ToolWar | Information Security (InfoSec) Tools: Linux

Immunity Canvas (Vulnerability Exploitation) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqwXRB2JW_wTRBZeFsPrNZqP7KK7Xyn3JC7nG4SvaFbLePxH0hRCMjN9Qmahzts9eQvlEvfqI-ZtbOgvXHS6d2EBgXNSHvEgPXs_l3QYQyy_cg2IrSmwwJThp4ddWSXS5oV4GoJEOJbLUo/s1600/img-canvas.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Immunity Canvas" border="0" height="171" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqwXRB2JW_wTRBZeFsPrNZqP7KK7Xyn3JC7nG4SvaFbLePxH0hRCMjN9Qmahzts9eQvlEvfqI-ZtbOgvXHS6d2EBgXNSHvEgPXs_l3QYQyy_cg2IrSmwwJThp4ddWSXS5oV4GoJEOJbLUo/s1600/img-canvas.gif" title="Immunity Canvas" width="400" /></a></div>
<b>Immunity Canvas</b> is a commercial <b>vulnerability exploitation tool </b>from Dave Aitel's ImmunitySec. It includes more than 370 exploits and is less expensive than Core Impact or the commercial versions of <a href="http://www.toolwar.com/2013/09/metasploit-framework.html" target="_blank">Metasploit</a>.  It comes with full source code, and occasionally even includes zero-day exploits.<b> </b><br />
<b>Immunity's CANVAS</b> makes available hundreds of exploits, an automated <a href="http://www.toolwar.com/search/label/Exploitation" target="_blank">exploitation</a> system, and a comprehensive, reliable exploit development framework to <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration</a> testers and <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> professionals worldwide. To see CANVAS in action please see our  movies. For users new to CANVAS or experienced users looking to get just a little more out of CANVAS we have <a href="http://www.toolwar.com/search/label/PDF" target="_blank">PDF</a> based tutorials available for download.</div>
<div style="text-align: justify;">
  </div>
<div style="text-align: justify;">
<b>Supported Platforms and Installations</b><br />
- <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (requires Python & PyGTK)<br />
- <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a><br />
- <a href="http://www.toolwar.com/search/label/Mac" target="_blank">MacOSX</a> (requires PyGTK)<br />
- All other <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> environments such as mobile phones and commercial Unixes (command line version only supported, GUI may also be available)</div>
<div style="text-align: justify;">
<b>Architecture</b><br />
- CANVAS' completely open design allows a team to adapt CANVAS to their environment and needs.  </div>
<div style="text-align: justify;">
<b>Documentation</b><br />
- all documentation is delivered in the form of demonstration movies<br />
- exploit modules have additional information windows</div>
<div style="text-align: justify;">
<b> Exploits</b><br />
- currently over 490 exploits, an average of 4 exploits added every monthly release<br />
- Immunity carefully selects vulnerabilities for inclusion as CANVAS exploits. Top priorities are high-value vulnerabilities such as remote, pre-authentication, and new vulnerabilities in mainstream software.<br />
- Exploits span all common platforms and applications</div>
<div style="text-align: justify;">
<b> Payload Options</b><br />
- to provide maximum reliability, exploits always attempt to reuse socket<br />
- if socket reuse is not suitable, connect-back is used<br />
- subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions (file management, screenshots, etc)<br />
- bouncing and split-bouncing automatically available via MOSDEF<br />
- adjustable covertness level</div>
<div style="text-align: justify;">
<b> Exploit Delivery</b><br />
- regular monthly updates made available via <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a><br />
- exploit modules and CANVAS engine are updated simultaneously<br />
- customers reminded of monthly updates via email</div>
<div style="text-align: justify;">
<b> Exploit Creation Time</b><br />
- exploits included in next release as soon as they are stable</div>
<div style="text-align: justify;">
<b> Effectiveness of Exploits</b><br />
- all exploits fully QA'd prior to release<br />
- exploits demonstrated via flash movies<br />
- exploit development team available via direct email for support</div>
<div style="text-align: justify;">
<b> Ability to make Custom Exploits</b><br />
- unique MOSDEF development environment allows rapid exploit development</div>
<div style="text-align: justify;">
<b> Product Support and Maintenance</b><br />
- subscriptions include email and phone support M-F 9am - 5pm EST, directly with development team<br />
- minimum monthly updates</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<h3>
Tutorials ::</h3>
<ol>
<li><a href="http://www.immunitysec.com/documentation/tutorials/Windows_Install.pdf">Detailed Windows Installation Instructions</a></li>
<li><a href="http://www.immunitysec.com/documentation/tutorials/canvas101-part1.pdf">CANVAS 101 (Part 1)</a></li>
<li><a href="http://www.immunitysec.com/documentation/tutorials/canvas101-part2.pdf">CANVAS 101 (Part 2)</a></li>
<li><a href="http://www.immunitysec.com/documentation/tutorials/HCN-Part1.pdf">HCN Rootkit (Part 1)</a></li>
<li><a href="http://www.immunitysec.com/documentation/tutorials/ties-that-binder-dot-py.pdf">The Ties That Binder.py</a></li>
</ol>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/FAz-Bek4RfU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<ol></ol>
</div>
<div style="text-align: justify;">
<h3>
Download ::</h3>
</div>
<div style="text-align: justify;">
<b>Linux | Mac | Windows :: Contact Here ::</b> sales@immunityinc.com
<b> </b><br />
<b>Official Website ::</b> <a href="https://www.immunitysec.com/products-canvas.shtml">https://www.immunitysec.com/products-canvas.shtml</a></div>

Immunity Canvas (Vulnerability Exploitation) :: Tools

Immunity Canvas is a commercial vulnerability exploitation tool from Dave Aitel's ImmunitySec. It includes more than 370 exploits an...

QualysGuard (Cloud Security) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghdzpjPZX2FLqOdTxqOBOsBcHPK-BGXs4z6FvMDEBWtOdSSQDhFqcOvSs8HLf2_C0gGeR9JzfehTMjygryKrJFU1Andf_8LVNhhNiAMihWAnzULkz0Qj63VCASwzVjkCQVNBGQnopmccia/s1600/qualys-logo.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Qualys logo" border="0" height="306" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghdzpjPZX2FLqOdTxqOBOsBcHPK-BGXs4z6FvMDEBWtOdSSQDhFqcOvSs8HLf2_C0gGeR9JzfehTMjygryKrJFU1Andf_8LVNhhNiAMihWAnzULkz0Qj63VCASwzVjkCQVNBGQnopmccia/s1600/qualys-logo.jpeg" title="Qualys logo" width="320" /></a></div>
<div style="text-align: justify;">
<b>QualysGuard</b> is a popular <b>SaaS (software as a service) vulnerability  management</b> offering.  It's web-based UI offers <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> discovery and  mapping, asset prioritization, <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> assessment reporting and  remediation tracking according to business risk.  Internal scans are  handled by Qualys appliances which communicate back to the <a href="http://www.toolwar.com/search/label/Cloud" target="_blank">cloud-based</a>  system.</div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<h3 style="text-align: justify;">
</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/XfeyNLb7ZDc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/5Cbq5wudtZE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Trial Linux | Mac | Windows :: </b><a href="http://www.qualys.com/forms/trials/qualysguard/" target="_blank">QualysGuard</a><b>
</b></div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://www.qualys.com/" target="_blank">http://www.qualys.com/ </a></div>

QualysGuard (Cloud Security) :: Framework

QualysGuard is a popular SaaS (software as a service) vulnerability management offering. It's web-based UI offers network discov...

Skipfish (Web Application Security Scanner) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWet3cqxS_RaHFSPFgDcVyLfRIrD075ildwUJOYxN7KDyiHkwz5nOjJPSSvtMoZzRLq_g1vGKdWJsR2avZ_xoeGfBYB4C_YjX_Ulr5xlGhii4h2OWhJ_f2_3UkGgBCQ6pOtci-zTNqau4-/s1600/skipfish+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Skipfish Screenshot" border="0" height="329" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWet3cqxS_RaHFSPFgDcVyLfRIrD075ildwUJOYxN7KDyiHkwz5nOjJPSSvtMoZzRLq_g1vGKdWJsR2avZ_xoeGfBYB4C_YjX_Ulr5xlGhii4h2OWhJ_f2_3UkGgBCQ6pOtci-zTNqau4-/s1600/skipfish+screenshot.png" title="Skipfish Screenshot" width="640" /></a></div>
<div style="text-align: justify;">
<b><i>Skipfish</i></b> is an active <b>web application security reconnaissance tool</b>. It prepares an interactive sitemap  for the targeted site by carrying out a recursive crawl and  dictionary-based probes. The resulting map is then annotated with the  output from a number of active (but hopefully non-disruptive) <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a>  checks. The final report generated by the tool is meant to serve as a  foundation for professional <a href="http://www.toolwar.com/search/label/Web" target="_blank">web application</a> security assessments. </div>
<div style="text-align: justify;">
Key features: </div>
<ul style="text-align: justify;">
<li><b>High speed</b>:  pure C code, highly optimized HTTP handling, minimal CPU footprint -  easily achieving 2000 requests per second with responsive targets. </li>
</ul>
<ul style="text-align: justify;">
<li><b>Ease of use</b>:  heuristics to support a variety of quirky web <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">frameworks</a> and  mixed-technology sites, with automatic learning capabilities, on-the-fly  wordlist creation, and form autocompletion. </li>
</ul>
<ul style="text-align: justify;">
<li><b>Cutting-edge security logic</b>:  high quality, low false positive, differential security checks, capable  of spotting a range of subtle flaws, including blind injection vectors.  </li>
</ul>
<div style="text-align: justify;">
The tool is believed to support <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, FreeBSD, <a href="http://www.toolwar.com/search/label/Mac" target="_blank">MacOS X</a>, and <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (Cygwin) environments. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/kqx8rp7Cnwc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
 </h3>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Windows | Mac | Linux ::</b> <a href="http://skipfish.googlecode.com/files/skipfish-2.10b.tgz" target="_blank">Skipfish v2.10b</a> (.tgz)</div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://code.google.com/p/skipfish/">http://code.google.com/p/skipfish/</a></div>

Skipfish (Web Application Security Scanner) :: Tools

Skipfish is an active web application security reconnaissance tool . It prepares an interactive sitemap for the targeted site by carryi...

