Havij (Automated and Advanced SQL Injection) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioLo4B-qKdYseDgGxhjbYAMCI7gaFHDgHkgIq5nk4dlAJO0srvzZGs1WbL6gv8T7LyU5lWZUKXpKhEsv8E2TzwySAI8vwXixwYRtOdsOAI9e9eZh9iwwT3SM_Wfnp6ipZPZXMJ40J6uwTV/s1600/Havij.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Havij Screenshot" border="0" height="319" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioLo4B-qKdYseDgGxhjbYAMCI7gaFHDgHkgIq5nk4dlAJO0srvzZGs1WbL6gv8T7LyU5lWZUKXpKhEsv8E2TzwySAI8vwXixwYRtOdsOAI9e9eZh9iwwT3SM_Wfnp6ipZPZXMJ40J6uwTV/s1600/Havij.png" title="Havij Screenshot" width="320" /></a></div> <b>Havij</b> is an <b>automated SQL Injection tool</b> that helps <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration</a> testers to find and exploit SQL Injection vulnerabilities on a <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> page.  It can take advantage of a vulnerable web application. By using this software, user can perform back-end database fingerprinting, retrieve DBMS login names and <a href="http://www.toolwar.com/search/label/Password" target="_blank">password</a> <a href="http://www.toolwar.com/search/label/Hash" target="_blank">hashes</a>, dump tables and columns, fetch data from the database, execute SQL statements against the server, and even access the underlying file system and execute operating system shell commands.<br /> The distinctive power of <b>Havij</b> that differentiates it from similar <a href="http://www.toolwar.com/search/label/Tools" target="_blank"> tools</a> lies in its unique methods of injection. The success rate of attack on vulnerable targets using <b>Havij</b> is above 95%.  The user friendly <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI (Graphical User Interface)</a> of Havij and its automated configuration and heuristic detections make it easy to use for everyone even amateurs.</div> <h3 style="text-align: justify;"> <b>Tutorials :: </b></h3> <div style="text-align: justify;"> <span style="font-size: small;"><span style="font-family: inherit;"><b>URL Rewrite :: </b><a href="http://www.itsecteam.com/files/havij/URL%20Rewrite/url_rewrite.htm" target="_blank">Click Here</a></span></span></div> <div style="text-align: justify;"> <span style="font-size: small;"><span style="font-family: inherit;"><b>MSSQL :: </b></span></span><a href="http://www.itsecteam.com/files/havij/MsSQL/mssql.htm" target="_blank"><span style="font-size: small;"><span style="font-family: inherit;">Click Here</span></span></a></div> <div style="text-align: justify;"> <span style="font-size: small;"><span style="font-family: inherit;"><b>PostGreSQL :: </b></span></span><a href="http://www.itsecteam.com/files/havij/PostgreSQL/postgresql.htm" target="_blank"><span style="font-size: small;"><span style="font-family: inherit;">Click Here</span></span></a></div> <div style="text-align: justify;"> <span style="font-size: small;"><span style="font-family: inherit;"><b>Pro Features :: </b></span></span><a href="http://www.itsecteam.com/files/havij/Pro%20Features/pro%20features.htm" target="_blank"><span style="font-size: small;"><span style="font-family: inherit;">Click Here</span></span></a></div> <div style="text-align: justify;"> <span style="font-size: small;"><span style="font-family: inherit;"><b>Oracle :: </b></span></span><a href="http://www.itsecteam.com/files/havij/Oracle/oracle.htm" target="_blank"><span style="font-size: small;"><span style="font-family: inherit;">Click Here</span></span></a></div> <div style="text-align: justify;"> <span style="font-size: small;"><span style="font-family: inherit;"><b>Multi-Thread Blind Injection :: </b></span></span><a href="http://www.itsecteam.com/files/havij/multi%20thread%20blind%20injection/multi%20thread%20blind%20injection.htm" target="_blank"><span style="font-size: small;"><span style="font-family: inherit;">Click Here</span></span></a></div> <div style="text-align: justify;"> <b><span style="font-size: small;"><span style="font-family: inherit;">Dump All :: </span></span></b><a href="http://www.itsecteam.com/files/havij/Dump%20All/Dump_All.html" target="_blank"><span style="font-size: small;"><span style="font-family: inherit;"><span style="font-size: small;"><span style="font-family: inherit;">Click Here</span></span></span></span></a><b> </b></div> <div style="text-align: justify;"> <br /> <b>How to use ::</b></div> <div class="rtejustify" style="text-align: justify;"> You can use this utility to find and potentially exploit SQL Injection vulnerabilities in web application. To use this tool, some knowledge of SQL Injection - even though abasic one - is essential. Most of what you will have to do, in typical cases, will be to enter the URL of the suceptible page, selecting the applicable method clicking 'Analyze'. Almost everything needed to reveal and make use of the vulnerabilities is done by the utility. For best results, the URL should be one that returns a normal response (rather than one that returns a 4xx response).</div> <div class="rtejustify" style="text-align: justify;"> <br /></div> <div class="rtejustify" style="text-align: justify;"> <b>Video ::</b> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/7ubB9VocgnQ?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="rtejustify" style="text-align: justify;"> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/dEM7YRRSvP8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows ::</b>  <a href="http://www.itsecteam.com/files/havij/Havij1.15Free.rar" target="_blank">Havij v1.15</a> (.rar) | <b>Trial</b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://itsecteam.com/products/havij-advanced-sql-injection/">http://itsecteam.com/products/havij-advanced-sql-injection/</a><b> </b></div>

Havij (Automated and Advanced SQL Injection) :: Tools

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web p...

Read more »

Advanced Encryption Package :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="encryption-window-algorithm-expanded" border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJ0GkaQws6zeP9BDAKJLLBj9oZrkk5m3h0V-j-MCgf5SnIhooYtvusIkM6347PhQZWuy9tQVYiEhoP4FdUG4Wakmw1cCrqnwMuO0TzXm9psLCcd6WqPlLHgKdbV4eFVaSo82gBFtvY14s-/s1600/encryption-window-algorithm-expanded.jpg" title="encryption-window-algorithm-expanded" width="387" /></div> <div style="text-align: justify;"> <b>Advanced Encryption Package</b> is a File <a href="http://www.toolwar.com/search/label/Encryption" target="_blank">encryption</a>, Secure File Transfer, Batch File Encryption and Encrypted Backups. <b>Advanced Encryption Package</b> adds new features to the context menu of <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> Explorer. As you can see on this screenshot, context menu has new menu item AEP and some subitems under this item: Encrypt, Decrypt, Create Self-Extracting File, Wipe. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Features ::</b></div> <div style="text-align: justify;"> <ul> <li><strong>Easy to use</strong> for novices. It integrates nicely with Windows Explorer and made easy for novices.</li> <li><strong>Strong and proven algorithms</strong> to protect your sensitive documents (20 encryption algorithms).</li> <li><strong>File</strong> and/or <strong>text</strong> encryption.</li> <li>Symmetric and asymmetric algorithms (17 data destruction algorithms).</li> <li><strong>Secure</strong> file <strong>deletion</strong>.</li> <li>Using <a href="http://www.toolwar.com/search/label/USB" target="_blank">USB</a> flash drives to store [en]-decryption keys.</li> <li>Creating <strong>encrypted self-extracting file</strong> to send it as <strong>email</strong> attachement. No additional software is required on other end!</li> <li>Complete <strong><a href="http://www.toolwar.com/search/label/CLI" target="_blank">command line</a> support</strong> to fully <strong>automate</strong> [en]-decryption tasks.</li> </ul> </div> <h3 style="text-align: justify;"> <b>  </b></h3> <h3> <b>Tutorials ::</b></h3> <b> How to Article :: </b><a href="http://www.aeppro.com/support/security-articles.shtml" target="_blank">Click Here</a><b> </b><br /> <h3> <b>Download ::</b></h3> <b>Windows :: </b><a href="http://www.aeppro.com/download/aep_setup.msi" target="_blank">Advanced Encryption Package Pro 2014</a> (.msi)<br /> <b>Official Website :: </b><a href="http://www.aeppro.com/products/aep.shtml" target="_blank">http://www.aeppro.com/products/aep.shtml</a>

Advanced Encryption Package :: Tools

Advanced Encryption Package is a File encryption , Secure File Transfer, Batch File Encryption and Encrypted Backups. Advanced Encryptio...

