AIEngine (Artificial Intelligent Engine) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="AIEngine (Artificial Intelligent Engine)" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjygwBGjzyQv3FxAMBFEPi4jiHrZl-rqa1pCdx-9Ypc4ofp70ziOSWVZj2iWVv2sA9Dx5YI-3q4in1P1E4PBAX0AQABh8-VVaoynf29hQswZ8nNPEuJ9z-vrteUA8KGJFyshyVafOArLC7F/s1600/Artificial+Intelligent+Engine.jpg" title="AIEngine (Artificial Intelligent Engine)" /></div> <div style="text-align: justify;"> <b>AIEngine</b> is a next generation interactive/programmable packet inspection engine with capabilities of learning without any human intervention, NIDS functionality, DNS domain classification, network collector and many others.  <b><br /></b><br /> <b>AIEngine (Artificial Intelligent Engine)</b> is a <i><a href="http://www.toolwar.com/search/label/Packet" target="_blank">packet</a> inspection engine</i> with capabilities of learning without any human intervention. <b>AIEngine</b> helps <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>/security profesionals to <b>identify traffic</b> and develop signatures for use them on<b> </b><i>NIDS, <a href="http://www.toolwar.com/search/label/Firewalls" target="_blank">Firewalls</a>, Traffic classifiers</i> and so on.</div> <div style="text-align: justify;"> <b>AIEngine</b> is written in c++11 and Python, so by using the flexibility of <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>, AIEngine could be integrated easely with other functionalities and modules in a easy way.<br /> <h3> Features ::  </h3> </div> <ul> <li>- Counters for IP fragmentation packets.</li> <li>- Support for TLS1.2 on the SSLProtocol</li> <li>- Exposed the FrequencyGroup and the LearnerEngine on python.</li> <li>- Integrate with NetfilterPython or other packet systems.</li> <li>- Support for python 3.x versions (check INSTALL).</li> <li>- Sorts the outputs of the HTTP, SSL and DNS most used domains (aiengine binary).</li> <li>- Support for HTTP1.1 (URI Cache), all the flows will have all the paths taken by the user.</li> <li>- Shell support. The system have a interactive shell so the user can interact on realtime with the system.</li> </ul> <h3> Tutorial ::</h3> <b>Configuration :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Configurations" target="_blank">Click Here</a><b> </b><br /> <b>Uses & Examples :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Home" target="_blank">Click Here</a><br /> <b>Wiki :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Home" target="_blank">Click Here</a><br /> <h3> Download :: </h3> <b>Linux :: </b><a href="https://bitbucket.org/camp0/aiengine/downloads/aiengine-1.5.tar.gz" rel="nofollow" target="_blank">AIEngine v1.5</a><b> (.tar.gz)</b><br /> <b>Source ::</b> <a href="https://bitbucket.org/camp0/aiengine/overview">https://bitbucket.org/camp0/aiengine/overview</a><br /> <b>Submitted By :: </b>Luis

AIEngine (Artificial Intelligent Engine) :: Tools

AIEngine is a next generation interactive/programmable packet inspection engine with capabilities of learning without any human interven...

Read more »

Argus (Auditing Network Activity) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Argus Logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhB9EePKFj7bOOAmUlulpXxUps3bKmylywSIIPNjOKR95TlmXfzBpotmDPvTpombemgv5gs8g-qGAFLcjAB8y7S0iSCjatcaY9LTAFt-OoP0EOMiONWPCNZ_119wIkga4ZTRn1ILz9jhpfa/s1600/ArgusOptimizationCycle.gif" title="Argus Logo" /></div> <div style="text-align: justify;"> <b>Argus</b> is a fixed-model Real Time Flow <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">Monitor</a> designed to track and report on the status and performance of all network transactions seen in a data <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information.</div> <div style="text-align: justify;"> <br /></div> <div class="plaintext" style="text-align: justify;"> <b>Argus </b>is composed of an advanced comprehensive network flow data generator, the<b> Argus</b> sensor, which processes packets (either capture files or live <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packet</a> data) and generates detailed network flow status reports of all the flows in the packet stream. Argus captures much of the packet dynamics and semantics of each flow, with a great deal of data reduction, so you can store, process, inspect and <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analyze</a> large amounts of network data efficiently. <b>Argus</b> provides reachability, availability, connectivity, duration, rate, load, good-put, loss, jitter, retransmission, and delay metrics for all network flows, and captures most attributes that are available from the packet contents, such as L2 addresses, tunnel identifiers (MPLS, GRE, ESP, etc...), <a href="http://www.toolwar.com/search/label/IDS" target="_blank">protocol ids</a>, SAP's, hop-count, options, L4 transport identification (RTP, RTCP detection), host flow control indications, etc...</div> <div class="plaintext" style="text-align: justify;"> <br /></div> <div class="plaintext" style="text-align: justify;"> Argus is used by many sites to generate network activity reports for every network transaction on their networks. The network audit data that <b>Argus</b> generates is great for <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a>, operations and performance management. The data is used for network forensics, non-repudiation, network asset and service inventory, behavioral baselining of server and client relationships, detecting covert channels, and analyzing Zero day events.</div> <div class="plaintext" style="text-align: justify;"> <br /></div> <div class="plaintext" style="text-align: justify;"> Argus is an Open Source project, currently running on <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X,</a> <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, IRIX, <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (under Cygwin) and OpenWrt, and has been ported to many hardware accelerated platforms, such as Bivio, Pluribus, Arista, and Tilera. The software should be portable to many other environments with littleor no modifications. Performance is such that auditing an entire enterprise's Internet activity can be accomplished using modest computing resources.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>How To :: </b><a href="http://www.qosient.com/argus/howto.shtml" target="_blank">Click Here</a><b><br /></b></div> <b>Wiki :: </b><a href="http://nsmwiki.org/index.php?title=Argus" target="_blank">Click Here</a><br /> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows | Mac | Linux ::  </b><a href="http://qosient.com/argus/src/argus-3.0.6.1.tar.gz" target="_blank">Argus v3.0.6.1</a><b> | </b><a href="http://qosient.com/argus/src/argus-clients-3.0.6.2.tar.gz" target="_blank">Argus v3.0.6.1 Client</a><b> </b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.qosient.com/argus/">http://www.qosient.com/argus/</a><b><br /></b></div> <div style="text-align: justify;"> <br /></div>

Argus (Auditing Network Activity) :: Tools

Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions s...

