">
<b>W3af</b> is an extremely popular, powerful, and flexible framework for  finding and exploiting web application vulnerabilities.  It is easy to  use and extend and features dozens of web assessment and exploitation  plugins.  In some ways it is like a web-focused Metasploit. </div>
<div style="text-align: justify;">
This framework is proudly developed using Python to be <i>easy to use and extend, </i>and licensed under GPLv2.0.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Vd3pkgevgtw?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
<b>
</b></div>
<div style="text-align: justify;">
<br />
<b>Download Here :: </b><br />
<pre><span style="background-color: white;"><code>git clone https://github.com/andresriancho/w3af.git
cd w3af
./w3af_gui</code></span></pre>
</div>
<div style="text-align: justify;">
<br />
<b>Official Website ::http://w3af.org/</b></div>
<div style="text-align: justify;">
</div>
</div>

w3af (Web Application Security Scanner) :: Framework

W3af is a open source web application security scanner framework . w3af is a Web Application Attack and Audit Framework . The project...

Subscribe to: Posts ( Atom )