Read more »

DLL Hijack Auditor (Audit DLL Hijacking Vulnerability) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOMHBbtHY3M6lvqsdBgjSk97gxPEL_jkS-pkAh5TEJuqCY9FzYDNWnoURsXelk8hGovQ8lYwslQO2KHcGTN-_ojdmJ42ufcLJfz-U3TZ9vZzCfTJ7HrP4jFfCwaVRaSa2v93a91_Jkh7zO/s1600/dllhijackauditor_screenshot1_main_small.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="dllhijackauditor" border="0" height="303" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOMHBbtHY3M6lvqsdBgjSk97gxPEL_jkS-pkAh5TEJuqCY9FzYDNWnoURsXelk8hGovQ8lYwslQO2KHcGTN-_ojdmJ42ufcLJfz-U3TZ9vZzCfTJ7HrP4jFfCwaVRaSa2v93a91_Jkh7zO/s1600/dllhijackauditor_screenshot1_main_small.jpg" title="dllhijackauditor" width="400" /></a></div> <div style="text-align: justify;"> <b>Dll Hijack Auditor</b> is the smart tool to <b>Audit against the Dll Hijacking Vulnerability</b> in any <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> application. This is one of the critical security issue affecting almost all Windows systems. Though most of the apps have been fixed, but still many Windows applications are susceptible to this <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> which can allow any attacker to completely take over the system. DllHijackAuditor helps in discovering all such Vulnerable Dlls in a Windows application which otherwise can lead to successful exploitation resulting in total compromise of the system.<br /><br />With its simple <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI interface</a> <b>DllHijackAuditor</b> makes it easy for anyone to instantly perform the auditing operation. It also presents detailed technical Audit report which can help the developer in fixing all vulnerable points in the application. <b>DllHijackAuditor</b> is a standalone portable application which also comes with Installer for local Installation & Uninstallation of software. </div> <div style="text-align: justify;"> It works on wide range of platforms starting from Windows XP to latest operating system, Windows 8.<br /><h3> Features ::</h3> <ul> <li>Here are some of the smart features of<b> DllHijackAuditor,</b></li> <li>Directly & Instantly audit any Windows Application.</li> <li>Allows complete testing to uncover all Vulnerable points in the target Application</li> <li>Smart <a href="http://www.toolwar.com/search/label/Debugger" target="_blank">Debugger</a> based 'Interception Engine' for consistent and efficent performance without intrusion.</li> <li>Support for specifying as well as auditing of application with custom & multiple Extensions.</li> <li>Timeout Configuration to alter the waiting time for each Application.</li> <li>Generates complete auditing report (in HTML format) about all vulnerable hijack points in the Application.</li> <li>GUI based tool, makes it easy for anyone with minimum knowledge to perform the auditing operation.</li> <li>Does not require any special privilege for auditing of the application (unless target application requires)</li> <li>Free from Antivirus as it does not use any shellcodes or exploit codes which trigger Antivirus to terminate the operation.</li> <li>Fully portable tool which can be run directly on any system.</li> <li>Support for local Installation and uninstallation of the software. </li> </ul> <h3> Tutorials :: </h3> </div> <div style="text-align: justify;"> <b>Installation & Uninstallation ::</b><br />It comes with simple Instaler that helps you to install it locally on your system for regular usage. It has intuitive setup wizard which guides you through series of steps in completion of installation. At any point of time, you can uninstall the product using the Uninstaller located at following location (by default)</div> <div style="text-align: justify;"> <br />[Windows 32 bit]<br />C:\Program Files\SecurityXploded\DllHijackAuditor<br /><br />[Windows 64 bit]<br />C:\Program Files (x86)\SecurityXploded\DllHijackAuditor<br /><br /><b>How to use ::</b><br /><ul> <li>Here are simple tests to use <b>DllHijackAuditor</b> for auditing of any Windows application.</li> <li>Launch the DllHijackAuditor after copying it or installing it on your local system. </li> <li>Now click on 'Browse' button to select application and then click on 'Start Audit' to begin the operation.</li> <li>Next click on 'Exploit' button (only if it has found any vulnerable DLLs in the previous phase) to perform real Exploitation test.</li> <li>Finally click on 'Report' button to generate complete Audit report. </li> </ul> You can tick the check box ( 'Do not terminate application' ) to make DllHijackAuditor to wait until you perform complete testing of all vulnerable points within the application. Once you are done with the testing, close the application so that <b>DllHijackAuditor</b> will continue with auditing operation.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Video :: </b></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/EBXGA8eMrT4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <b> </b></div> <div style="text-align: justify;"> <h3> <b>Download ::</b></h3> </div> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://securityxploded.com/download-file.php?id=7777" target="_blank">DLL Hijack Auditor v3.0 </a><b><br /></b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://securityxploded.com/dllhijackauditor.php">http://securityxploded.com/dllhijackauditor.php</a></div>

DLL Hijack Auditor (Audit DLL Hijacking Vulnerability) :: Tools

Dll Hijack Auditor is the smart tool to Audit against the Dll Hijacking Vulnerability in any Windows application. This is one of the c...

Read more »

Simple Packet Sender- SRS (Packet Crafting) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7BUKKw498tOZ31MifYW6bPLuJau7rdayfP5pA059VWTSs2bX9U8wBoL0uzzMGPCSIx2uJ2Zd0U3siY6mMaSIHGNiuByoH6wcWmPvKxDi_QhXGorMs_JAvn14nckZgM-3C0XybRLTQpiVN/s1600/tcp-ipv4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Simple Packet sender screenshot" border="0" height="285" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7BUKKw498tOZ31MifYW6bPLuJau7rdayfP5pA059VWTSs2bX9U8wBoL0uzzMGPCSIx2uJ2Zd0U3siY6mMaSIHGNiuByoH6wcWmPvKxDi_QhXGorMs_JAvn14nckZgM-3C0XybRLTQpiVN/s1600/tcp-ipv4.png" title="Simple Packet sender screenshot" width="320" /></a></div> <div style="text-align: justify;"> <b>Simple Packet Sender (SPS)</b> is a linux <b>packet crafting tool</b>. Supports IPv4, IPv6 including extension headers, and tunneling IPv6 over IPv4. Written in C on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> with <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI</a> built using GTK+ and released under GPLv3. Does not require pcap.</div> <h3 style="text-align: justify;"> <b>Features:</b></h3> <div style="text-align: justify;"> <a href="http://www.toolwar.com/search/label/Packet" target="_blank">Packet</a><a href="http://www.toolwar.com/search/label/Packet" target="_blank"> crafting</a> and sending one, multiple, or flooding IPv4 and IPv6 packets of type TCP, ICMP, or UDP (or cycle through all three). All values within ethernet frame can be modified arbitrarily. Supports IPv4 header options, TCP header options, and TCP, ICMP and UDP data as well, input from either: keyboard as UTF-8/ASCII, keyboard as hexadecimal, or from file. IPv6 support includes: hop-by-hop, "first" and "last" destination, routing, authentication, and encapsulating security payload (ESP) extension headers. For those without access to a native IPv6 <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>, IPv6 packets can be transmitted over IPv4 (6to4).</div> <div style="text-align: justify;"> Packet fragmentation for IPv4, IPv6, and 6to4. Assumed maximum transmission unit (MTU) can be changed if unusual fragment sizes are needed. IP addresses and port numbers can be randomized. A configurable traceroute function, which supports TCP, ICMP, and UDP packets with all the features mentioned above. View packets in hexadecimal/ASCII representation, in both unfragmented and fragmented forms. All packet settings can be saved to and loaded from file. IP and ASN delegation functions, including: country name/code search and reverse-search, autonomous system (AS) number search by country and reverse-search,  IPv4 and IPv6 address delegation search and reverse-search.</div> <div style="text-align: justify;"> ARP (IPv4) and Neighbor Discovery (IPv6) for querying a LAN for MAC addresses of local nodes.</div> <div style="text-align: justify;"> Retrieve MAC address and current MTU setting of any attached network interface. Domain name resolution and <a href="http://www.toolwar.com/search/label/Reverse" target="_blank">reverse</a> resolution.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorial ::</h3> <div style="text-align: justify;"> <b>Wiki ::</b> <a href="http://sourceforge.net/p/simplepacket/wiki/Home/" target="_blank">Click Here</a></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="https://sites.google.com/site/simplepacketsender/sps-4.2.tar.gz?attredirects=0" target="_blank">Simple Packet Sender</a> (.tar.gz)<b><br /></b></div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="https://sites.google.com/site/simplepacketsender/">https://sites.google.com/site/simplepacketsender/</a></div>

Simple Packet Sender- SRS (Packet Crafting) :: Tools

Simple Packet Sender (SPS) is a linux packet crafting tool . Supports IPv4, IPv6 including extension headers, and tunneling IPv6 over I...

Read more »