Read more »

Simple Packet Sender- SRS (Packet Crafting) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7BUKKw498tOZ31MifYW6bPLuJau7rdayfP5pA059VWTSs2bX9U8wBoL0uzzMGPCSIx2uJ2Zd0U3siY6mMaSIHGNiuByoH6wcWmPvKxDi_QhXGorMs_JAvn14nckZgM-3C0XybRLTQpiVN/s1600/tcp-ipv4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Simple Packet sender screenshot" border="0" height="285" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7BUKKw498tOZ31MifYW6bPLuJau7rdayfP5pA059VWTSs2bX9U8wBoL0uzzMGPCSIx2uJ2Zd0U3siY6mMaSIHGNiuByoH6wcWmPvKxDi_QhXGorMs_JAvn14nckZgM-3C0XybRLTQpiVN/s1600/tcp-ipv4.png" title="Simple Packet sender screenshot" width="320" /></a></div> <div style="text-align: justify;"> <b>Simple Packet Sender (SPS)</b> is a linux <b>packet crafting tool</b>. Supports IPv4, IPv6 including extension headers, and tunneling IPv6 over IPv4. Written in C on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> with <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI</a> built using GTK+ and released under GPLv3. Does not require pcap.</div> <h3 style="text-align: justify;"> <b>Features:</b></h3> <div style="text-align: justify;"> <a href="http://www.toolwar.com/search/label/Packet" target="_blank">Packet</a><a href="http://www.toolwar.com/search/label/Packet" target="_blank"> crafting</a> and sending one, multiple, or flooding IPv4 and IPv6 packets of type TCP, ICMP, or UDP (or cycle through all three). All values within ethernet frame can be modified arbitrarily. Supports IPv4 header options, TCP header options, and TCP, ICMP and UDP data as well, input from either: keyboard as UTF-8/ASCII, keyboard as hexadecimal, or from file. IPv6 support includes: hop-by-hop, "first" and "last" destination, routing, authentication, and encapsulating security payload (ESP) extension headers. For those without access to a native IPv6 <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>, IPv6 packets can be transmitted over IPv4 (6to4).</div> <div style="text-align: justify;"> Packet fragmentation for IPv4, IPv6, and 6to4. Assumed maximum transmission unit (MTU) can be changed if unusual fragment sizes are needed. IP addresses and port numbers can be randomized. A configurable traceroute function, which supports TCP, ICMP, and UDP packets with all the features mentioned above. View packets in hexadecimal/ASCII representation, in both unfragmented and fragmented forms. All packet settings can be saved to and loaded from file. IP and ASN delegation functions, including: country name/code search and reverse-search, autonomous system (AS) number search by country and reverse-search,  IPv4 and IPv6 address delegation search and reverse-search.</div> <div style="text-align: justify;"> ARP (IPv4) and Neighbor Discovery (IPv6) for querying a LAN for MAC addresses of local nodes.</div> <div style="text-align: justify;"> Retrieve MAC address and current MTU setting of any attached network interface. Domain name resolution and <a href="http://www.toolwar.com/search/label/Reverse" target="_blank">reverse</a> resolution.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorial ::</h3> <div style="text-align: justify;"> <b>Wiki ::</b> <a href="http://sourceforge.net/p/simplepacket/wiki/Home/" target="_blank">Click Here</a></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="https://sites.google.com/site/simplepacketsender/sps-4.2.tar.gz?attredirects=0" target="_blank">Simple Packet Sender</a> (.tar.gz)<b><br /></b></div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="https://sites.google.com/site/simplepacketsender/">https://sites.google.com/site/simplepacketsender/</a></div>

Simple Packet Sender- SRS (Packet Crafting) :: Tools

Simple Packet Sender (SPS) is a linux packet crafting tool . Supports IPv4, IPv6 including extension headers, and tunneling IPv6 over I...

Read more »

TCPXtract (Network Traffic Extracting) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="tcpxtract" border="0" height="266" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAqmL04htFo4cwsqJf60ruYKJbVcXmUbnsVr1NDB1wzSsk8wfB8iamSOsfzWyNH0v1iebn8mHNvwO-8axc4WJdJLZmoXI_3x0tQUpTiPg4Prr5CYbJTMM3xExj4w9FAXAXPlvmmPMw3Wm6/s1600/tcpxtract.jpg" title="tcpxtract" width="400" /></div> <b>tcpxtract</b> is a tool for <b>extracting files from network traffic</b> based on file signatures. Extracting files based on file type headers and footers (sometimes called <i>"carving"</i>) is an age old data <a href="http://www.toolwar.com/search/label/Recovery" target="_blank">recovery</a> technique. Tools like <a href="http://www.toolwar.com/2013/11/foremost-tools.html" target="_blank">Foremost</a> employ this technique to recover files from arbitrary data streams. <b>Tcpxtract</b> uses this technique specifically for the application of intercepting files transmitted across a <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>. Other <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> that fill a similar need are driftnet and EtherPEG. driftnet and <b>EtherPEG</b> are tools for <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">monitoring</a> and extracting graphic files on a network and is commonly used by network administrators to police the internet activity of their users. The major limitations of driftnet and EtherPEG is that they only support three filetypes with no easy way of adding more. The search technique they use is also not scalable and does not search across <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packet</a> boundries. <b>tcpxtract</b> features the following:<br /> <ul> <li>Supports 26 popular file formats out-of-the-box. New formats can be added by simply editing its config file.</li> <li>With a quick conversion, you can use your old Foremost config file with tcpxtract.</li> <li>Custom written search algorithm is lightning fast and very scalable.</li> <li>Search algorithm searches across packet boundries for total coverage and forensic quality.</li> <li>Uses libpcap, a popular, portable and stable library for network data capture.</li> <li>Can be used against a live network or a tcpdump formatted capture file. </li> </ul> <br /> <h3> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/uLQokDjcivU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <h3> Download :: </h3> <b>Linux :: </b><a href="http://prdownloads.sourceforge.net/tcpxtract/tcpxtract-1.0.1.tar.gz?download" target="_blank">tcpxtract v1.01</a> (.tar.gz)<b> </b><br /> <b>Official Website ::</b> <a href="http://tcpxtract.sourceforge.net/">http://tcpxtract.sourceforge.net/</a></div>

TCPXtract (Network Traffic Extracting) :: Tools

tcpxtract is a tool for extracting files from network traffic based on file signatures. Extracting files based on file type headers and...

Read more »

