WebReaver (Advanced Web Security Scanner) :: Framework

<p style="text-align: center;"><img alt="WebReaver (Advanced Web Security Scanner)" border="0" data-original-height="1180" data-original-width="2048" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3ne2Pm852WocBoS6pz22kpKIauMIwx-ZeFPTcJO-aGtAj8oSokpLjpSwuepPZHfMMuzME0wJa_nx8KJc62uNIUMKOuGHy9Pdf_-zlKrlYFmpW3gVbABfveI7jWvWSWUKFOEyyiUGrtMQ/w400-h230/01.png" title="WebReaver (Advanced Web Security Scanner)" width="400" />  </p><p>WebReaver is an elegant, easy to use and fully-automated, web application security security testing tool for Mac, Windows and Linux, suitable for novice as well as advanced users.</p> <p>WebReaver allows you easily test any web application for a large variety of web vulnerabilities from the sever kinds such as SQL Injection, Local and Remote File Includes, Command Injection, Cross-site Scripting and Expression Injection to the less severe ones such as variety of session and headers problems, information leakage and many more.</p><p><b>Tutorial</b>:</p><p> </p><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="" class="BLOG_video_class" height="266" src="https://www.youtube.com/embed/4w5QbNTED8I" width="320" youtube-src-id="4w5QbNTED8I"></iframe></div><br /><br /><p></p><p><b>Download :</b></p><p><a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver+Setup+0.1.0.exe" rel="nofollow" target="_blank">Windows</a><b> |</b> <a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver-0.1.0.dmg" rel="nofollow" target="_blank">macOS</a><b> | </b><a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver-0.1.0-x86_64.AppImage" rel="nofollow" target="_blank">Linux</a><b><br /></b></p><p><a href="https://webreaver.com/" rel="nofollow" target="_blank"><b>Official Website</b> <br /></a></p>

WebReaver (Advanced Web Security Scanner) :: Framework

  WebReaver is an elegant, easy to use and fully-automated, web application security security testing tool for Mac, Windows and Linux, sui...

Read more »

OWASP Amass - Subdomain Enumeration/Scanner : Tool

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMkkEOynUt7XrCQ08ZO7DXwHrtiOnQ6KzkLBUGr1ORjHVElgEpZ9YVI12g5k_1CWCHXdVc6OtERaG_LVt1zaJauILNLAlL8-xYEHP_XzhiMuaTTQvj24MNCzzlTviXcpeJyIidAxA-V08e/s1600/Amass.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="OWASP Amass Subdomain Scanner" border="0" data-original-height="327" data-original-width="647" height="202" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMkkEOynUt7XrCQ08ZO7DXwHrtiOnQ6KzkLBUGr1ORjHVElgEpZ9YVI12g5k_1CWCHXdVc6OtERaG_LVt1zaJauILNLAlL8-xYEHP_XzhiMuaTTQvj24MNCzzlTviXcpeJyIidAxA-V08e/s400/Amass.JPG" title="OWASP Amass Subdomain Scanner" width="400" /></a></div> <br /> <div style="text-align: justify;"> The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques.</div> <b><br /> </b> <b>Information Gathering Techniques Used:</b><br /> <br /> <div style="text-align: justify;"> 1] DNS: Basic enumeration, Brute forcing (upon request), Reverse DNS sweeping, Subdomain name alterations/permutations, Zone transfers (upon request)</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> 2] Scraping: Ask, Baidu, Bing, CommonCrawl, DNSDumpster, DNSTable, Dogpile, Exalead, FindSubdomains, Google, HackerOne, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ViewDNS, Yahoo</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> 3] Certificates: Active pulls (upon request), Censys, CertDB, CertSpotter, Crtsh, Entrust</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> 4] APIs: AlienVault, BinaryEdge, BufferOver, CIRCL, DNSDB, HackerTarget, Mnemonic, NetworksDB, PassiveTotal, RADb, Robtex, SecurityTrails, ShadowServer, Shodan, Sublist3rAPI, TeamCymru, ThreatCrowd, Twitter, Umbrella, URLScan, VirusTotal</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> 5] Web Archives: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, Wayback</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Video Tutorial:</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/mEQnVkSG19M/0.jpg" frameborder="0" height="330" src="https://www.youtube.com/embed/mEQnVkSG19M?feature=player_embedded" width="100%"></iframe></div> <h3 style="text-align: justify;">  </h3> <h3 style="text-align: justify;"> Documentation:  </h3> <div style="text-align: justify;"> 1] <a href="https://github.com/OWASP/Amass/blob/master/doc/install.md" target="_blank">Installation Guide </a></div> <div style="text-align: justify;"> 2] <a href="https://github.com/OWASP/Amass/blob/master/doc/user_guide.md" target="_blank">User's Manual/How to Use</a></div> <h3 style="text-align: justify;"> Download:</h3> <div style="text-align: justify;"> Amass is available for various platforms like Linux, Windows, MacOS etc.</div> <div style="text-align: justify;"> 1] <a href="https://github.com/OWASP/Amass" target="_blank">Download Link</a></div> <div style="text-align: justify;"> 2] <a href="https://github.com/OWASP/Amass/releases" target="_blank">Precompiled Binary</a> (Windows, MacOS, Linux)</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Official Page:</b> <a href="https://github.com/OWASP/Amass" target="_blank">OWASP Amass</a></div>

OWASP Amass - Subdomain Enumeration/Scanner : Tool

The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and p...

Read more »

Suricata (IDS/IPS Engine) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="suricata logo" border="0" height="265" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBA8R1kVvwx8gIls0T9zJesWG83diVGoQDvpgQ64t30hKH72d_JYtyh6xI7vCSI20ZvkEvN3A3va6GdCt1J0dGvzTFshoa1K338lSeSq1we3BTEUrhBpV9mg7FY32RNfglod3Y94UbDU91/s1600/suricata.png" title="suricata logo" width="320" /></div> <b>The Suricata Engine</b> is an <b>Open Source Next Generation Intrusion Detection and Prevention Engine.</b> This engine is not intended to just replace or emulate the existing <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> in the industry, but will bring new ideas and technologies to the field.<br /> <br /> <b>OISF</b> is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as through the very generous support of the members of the OISF Consortium. More information about the Consortium is available, as well as a list of our current Consortium Members.<br /> <br /> The <b>Suricata </b>Engine and the HTP Library are available to use under the GPLv2.<br /> <br /> The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod <a href="http://www.toolwar.com/search/label/Security" target="_blank">Security</a> fame for the OISF. This integrates and provides very advanced processing of HTTP streams for <b>Suricata</b>. The HTP library is required by the engine, but may also be used independently in a range of applications and tools.</div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <h3> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/A8e3y2DRiWg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> </div> </div> <div style="text-align: justify;"> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/-CDGwRm2ue8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> </div> <div style="text-align: justify;"> <b>Unix, Linux & Mac :: </b><a href="https://redmine.openinfosecfoundation.org/attachments/download/971/Suricata-1.4.7-1-32bit.msi" target="_blank">Suricata v1.4.7</a> (.tar.gz)<b> </b></div> <div style="text-align: justify;"> <b>Windows :: </b><a href="https://redmine.openinfosecfoundation.org/attachments/download/971/Suricata-1.4.7-1-32bit.msi" target="_blank">Suricata v1.4.7.1</a> (.msi)</div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://www.openinfosecfoundation.org/index.php/download-suricata">http://www.openinfosecfoundation.org/index.php/download-suricata</a></div>

Suricata (IDS/IPS Engine) :: Tools

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just re...