GoLismero (The Web Knife) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJYxDNAmrpLOxGHjpb6huddkmpfTYX3pDCUkzAP5ZvTN4YHVhKeSoNVz0mP3edsRRLaggj3y4jcannl6jCd928BDdVuz0XMqsJrc4uaybV2Vo1azKfWDoSHkN3sWgH2iEF7wp3DJ79MdTj/s1600/Golismero+WIndows+Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Golismero " border="0" height="380" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJYxDNAmrpLOxGHjpb6huddkmpfTYX3pDCUkzAP5ZvTN4YHVhKeSoNVz0mP3edsRRLaggj3y4jcannl6jCd928BDdVuz0XMqsJrc4uaybV2Vo1azKfWDoSHkN3sWgH2iEF7wp3DJ79MdTj/s1600/Golismero+WIndows+Screenshot.png" title="Golismero " width="640" /></a></div>
<div style="text-align: justify;">
<b>GoLismero</b> is an open source framework for <a href="http://www.toolwar.com/search/label/Security" target="_blank"><b>security testing</b></a>. It's 
currently geared towards <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> security, but it can easily be expanded to 
other kinds of scans.</div>
<div style="text-align: justify;">
The most interesting features of the <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> are:</div>
<ul style="text-align: justify;">
<li>Real platform independence. Tested on <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, *BSD and <a href="http://www.toolwar.com/search/label/Mac" target="_blank">OS X</a>.</li>
<li>No native library dependencies. All of the framework has been written in pure Python.</li>
<li>Good performance when compared with other frameworks written in Python and other scripting languages.</li>
<li>Very easy to use.</li>
<li>Plugin development is extremely simple.</li>
<li>The framework also collects and unifies the results of well known tools: <a href="http://www.toolwar.com/2013/09/sqlmap-tools.html" target="_blank">sqlmap</a>, xsser, <a href="http://www.toolwar.com/2013/09/openvas-is-advanced-open-source.html" target="_blank">openvas</a>, <a href="http://www.toolwar.com/2013/10/dnsrecon-tools.html" target="_blank">dnsrecon</a>, <a href="http://www.toolwar.com/2013/09/theharvester-tools.html" target="_blank">theharvester</a>...</li>
<li>Integration with standards: CWE, CVE and OWASP.</li>
<li>Designed for cluster deployment in mind (not available yet).</li>
</ul>
<h3>
Tutorials ::</h3>
<b>Installation :: </b> <br />
Strictly speaking, GoLismero doesn't require installation - only its 
dependencies do. So if you want to use it on a system where you don't 
have root privileges, you can ask the system administrator to install 
them for you, and just run the "git checkout" command on your home 
folder.<br />
<b>Briefly Tutorial of Installation :: </b> <a href="https://github.com/golismero/golismero">Click Here</a><br />
<b>Basic Usages ::</b> <a href="https://github.com/golismero/golismero" target="_blank">Click Here</a><br />
<h3>
Download ::</h3>
<b>Linux | Mac | Windows :: </b><a href="https://github.com/golismero/golismero/archive/master.zip" target="_blank">GoLismero Archive</a> (.zip)<b> </b><br />
<b>Official Website :: </b><a href="https://github.com/golismero/golismero" target="_blank">https://github.com/golismero/golismero</a>

GoLismero (The Web Knife) :: Framework

GoLismero is an open source framework for security testing . It's currently geared towards web security, but it can easily be expa...

Cisco Torch (Scanning, Fingerprinting and Exploitation) :: Tools

<div style="text-align: justify;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrDBORXGRkO4-BVNT3r3mNPK_ogJ94i5y-vnarwHNshmXWd2qBKmXLLFyAlwuJM32ULoRNrOznorFUhaZ4b3jXomvwheUARBWfq9WYFeRUL_t0fvlOOf1yW2UUaYIEdzhS7mtfN0guCsfD/s1600/cisco-torch.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Cisco Torch" border="0" height="294" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrDBORXGRkO4-BVNT3r3mNPK_ogJ94i5y-vnarwHNshmXWd2qBKmXLLFyAlwuJM32ULoRNrOznorFUhaZ4b3jXomvwheUARBWfq9WYFeRUL_t0fvlOOf1yW2UUaYIEdzhS7mtfN0guCsfD/s1600/cisco-torch.PNG" title="Cisco Torch" width="640" /></a></div>
<div style="text-align: justify;">
<b>Cisco Torch</b> is a <b>mass scanning, fingerprinting, and exploitation tool</b> was 
written while working on the next edition of the "Hacking Exposed Cisco 
Networks", since the <a href="http://www.toolwar.com/search/label/Tools">tools</a> availalbe on the market could not meet our 
needs. 
<br />The main feature that makes<b> Cisco-torch</b> different from similar tools
 is the extensive use of forking to launch multiple scanning processes 
on the background for maximum <a href="http://www.toolwar.com/search/label/Scanner">scanning</a> efficiency. Also, it uses several
 methods of application layer fingerprinting simultaneously, if needed. 
We wanted something fast to discover remote Cisco hosts running Telnet, 
SSH, Web, NTP and SNMP services and launch dictionary attacks against 
the services discovered. </div>
<br /><h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Windows | Mac | Linux :: </b><a href="http://www.arhont.com/en/wp-content/uploads/2010/01/cisco-torch-0.4b.tar.gz" target="_blank">Cisco-Torch v0.4b</a> (.tar.bz2)<b> | Language ::</b> Perl<b><br /></b></div>
<div style="text-align: justify;">
<b>Official Website :: </b> <a href="http://www.arhont.com/en/category/resources/tools-utilities/">http://www.arhont.com/en/category/resources/tools-utilities/</a></div>

Cisco Torch (Scanning, Fingerprinting and Exploitation) :: Tools

Cisco Torch is a mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the "Hac...

Nmap and Zenmap (Network Discovery and Security Auditing) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="nmap scanner logo" border="0" height="210" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPn1QPXq_tY_zK1uLIjY-6fyXimOMxgo3rq52s-03wGFIiM3FEUXb1R_uZpS2QvMEucVny6EK7w0eYYGJ5JKDgUtasnKL7WqkAIA5QMKqB05XXAv_va-hOLNd2wlIHxv1cUDpxCVa4kxbF/s1600/nmap.jpg" title="nmap scanner logo" width="400" /></div>
</div>
<div style="text-align: justify;">
<b>Nmap ("Network Mapper")</b> is a free and open source (license) utility for <b>network discovery and security auditing.</b> Many systems and network administrators also find it useful for tasks such as <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> inventory, managing service upgrade schedules, and <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">monitoring</a> host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packet</a> filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, and <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X</a>. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI</a> and results viewer <b>(Zenmap)</b>, a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis tool</a> (Nping).<br />
<br />
<b>Nmap</b> was named “<a href="http://www.toolwar.com/search/label/Security" target="_blank">Security</a> Product of the Year” by Linux Journal, Info World, LinuxQuestions.Org, and Codetalker Digest. It was even featured in twelve movies, including The Matrix Reloaded, Die Hard 4, Girl With the Dragon Tattoo, and The Bourne Ultimatum.<br />
<br />
<b>Nmap is::</b></div>
<ul style="text-align: justify;">
<li>    Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, <a href="http://www.toolwar.com/search/label/IDS" target="_blank">firewalls</a>, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), <b>OS detection</b>, version detection, ping sweeps, and more. See the documentation page.</li>
<li>    Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines.</li>
<li>    Portable: Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.</li>
<li>    Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source.</li>
<li>    Free: The primary goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/auditors/hackers with an advanced tool for exploring their networks. Nmap is available for free download, and also comes with full source code that you may modify and redistribute under the terms of the license.</li>
<li>    Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, tutorials, and even a whole book! Find them in multiple languages here.</li>
<li>    Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-traffic nmap-hackers announcement list. You can also find Nmap on Facebook and Twitter. For real-time chat, join the #nmap channel on Freenode or EFNet.</li>
<li>    Acclaimed: <b>Nmap</b> has won numerous awards, including "Information Security Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles, several movies, dozens of books, and one comic book series. Visit the press page for further details.</li>
<li>    Popular: Thousands of people download <b>Nmap</b> every day, and it is included with many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc). It is among the top ten (out of 30,000) programs at the Freshmeat.Net repository. This is important because it lends Nmap its vibrant development and user support communities. </li>
</ul>
<h3>
Tutorials ::</h3>
<b>Tutorial (Max OS X) :: </b><a href="http://nmap.org/book/inst-macosx.html#inst-macosx-source">Click Here</a><br />
<b>Tutorial (Windows) :: </b><a href="http://nmap.org/book/inst-windows.html#inst-win-source">Click Here</a> <b><br />
</b><br />
<b>Tutorial (Linux) ::</b> <a href="http://nmap.org/book/inst-source.html">Click Here</a><br />
<b>Installation :: </b><a href="http://nmap.org/book/install.html" target="_blank">Click Here</a>   <br />
<b>Tutorials From Basics :: </b><a href="http://nmap.org/bennieston-tutorial/">Click Here </a><br />
<b>Video Tutorial :: </b><br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/RJxF7puQFXI?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<b> </b>
<br />
<h3>
Download ::</h3>
<h3>
</h3>
<b>Download ZenMap (GUI of Nmap) :: </b><a href="http://nmap.org/zenmap/">Click Here</a><b> </b><br />
<b>Windows :: </b><a href="http://nmap.org/dist/nmap-6.40-setup.exe">Nmap-Latest</a> (.exe)
<b> </b><br />
<b>Linux :: </b><a href="http://nmap.org/dist/nmap-6.40.tar.bz2">Nmap Latest</a> (.tar.bz2)<b> </b><br />
<b>Mac :: </b><a href="http://nmap.org/dist/nmap-6.40-2.dmg">Nmap Latest</a> (.dmg)<b> </b>
<b>  </b><br />
<b>Official Website ::</b> <a href="http://nmap.org/">http://nmap.org/</a>
<br />
<div style="text-align: justify;">
</div>

Nmap and Zenmap (Network Discovery and Security Auditing) :: Tools

Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many syste...