Autopsy (Digital Investigation Analysis) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Autopsy logo" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjf21td83eNESL_QTE9NjV-ZSQnqexy4JbWFatUW-4KkqydKjwnSYKqQmPFBy6cnZG7rQZEG7X211P1v_klRTAzd3_Ee5pDqpYn3sfpupP4ff-ao6WwTUaeq8fqKi0PgJQiwb-loD4CvqrI/s1600/autopsy+logo.jpg" title="Autopsy logo" width="200" /></div> <div style="text-align: justify;"> <b>Autopsy</b> is a graphical interface to the <a href="http://www.toolwar.com/search/label/CLI" target="_blank"><i>command line</i></a> <b>digital investigation analysis tools</b> in <a href="http://www.toolwar.com/2014/01/the-sleuth-kit-tsk-forensics-framework.html" target="_blank"> The Sleuth Kit</a>. Together, they can analyze <i>Windows and UNIX</i> disks and file systems (NTFS, FAT, UFS1/2, Ext2/3).</div> <div style="text-align: justify;"> <b>The Sleuth Kit </b>and <b>Autopsy</b> are both Open Source and run on UNIX platforms (you can use Cygwin to run them both on <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>). As <b>Autopsy</b> is HTML-based, you can connect to the <b>Autopsy</b> server from any platform using an HTML browser. Autopsy provides a "File Manager"-like interface and shows details about deleted data and file system structures.</div> <h3 style="text-align: justify;"> <span style="font-size: small;">Analysis Modes</span></h3> <ul style="text-align: justify;"> <li>A <b>dead analysis</b> occurs when a dedicated <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> system is used to examine the data from a suspect system. In this case, <b>Autopsy</b> and The Sleuth Kit are run in a trusted environment, typically in a lab. Autopsy and TSK support raw, Expert Witness, and AFF file formats. </li> <li>A <b>live analysis</b> occurs when the suspect <a href="http://www.toolwar.com/search/label/System" target="_blank">system</a> is being analyzed while it is running. In this case, <b>Autopsy</b> and The Sleuth Kit are run from a CD in an untrusted environment. This is frequently used during incident response while the incident is being confirmed. After it is confirmed, the system can be acquired and a dead analysis performed. </li> </ul> <h3 style="text-align: justify;"> Evidence Search Techniques</h3> <ul style="text-align: justify;"> <li><b>File Listing</b>: Analyze the files and directories, including the names of deleted files and files with Unicode-based names.</li> <li><b>File Content</b>: The contents of files can be viewed in raw, hex, or the ASCII strings can be extracted. When data is interpreted, Autopsy sanitizes it to prevent damage to the local analysis system. Autopsy does not use any client-side scripting languages.</li> <li><b>Hash Databases</b>: Lookup unknown files in a <a href="http://www.toolwar.com/search/label/Hash" target="_blank">hash</a> database to quickly identify it as good or bad. Autopsy uses the NIST <i>National Software Reference Library (NSRL)</i> and user created databases of known good and known bad files </li> <li><b>File Type Sorting</b>: Sort the files based on their internal signatures to identify files of a known type. Autopsy can also extract only graphic images (including thumbnails). The extension of the file will also be compared to the file type to identify files that may have had their extension changed to hide them.</li> <li><b>Timeline of File Activity</b>: In some cases, having a timeline of file activity can help identify areas of a file system that may contain evidence. Autopsy can create timelines that contain entries for the Modified, Access, and Change (MAC) times of both allocated and unallocated files.</li> <li><b>Keyword Search</b>: Keyword searches of the file system image can be performed using ASCII strings and grep regular expressions. Searches can be performed on either the full file system image or just the unallocated space. An index file can be created for faster searches. Strings that are frequently searched for can be easily configured into Autopsy for automated searching. </li> <li><b>Meta Data Analysis</b>: Meta Data structures contain the details about files and directories. Autopsy allows you to view the details of any meta data structure in the file system. This is useful for recovering deleted content. Autopsy will search the directories to identify the full path of the file that has allocated the structure.</li> <li><b>Data Unit Analysis</b>: Data Units are where the file content is stored. Autopsy allows you to view the contents of any data unit in a variety of formats including ASCII, hexdump, and strings. The file type is also given and Autopsy will search the meta data structures to identify which has allocated the data unit. </li> <li><b>Image Details</b>: File system details can be viewed, including on-disk layout and times of activity. This mode provides information that is useful during data recovery. </li> </ul> <h3 style="text-align: justify;"> Case Management</h3> <ul style="text-align: justify;"> <li><b>Case Management</b>: Investigations are organized by <i>cases</i>, which can contain one or more <i>hosts</i>. Each host is configured to have its own time zone setting and clock skew so that the times shown are the same as the original user would have seen. Each host can contain one or more file system images to analyze. </li> <li><b>Event Sequencer</b>: Time-based events can be added from file activity or IDS and firewall logs. Autopsy sorts the events so that the sequence of incident events can be more easily determined. </li> <li><b>Notes</b>: Notes can be saved on a per-host and per-investigator basis. These allow you to make quick notes about files and structures. The original location can be easily recalled with the click of a button when the notes are later reviewed. All notes are stored in an ASCII file. </li> <li><b>Image Integrity</b>: It is crucial to ensure that files are not modified during analysis. Autopsy, by default, will generate an MD5 value for all files that are imported or created. The integrity of any file that Autopsy uses can be validated at any time. </li> <li><b>Reports</b>: Autopsy can create ASCII reports for files and other file system structures. This enables you to quickly make consistent data sheets during the investigation.</li> <li><b>Logging</b>: Audit logs are created on a case, host, and investigator level so that actions can be easily recalled. The exact Sleuth Kit commands that are executed are also logged.</li> <li><b>Open Design</b>: The code of Autopsy is open source and all files that it uses are in a raw format. All configuration files are in ASCII text and cases are organized by directories. This makes it easy to export the data and archive it. It also does not restrict you from using other tools that may solve the specific problem more appropriately.</li> <li><b>Client Server Model</b>: Autopsy is HTML-based and therefore you do not have to be on the same system as the file system images. This allows multiple investigators to use the same server and connect from their personal systems.</li> </ul> <div style="text-align: justify;"> <b>Autopsy</b> is written in <a href="http://www.toolwar.com/2013/09/perl-language.html" target="_blank">Perl</a> and runs on the same UNIX platforms as <a href="http://www.toolwar.com/2014/01/the-sleuth-kit-tsk-forensics-framework.html" target="_blank">The Sleuth Kit</a>:</div> <ul style="text-align: justify;"> <li><a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a></li> <li><a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X</a></li> <li>Open & FreeBSD</li> <li>Solaris</li> <li>Cygwin (you cannot use the win32 executables that can be downloaded from this site, you must build in Cygwin) </li> </ul> <h3> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/RUgmkvt2WNg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3>  </h3> <h3> Download ::</h3> <b>Windows :: </b><a href="http://sourceforge.net/projects/autopsy/files/autopsy/3.0.8/autopsy-3.0.8-32bit.msi/download" target="_blank">Autopsy 3.0.8x32</a> (.msi) | <a href="http://sourceforge.net/projects/autopsy/files/autopsy/3.0.8/autopsy-3.0.8-64bit.msi/download" target="_blank">Autopsy 3.0.8x64</a> (.msi)<br /> <b>Linux :: </b><a href="http://sourceforge.net/projects/autopsy/files/autopsy/2.24/autopsy-2.24.tar.gz/download" target="_blank">Autopsy 2.08</a> (.tar.gz)<br /> <b>Official Website :: </b><a href="http://www.sleuthkit.org/autopsy/index.php" target="_blank">http://www.sleuthkit.org/autopsy/index.php </a>

Autopsy (Digital Investigation Analysis) :: Tools

Autopsy is a graphical interface to the command line digital investigation analysis tools in The Sleuth Kit . Together, they can anal...

Read more »

Oryon C Portable (Intelligence Investigations) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Oryon C Portable Logo" border="0" height="207" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9kco19KpeXKaOauklNcyR7Mqb7aJToI227Jp6oVRMqzmUOFIlCx9AYR3LMlp8AGhOmyEa0UPcI5NByrn9hNG9fuAw57vrtUBXHIMsrLXi-W0kkuu8ZML7Dl0gTJV-ElkjIiF733Q5Kh1k/s1600/Oryon+c+Prortable.png" title="Oryon C Portable Logo" width="400" /></div> <b>Oryon C Portable</b> is a <a href="http://www.toolwar.com/search/label/Browser" target="_blank"><b>web browser</b></a> designed to <i>assist researchers</i> in conducting <b>Open Source Intelligence investigations</b>. <b>Oryon</b> comes with dozens of pre-installed <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> and a select set of links cataloged by category – including those that can be found in the OI Shared Resources.<br /> <br /> <b>Specification ::</b><br /> <br /> - Based on SRWare Iron version 31.0.1700.0 (Chromium)<br /> - More than 70 pre-installed tools to support investigators in their everyday work<br /> - More than 600 links to specialized sources of information and online investigative tools<br /> - Additional privacy protection features<br /> - A ready to use opml file containing a sorted collection of information sources in the fields such as: OSINT, Intelligence, InfoSec, defense, and more.<br /> <br /> <b>Version Info ::</b><br /> 0.1 Initial release<br /> <br /> <b>Type ::</b><br /> Portable. No need to install, you can start using straightaway in your desktop, pendrive, etc.<br /> <br /> <b>Platform ::</b><br /> <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> : XP, Vista, 7 x32 & x64<br /> <br /> <b>License ::</b><br /> Various Open Source Licenses</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Documentation ::</b> <a href="http://osintinsight.com/Documentation.pdf" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://sourceforge.net/projects/oryon/files/latest/download" target="_blank">Oryon C Portable-v0.1</a><b> (.exe)</b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://osintinsight.com/oryon.php">http://osintinsight.com/oryon.php</a></div> <div style="text-align: justify;"> <b>Submitted By ::</b> OSINTINSIGHT</div>

Oryon C Portable (Intelligence Investigations) :: Tools

Oryon C Portable is a web browser designed to assist researchers in conducting Open Source Intelligence investigations . Oryon comes...

