ToolWar | Information Security (InfoSec) Tools: Information Gathering

PatrowlHears (Vulnerability Intelligence Center) :: Tools

<p style="text-align: center;"> <a href="#" style="margin-left: 1em; margin-right: 1em;"><img alt="PatrowlHears - Vulnerability Intelligence Center" border="0" data-original-height="95" data-original-width="426" height="142" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg78Yi-fUn6UnelJNfinTL6GmFcle_rN2kJVvbZkCeqyMWPTE-1c0Uo0rhirqcu-htF2eTBr5F4EYy0qj6L6eKHXBSOd387DApVooZ6SjJo612jyJVpfoFrQ1IfveC9EfrYrc_MsYqZrVpm/w640-h142/logo-patrowl-light.png" title="PatrowlHears - Vulnerability Intelligence Center" width="640" /> </a></p><p style="text-align: justify;"><span style="font-size: medium;"><span style="font-family: arial;"><span>PatrowlHears provides a unified source of vulnerability, exploit and threat Intelligence feeds. Users accesses a comprehensive and continuously updated vulnerability database scored and enriched with exploit and threat news information. These metadata are collected from public OSINT and private feeds. As today, it’s one of the most extended database.</span></span></span></p><code></code><p style="text-align: justify;"><span style="font-size: medium;"><b>Tutorial: </b><a href="https://makyotox.medium.com/patrowlhears-open-source-vulnerability-intelligence-center-a8577c462257" rel="nofollow" target="_blank">Click Here</a></span></p><p style="text-align: justify;"><span style="font-size: medium;"></span></p><div class="separator" style="clear: both; text-align: center;"><span style="font-size: medium;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgESDSSt8WN9e9FE8jTgauibslgmGYU-gxlA2KUNFhYXA77F5I2MfmxBDStpGCL335dQ6qq1X5nkgMYcGg91nl3KL7F1-bI7rb4o9QUYieLnTPuGrttTYC1Dd5UiZuR_jFIOTJWyPrO0p25/s700/1+2BX5kinORfnh_Y0cJA5XFA.png" rel="nofollow" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img alt="PatrowlHears" border="0" data-original-height="313" data-original-width="700" height="179" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgESDSSt8WN9e9FE8jTgauibslgmGYU-gxlA2KUNFhYXA77F5I2MfmxBDStpGCL335dQ6qq1X5nkgMYcGg91nl3KL7F1-bI7rb4o9QUYieLnTPuGrttTYC1Dd5UiZuR_jFIOTJWyPrO0p25/w400-h179/1+2BX5kinORfnh_Y0cJA5XFA.png" title="PatrowlHears" width="400" /></a></span></div><p></p><p style="text-align: justify;"><span style="font-size: medium;"><b>Download</b>: </span></p><p style="text-align: justify;"><span style="font-size: medium;">Linux: </span></p><pre><code>git clone https://github.com/Patrowl/PatrowlHears
cd PatrowlHears
./install.sh </code></pre><pre><code><span style="font-size: small;"><code><span style="font-family: arial;"><b>For Detailed Installation Guide:</b> <a href="https://github.com/Patrowl/PatrowlHears/blob/master/INSTALL.md" rel="nofollow" target="_blank">Click Here</a></span> </code></span> </code></pre><p style="text-align: justify;"><span style="font-size: medium;"><b>Submitted By:</b> <a href="https://twitter.com/makyotox" rel="nofollow" target="_blank">makyotox</a></span><br /></p>

PatrowlHears (Vulnerability Intelligence Center) :: Tools

PatrowlHears provides a unified source of vulnerability, exploit and threat Intelligence feeds. Users accesses a comprehensive and conti...

Creepy (A Geolocation OSINT Tool) :: Tools

<p style="text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTMXR4-ayRdnriidUVQ4oZz3fyWm7PYeRQO3N5-pTyBtsw5Y4l_w6u_0VdPVfnV5IYPkcMwFhxmtgg2HZ8inLe_DG4acjmxSsWAQMA_5a4e_FZV4LPDsm5TOoHb7ZFBZmgMwaPRgSmuk1q/s1854/creepy.png" style="margin-left: 1em; margin-right: 1em;"><img alt="Creepy - A Geolocation OSINT Tool" border="0" data-original-height="1080" data-original-width="1854" height="233" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTMXR4-ayRdnriidUVQ4oZz3fyWm7PYeRQO3N5-pTyBtsw5Y4l_w6u_0VdPVfnV5IYPkcMwFhxmtgg2HZ8inLe_DG4acjmxSsWAQMA_5a4e_FZV4LPDsm5TOoHb7ZFBZmgMwaPRgSmuk1q/w400-h233/creepy.png" title="Creepy - A Geolocation OSINT Tool" width="400" /> </a></p><p style="text-align: justify;">Creepy
 is an open-source Geolocation intelligence tool. It collects 
information about Geolocation by using various social networking 
platforms and image hosting services that are already published 
somewhere else. Creepy presents the reports on the map, using a search 
filter based on the exact location and date. These reports are available
 in CSV or KML format to export for additional analysis.</p><h3>Quick Start Instructions</h3>
<ul><li>Download creepy ( source code or the installers provided here for your platform )</li><li>Configure the plugins. Edit -> Plugins Configuration -> Select plugin and run the wizards, following the instructions</li><li>Create a new project : Creepy -> New Project -> Person 
Based Project . Search for the target selecting the available plugins.</li><li>Right click on the project -> Analyze Current Project</li><li>Wait :)</li><li>The locations will be drawn on the map, once the analysis is complete.</li><li>Filter locations, export locations, view them on the map.</li></ul><div style="text-align: left;"><b>Installation:</b><a href="https://www.geocreepy.com/" target="_blank"><b> </b>Installation Guide</a></div><div style="text-align: left;"> </div><div style="text-align: left;"><div style="text-align: left;"><b>Download Here:  </b></div><div style="text-align: left;"><a href="https://github.com/jkakavas/creepy/releases/download/v1.4.1/creepy_setup_v1.4.1_x86_64.exe" target="_blank">Creepy v1.4.1 Windows x64</a></div><div style="text-align: left;"><a href="https://github.com/jkakavas/creepy/releases/download/v1.4.1/creepy_setup_v1.4.1_x86_32.exe" rel="nofollow" target="_blank">Creepy v1.4.1 Windows x32</a></div><div style="text-align: left;"><a href="https://github.com/jkakavas/creepy/releases/download/v1.4.1/cree.py_1.4.1.dmg.zip" rel="nofollow" target="_blank">Creepy v1.4.1 OSX</a><br /></div></div>

Creepy (A Geolocation OSINT Tool) :: Tools

Creepy is an open-source Geolocation intelligence tool. It collects information about Geolocation by using various social networking ...

SubBrute (Subdomain Bruteforcer) :: Tools

<p style="text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir8Vkrnp22NNcwJ4TRgPi1YAm_XJvNmKenaVQ0w98RW2yv5rqslLJflOiKfr0HEHmjopBvu_-nmjjxc3eYsn0w8kMP6PHuX9xMhvRigmyxoBDd-bwTEbnjX-H_haEpL0DfBWjSX9-CfDA/s1600/SubBrute.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="subbrute subdomain bruteforce" border="0" data-original-height="900" data-original-width="1600" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir8Vkrnp22NNcwJ4TRgPi1YAm_XJvNmKenaVQ0w98RW2yv5rqslLJflOiKfr0HEHmjopBvu_-nmjjxc3eYsn0w8kMP6PHuX9xMhvRigmyxoBDd-bwTEbnjX-H_haEpL0DfBWjSX9-CfDA/w400-h225/SubBrute.jpg" title="subbrute subdomain bruteforce" width="400" /> </a></p><p style="text-align: justify;">SubBrute is a community driven project with the goal of creating the 
fastest, and most accurate subdomain enumeration tool.  Some of the 
magic behind SubBrute is that it uses open resolvers as a kind of proxy 
to circumvent DNS rate-limiting.  This design also provides a layer of anonymity, as SubBrute does not send traffic directly to the target's name servers.</p><p><span style="font-size: medium;"><b>I<span>nstallation & Use:</span></b> </span></p><p>No install required for Windows,  just cd into the 'windows' folder:</p>
<ul><li>subbrute.exe google.com</li></ul>
<p>Easy to install:
You just need and python2.7 or python3.  This tool should work under any operating system:  bsd, osx, windows, linux...</p>
<p>(On a side note giving a makefile root always bothers me,  it would be a great way to install a backdoor...)</p>
<p>Under Ubuntu/Debian all you need is:</p>
<ul><li>sudo apt-get install python-dnspython</li></ul>
<p>On other operating systems you may have to install dnspython manually:</p>

<p>Easy to use:</p>
<ul><li>./subbrute.py google.com</li></ul>
<p>Tests multiple domains:</p>
<ul><li>./subbrute.py google.com gmail.com blogger.com</li></ul>
<p>or a newline delimited list of domains:</p>
<ul><li>./subbrute.py -t list.txt</li></ul>
<p>Also keep in mind that subdomains can have subdomains (example: _xmpp-server._tcp.gmail.com):</p>
<ul><li>
<p>./subbrute.py gmail.com > gmail.out</p>
</li><li>
<p>./subbrute.py -t gmail.out</p>
</li></ul><p style="text-align: justify;"><b><span style="font-size: small;">Download: <a href="https://github.com/TheRook/subbrute" target="_blank">Subbrute v1.2.1</a><br /></span></b></p>

SubBrute (Subdomain Bruteforcer) :: Tools

SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool. Some of th...