FTester (Testing Firewall Filtering Policies and IDS Capabilities) :: Tools

<div style="text-align: justify;">
<div class="section">
      <div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2h4CgTrZX0VYiu63TmUAtbc4QAObotOLBVPALrQnQ8EFD3Xii02746KHPmYlcOy05O2996O4ZQkhmZ02DFzrpgLuSLR8wzAHvdVCdJO_f9rD6xOK9IV7pzIgiROpp2C_RJvsLGF0IkuR7/s1600/FTester+Screenshot.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="FTester Screenshot" border="0" height="267" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2h4CgTrZX0VYiu63TmUAtbc4QAObotOLBVPALrQnQ8EFD3Xii02746KHPmYlcOy05O2996O4ZQkhmZ02DFzrpgLuSLR8wzAHvdVCdJO_f9rD6xOK9IV7pzIgiROpp2C_RJvsLGF0IkuR7/s1600/FTester+Screenshot.JPG" title="FTester Screenshot" width="400" /></a></div>
The <b>Firewall Tester (FTester)</b> is a tool designed for <b>testing firewall
      filtering policies and Intrusion Detection System (IDS) capabilities.</b><br />

The tool consists of two perl scripts, a <span id="goog_1392660018"></span><a href="http://www.toolwar.com/search/label/Packet">packet injector<span id="goog_1392660019"></span></a> (ftest) and a
      listening <a href="http://www.toolwar.com/search/label/Sniffer">sniffer</a> (ftestd). The first script injects custom packets, defined
      in ftest.conf, with a signature in the data part while the sniffer listens for
      such marked packets. The scripts both write a log file which is in the same
      form for both scripts. A comparison of the two produced log files (ftest.log and ftestd.log)
      outlines the packets that were unable to reach the sniffer due to filtering rules
      if these two scripts are ran on hosts placed on two different sides of a
      <a href="http://www.toolwar.com/search/label/IDS">firewall</a>. Stateful inspection firewalls are handled with the 'connection
      spoofing' option. A script called freport is also available to automatically
      parse the log files.<br />

Using the tool is not a completely automated process, ftest.conf must
      be crafted for every different situation. Examples and rules are included in
      the attached configuration file.<br />

The <a href="http://www.toolwar.com/search/label/IDS">IDS (Intrusion Detection System)</a> testing feature can be used
      either with ftest only or with the additional support of ftestd for handling
      stateful inspection IDS, ftest can also use common IDS evasion techniques. The
      script can also process snort rule definition files.<br />

<h3>
Features:</h3>
<ul>
<li>firewall testing</li>
<li>IDS testing</li>
<li>simulation of real tcp connections for stateful inspection firewalls and IDS</li>
<li>TCP connection spoofing</li>
<li>IP fragmentation / TCP segmentation</li>
<li>IDS evasion techniques</li>
</ul>
<b>NOTE</b>: this tool is now outdated and is presented here for historical
      reasons, a complete rewrite with new features and IPv6 support is scheduled for
      sometime in the future.<br />

</div>
</div>
<div style="text-align: justify;">
<br />
<h3>
Tutorials ::</h3>
<b>Installation ::</b><br />

<div class="MsoNormal">
FTester components are PERL scripts. They can be executed on
any platform with a recent version of PERL. Three perl modules -<span style="mso-spacerun: yes;">Ý </span>Net::RawIP, Net::PcapUtils, and NetPacket ñ
are also required. These can be downloaded at the Comprehensive Perl Archive
Network (<a href="http://www.cpan.org/" target="_new">CPAN</a>), and<span style="color: red;"> </span>you
can install them using the CPAN shell. </div>
<div class="MsoNormal">
Installation is quite simple. <span style="font-family: Courier;">Untar</span>
the latest archive. Everything you need will be decompressed along with an
example configuration file, documentation and a script called <span style="font-family: Courier;">freport</span> for comparing <span style="font-family: Courier;">ftest</span> and <span style="font-family: Courier;">ftestd</span>
log files. Before using the package I recommend to read and fully understand
all documentation.</div>
<b>ManPage ::</b> <a href="http://www.inversepath.com/ftester_man.html" target="_blank">Click Here</a><br />
<b>Documentation :: </b><a href="http://dev.inversepath.com/ftester/README" target="_blank">Click Here</a><br />
<b>Published Paper ::</b> <a href="http://www.tisc-insight.com/newsletters/56.html" target="_blank">Click Here</a></div>
<div style="text-align: justify;">
<h3>
Download ::</h3>
</div>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://dev.inversepath.com/ftester/ftester-latest.tar.gz" target="_blank">FTester-Latest</a> (.tar.gz)<b><br /></b></div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.inversepath.com/ftester.html" target="_blank">http://www.inversepath.com/ftester.html</a></div>

FTester (Testing Firewall Filtering Policies and IDS Capabilities) :: Tools

The Firewall Tester (FTester) is a tool designed for testing firewall filtering policies and Intrusion Detection System (ID...

Wafw00f (Web Application Firewall Detection) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEPFB63-uWGx3aIVZ5ZzxS1NkiNshLYe7Jic5FFeulXya-517a-PboH8hrWZkQpOl-mI9kSJMdQo1aByMhfdZITiQalnRB5h2HIgcbwvGtxg6nKUL_ePCsWTbosFDnmLr2IEwNhPzBYca9/s1600/wafw00f+screenshot.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="wafw00f screenshot" border="0" height="281" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEPFB63-uWGx3aIVZ5ZzxS1NkiNshLYe7Jic5FFeulXya-517a-PboH8hrWZkQpOl-mI9kSJMdQo1aByMhfdZITiQalnRB5h2HIgcbwvGtxg6nKUL_ePCsWTbosFDnmLr2IEwNhPzBYca9/s1600/wafw00f+screenshot.JPG" title="wafw00f screenshot" width="400" /></a></div>
<div style="text-align: justify;">
<b>Web Application Firewalls (WAFs) </b>can be detected through 
stimulus/response testing scenarios. Here is a short listing of possible
 detection methods:
</div>
<ul style="text-align: justify;">
<li><b>Cookies</b>: Some WAF products add their own cookie in the HTTP communication.
</li>
<li><b>Server Cloaking</b>: Altering URLs and Response Headers
</li>
<li><b>Response Codes</b>: Different error codes for hostile pages/parameters values
</li>
<li><b>Drop Action</b>: Sending a FIN/RST packet (technically could also be an IDS/IPS)
</li>
<li><b>Pre Built-In Rules</b>: Each WAF has different negative security signatures
</li>
</ul>
<div style="text-align: justify;">
<b>WafW00f </b>is based on these assumptions to determine remote WAFs. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<pre>$ <b>python wafw00f.py http://www.aldeid.com</b>
                                ^     ^
       _   __  _   ____ _   __  _    _   ____
      ///7/ /.' \ / __////7/ /,' \ ,' \ / __/
     | V V // o // _/ | V V // 0 // 0 // _/  
     |_n_,'/_n_//_/   |_n_,' \_,' \_,'/_/    
                               <   
                                ...'
                                
   WAFW00F - Web Application Firewall Detection Tool
   
   By Sandro Gauci && Wendel G. Henrique

Checking http://www.aldeid.com
Generic Detection results:
The site http://www.aldeid.com <span style="background: #ffff00; color: black;">seems to be behind a WAF </span>
Reason: Blocking is being done at connection/packet level.
Number of requests: 13</pre>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b></div>
<pre>$ <b>cd /data/pentest/web/</b>
$ <b>svn checkout <a class="external free" href="http://waffit.googlecode.com/svn/trunk/" rel="nofollow" target="_blank">http://waffit.googlecode.com/svn/trunk/</a> waffit-read-only</b></pre>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.aldeid.com/wiki/Wafw00f">http://www.aldeid.com/wiki/Wafw00f</a></div>

Wafw00f (Web Application Firewall Detection) :: Tools

Web Application Firewalls (WAFs) can be detected through stimulus/response testing scenarios. Here is a short listing of possible detec...