Read more »

MobiSec (Mobile Penetration Testing) :: Distribution

<div class="separator" style="clear: both; text-align: center;"> <img alt="MobiSec Logo" border="0" height="290" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW59x4V_GWksXI63xJZsmQMOSfrNW-Ii9BKcCHQs0KpNexigf5nqIW5Pt5JcSmZpM7Uxe08zCrygo5pOcxAKd1lXE3ahraIJm1PGjx0zhX1wk_aVJwBdE77smzaA_kljI8pBqlY8MP4d_L/s1600/MobiSec+Logo.jpg" title="MobiSec Logo" width="400" /></div> <div style="text-align: justify;"> The <b>MobiSec</b> Live Environment <b>Mobile Testing open source project</b> is a live environment for testing <a href="http://www.toolwar.com/search/label/Phone" target="_blank">mobile</a> environments, including devices, applications, and supporting infrastructure. The purpose is to provide attackers and defenders the ability to test their mobile environments to identify design weaknesses and vulnerabilities.</div> <div style="text-align: justify;"> <b>MobiSec</b> provides a single environment for testers to leverage the best of all available open source <a href="http://www.toolwar.com/search/label/Phone" target="_blank">mobile testing tools</a>, as well as the ability to install additional <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> and platforms, that will aid the penetration tester through the testing process as the environment is structured and organized based on an industry-proven testing <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a>. Using a live environment provides penetration testers the ability to boot the <b>MobiSec</b> Live Environment on any Intel-based system from a DVD or USB flash drive, or run the test environment within a virtual machine.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>MobiSec</b> is a <b>bootable Linux distribution</b> that penetration testers, ethical hackers, and other information <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> pros can use to evaluate and analyze mobile devices, applications, and supporting infrastructures. Created by <b>SecureIdeas</b>, the <b>MobiSec framework</b> lets you test mobile environments to identify design weaknesses and vulnerabilities, all with the goal of improving security. Instead of you having to download countless tools, install them in your own environment, and then troubleshoot interoperability issues, the <b>MobiSec</b> team has done all of that work for you, pulling together best-of-breed free tools for mobile device and infrastructure <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> into one handy distribution.</div> <div style="text-align: justify;"> The <b>MobiSec</b> Live Environment includes the following capabilities:</div> <ul style="text-align: justify;"> <li>Creates a single environment for testers to leverage the best of all available open source mobile testing tools</li> <li>Allows installation of additional tools and platforms</li> <li>Assists the penetration tester throughout the testing process as the environment is structured and organized based on an industry-proven testing framework</li> <li>Provides penetration testers the ability to boot the MobiSec Live Environment on any x86- or x64-based system from a DVD or <a href="http://www.toolwar.com/search/label/USB" target="_blank">USB flash drive</a>, or run the test environment within a <a href="http://www.toolwar.com/search/label/Virtual" target="_blank">virtual machine</a></li> </ul> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/n1GlXOvBuqg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://sourceforge.net/projects/mobisec/files/latest/download" target="_blank">MobiSec 1.1</a> (.iso)</div> <div style="text-align: justify;"> <b>Official Website :: </b>http://mobisec.professionallyevil.com/</div>

MobiSec (Mobile Penetration Testing) :: Distribution

The MobiSec Live Environment Mobile Testing open source project is a live environment for testing mobile environments, including d...

Read more »

Hash Generator :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZKNgtee5QHJGMGG92lCWQPH2SaGSQWkH7KAlwkyK4tjl3Itrr147UV_LtlnMCsUVww02j3tEs-H2HT3DkjYpYeV88yv8cN-a6PJEycM5CpRpWEWPIo7uUTb4GShD3wXyZfPfIMUconqd1/s1600/hash+generator+screenshot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="hash generator screenshot" border="0" height="322" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZKNgtee5QHJGMGG92lCWQPH2SaGSQWkH7KAlwkyK4tjl3Itrr147UV_LtlnMCsUVww02j3tEs-H2HT3DkjYpYeV88yv8cN-a6PJEycM5CpRpWEWPIo7uUTb4GShD3wXyZfPfIMUconqd1/s400/hash+generator+screenshot.jpg" title="hash generator screenshot" width="400" /></a></div> <b>Hash Generator</b> is the <i>FREE universal <a href="http://www.toolwar.com/search/label/Hash" target="_blank">hash</a> generator tool</i> which automates the generation of <i>14 different type of hashes</i> or checksums. It support most of the popular hashes including MD5 family, SHA family, BASE64, LM, NTLM, CRC32, ROT13, RIPEMD, ALDER32, HAVAL, WHIRLPOOL etc.<br /> <br /> <b>Hash Generator</b> can even generate hash for the file as well as text input also. User can directly enter or paste any text from clipboard and generate hash. It also supports 'Drag & Drop interface' which allows you to quickly drag files onto the <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tool</a> for hash generation.<br /> <br /> <b>Hashes or checksums</b> are mainly used for file integrity verification. Often files downloaded from Internet are checked with MD5/SHA256 hash to make sure file is not tempered. Hashes are also used in <a href="http://www.toolwar.com/search/label/Encryption" target="_blank">encryption</a> and storage of <a href="http://www.toolwar.com/search/label/Password" target="_blank">password</a> as well as other sensitive data to protect it from the spying eyes. <b>HashGenerator</b> helps in quickly computing or verifying the hash for any such file or password text.<br /> <br /> It works on wide range of platforms starting from <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> XP to latest operating system Windows 8.</div> <div style="text-align: justify;"> <h2> Features ::</h2> <ul> <li>Generate hashes for 15+ popular algorithms including MD5, SHA256, BASE64.</li> <li>Create Hash for either the File or custom Text.</li> <li>'Drag & Drop' feature to quickly drag files onto the tool.</li> <li>Shell Context Menu to quickly generate hash by simply right clicking on any file.</li> <li>Option to to selectively copy the hash from the displayed list.</li> <li>Save the generated hash list to HTML/TEXT/XML file</li> <li>Simple, Easy to Use <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI Interface</a>.</li> <li>Completely Portable Tool which also comes with Installer for local Installation & Uninstallation.  </li> </ul> </div> <div style="text-align: justify;"> <h3> <br /> </h3> </div> <div style="text-align: justify;"> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/ImBdB0aPjMs?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> </div> <div style="text-align: justify;"> <h3> Download ::</h3> </div> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://securityxploded.com/download.php#hashgenerator" target="_blank">Hash Generator v3.0</a><b><br /></b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://securityxploded.com/hashgenerator.php">http://securityxploded.com/hashgenerator.php</a><b><br /></b></div>

Hash Generator :: Tools

Hash Generator is the FREE universal hash generator tool which automates the generation of 14 different type of hashes or checksums. ...

Read more »

BTCrack (Bluetooth PIN Bruteforce) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="BTCrack" border="0" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj39dSDx3Q16NiYxmcXH5VHD94Rf39rMa2VbZdwWfgE1bGbxiL6ggWB3LlGMiWqtUEy-sERyTTMmrpe5-288pBCgS_JBX0EP0tVZtj9XKe0NYZThTtOjEnY2deWAo9osu8t-u4ofVRIHhUo/s320/BTCrack.jpg" title="BTCrack" width="320" /></div> <div style="text-align: justify;"> <span class="style3"><b>BTCrack</b> is the worlds first <i><a href="http://www.toolwar.com/search/label/Bluetooth" target="_blank">Bluetooth</a> Pass phrase (PIN) bruteforce tool</i>, <b>BTCrack</b> will bruteforce the Passkey and the Link key from captured pairing* exchanges.</span></div> <div style="text-align: justify;"> <span class="style3"><b>BTcrack</b> was demoed and realeased at Hack.lu 2007 and 23C3 in Berlin, the video of the presentation is available on Google Video .</span><span class="style3"><br /> To capture the pairing data it is necessary to have a <i> Professional Bluetooth <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">Analyzer</a></i> : FTE (BPA 100, BPA 105, others), Merlin OR flash a CSR based consumer USB dongle with special <a href="http://www.toolwar.com/search/label/Firmware" target="_blank">firmware</a>.</span></div> <div style="text-align: justify;"> <span class="style3"><span class="style3"><b>Speed Comparison :</b><br /> · P4 2Ghz - Dual Core 200.000 keys/sec</span><br /> · <span class="style3">FPGA E12 @ 50Mhz 7.600.000 keys/sec<br /> · FPGA E12 @ 75Mhz 10.000.000 keys/sec<br /> · FPGA E14 30.000.000 keys/sec<br /> <br /> <b>Changes :</b><br /> · 1.0 First release<br /> · 1.1 Intermediate Release <br />   E12 + E14 FPGA Support ( http://www.picocomputing.com)<br />   Splash Screen <br />   Process Priority <br />   Speed increase (+15%)<br /> </span> </span></div> <h3 style="text-align: justify;"> <span class="style3">Tutorials ::</span></h3> <div style="text-align: justify;"> <span class="style3"><b>Video ::</b> <a href="http://vimeo.com/3256789" target="_blank">Click Here </a></span></div> <h3 style="text-align: justify;"> <span class="style3">Download ::</span></h3> <div style="text-align: justify;"> <b><span class="style3">Windows :: </span></b><a href="http://secdev.zoller.lu/btcrack.zip" target="_blank"><span class="style3">BTCrack (.zip)</span></a><b><span class="style3"><br /></span></b></div> <div style="text-align: justify;"> <b><span class="style3">Official Website :: </span></b><a href="http://www.g-sec.lu/products.html"><span class="style3">http://www.g-sec.lu/products.html</span></a> </div>

BTCrack (Bluetooth PIN Bruteforce) :: Tools

BTCrack is the worlds first Bluetooth Pass phrase (PIN) bruteforce tool , BTCrack will bruteforce the Passkey and the Link key from...