OWASP Amass - Subdomain Enumeration/Scanner : Tool

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMkkEOynUt7XrCQ08ZO7DXwHrtiOnQ6KzkLBUGr1ORjHVElgEpZ9YVI12g5k_1CWCHXdVc6OtERaG_LVt1zaJauILNLAlL8-xYEHP_XzhiMuaTTQvj24MNCzzlTviXcpeJyIidAxA-V08e/s1600/Amass.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="OWASP Amass Subdomain Scanner" border="0" data-original-height="327" data-original-width="647" height="202" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMkkEOynUt7XrCQ08ZO7DXwHrtiOnQ6KzkLBUGr1ORjHVElgEpZ9YVI12g5k_1CWCHXdVc6OtERaG_LVt1zaJauILNLAlL8-xYEHP_XzhiMuaTTQvj24MNCzzlTviXcpeJyIidAxA-V08e/s400/Amass.JPG" title="OWASP Amass Subdomain Scanner" width="400" /></a></div>
<br />
<div style="text-align: justify;">
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques.</div>
<b><br />
</b> <b>Information Gathering Techniques Used:</b><br />
<br />
<div style="text-align: justify;">
1] DNS: Basic enumeration, Brute forcing (upon request), Reverse DNS sweeping, Subdomain name alterations/permutations, Zone transfers (upon request)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
2] Scraping: Ask, Baidu, Bing, CommonCrawl, DNSDumpster, DNSTable, Dogpile, Exalead, FindSubdomains, Google, HackerOne, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ViewDNS, Yahoo</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
3] Certificates: Active pulls (upon request), Censys, CertDB, CertSpotter, Crtsh, Entrust</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
4] APIs: AlienVault, BinaryEdge, BufferOver, CIRCL, DNSDB, HackerTarget, Mnemonic, NetworksDB, PassiveTotal, RADb, Robtex, SecurityTrails, ShadowServer, Shodan, Sublist3rAPI, TeamCymru, ThreatCrowd, Twitter, Umbrella, URLScan, VirusTotal</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
5] Web Archives: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, Wayback</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Video Tutorial:</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/mEQnVkSG19M/0.jpg" frameborder="0" height="330" src="https://www.youtube.com/embed/mEQnVkSG19M?feature=player_embedded" width="100%"></iframe></div>
<h3 style="text-align: justify;">
 </h3>
<h3 style="text-align: justify;">
Documentation:  </h3>
<div style="text-align: justify;">
1] <a href="https://github.com/OWASP/Amass/blob/master/doc/install.md" target="_blank">Installation Guide </a></div>
<div style="text-align: justify;">
2] <a href="https://github.com/OWASP/Amass/blob/master/doc/user_guide.md" target="_blank">User's Manual/How to Use</a></div>
<h3 style="text-align: justify;">
Download:</h3>
<div style="text-align: justify;">
Amass is available for various platforms like Linux, Windows, MacOS etc.</div>
<div style="text-align: justify;">
1] <a href="https://github.com/OWASP/Amass" target="_blank">Download Link</a></div>
<div style="text-align: justify;">
2] <a href="https://github.com/OWASP/Amass/releases" target="_blank">Precompiled Binary</a> (Windows, MacOS, Linux)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Official Page:</b> <a href="https://github.com/OWASP/Amass" target="_blank">OWASP Amass</a></div>

OWASP Amass - Subdomain Enumeration/Scanner : Tool

The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and p...

Sublist3r - Subdomain Enumeration / Scanner : Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX9xrud6fayQX7f2OmbYU-qjmsBfi35Y0IOMLeMSt1J-XnREvEI3TP99ySPRbENncML8CtP-8Nj8ppzVMR1nkfJWP_4ACocVhp1ZkHhCTFlQlNxlDPkC0htQNyVAN8KELdRTWwRfydGVt3/s1600/Sublist3r.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Sublist3r - Subdomain Enumeration" border="0" data-original-height="413" data-original-width="867" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX9xrud6fayQX7f2OmbYU-qjmsBfi35Y0IOMLeMSt1J-XnREvEI3TP99ySPRbENncML8CtP-8Nj8ppzVMR1nkfJWP_4ACocVhp1ZkHhCTFlQlNxlDPkC0htQNyVAN8KELdRTWwRfydGVt3/s400/Sublist3r.JPG" title="Sublist3r - Subdomain Scanner" width="400" /></a></div>
<div style="text-align: justify;">
Sublist3r is a python tool designed to enumerate subdomains of websites 
using OSINT. It helps penetration testers and bug hunters collect and 
gather subdomains for the domain they are targeting. Sublist3r 
enumerates subdomains using many search engines such as Google, Yahoo, 
Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using 
Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS.</div>
<div style="text-align: justify;">
<br /></div>
<h2 style="text-align: justify;">
<span style="font-size: large;">Installation:</span></h2>
<blockquote class="tr_bq">
<pre><code>git clone https://github.com/aboul3la/Sublist3r.git</code></pre>
</blockquote>
<b><span style="font-size: small;">Dependencies:</span></b><br />
<blockquote class="tr_bq">
<pre><code>sudo pip install -r requirements.txt</code></pre>
</blockquote>
<b><span style="font-size: small;">How To Use:</span></b> <br />
<blockquote class="tr_bq">
<span style="font-size: large;"> </span><code>python sublist3r.py -v -d example.com</code></blockquote>
where -V : Verbose, -d : Domain<br />
<br />
<h3>
<b>Download:: </b> </h3>
Linux & Windows : <a href="https://github.com/aboul3la/Sublist3r" rel="nofollow" target="_blank">Sublis3r (Official Page)</a>

Sublist3r - Subdomain Enumeration / Scanner : Tools

Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collec...

Mobile Security Framework (MobSF) : Framework

<div class="separator" style="clear: both; text-align: center;">
<img alt="Mobile Security Framework : ToolWar" border="0" height="232" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg92QuRFrhtVqI-D5Nzc-bu8_p0vvCirYl6qqK45JFNtlLSChwXklrMauZ_BLYvAZfq7H7ml0YTzaijl0GfbktnY_-sHW34h8B1tteqowCXjg_ELksZixDcb5Ff1B0JPxCVUTK9mYO9iNhL/s400/MobSF.png" title="Mobile Security Framework : ToolWar" width="400" /></div>
<div style="text-align: justify;">
<b>Mobile Security Framework (MobSF)</b> is an intelligent, all-in-one open 
source mobile application (Android/iOS) automated pen-testing framework 
capable of performing static and dynamic analysis. It can be used for 
effective and fast security analysis of Android and iOS Applications and
 supports both binaries (APK & IPA) and zipped source code.<b> MobSF</b> 
can also perform Web API Security testing with it's API Fuzzer that can 
do Information Gathering, analyze Security Headers, identify Mobile API 
specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other
 logical issues related to Session and API Rate Limiting.</div>
<div style="text-align: justify;">
<br /></div>
<h3>
Tutorial: </h3>
<ul>
<li><a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/wiki/1.-Documentation">https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/wiki/1.-Documentation</a></li>
</ul>
<h3>
Video Tutorial: </h3>
<h3>
Download: <strong> </strong></h3>
<strong>Windows</strong>: Extract the <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to C:\MobSF<strong> </strong><br />
<strong>Mac</strong>: Extract <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to /Users/[username]/MobSF<strong> </strong><br />
<strong>Linux</strong>: Extract <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to /home/[username]/MobSF<br />
<br />
<div style="text-align: justify;">
<br /></div>

Mobile Security Framework (MobSF) : Framework

Mobile Security Framework (MobSF) is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing fram...