Read more »

NoGoToFail :: Network Traffic Security Testing Tool

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrZyKNhyphenhyphenNN1-cYypGXqoLUErO5y7F-od5ou1fO4m9ViAXljsDDnINyDGBvdk1SGRfYbZnVDNBvg_-b7pOI4JTOSKEGfSxfYai6pY0-f5hP_4TTJuvyLdgBbo3Ef4pUS5ylCqFhZZx2SvwW/s1600/NoGotofail+toolwar.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="272" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrZyKNhyphenhyphenNN1-cYypGXqoLUErO5y7F-od5ou1fO4m9ViAXljsDDnINyDGBvdk1SGRfYbZnVDNBvg_-b7pOI4JTOSKEGfSxfYai6pY0-f5hP_4TTJuvyLdgBbo3Ef4pUS5ylCqFhZZx2SvwW/s1600/NoGotofail+toolwar.jpg" width="640" /></a></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Nogotofail</b> is a <b>network security testing tool</b> designed to help developers and <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.</div> <div style="text-align: justify;"> <b>Google</b> is committed to increasing the use of TLS/SSL in all applications and services. But “HTTPS everywhere” is not enough; it also needs to be used correctly. Most platforms and devices have secure defaults, but some applications and libraries override the defaults for the worse, and in some instances we’ve seen platforms make mistakes as well. As applications get more complex, connect to more services, and use more third party libraries, it becomes easier to introduce these types of mistakes.<br />The Android Security Team has built a tool, called <b>nogotofail</b>, that provides an easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations. <b>Nogotofail</b> works for <a href="http://www.toolwar.com/search/label/Android" target="_blank">Android</a>, iOS, <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, Chrome OS, OSX, in fact any device you use to connect to the Internet. There’s an easy-to-use client to configure the settings and get notifications on Android and Linux, as well as the attack engine itself which can be deployed as a router, VPN server, or proxy.<br />We’ve been using this tool ourselves for some time and have worked with many developers to improve the security of their apps. But we want the use of TLS/SSL to advance as quickly as possible. Today, we’re releasing it as an open source project, so anyone can test their applications, contribute new features, provide support for more platforms, and help improve the security of the Internet.</div> <h3 style="text-align: justify;"> <b>Download ::</b></h3> <div style="text-align: justify;"> <b>Python:</b> <a href="https://github.com/google/nogotofail/archive/dev.zip" target="_blank">nogotofail</a> (Github)</div> <div style="text-align: justify;"> <b>Official Website:</b> https://github.com/google/nogotofail</div>

NoGoToFail :: Network Traffic Security Testing Tool

Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connect...

Read more »

The Sleuth Kit (TSK - Forensics) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;">  <img alt="the sleuth kit logo" border="0" height="166" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPBlwuWRltXOU2hEze6gjFS1OxwMM7HIYQuU4ElDgNsV8TmyWm9VYKauKsZbzStobxPbL4KSrUSqGxKXIYhNU4IluquGMQPe90Q6zRuGBMq_N92DQ2PK4G6lfCg8iLWGVDyVT8B8THFPHd/s1600/the+sleuth+kit+logo.gif" title="the sleuth kit logo" width="200" /></div> <b>The Sleuth Kit</b> is a C++ library and collection of open source file system <a href="http://www.toolwar.com/search/label/Forensics" target="_blank"><b>forensics tools</b></a> that allow you to, among other things, view allocated and deleted data from NTFS, FAT, FFS, EXT2, Ext3, HFS+, and ISO9660 images. <br /> <b>The Sleuth Kit® (TSK)</b> is a library and collection of command line <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> that allow you to investigate disk images. The core functionality of <b>TSK</b> allows you to <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analyze</a> volume and file system data. The plug-in <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> allows you to incorporate additional modules to analyze file contents and build automated systems. The library can be incorporated into larger digital forensics tools and the <a href="http://www.toolwar.com/search/label/CLI" target="_blank">command line</a> tools can be directly used to find evidence. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> There are three different packages for each <b>The Sleuth Kit® (TSK) </b>release.</div> <ul style="text-align: justify;"> <li><b>sleuthkit-X.X.X.tar.gz</b>: This is the source code release of TSK core and framework that you must compile on your computer. This is most commonly used on non-<a href="http://www.toolwar.com/search/label/Windows" target="_blank">windows</a> systems.</li> <li><b>sleuthkit-X.X.X-win32.zip</b>: This is the compiled windows release of TSK core. This has executables and libraries that allow you to run this on windows.</li> <li><b>sleuthkit-X.X.X-framework-win32.zip</b>: This is the compiled windows release of the framework. It has the tsk_analyzeimg program that allows you to run the framework on a disk image.</li> </ul> <div style="text-align: justify;"> <br /></div> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/YybBQycLL9w?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/3ieolkMJxJk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> <b>Windows (x86) :: </b><a class="name" href="http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.2/sleuthkit-4.1.2-win32.zip/download" title="Click to download sleuthkit-4.1.2-win32.zip">Sleuthkit-4.1.2-win32.zip</a> | <a class="name" href="http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.2/sleuthkit-4.1.2-framework-win32.zip/download" title="Click to download sleuthkit-4.1.2-framework-win32.zip">Sleuthkit-4.1.2-framework-win32.zip</a> <b> </b><br /> <b>Linux :: </b><a class="name" href="http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.2/sleuthkit-4.1.2.tar.gz/download" title="Click to download sleuthkit-4.1.2.tar.gz">Sleuthkit-4.1.2.tar.gz</a> <br /> <b>Official Website :: </b> <a href="http://www.sleuthkit.org/sleuthkit/">http://www.sleuthkit.org/sleuthkit/</a>

The Sleuth Kit (TSK - Forensics) :: Framework

  The Sleuth Kit is a C++ library and collection of open source file system forensics tools that allow you to, among other things, vie...

Read more »

GoldenEye (DoS Testing) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="ddos icon" border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJOQnS__a36My3QgFrkkZZnKbMa2sQ5wymnzD-TYPn2-Hi3HzwaqF7hyphenhyphenimikRz5C7uJ3EQc2UHSYhjBNDc4TDogFEdp8zIL-ab7q41TBZPSowkU6qXuTkKbYPg3QOuCHEa5gb1WjXFL0js/s1600/ddos+logo.jpg" title="ddos icon" width="400" /></div> <div style="text-align: justify;"> <b>GoldenEye</b> is a <b>HTTP DoS test tool</b>. This software is distributed under the <i>GNU General Public License</i> version 3 (GPLv3). <b>GoldenEye</b> is a <b><acronym title="HyperText Transfer Protocol">HTTP</acronym>/S Layer 7 <a href="http://www.toolwar.com/search/label/DDoS" target="_blank">Denial-of-Service</a> Testing Tool</b>. It uses KeepAlive (and Connection: keep-alive) paired with Cache-Control options to persist socket connection busting through caching (when possible) until it consumes all available sockets on the <acronym title="HyperText Transfer Protocol">HTTP</acronym>/S server.</div> <div style="text-align: justify;"> This project started by the influence of Barry Shteiman who created HULK, a Proof-of-concept <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tool</a> that I decided to improve which later became <b>GoldenEye</b>. Kudos for you Barry! This software is written in purely<a href="http://www.toolwar.com/search/label/Python" target="_blank"> Python</a>.</div> <h3 style="text-align: justify;"> Tutorial ::</h3> <div style="text-align: justify;"> <b>Usages :: </b></div> <pre><span style="font-family: "Courier New",Courier,monospace;"><code> USAGE: ./goldeneye.py <url> [OPTIONS] OPTIONS: Flag Description Default -t, --threads Number of concurrent threads (default: 500) -m, --method HTTP Method to use 'get' or 'post' or 'random' (default: get) -d, --debug Enable Debug Mode [more verbose output] (default: False) -h, --help Shows this help</code></span></pre> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b><span style="font-size: small;"><span style="font-weight: normal;">Python :: <a href="https://github.com/jseidl/GoldenEye/archive/master.zip" target="_blank">GoldenEye</a><b> (.py)</b></span></span></b></div> <div style="text-align: justify;"> <b>Source Website ::</b>  <a href="https://github.com/jseidl/GoldenEye">https://github.com/jseidl/GoldenEye</a></div>

GoldenEye (DoS Testing) :: Tools

GoldenEye is a HTTP DoS test tool . This software is distributed under the GNU General Public License version 3 (GPLv3). GoldenEye is ...

Read more »

KillerBee (Exploiting ZigBee and IEEE 802.15.4 Networks) :: Framework

<div class="separator" style="clear: both; text-align: center;"> <img alt="KillerBee Image" border="0" height="329" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7xn4xzkvBYoqeDLAxh3GYVmNcCIj8wfF43o7uU-YZX4qDFqdlP91terOVNJqb8Zo0hS94LsqWhLGHvoJXzHFJkVYwmnD8YzrW6f-H_ndMaXeF-7iquPRYHz01XL2GKY3V2yXWvycWpApy/s1600/KillerBee+Image.jpg" title="KillerBee Image" width="640" /></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>KillerBee</b> is a Python based <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> and tool set for <b>exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks.</b> Using <b>KillerBee</b> tools and a compatible IEEE 802.15.4 radio interface, you can eavesdrop on ZigBee networks, replay traffic, attack cryptosystems and much more. Using the <b>KillerBee framework</b>, you can build your own <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>, implement ZigBee fuzzing, emulate and attack end-devices, routers and coordinators and much more. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Install on Linux :: </b><a href="https://code.google.com/p/killerbee/wiki/InstallLinuxBackTrack" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <b>Install on Mac :: </b><a href="https://code.google.com/p/killerbee/wiki/InstallOSX" target="_blank">Click Here</a></div> <b>Wiki :: </b><a href="https://code.google.com/p/killerbee/w/list" target="_blank">Click Here</a><br /> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux | Mac :: </b><a href="https://killerbee.googlecode.com/files/killerbee_1_0.tar" target="_blank">KillerBee v1.0</a> (.tar.gz)</div> <div style="text-align: justify;"> <b>Source Website :: </b><a href="https://code.google.com/p/killerbee/">https://code.google.com/p/killerbee/</a></div>

KillerBee (Exploiting ZigBee and IEEE 802.15.4 Networks) :: Framework

KillerBee is a Python based framework and tool set for exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks. ...