Fragroute :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ7jo1_vjG2XgLQxevu8HSHLP5HXWK9U13ZtsPZ-8BjIWb42nfMZoi3lZP38PUekGaUY_b7EUj2OB5KGIYr97sJmVvd8ToD6esQTAUUuliELCScxrLNogl82uw6gc38sPZXclTroqB0vzd/s1600/fragroute.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="fragroute screenshot" border="0" height="235" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ7jo1_vjG2XgLQxevu8HSHLP5HXWK9U13ZtsPZ-8BjIWb42nfMZoi3lZP38PUekGaUY_b7EUj2OB5KGIYr97sJmVvd8ToD6esQTAUUuliELCScxrLNogl82uw6gc38sPZXclTroqB0vzd/s1600/fragroute.JPG" title="fragroute screenshot" width="400" /></a></div>
<div style="text-align: justify;">
<b>Fragroute</b> intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998. </div>
<div style="text-align: justify;">
It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. </div>
<div style="text-align: justify;">
This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour.  Please do not abuse this software. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<b> Required libraries ::</b> <br />
<ul>
<li>libdnet </li>
<li>libpcap </li>
<li>libevent (for non-Windows platforms) </li>
</ul>
<div style="text-align: justify;">
<b>Installation :: </b><a href="http://www.monkey.org/~dugsong/fragroute/INSTALL" target="_blank">Click Here</a></div>
<div style="text-align: justify;">
<b>ManPage :: </b><a href="http://www.monkey.org/~dugsong/fragroute/fragroute.8.txt" target="_blank">Click Here</a><br />
<b>Video Tutorial :: </b> </div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/k7viy_NN8f4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://www.monkey.org/~dugsong/fragroute/fragroute-1.2.tar.gz" target="_blank">Fragroute v1.2</a> (.tar.gz)</div>
<div style="text-align: justify;">
<b>Official Website :: </b> <a href="http://www.monkey.org/~dugsong/fragroute/">http://www.monkey.org/~dugsong/fragroute/</a></div>

Fragroute :: Tools

Fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in...

BlindElephant (Web Application Fingerprinting) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipt-PGEQbszCnUumUvyuXZt9TWyLVMKHh4zJ6Nms53hyphenhyphenEdN-vLqt0RuDiSAnxFXphRcokFnxoZolzQ5zf4XZL-iQlMn-HMKs3twBbf5TdM_E1hO169ojrWt8AAj2r1IrStX8rDokXXSae8/s1600/BlindElephant+logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="287" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipt-PGEQbszCnUumUvyuXZt9TWyLVMKHh4zJ6Nms53hyphenhyphenEdN-vLqt0RuDiSAnxFXphRcokFnxoZolzQ5zf4XZL-iQlMn-HMKs3twBbf5TdM_E1hO169ojrWt8AAj2r1IrStX8rDokXXSae8/s1600/BlindElephant+logo.png" width="320" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The <b>BlindElephant</b> is a <b>Web Application Fingerprinter</b> attempts to discover the 
version of a (known) <a href="http://www.toolwar.com/search/label/Web" target="_blank">web application</a> by comparing static files at known 
locations against precomputed <a href="http://www.toolwar.com/search/label/Hash" target="_blank">hashes</a> for versions of those files in all 
all available releases. The technique is fast, low-bandwidth, 
non-invasive, generic, and highly automatize. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Discussion and Forum :: </b><a href="http://www.qualys.com/blindelephant" target="_blank">Click Here</a></div>
<div style="text-align: justify;">
<b>Installation ::</b></div>
<div style="text-align: justify;">
Installation is only required if you plan to use BlindElephant as a 
library. Make sure that your <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a> installation has distutils, and then
 do: </div>
<div style="text-align: justify;">
<span style="font-size: large;"><span style="font-family: "Courier New",Courier,monospace;"><code>cd blindelephant/src</code><code>sudo python setup.py install</code></span></span></div>
<br />
<b>Example Usage (Command Line) :: </b><br />

setup.py will have placed BlindElephant.py in your /usr/local/bin dir. 
<br />
<pre style="border-left: 5px solid #ddd; padding: 10px;"><span style="font-family: "Courier New",Courier,monospace;">$ BlindElephant.py 
Usage: BlindElephant.py [options] url appName

Options:
  -h, --help            show this help message and exit
  -p PLUGINNAME, --pluginName=PLUGINNAME
                        Fingerprint version of plugin (should apply to web app
                        given in appname)
  -s, --skip            Skip fingerprinting webpp, just fingerprint plugin
  -n NUMPROBES, --numProbes=NUMPROBES
                        Number of files to fetch (more may increase accuracy).
                        Default: 15
  -w, --winnow          If more than one version are returned, use winnowing
                        to attempt to narrow it down (up to numProbes
                        additional requests).
  -l, --list            List supported webapps and plugins

Use "guess" as app or plugin name to attempt to attempt to
discover which supported apps/plugins are installed.

$ python BlindElephant.py http://laws.qualys.com movabletype
Loaded /usr/local/lib/python2.6/dist-packages/blindelephant/dbs/movabletype.pkl with 96 versions, 2229 differentiating paths, and 209 version groups.
Starting BlindElephant fingerprint for version of movabletype at http://laws.qualys.com

Fingerprinting resulted in:
4.22-en
4.22-en-COM
4.23-en
4.23-en-COM

Best Guess: 4.23-en-COM</span>
</pre>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-size: large;"><span style="font-family: "Courier New",Courier,monospace;"><code><span style="font-family: "Helvetica Neue",Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>More Help :: </b><a href="http://sourceforge.net/p/blindelephant/code/HEAD/tree/trunk/" target="_blank">Click Here</a></span></span> </code></span></span></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: left;">
<b>Linux Command  :: </b><code>svn co https://blindelephant.svn.sourceforge.net/svnroot/blindelephant/trunk blindelephant</code></div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://blindelephant.sourceforge.net/">http://blindelephant.sourceforge.net/</a></div>

BlindElephant (Web Application Fingerprinting) :: Tools

The BlindElephant is a Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing sta...

SARA (Security Auditor's Research Assistant) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="SARA - Security Auditor's Research Assistant" border="0" height="328" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTrFtEfewv2qJbhJrO35NMjPReB75buAjazNxPAGzn_8ewu8Kl2MR6bqR7jOcWgPl2nauo85Ttm13awIkk-HKsG3RzQwwaqJLguI0HYkFQBNeOqERU6aVXWY7Iloxk6dJPbufNj51Rz3NM/s1600/network-security-tips.jpg" title="SARA - Security Auditor's Research Assistant" width="640" /></div>
<div style="text-align: justify;">
The <b>Security Auditor's Research Assistant (SARA)</b> is a third generation <b>network security analysis tool</b> that that has been available and actively updated for over 10 years. Sadly, all good things have to come to an end and so it goes for SARA. <b>SARA 7.9.1</b> is our last release.(1 May 2009) Actually, SARA-7.9.2a is the final release (1 August 2009).<br /><br />SARA:</div>
<ol style="text-align: justify;">
<li>    Operates under Unix, <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, <a href="http://www.toolwar.com/search/label/Mac" target="_blank">MAC OS/X</a> or <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (through coLinux) OS'.</li>
<li>    Integrates the National Vulnerability Database (NVD).</li>
<li>    Performs SQL injection tests.</li>
<li>    Performs exhaustive XSS tests</li>
<li>    Can adapt to many firewalled environments.</li>
<li>    Support remote self scan and API facilities.</li>
<li>    Used for CIS benchmark initiatives</li>
<li>    Plug-in facility for third party apps</li>
<li>    CVE standards support</li>
<li>    Enterprise search module</li>
<li>    Standalone or daemon mode</li>
<li>    Free-use open SATAN oriented license</li>
</ol>
<div style="text-align: justify;">
The first generation assistant, the Security Administrator's Tool for Analyzing <a href="http://www.toolwar.com/search/label/Network" target="_blank">Networks</a> (SATAN) was developed in early 1995. It became the benchmark for <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">network security analysis</a> for several years. However, few updates were provided and the tool slowly became obsolete in the growing threat environment. <br /><br /><h3>
Tutorials ::</h3>
<b><span style="font-size: small;">Installation ::</span></b> <span style="font-weight: normal;"><a href="http://www-arc.com/sara/cosara/index.shtml" target="_blank">Click Here</a></span><br />
<h3>
Download ::</h3>
<b>Windows :: </b><a href="http://www-arc.com/sara/downloads/cosara/cosara-7.4.1.exe" target="_blank">coSARA v7.4.1</a> (.exe)<b><br />Linux :: </b><a href="http://www-arc.com/sara/downloads/sara-7.9.2a.tgz" target="_blank">SARA v7.9.2a</a> (.tar.gz)<b><br />Official Website :: </b><a href="http://www-arc.com/sara/">http://www-arc.com/sara/</a><br /><br /></div>

SARA (Security Auditor's Research Assistant) :: Tools

The Security Auditor's Research Assistant (SARA) is a third generation network security analysis tool that that has been available ...