SpiderFoot (Open Source Footprinting) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="spiderfoot logo" border="0" height="97" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3OsA6C6TqkPGzSteLe5Il6DIbd5vJ2R2ygYKxmMpztIbUkSadC9dsHcwl_7QR802M4qPoJJisrwSlI8DMAEUell4jeIyK4qx3jReRPGdrFQmb11OzHZZF0LqZ5PMxpn_9YKKrUSujN-Vq/s1600/spiderfoot-logo-named.jpg" title="spiderfoot logo" width="320" /></div>
<div style="text-align: justify;">
<b>SpiderFoot</b> is a free, <b>open-source footprinting tool</b>, enabling you to perform various scans against a given domain name in order to <i>obtain information</i> such as <i>sub-domains, e-mail addresses, owned netblocks, <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> server versions</i> and so on. The main objective of <b>SpiderFoot</b> is to automate the <b>footprinting</b> process to the greatest extent possible, freeing up a penetration tester’s time to focus their efforts on the <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> <a href="http://www.toolwar.com/search/label/Testing" target="_blank">testing</a> itself. <br />
<br />
<h3>
Features ::</h3>
</div>
<ul style="text-align: justify;">
<li><b>SpiderFoot's</b> simple web-based interface enables you to kick off a scan immediately after install - just give your scan a name, the domain name of your target and select which modules to enable. </li>
<li>You will quickly obtain information such as: URLs handling <a href="http://www.toolwar.com/search/label/Password" target="_blank">passwords</a>, <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> ranges (netblocks), web servers, open ports, information about SSL certificates, and much more.</li>
<li>All <b>SpiderFoot</b> scan results are stored within an internal SQLite database, meaning that during a running scan and after a scan has completed, you can easily browse results, export to CSV and soon also be able to search scan results.</li>
<li><b>SpiderFoot</b> is designed from the ground-up to be modular. This means you can easily add your own modules that consume data from other modules to perform whatever task you desire. As a simple example, you could create a module that automatically attempts to <a href="http://www.toolwar.com/search/label/Bruteforce" target="_blank">brute-force </a>usernames and passwords any time a password-handling webpage is identified by the spidering module.</li>
</ul>
<h3>
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/jD2rgooP2T0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
 </h3>
<b>Installing ::</b> <a href="https://github.com/smicallef/spiderfoot/wiki/Installing" target="_blank">Click Here</a>  
<b> </b><br />
<b>Release Notes ::</b> <a href="https://github.com/smicallef/spiderfoot/wiki/Release-Notes" target="_blank">Click Here</a>

<br />
<br />
<h3>
Download ::</h3>
<b>Windows ::</b> <a href="http://sourceforge.net/projects/spiderfoot/files/SpiderFoot-2.1.0-w32.zip/download" target="_blank">SpiderFoot v2.1.0x86</a> (.zip)<br />
<b>Linux/Solaris/BSD ::</b> <a href="http://sourceforge.net/projects/spiderfoot/files/spiderfoot-2.1.0-src.tar.gz/download" target="_blank">SpiderFoot v2.10</a> (.tar.gz)
<b> </b><br />
<b>Official Website :: </b><a href="http://www.spiderfoot.net/">http://www.spiderfoot.net/</a>

SpiderFoot (Open Source Footprinting) :: Tools

SpiderFoot is a free, open-source footprinting tool , enabling you to perform various scans against a given domain name in order to obta...

Microsoft's Network Monitor (Capturing and Protocol Analysis of Network Traffic) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuFsGavVKjtg1dEaRPRUk32xdWIKamQW4Z316g0h_uszkMWNGQsKf4s1b6LprmWBYZ5WnOg38bBpcuJjEQQGQuK7HkywR3J1kJzcPIYR7FEZKbW1rI6kIMDrqpJjnmw7Kcbd8Aa_qiQehH/s1600/Microsoft+Network+Monitor+Sceenshot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Microsoft Network Monitor Screenshot" border="0" height="377" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuFsGavVKjtg1dEaRPRUk32xdWIKamQW4Z316g0h_uszkMWNGQsKf4s1b6LprmWBYZ5WnOg38bBpcuJjEQQGQuK7HkywR3J1kJzcPIYR7FEZKbW1rI6kIMDrqpJjnmw7Kcbd8Aa_qiQehH/s1600/Microsoft+Network+Monitor+Sceenshot.jpg" title="Microsoft Network Monitor Screenshot" width="640" /></a></div>
<div style="text-align: justify;">
<b>Microsoft's Network Monitor</b> is a tools that allow <b>capturing and protocol analysis of network traffic</b>. Network Monitor 3 is a <a href="http://www.toolwar.com/search/label/Protocol" target="_blank">protocol analyzer</a>.  It enables you to capture, to
 view, and to analyze <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> data. You can use it to help troubleshoot 
problems with applications on the network.    This article 
contains download and support information, installation notes, and 
general usage information about Network Monitor 3. Network Monitor 3.4 
is the latest version.</div>
<div style="text-align: justify;">
<b>Network Monitor 3 </b> is a complete overhaul of the earlier Network Monitor 2.<var>x</var> version. Some key features of Network Monitor 3 include the following:</div>
<ul style="text-align: justify;">
<li>Script-based parser model with frequent updates </li>
<li>Concurrent  live capture sessions</li>
<li>Support for Windows 7</li>
<li>Support for 32-bit platforms and for 64-bit platforms </li>
<li>Support for network conversations and process tracking</li>
<li> API to access capture and parsing engine</li>
<li> <a href="http://www.toolwar.com/search/label/Wireless" target="_blank">Wireless</a> Monitor Mode Capturing</li>
</ul>
<div class="toggle-area" style="display: block; text-align: justify;">
<div class="system-requirements">
<div class="supported-os">
<b>Supported Operating System ::</b></div>
<div itemprop="operatingSystems">
<a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> 7, Windows 8, Windows Server 2003 
Service Pack 2, Windows Server 2003 Service Pack 2 x64 Edition, Windows 
Server 2008, Windows Server 2008 R2, Windows Server 2008 R2 for 
Itanium-based Systems, Windows Server 2012, Windows Vista 64-bit 
Editions Service Pack 1, Windows Vista Service Pack 1, Windows XP 
64-bit, Windows XP Service Pack 3
                        </div>
<ul class="htmldetails other-requirements">
Hardware ::
<ul>
<li>1 GHz or greater CPU</li>
<li>1 GB or greater <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a></li>
<li>60 MB free hard disk space plus extra room for capture files</li>
</ul>
</ul>
</div>
</div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Installation Instruction :: </b> </div>
<div style="text-align: justify;">
The Network <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">Monitor</a> core engine has been decoupled from the parser set.

To install the full <b>Network Monitor 3.4</b> product:
</div>
<ul style="text-align: justify;">
<li>Run the setup.exe for the platform you are installing.</li>
<li>You will be prompted first to install the core engine. Follow the installation
directions. Make sure you close existing instances of netmon.exe, nmcap.exe
and any running NMAPI applications.</li>
<li>Next you will be prompted to install the parser package. Follow the
installation directions:</li>
</ul>
<div style="text-align: justify;">
<b>
To uninstall the full Network Monitor 3.4 product ::</b></div>
<ul style="text-align: justify;">
<li>Go to Add/Remove Programs in Control Panel</li>
<li>Uninstall both <b>Microsoft Network Monitor 3.4</b> and Microsoft Network Monitor: Network Monitor
Parsers 3.4</li>
</ul>
<b>Network Monitor Blog ::</b> <a href="http://go.microsoft.com/fwlink/?LinkID=92890" target="_blank">Click Here</a><br />
<b>Network Monitor Blog ::</b> <a href="http://go.microsoft.com/fwlink/?LinkID=151800" target="_blank">Click Here</a><br />
<br />
<b>Video Tutorial :: </b> <a href="http://www.youtube.com/watch?v=jsShLK5bhoY" target="_blank">Click Here</a><br />
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Windows :: <a href="https://www.microsoft.com/en-in/download/details.aspx?id=4865" target="_blank">Network Monitor 3.4</a> (x86 & x64)</b><a href="http://www.microsoft.com/en-us/download/details.aspx?id=4865" target="_blank"></a></div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.microsoft.com/en-us/download/details.aspx?id=4865">http://www.microsoft.com/en-us/download/details.aspx?id=4865</a></div>
<div style="text-align: justify;">
<br /></div>
</div>

Microsoft's Network Monitor (Capturing and Protocol Analysis of Network Traffic) :: Tools

Microsoft's Network Monitor is a tools that allow capturing and protocol analysis of network traffic . Network Monitor 3 is a proto...