Read more »

Volatility (Advanced Memory Forensics Framework) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Volatility Framework (Advance Memory Framework)" border="0" height="244" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwYsvSKFWGazVkY8HTm3e9MOP8FLgDHrNIEhfik5auQuUNypN7S2Vl_ZHpcAkdSMaAcULytu3T0GEW5lT53Towrr6YEo48gjALbDFYqIdwWgbH_SwnzwssHoTNoZWyDysqNDN1W5rFYL0S/s320/volatility+logo.png" title="Volatility Framework (Advance Memory Framework)" width="320" /></div> <b>Volatility Framework</b> is a <i>Advanced Memory Forensics Framework. </i>The <b>Volatility Framework</b> is a completely open collection of <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>, implemented in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> under the GNU General Public License, for the extraction of digital artifacts from volatile <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank"> framework</a> is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile <a href="http://www.toolwar.com/search/label/Memory" target="_blank"> memory</a> samples and provide a platform for further work into this exciting area of research. <br /> The <b>Volatility Framework</b> demonstrates our commitment to and belief in the importance of open source digital investigation <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> . Volatile Systems is committed to the belief that the technical procedures used to extract digital evidence should be open to peer analysis and review. We also believe this is in the best interest of the digital investigation community, as it helps increase the communal knowledge about systems we are forced to investigate. Similarly, we do not believe the availability of these tools should be restricted and therefore encourage people to modify, extend, and make derivative works, as permitted by the GPL. </div> <h3 style="text-align: left;"> <span style="font-size: small;">Capabilities :-</span></h3> <div style="text-align: justify;"> The <b>Volatility Framework</b> currently provides the following extraction capabilities for memory samples </div> <ul style="list-style-type: disc; text-align: justify;"> <li>Image information (date, time, CPU count)</li> <li>Running processes</li> <li>Process SIDs and environment variables</li> <li>Open network sockets</li> <li>Open network connections</li> <li>DLLs loaded for each process</li> <li>Open handles to all kernel/executive objects (files, keys, mutexes)</li> <li>OS kernel modules</li> <li>Dump any process, DLL, or module to disk</li> <li>Mapping physical offsets to virtual addresses</li> <li>Virtual Address Descriptor information</li> <li>Addressable memory for each process</li> <li>Memory maps for each process</li> <li>Extract executable samples</li> <li>Scanning examples: processes, threads, sockets, connections, modules</li> <li>Command histories (cmd.exe) and console input/output buffers</li> <li>Imported and exported API functions</li> <li>PE version information</li> <li>System call tables (IDT, GDT, SSDT)</li> <li>API hooks in user- and kernel-mode (inline, IAT, EAT, NT syscall, winsock)</li> <li>Explore cached registry hives</li> <li>Dump LM/NTLM hashes and LSA secrets</li> <li>User assist and shimcache exploration</li> <li>Scan for byte patterns, regular expressions, or strings in memory</li> <li>Analyze kernel timers and callback functions</li> <li>Report on windows services</li> </ul> <h3> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/zhQP07YKLL0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> </h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/zXh-1mK5FyU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> </h3> <h3> Download ::</h3> <b>Windows :: </b><a href="https://volatility.googlecode.com/files/volatility-2.3.1.standalone.exe" target="_blank">Volatility 2.3.1 Standalone </a><b> </b> <b> </b><br /> <b>Linux :: </b><a href="https://volatility.googlecode.com/files/volatility-2.3.1.tar.gz" target="_blank">Volatility 2.3.1.tar.gz</a><b> </b> <b> </b><br /> <b>Mac :: </b><a href="https://volatility.googlecode.com/files/MacProfilesAll.zip" target="_blank">Volatility Framework </a><br /> <b></b><b>Source :: </b><a href="https://code.google.com/p/volatility/">https://code.google.com/p/volatility/</a><b> </b>

Volatility (Advanced Memory Forensics Framework) :: Framework

Volatility Framework is a Advanced Memory Forensics Framework. The Volatility Framework is a completely open collection of tools , imp...

Read more »

Liffy (Local File Inclusion Exploitation) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEHgUv3G2cSh18uLQRim8Gb5IXVYRmDrm0RRYDS4PNvOY9nqx1BixII41qCSV_QuR3s_OemRkq0lnNGMxMxDVuUZSsKF7L_yVBxEjzkNtuPb0tWrQVme-kk6yZvRanaLs-Vo9GRkRU6CSJ/s1600/Liffy.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Liffy Tool" border="0" height="260" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEHgUv3G2cSh18uLQRim8Gb5IXVYRmDrm0RRYDS4PNvOY9nqx1BixII41qCSV_QuR3s_OemRkq0lnNGMxMxDVuUZSsKF7L_yVBxEjzkNtuPb0tWrQVme-kk6yZvRanaLs-Vo9GRkRU6CSJ/s1600/Liffy.jpg" title="Liffy Tool" width="400" /></a></div> <div style="text-align: justify;"> <b>Liffy</b> is a tool to exploit local file inclusion <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> using the built-in wrappers php://input, data://, and a process control extension called 'expect'. <b>Liffy</b> is written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>.</div> <ul class="task-list" style="text-align: justify;"> <li>Updates * Now comes with ability to use poisoned Apache access logs, and php://filter for code execution and arbitrary file reads.</li> </ul> <div style="text-align: justify;"> <b>Liffy</b> requires the following libraries: requests, argparse, blessings, urlparse In order to host the payload you may use Node's HTTP server. Or you can simply spawn python's SimpleHTTPServer in /tmp on port 8000. Further development of the tool will eventually include spawning a built-in web server in order to download, for now you can adjust the location and port in the source code for your needs. These can be changed in core.py under the execute functions.</div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Example Use ::</b> ./liffy --url http://target/pdfs/vulnerable.php?= --data </div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Linux | Windows | Mac :: </b><a href="https://github.com/rotlogix/liffy/archive/master.zip" target="_blank">Click Here</a><b><br /></b></div> <div style="text-align: justify;"> <b>Source Website :: </b><a href="https://github.com/rotlogix/liffy">https://github.com/rotlogix/liffy</a></div>

Liffy (Local File Inclusion Exploitation) :: Tools

Liffy is a tool to exploit local file inclusion vulnerability using the built-in wrappers php://input, data://, and a process control ...

Read more »

Android Data Extractor Lite (ADEL) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQBpxZgandE5D5alwBw5L_UGL3iMqOEB0ajg_cfYZfsGPuJNAb6b2XDZfvsItEsMGGwHvN19IrpDsUI8B7mEdp8miG2w4DADZEoN2Q964MIdgKQA_fMBhm-xtiEUygQ23IwbcP7PNdMoOI/s1600/ADEL+Image.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="ADEL Android" border="0" height="287" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQBpxZgandE5D5alwBw5L_UGL3iMqOEB0ajg_cfYZfsGPuJNAb6b2XDZfvsItEsMGGwHvN19IrpDsUI8B7mEdp8miG2w4DADZEoN2Q964MIdgKQA_fMBhm-xtiEUygQ23IwbcP7PNdMoOI/s1600/ADEL+Image.png" title="ADEL Android" width="400" /></a></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Android Data Extractor Lite (ADEL)</b> is a <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> script that dumps all important SQLite Databases from a connected <a href="http://www.toolwar.com/search/label/Android" target="_blank">Android</a> smartphone to the local disk and analyzes these files in a forensically accurate workflow. If no smartphone is connected you can specify a local directory which contains the databases you want to <a href="http://www.toolwar.com/search/label/Anaysis" target="_blank">analyze</a>. Afterwards this script creates a clearly structured XML report.</div> <div style="text-align: justify;"> If you connect a smartphone you need a rooted and insecure kernel or a custom recovery installed on the smartphone.</div> <div style="text-align: justify;"> </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> ADEL needs a predefined configuration for each device to work proper. This configuration has to be added in the following file:</div> <div style="text-align: justify;"> <pre><code>xml/phone_configs.xml</code></pre> <pre><code> </code></pre> </div> <div style="text-align: justify;"> As an example we added the configuration for the Samsung Galaxy S2 running Android 2.3.3, more phone configurations will follow. Example for the use of ADEL with a connected smartphone:</div> <div style="text-align: justify;"> <pre><code>adel.py -d device -l 4</code></pre> <pre><code> </code></pre> </div> <div style="text-align: justify;"> Example for the use of ADEL with database backups:</div> <div style="text-align: justify;"> <pre><code>adel.py -d /home/user/backup -l 4 </code></pre> </div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Python Supported Platform :: </b><a href="https://github.com/mspreitz/ADEL/archive/master.zip" target="_blank">ADEL</a> (.py)<br /><b>Source Website ::</b> <a href="https://github.com/mspreitz/ADEL">https://github.com/mspreitz/ADEL</a></div>

Android Data Extractor Lite (ADEL) :: Tools

Android Data Extractor Lite (ADEL) is a Python script that dumps all important SQLite Databases from a connected Android smartphone...