Commview (Network Monitor and Analyzer) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj325VnPYeEK6ly4CYJXLQZBCnGpXso07Hh__zhit87MylbBCCkFqkhrv2USEX8QJ3ErjhZ8vvoiSFuI52w7VRvAyehbHNdHZTsxguVjHscq6YZUH9TH2Eyrq9_zwLaIzKzsGWI8hbWxTRt/s1600/Commview+for+wifi+screenshot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Commview network analyzer screenshot" border="0" height="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj325VnPYeEK6ly4CYJXLQZBCnGpXso07Hh__zhit87MylbBCCkFqkhrv2USEX8QJ3ErjhZ8vvoiSFuI52w7VRvAyehbHNdHZTsxguVjHscq6YZUH9TH2Eyrq9_zwLaIzKzsGWI8hbWxTRt/s400/Commview+for+wifi+screenshot.jpg" title="Commview network analyzer screenshot" width="400" /></a></div> <div style="text-align: justify;"> <b>CommView</b> is a powerful <b><a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> monitor</b> and <b>analyzer</b> designed for LAN administrators, security professionals, network programmers, home users…virtually anyone who wants a full picture of the traffic flowing through a PC or LAN segment. Loaded with many user-friendly features, <b>CommView </b>combines performance and flexibility with an ease of use unmatched in the industry. </div> <div style="text-align: justify;"> This application captures every packet on the wire to display important information such as a <b>list of <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packets</a> and network connections</b>, vital <b>statistics</b>, protocol distribution <b>charts</b>, and so on. You can examine, save, filter, import and export captured packets, view <a href="http://www.toolwar.com/search/label/Protocol" target="_blank">protocol</a> decodes down to the lowest layer with <b>full <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a></b> of over 70 widespread protocols. With this information, <b>CommView</b> can help you <b>pinpoint network problems</b> and troubleshoot software and hardware. </div> <div style="text-align: justify;"> CommView includes a <b>VoIP</b> analyzer for in-depth analysis, recording, and playback of SIP and H.323 voice communications. </div> <div style="text-align: justify;"> <a href="http://www.tamos.com/upload/iblock/b1486ecd9d485e6e0c1aaa85376617e8.png" id="screenshots" rel="lightbox[shots]" title=""></a>CommView runs on Windows XP / Vista/ 7 / 8 or <a href="http://www.toolwar.com/search/label/WIndows" target="_blank">Windows</a> Server 2003 / 2008 / 2012 (both 32- and 64-bit versions). It requires a 10/100/1000 Mbps Ethernet, Wireless Ethernet, or Token Ring network card, or a standard dial-up adapter. For <b>remote monitoring tasks</b>, you can use our special, optional add-on for CommView: CommView Remote Agent. It allows CommView users to capture network traffic on any computer where Remote Agent is running, regardless of the computer's physical location. This powerful and unique technology broadens your monitoring range: you are no longer limited by your LAN segment or personal computer. </div> <h3 style="text-align: justify;"> How can a network analyzer help me? ::</h3> <div style="text-align: justify;"> If you are a seasoned professional, you definitely know the answer. Managing a LAN, creating network-oriented software, or performing a security audit have one thing in common: You're blind without a good network monitor. Every day, it helps you <b>maintain efficient network data transmission</b>, <b>test firewalls</b> and <a href="http://www.toolwar.com/search/label/IDS" target="_blank"><b>intrusion detection systems</b></a>, or <b>identify problems</b> with network-based applications. And there is an important economic reason behind using a network analyzer: it costs a fraction of the price of information, time, software, and hardware that may potentially be lost or wasted by <i>not</i> using a network analyzer. A number of <b>case studies</b> describe real-world applications of CommView in business, government, and education sectors. </div> <div style="text-align: justify;"> If you are new to networking, you'll find CommView extremely useful for understanding how the Internet and your LAN work. Being a network analyzer (also commonly referred to as a <i>packet analyzer, network monitor, or packet sniffer</i>), it captures and decodes network traffic and makes sense of it, allowing you to <b>see what, where, and how information leaves and enters your computer</b> -- which is critically important for a secure Internet experience. The Online Tutorial is an excellent resource for learning about the many exciting features CommView offers. </div> <div style="text-align: justify;"> Be sure to read our white paper, Promiscuous <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">Monitoring</a> in Ethernet and <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">Wi-Fi</a> Networks, that examines the problems related to the deployment and usage of software-based network monitoring solutions in wired and wireless LANs. It demonstrates the methods of achieving network traffic visibility in various network configurations that include hubs, switches, routers, etc. </div> <div style="text-align: justify;"> No matter what user category you belong to, you can be certain that CommView is the right choice for your network monitoring solution. </div> <h3 style="text-align: justify;"> What you can do with CommView ::</h3> <ul class="bullet" style="text-align: justify;"> <li>View detailed IP connections statistics: IP addresses, ports, sessions, etc. </li> <li>Reconstruct TCP sessions. </li> <li>Map packets to the application that is sending or receiving them. </li> <li>View protocols distribution, bandwidth utilization, and network nodes charts and tables. </li> <li>Generate traffic reports in real time. </li> <li>Browse captured and decoded packets in real time. </li> <li>Search for strings or hex data in captured packet contents. </li> <li>Import and export packets in Sniffer®, EtherPeek™, AiroPeek™, Observer®, NetMon, and Tcpdump formats, export packets in hex and text formats. </li> <li>Configure alarms that can notify you about important events, such as suspicious packets, high bandwidth utilization, unknown addresses, etc. </li> <li>Create your own plug-ins for decoding any protocol. </li> <li>Exchange data with your application over TCP/IP. </li> <li>Export any IP address to SmartWhois for quick, easy IP lookup. </li> <li>Capture loopback traffic. </li> </ul> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/hdE-s_SQl50?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> <b>Windows ::</b>  <a href="http://www.tamos.com/bitrix/redirect.php?event1=download&event2=commview&event3=cv6&goto=/files/cv6.zip" target="_blank">Commview v6.5 (Trial Version)</a><b><br /></b><br /> <b>Official Website :: </b><a href="http://www.tamos.com/products/commview/">http://www.tamos.com/products/commview/</a>

Commview (Network Monitor and Analyzer) :: Tools

CommView is a powerful network monitor and analyzer designed for LAN administrators, security professionals, network programmers, h...

Read more »

WiFinger (Wireless LAN Detection Spoofing Detection) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVDj7Y0NDoDy9HMBWONTX8N5TJRzUxRigF40NKMtb4g3YHnm7mFFbvSgmvtBBe0RA6HYGodlx5K4_auWXunr9miihTF44zDK4JEAuO4hp0yGplgNBxyMJvjlbZYIKoCfAjIHxGUxmFgyYx/s1600/wifinger.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="WiFinger" border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVDj7Y0NDoDy9HMBWONTX8N5TJRzUxRigF40NKMtb4g3YHnm7mFFbvSgmvtBBe0RA6HYGodlx5K4_auWXunr9miihTF44zDK4JEAuO4hp0yGplgNBxyMJvjlbZYIKoCfAjIHxGUxmFgyYx/s320/wifinger.jpg" title="WiFinger" width="320" /></a></div> <div style="text-align: justify;"> <b>WiFinger </b>was planed to become the first available <i>wireless</i> <i>LAN<a href="http://www.toolwar.com/search/label/Spoofer" target="_blank"> spoofing</a> detection tool</i>. <b>WiFinger</b> is a passively identifies wireless access points based on matching the Information Elements in their <b>beacon packets </b>against a fingerprint database. It is written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> and uses Scapy, and has been tested in <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>. </div> <div style="text-align: justify;"> Currently we only have a handful of signatures, so if you want to contribute to this tool, here’s what you can do:</div> <ol style="text-align: justify;"> <li>Get your access point and enable WPA and WPS (if supported).</li> <li>Capture the beacon frames that your access point is broadcasting and save them to a pcap file.</li> <li>Send us the pcap file along with as much information about the access point as you can (make, model, <a href="http://firmware/" target="_blank">firmware</a> version, hardware revision, ESSID and BSSID).</li> </ol> <h3> </h3> <h3> Download ::</h3> <b>Linux :: </b><a href="http://www.sourcesec.com/Lab/wifinger.tar.gz" target="_blank">WiFinger.tar.gz</a> <br /> <b>Official Website :: </b><a href="http://wifinger.sourceforge.net/">http://wifinger.sourceforge.net/</a>

WiFinger (Wireless LAN Detection Spoofing Detection) :: Tools

WiFinger was planed to become the first available wireless LAN spoofing detection tool . WiFinger is a passively identifies wireless ac...