IronWASP (Web Application Advaced Security Testing Platform) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiIe0rfi3alWm5nNnOkzOsCwxWkvTGEZszoQ6V6CqzE9CWjbo_A4crurTQ2UKyOjm5HLNA9FL0P67Vjg2Rvnfuaj9HaEy5iky1SX9TfSfsJi_qC8Zn3KcLEp5JD_gC0J3Wo6HKzEwuAMrm/s1600/IronWASP+Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="IronWASP Screenshot" border="0" height="222" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiIe0rfi3alWm5nNnOkzOsCwxWkvTGEZszoQ6V6CqzE9CWjbo_A4crurTQ2UKyOjm5HLNA9FL0P67Vjg2Rvnfuaj9HaEy5iky1SX9TfSfsJi_qC8Zn3KcLEp5JD_gC0J3Wo6HKzEwuAMrm/s1600/IronWASP+Screenshot.png" title="IronWASP Screenshot" width="640" /></a></div>
<b>IronWASP (Iron Web application Advanced Security testing Platform)</b> is an  open source <a href="http://www.toolwar.com/search/label/System" target="_blank">system</a> for <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> application <a href="http://www.toolwar.com/search/label/Vulenrability" target="_blank">vulnerability</a> testing. It is  designed to be customizable to the extent where users can create their  own custom <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanners</a> using it.         Though an advanced user with <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>/Ruby scripting expertise  would be able to make full use of the platform, a lot of the tool's  features are simple enough to be used by absolute beginners. </div>
<div style="text-align: justify;">
<b>IronWASP</b> has a plugin system that supports Python and Ruby. The version  of Python and Ruby used in <b>IronWASP</b> is IronPython and IronRuby which is  syntactically similar to CPython and CRuby. However some of the standard  libraries might not be available, instead plugin authors can make use  of the powerful IronWASP API.                   </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>IronWASP Blog : : </b><a href="http://blog.ironwasp.org/" target="_blank">Click Here </a></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/yUoPRnEf22I?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
 </h3>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Windows :: </b><a href="https://ironwasp.org/ironwasp.zip" target="_blank">IronWASP v0.9.7.5</a><b> </b>(.zip)</div>
<div style="text-align: justify;">
<b>Linux :: </b></div>
<div style="text-align: justify;">
<b><span style="font-family: "Courier New",Courier,monospace;">wget http://blog.anantshri.info/content/uploads/2013/01/ironwasp_installer.sh.txt -O ~/ironwasp_installer.sh && sh ~/ironwasp_installer.sh </span></b></div>
<div style="text-align: justify;">
<b>Mac :: </b>IronWASP runs on Mac with <a href="http://www.codeweavers.com/products/">CrossOver</a>.</div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://ironwasp.org/">http://ironwasp.org/</a></div>

IronWASP (Web Application Advaced Security Testing Platform) :: Tools

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testin...

ACE (Telephony Analysis) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWLRvwL7u17Q85XO9IPzEMIVsSg9m8CoZRlKLo-f6NhIRybAW0vQo3-YLRAXw_xVs3yOaaI3CQClkkVlDjbGbvYks6TS9rXYckfQzKMuMOSTC0JF9EmfHYq9swqpI1cBXSTCePFuQDtCaG/s1600/VoIP+Phones.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="304" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWLRvwL7u17Q85XO9IPzEMIVsSg9m8CoZRlKLo-f6NhIRybAW0vQo3-YLRAXw_xVs3yOaaI3CQClkkVlDjbGbvYks6TS9rXYckfQzKMuMOSTC0JF9EmfHYq9swqpI1cBXSTCePFuQDtCaG/s1600/VoIP+Phones.jpg" width="640" /></a></div>
<div style="text-align: justify;">
<b>ACE (Automated Corporate Enumerator)</b> is a simple yet  powerful <b><a href="http://www.toolwar.com/search/label/VOIP" target="_blank">VoIP</a> Corporate Directory enumeration tool</b> that mimics the  behavior of an IP Phone in order to download the name and extension  entries that a given phone can display on its screen interface.  In the  same way that the "corporate directory" feature of VoIP hardphones  enables users to easily dial by name via their VoIP handsets, ACE was  developed as a research idea born from <b>"VoIP Hopper"</b> to automate VoIP  <a href="http://www.toolwar.com/search/label/Attack" target="_blank">attacks</a> that can be targeted against names in an enterprise Directory.   The concept is that in the future, attacks will be carried out against  users based on their name, rather than targeting VoIP traffic against  random RTP audio streams or IP addresses.  ACE works by using DHCP,  TFTP, and HTTP in order to download the VoIP corporate directory.  It  then outputs the directory to a text file, which can be used as input to  other VoIP assessment tools. <b> ACE is a standalone utility,</b> but its  functions are integrated into UCSniff.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Features ::</b></div>
<div style="text-align: justify;">
ACE currently supports the VoIP corporate directory used in Cisco Unified IP Phones.  It works in the following way:</div>
<ul style="text-align: justify;">
<li>Spoofs CDP to get VVID</li>
<li>Adds Voice VLAN Interface (VLAN Hop) - subsequent traffic is tagged with VVID</li>
<li>Sends DHCP request tagged with VVID</li>
<li>Decodes TFTP Server IP Address via DHCP Option 150</li>
<li>Sends a TFTP request for IP Phone configuration file</li>
<li>Parses file, learning Corporate Directory URL</li>
<li>Sends an HTTP GET request for Directory</li>
<li>Parses XML Data, writing directory users to a formatted text file</li>
</ul>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Usages :: </b></div>
<div style="text-align: justify;">
ACE can be used in one of two ways. First, it can auto-discover the TFTP Server IP Address via DHCP, or (second) the user can specify the TFTP Server IP address as a command line parameter of the tool. In either case, you must supply the MAC Address of the IP Phone with the -m option in order for the tool to correctly download the configuration file via TFTP.<br />ACE v1.0: Automated Corporate (Data) Enumerator<br />Usage: ace [-i interface] [ -m mac address ] [ -t tftp server ip address | -c cdp mode | -v voice vlan id | -r vlan interface | -d verbose mode ]<br /><br />-i (Mandatory) Interface for sniffing/sending packets<br />-m (Mandatory) MAC address of the victim IP phone<br />-t (Optional) tftp server ip address<br />-c (Optional) 0 CDP sniff mode, 1 CDP spoof mode<br />-v (Optional) Enter the voice vlan ID<br />-r (Optional) Removes the VLAN interface<br />-d (Optional) Verbose | debug mode<br /><br />Example Usages:<br />Usage requires MAC Address of IP Phone supplied with -m option<br />Usage: <span style="font-family: "Courier New",Courier,monospace;">ace -t -m</span><br /><br />Mode to automatically discover TFTP Server IP via DHCP Option 150 (-m)<br />Example: <span style="font-family: "Courier New",Courier,monospace;">ace -i eth0 -m 00:1E:F7:28:9C:8e</span><br /><br />Mode to specify IP Address of TFTP Server<br />Example: <span style="font-family: "Courier New",Courier,monospace;">ace -i eth0 -t 192.168.10.150 -m 00:1E:F7:28:9C:8e</span><br /><br />Mode to specify the Voice VLAN ID<br />Example: <span style="font-family: "Courier New",Courier,monospace;">ace -i eth0 -v 96 -m 00:1E:F7:28:9C:8E</span><br /><br />Verbose mode<br />Example: <span style="font-family: "Courier New",Courier,monospace;">ace -i eth0 -v 96 -m 00:1E:F7:28:9C:8E -d</span><br /><br />Mode to remove vlan interface<br />Example: <span style="font-family: "Courier New",Courier,monospace;">ace -r eth0.96</span><br /><br />Mode to auto-discover voice vlan ID in the listening mode for CDP<br />Example: <span style="font-family: "Courier New",Courier,monospace;">ace -i eth0 -c 0 -m 00:1E:F7:28:9C:8E</span><br /><br />Mode to auto-discover voice vlan ID in the spoofing mode for CDP<br />Example: <span style="font-family: "Courier New",Courier,monospace;">ace -i eth0 -c 1 -m 00:1E:F7:28:9C:8E</span></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://sourceforge.net/projects/ucsniff/files/ace/ace-1.10.tar.gz/download" target="_blank">ACE v1.10</a> (.tar.gz)<b><br />
</b></div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://ucsniff.sourceforge.net/ace.html">http://ucsniff.sourceforge.net/ace.html</a></div>

ACE (Telephony Analysis) :: Tools

ACE (Automated Corporate Enumerator) is a simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of ...