Read more »

BitPim (Manage and Forensics Data of CDMA Phones) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGX39dkjXOp48ppF7W5r8iXJLZS1jOmRfKmVlp9jLAZFgaU5PIGahTf_Iiw0eutIdq4-D27rsZynrg-L2XzUbJA1o-uUt_JhAsfHSND1q85iTITrSMONIlUygkv81G4mk_Ytn8npz2r84N/s1600/BitPim.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="BitPim Screenshot" border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGX39dkjXOp48ppF7W5r8iXJLZS1jOmRfKmVlp9jLAZFgaU5PIGahTf_Iiw0eutIdq4-D27rsZynrg-L2XzUbJA1o-uUt_JhAsfHSND1q85iTITrSMONIlUygkv81G4mk_Ytn8npz2r84N/s1600/BitPim.jpg" title="BitPim Screenshot" width="400" /></a></div> <b>BitPim</b> is a program that allows you to <b>view and manipulate data on many CDMA phones</b> from LG, Samsung, Sanyo and other manufacturers. This includes the PhoneBook, Calendar, WallPapers, RingTones (functionality varies by phone) and the Filesystem for most Qualcomm CDMA chipset based <a href="http://www.toolwar.com/search/label/Phone" target="_blank">phones</a>.<br /> <b>BitPim</b> is a free, open source, cross-platform program for viewing and editing data on a CDMA cell phone. Roger Binns was the founder, project manager, and lead developer of the project, first releasing it on March 1st, 2003. Since then leadership has been handed over to another party and over two million users have downloaded it. The program has been developed in python and originally only supported the LG VX4400 but it now supports a variety of phone manufactures including Audiovox, Kyocera, LG, Motorola, Nokia, Palm, Samsung, Sanyo, and Toshiba.<br /><br />In order to use the program, a data cable and it's drivers, usually available from the supplier/manufacturer, are required. <b>BitPim</b> will try and automatically detect a phone but its recommended that settings are manually configured.<br /> <h3> <b>Features :: </b> </h3> The program can examine the phonebook, calendar, media (e.g. sounds, ringers, images), memos, todo lists, SMS messages, call history, play lists, and raw filesystem from devices.<br /><br />Features are dependent on the phone model. For a full list of each phones supported features see BitPim's supported phones list.<br /><br />The data can be manipulated through the software and changes can be uploaded to the phone. Calendar, Phonebook, Memo, Todo, and Playlist data can all be imported from an external file. For backup purposes all of the data can be exported to external files.<br /> <h3> Forensics :: </h3> If doing a <a href="http://www.toolwar.com/search/label/Investigation" target="_blank">forensic investigation</a> the application should always be in read only mode, which claims to block all write commands to the phone. The program will not recover deleted data nor does it always recover all undeleted data. The file system view is a very important feature forensically as it allows a raw view of data from the phone, possibly uncovering data that <b>BitPim</b> missed or found unimportant. An advanced feature that could also be vital to a <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensic</a> investigation is BitFling. This feature allows another computer to remotely access a phones data over the internet. A phone could be confiscated in California, connected to BitPim with BitFling configured, and be forensically analyzed in New York. Lastly exporting the data is very important so that copies of the data can be made, ensuring no data is lost or manipulated. <br /> <br /></div> <div style="text-align: justify;"> <b>All Supported model of Phones ::</b> <a href="http://www.bitpim.org/help/" target="_blank">Click Here</a> </div> <div style="text-align: justify;"> <b>FAQ ::</b> <a href="http://www.bitpim.org/help/faq.htm" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <b>Help and Support :: </b><a href="http://www.bitpim.org/help/support.htm" target="_blank">Click Here</a></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/75tNvKLz0F8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows | Linux | Mac :: </b><a href="http://prdownloads.sourceforge.net/bitpim/bitpim-1.0.7-setup.exe?download" target="_blank">BitPim</a> (.exe) | <a href="http://prdownloads.sourceforge.net/bitpim/bitpim-1.0.7-0.i386.rpm?download" target="_blank">BitPim</a> (.rpm) | <a href="http://prdownloads.sourceforge.net/bitpim/LEOPARD-bitpim-1.0.7.dmg?download" target="_blank">BitPim</a> (.dmg)</div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://www.bitpim.org/">http://www.bitpim.org/</a></div>

BitPim (Manage and Forensics Data of CDMA Phones) :: Tools

BitPim is a program that allows you to view and manipulate data on many CDMA phones from LG, Samsung, Sanyo and other manuf...

Read more »