Read more »

iPhone Analyzer :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="iphone analysis" border="0" height="265" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyVrxfsAbT1zhDHt5nIp-4u2AZSwoZbbGPfy91RQmjyHX4TU-0qcH4M5fHpd1PuEVma0RI6zVJLki1tJcwrYoHZ3x9BTvqnrE-LvuJsFDLDqOG_K8IX0B0eufoAkJj5cB1qEqlO8f79Kjw/s1600/iphone+analysis.jpg" title="iphone analysis" width="400" /></div> </div> <div style="text-align: justify;"> <b>iPhone Analzyer</b> allows you to <i>forensically examine or recover date from in iOS device</i>. It principally works by <i>importing backups</i> produced by iTunes or third party software, and providing you with a rich interface to explore, <i><a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analyse</a> and recover data</i> in human readable formats. Because it works from the backup files everything is <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensically</a> safe, and no changes are made to the original data.</div> <h3 style="text-align: justify;"> <span style="font-size: small;">Features ::</span></h3> <ul style="text-align: justify;"> <li>Supports iOS 2, iOS 3, iOS 4 and iOS 5 devices</li> <li>Multi-platform (<a href="http://www.toolwar.com/search/label/Java" target="_blank">Java</a> based) product, supported on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> and <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac</a></li> <li>Fast, powerful search across device including regular expressions</li> <li>Integrated mapping supports visualisation of geo-tagged information, including google maps searches, photos, and cell-sites and <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">wifi</a> locations observed by the device (the infamous "locationd" data)</li> <li>Integrated support for text messages, voicemail, address book entries, photos (including metadata), call records and many many others</li> <li>Recovery of "deleted" sqlite records (records that have been tagged as deleted, but have not yet been purged by the device can often be recovered),/li> </li> <li>Integrated visualisation of plist and sqlite files</li> <li>Includes support for off-line mapping, supporting mapping on computers not connected to the Internet</li> <li>Support for KML export and direct export to Google Earth</li> <li>Browse the device file structure, navigate directly to key files or explore the device using concepts such as "who", "when", "what" and "where".</li> <li>Analyse jail broken device directly over SSH without need for backup (experimental)</li> <li class="feature">iPhone Backup Browsing</li> <li class="feature">Native file viewing (plist, sqlite, etc)</li> <li class="feature">Searching including regular expressions</li> <li class="feature">ssh access for <a href="http://www.toolwar.com/search/label/Jailbreak" target="_blank">jailbroken</a> phones (beta)</li> <li class="feature">Reports</li> <li class="feature">Restore files</li> <li class="feature">Recover backups</li> <li class="feature">View all iPhone photos</li> <li class="feature">examine address book, sms and loads of others</li> <li class="feature">find and recover passwords</li> <li class="feature">Export files to local filesytem </li> <li class="feature"><a href="http://www.toolwar.com/search/label/Online" target="_blank">Online</a> and offline mapping</li> <li class="feature">Geo track where a device has been</li> <li class="feature">IOS5 and earlier versions supported</li> <li class="feature">IOS6 is only partially supported (several known problems) </li> </ul> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>User Manual (PDF) ::</b><a href="http://www.crypticbit.com/files/ipa_user_guide.pdf" target="_blank"> Click Here </a></div> <h3 style="text-align: justify;"> Download ::  </h3> <div style="text-align: justify;"> <b>JAR :: </b><a href="http://sourceforge.net/projects/iphoneanalyzer/files/latest/download" target="_blank">iPhone Analyzer (.jar)</a></div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://www.crypticbit.com/zen/products/iphoneanalyzer">http://www.crypticbit.com/zen/products/iphoneanalyzer</a></div>

iPhone Analyzer :: Tools

iPhone Analzyer allows you to forensically examine or recover date from in iOS device . It principally works by importing backups pr...

Read more »

USB Write Blocker :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9ZByi54hPn7v04uGKEx2jZaQJOJ1rWCNJmv7Zr8uE_ZOfRrNCt2Z1LCPloZKSVKaop7SYqwJcf8ZTvfLubORAFC7237Z94KhSvUkruBb7ClH7ZnFTsBpq98xmVmio5dylc1uSgOr2rrLu/s1600/USB+Blocker.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="241" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9ZByi54hPn7v04uGKEx2jZaQJOJ1rWCNJmv7Zr8uE_ZOfRrNCt2Z1LCPloZKSVKaop7SYqwJcf8ZTvfLubORAFC7237Z94KhSvUkruBb7ClH7ZnFTsBpq98xmVmio5dylc1uSgOr2rrLu/s1600/USB+Blocker.jpg" width="400" /></a></div> <b>USB Write blocker</b> is an application that will use the <a href="http://www.toolwar.com/search/label/Windows" target="_blank">windows</a> <a href="http://www.toolwar.com/search/label/Registry" target="_blank">registry</a> to write <b>block USB devices</b>. It is a useful <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tool</a> for those who wish to view the contents of USB drives without making changes to the files metadata or timestamps. This is a critical feature in the fields of digital and computer <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensics</a> as well as eDiscovery where time stamps play a crucial role in the validity of evidence.</div> <div style="text-align: justify;"> An added feature of <b>USB Write-Blocker</b> is the ability to see the application status in your task bar when you hover over its icon with your mouse. </div> <div style="text-align: justify;"> <br /></div> <span class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text" id="hs_cos_wrapper_module_13657563409421086"><span style="font-size: small;"><b>DSi USB Write-Blocker Utility – Compatible Operating Systems:</b></span> </span><br /> <ul><span class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text" id="hs_cos_wrapper_module_13657563409421086"> <li>Windows XP (w/SP2 and Higher, 32bit & 64bit)</li> <li>Windows Vista (32bit & 64bit)</li> <li>Windows 7 (32bit & 64bit)</li> </span></ul> <span class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text" id="hs_cos_wrapper_module_13657563409421086"> </span><br /> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://cdn2.hubspot.net/hub/252640/file-71226249-zip/USBWriteBlocker.zip" target="_blank">USB Write Blocker (.zip)</a><b><br /></b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://dsicovery.com/">http://dsicovery.com/</a></div>

USB Write Blocker :: Tools

USB Write blocker is an application that will use the windows registry to write block USB devices . It is a useful tool for those who...

Read more »

iScan Online :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="iscan logo online " border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeslw6s4bc1vdJpAy_EBblVvuVFaHURRWxOkNzjUnX9V89kGe-adrQQhV7XBSPrnczstoi85guEuodmRteZGABDY-ALPPiGYapmKUWj2XLLvFzmZ0CHTSFwsYTyffYtCtRHMwmzMDQPNqj/s1600/iscan+online+logo.png" title="iscan logo online " /></div> <div style="text-align: justify;"> <b>iScan Online</b> is the <i>vulnerability scanning solutions for Computing and Mobility.</i> <b>iScan Online</b> delivers its <i><a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanning</a></i> through a <b>browser plugin, native mobile app</b> or alternatively as a downloadable <a href="http://www.toolwar.com/search/label/CLI" target="_blank">CLI</a> executable.<br /> <br /> For BYOD environments, HTML and Javascript snippets are provided to scan any laptop or <a href="http://www.toolwar.com/search/label/Phone" target="_blank">mobile device</a> connecting to a network and/or <a href="http://www.toolwar.com/search/label/Web" target="_blank">web </a>application.<br /> <br /> Data is submitted to the cloud console where HTML, CSV and <a href="http://www.toolwar.com/search/label/PDF" target="_blank">PDF</a> reports are available. JSON data is readily available with the RESTful API.<br /> <br /> Supported platforms covered for vulnerability and data discovery scanning are: <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X</a>, <a href="http://www.toolwar.com/search/label/Android" target="_blank">Android</a> and Apple iOS. Desktops, Servers, Smartphones and Tablets supported.</div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/SIIbrXW8ZMg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> </div> <div style="text-align: justify;"> <b>Android (Play Store) ::</b> <a href="https://play.google.com/store/apps/details?id=com.iscanonline.iscanandroid" target="_blank">https://play.google.com/store/apps/details?id=com.iscanonline.iscanandroid </a></div> <div style="text-align: justify;"> <b>Official Website & Online Plugins ::</b> <a href="https://www.iscanonline.com/" target="_blank">https://www.iscanonline.com/</a></div> <div style="text-align: justify;"> <b>Submitted By ::</b> iScan Online </div>

iScan Online :: Tools

iScan Online is the vulnerability scanning solutions for Computing and Mobility. iScan Online delivers its vulnerability scanning ...

Read more »