Cisco Global Exploiter (CGE) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjE95qKAuiFSSG89yP0adW44_GbFhQyPv25VQtzfb0sXlcZULk_kYsSmrKlhrhZGj95J1CaXicGo9aMbA-IJhRw9fBfpplvCZg7YWDn-cmp9n3DCvhhPeuPYQ-IYA8jjcmpyRd95Mee7XKc/s1600/Cisco+Global+Exploiter.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="CISCO Global Exploiter" border="0" height="285" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjE95qKAuiFSSG89yP0adW44_GbFhQyPv25VQtzfb0sXlcZULk_kYsSmrKlhrhZGj95J1CaXicGo9aMbA-IJhRw9fBfpplvCZg7YWDn-cmp9n3DCvhhPeuPYQ-IYA8jjcmpyRd95Mee7XKc/s1600/Cisco+Global+Exploiter.PNG" title="CISCO Global Exploiter" width="320" /></a></div>
<div style="text-align: justify;">
<b>Cisco Global Exploiter (CGE)</b>, is an advanced, simple and fast <a href="http://www.toolwar.com/search/label/Security" target="_blank">        security</a> testing tool/ exploit engine, that is able to exploit 14 <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">        vulnerabilities</a> in disparate Cisco switches and routers.  CGE is 
        <a href="http://www.toolwar.com/search/label/CLI" target="_blank">command-line</a> driven <a href="http://www.toolwar.com/2013/09/perl-language.html" target="_blank">perl </a>script which has a simple and easy to use 
        front-end.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
CGE can exploit the following 14 vulnerabilities:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-family: Times New Roman;">[1] - Cisco 677/678 Telnet Buffer 
        Overflow Vulnerability</span></div>
<div style="text-align: justify;">
<span style="font-family: Times New Roman;">[2] - Cisco IOS Router Denial of Service 
        Vulnerability</span></div>
<div style="text-align: justify;">
<span style="font-family: Times New Roman;">[3] - Cisco IOS HTTP Auth Vulnerability</span></div>
<div style="text-align: justify;">
<span style="font-family: Times New Roman;">[4] - Cisco IOS HTTP Configuration 
        Arbitrary Administrative Access Vulnerability[5] - Cisco Catalyst SSH 
        Protocol Mismatch Denial of Service Vulnerability</span></div>
<div style="text-align: justify;">
<span style="font-family: Times New Roman;">[6] - Cisco 675 Web Administration 
        Denial of Service Vulnerability</span></div>
<div style="text-align: justify;">
<span style="font-family: Times New Roman;">[7] - Cisco Catalyst 3500 XL Remote 
        Arbitrary Command Vulnerability</span></div>
<div style="text-align: justify;">
<span style="font-family: Times New Roman;">[8] - Cisco IOS Software HTTP Request 
        Denial of Service Vulnerability</span></div>
<div style="text-align: justify;">
<span style="font-family: Times New Roman;">[9] - Cisco 514 UDP Flood Denial of 
        Service Vulnerability</span></div>
<div style="text-align: justify;">
<span style="font-family: Times New Roman;">[10] - CiscoSecure ACS for Windows NT 
        Server Denial of Service Vulnerability</span></div>
<div style="text-align: justify;">
<span style="font-family: Times New Roman;">[11] - Cisco Catalyst Memory Leak 
        Vulnerability</span></div>
<div style="text-align: justify;">
<span style="font-family: Times New Roman;">[12] - Cisco CatOS CiscoView HTTP Server 
        Buffer Overflow Vulnerability</span></div>
<div style="text-align: justify;">
<span style="font-family: Times New Roman;">[13] - 0 Encoding IDS Bypass 
        Vulnerability (UTF)</span></div>
<div style="text-align: justify;">
<span style="font-family: Times New Roman;">[14] - Cisco IOS HTTP Denial of Service 
        Vulnerability</span></div>
<div style="text-align: justify;">
<br /></div>
<h3 style="margin-bottom: 0px; margin-top: 0px; text-align: justify;">
Tutorial :: </h3>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Installation:</b></div>
<div style="text-align: justify;">
<span style="font-family: Courier New;">tar -zxvf cge-13.tar.gz</span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><span style="font-family: Times New Roman;">Execution:</span></b></div>
<div style="text-align: justify;">
<span style="font-family: Courier New; font-size: x-small;">perl cge.pl <target> <vulnerability 
        number></span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Example output:</b></div>
<div style="text-align: justify;">
<span style="font-size: x-small;"><span style="font-family: Courier New;">[root@hacker cge-13]# perl cge.pl 
        192.168.1.254 3</span><br />
<span style="font-family: Courier New;">Vulnerability successful exploited with 
        [http://192.168.1.254/level/17/exec/....] ...</span></span></div>
<div style="margin-bottom: 0px; margin-top: 0px; text-align: justify;">
The above is trying to exploit <span style="font-family: Times New Roman;">the Cisco 
        IOS HTTP Auth Vulnerability and hopefully using the nice link provided 
        we should have basic access to the switch we are attacking, (not 
        enable):</span></div>
<div style="margin-bottom: 0px; margin-top: 0px; text-align: justify;">
 
        </div>
<h3 style="margin-bottom: 0px; margin-top: 0px; text-align: justify;">
Download ::</h3>
<div style="margin-bottom: 0px; margin-top: 0px; text-align: justify;">
<b>Linux :: </b><a href="http://packetstormsecurity.org/0405-exploits/cge-13.tar.gz" target="_blank">Cisco Global Exploiter</a> (.tar.gz)<b><br /></b></div>
<div style="margin-bottom: 0px; margin-top: 0px; text-align: justify;">
<b>Official Website :: </b><a href="http://www.vulnerabilityassessment.co.uk/cge.htm">http://www.vulnerabilityassessment.co.uk/cge.htm</a></div>

Cisco Global Exploiter (CGE) :: Tools

Cisco Global Exploiter (CGE) , is an advanced, simple and fast security testing tool/ exploit engine, that is able to exploit 14...

Lightbeam for Firefox :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEib8LwYFX-HLYguqrxftKa8XFuXUwwkdHvKAZfApbYN5Vd6kB5Pb-QkCewhw5EAtqk7xnRX5EGLwxTSmNKvqefpZvysWyXvvmeUXlN0_Lhdp-lwgsyXJS9mhaoM6t0MfzWcNC4UEgVfr8kr/s1600/lightbeam+addon.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Lightbeam Addon" border="0" height="249" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEib8LwYFX-HLYguqrxftKa8XFuXUwwkdHvKAZfApbYN5Vd6kB5Pb-QkCewhw5EAtqk7xnRX5EGLwxTSmNKvqefpZvysWyXvvmeUXlN0_Lhdp-lwgsyXJS9mhaoM6t0MfzWcNC4UEgVfr8kr/s1600/lightbeam+addon.png" title="Lightbeam Addon" width="400" /></a></div>
<b>Lightbeam is a Firefox</b> add-on that enables you to see the <b>first and  third party sites you interact with on the <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a></b>. Using interactive  visualizations, <b>Lightbeam</b> shows you the relationships between these  third parties and the sites you visit.</div>
<div style="text-align: justify;">
 Using interactive visualizations, <b>Lightbeam</b> enables you to see the first  and third party sites you interact with on the Web. As you browse,  Lightbeam reveals the full depth of the Web today, including parts that  are not transparent to the average user. Using three distinct  interactive graphic representations — Graph, Clock and List — <b>Lightbeam</b>  enables you to examine individual third parties over time and space,  identify where they connect to your online activity and provides ways  for you to engage with this unique view of the Web.<br />
<br />
<b>How Lightbeam Works ::</b><br />
When  you activate Lightbeam and visit a website, sometimes called the first  party, the add-on creates a real time visualization of all the third  parties that are active on that page. The default visualization is  called the Graph view. As you then browse to a second site, the add-on  highlights the third parties that are also active there and shows which  third parties have seen you at both sites. The visualization grows with  every site you visit and every request made from your browser. In  addition to the Graph view, you can also see your data in a Clock view  to examine connections over a 24-hour period or in a List view to drill  down into individual sites.<br />
<br />
<b>How You Can Use Lightbeam to Help Us Illuminate the Inner Workings of the Web ::</b> <br />
As  a part of Lightbeam, we're creating a big-picture view of how tracking  works on the Internet, and how third-party sites are connected to  multiple other sites. You may contribute your data to our crowdsourced  directory by simply turning on the share switch within the add-on. To  disable crowdsourcing, you can turn it off at any time. You can view  your local data stored within Lightbeam at any time, or save your data  by clicking the "Save" button under the data section on the left side of  the add-on.<br />
<br />
<b>How is my information stored? ::</b><br />
As a  default, all info generated and used for Lightbeam’s visualizations and  features are only stored locally on your computer. You can save a copy  of your connection history at any time, which is also where you can see  the specific data collected by the add-on. You may also reset Lightbeam  to erase your locally stored connection history, disable it to stop data  collection or uninstall it to instantly remove all locally stored data  related to <b>Lightbeam.</b><br />
<h3>
Tutorial :: </h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Axhz4vChpL4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
</h3>
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br />
<b>Download ::</b> <a href="https://addons.mozilla.org/en-US/firefox/addon/lightbeam/?src=search" target="_blank">Click Here</a> (Firefox Add-on)
<b> </b><br />
<b>Official Developer ::</b> Mozilla  </div>

Lightbeam for Firefox :: Tools

Lightbeam is a Firefox add-on that enables you to see the first and third party sites you interact with on the Web . Using interactive ...