Scalpel (Data Carving / Forensics) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Scalpel File Carving" border="0" height="401" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3VpA7fvHWtvtTu1En4hyKfrQQ-P789lCCdh2-IYD099ppsXp5Vhruf9DLfp_3pcxvEU9irpL6sjH0wpQQua8wSJVqplQItpzc4tlOPDG__ydIAUTBDybUKBMBHnVX60mxAi3pbZ0zZSJD/s1600/Scalpel+Forensics.jpg" title="Scalpel File Carving" width="640" /></div> <br /> <b>Scalpel</b> is a <b>file carving and indexing application</b> that runs on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> and <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>.  The first version of <b>Scalpel</b>, released in 2005, was based on <a href="http://www.toolwar.com/2013/11/foremost-tools.html" target="_blank">Foremost</a> 0.69. There have been a number of internal releases since the last public release, 1.60, primarily to support our own research.  The newest public release v2.0, has a number of additional features, including:<br /> <ul> <li>Minimum carve sizes.</li> <li>Multithreading for quicker execution on multicore CPUs.</li> <li>Asynchronous I/O that allows disk operations to overlap with pattern matching--this results in a substantial performance improvement.</li> <li>Regular expression support for headers/footers.</li> <li>Embedded header/footer matching for better processing of structured file types that may contain embedded files.</li> <li>For advanced users, support for massively-threaded execution on Graphics Processing Units (GPUs).  This feature is available only on Linux and requires installation of the NVIDIA CUDA SDK, modification of scalpel.h to enable the GPU threading mode, and compilation with the CUDA toolchain.  Our implementation also requires an NVIDIA GPU with compute capability >= 1.2, so older CUDA-capable cards probably won't work.  The NVIDIA GTX 260 is relatively inexpensive and powerful and has the appropriate compute capability.  The GPU-enhanced version of Scalpel is able to do preview carving at rates that exceed the disk bandwidth of most file servers, so for big jobs, it may be worth the extra effort required to use this feature.  Note that regular expression-based headers and footers are NOT currently supported when GPU acceleration is in use!  We might address this in a future release.</li> </ul> <br /> <b>Scalpel</b> performs <a href="http://www.toolwar.com/search/label/Carving" target="_blank">file carving</a> operations based on patterns that describe particular file or data fragment "types".  These patterns may be based on either fixed binary strings or regular expressions. A number of default patterns are included in the configuration file included in the distribution, <b>"scalpel.conf"</b>.  The comments in the configuration file explain the format of the file carving patterns supported by <b>Scalpel</b>.<br /> <br /> Important note: The default configuration file, "scalpel.conf", has all supported file patterns commented out--you must edit this file before running Scalpel to activate some patterns.  Resist the urge to simply uncomment all file carving patterns; this wastes time and will generate a huge number of false positives.  Instead, uncomment only the patterns for the file types you need.<br /> <br /> <b>Scalpel </b>options are described in the <b>Scalpel</b> man page, "scalpel.1". You may also execute Scalpel w/o any <a href="http://www.toolwar.com/search/label/CLI" target="_blank">command line</a> arguments to see a list of options.<br /> <br /> NOTE: Compilation is necessary on Unix platforms and on <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X</a>.  For Windows platforms, a precompiled scalpel.exe is provided.  If you do wish to recompile <b>Scalpel</b> on Windows, you'll need a mingw (gcc) setup. Scalpel will not compile using Visual Studio C compilers.  Note that our compilation environment for <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> is currently 32-bit; we haven't tested on the 64-bit version of mingw, but will address this int the future.<br /> <br /> <b>Other Supportive Platforms :: </b></div> <div style="text-align: justify;"> <br /> We are not currently supporting <b>Scalpel</b> on <a href="http://www.toolwar.com/search/label/Unix" target="_blank">Unix</a> variants other than Linux. Go ahead and try a ./configure and make and see what happens, but be sure to do thorough testing before using <b>Scalpel</b> in production work.  If you are interested in supporting a version of <b>Scalpel </b>on an alternate platforms, please contact us.  If you are interested in supporting a GPU-enhanced version of Scalpel on Windows, we are also interesting in hearing from you.<br /> <br /> <b>Limitations ::</b> <br /> <br /> Carving Windows physical and logical device files (e.g., \\.\physicaldrive0 or \\.\c:) isn't currently supported because it requires us to rewrite some portions of <b>Scalpel </b>to use Windows file I/O functions rather than standard Unix calls.  This may be supported in a future release.<br /> <br /> Block map features are currently disabled, as we are rewriting this subsystem to enhance interoperability with the <a href="http://www.toolwar.com/2014/01/the-sleuth-kit-tsk-forensics-framework.html" target="_blank">Sleuthkit</a>.  An improved version of the block map features will return in a subsequent release. The -s command line option ("skip") has been removed and will be replaced with a more robust facility in the next major release.<br /> <br /> <br /> <b>Dependencies ::</b><br /> <br /> Scalpel uses the POSIX threads library.  On Win32, Scalpel is distributed with the Pthreads-win32 - POSIX Threads Library for Win32, which is Copyright(C) 1998 John E. Bossom and Copyright(C) 1999,2005 by Pthreads-win32 contributors.  This library is licensed under the LGPL.<br /> <br /> Scalpel for Win32 uses the tre regular expression library and is distributed with tre-0.7.5, which is licensed under the LGPL.</div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <h3> Tutorials :: </h3> <b>COMPILE INSTRUCTIONS ON SUPPORTED PLATFORMS :: </b><br /> <b>Linux/Mac OS X ::</b> <br /> <div style="text-align: justify;"> <span style="font-family: "Courier New",Courier,monospace;">./configure and then make</span><br /> <br /> <b>Windows :: </b> </div> cd to src directory and then:<br /> <span style="font-family: "Courier New",Courier,monospace;">mingw32-make -f Makefile.win</span><br /> <br /> and enjoy.  If you want to install the binary and man page in a more permanent place, just copy "scalpel" (or "scalpel.exe") and "scalpel.1" to appropriate locations, e.g., on Linux, "/usr/local/bin" and "/usr/local/man/man1", respectively.  On Windows, you'll also need to copy the pthreads and tre regular expression library dlls into the same directory as "scalpel.exe".<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/5Z9JsBazOdw?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> </div> <div style="text-align: justify;"> <b>Linux | Windows | Mac :: </b><a href="https://github.com/sleuthkit/scalpel/archive/master.zip" target="_blank">Scalpel</a> (.zip)<b> </b></div> <div style="text-align: justify;"> <b>Official Website :: </b> <a href="https://github.com/sleuthkit/scalpel">https://github.com/sleuthkit/scalpel</a></div>

Scalpel (Data Carving / Forensics) :: Tools

Scalpel is a file carving and indexing application that runs on Linux and Windows .  The first version of Scalpel , released in 2005,...

Read more »

Bulk Extractor (Computer Forensics) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Bulk Extractor" border="0" height="267" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSwFRjzP4nYzs-ILiilqCBkm5oZiif74oCtqJU8AR5h2mTI_uHT4qyVykTzAKntroljTwfaPMVl2vcJLfpgcd6GaTRTidtiwi8dgXrG0Sp6F0pMD2_DCiaA94q7R02Bz4t8-nz_dhg07WE/s1600/computer-forensic-analysis.jpg" title="Bulk Extractor" width="400" /></div> <div style="text-align: justify;"> <b>Bulk Extractor</b> is a <b>computer forensics tool</b> that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. The results can be easily inspected, parsed, or processed with automated tools. <b>Bulk Extractor</b> also created a histograms of features that it finds, as features that are more common tend to be more important. The program can be used for law enforcement, defense, intelligence, and <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">cyber-investigation</a> applications. </div> <div style="text-align: justify;"> bulk_extractor is distinguished from other forensic tools by its speed and thoroughness. Because it ignores file system structure, <b>Bulk Extractor</b> can process different parts of the disk in parallel. In practice, the program splits the disk up into 16MiByte pages and processes one page on each available core. This means that 24-core machines process a disk roughly 24 times faster than a 1-core machine. <b>Bulk Extractor</b> is also thorough. That’s because <b>Bulk Extractor</b> automatically detects, decompresses, and recursively re-processes compressed data that is compressed with a variety of algorithms. Our <a href="http://www.toolwar.com/search/label/Testing" target="_blank">testing</a> has shown that there is a significant amount of compressed data in the unallocated regions of file systems that is missed by most <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensic tools</a> that are commonly in use today. </div> <div style="text-align: justify;"> Another advantage of ignoring file systems is that <b>Bulk Extractor</b> can be used to process any digital media. We have used the program to process hard drives, SSDs, optical media, camera cards, <a href="http://www.toolwar.com/search/label/Phone" target="_blank">cell phones</a>, network packet dumps, and other kinds of digital information. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <span style="font-family: inherit;"><span style="font-size: small;"><b>Compiling for MacOS or Linux</b> :: </span></span></div> <div style="text-align: justify;"> <span style="font-family: inherit;"><span style="font-size: small;">From the downloaded source directory run bootstrap.sh, configure and make: </span></span> </div> <ul style="text-align: justify;"> <li><span style="font-family: "Courier New",Courier,monospace;">$ cd bulk_extractor </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ sh bootstrap.sh </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ sh configure </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ make </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ sudo make install </span></li> </ul> <div style="text-align: justify;"> <b>Compiling for Windows :: </b></div> <div style="text-align: justify;"> There are three ways to compile for Windows: </div> <div style="text-align: justify;"> 1. Cross-compiling from a Linux or Mac system with mingw. </div> <div style="text-align: justify;"> 2. Compiling natively on Windows using mingw. </div> <div style="text-align: justify;"> 3. Compiling natively on Windows using cygwin (untested)</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Cross-compiling for Windows using Debian Testing (wheezy) or Ubuntu 12.04 LTS (with mingw) :: </b></div> <div style="text-align: justify;"> You will need to install mingw-w64 and zlib-dev: </div> <ul style="text-align: justify;"> <li><span style="font-family: "Courier New",Courier,monospace;">$ sudo apt-get update </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ sudo apt-get upgrade </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ sudo apt-get -y install mingw-w64 </span></li> </ul> <div style="text-align: justify;"> Next, download zlib from zlib.net </div> <ul style="text-align: justify;"> <li><span style="font-family: "Courier New",Courier,monospace;">$ ./configure --host=i686-w64-mingw32 </span></li> </ul> <div style="text-align: justify;"> This allows the cross-compiling of the 64-bit and the 32-bit bulk_extractor.exe, although we do not recommend running the 32-bit version. </div> <div style="text-align: justify;"> Now you are ready to compile: </div> <ul style="text-align: justify;"> <li><span style="font-family: "Courier New",Courier,monospace;">$ git clone --recursive https://github.com/simsong/bulk_extractor.git </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ cd bulk_extractor </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ sh bootstrap.sh </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ mingw64-configure</span></li> </ul> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Installing on a Linux/MacOS/Mingw system :: </b></div> <ul style="text-align: justify;"> <li><span style="font-family: "Courier New",Courier,monospace;">$ ./configure </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ make </span></li> <li><span style="font-family: "Courier New",Courier,monospace;">$ sudo make install  </span></li> </ul> <div style="text-align: justify;"> <b>Usages :: </b> </div> <div style="text-align: justify;"> To get started and send an extract of image.raw to OUTPUT, use this command: </div> <ul style="text-align: justify;"> <li><span style="font-family: "Courier New",Courier,monospace;">$ /usr/local/bin/bulk_extractor -o OUTPUT image.raw </span> </li> </ul> <div style="text-align: justify;"> <b>For more & Troubleshooting :: </b><a href="https://github.com/simsong/bulk_extractor" target="_blank">Click Here</a><br /> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/wTBHM9DeLq4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux | Mac | Windows :: </b><a href="https://github.com/simsong/bulk_extractor/archive/master.zip" target="_blank">Bulk Extractor</a> (tarball)<b> | </b><a href="http://digitalcorpora.org/downloads/bulk_extractor/bulk_extractor-1.4.1-windowsinstaller.exe" target="_blank">Bulk Extractor</a> (.exe)<b> | </b><a href="http://digitalcorpora.org/downloads/bulk_extractor/bulk_extractor-1.4.4.tar.gz" target="_blank">Bulk Extractor</a> (.tar.gz)<b> </b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="https://github.com/simsong/bulk_extractor">https://github.com/simsong/bulk_extractor</a></div>

Bulk Extractor (Computer Forensics) :: Tools

Bulk Extractor is a computer forensics tool that scans a disk image, a file, or a directory of files and extracts useful information ...