Xenotix XSS Exploit Framework v4.5 :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://www.owasp.org/images/9/98/Xenotix.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Xenotix XSS Framework" border="0" height="237" src="https://www.owasp.org/images/9/98/Xenotix.png" title="Xenotix XSS Framework" width="400" /></a></div> <div style="text-align: justify;"> <b>OWASP Xenotix XSS Exploit Framework</b> is an advanced <a href="http://www.toolwar.com/search/label/XSS" target="_blank">Cross Site Scripting (XSS)</a> vulnerability detection and exploitation <a href="http://www.toolwar.com/search/label/Framework" target="_blank">framework</a>. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner.</a> It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich <a href="http://www.toolwar.com/search/label/Information-Gathering" target="_blank">Information Gathering</a> module for target Reconnaissance. The Exploit Framework includes highly offensive XSS <a href="http://www.toolwar.com/search/label/Exploitation" target="_blank">exploitation</a> modules for <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">Penetration</a> Testing and Proof of Concept creation. </div> <div style="text-align: justify;"> <div style="border: none; color: black; font-size: 120%; margin: 0;"> <br /> <span style="font-size: small;"><b>SCANNER MODULES</b></span> <br /> <span style="font-size: small;"> </span><ul> <li><span style="font-size: small;">Manual Mode Scanner </span></li> <li><span style="font-size: small;">Auto Mode Scanner </span></li> <li><span style="font-size: small;">DOM Scanner </span></li> <li><span style="font-size: small;">Multiple Parameter Scanner </span></li> <li><span style="font-size: small;">POST Request Scanner </span></li> <li><span style="font-size: small;">Header Scanner </span></li> <li><span style="font-size: small;">Fuzzer </span></li> <li><span style="font-size: small;">Hidden Parameter Detector </span></li> </ul> <span style="font-size: small;"> </span><span style="font-size: small;"><b>INFORMATION GATHERING MODULES</b></span> <br /> <span style="font-size: small;"> </span><ul> <li><span style="font-size: small;">WAF Fingerprinting </span></li> <li><span style="font-size: small;">Victim Fingerprinting </span></li> <li><span style="font-size: small;">Browser Fingerprinting </span></li> <li><span style="font-size: small;">Browser Features Detector </span></li> <li><span style="font-size: small;">Ping Scan </span></li> <li><span style="font-size: small;">Port Scan </span></li> <li><span style="font-size: small;">Internal Network Scan </span></li> </ul> <span style="font-size: small;"> </span><span style="font-size: small;"><b>EXPLOITATION MODULES</b></span> <br /> <span style="font-size: small;"> </span><ul> <li><span style="font-size: small;">Send Message </span></li> <li><span style="font-size: small;">Cookie Thief </span></li> <li><span style="font-size: small;">Phisher </span></li> <li><span style="font-size: small;">Tabnabbing </span></li> <li><span style="font-size: small;">Keylogger </span></li> <li><span style="font-size: small;">HTML5 DDoSer </span></li> <li><span style="font-size: small;">Load File </span></li> <li><span style="font-size: small;">Executable Drive By </span></li> <li><span style="font-size: small;">JavaScript Shell </span></li> <li><span style="font-size: small;">Reverse HTTP WebShell </span></li> <li><span style="font-size: small;">Drive-By Reverse Shell </span></li> <li><span style="font-size: small;">Metasploit Browser Exploit </span></li> <li><span style="font-size: small;">Firefox Reverse Shell Addon (Persistent) </span></li> <li><span style="font-size: small;">Firefox Session Stealer Addon (Persistent) </span></li> <li><span style="font-size: small;">Firefox Keylogger Addon (Persistent) </span></li> <li><span style="font-size: small;">Firefox DDoSer Addon (Persistent) </span></li> <li><span style="font-size: small;">Firefox Linux Credential File Stealer Addon (Persistent) </span></li> <li><span style="font-size: small;">Firefox Download and Execute Addon (Persistent) </span></li> </ul> <span style="font-size: small;"> </span><span style="font-size: small;"><b>UTILITY MODULES</b></span> <br /> <span style="font-size: small;"> </span><ul> <li><span style="font-size: small;">WebKit Developer Tools </span></li> <li><span style="font-size: small;">Payload Encoder </span></li> <li><span style="font-size: small;">JavaScript Beautify </span></li> <li><span style="font-size: small;">Hash Calculator </span></li> <li><span style="font-size: small;">Hash Detector </span></li> </ul> </div> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/dCo5BCJWOdA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> <b>Windows :: </b><span style="color: #3d85c6;"><span style="background-color: white;"><a href="http://opensecurity.in/downloads/Xenotix_XSS_Exploit_Framework_v4.5.rarhttp://opensecurity.in/downloads/Xenotix_XSS_Exploit_Framework_v4.5.rar" target="_blank">OWASP Xenotix v4.5</a> </span></span></div> <div style="text-align: justify;"> <b>Official Websites :: </b>http://www.owasp.org/</div> </div>

Xenotix XSS Exploit Framework v4.5 :: Framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework . It...

Read more »

WinDbg (Windows Debugger) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIZ53_pO0bAOCjl_oxpv2f2XhKxp-Z63nXIjIntBQxqPPcI_HT1qhdI4UMOb7ZHKD6D-KSRcJC068J4vvrq4tnFkTp0rQw0pgwPGLIASpGS7YoWpZ1srx4fVezCo-TPQ5gjHVyw-uyEUUw/s1600/windbg+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Windbg screenshot" border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIZ53_pO0bAOCjl_oxpv2f2XhKxp-Z63nXIjIntBQxqPPcI_HT1qhdI4UMOb7ZHKD6D-KSRcJC068J4vvrq4tnFkTp0rQw0pgwPGLIASpGS7YoWpZ1srx4fVezCo-TPQ5gjHVyw-uyEUUw/s400/windbg+screenshot.png" title="Windbg screenshot" width="400" /></a></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>WinDbg</b> is a <i>graphical debugger from Microsoft</i>. It is actually just one component of the <i>Debugging Tools for <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> package</i>, which also includes the KD, CDB, and NTSD <a href="http://www.toolwar.com/search/label/Debugger" target="_blank">debuggers</a>. Its claim to fame is debugging <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> dumps produced after a crash. It can even debug in kernel mode. For downloads and more information.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/q-IWHHFQcXg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/1R0zqStq7ss?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows (x86) ::</b> <a class="FileNameLink" href="http://archive.msdn.microsoft.com/Project/Download/FileDownload.aspx?ProjectName=debugtoolswindows&DownloadId=13748" id="ctl00_ctl00_Content_TabContentPanel_Content_ReleaseFiles_FileList_ctl01_FileNameLink" tabindex="9" target="_blank">dbg_x86_6.12.2.633</a></div> <div style="text-align: justify;"> <b>Windows (x64) ::</b> <a href="http://archive.msdn.microsoft.com/Project/Download/FileDownload.aspx?ProjectName=debugtoolswindows&DownloadId=13747" target="_blank">WinDbg_x64</a>  </div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="https://www.microsoft.com/" target="_blank">https://www.microsoft.com/ </a></div>

WinDbg (Windows Debugger) :: Tools

WinDbg is a graphical debugger from Microsoft . It is actually just one component of the Debugging Tools for Windows package , which...

Read more »

Immunity Debugger :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Immunity Debugger logo" border="0" height="340" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9Tz7osQXiMIGssd8NGbnuYt2UuNlyHH6exkoSIEvMi6eJWYewN-waCLbYG-2ZjR-PbZhLWL2A9wBOmtAo9V0AKXaUBpGgoDlDoMAhMep5Qott6zJB-zoqQuUaLf0pzc5oMPvczcOOL0pJ/s400/debugger-logo.png" title="Immunity Debugger logo" width="400" /></div> <div style="text-align: justify;"> <b>Immunity Debugger</b> is a powerful new way to <i>write exploits, <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analyze</a> <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a>, and reverse engineer binary files.</i> It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> API for easy extensibility.</div> <div style="text-align: justify;"> <img border="0" src="http://www.immunityinc.com/bullet.gif" /> A <a href="http://www.toolwar.com/search/label/Debugger" target="_blank">debugger</a> with functionality designed specifically for the security industry<br /> <img border="0" src="http://www.immunityinc.com/bullet.gif" />Cuts exploit development time by 50%<br /> <img border="0" src="http://www.immunityinc.com/bullet.gif" />Simple, understandable interfaces<br /> <img border="0" src="http://www.immunityinc.com/bullet.gif" />Robust and powerful scripting language for automating intelligent debugging<br /> <img border="0" src="http://www.immunityinc.com/bullet.gif" />Lightweight and fast debugging to prevent corruption during complex analysis<br /> <img border="0" src="http://www.immunityinc.com/bullet.gif" />Connectivity to fuzzers and exploit development <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/fIUOiwYTpho?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/KlcLLzdtT2U?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> </div> <div style="text-align: justify;"> <h3> Download ::</h3> </div> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://debugger.immunityinc.com/ID_register.py" target="_blank">Immunity Debugger </a><b> </b></div> <div style="text-align: justify;"> <b>Official Website ::</b>  <a href="http://debugger.immunityinc.com/">http://debugger.immunityinc.com/</a></div>

Immunity Debugger :: Tools

Immunity Debugger is a powerful new way to write exploits, analyze malware , and reverse engineer binary files. It builds on a solid ...

Read more »