Read more »

Xplico (Internet Traffic Capture) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhADe8Vu4zpdECwwvaAUMUBIlNyGzgvoW1gtLMdHKUZdSDUYlA3t6WdcEN1U1D5ec7BhAtfCN00j4FkO__Ft1LEMzYbd6sUlKDkbK_M05ShgYfYXn2To-j6g4BHCtrNsI1X5D6zJB4dzCE5/s1600/xplico+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="xplico screenshot" border="0" height="217" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhADe8Vu4zpdECwwvaAUMUBIlNyGzgvoW1gtLMdHKUZdSDUYlA3t6WdcEN1U1D5ec7BhAtfCN00j4FkO__Ft1LEMzYbd6sUlKDkbK_M05ShgYfYXn2To-j6g4BHCtrNsI1X5D6zJB4dzCE5/s400/xplico+screenshot.png" title="xplico screenshot" width="400" /></a></div> <b>Xplico</b> is <i>extract from an internet traffic capture</i> the applications data contained.  For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).<br /> Xplico is released under the <b>GNU General Public License</b> and with some scripts under <b>Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported</b> (CC BY-NC-SA 3.0) License. For more details see License.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Features</h3> <ul style="text-align: justify;"> <li>Protocols supported: HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv6. </li> <li>Port Independent Protocol Identification (PIPI) for each application protocol;</li> <li>Multithreading;</li> <li>Output data and information in SQLite database or Mysql database and/or files;</li> <li>At each data reassembled by Xplico is associated a XML file that uniquely identifies the flows and the pcap containing the data reassembled;</li> <li>Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer -RAM, CPU, HD access time. </li> <li>TCP reassembly with ACK verification for any packet or soft ACK verification;</li> <li>Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server;</li> <li>No size limit on data entry or the number of files entrance (the only limit is HD size);</li> <li>IPv4 and IPv6 support;</li> <li>Modularity. Each Xplico component is modular. The input interface, the protocol decoder (Dissector) and the output interface (dispatcher) are all modules;</li> <li> The ability to easily create any kind of dispatcher with which to organize the data extracted in the most appropriate and useful to you.</li> </ul> <h3> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/uzn8yDEbKC0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Ek8uSUwEjC8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> <b>Ubuntu ::</b> <a href="http://sourceforge.net/projects/xplico/files/Xplico%20versions" target="_blank">Download here</a><br /> OR <br /> <code>sudo bash -c 'echo "deb http://repo.xplico.org/ $(lsb_release -s -c) main" >> /etc/apt/sources.list'<br /> sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 791C25CE<br /> sudo apt-get update<br /> sudo apt-get install xplico</code> <br /> <br /> <b>Deafult Users ::</b><br /> user: admin, xplico<br /> password: xplico, xplico<br /> <h3> </h3>

Xplico (Internet Traffic Capture) :: Tools

Xplico is extract from an internet traffic capture the applications data contained.  For example, from a pcap file Xplico extracts each...

Read more »

IKE Scan (Fingerprinting IPsec VPN Systems) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcR9RJFPXN5Woh63bjnW3K4BL8h78YqmsHhjWw9_sn02RfyPePlHARZxNahjALBnhYKNjFeKswsJ3T1wySPXaFBVwqG2gLt_wYMPhB-PuL_5toZ39tExguNXw4UEOw9NciozR-f1XQkl3l/s1600/ike+scan+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Ike-scan-screenshot" border="0" height="170" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcR9RJFPXN5Woh63bjnW3K4BL8h78YqmsHhjWw9_sn02RfyPePlHARZxNahjALBnhYKNjFeKswsJ3T1wySPXaFBVwqG2gLt_wYMPhB-PuL_5toZ39tExguNXw4UEOw9NciozR-f1XQkl3l/s400/ike+scan+screenshot.png" title="Ike-scan-screenshot" width="400" /></a></div> <div style="text-align: justify;"> <b><i>IKE Scan</i></b> is a command-line tool for <i>discovering, fingerprinting and testing IPsec VPN systems</i>. It constructs and sends IKE Phase-1 packets to the specified hosts, and displays any responses that are received. </div> <div style="text-align: justify;"> <b><i>ike-scan</i> </b>allows you to: </div> <ul> <li style="text-align: justify;"> Send IKE packets to any number of destination hosts, using a configurable output bandwidth or packet rate. <dl><dd>This is useful for VPN detection, when you may need to scan large address spaces. </dd></dl> </li> <li style="text-align: justify;"> Construct the outgoing IKE packet in a flexible way. <dl><dd>This includes IKE packets which do not comply with the RFC requirements. </dd></dl> </li> <li style="text-align: justify;"> Decode and display any returned packets. </li> <li><div style="text-align: justify;"> Crack aggressive mode pre-shared keys. You can use ike-scan to obtain the PSK hash data, and then use <i>psk-crack</i> to obtain the key. </div> </li> </ul> <div style="text-align: justify;"> </div> <h3 style="text-align: justify;"> <b>Download :: </b></h3> <ul style="text-align: justify;"> <li>for Linux : <span class="wf_file_text"><a class="wf_file" href="http://www.nta-monitor.com/files/ike-scan/ike-scan-1.9.tar.gz"><span class="wf_file_text">ike-scan-1.9.tar.gz</span></a></span></li> <li><span class="wf_file_text"><span class="wf_file_text">Github: <a href="https://github.com/royhills/ike-scan" title="https://github.com/royhills/ike-scan">https://github.com/royhills/ike-scan</a></span></span></li> </ul> <div style="text-align: justify;"> This will compile on Unix and Linux systems as well as Windows systems with Cygwin. You will need a C compiler, the "make" utility and the appropriate system header files to compile ike-scan. It uses autoconf and automake, so compilation and installation is the normal ./configure; make; make install process.</div> <ul style="text-align: justify;"> <li>Windows : <a class="wf_file" href="http://www.nta-monitor.com/files/ike-scan/ike-scan-win32-1.9.zip"><span class="wf_file_text">ike-scan-win32-1.9.zip</span></a></li> </ul> <div style="text-align: justify;"> This is a zip file containing a Win-32 binary version of ike-scan together with the Cygwin DLL which provides posix support. It runs on Win-9x, NT, 2000 and XP. The executable was produced by compiling the ike-scan source on a Windows system running Cygwin.</div> <h3 style="text-align: justify;"> Tutorial ::  </h3> <div style="text-align: justify;"> <b><span style="font-size: small;">IKE-Scan User Guide</span>  ::</b> <a href="http://www.nta-monitor.com/wiki/index.php/Ike-scan_User_Guide" target="_blank">Click Here</a></div>

IKE Scan (Fingerprinting IPsec VPN Systems) :: Tools

IKE Scan is a command-line tool for discovering, fingerprinting and testing IPsec VPN systems . It constructs and sends IKE Phase-1 p...