Read more »

AndiParos (Web Application Security Assessments) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjH1vpXX0DjZZItydH0KB9zNnfXlCbRkY7UWHW5FiqbE4Hx-kZMJEJs4iZIKQXj74FOKOYKrBbA0ws0u1Dw5qCx02GfzGD3M8_BRJhHOetEmnneVAQP2WANvMYpwj_5WJdX8W1M8Ndcsq2S/s1600/Andiparos_Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="AndiParos Screenshot" border="0" height="307" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjH1vpXX0DjZZItydH0KB9zNnfXlCbRkY7UWHW5FiqbE4Hx-kZMJEJs4iZIKQXj74FOKOYKrBbA0ws0u1Dw5qCx02GfzGD3M8_BRJhHOetEmnneVAQP2WANvMYpwj_5WJdX8W1M8Ndcsq2S/s1600/Andiparos_Screenshot.png" title="AndiParos Screenshot" width="400" /></a></div> <div style="text-align: justify;"> <b>Andiparos</b> is a fork of the famous <a href="http://www.toolwar.com/2013/09/paros-proxy-tools.html" rel="" target="_blank">Paros Proxy</a>. It is an open source <b>web application security assessment tool</b> that gives <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration</a> testers the ability to spider websites, analyze content, intercept and modify requests, etc. </div> <div style="text-align: justify;"> The advantage of <b>Andiparos</b> is mainly the support of Client Certificates on Smartcards. Moreover it has several small interface enhancements, making the life easier for penetration testers... </div> <div style="text-align: justify;"> Features: </div> <ul style="text-align: justify;"> <li>Smartcard support </li> <li>BeanShell support </li> <li>History Filter (URLs) </li> <li>Passive Scanner </li> <li>Advanced search functionality </li> <li>MultiTags for request/response </li> <li>Mark Request/Response </li> <li>Better<a href="http://www.toolwar.com/search/label/Mac" target="_blank"> Mac OS X</a> integration </li> <li>other nice enhancements... </li> </ul> <h3> Tutorials ::</h3> <b>Wiki ::</b> <a href="https://code.google.com/p/andiparos/w/list" target="_blank">Click Here</a>  <br /> <h3> Download ::</h3> <b>Linux | Windows | Mac :: </b><a href="https://code.google.com/p/andiparos/downloads/detail?name=Andiparos-1.0.6.zip" target="_blank">Andiparos v1.0.6</a> (.zip) | <a href="https://code.google.com/p/andiparos/downloads/detail?name=Andiparos-1.0.6-Installer.exe" target="_blank">Andiparos v1.0.6</a> (.exe) | <a href="https://code.google.com/p/andiparos/downloads/detail?name=Andiparos-v1.0.6.dmg" target="_blank">Andiparos v1.0.6</a> (.dmg) <br /> <b>Source Website :: </b><a href="https://code.google.com/p/andiparos/">https://code.google.com/p/andiparos/</a>

AndiParos (Web Application Security Assessments) :: Tools

Andiparos is a fork of the famous Paros Proxy . It is an open source web application security assessment tool that gives penetration ...

Read more »

KisMAC (Sniffer/Scanner for Mac OS X) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="KisMAC Logo" border="0" height="277" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT0hq_xqF0S3TgubdqI2kXMyQJdIa4Xw5tz6EqhN_X9lUnO1W1Dy4wjcwJ9tMbIWnyC8-GYuHFmw13erY5ILu7_KOBlGEksaYGYIK-_qu-pDLXXY2SdMuEAG8TXkP4qSN0eOa4tJo6OGPl/s1600/kisMAC+logo.png" title="KisMAC Logo" width="320" /></div> <div style="text-align: justify;"> <b>KisMAC</b> is a popular <b>wireless stumbler for Mac OS X</b> offers many of the features of its namesake <a class="local" href="http://www.toolwar.com/2013/09/kismet-tools.html" target="_blank">Kismet</a>, though the codebase is entirely different. Unlike console-based Kismet, <b>KisMAC</b> offers a pretty <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI</a> and was around before Kismet was ported to OS X. It also offers mapping, Pcap-format import and logging, and even some decryption and deauthentication attacks.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>KisMAC</b> is an open-source and free <a href="http://www.toolwar.com/search/label/Sniffer" target="_blank">sniffer</a>/<a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner</a> application for <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X</a>. It has an advantage over MacStumbler / iStumbler / <a href="http://www.toolwar.com/2013/09/netstumbler-tools.html" target="_blank">NetStumbler</a> in that it uses monitor mode and passive scanning. </div> <div style="text-align: justify;"> KisMAC supports many third party <a href="http://www.toolwar.com/search/label/USB" target="_blank">USB</a> devices: Intersil Prism2, Ralink rt2570, rt73, and Realtek rtl8187 chipsets. All of the internal AirPort hardware is supported for scanning. </div> <div style="text-align: justify;"> The rest of this wiki assumes you are prepared for advanced topics and know what you are doing with your system. </div> <h3 id="Features" style="text-align: justify;"> Features ::</h3> <ul style="text-align: justify;"> <li>Reveals hidden / cloaked / closed SSIDs </li> <li>Shows logged in clients (with MAC Addresses, IP addresses and signal strengths) </li> <li>Mapping and GPS support </li> <li>Can draw area maps of network coverage </li> <li>PCAP import and export </li> <li>Support for 802.11b/g </li> <li>Different attacks against encrypted networks </li> <li>Deauthentication attacks </li> <li>AppleScript-able </li> <li>Kismet drone support (capture from a Kismet drone) </li> </ul> <h3 id="Supportedhardwarechipsets" style="text-align: justify;"> Supported Hardware Chipsets :: </h3> <ul style="text-align: justify;"> <li>Apple AirPort and AirPort Extreme (dependent upon Apple's drivers) </li> <li>Intersil Prism 2, 2.5, 3 USB devices </li> <li>Ralink rt2570 and rt73 USB devices </li> <li>Realtek RTL8187L USB (such as the Alfa AWUS036H, which does not work on Mac OS 10.6.7 or later) </li> </ul> <h3 id="Cryptosupport" style="text-align: justify;"> Crypto Support :: </h3> <ul style="text-align: justify;"> <li>Bruteforce attacks against LEAP, WPA and WEP </li> <li>Weak scheduling attack against WEP </li> <li>Newsham 21-bit attack against WEP </li> </ul> <h3 style="text-align: justify;"> Tutorials :: </h3> <div style="text-align: justify;"> <b>Wiki ::</b> <a href="http://trac.kismac-ng.org/" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <b>Forum ::</b> <a href="http://forum.kismac-ng.org/" target="_blank">Click Here </a></div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/lBGN5OGCPgI?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Mac :: </b><a href="http://update.kismacmirror.com/binaries/KisMAC-0.3.3.dmg" target="_blank">KisMAC v0.3.3</a> (.dmg)<b> </b></div> <div style="text-align: justify;"> <b>Official Website ::  </b><a href="http://kismac-ng.org/">http://kismac-ng.org/</a></div>

KisMAC (Sniffer/Scanner for Mac OS X) :: Tools

KisMAC is a popular wireless stumbler for Mac OS X offers many of the features of its namesake Kismet , though the codebase is entirel...