Ardamax Keylogger :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKetu8Xus_BjvV3rk63-tZDAyPcmhnmWc0da71GaTnL9NLYdt5WXx5blf98p4tTADVATkzma8ZWwBsiqpSZvVNbpAkmHM3yKvGH3J00B4mXZyWlJdl9UCxoFSE7T4kq9gmMSUd3UTFgCwm/s1600/ardamax+keylogger+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="ardamax keylogger " border="0" height="267" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKetu8Xus_BjvV3rk63-tZDAyPcmhnmWc0da71GaTnL9NLYdt5WXx5blf98p4tTADVATkzma8ZWwBsiqpSZvVNbpAkmHM3yKvGH3J00B4mXZyWlJdl9UCxoFSE7T4kq9gmMSUd3UTFgCwm/s400/ardamax+keylogger+screenshot.png" title="ardamax keylogger " width="400" /></a></div> <b>Ardamax Keylogger </b>is a <b><i>keystroke recorder</i></b> that captures user's activity and saves it to an encrypted log file. The log file can be viewed with the powerful Log Viewer. Use this <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tool</a> to find out what is happening on your computer while you are away, maintain a backup of your typed data automatically or use it to <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">monitor</a> your kids. Also you can use it as a monitoring device for detecting unauthorised access. Logs can be automatically sent to your e-mail address, access to the keylogger is <a href="http://www.toolwar.com/search/label/Password" target="_blank">password</a> protected. Besides, <b>Ardamax Keylogger</b> logs information about the Internet addresses the user has visited. This invisible spy application is designed for 2000, XP, 2003, Vista, 7 and <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> 8.</div> <h3> <b>Keylogger Features:</b></h3> <ul> <li><b>Email log delivery</b> - keylogger can send you recorded logs through e-mail delivery at set times - perfect for remote monitoring!</li> <li><b>FTP delivery</b> - Ardamax Keylogger can upload recorded logs through FTP delivery.</li> <li><b>Network delivery</b> - sends recorded logs through via LAN.</li> <li><b>Clipboard logging</b> - capture all text copied to the Windows Clipboard. </li> <li><b>Invisible mode</b> makes it absolutely invisible to anyone. <b>Ardamax Keylogger</b> is not visible in the task bar, system tray, Windows 2000/XP/2003/Vista/Windows 7 Task Manager, process viewers (Process Explorer, WinTasks etc.), Start Menu and Windows Startup list.</li> <li><b>Visual surveillance</b> - periodically makes screenshots and stores the compressed images to log.</li> <li><b>Chat monitoring</b> - Ardamax Keylogger is designed to record and monitor both sides of a conversation in following chats: <ul> <li>AIM</li> <li>Windows Live Messenger 2011</li> <li>ICQ 7</li> <li>Skype 4</li> <li>Yahoo Messenger 10</li> <li>Google Talk</li> <li>Miranda</li> <li>QiP 2010</li> </ul> </li> <li><b>Security</b> - allows you to protect program settings, Hidden Mode and Log file.</li> <li><b>Application monitoring</b> - keylogger will record the application that was in use that received the keystroke!</li> <li><b>Time/Date tracking</b> - it allows you to pinpoint the exact time a window received a keystroke!</li> <li><b>Powerful Log Viewer</b> - you can view and save the log as a HTML page or plain text with keylogger Log Viewer.</li> <li><b>Small size </b>– Ardamax Keylogger is several times smaller than other programs with the same features. It has no additional modules and libraries, so its size is smaller and the performance is higher.</li> <li>Ardamax Keylogger fully supports <b>Unicode</b> characters which makes it possible to record keystrokes that include characters from Japanese, Chinese, Arabic and many other character sets.</li> <li>It records every keystroke. Captures passwords and all other invisible text.</li> </ul> <b>Other Features:</b><br /> <ul> <li>Windows 2000/2003/XP/Vista/Windows 7/Windows 8 support</li> <li>Monitors multi-user machines</li> <li>Automatic startup</li> <li>Friendly interface</li> <li>Easy to install</li> </ul> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/iJ2udtA48hg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;">  </h3> Screenshots :: <a href="http://www.ardamax.com/keylogger/screenshots.html" target="_blank">Click Here</a> <br /> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://www.snapfiles.com/php/sfdwnld.php?id=107631&a=7115070&loc=x" target="_blank">Ardamax Keylogger (Trial Version)</a><b> </b></div> <div style="text-align: justify;"> <b>Buy $ ::</b> <a href="https://sites.fastspring.com/ardamax/instant/keylogger" target="_blank">Ardamax Keylogger (Buy Here)</a></div>

Ardamax Keylogger :: Tools

Ardamax Keylogger is a keystroke recorder that captures user's activity and saves it to an encrypted log file. The log file can be ...

Read more »

Sahi Pro (Web Application Testing) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="sahi pro logo" border="0" height="186" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQ6Br5uAi7vygfur1Hk2sXAQcW0JE-b8lFTIo5sO0ffn0u_e9kyHMselsNClcHQ8FuG1YZGONiJsC1UqXRp7AGDAvLG-zLfOprOI3HK1n-aV0xQqwBo0CEXuAMiMb4ffw39t_TvswkwYA3/s400/sahi+pro+logo.png" title="sahi pro logo" width="400" /></div> <span style="font-size: small;"><b>Sahi Pro</b> is a powerful tool for <i><b>automation of <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> application testing</b></i>. <b>Sahi Pro</b> helps <i>test web applications across different browsers</i> with high reliability and low maintenance. Existing testing teams with minimal programming knowledge can easily get started and contribute to test automation. </span> </div> <div style="text-align: justify;"> <span style="font-size: small;">Sahi is especially suited for cross-browser/multi-<a href="http://www.toolwar.com/search/label/Browser" target="_blank">browser</a> <a href="http://www.toolwar.com/search/label/Testing" target="_blank">testing</a> of complex web 2.0 applications with lots of AJAX and dynamic content. <b>Sahi</b> works well in Agile development environments, enabling rapid automation and maintenance and easily integrating with build systems. Sahi saves time and effort with faster development, less maintenance and fast distributed playback. Sahi runs on any modern browser which supports javascript.</span></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <span style="font-size: small;">For testing teams in product companies and captive IT units which need rapid reliable web automation, Sahi would be the best choice among web automation tools. </span><br /> <h3 class="pro_feature_heading"> Record & Playback on Any Browser</h3> <div class="pro_feature_body"> Record and playback any web application on any browser, any operating system. Recording saves time and helps non-technical users contribute to automation. The Sahi Controller helps easily identify and experiment with elements on any browser. <b>The same script works on all browsers</b> </div> <div class="pro_feature_body"> <h3 class="pro_feature_heading"> Smart Accessor Identification</h3> <div class="pro_feature_body"> Sahi identifies elements in simple stable ways. Sahi works even on applications with dynamic ids, using _near, _in etc. APIs to easily locate one element with respect to another. Sahi can automate applications built using ExtJS, ZK, Dojo, YUI or any other framework. </div> <div class="pro_feature_body"> <h3 class="pro_feature_heading"> AJAX? No Timeout Issues</h3> <div class="pro_feature_body"> Sahi’s technology eliminates need for wait statements even for inconsistent page loads and AJAX. Sahi tests are stable and do not fail because of timing issues. Sahi scripts need less code and are easier to maintain. </div> <div class="pro_feature_body"> <h3 class="pro_feature_heading"> Rich Inbuilt Reports and Logs</h3> <div class="pro_feature_body"> See complete information of script execution. From concise summaries and graphs across runs, to exact line of script failure in code, get full end to end reporting. All logs are stored in database. Reports can be easily customized. </div> <div class="pro_feature_body"> <h3 class="pro_feature_heading"> Fast Parallel Batch Playback</h3> <div class="pro_feature_body"> Club together thousands of Sahi scipts in a suite file and let Sahi execute them in parallel on one machine or distribute it across machines. Cut play back time by upto 90%. Run from <b>command line</b>, <b>ant</b> or <b>build</b> and <b>continuous integration</b> systems. </div> <div class="pro_feature_body"> <h3 class="pro_feature_heading"> Simple Powerful Scripting</h3> <div class="pro_feature_body"> Sahi Script is based on Javascript. Interact with your File-System, Databases, Excel sheets, CSV files with ease. Call any Java code or library from Sahi Script to get added power. </div> <div class="pro_feature_body"> <h3 class="pro_feature_heading"> Inbuilt Excel Framework</h3> <div class="pro_feature_body"> Use the inbuilt Excel Framework to let your business analysts and non technical testers contribute to testing. Easily test from the Controller. Get detailed inbuilt reports. </div> </div> <h3> <span style="font-size: small;">Tutorials ::</span></h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/5VlbtlrFv3E?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> </div> </div> <div class="pro_feature_body"> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/lnaFZynoeyw?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> <span style="font-size: small;">Download ::</span></h3> <span style="font-size: small;"><b>Windows ::</b> <a href="http://sahi.co.in/download-sahi-pro" target="_blank"><span style="font-weight: normal;">Sahi</span> <span style="font-weight: normal;">Pro v5.1.0</span></a></span> <span style="font-size: small;"><span style="font-weight: normal;"><b> </b></span></span><br /> <span style="font-size: small;"><span style="font-weight: normal;"><b>Buy ::</b> <a href="https://crm.sahi.co.in/pay/index.php/order/create" target="_blank">Sahi Pro</a> in $495 </span></span><br /> <span style="font-size: small;"><span style="font-weight: normal;"><b>Official Website ::  </b><a href="http://sahi.co.in/">http://sahi.co.in/</a> </span></span></div> </div> </div> </div> </div> </div>

Sahi Pro (Web Application Testing) :: Tools

Sahi Pro is a powerful tool for automation of web application testing . Sahi Pro helps test web applications across different browse...

Read more »