Read more »

Netfilter (Firewalling, NAT and Packet Managing ) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="netfilter logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2nlPN3zHdxmcDO9QcN_iEWWnInhbDEk5ZFkMBw5IJpPvVU4B56F7ITPqWlXhdUI1FCcZ5bpmb-pVh-_BTAt0vlJbd0L2873b8GCCQrPFRK1vwADrxiRF45ox6HdKeR9tjh162_VALzc5m/s1600/netfilter-logo2.png" title="netfilter logo" /></div> <div style="text-align: justify;"> <b>Netfilter</b> is a <i>powerful packet filter implemented</i> in the standard Linux kernel. The userspace iptables tool is used for configuration. It now supports packet filtering (stateless or stateful), all kinds of network address and port translation (NAT/NAPT), and multiple API layers for 3rd party extensions. It includes many different modules for handling unruly protocols such as FTP.</div> <div style="text-align: justify;"> <b>netfilter</b> is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack. iptables is a generic table structure for the definition of rulesets. Each rule within an IP table consists of a number of classifiers (iptables matches) and one connected action (iptables target). </div> <h2 class="title" style="clear: both; text-align: justify;"> Main Features</h2> <div class="itemizedlist" style="text-align: justify;"> <ul class="itemizedlist" type="bullet"> <li class="listitem" style="list-style-type: disc;">stateless packet filtering (IPv4 and IPv6)</li> <li class="listitem" style="list-style-type: disc;">stateful packet filtering (IPv4 and IPv6)</li> <li class="listitem" style="list-style-type: disc;">all kinds of network address and port translation, e.g. NAT/NAPT (IPv4 and IPv6)</li> <li class="listitem" style="list-style-type: disc;">flexible and extensible infrastructure</li> <li class="listitem" style="list-style-type: disc;">multiple layers of API's for 3rd party extensions</li> </ul> </div> <div style="text-align: justify;"> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/kcOzdpi8cwg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> </div> <div style="text-align: justify;"> <br /> <b>Download Here :: </b>git clone git://git.netfilter.org/iptables.git<br /> <br /> <b>Official Website :: </b>http://www.netfilter.org/</div> </div>

Netfilter (Firewalling, NAT and Packet Managing ) :: Tools

Netfilter is a powerful packet filter implemented in the standard Linux kernel. The userspace iptables tool is used for configuration...

Read more »

Wireshark (Network Sniffer) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIXKZEaCap5FyeQq_elpCaFbSo5rm_6vAVL2LNDu72zCd8Qnwzu_G3xiHrnY315MDPZNhKjcTSOcUNnDkwE3kYkNPF1eFE9j2vrJThbYPSWrAXY8tsTyEfh4alG421fuXtQ7SsscKgK7BH/s1600/wireshark+logo.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="wireshark-logo" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIXKZEaCap5FyeQq_elpCaFbSo5rm_6vAVL2LNDu72zCd8Qnwzu_G3xiHrnY315MDPZNhKjcTSOcUNnDkwE3kYkNPF1eFE9j2vrJThbYPSWrAXY8tsTyEfh4alG421fuXtQ7SsscKgK7BH/s200/wireshark+logo.jpg" title="wireshark-logo" width="200" /></a></div> <div style="text-align: justify;"> <b>Wireshark</b> is most usable <i>network sniffer software</i> that contains a lot small subprograms. <b>Wireshark</b> (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source multi-platform network protocol analyzer. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. <b>Wireshark</b> has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A <a class="local" href="http://sectools.org/tool/tcpdump/">tcpdump</a>-like console version named tshark is included. One word of caution is that Wireshark has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences).</div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/6X5TwvGXHP0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: left;"> <br /> <b>Download Here</b><b> ::</b> <a href="http://wiresharkdownloads.riverbed.com/wireshark/win32/Wireshark-win32-1.10.1.exe" target="_blank">Wireshark 1.10.1 (Windows x32)</a> & <a href="http://www.wireshark.org/download.html" target="_blank">Others </a></div> <div style="text-align: left;"> <b>Official Website  ::</b> http://www.wireshark.org/</div> </div>

Wireshark (Network Sniffer) :: Tools

Wireshark is most usable network sniffer software that contains a lot small subprograms. Wireshark (known as Ethereal until a tradema...

Read more »

Unicornscan :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Unicornscan Logo" border="0" height="186" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-Se65R6_fXbhsEvZ4OGb94u-Hutt37Pcs2drLQu7Mk9bGq9J2Z4v_z2fEgACR2By3wGwaimGRLdxDXBz6znTBTgn3m44TEEgIITTVw-YrbRClrzUCcIrvn4Rz-jcjutLIAfRSU1lnnYyq/s320/unicornscan+logo.png" title="Unicornscan Logo" width="320" /></div> <div style="text-align: justify;"> <b>Unicornscan </b>is a new<i> information gathering and correlation engine</i> built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL license. </div> <h4 style="text-align: justify;"> Benefits:</h4> <div style="text-align: justify;"> <b>Unicornscan</b> is an attempt at a User-land Distributed TCP/IP stack. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Although it currently has hundreds of individual features, a main set of abilities include: </div> <ul style="text-align: justify;"> <li> Asynchronous stateless TCP scanning with all variations of TCP Flags. </li> <li> Asynchronous stateless TCP banner grabbing </li> <li> Asynchronous protocol specific UDP Scanning (sending enough of a signature to elicit a response). </li> <li> Active and Passive remote OS, application, and component identification by analyzing responses. </li> <li> PCAP file logging and filtering </li> <li> Relational database output </li> <li> Custom module support </li> <li> Customized data-set views </li> </ul> <br /> <b>Video Tutorial ::</b> <a href="https://www.youtube.com/watch?v=u_nvGriEb9M" target="_blank">Click Here</a> <br /> <b>Download Here :: </b><a href="http://sourceforge.net/projects/osace/files/unicornscan/unicornscan%20-%200.4.7%20source/unicornscan-0.4.7-2.tar.bz2/download">Unicornscan - 0.4.7-2</a><br /> <b>Official Website :: </b>http://www.unicornscan.org/ </div>

Unicornscan :: Tools

Unicornscan is a new information gathering and correlation engine built for and by members of the security research and testing commu...