SSLsplit (MITM Attack against SSL/TLS) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="sslsplit" border="0" height="220" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiKnDa1SmFAz2I_uUyfY8OE-KawIYa9Rk7T3wbyfUM42-zCwgo1Hs18FThDil200FpKE2OdkcCO9Uvk0_lHGNieQuDLgJxQVuvj7VN0Yhxbtky5w-AyzRHrrqWZB4Qrf8q5dafKyblfRnO/s1600/SSLsplit.jpg" title="sslsplit" width="400" /></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><b>SSLsplit</b> is a tool for <b><a href="http://www.toolwar.com/search/label/MITM" target="_blank">man-in-the-middle attacks</a> against SSL/TLS</b> encrypted
<a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> connections.  Connections are transparently intercepted through a
network address translation engine and redirected to SSLsplit.  <b>SSLsplit</b>
terminates SSL/TLS and initiates a new SSL/TLS connection to the original
destination address, while logging all data transmitted.  SSLsplit is intended
to be useful for network <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensics</a> and <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a>.</span></div>
<br />
<div style="text-align: justify;">
<span style="font-family: inherit;"><b>SSLsplit </b>supports plain TCP, plain SSL, HTTP and HTTPS connections over both
IPv4 and IPv6.  For SSL and HTTPS connections, SSLsplit generates and signs
forged X509v3 certificates on-the-fly, based on the original server certificate
subject DN and subjectAltName extension.  <b>SSLsplit</b> fully supports Server Name
Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and
ECDHE cipher suites.  <b>SSLsplit </b>can also use existing certificates of which the
private key is available, instead of generating forged ones.  <b>SSLsplit</b> supports
NULL-prefix CN certificates and can deny OCSP requests in a generic way.
SSLsplit removes HPKP response headers in order to prevent public key pinning.</span></div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Installation ::</b></div>
<div style="text-align: justify;">
SSLsplit is or will be available as a package or port on the following systems:</div>
<ul style="text-align: justify;">
<li>OpenBSD: security/sslsplit</li>
<li>Arch Linux AUR: sslsplit</li>
<li>Fedora: sslsplit</li>
<li>Kali: sslsplit</li>
<li>Backtrack: sslsplit</li>
</ul>
<div style="text-align: justify;">
<b>To install from source:</b></div>
<div style="text-align: justify;">
<pre><code class=" ruby">make
make <span class="keymethods">test</span>       <span class="comment"># optional unit tests</span>
make install    <span class="comment"># optional install</span>
</code></pre>
</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Usage ::</b></div>
<div style="text-align: justify;">
<pre><code class=" sql">% sslsplit -h
<span class="keyword">Usage</span>: sslsplit [options...] [proxyspecs...]
  -c pemfile  use CA cert (<span class="keyword">and</span> <span class="keyword">key</span>) <span class="keyword">from</span> pemfile <span class="keyword">to</span> sign forged certs
  -k pemfile  use CA <span class="keyword">key</span> (<span class="keyword">and</span> cert) <span class="keyword">from</span> pemfile <span class="keyword">to</span> sign forged certs
  -C pemfile  use CA chain <span class="keyword">from</span> pemfile (intermediate <span class="keyword">and</span> root CA certs)
  -K pemfile  use <span class="keyword">key</span> <span class="keyword">from</span> pemfile <span class="keyword">for</span> leaf certs (<span class="keyword">default</span>: generate)
  -t certdir  use cert+chain+<span class="keyword">key</span> PEM files <span class="keyword">from</span> certdir <span class="keyword">to</span> target <span class="keyword">all</span> sites
              matching the common <span class="keyword">names</span> (non-matching: generate if CA)
  -O          deny <span class="keyword">all</span> OCSP requests <span class="keyword">on</span> <span class="keyword">all</span> proxyspecs
  -P          passthrough SSL connections if they cannot be split because <span class="keyword">of</span>
              client cert auth <span class="keyword">or</span> <span class="keyword">no</span> matching cert <span class="keyword">and</span> <span class="keyword">no</span> CA (<span class="keyword">default</span>: <span class="keyword">drop</span>)
  -g pemfile  use DH <span class="keyword">group</span> params <span class="keyword">from</span> pemfile (<span class="keyword">default</span>: keyfiles <span class="keyword">or</span> auto)
  -G curve    use ECDH named curve (<span class="keyword">default</span>: secp160r2 <span class="keyword">for</span> non-RSA leafkey)
  -Z          disable SSL/TLS compression <span class="keyword">on</span> <span class="keyword">all</span> connections
  -s ciphers  use the given OpenSSL cipher suite spec (<span class="keyword">default</span>: <span class="keyword">ALL</span>:-aNULL)
  -e engine   specify <span class="keyword">default</span> NAT engine <span class="keyword">to</span> use (<span class="keyword">default</span>: ipfw)
  -E          list available NAT engines <span class="keyword">and</span> exit
  -u <span class="keyword">user</span>     <span class="keyword">drop</span> <span class="keyword">privileges</span> <span class="keyword">to</span> <span class="keyword">user</span> (<span class="keyword">default</span> if run <span class="keyword">as</span> root: nobody)
  -j jaildir  chroot() <span class="keyword">to</span> jaildir (<span class="keyword">default</span> if run <span class="keyword">as</span> root: /var/empty)
  -p pidfile  <span class="keyword">write</span> pid <span class="keyword">to</span> pidfile (<span class="keyword">default</span>: <span class="keyword">no</span> pid file)
  -l logfile  <span class="keyword">connect</span> log: log one line summary per <span class="keyword">connection</span> <span class="keyword">to</span> logfile
  -L logfile  content log: <span class="keyword">full</span> data <span class="keyword">to</span> file <span class="keyword">or</span> named pipe (excludes -S)
  -S logdir   content log: <span class="keyword">full</span> data <span class="keyword">to</span> separate files <span class="keyword">in</span> dir (excludes -L)
  -d          daemon mode: run <span class="keyword">in</span> background, log error messages <span class="keyword">to</span> syslog
  -D          debug mode: run <span class="keyword">in</span> foreground, log debug messages <span class="keyword">on</span> stderr
  -V          print version information <span class="keyword">and</span> exit
  -h          print <span class="keyword">usage</span> information <span class="keyword">and</span> exit
  proxyspec = type listenaddr+port [natengine|targetaddr+port|<span class="string">"sni"</span>+port]
  e.g.        http <span class="number">0.0</span>.<span class="number">0.0</span> <span class="number">8080</span> www.roe.ch <span class="number">80</span>  # http/<span class="number">4</span>; static hostname dst
              https ::<span class="number">1</span> <span class="number">8443</span> <span class="number">2001</span>:db8::<span class="number">1</span> <span class="number">443</span>   # https/<span class="number">6</span>; static address dst
              https <span class="number">127.0</span>.<span class="number">0.1</span> <span class="number">9443</span> sni <span class="number">443</span>     # https/<span class="number">4</span>; SNI DNS lookups
              tcp <span class="number">127.0</span>.<span class="number">0.1</span> <span class="number">10025</span>              # tcp/<span class="number">4</span>; <span class="keyword">default</span> NAT engine
              ssl <span class="number">2001</span>:db8::<span class="number">2</span> <span class="number">9999</span> pf          # ssl/<span class="number">6</span>; NAT engine <span class="string">'pf'</span>
Example:
  sslsplit -k ca.<span class="keyword">key</span> -c ca.pem -P  https <span class="number">127.0</span>.<span class="number">0.1</span> <span class="number">8443</span>  https ::<span class="number">1</span> <span class="number">8443</span></code></pre>
</div>
<div style="text-align: justify;">
<code class=" sql"><span style="font-family: "Courier New",Courier,monospace;"><b><span style="font-weight: normal;"><span class="number"><br /></span></span></b></span>
</code></div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Requirements ::</h3>
<div style="text-align: justify;">
SSLsplit depends on the OpenSSL and libevent 2.x libraries.
The build depends on GNU make and a POSIX.2 environment in <code>PATH</code>.
The (optional) unit tests depend on the check library.</div>
<div style="text-align: justify;">
SSLsplit currently supports the following operating systems and NAT engines:</div>
<ul style="text-align: justify;">
<li>FreeBSD: pf rdr and divert-to, ipfw fwd, ipfilter rdr</li>
<li>OpenBSD: pf rdr-to and divert-to</li>
<li>Linux: netfilter REDIRECT and TPROXY</li>
<li>Mac OS X: ipfw fwd and pf rdr (experimental)</li>
</ul>
<h3>
Download ::</h3>
<b>Linux :: </b><a href="http://mirror.roe.ch/rel/sslsplit/sslsplit-0.4.8.tar.bz2" target="_blank">SSLsplit v0.4.8</a> (.tar.bz2)<b><br /></b><br />
<b>Official Website ::</b> <a href="http://www.roe.ch/SSLsplit">http://www.roe.ch/SSLsplit</a><br /><code class=" ruby"><span class="comment"></span>
</code>

SSLsplit (MITM Attack against SSL/TLS) :: Tools

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently interc...

Simple Packet Sender- SRS (Packet Crafting) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7BUKKw498tOZ31MifYW6bPLuJau7rdayfP5pA059VWTSs2bX9U8wBoL0uzzMGPCSIx2uJ2Zd0U3siY6mMaSIHGNiuByoH6wcWmPvKxDi_QhXGorMs_JAvn14nckZgM-3C0XybRLTQpiVN/s1600/tcp-ipv4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Simple Packet sender screenshot" border="0" height="285" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7BUKKw498tOZ31MifYW6bPLuJau7rdayfP5pA059VWTSs2bX9U8wBoL0uzzMGPCSIx2uJ2Zd0U3siY6mMaSIHGNiuByoH6wcWmPvKxDi_QhXGorMs_JAvn14nckZgM-3C0XybRLTQpiVN/s1600/tcp-ipv4.png" title="Simple Packet sender screenshot" width="320" /></a></div>
<div style="text-align: justify;">
<b>Simple Packet Sender (SPS)</b> is a linux <b>packet crafting tool</b>. Supports IPv4, IPv6 including extension
 headers, and tunneling IPv6 over IPv4. Written in C on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> with <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI</a> 
built using GTK+ and released under GPLv3. Does not require pcap.</div>
<h3 style="text-align: justify;">
<b>Features:</b></h3>
<div style="text-align: justify;">
<a href="http://www.toolwar.com/search/label/Packet" target="_blank">Packet</a><a href="http://www.toolwar.com/search/label/Packet" target="_blank"> crafting</a> and sending one, multiple, or flooding IPv4 and IPv6 
packets of type TCP, ICMP, or UDP (or cycle through all three). All 
values within ethernet frame can be modified arbitrarily. Supports IPv4 
header options, TCP header options, and TCP, ICMP and UDP data as well, 
input from either: keyboard as UTF-8/ASCII, keyboard as hexadecimal, or 
from file. IPv6 support includes: hop-by-hop, "first" and "last" destination, 
routing, authentication, and encapsulating security payload (ESP) 
extension headers. For those without access to a native IPv6 <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>, 
IPv6 packets can be transmitted over IPv4 (6to4).</div>
<div style="text-align: justify;">
Packet fragmentation for IPv4, IPv6, and 6to4. Assumed maximum 
transmission unit (MTU) can be changed if unusual fragment sizes are 
needed. IP addresses and port numbers can be randomized. A configurable traceroute function, which supports TCP, ICMP, and UDP packets with all the features mentioned above. View packets in hexadecimal/ASCII representation, in both unfragmented and fragmented forms. All packet settings can be saved to and loaded from file. IP and ASN delegation functions, including: country name/code search 
and reverse-search, autonomous system (AS) number search by country and 
reverse-search,  IPv4 and IPv6 address delegation search and 
reverse-search.</div>
<div style="text-align: justify;">
ARP (IPv4) and Neighbor Discovery (IPv6) for querying a LAN for MAC addresses of local nodes.</div>
<div style="text-align: justify;">
Retrieve MAC address and current MTU setting of any attached network interface. Domain name resolution and <a href="http://www.toolwar.com/search/label/Reverse" target="_blank">reverse</a> resolution.</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorial ::</h3>
<div style="text-align: justify;">
<b>Wiki ::</b> <a href="http://sourceforge.net/p/simplepacket/wiki/Home/" target="_blank">Click Here</a></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="https://sites.google.com/site/simplepacketsender/sps-4.2.tar.gz?attredirects=0" target="_blank">Simple Packet Sender</a> (.tar.gz)<b><br /></b></div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="https://sites.google.com/site/simplepacketsender/">https://sites.google.com/site/simplepacketsender/</a></div>