The Sleuth Kit (TSK - Forensics) :: Framework

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
 <img alt="the sleuth kit logo" border="0" height="166" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPBlwuWRltXOU2hEze6gjFS1OxwMM7HIYQuU4ElDgNsV8TmyWm9VYKauKsZbzStobxPbL4KSrUSqGxKXIYhNU4IluquGMQPe90Q6zRuGBMq_N92DQ2PK4G6lfCg8iLWGVDyVT8B8THFPHd/s1600/the+sleuth+kit+logo.gif" title="the sleuth kit logo" width="200" /></div>
<b>The Sleuth Kit</b> is a C++ library and collection of open source file 
system <a href="http://www.toolwar.com/search/label/Forensics" target="_blank"><b>forensics tools</b></a> that allow you to, among other things, view 
allocated and deleted data from NTFS, FAT, FFS, EXT2, Ext3, HFS+, and 
ISO9660 images. <br />
<b>The Sleuth Kit® (TSK)</b> is a library and collection of command line <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> that allow you to investigate disk images. The core functionality  of <b>TSK</b> allows you to <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analyze</a> volume and file system data. The plug-in  <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> allows you to incorporate additional modules to analyze file  contents and build automated systems. The library can be incorporated into larger digital forensics tools and the <a href="http://www.toolwar.com/search/label/CLI" target="_blank">command  line</a> tools can be directly used to find evidence. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
There are three different packages for each <b>The Sleuth Kit® (TSK) </b>release.</div>
<ul style="text-align: justify;">
<li><b>sleuthkit-X.X.X.tar.gz</b>: This is the source code release of  TSK core and framework that you must compile on your computer. This is  most commonly used on non-<a href="http://www.toolwar.com/search/label/Windows" target="_blank">windows</a> systems.</li>
<li><b>sleuthkit-X.X.X-win32.zip</b>: This is the compiled windows release of TSK core. This has executables and libraries that allow you to run this on windows.</li>
<li><b>sleuthkit-X.X.X-framework-win32.zip</b>: This is the compiled  windows release of the framework. It has the tsk_analyzeimg program that  allows you to run the framework on a disk image.</li>
</ul>
<div style="text-align: justify;">
<br /></div>
<h3>
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/YybBQycLL9w?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/3ieolkMJxJk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
Download ::</h3>
<b>Windows (x86) :: </b><a class="name" href="http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.2/sleuthkit-4.1.2-win32.zip/download" title="Click to download sleuthkit-4.1.2-win32.zip">Sleuthkit-4.1.2-win32.zip</a> | <a class="name" href="http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.2/sleuthkit-4.1.2-framework-win32.zip/download" title="Click to download sleuthkit-4.1.2-framework-win32.zip">Sleuthkit-4.1.2-framework-win32.zip</a>
<b> </b><br />
<b>Linux :: </b><a class="name" href="http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.2/sleuthkit-4.1.2.tar.gz/download" title="Click to download sleuthkit-4.1.2.tar.gz">Sleuthkit-4.1.2.tar.gz</a> <br />
<b>Official Website :: </b> <a href="http://www.sleuthkit.org/sleuthkit/">http://www.sleuthkit.org/sleuthkit/</a>

The Sleuth Kit (TSK - Forensics) :: Framework

The Sleuth Kit is a C++ library and collection of open source file system forensics tools that allow you to, among other things, vie...

NIELD (Network Forensics) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="Network Forensics" border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiv5UkdWZtYhJYA6juKwBWqbScPIAPAkUhoLvGVeVrnlB4umNPTnorlKGSInBzLSy5Faqe9YyG7bXA-bWiHYnBzqN5Tu9v9dATd-eeiHXBlHWrgZjE8-jsyhz7TnGf6q93Y-6Tm_4WPr1RJ/s400/Network+Forensics.jpg" title="Network Forensics" width="400" /></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>NIELD (Network Interface Events Logging Daemon)</b> is a tool that 
receives notifications from the kernel through the netlink socket, and 
generates logs related to interfaces, neighbor cache(ARP,NDP), IP 
address(IPv4,IPv6), routing, FIB rules, traffic control.</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Installation :: </b><a href="http://nield.sourceforge.net/install.html" target="_blank">Click Here </a></div>
<div style="text-align: justify;">
<b>Help :: </b><a href="http://nield.sourceforge.net/man.html" target="_blank">Click Here</a> </div>
<h3 style="text-align: justify;">
Download :: </h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://sourceforge.net/projects/nield/files/nield-0.4.0/nield-0.4.0.tar.gz/download" target="_blank">NIELD 0.4.0 (.tar.gz)</a></div>
<div style="text-align: justify;">
<b>Source :: </b><a href="http://nield.sourceforge.net/index.html">http://nield.sourceforge.net/index.html</a></div>

NIELD (Network Forensics) :: Tools

NIELD (Network Interface Events Logging Daemon) is a tool that receives notifications from the kernel through the netlink socket, and...

Second Look (Linux Memory Forensics) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both;">
 <img border="0" height="124" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhj3s-HN2dZGFNYEv4wk6IGLmblttBSVAhyiADK6Tcg_sE6ucHyhB_M1xINBz418Iy8K5vLizCBYB253oHqRxFsyyY8VZykHyveoJ2XteU5fG4hbI2gGuQ-r6z4iNVCrNR0thbZCaMasHa_/s1600/secondlook.jpg" width="640" /></div>
The Incident Response edition of <b>Second Look®: Linux Memory Forensics</b> is designed for use by investigators who need quick, easy, and effective <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory acquisition</a> and analysis capabilities. Second Look® is a product of Raytheon Pikewerks Corporation. </div>
<h3 style="text-align: justify;">
 <span class="mw-headline" id="Memory_Acquisition"> Memory Acquisition::</span></h3>
<div style="text-align: justify;">
<b>Second Look®</b> preserves the volatile system state, capturing evidence  and information that does not exist on disk and may otherwise be lost as  an investigation proceeds.  A <a href="http://www.toolwar.com/search/label/CLI" target="_blank">command-line</a> script allows for  acquisition of <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> from running systems without introducing any  additional software.  A memory access driver is provided for use on  systems without a native interface to physical memory. </div>
<h3 style="text-align: justify;">
 <span class="mw-headline" id="Memory_Analysis"> Memory Analysis ::</span></h3>
<div style="text-align: justify;">
<b>Second Look® </b>interprets live system memory or captured memory images,  detecting and <a href="http://www.toolwar.com/search/label/Reverse" target="_blank">reverse engineering</a> malware, including stealthy kernel <a href="http://www.toolwar.com/search/label/Rootkit" target="_blank"> rootkits</a> and backdoors.  A kernel integrity verification approach is  utilized to compare the Linux kernel in memory with a reference kernel.   Pikewerks provides thousands of reference kernels derived from original  distribution kernel packages, and a script for creating reference  kernels for other systems, such as those running custom kernels. </div>
<div style="text-align: justify;">
<b>Second Look®</b> also applies an integrity verification approach for  the analysis of each process in memory.  This enables it to detect  unauthorized applications as well as stealthy user-level <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a>. </div>
<h3 style="text-align: justify;">
 <span class="mw-headline" id="Supported_Systems"> Supported Systems ::</span></h3>
<div style="text-align: justify;">
Second Look® is regularly updated to support analysis of the latest  kernels and the most commonly used <a href="http://www.toolwar.com/search/label/Distribution" target="_blank">Linux distributions</a>.  The following  are its capabilities as of April 2012: </div>
<ul style="text-align: justify;">
<li> Supported target kernels: 2.6.x, 3.x up to 3.2 </li>
<li> Supported target architectures: x86 32- and 64-bit </li>
<li> Supported target distributions: Debian 4-6, RHEL/CentOS 4-6, Ubuntu 4.10-12.04, and more! </li>
</ul>
<h3 style="text-align: justify;">
Product features (Second Look Incident Response Edition) ::</h3>
<ul style="text-align: justify;">
<li>Memory acquisition and analysis for all 32- and 64-bit x86
(i386/i486/i586/i686, amd64/x86_64) Linux systems running 2.6- and 3-series
kernels. This includes:
<ul>
<li>Amazon Linux 2010.11 through 2014.03, and higher;</li>
<li>Debian 4 through 7, and higher;</li>
<li>Fedora 2 through 20, and higher;</li>
<li>Red Hat Enterprise Linux (RHEL) and CentOS 4.x, 5.x, 6.x, and higher;</li>
<li>Ubuntu 4.10 through 14.04, and higher;</li>
<li>and other distributions.</li>
</ul>
</li>
<li>Analysis via command line interface (CLI) or graphical user interface
(GUI) applications which run on Ubuntu 12.04 (32- or 64-bit) or RHEL/CentOS 6.x
(64-bit).</li>
<li>Automatic kernel version identification — just select a memory image
and go.</li>
<li>Supported memory image formats:
<ul>
<li>raw physical memory images ("mem" format — as produced by
secondlook-memdump, Inception, and other
tools);</li>
<li>SLM memory images ("slm" format — a high-performance compressed
memory image format used by Second Look Enterprise Security Edition);</li>
<li>LiME memory images ("lime", "padded", or LiME "raw" formats — "lime"
and LiME "raw" formats require conversion with secondlook-lime2mem or
secondlook-limeraw2mem, respectively ‐ LiME "padded" is the equivalent of
a raw physical memory image);</li>
<li>VMware virtual machine snapshots ("vmem", "vmsn", or "vmss" formats —
"vmsn" and "vmss" formats, as well as "vmem" files from VMs with >4GB RAM,
require conversion with VMware's vmss2core
and secondlook-core2mem);</li>
<li>VirtualBox snapshots ("vbc" format — via conversion with
secondlook-vbc2mem); and</li>
<li>KVM Libvirt-QEMU-Save or QEMU-savevm snapshots ("lqs" or "qsv" formats
— via conversion with lqs2mem, originally
secondlook-lqs2mem, now an open source project).</li>
</ul>
</li>
<li>Support for analysis of memory images from systems running either
distribution stock kernels or custom kernels.</li>
<li>Support for analysis of memory images from
Amazon EC2 instances (under both pv and hvm virtualization types).</li>
<li>Access to a repository of over 9000 ZRKs (Zipped Reference Kernels)
providing the metadata and baseline for analysis and verification of CentOS,
Debian, Fedora, RHEL, and Ubuntu stock kernels.</li>
<li>An easy-to-use tool for creation of ZRKs for other distributions or for
custom kernels.</li>
<li>Second Look ZRKs
can also be used as Volatility profiles.</li>
<li>Integrity verification of the kernel and processes in memory.</li>
<li>Access to a pagehash database containing hashes of the executable code
pages of the ELF executables and shared libraries from over 2 million
software packages from the Amazon, CentOS, Debian, Fedora, RHEL, and Ubuntu
distributions.</li>
<li>An easy-to-use tool for the addition of pagehashes supporting verification
of custom or third-party software.</li>
<li>Detection of kernel rootkits, backdoors, and other kernel-mode malware
(known and unknown varieties).</li>
<li>Detection of shared library rootkits, keyloggers, spyware, injected
libraries, injected threads, and other user-mode malware (known and unknown
varieties).</li>
<li>Detection of unknown or unauthorized processes.</li>
<li>Recovery of device mapper crypto keys
for LUKS, TrueCrypt, and other full disk encryption schemes.</li>
<li>Extraction of system state from captured memory images, including loaded
kernel modules, running processes, memory mappings, open files, active network
connections, and more.  Output is available in the GUI, in plain text from the
CLI, and in JSON format for ingestion by other programs.</li>
<li>Offline usage is supported via a subscription to our ZRK and pagehash reference data
feeds.</li>
</ul>
<h3 style="text-align: justify;">
More Reasons to Choose Second Look</h3>
<div style="text-align: justify;">