Read more »

Firewalk (Network Security) : Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbgRWmUehqIWyGZoJXMGkeGJ6Adyg2kd1Nkij3CmxD2O-XBpIGbA8YfKq4tt7WQ08fNWxzGIr6MolNMNAIoH6YLFrOfxN646eLpW537-wWTMrl2wh-bI2JMptxMvOTPK9b6s0iEnu1kenq/s1600/firewalk.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="92" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbgRWmUehqIWyGZoJXMGkeGJ6Adyg2kd1Nkij3CmxD2O-XBpIGbA8YfKq4tt7WQ08fNWxzGIr6MolNMNAIoH6YLFrOfxN646eLpW537-wWTMrl2wh-bI2JMptxMvOTPK9b6s0iEnu1kenq/s320/firewalk.gif" width="320" /></a></div> <div style="text-align: justify;"> <b>Firewalk</b> is an <b>active reconnaissance network security tool</b> that attempts to determine what layer 4 protocols a  given IP forwarding device will pass. Firewalk  works  by sending out TCP or UDP packets with a TTL one greater than the targeted gateway.  If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED  message.  If the gateway hostdoes not allow the traffic, it will likely drop the packets on  the floor and we will see no response.</div> <div style="text-align: justify;"> To get  the  correct  IP  TTL that will result in expired packets one beyond the gateway we need  to  ramp  up  hop-counts.   We  do  this  in the same manner that traceroute works.  Once we have the gateway hopcount (at  that point the scan is said to be `bound`) we can begin our scan.</div> <div style="text-align: justify;"> It is significant to note the fact that the ultimate destination host does not have to be reached.  It just  needs to be somewhere downstream, on the other side of the gateway, from the scanning host.</div> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/VWNnAcrpZ_4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <b>Download Here :: </b><a href="http://packetfactory.openwall.net/firewalk/dist/firewalk.tar.gz" target="_blank">Firewalk 5.0 (for Linux)</a> <b> </b><br /> <b>Official Website :: </b>http://packetfactory.openwall.net/projects/firewalk/</div>

Firewalk (Network Security) : Tools

Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a  given IP forwarding de...

Read more »

Hyenae (Network Packet Generator) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBMOLR2ZTa5RSR8Ux4czLsXWaN9-LIIMiXjO7bHfNrMnqzxEK_pH_fwpipilVGQ9N-wcK531BpSUSESlvGQb9JJZTY7zskNPggwFuJQGEQCdlqHYq6-Potb1RxU6O1kCfmV5GsbTWu1dek/s1600/hyenae+screenshot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Hyenae logo" border="0" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBMOLR2ZTa5RSR8Ux4czLsXWaN9-LIIMiXjO7bHfNrMnqzxEK_pH_fwpipilVGQ9N-wcK531BpSUSESlvGQb9JJZTY7zskNPggwFuJQGEQCdlqHYq6-Potb1RxU6O1kCfmV5GsbTWu1dek/s400/hyenae+screenshot.jpg" title="Hyenae logo" width="400" /></a></div> <div style="text-align: justify;"> <b>Hyenae</b> is a highly flexible platform independent <b>network packet generator</b>. It allows you to reproduce several MITM, DoS and DDoS attack scenarios, comes with a clusterable remote daemon and an interactive attack assistant.</div> <div style="text-align: justify;"> <br /></div> <br /> <br /> <header> <div style="text-align: left;"> <span style="font-size: large;">Features :-</span></div> </header> <br /> <ul class="features"> <li class="feature">ARP-Request flooding</li> <li class="feature">ARP-Cache poisoning</li> <li class="feature">PPPoE session initiation flooding</li> <li class="feature">Blind PPPoE session termination</li> <li class="feature">ICMP-Echo flooding</li> <li class="feature">ICMP-Smurf attack</li> <li class="feature">ICMP based TCP-Connection reset</li> <li class="feature">TCP-SYN flooding</li> <li class="feature">TCP-Land attack</li> <li class="feature">Blind TCP-Connection reset</li> <li class="feature">UDP flooding</li> <li class="feature">DNS-Query flooding</li> <li class="feature">DHCP-Discover flooding</li> <li class="feature">DHCP starvation attack</li> <li class="feature">DHCP-Release forcing</li> <li class="feature">Cisco HSRP active router hijacking</li> <li class="feature">Pattern based packet address configuration</li> <li class="feature">Intelligent address and address protocol detection</li> <li class="feature">Smart wildcard-based randomization</li> <li class="feature">Daemon for setting up remote attack networks</li> <li class="feature">HyenaeFE QT-Frontend support</li> </ul> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/uQsNb88coa4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: center;"> <b><br /></b></div> <div style="text-align: left;"> <b>Download Here :: </b><a href="http://sourceforge.net/projects/hyenae/files/latest/download" target="_blank">Hyenae 0.36 (for Windows)</a><b><br /></b></div> <div style="text-align: left;"> <b>Source ::</b> http://sourceforge.net/projects/hyenae/</div> <ul class="features"> </ul> <div style="text-align: justify;"> </div> </div>

Hyenae (Network Packet Generator) :: Tools

Hyenae is a highly flexible platform independent network packet generator . It allows you to reproduce several MITM, DoS and DDoS atta...

Read more »

Fake AP :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="desc" style="text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjD01ZyILKGZU3_vKqybniILm8PnGW4hHNxpKqIvTm8x-_SDhQDADGT3GGh8Yr3SHo_mG-K5MnE3aYO0q-89gosZWfpljnifcowQ6Igrwp6ZMGtpezr2A4Mi4D6FGDimBX63hBdc191DpEl/s1600/fakeap+logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="fakeap logo" border="0" height="232" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjD01ZyILKGZU3_vKqybniILm8PnGW4hHNxpKqIvTm8x-_SDhQDADGT3GGh8Yr3SHo_mG-K5MnE3aYO0q-89gosZWfpljnifcowQ6Igrwp6ZMGtpezr2A4Mi4D6FGDimBX63hBdc191DpEl/s400/fakeap+logo.png" title="fakeap logo" width="400" /></a><b> </b></div> <div class="desc" style="text-align: justify;"> <b>Black Alchemy's Fake AP</b> <i>generates thousands of counterfeit 802.11b access points</i>. Hide in plain sight amongst Fake AP's cacophony of beacon frames. As part of a honeypot or as an instrument of your site security plan, Fake AP confuses Wardrivers, NetStumblers, Script Kiddies, and other undesirables. Fake AP is a proof of concept released under the GPL. If one access point is good, 53,000 must be better. </div> <div class="desc" style="text-align: justify;"> <br /></div> <div class="desc" style="text-align: justify;"> <b>Tutorial ::</b> <a href="http://wirelessdefence.org/Contents/FakeAPMain.htm" target="_blank">Click Here</a></div> <div class="desc" style="text-align: justify;"> <b>Download Here :: </b><a href="http://www.blackalchemy.to/project/fakeap/download.php?name=fakeap-0.3.2.tar.gz" target="_blank">FakeAP 0.3.2.tar.gz</a><b><br /></b></div> <div class="desc" style="text-align: justify;"> <b>Official Website ::</b> http://www.blackalchemy.to/project/fakeap/</div> </div>

Fake AP :: Tools

  Black Alchemy's Fake AP generates thousands of counterfeit 802.11b access points . Hide in plain sight amongst Fake AP's cac...