Read more »

SIPVicious (Auditing SIP Based VoIP System) :: Tools

<div style="text-align: justify;"><div class="separator" style="clear: both; text-align: center;"><img alt="SIP VoIP " border="0" height="324" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgs5pKQQ6VdyR7URrQT6nS1VVL0igxhRv5L4g9jfkKRkBLjfBegI6eKZANJ63AqMiWYIf8m2YEb8azNj4j9bwx-gCWo_jYM66n1k2GggJOHg0mLwLS0hJ7h7UWskxn3gWk6PAqEtxcvgABJ/s1600/SIP+VoIP.png" title="SIP VoIP " width="640" /></div><b>SVMAP</b> is a part of a suite of tools called <b>SIPVicious</b> and it’s my favorite <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner</a> of choice It can be used to scan identify and fingerprint a single IP or a range of IP addresses. <b>Svmap</b> allows specifying the request method which is being used for scanning, the default method is OPTIONS, it offers debug and verbosity options and even allows scanning the SRV records for SIP on the destination domain. You can use the <b>./svmap –h</b> in order to view all the available arguments </div><div style="text-align: justify;"><b>SIPVicious suite</b> is a set of <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> that can be used to audit SIP based <a href="http://www.toolwar.com/search/label/VOIP" target="_blank">VoIP systems</a>. It currently consists of four tools: </div><ul style="text-align: justify;"><li>svmap - this is a sip scanner. Lists SIP devices found on an IP range </li> <li>svwar - identifies active extensions on a PBX </li> <li>svcrack - an online password cracker for SIP PBX </li> <li>svreport - manages sessions and exports reports to various formats </li> <li>svcrash - attempts to stop unauthorized svwar and svcrack scans </li> </ul><div style="text-align: justify;">It was tested on the following systems: </div><ul style="text-align: justify;"><li><a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux </a></li> <li><a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X </a></li> <li><a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows </a></li> <li><a href="http://www.toolwar.com/search/label/FreeBSD" target="_blank">FreeBSD 6.2 </a></li> <li>Jailbroken iPhone with python installed </li> </ul><div style="text-align: justify;">If you use it on systems that are not mentioned here please let me know goes it goes. </div><h3 style="text-align: justify;">Tutorials ::</h3><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Zp_gzjV8l4c?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div><div style="text-align: justify;"></div><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/3a7xJeNQfOk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div><h3 style="text-align: justify;"> </h3><h3 style="text-align: justify;">Download ::</h3><div style="text-align: justify;"><b>Linux | Windows | Mac | FreeBSD :: </b><a href="http://sipvicious.googlecode.com/files/sipvicious-0.2.8.zip" target="_blank">SIPVicious v0.2.8</a> (.zip) | <a href="http://sipvicious.googlecode.com/files/sipvicious-0.2.8.tar.gz" target="_blank">SIPVicious v0.2.8</a> (.tar.gz)<b> </b></div><div style="text-align: justify;"><b>Official Website :: </b> <a href="http://code.google.com/p/sipvicious/">http://code.google.com/p/sipvicious/</a></div>

SIPVicious (Auditing SIP Based VoIP System) :: Tools

SVMAP is a part of a suite of tools called SIPVicious and it’s my favorite scanner of choice It can be used to scan identify and fingerp...

Read more »

Nipper Studio (Network Security Audit for Firewall, Switches and Router) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjog3YqJ3FIoxb_rLEWgJPXiIWYhWS7Ihd2IOrLYGhAqOaRm7ioEB6gatr6PgzNw7OJf7ol2pC-Z9-TVfpQewGb_ryDyAt_h2uNqzrlhRtW194rN4xFfH7jYM3ivYb0TPmgsj7rIChoKIYR/s1600/Nipper+Home+Report+2.2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="nipper tutorial" border="0" height="333" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjog3YqJ3FIoxb_rLEWgJPXiIWYhWS7Ihd2IOrLYGhAqOaRm7ioEB6gatr6PgzNw7OJf7ol2pC-Z9-TVfpQewGb_ryDyAt_h2uNqzrlhRtW194rN4xFfH7jYM3ivYb0TPmgsj7rIChoKIYR/s1600/Nipper+Home+Report+2.2.jpg" title="nipper tutorial" width="400" /></a></div> <div style="text-align: justify;"> <b>Nipper (short for Network Infrastructure Parser, previously known as CiscoParse)</b> audits the security of network devices such as switches, routers, and firewalls. It works by parsing and analyzing device configuration file which the <b>Nipper</b> user must supply. This was an open source tool until its developer (Titania) released a commercial version and tried to hide their old GPL releases. During a <b>network audit Nipper Studio</b> processes the devices’ native configurations and enables you to create a variety of different audit reports. By using traditional methodology for your <a href="http://www.toolwar.com/search/label/Network" target="_blank">network audit</a>, such as manual <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">Penetration Testing</a>, Agent-based software and <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">Network Scanners</a>, you could experience various drawbacks, which does not affect Nipper Studio <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> audit software:<br /> <ul> <li>Network scanners send huge numbers of network probes to a device and can impact performance. Only exposed vulnerabilities are identified, potentially missing many issues.</li> <li>Agent-based audit software requires software to be installed on the devices during the network audit. This is not possible for all devices and can introduce additional security vulnerabilities.</li> <li>Manual Penetration Tests examine individual <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> devices in detail. However this is slow, expensive and results in point in time audits of only a sample of devices.</li> <li>Flatten the <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability assessment</a> process and reduce human error by automatically producing an instant, device specific configuration report, readable by non-technical experts.  </li> <li>Achieve significant cost savings by automating a detailed configuration vulnerability analysis, typically provided by costly external Penetration Testing. </li> <li>Improve the productivity and scope of the network audit by quickly performing a thorough vulnerability assessment of multiple complex network devices, providing a detailed security audit report, unachievable with vulnerability scanning technologies. </li> <li>Stay secure as our security audit software requires no additional services on the device or agents to be installed and can audit the network devices without connecting or scanning them</li> </ul> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/wUtAmowwVD8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3>  </h3> <h3> Download ::</h3> <b>Windows | Linux | Mac :: </b> <b> </b><br /> <b>Buy :: </b><a href="https://www.titania.com/shop" target="_blank">Click Here</a><b> </b> <b> </b><br /> <b>Evaluate Copy :: </b><a href="https://www.titania.com/evaluate" target="_blank">Click Here</a><b>  </b> <b> </b><br /> <b>Official Website :: </b><a href="https://www.titania.com/nipperstudio" target="_blank">https://www.titania.com/nipperstudio </a></div>

Nipper Studio (Network Security Audit for Firewall, Switches and Router) :: Tools

Nipper (short for Network Infrastructure Parser, previously known as CiscoParse) audits the security of network devices such as switche...

Read more »

Argus (Auditing Network Activity) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Argus Logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhB9EePKFj7bOOAmUlulpXxUps3bKmylywSIIPNjOKR95TlmXfzBpotmDPvTpombemgv5gs8g-qGAFLcjAB8y7S0iSCjatcaY9LTAFt-OoP0EOMiONWPCNZ_119wIkga4ZTRn1ILz9jhpfa/s1600/ArgusOptimizationCycle.gif" title="Argus Logo" /></div> <div style="text-align: justify;"> <b>Argus</b> is a fixed-model Real Time Flow <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">Monitor</a> designed to track and report on the status and performance of all network transactions seen in a data <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information.</div> <div style="text-align: justify;"> <br /></div> <div class="plaintext" style="text-align: justify;"> <b>Argus </b>is composed of an advanced comprehensive network flow data generator, the<b> Argus</b> sensor, which processes packets (either capture files or live <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packet</a> data) and generates detailed network flow status reports of all the flows in the packet stream. Argus captures much of the packet dynamics and semantics of each flow, with a great deal of data reduction, so you can store, process, inspect and <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analyze</a> large amounts of network data efficiently. <b>Argus</b> provides reachability, availability, connectivity, duration, rate, load, good-put, loss, jitter, retransmission, and delay metrics for all network flows, and captures most attributes that are available from the packet contents, such as L2 addresses, tunnel identifiers (MPLS, GRE, ESP, etc...), <a href="http://www.toolwar.com/search/label/IDS" target="_blank">protocol ids</a>, SAP's, hop-count, options, L4 transport identification (RTP, RTCP detection), host flow control indications, etc...</div> <div class="plaintext" style="text-align: justify;"> <br /></div> <div class="plaintext" style="text-align: justify;"> Argus is used by many sites to generate network activity reports for every network transaction on their networks. The network audit data that <b>Argus</b> generates is great for <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a>, operations and performance management. The data is used for network forensics, non-repudiation, network asset and service inventory, behavioral baselining of server and client relationships, detecting covert channels, and analyzing Zero day events.</div> <div class="plaintext" style="text-align: justify;"> <br /></div> <div class="plaintext" style="text-align: justify;"> Argus is an Open Source project, currently running on <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X,</a> <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, IRIX, <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (under Cygwin) and OpenWrt, and has been ported to many hardware accelerated platforms, such as Bivio, Pluribus, Arista, and Tilera. The software should be portable to many other environments with littleor no modifications. Performance is such that auditing an entire enterprise's Internet activity can be accomplished using modest computing resources.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>How To :: </b><a href="http://www.qosient.com/argus/howto.shtml" target="_blank">Click Here</a><b><br /></b></div> <b>Wiki :: </b><a href="http://nsmwiki.org/index.php?title=Argus" target="_blank">Click Here</a><br /> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows | Mac | Linux ::  </b><a href="http://qosient.com/argus/src/argus-3.0.6.1.tar.gz" target="_blank">Argus v3.0.6.1</a><b> | </b><a href="http://qosient.com/argus/src/argus-clients-3.0.6.2.tar.gz" target="_blank">Argus v3.0.6.1 Client</a><b> </b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.qosient.com/argus/">http://www.qosient.com/argus/</a><b><br /></b></div> <div style="text-align: justify;"> <br /></div>

Argus (Auditing Network Activity) :: Tools

Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions s...