Beyond the unique and powerful Linux Incident Response feature set listed
above, what sets Second Look apart is the team behind it and the quality
of the software they deliver.

</div>
<ul style="text-align: justify;">
<li>The Second Look Team provides professional support via phone and
email, with on-site consulting services available.  You get direct access to
experts in Linux system internals and security.</li>
<li>Customer feedback often quickly leads to new features.</li>
<li>Second Look ships with comprehensive documentation, including a
User Guide with explanations of the techniques most commonly used by
attackers to maintain stealthy persistence on Linux systems.</li>
<li>Second Look is regression tested against a large suite of sample
memory images to ensure maximum quality and compatibility.</li>
<li>If you like the visibility that Second Look gives you during
investigations, you can upgrade to the Enterprise Security edition to monitor
your systems on an ongoing basis.</li>
</ul>
<ul style="text-align: justify;">
</ul>
<h3 style="text-align: justify;">
Tutorial ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/wt326aXmDMA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b>$1495 (USD) | <a href="http://secondlookforensics.com/contact/" target="_blank">Contact Here</a> for Purchase</div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://secondlookforensics.com/">http://secondlookforensics.com/</a></div>

Second Look (Linux Memory Forensics) :: Tools

The Incident Response edition of Second Look®: Linux Memory Forensics is designed for use by investigators who need quick, easy, and e...

Bulk Extractor (Computer Forensics) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="Bulk Extractor" border="0" height="267" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSwFRjzP4nYzs-ILiilqCBkm5oZiif74oCtqJU8AR5h2mTI_uHT4qyVykTzAKntroljTwfaPMVl2vcJLfpgcd6GaTRTidtiwi8dgXrG0Sp6F0pMD2_DCiaA94q7R02Bz4t8-nz_dhg07WE/s1600/computer-forensic-analysis.jpg" title="Bulk Extractor" width="400" /></div>
<div style="text-align: justify;">
<b>Bulk Extractor</b> is a <b>computer forensics tool</b> that scans a disk  image, a file, or a directory of files and extracts useful information  without parsing the file system or file system structures. The results  can be easily inspected, parsed, or processed with automated tools. <b>Bulk Extractor</b>  also created a histograms of features that it finds, as features that  are more common tend to be more important. The program can be used for  law enforcement, defense, intelligence, and <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">cyber-investigation</a>  applications. </div>
<div style="text-align: justify;">
bulk_extractor is distinguished from other forensic tools by its  speed and thoroughness. Because it ignores file system structure, <b>Bulk Extractor</b> can process different parts of the disk in parallel. In  practice, the program splits the disk up into 16MiByte pages and  processes one page on each available core. This means that 24-core  machines process a disk roughly 24 times faster than a 1-core machine. <b>Bulk Extractor</b> is also thorough. That’s because <b>Bulk Extractor</b>  automatically detects, decompresses, and recursively re-processes  compressed data that is compressed with a variety of algorithms. Our  <a href="http://www.toolwar.com/search/label/Testing" target="_blank">testing</a> has shown that there is a significant amount of compressed data  in the unallocated regions of file systems that is missed by most  <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensic tools</a> that are commonly in use today. </div>
<div style="text-align: justify;">
Another advantage of ignoring file systems is that <b>Bulk Extractor</b>  can be used to process any digital media. We have used the program to  process hard drives, SSDs, optical media, camera cards, <a href="http://www.toolwar.com/search/label/Phone" target="_blank">cell phones</a>,  network packet dumps, and other kinds of digital information. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;"><b>Compiling for MacOS or Linux</b> :: </span></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="font-size: small;">From the downloaded source directory run bootstrap.sh, configure and make: </span></span> </div>
<ul style="text-align: justify;">
<li><span style="font-family: "Courier New",Courier,monospace;">$ cd bulk_extractor </span></li>
<li><span style="font-family: "Courier New",Courier,monospace;">$ sh bootstrap.sh </span></li>
<li><span style="font-family: "Courier New",Courier,monospace;">$ sh configure </span></li>
<li><span style="font-family: "Courier New",Courier,monospace;">$ make </span></li>
<li><span style="font-family: "Courier New",Courier,monospace;">$ sudo make install </span></li>
</ul>
<div style="text-align: justify;">
<b>Compiling for Windows :: </b></div>
<div style="text-align: justify;">
There are three ways to compile for Windows: </div>
<div style="text-align: justify;">
1. Cross-compiling from a Linux or Mac system with mingw. </div>
<div style="text-align: justify;">
2. Compiling natively on Windows using mingw. </div>
<div style="text-align: justify;">
3. Compiling natively on Windows using cygwin (untested)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Cross-compiling for Windows using Debian Testing (wheezy) or Ubuntu 12.04 LTS (with mingw) :: </b></div>
<div style="text-align: justify;">
You will need to install mingw-w64 and zlib-dev: </div>
<ul style="text-align: justify;">
<li><span style="font-family: "Courier New",Courier,monospace;">$ sudo apt-get update </span></li>
<li><span style="font-family: "Courier New",Courier,monospace;">$ sudo apt-get upgrade </span></li>
<li><span style="font-family: "Courier New",Courier,monospace;">$ sudo apt-get -y install mingw-w64 </span></li>
</ul>
<div style="text-align: justify;">
Next, download zlib from zlib.net </div>
<ul style="text-align: justify;">
<li><span style="font-family: "Courier New",Courier,monospace;">$ ./configure --host=i686-w64-mingw32 </span></li>
</ul>
<div style="text-align: justify;">
This allows the cross-compiling of the 64-bit and the 32-bit bulk_extractor.exe, although we do not recommend running the 32-bit version. </div>
<div style="text-align: justify;">
Now you are ready to compile: </div>
<ul style="text-align: justify;">
<li><span style="font-family: "Courier New",Courier,monospace;">$ git clone --recursive https://github.com/simsong/bulk_extractor.git </span></li>
<li><span style="font-family: "Courier New",Courier,monospace;">$ cd bulk_extractor </span></li>
<li><span style="font-family: "Courier New",Courier,monospace;">$ sh bootstrap.sh </span></li>
<li><span style="font-family: "Courier New",Courier,monospace;">$ mingw64-configure</span></li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Installing on a Linux/MacOS/Mingw system :: </b></div>
<ul style="text-align: justify;">
<li><span style="font-family: "Courier New",Courier,monospace;">$ ./configure </span></li>
<li><span style="font-family: "Courier New",Courier,monospace;">$ make </span></li>
<li><span style="font-family: "Courier New",Courier,monospace;">$ sudo make install  </span></li>
</ul>
<div style="text-align: justify;">
<b>Usages :: </b> </div>
<div style="text-align: justify;">
To get started and send an extract of image.raw to OUTPUT, use this command: </div>
<ul style="text-align: justify;">
<li><span style="font-family: "Courier New",Courier,monospace;">$ /usr/local/bin/bulk_extractor -o OUTPUT image.raw </span> </li>
</ul>
<div style="text-align: justify;">
<b>For more & Troubleshooting :: </b><a href="https://github.com/simsong/bulk_extractor" target="_blank">Click Here</a><br />
</div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/wTBHM9DeLq4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux | Mac | Windows :: </b><a href="https://github.com/simsong/bulk_extractor/archive/master.zip" target="_blank">Bulk Extractor</a> (tarball)<b> | </b><a href="http://digitalcorpora.org/downloads/bulk_extractor/bulk_extractor-1.4.1-windowsinstaller.exe" target="_blank">Bulk Extractor</a> (.exe)<b> | </b><a href="http://digitalcorpora.org/downloads/bulk_extractor/bulk_extractor-1.4.4.tar.gz" target="_blank">Bulk Extractor</a> (.tar.gz)<b>
</b></div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="https://github.com/simsong/bulk_extractor">https://github.com/simsong/bulk_extractor</a></div>

Bulk Extractor (Computer Forensics) :: Tools

Bulk Extractor is a computer forensics tool that scans a disk image, a file, or a directory of files and extracts useful information ...