ModSecurity (Web Application Firewall) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="modsecurity logo" border="0" height="212" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqIaR3MOqqt6M9kImwLEM90dn9peh4HGb7o2VN5_LqA_bdR7pZqI6NiXKpATu9GK7SXtf7mbPlWzHP-zqQrAfCIPEzsQuiMRdYdAsbjCDXBBaqUZI9R5Pk_6no9f8fPoZakuUWdh6BxuN1/s640/mod-security+logo.jpg" title="modsecurity logo" width="640" /></div> </div> <div style="text-align: justify;"> <b>ModSecurity</b> is a <i>web application firewall</i> that can work either embedded or as a <b>reverse proxy</b>. It provides protection from a range of <a href="http://www.toolwar.com/search/label/Attack" target="_blank">attacks</a> against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. </div> <h2 style="text-align: justify;"> ModSecurity: Overview</h2> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> With over 70% of all attacks now carried out over the web application level, organisations need every help they can get in making their systems secure. <b>Web application firewalls</b> are deployed to establish an external <a href="http://security/" target="_blank">security</a> layer that increases security, detects, and prevents attacks before they reach web applications. </div> <h3 style="text-align: justify;"> HTTP Traffic Logging</h3> <div style="text-align: justify;"> <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> servers are typically well-equipped to log traffic in a form useful for marketing analyses, but fall short when it comes to logging of traffic to web applications. In particular, most are not capable of logging the request bodies. Your adversaries know this, and that is why most attacks are now carried out via POST requests, rendering your systems blind. </div> <div style="text-align: justify;"> ModSecurity makes full HTTP transaction logging possible, allowing complete requests and responses to be logged. Its logging facilities also allow fine-grained decisions to be made about exactly what is logged and when, ensure only the relevant data is recorded. </div> <h3 style="text-align: justify;"> Real-Time Monitoring and Attack Detection</h3> <div style="text-align: justify;"> In addition to providing logging facilities, <b>ModSecurity</b> can <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">monitor</a> the HTTP traffic in real time in order to detect attacks. In this case <b> ModSecurity</b> operates as a web intrusion detection tool, allowing you to react to suspicious events that take place at your web systems. </div> <h3 style="text-align: justify;"> Attack Prevention and Just-in-time Patching</h3> <div style="text-align: justify;"> <b>ModSecurity</b> can also act immediately to prevent attacks from reaching your web applications. There are three commonly used approaches: </div> <ol style="text-align: justify;"> <li><b>Negative security model.</b> Negative security model monitors requests for anomalies, unusual behaviour, and common web application attacks. It keeps anomaly scores for each request, IP addresses, application sessions, and user accounts. Requests with high anomaly scores are either logged or rejected altogether. </li> <li><b>Known weaknesses and vulnerabilities.</b> Its rule language makes ModSecurity an ideal external patching tool. External patching is all about reducing the window of opportunity. Time needed to patch application vulnerabilities often runs to weeks in many organisations. With ModSecurity, applications can be patched from the outside, without touching the application source code (and even without any access to it), making your systems secure until a proper patch is produced. </li> <li><b>Positive security model.</b> When positive security model is deployed, only requests that are known to be valid are accepted, with everything else rejected. This approach works best with applications that are heavily used but rarely updated. </li> </ol> <h3 style="text-align: justify;"> Flexible Rule Engine</h3> <div style="text-align: justify;"> A flexible rule engine sits in the heart of ModSecurity. It implements the ModSecurity Rule <a href="http://www.toolwar.com/search/label/Language" target="_blank">Language</a>, which is a specialised programming language designed to work with HTTP transaction data. The <b>ModSecurity</b> Rule Language was designed to be easy to use, yet flexible: common operations are simple while complex operations are possible.</div> <div style="text-align: justify;"> Certified ModSecurity Rules, included with subscription to <b>ModSecurity</b>, contain a comprehensive set of rules that implement general-purpose hardening, common web application security issues. Heavily commented, these rules can be used as a learning tool.</div> <h3 style="text-align: justify;"> Embedded Deployment</h3> <div style="text-align: justify;"> ModSecurity is an embeddable web application firewall, which means it can be deployed as part of your existing web server infrastructure (Apache, IIS7 and Nginx).</div> <div style="text-align: justify;"> This deployment method has certain advantages:</div> <ol style="text-align: justify;"> <li>No changes to existing network. It only takes a few minutes to add ModSecurity to your existing web servers. And because it was designed to be completely passive by default, you are free to deploy it incrementally and only use the features you need. It is equally easy to remove or deactivate it should decide you don't want it any more. </li> <li>No single point of failure. Unlike with network-based deployments, you will not be introducing a new point of failure to your system. </li> <li>Implicit load balancing and scaling. Because it works embedded in web servers, <b>ModSecurity</b> will automatically take advantage of the additional load balancing and scalability features. You will not need to think of load balancing and scaling unless your existing system needs them. </li> <li>Minimal overhead. Because it works from inside the web server process there is no overhead for network communication and minimal overhead in parsing and data exchange. </li> <li>No problem with encrypted or compressed content. Many <a href="http://www.toolwar.com/search/label/IDS" target="_blank">IDS</a> systems have difficulties analysing SSL traffic. This is not a problem for ModSecurity because it is positioned to work when the traffic is decrypted and decompressed. </li> </ol> <div style="text-align: justify;"> ModSecurity is known to work well on a wide range of operating systems. Our customers are successfully running it on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, Mac OS X, and HP-UX. </div> <h3 style="text-align: justify;"> Network-Based Deployment</h3> <div style="text-align: justify;"> <b>ModSecurity</b> works equally well when deployed as part of a reverse proxy server, and many of our customers choose to do so. In this scenario, one installation of <b>ModSecurity </b>can protect any number or type of back-end web servers. </div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/7w9aHEx-BmE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/P-KJU785CKg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/nMGtIgrVv8s?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Linux :: </b></div> <div style="text-align: justify;"> <b>Installation - Ubuntu/Debian</b> <span style="font-family: "Courier New",Courier,monospace;"> </span><br /> <span style="font-family: "Courier New",Courier,monospace;">$ sudo apt-get install libapache2-mod-security </span><br /> <span style="font-family: "Courier New",Courier,monospace;">$ sudo a2enmod mod-security </span><br /> <span style="font-family: "Courier New",Courier,monospace;">$ sudo /etc/init.d/apache2 force-reload</span><br /> <br />  <b>Installation - Fedora/CentOS</b><span style="font-family: "Courier New",Courier,monospace;"> </span><br /> <span style="font-family: "Courier New",Courier,monospace;">$ sudo yum install mod_security </span><br /> <span style="font-family: "Courier New",Courier,monospace;">$ sudo /etc/init.d/httpd restart</span> <b> </b><br /> <br /> <b>Windows ::</b></div> <ul> <li><a href="https://www.modsecurity.org/tarball/2.7.5/ModSecurityIIS_2.7.5.msi">ModSecurity for IIS MSI Installer</a> </li> <li><a href="https://www.modsecurity.org/tarball/2.7.5/ModSecurityIIS_2.7.5.msi.sha256">ModSecurity for IIS MSI Installer SHA25</a></li> </ul> <b>Official Website :: </b><a href="http://www.modsecurity.org/">http://www.modsecurity.org/</a><br /> <ul> </ul> <div style="text-align: justify;"> </div>

ModSecurity (Web Application Firewall) :: Tools

ModSecurity is a web application firewall that can work either embedded or as a reverse proxy . It provides protection from a range ...

Read more »

CSRFTester (CSRF Vulnerability Tester) :: Tools

<div style="text-align: justify;"> <div style="text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiknqrcJ0AaQrbIi2UugREgBG1Z7upbwf_PCp5NSgxfWNpFLOAh1v96V2StvLmvgsPEtP2oPyKdCM89YAwgSZIES4vC0cqy0W8AduQVObDEuZoVJVWEKAAnYQeQDeGbotNoS0AoMnH2kYv7/s1600/CSRF-tester+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="csrf tester screenshot" border="0" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiknqrcJ0AaQrbIi2UugREgBG1Z7upbwf_PCp5NSgxfWNpFLOAh1v96V2StvLmvgsPEtP2oPyKdCM89YAwgSZIES4vC0cqy0W8AduQVObDEuZoVJVWEKAAnYQeQDeGbotNoS0AoMnH2kYv7/s400/CSRF-tester+screenshot.png" title="csrf tester screenshot" width="400" /></a> </div> <b>OWASP CSRFTester</b> is a tool for <b>testing CSRF vulnerability in websites</b>. Just when developers are starting to run in circles over Cross Site Scripting, the 'sleeping giant' awakes for yet another web-catastrophe.<b> Cross-Site Request Forgery (CSRF) </b>is an attack whereby the victim is tricked into loading information from or submitting information to a web application for which they are currently authenticated. The problem is that the web application has no means of verifying the integrity of the request. The <b>OWASP CSRFTester </b>Project attempts to give developers the ability to test their applications for CSRF flaws. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Luocnr0t8_o?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Zip :: </b><a href="https://www.owasp.org/images/0/08/CSRFTester-1.0.zip" target="_blank">CSRFTester-1.0.zip</a><br /> <b>Official Website :: </b> <a href="https://www.owasp.org/">https://www.owasp.org/</a></div>

CSRFTester (CSRF Vulnerability Tester) :: Tools

  OWASP CSRFTester is a tool for testing CSRF vulnerability in websites . Just when developers are starting to run in circles over Cross...

Read more »

DVWA (Damn Vulnerable Web Application) :: Framework

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6lDm7-Ac-rSmIX0YYaz1CD7DrJi4lxkPqEbHy1wd3ZlxeWqM20xjQXp8T9E5nT1CDbMuyH4AGydtLIqMTwMKyQ_aHiKCwQDdUYZjvXHUR36d_Axi8Fxb1iAFQfaMoXTPwxnu2yp6flOqQ/s1600/Screenshot-Damn+Vulnerable+Web+App+(DVWA).png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Screenshot-Damn Vulnerable Web App (DVWA)" border="0" height="280" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6lDm7-Ac-rSmIX0YYaz1CD7DrJi4lxkPqEbHy1wd3ZlxeWqM20xjQXp8T9E5nT1CDbMuyH4AGydtLIqMTwMKyQ_aHiKCwQDdUYZjvXHUR36d_Axi8Fxb1iAFQfaMoXTPwxnu2yp6flOqQ/s400/Screenshot-Damn+Vulnerable+Web+App+(DVWA).png" title="Screenshot-Damn Vulnerable Web App (DVWA)" width="400" /></a></div> <div style="text-align: justify;"> <b>Damn Vulnerable Web App (DVWA)</b> is a <i>PHP/MySQL web application</i> that is <i>damn vulnerable</i>. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/ywnVlyuP7SY?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;">  <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/B75FgRT2npc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Zip ::</b> <a href="https://github.com/RandomStorm/DVWA/archive/v1.0.8.zip" target="_blank">DVWA 1.0.8</a></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.dvwa.co.uk/">http://www.dvwa.co.uk/</a></div>

DVWA (Damn Vulnerable Web Application) :: Framework

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable . Its main goals are to be an aid for security ...

Read more »