Read more »

Immunity Canvas (Vulnerability Exploitation) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqwXRB2JW_wTRBZeFsPrNZqP7KK7Xyn3JC7nG4SvaFbLePxH0hRCMjN9Qmahzts9eQvlEvfqI-ZtbOgvXHS6d2EBgXNSHvEgPXs_l3QYQyy_cg2IrSmwwJThp4ddWSXS5oV4GoJEOJbLUo/s1600/img-canvas.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Immunity Canvas" border="0" height="171" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqwXRB2JW_wTRBZeFsPrNZqP7KK7Xyn3JC7nG4SvaFbLePxH0hRCMjN9Qmahzts9eQvlEvfqI-ZtbOgvXHS6d2EBgXNSHvEgPXs_l3QYQyy_cg2IrSmwwJThp4ddWSXS5oV4GoJEOJbLUo/s1600/img-canvas.gif" title="Immunity Canvas" width="400" /></a></div> <b>Immunity Canvas</b> is a commercial <b>vulnerability exploitation tool </b>from Dave Aitel's ImmunitySec. It includes more than 370 exploits and is less expensive than Core Impact or the commercial versions of <a href="http://www.toolwar.com/2013/09/metasploit-framework.html" target="_blank">Metasploit</a>. It comes with full source code, and occasionally even includes zero-day exploits.<b> </b><br /> <b>Immunity's CANVAS</b> makes available hundreds of exploits, an automated <a href="http://www.toolwar.com/search/label/Exploitation" target="_blank">exploitation</a> system, and a comprehensive, reliable exploit development framework to <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration</a> testers and <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> professionals worldwide. To see CANVAS in action please see our movies. For users new to CANVAS or experienced users looking to get just a little more out of CANVAS we have <a href="http://www.toolwar.com/search/label/PDF" target="_blank">PDF</a> based tutorials available for download.</div> <div style="text-align: justify;">   </div> <div style="text-align: justify;"> <b>Supported Platforms and Installations</b><br /> - <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (requires Python & PyGTK)<br /> - <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a><br /> - <a href="http://www.toolwar.com/search/label/Mac" target="_blank">MacOSX</a> (requires PyGTK)<br /> - All other <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> environments such as mobile phones and commercial Unixes (command line version only supported, GUI may also be available)</div> <div style="text-align: justify;"> <b>Architecture</b><br /> - CANVAS' completely open design allows a team to adapt CANVAS to their environment and needs. </div> <div style="text-align: justify;"> <b>Documentation</b><br /> - all documentation is delivered in the form of demonstration movies<br /> - exploit modules have additional information windows</div> <div style="text-align: justify;"> <b> Exploits</b><br /> - currently over 490 exploits, an average of 4 exploits added every monthly release<br /> - Immunity carefully selects vulnerabilities for inclusion as CANVAS exploits. Top priorities are high-value vulnerabilities such as remote, pre-authentication, and new vulnerabilities in mainstream software.<br /> - Exploits span all common platforms and applications</div> <div style="text-align: justify;"> <b> Payload Options</b><br /> - to provide maximum reliability, exploits always attempt to reuse socket<br /> - if socket reuse is not suitable, connect-back is used<br /> - subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions (file management, screenshots, etc)<br /> - bouncing and split-bouncing automatically available via MOSDEF<br /> - adjustable covertness level</div> <div style="text-align: justify;"> <b> Exploit Delivery</b><br /> - regular monthly updates made available via <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a><br /> - exploit modules and CANVAS engine are updated simultaneously<br /> - customers reminded of monthly updates via email</div> <div style="text-align: justify;"> <b> Exploit Creation Time</b><br /> - exploits included in next release as soon as they are stable</div> <div style="text-align: justify;"> <b> Effectiveness of Exploits</b><br /> - all exploits fully QA'd prior to release<br /> - exploits demonstrated via flash movies<br /> - exploit development team available via direct email for support</div> <div style="text-align: justify;"> <b> Ability to make Custom Exploits</b><br /> - unique MOSDEF development environment allows rapid exploit development</div> <div style="text-align: justify;"> <b> Product Support and Maintenance</b><br /> - subscriptions include email and phone support M-F 9am - 5pm EST, directly with development team<br /> - minimum monthly updates</div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <h3> Tutorials ::</h3> <ol> <li><a href="http://www.immunitysec.com/documentation/tutorials/Windows_Install.pdf">Detailed Windows Installation Instructions</a></li> <li><a href="http://www.immunitysec.com/documentation/tutorials/canvas101-part1.pdf">CANVAS 101 (Part 1)</a></li> <li><a href="http://www.immunitysec.com/documentation/tutorials/canvas101-part2.pdf">CANVAS 101 (Part 2)</a></li> <li><a href="http://www.immunitysec.com/documentation/tutorials/HCN-Part1.pdf">HCN Rootkit (Part 1)</a></li> <li><a href="http://www.immunitysec.com/documentation/tutorials/ties-that-binder-dot-py.pdf">The Ties That Binder.py</a></li> </ol> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/FAz-Bek4RfU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <ol></ol> </div> <div style="text-align: justify;"> <h3> Download ::</h3> </div> <div style="text-align: justify;"> <b>Linux | Mac | Windows :: Contact Here ::</b> sales@immunityinc.com <b> </b><br /> <b>Official Website ::</b> <a href="https://www.immunitysec.com/products-canvas.shtml">https://www.immunitysec.com/products-canvas.shtml</a></div>

Immunity Canvas (Vulnerability Exploitation) :: Tools

Immunity Canvas is a commercial vulnerability exploitation tool from Dave Aitel's ImmunitySec. It includes more than 370 exploits an...

Read more »

QualysGuard (Cloud Security) :: Framework

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghdzpjPZX2FLqOdTxqOBOsBcHPK-BGXs4z6FvMDEBWtOdSSQDhFqcOvSs8HLf2_C0gGeR9JzfehTMjygryKrJFU1Andf_8LVNhhNiAMihWAnzULkz0Qj63VCASwzVjkCQVNBGQnopmccia/s1600/qualys-logo.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Qualys logo" border="0" height="306" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghdzpjPZX2FLqOdTxqOBOsBcHPK-BGXs4z6FvMDEBWtOdSSQDhFqcOvSs8HLf2_C0gGeR9JzfehTMjygryKrJFU1Andf_8LVNhhNiAMihWAnzULkz0Qj63VCASwzVjkCQVNBGQnopmccia/s1600/qualys-logo.jpeg" title="Qualys logo" width="320" /></a></div> <div style="text-align: justify;"> <b>QualysGuard</b> is a popular <b>SaaS (software as a service) vulnerability management</b> offering. It's web-based UI offers <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> discovery and mapping, asset prioritization, <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> assessment reporting and remediation tracking according to business risk. Internal scans are handled by Qualys appliances which communicate back to the <a href="http://www.toolwar.com/search/label/Cloud" target="_blank">cloud-based</a> system.</div> <h3 style="text-align: justify;"> Tutorials ::</h3> <h3 style="text-align: justify;"> </h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/XfeyNLb7ZDc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/5Cbq5wudtZE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Trial Linux | Mac | Windows :: </b><a href="http://www.qualys.com/forms/trials/qualysguard/" target="_blank">QualysGuard</a><b> </b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.qualys.com/" target="_blank">http://www.qualys.com/ </a></div>

QualysGuard (Cloud Security) :: Framework

QualysGuard is a popular SaaS (software as a service) vulnerability management offering. It's web-based UI offers network discov...

Read more »