KisMAC (Sniffer/Scanner for Mac OS X) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="KisMAC Logo" border="0" height="277" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT0hq_xqF0S3TgubdqI2kXMyQJdIa4Xw5tz6EqhN_X9lUnO1W1Dy4wjcwJ9tMbIWnyC8-GYuHFmw13erY5ILu7_KOBlGEksaYGYIK-_qu-pDLXXY2SdMuEAG8TXkP4qSN0eOa4tJo6OGPl/s1600/kisMAC+logo.png" title="KisMAC Logo" width="320" /></div>
<div style="text-align: justify;">
<b>KisMAC</b> is a popular <b>wireless stumbler for Mac OS X</b> offers many of the features of its namesake <a class="local" href="http://www.toolwar.com/2013/09/kismet-tools.html" target="_blank">Kismet</a>,  though the codebase is entirely different. Unlike console-based Kismet,  <b>KisMAC</b> offers a pretty <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI</a> and was around before Kismet was ported to  OS X. It also offers mapping, Pcap-format import and logging, and even  some decryption and deauthentication attacks.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>KisMAC</b> is an open-source and free <a href="http://www.toolwar.com/search/label/Sniffer" target="_blank">sniffer</a>/<a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner</a> application for <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X</a>. It has an advantage over MacStumbler / iStumbler / <a href="http://www.toolwar.com/2013/09/netstumbler-tools.html" target="_blank">NetStumbler</a> in  that it uses monitor mode and passive scanning.  </div>
<div style="text-align: justify;">
KisMAC supports many third party <a href="http://www.toolwar.com/search/label/USB" target="_blank">USB</a> devices:  Intersil Prism2, Ralink  rt2570, rt73, and Realtek rtl8187 chipsets. All of the internal AirPort  hardware is supported for scanning. </div>
<div style="text-align: justify;">
The rest of this wiki assumes you are prepared for advanced topics and know what you are doing with your system. </div>
<h3 id="Features" style="text-align: justify;">
Features ::</h3>
<ul style="text-align: justify;">
<li>Reveals hidden / cloaked / closed SSIDs </li>
<li>Shows logged in clients (with MAC Addresses, IP addresses and signal strengths) </li>
<li>Mapping and GPS support </li>
<li>Can draw area maps of network coverage </li>
<li>PCAP import and export </li>
<li>Support for 802.11b/g </li>
<li>Different attacks against encrypted networks </li>
<li>Deauthentication attacks </li>
<li>AppleScript-able </li>
<li>Kismet drone support (capture from a Kismet drone) </li>
</ul>
<h3 id="Supportedhardwarechipsets" style="text-align: justify;">
Supported Hardware Chipsets :: </h3>
<ul style="text-align: justify;">
<li>Apple AirPort and AirPort Extreme (dependent upon Apple's drivers) </li>
<li>Intersil Prism 2, 2.5, 3  USB devices </li>
<li>Ralink rt2570 and rt73 USB devices </li>
<li>Realtek RTL8187L USB (such as the Alfa AWUS036H, which does not work on Mac OS 10.6.7 or later) </li>
</ul>
<h3 id="Cryptosupport" style="text-align: justify;">
Crypto Support :: </h3>
<ul style="text-align: justify;">
<li>Bruteforce attacks against LEAP, WPA and WEP </li>
<li>Weak scheduling attack against WEP </li>
<li>Newsham 21-bit attack against WEP </li>
</ul>
<h3 style="text-align: justify;">
Tutorials :: </h3>
<div style="text-align: justify;">
<b>Wiki ::</b> <a href="http://trac.kismac-ng.org/" target="_blank">Click Here</a></div>
<div style="text-align: justify;">
<b>Forum ::</b> <a href="http://forum.kismac-ng.org/" target="_blank">Click Here </a></div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/lBGN5OGCPgI?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
Download :: </h3>
<div style="text-align: justify;">
<b>Mac :: </b><a href="http://update.kismacmirror.com/binaries/KisMAC-0.3.3.dmg" target="_blank">KisMAC v0.3.3</a> (.dmg)<b>
</b></div>
<div style="text-align: justify;">
<b>Official Website ::  </b><a href="http://kismac-ng.org/">http://kismac-ng.org/</a></div>

KisMAC (Sniffer/Scanner for Mac OS X) :: Tools

KisMAC is a popular wireless stumbler for Mac OS X offers many of the features of its namesake Kismet , though the codebase is entirel...

SIPVicious (Auditing SIP Based VoIP System) :: Tools

<div style="text-align: justify;"><div class="separator" style="clear: both; text-align: center;"><img alt="SIP VoIP " border="0" height="324" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgs5pKQQ6VdyR7URrQT6nS1VVL0igxhRv5L4g9jfkKRkBLjfBegI6eKZANJ63AqMiWYIf8m2YEb8azNj4j9bwx-gCWo_jYM66n1k2GggJOHg0mLwLS0hJ7h7UWskxn3gWk6PAqEtxcvgABJ/s1600/SIP+VoIP.png" title="SIP VoIP " width="640" /></div><b>SVMAP</b> is a part of a suite of tools called <b>SIPVicious</b> and it’s my  favorite <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner</a> of choice It can be used to scan identify and fingerprint a single IP or a range  of IP addresses. <b>Svmap</b> allows specifying the request method which is being used for  scanning, the default method is OPTIONS, it offers debug and verbosity  options and even allows scanning the SRV records for SIP on the  destination domain. You can use the <b>./svmap –h</b> in order to view all the available arguments </div><div style="text-align: justify;"><b>SIPVicious suite</b> is a set of <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> that can be used to audit SIP based <a href="http://www.toolwar.com/search/label/VOIP" target="_blank">VoIP systems</a>.  It currently consists of four tools: </div><ul style="text-align: justify;"><li>svmap - this is a sip scanner. Lists SIP devices found on an IP range </li>
<li>svwar - identifies active extensions on a PBX </li>
<li>svcrack - an online password cracker for SIP PBX </li>
<li>svreport - manages sessions and exports reports to various formats </li>
<li>svcrash - attempts to stop unauthorized svwar and svcrack scans </li>
</ul><div style="text-align: justify;">It was tested on the following systems: </div><ul style="text-align: justify;"><li><a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux </a></li>
<li><a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X </a></li>
<li><a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows </a></li>
<li><a href="http://www.toolwar.com/search/label/FreeBSD" target="_blank">FreeBSD 6.2 </a></li>
<li>Jailbroken iPhone with python installed </li>
</ul><div style="text-align: justify;">If you use it on systems that are not mentioned here please let me know goes it goes. </div><h3 style="text-align: justify;">Tutorials ::</h3><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Zp_gzjV8l4c?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div><div style="text-align: justify;"></div><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/3a7xJeNQfOk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div><h3 style="text-align: justify;"> </h3><h3 style="text-align: justify;">Download ::</h3><div style="text-align: justify;"><b>Linux | Windows | Mac | FreeBSD :: </b><a href="http://sipvicious.googlecode.com/files/sipvicious-0.2.8.zip" target="_blank">SIPVicious v0.2.8</a> (.zip) | <a href="http://sipvicious.googlecode.com/files/sipvicious-0.2.8.tar.gz" target="_blank">SIPVicious v0.2.8</a> (.tar.gz)<b>
</b></div><div style="text-align: justify;"><b>Official Website :: </b> <a href="http://code.google.com/p/sipvicious/">http://code.google.com/p/sipvicious/</a></div>

SIPVicious (Auditing SIP Based VoIP System) :: Tools

SVMAP is a part of a suite of tools called SIPVicious and it’s my favorite scanner of choice It can be used to scan identify and fingerp...