Read more »

Nemesis (Network Packet Cracking and Injection) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div style="text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-s3afX0EXdm4TbrREj68-f68bnfV1HdgiSTHDg1ooUrgnhItFtDAl-A2gHMcASeRVpVET3owvlrgqbzur2TzDl08oRCUQ7uKwj5LQraaXmWkVd0t8bdYIAdZw9bM2WflkunL30xPMJov1/s1600/nemesis+packet+logo.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="nemesis packet logo" border="0" height="248" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-s3afX0EXdm4TbrREj68-f68bnfV1HdgiSTHDg1ooUrgnhItFtDAl-A2gHMcASeRVpVET3owvlrgqbzur2TzDl08oRCUQ7uKwj5LQraaXmWkVd0t8bdYIAdZw9bM2WflkunL30xPMJov1/s320/nemesis+packet+logo.JPG" title="nemesis packet logo" width="320" /></a> </div> <div style="text-align: justify;"> <b>Nemesis</b> is a <i>command-line network packet crafting and injection</i> utility for UNIX-like and Windows systems. <b> Nemesis</b>, is well suited for testing Network Intrusion Detection Systems, firewalls, IP stacks and a variety of other tasks. As a command-line driven utility, Nemesis is perfect for automation and scripting. <br /> <b>Nemesis</b> can natively craft and inject ARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP packets. Using the IP and the Ethernet injection modes, almost any custom packet can be crafted and injected.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Tutorial ::</b> http://nemesis.sourceforge.net/docs.html </div> <div style="text-align: justify;"> <b>Download Here ::</b> <a href="http://prdownloads.sourceforge.net/nemesis/nemesis-1.4.tar.gz?download" target="_blank">Nemesis v1.4</a><b> </b>(for Linux)</div> <div style="text-align: justify;"> <b>                             </b>  <a href="http://prdownloads.sourceforge.net/nemesis/nemesis-1.4.zip?download" target="_blank">Nemesis v1.4</a> (for Windows) <b><br /></b></div> <div style="text-align: justify;"> <b>Official Website :: </b>http://nemesis.sourceforge.net/ </div> </div>

Nemesis (Network Packet Cracking and Injection) :: Tools

  Nemesis is a command-line network packet crafting and injection utility for UNIX-like and Windows systems. Nemesis , is w...

Read more »

HexInject (Packet Injector and Sniffer) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzK_BWuo2OLgYHxEDEesWWuhQmgxt1u0PEIyEohkdj3RWfavzjVtjH2twPtDOXnHhiV2X7msomnkjgMAhBLW39M01tbrSi1xfPu88vKCzBBcCCz2gl8yWWG-H5RLVu-JR_T68rHRTMs3pc/s1600/hexinject+screenshot+toolwar.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="hexinject screenshot toolwar" border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzK_BWuo2OLgYHxEDEesWWuhQmgxt1u0PEIyEohkdj3RWfavzjVtjH2twPtDOXnHhiV2X7msomnkjgMAhBLW39M01tbrSi1xfPu88vKCzBBcCCz2gl8yWWG-H5RLVu-JR_T68rHRTMs3pc/s320/hexinject+screenshot+toolwar.png" title="hexinject screenshot toolwar" width="294" /></a></div> <div style="text-align: justify;"> <b>HexInject</b> is a very versatile <b>Packet Injector and Sniffer</b>, that provide a command-line framework for raw network access.<br /> <br /> It's designed to <b>work together</b> with others command-line utilities, and for this reason it facilitates the creation of powerful shell scripts capable of reading, intercepting and modifying network traffic in a transparent manner.</div> <div style="text-align: justify;"> <b>HexInject</b> has now reached version <b>1.5</b> (<i>Feb 21 2013</i>) and a few changes have been made. In particular the <i>features have been redistributed</i> between <b>multiple tools</b>, following the unix philosophy.</div> <ul style="text-align: justify;"> <li><b>hexinject</b> remains the main sniffer and injector.<br /> </li> <li><b>prettypacket</b> disassembles raw packets (received on its standard input) and print their field. It can also print example packets (useful if you want to know the structure of an header).<br /> </li> <li> <b>hex2raw</b> converts hexstring (the textual format used by hexinject) to raw data, and vice-versa. A basic xxd tool.<br /> </li> <li><b>packets.tcl</b> is an experimental packet forger, written in TCL. It uses a simple packet representation format based on <b>APD</b> (http://wiki.hping.org/26). The output of the tool can be <i>piped to hexinject raw inject mode</i>.</li> </ul> <b>Download Here :: </b><a href="http://sourceforge.net/projects/hexinject/files/hexinject-1.5/hexinject-1.5.tar.gz/download" target="_blank">HexInject v1.5.tar.gz</a><br /> <b>Guide :: </b>http://hexinject.sourceforge.net/hexinject_introduction.pdf  <br /> <b>Source ::</b> http://hexinject.sourceforge.net/</div>

HexInject (Packet Injector and Sniffer) :: Tools

HexInject is a very versatile Packet Injector and Sniffer , that provide a command-line framework for raw network access. ...

Read more »

Ostinato (Network Packet Crafter/Traffic Generator) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Ostinato tool" border="0" height="219" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjc8RI2nSUpvvqFFqJrsEGNipvYGwMQ2FTCQ49BQbwTK-t6m_jr4H5WqWV15UE7ZVZRCRO4JEFSuz-oVI1PoQwza2ph2hrBpDcLapFzbD-P-CKn_X3SjxAr2oqoUW_djYn2h2eLtt39sBj/s1600/ostinato+logo.jpg" title="Ostinato tool" width="640" /></div> <div style="text-align: justify;"> <b>Ostinato</b> is an open-source, cross-platform <b>network packet crafter/traffic generator</b> and analyzer with a friendly GUI. Craft and send packets of several streams with different protocols at different rates. For the full feature list see below.Ostinato aims to be "Wireshark in Reverse" and become complementary to Wireshark. </div> <h1 style="text-align: justify;"> <span style="font-size: large;">Features</span></h1> <ul style="text-align: justify;"> <li>Runs on Windows, Linux, BSD and Mac OS X (Will probably run on other platforms also with little or no modification but this hasn't been tested) </li> <li>Open, edit, replay and save PCAP files </li> <li>Support for the most common standard protocols </li> <ul> <li>Ethernet/802.3/LLC SNAP </li> <li>VLAN (with QinQ) </li> <li>ARP, IPv4, IPv6, IP-in-IP a.k.a IP Tunnelling (6over4, 4over6, 4over4, 6over6) </li> <li>TCP, UDP, ICMPv4, ICMPv6, IGMP, MLD </li> <li>Any text based protocol (HTTP, SIP, RTSP, NNTP etc.) </li> <li>More protocols in the works ... </li> </ul> <li>Modify any field of any protocol (some protocols allow changing packet fields with every packet at run time e.g. changing IP/MAC addresses) </li> <li>User provided Hex Dump - specify some or all bytes in a packet </li> <li>User defined script to substitute for an unimplemented protocol (EXPERIMENTAL) </li> <li>Stack protocols in any arbitrary order </li> <li>Create and configure multiple streams </li> <li>Configure stream rates, bursts, no. of packets </li> <li>Single client can control and configure multiple ports on multiple computers generating traffic </li> <li>Exclusive control of a port to prevent the OS from sending stray packets provides a controlled testing environment </li> <li>Statistics Window shows realtime port receive/transmit statistics and rates </li> <li>Capture packets and view them (needs Wireshark to view the captured packets) </li> <li>Framework to add new protocol builders easily </li> </ul> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/On64lQYEFlY?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <b>Download Here :: </b><a href="http://ostinato.googlecode.com/files/ostinato-src-0.5.1.tar.gz" target="_blank">Ostinato 0.5.1</a> (Linux)<br />                                <a href="http://ostinato.googlecode.com/files/ostinato-bin-win32-0.5.1.zip" target="_blank">Ositinato win32 0.5.1</a> (Windows)<br /> <b>Source ::</b> http://code.google.com/<br /> <ul style="text-align: justify;"> </ul> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div style="text-align: center;"> </div> </div>