Simple Packet Sender- SRS (Packet Crafting) :: Tools

Simple Packet Sender (SPS) is a linux packet crafting tool . Supports IPv4, IPv6 including extension headers, and tunneling IPv6 over I...

Rootkit Hunter (Rootkit Scanner) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<b><img alt="rootkit hunter logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmAKcX4SzdyaNdf4DapqpG3d1wMIQl85Bf0MAAPmJDtEku0X-3BPe_s9_ozZkwyHMyJrfIXdORod7eI9TGZejFbegPFldu185F6m872hTfpFEgo8CPqIQPMyFm9ltA2FzzD6V9PhSLSoVP/s1600/Rkhunter.jpg" title="rootkit hunter logo" /></b></div>
<b>Rootkit Hunter</b> is <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanning tool</a> to ensure you for about 99.9%* you're clean of nasty <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>. This tool <i>scans for <a href="http://www.toolwar.com/search/label/Rootkit" target="_blank">rootkits</a>, backdoors and local exploits</i> by running tests like:<br />
<br />
    - MD5 <a href="http://www.toolwar.com/search/label/Hash" target="_blank">hash</a> compare<br />
    - Look for default files used by rootkits<br />
    - Wrong file permissions for binaries<br />
    - Look for suspected strings in LKM and KLD modules<br />
    - Look for hidden files<br />
    - Optional scan within plaintext and binary files<br />
<br />
<b>Rootkit Hunter</b> is released as GPL licensed project and free for everyone to use.* No, not really 99.9%.. It's just another security layer<br />
<br />
<b>System requirements:</b><br />
    - Compatible operating system (see 'Supported operating systems')<br />
    - Bourne Again Shell (BASH)<br />
<br />
<b>Supported operating systems ::</b><br />
- Most <a href="http://www.toolwar.com/search/label/Distribution" target="_blank">Linux distributions</a><br />
- Most *BSD distributions</div>
<div style="text-align: justify;">
<h3>
Tutorial ::</h3>
<b>Scanning Techniques :: </b><a href="http://www.rootkit.nl/articles/rootkit_scanning_techniques.html" target="_blank">Click Here</a><br />
<b>Documentations :: </b><a href="http://www.rootkit.nl/files/rootkit_documentation.html" target="_blank">Click Here</a><br />
<b>Video Tutorial ::</b>  <br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/5ngeBpeRros?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
</div>
<div style="text-align: justify;">
<h3>
Download ::</h3>
</div>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://sourceforge.net/projects/rkhunter/files/latest/download" target="_blank">RootKit Hunter v1.4.0</a> (.tar.gz)<b>
</b></div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.rootkit.nl/projects/rootkit_hunter.html">http://www.rootkit.nl/projects/rootkit_hunter.html</a></div>

Rootkit Hunter (Rootkit Scanner) :: Tools

Rootkit Hunter is scanning tool to ensure you for about 99.9%* you're clean of nasty tools . This tool scans for rootkits , backdoo...

Lynis (Security and System Auditing) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPJSrg2v61K-1SHIewex9MB7DLBAqrgKTy2REJhuc1jyKxL99Tia_vx44VmSeUWWxbHdgZtEVAjWn5GUbxWD9dLfe1o2Suta4Ww_ZgfvwIITFiR8JkMpR5A-ZkTq17LVggAJlfumpTReoW/s1600/lynis-screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="lynis screenshot" border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPJSrg2v61K-1SHIewex9MB7DLBAqrgKTy2REJhuc1jyKxL99Tia_vx44VmSeUWWxbHdgZtEVAjWn5GUbxWD9dLfe1o2Suta4Ww_ZgfvwIITFiR8JkMpR5A-ZkTq17LVggAJlfumpTReoW/s320/lynis-screenshot.png" title="lynis screenshot" width="400" /></a></div>
<div style="text-align: justify;">
<b>Lynis</b> is a <b><i>Security and system auditing tool</i> </b>to harden <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> systems. <b>Lynis</b> is an <b>auditing tool </b>for Unix/Linux (specialists). It scans the  <a href="http://www.toolwar.com/search/label/System" target="_blank">system</a> and available software and performs many individual <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a>  checks. It determines the hardening state of the machine and <a href="http://www.toolwar.com/search/label/Detect" target="_blank">detects</a>  security issues. Beside security related information it will also scan  for general system information, installed packages and possible  configuration errors. <b>Lynis</b> is a <a href="http://www.toolwar.com/search/label/Security" target="_blank">security tool</a> to audit and harden Unix and Linux based  systems. It scans the system by performing many security control checks,  looks for installed software and determines compliance to standards. Also will it detects security issues and errors in configuration. At the  end of the scan it will provide the warnings and suggestions to help  you improving the security defense of your systems.<br />
<br />
This software aims in assisting automated  auditing, hardening, software patch management, <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> and  <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> scanning of Unix/Linux based systems. It can be run without  prior installation, so inclusion on read only storage is possible (<a href="http://www.toolwar.com/search/label/USB" target="_blank">USB</a>  stick, cd/dvd).<br />
<br />
<b>Lynis </b>assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits.<br />
<br />
<b>Intended audience:</b><br />
Security specialists, penetration testers, system auditors, system/network managers.<br />
<br />
<b>Examples of audit tests:</b><br />
- Available authentication methods<br />
- Expired SSL certificates<br />
- Outdated software<br />
- User accounts without password<br />
- Incorrect file permissions<br />
- Configuration errors<br />
- Firewall auditing<br />
<br />
<b>Current state:</b><br />
Stable releases are available, development is active.<br />
<h3>
Tutorials :: </h3>
<b>Documentation :: </b><a href="http://www.rootkit.nl/files/lynis-documentation.html" target="_blank">Click Here</a> </div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/FgkC4k1kJaE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<h3>
<b>Download </b></h3>
<b>Linux ::</b> <a href="http://cisofy.com/files/lynis-1.4.0.tar.gz" target="_blank">Llynis-1.4.0</a> (.tar.gz)</div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://www.rootkit.nl/projects/lynis.html" target="_blank">http://www.rootkit.nl/projects/lynis.html </a></div>
</div>

Lynis (Security and System Auditing) :: Tools

Lynis is a Security and system auditing tool to harden Linux systems. Lynis is an auditing tool for Unix/Linux (specialists). It sca...

FruityWiFi (Wireless Auditing) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="FruityWiFi Screenshot" border="0" height="311" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1JHrHssrXvjVxrIiXhQ2a_6Nw0cQ6Io_oxLac-3nYxXA0ztQBVccfe8XxahD3MDwUa0nN_AyCnTwyNYqRew1esXzke6jIE0oEZJ9-UqWX7VbnNqecm1eywx_ksuFf4SRuUs0ISrTb68ij/s320/FruityWiFi+Screenshot.JPG" title="FruityWiFi Screenshot" width="320" /></div>
<div style="text-align: justify;">
<b>FruityWifi</b> is a <i>wireless network auditing tool</i> based in the <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">wifi</a> 
Pineapple. The application can be installed in any Debian based system 
adding the extra packages. Tested in Debian, <a href="http://www.toolwar.com/2013/09/kali-linux-toolwar.html" target="_blank">Kali Linux</a>, Kali Linux ARM 
(Raspberry Pi), Raspbian (Raspberry Pi), Pwnpi (Raspberry Pi).</div>
<h3 style="text-align: justify;">
Tutorial ::</h3>
<div style="text-align: justify;">
<b> Wiki :: </b><a href="https://github.com/xtr4nge/FruityWifi/wiki" target="_blank">Click Here</a></div>
<h3 style="text-align: justify;">
Download :: </h3>
<div style="text-align: justify;">
<b>Linux ::</b> <a href="https://github.com/xtr4nge/FruityWifi/archive/master.zip" target="_blank">FruityWiFi</a></div>

FruityWiFi (Wireless Auditing) :: Tools

FruityWifi is a wireless network auditing tool based in the wifi Pineapple. The application can be installed in any Debian based syst...

Subscribe to: Posts ( Atom )