SNMPCheck (SNMP Enumeration) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="SNMPCheck" border="0" height="316" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNQCGr22VHfWJI20ydnqXWT0FpVBP1u6mdLTIESgT_IN6QGduciK1QWIlWG0O__y2nvACefsDE1DFwXrHO973XbWbfbepc3FXB2bD_TX7jy6oZwLrfRXAkd_PCKf9C_28TD-klFE3QJk_P/s1600/SNMPCheck.jpg" title="SNMPCheck" width="400" /></div>
<b>SNMPCheck</b> allows you to <b>enumerate the SNMP</b> devices and places the  output in a very human readable friendly format. It could be useful for  <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a> or <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">systems monitoring</a>. Distributed under GPL license  and based on "Athena-2k" script by jshaw.</div>
<h3 style="text-align: justify;">
Features :: </h3>
<div style="text-align: justify;">
SNMPCheck supports the following enumerations:</div>
<ul style="text-align: justify;">
<li>    contact</li>
<li>description</li>
<li> detect write access (separate action by enumeration)|</li>
<li> devices</li>
<li> domain</li>
<li> hardware and storage informations</li>
<li> hostname</li>
<li> IIS statistics</li>
<li> IP forwarding</li>
<li> listening UDP ports</li>
<li> location</li>
<li> motd</li>
<li> mountpoints</li>
<li> network interfaces</li>
<li> network services</li>
<li> processes</li>
<li> routing information</li>
<li> software components</li>
<li> system uptime</li>
<li> TCP connections</li>
<li> total memory</li>
<li> uptime</li>
<li> user accounts</li>
</ul>
<h3>
Tutorials ::</h3>
<b>Report Examples :: </b><a href="http://www.nothink.org/codes/snmpcheck/report_windows_xp.txt" target="_blank">Windows XP</a> | <a href="http://www.nothink.org/codes/snmpcheck/report_linux_ubuntu.txt" target="_blank">Linux Ubuntu</a><b><br /></b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/RIVV4--m4dU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
Download ::</h3>
<b>Perl Script :: </b><a href="http://www.nothink.org/codes/snmpcheck/snmpcheck-1.8.pl" target="_blank">SNMPCheck</a> (.pl)
<b> </b><br />
<b>Official Website ::</b> <a href="http://www.nothink.org/codes/snmpcheck/">http://www.nothink.org/codes/snmpcheck/</a>
<br />
<div class="alert alert-success" style="text-align: justify;">
</div>

SNMPCheck (SNMP Enumeration) :: Tools

SNMPCheck allows you to enumerate the SNMP devices and places the output in a very human readable friendly format. It could be useful ...

URLCrazy (Check for Mistyped Domain Names) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyLyWDBoVsveQYb2dGL_PuWnsuRw1nokIuQKd_361RbcaREom6CLNFECgU-VoE2dThMoAADFfaWbckc79TaK68iLysT77s5PgM_l4a921ztqCrvKcHKXbTMWJbRjSlQJx2KE-BebY_gUjr/s1600/URLCrazy+Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="URLCrazy Screenshot" border="0" height="339" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyLyWDBoVsveQYb2dGL_PuWnsuRw1nokIuQKd_361RbcaREom6CLNFECgU-VoE2dThMoAADFfaWbckc79TaK68iLysT77s5PgM_l4a921ztqCrvKcHKXbTMWJbRjSlQJx2KE-BebY_gUjr/s1600/URLCrazy+Screenshot.png" title="URLCrazy Screenshot" width="640" /></a></div>
<div style="text-align: justify;">
<b>URLCrazy</b> checks for mistyped domain names of websites.  It can detect 
typo domain squatters and help protect your domain <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> by 
identifying domain names to preemptively register.  It generates 15 
types of typos, including bitflipped domains, knows over 8,000 common 
misspellings and over 450 homophones, supports multiple keyboard 
layouts, checks whether a typo is a valid domain, and can test whether 
domain typos are in use and estimate the popularity of a typo.

Generate and test domain typos and variations to detect and perform 
typo squatting, URL hijacking, phishing, and corporate espionage.</div>
<h3 style="text-align: justify;">
Usage </h3>
<div style="text-align: justify;">
* Detect typo squatters profiting from typos on your domain name<br />
* Protect your brand by registering popular typos<br />
* Identify typo domain names that will receive traffic intended for another domain<br />
* Conduct phishing attacks during a <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration test</a></div>
<h3 style="text-align: justify;">
Features</h3>
<div style="text-align: justify;">
* Generates 15 types of domain variants<br />
* Knows over 8000 common misspellings<br />
* Supports cosmic ray induced bit flipping<br />
* Multiple keyboard layouts (qwerty, azerty, qwertz, dvorak)<br />
* Checks if a domain variant is valid<br />
* Test if domain variants are in use<br />
* Estimate popularity of a domain variant<br />
* URLCrazy requires Linux and the Ruby interpreter.</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<b>Installation :: </b><br />

<span style="font-family: "Courier New",Courier,monospace;">If you are using Ubuntu or Debian try:<br />
 $ sudo apt-get install ruby-1.8</span><br />
  <br />
<h3>
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://www.morningstarsecurity.com/downloads/urlcrazy-0.5.tar.gz" target="_blank">URLCrazy v0.5</a> (.tar.gz)</div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://www.morningstarsecurity.com/research/urlcrazy">http://www.morningstarsecurity.com/research/urlcrazy</a></div>

URLCrazy (Check for Mistyped Domain Names) :: Tools

URLCrazy checks for mistyped domain names of websites. It can detect typo domain squatters and help protect your domain security by ...

Cisco Torch (Scanning, Fingerprinting and Exploitation) :: Tools

<div style="text-align: justify;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrDBORXGRkO4-BVNT3r3mNPK_ogJ94i5y-vnarwHNshmXWd2qBKmXLLFyAlwuJM32ULoRNrOznorFUhaZ4b3jXomvwheUARBWfq9WYFeRUL_t0fvlOOf1yW2UUaYIEdzhS7mtfN0guCsfD/s1600/cisco-torch.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Cisco Torch" border="0" height="294" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrDBORXGRkO4-BVNT3r3mNPK_ogJ94i5y-vnarwHNshmXWd2qBKmXLLFyAlwuJM32ULoRNrOznorFUhaZ4b3jXomvwheUARBWfq9WYFeRUL_t0fvlOOf1yW2UUaYIEdzhS7mtfN0guCsfD/s1600/cisco-torch.PNG" title="Cisco Torch" width="640" /></a></div>
<div style="text-align: justify;">
<b>Cisco Torch</b> is a <b>mass scanning, fingerprinting, and exploitation tool</b> was 
written while working on the next edition of the "Hacking Exposed Cisco 
Networks", since the <a href="http://www.toolwar.com/search/label/Tools">tools</a> availalbe on the market could not meet our 
needs. 
<br />The main feature that makes<b> Cisco-torch</b> different from similar tools
 is the extensive use of forking to launch multiple scanning processes 
on the background for maximum <a href="http://www.toolwar.com/search/label/Scanner">scanning</a> efficiency. Also, it uses several
 methods of application layer fingerprinting simultaneously, if needed. 
We wanted something fast to discover remote Cisco hosts running Telnet, 
SSH, Web, NTP and SNMP services and launch dictionary attacks against 
the services discovered. </div>
<br /><h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Windows | Mac | Linux :: </b><a href="http://www.arhont.com/en/wp-content/uploads/2010/01/cisco-torch-0.4b.tar.gz" target="_blank">Cisco-Torch v0.4b</a> (.tar.bz2)<b> | Language ::</b> Perl<b><br /></b></div>
<div style="text-align: justify;">
<b>Official Website :: </b> <a href="http://www.arhont.com/en/category/resources/tools-utilities/">http://www.arhont.com/en/category/resources/tools-utilities/</a></div>

Cisco Torch (Scanning, Fingerprinting and Exploitation) :: Tools

Cisco Torch is a mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the "Hac...

FTester (Testing Firewall Filtering Policies and IDS Capabilities) :: Tools

<div style="text-align: justify;">
<div class="section">
      <div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2h4CgTrZX0VYiu63TmUAtbc4QAObotOLBVPALrQnQ8EFD3Xii02746KHPmYlcOy05O2996O4ZQkhmZ02DFzrpgLuSLR8wzAHvdVCdJO_f9rD6xOK9IV7pzIgiROpp2C_RJvsLGF0IkuR7/s1600/FTester+Screenshot.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="FTester Screenshot" border="0" height="267" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2h4CgTrZX0VYiu63TmUAtbc4QAObotOLBVPALrQnQ8EFD3Xii02746KHPmYlcOy05O2996O4ZQkhmZ02DFzrpgLuSLR8wzAHvdVCdJO_f9rD6xOK9IV7pzIgiROpp2C_RJvsLGF0IkuR7/s1600/FTester+Screenshot.JPG" title="FTester Screenshot" width="400" /></a></div>
The <b>Firewall Tester (FTester)</b> is a tool designed for <b>testing firewall
      filtering policies and Intrusion Detection System (IDS) capabilities.</b><br />

The tool consists of two perl scripts, a <span id="goog_1392660018"></span><a href="http://www.toolwar.com/search/label/Packet">packet injector<span id="goog_1392660019"></span></a> (ftest) and a
      listening <a href="http://www.toolwar.com/search/label/Sniffer">sniffer</a> (ftestd). The first script injects custom packets, defined
      in ftest.conf, with a signature in the data part while the sniffer listens for
      such marked packets. The scripts both write a log file which is in the same
      form for both scripts. A comparison of the two produced log files (ftest.log and ftestd.log)
      outlines the packets that were unable to reach the sniffer due to filtering rules
      if these two scripts are ran on hosts placed on two different sides of a
      <a href="http://www.toolwar.com/search/label/IDS">firewall</a>. Stateful inspection firewalls are handled with the 'connection
      spoofing' option. A script called freport is also available to automatically
      parse the log files.<br />

Using the tool is not a completely automated process, ftest.conf must
      be crafted for every different situation. Examples and rules are included in
      the attached configuration file.<br />

The <a href="http://www.toolwar.com/search/label/IDS">IDS (Intrusion Detection System)</a> testing feature can be used
      either with ftest only or with the additional support of ftestd for handling
      stateful inspection IDS, ftest can also use common IDS evasion techniques. The
      script can also process snort rule definition files.<br />

<h3>
Features:</h3>
<ul>
<li>firewall testing</li>
<li>IDS testing</li>
<li>simulation of real tcp connections for stateful inspection firewalls and IDS</li>
<li>TCP connection spoofing</li>
<li>IP fragmentation / TCP segmentation</li>
<li>IDS evasion techniques</li>
</ul>
<b>NOTE</b>: this tool is now outdated and is presented here for historical
      reasons, a complete rewrite with new features and IPv6 support is scheduled for
      sometime in the future.<br />

</div>
</div>
<div style="text-align: justify;">
<br />
<h3>
Tutorials ::</h3>
<b>Installation ::</b><br />

<div class="MsoNormal">
FTester components are PERL scripts. They can be executed on
any platform with a recent version of PERL. Three perl modules -<span style="mso-spacerun: yes;">Ý </span>Net::RawIP, Net::PcapUtils, and NetPacket ñ
are also required. These can be downloaded at the Comprehensive Perl Archive
Network (<a href="http://www.cpan.org/" target="_new">CPAN</a>), and<span style="color: red;"> </span>you
can install them using the CPAN shell. </div>
<div class="MsoNormal">
Installation is quite simple. <span style="font-family: Courier;">Untar</span>
the latest archive. Everything you need will be decompressed along with an
example configuration file, documentation and a script called <span style="font-family: Courier;">freport</span> for comparing <span style="font-family: Courier;">ftest</span> and <span style="font-family: Courier;">ftestd</span>
log files. Before using the package I recommend to read and fully understand
all documentation.</div>
<b>ManPage ::</b> <a href="http://www.inversepath.com/ftester_man.html" target="_blank">Click Here</a><br />
<b>Documentation :: </b><a href="http://dev.inversepath.com/ftester/README" target="_blank">Click Here</a><br />
<b>Published Paper ::</b> <a href="http://www.tisc-insight.com/newsletters/56.html" target="_blank">Click Here</a></div>
<div style="text-align: justify;">
<h3>
Download ::</h3>
</div>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://dev.inversepath.com/ftester/ftester-latest.tar.gz" target="_blank">FTester-Latest</a> (.tar.gz)<b><br /></b></div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.inversepath.com/ftester.html" target="_blank">http://www.inversepath.com/ftester.html</a></div>

FTester (Testing Firewall Filtering Policies and IDS Capabilities) :: Tools

The Firewall Tester (FTester) is a tool designed for testing firewall filtering policies and Intrusion Detection System (ID...

Wafw00f (Web Application Firewall Detection) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEPFB63-uWGx3aIVZ5ZzxS1NkiNshLYe7Jic5FFeulXya-517a-PboH8hrWZkQpOl-mI9kSJMdQo1aByMhfdZITiQalnRB5h2HIgcbwvGtxg6nKUL_ePCsWTbosFDnmLr2IEwNhPzBYca9/s1600/wafw00f+screenshot.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="wafw00f screenshot" border="0" height="281" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEPFB63-uWGx3aIVZ5ZzxS1NkiNshLYe7Jic5FFeulXya-517a-PboH8hrWZkQpOl-mI9kSJMdQo1aByMhfdZITiQalnRB5h2HIgcbwvGtxg6nKUL_ePCsWTbosFDnmLr2IEwNhPzBYca9/s1600/wafw00f+screenshot.JPG" title="wafw00f screenshot" width="400" /></a></div>
<div style="text-align: justify;">
<b>Web Application Firewalls (WAFs) </b>can be detected through 
stimulus/response testing scenarios. Here is a short listing of possible
 detection methods:
</div>
<ul style="text-align: justify;">
<li><b>Cookies</b>: Some WAF products add their own cookie in the HTTP communication.
</li>
<li><b>Server Cloaking</b>: Altering URLs and Response Headers
</li>
<li><b>Response Codes</b>: Different error codes for hostile pages/parameters values
</li>
<li><b>Drop Action</b>: Sending a FIN/RST packet (technically could also be an IDS/IPS)
</li>
<li><b>Pre Built-In Rules</b>: Each WAF has different negative security signatures
</li>
</ul>
<div style="text-align: justify;">
<b>WafW00f </b>is based on these assumptions to determine remote WAFs. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<pre>$ <b>python wafw00f.py http://www.aldeid.com</b>
                                ^     ^
       _   __  _   ____ _   __  _    _   ____
      ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
     | V V // o // _/ | V V // 0 // 0 // _/  
     |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/    
                               <   
                                ...'
                                
   WAFW00F - Web Application Firewall Detection Tool
   
   By Sandro Gauci && Wendel G. Henrique

Checking http://www.aldeid.com
Generic Detection results:
The site http://www.aldeid.com <span style="background: #ffff00; color: black;">seems to be behind a WAF </span>
Reason: Blocking is being done at connection/packet level.
Number of requests: 13</pre>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b></div>
<pre>$ <b>cd /data/pentest/web/</b>
$ <b>svn checkout <a class="external free" href="http://waffit.googlecode.com/svn/trunk/" rel="nofollow" target="_blank">http://waffit.googlecode.com/svn/trunk/</a> waffit-read-only</b></pre>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.aldeid.com/wiki/Wafw00f">http://www.aldeid.com/wiki/Wafw00f</a></div>

Wafw00f (Web Application Firewall Detection) :: Tools

Web Application Firewalls (WAFs) can be detected through stimulus/response testing scenarios. Here is a short listing of possible detec...

Fragroute :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ7jo1_vjG2XgLQxevu8HSHLP5HXWK9U13ZtsPZ-8BjIWb42nfMZoi3lZP38PUekGaUY_b7EUj2OB5KGIYr97sJmVvd8ToD6esQTAUUuliELCScxrLNogl82uw6gc38sPZXclTroqB0vzd/s1600/fragroute.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="fragroute screenshot" border="0" height="235" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ7jo1_vjG2XgLQxevu8HSHLP5HXWK9U13ZtsPZ-8BjIWb42nfMZoi3lZP38PUekGaUY_b7EUj2OB5KGIYr97sJmVvd8ToD6esQTAUUuliELCScxrLNogl82uw6gc38sPZXclTroqB0vzd/s1600/fragroute.JPG" title="fragroute screenshot" width="400" /></a></div>
<div style="text-align: justify;">
<b>Fragroute</b> intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998. </div>
<div style="text-align: justify;">
It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. </div>
<div style="text-align: justify;">
This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour.  Please do not abuse this software. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<b> Required libraries ::</b> <br />
<ul>
<li>libdnet </li>
<li>libpcap </li>
<li>libevent (for non-Windows platforms) </li>
</ul>
<div style="text-align: justify;">
<b>Installation :: </b><a href="http://www.monkey.org/~dugsong/fragroute/INSTALL" target="_blank">Click Here</a></div>
<div style="text-align: justify;">
<b>ManPage :: </b><a href="http://www.monkey.org/~dugsong/fragroute/fragroute.8.txt" target="_blank">Click Here</a><br />
<b>Video Tutorial :: </b> </div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/k7viy_NN8f4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://www.monkey.org/~dugsong/fragroute/fragroute-1.2.tar.gz" target="_blank">Fragroute v1.2</a> (.tar.gz)</div>
<div style="text-align: justify;">
<b>Official Website :: </b> <a href="http://www.monkey.org/~dugsong/fragroute/">http://www.monkey.org/~dugsong/fragroute/</a></div>

Fragroute :: Tools

Fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in...

Subscribe to: Posts ( Atom )