Ostinato (Network Packet Crafter/Traffic Generator) :: Tools

Ostinato is an open-source, cross-platform network packet crafter/traffic generator and analyzer with a friendly GUI. Craft and send...

Read more »

Scapy (Packet Manipulation Program) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixDMYzpCAucl9pKf-Mk09QsfG2IwmA1dJkaN5O6H2a3yQi3yfK4Nb0oif8umCFFqJ1pZG88TIoB9kT0qarpsMD4LDECLTCMP-wPBdmSi29nzXcwh9ildaRJxDl_7UcYSlKRSw3xMJF3g9c/s1600/scapy1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="scapy" border="0" height="234" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixDMYzpCAucl9pKf-Mk09QsfG2IwmA1dJkaN5O6H2a3yQi3yfK4Nb0oif8umCFFqJ1pZG88TIoB9kT0qarpsMD4LDECLTCMP-wPBdmSi29nzXcwh9ildaRJxDl_7UcYSlKRSw3xMJF3g9c/s320/scapy1.png" title="scapy" width="320" /></a></div> <div style="text-align: justify;"> <b>Scapy</b> is very powerful interactive <i>packet manipulation program</i>. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like <i> scanning, tracerouting, probing, unit tests, attacks or network discovery</i> (it can replace hping, 85% of <i>nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f,</i> etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc.</div> <div style="text-align: justify;"> First, with most other tools, you won't build someting the author did not imagine. These tools have been built for a specific goal and can't deviate much from it. For example, an ARP cache poisoning program won't let you use double 802.1q encapsulation. Or try to find a program that can send, say, an ICMP packet with padding (I said padding, not payload, see?). In fact, each time you have a new need, you have to build a new tool.  </div> <div style="text-align: justify;"> Second, they usually confuse decoding and interpreting. Machines are good at decoding and can help human beings with that. Interpretation is reserved to human beings. Some programs try to mimic this behaviour. For instance they say "this port is open" instead of "I received a SYN-ACK". Sometimes they are right. Sometimes not. It's easier for beginners, but when you know what you're doing, you keep on trying to deduce what really happened from the program's interpretation to make your own, which is hard because you lost a big amount of information. And you often end up using <tt>tcpdump -xX</tt> to decode and interpret what the tool missed. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> Third, even programs which only decode do not give you all the information they received. The network's vision they give you is the one their author thought was sufficient. But it is not complete, and you have a bias. For instance, do you know a tool that reports the padding ? </div> <div style="text-align: justify;"> Scapy tries to overcome those problems. It enables you to build exactly the packets you want. Even if I think stacking a 802.1q layer on top of TCP has no sense, it may have some for somebody else working on some product I don't know. Scapy has a flexible model that tries to avoid such arbitrary limits. You're free to put any value you want in any field you want, and stack them like you want. You're an adult after all. </div> <div style="text-align: justify;"> In fact, it's like building a new tool each time, but instead of dealing with a hundred line C program, you only write 2 lines of Scapy. </div> <div style="text-align: justify;"> After a probe (scan, traceroute, etc.) Scapy always gives you the full decoded packets from the probe, before any interpretation. That means that you can probe once and interpret many times, ask for a traceroute and look at the padding for instance. </div> <div style="text-align: justify;"> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/MnPmNXJxDoQ?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <b><br /></b> <b>Download Here :: </b><a href="http://www.secdev.org/projects/scapy/files/scapy-latest.zip" target="_blank">Scapy Latest Version</a><b><br /></b><br /> <b>Official Website ::</b> http://www.secdev.org/projects/scapy/</div> <div style="text-align: center;"> </div> <div style="text-align: justify;"> </div> </div>

Scapy (Packet Manipulation Program) :: Tools

Scapy is very powerful interactive packet manipulation program . It is able to forge or decode packets of a wide number of protocols, s...

Read more »

Hping (Assembling or Analysing TCP/IP Packets) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Hping Logo" border="0" height="176" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3YSLgbgdpSBhralJmJns3TqLeQGFfhcfKmbp9vUC7uWQkF3YsiwFwnXKRXhoUgm65RUmu3NfxpOTo2G3w2XjgtTiF03v_gEdCrRO-mh5kZyI3PBaRKE7Oqyljqh31RHmmrOeJL7eMwREU/s320/hping.jpg" title="Hping Logo" width="320" /></div> <div style="text-align: justify;"> <b>Hping</b> is a <i>command-line tool</i> for <b>assembling or analysing TCP/IP packets</b>.The interface is inspired to the ping(8) unix command, but hping is not only able to send ICMP echo requests. It supports ICMP and RAW-IP, TCP, UDP,  protocols, has a <i>traceroute</i> mode, the ability to send files b/w a covered channel, and many other features. </div> <div style="text-align: justify;"> While <b>hping</b> was mainly used as a security tool in the past, it can be used in many ways by people that don't care about security to test networks and hosts. </div> <div style="text-align: justify;"> <b>hping</b> is most important tool that can done a lot things like :</div> <ul style="text-align: justify;"> <li> Advanced port scanning </li> <li>Firewall testing </li> <li>Remote OS fingerprinting </li> <li> Network testing, using different protocols, TOS, fragmentation </li> <li> Manual path MTU discovery </li> <li> Advanced traceroute, under all the supported protocols </li> <li> hping can also be useful to students that are learning TCP/IP. </li> <li> Remote uptime guessing </li> <li> TCP/IP stacks auditing </li> </ul> <div style="text-align: justify;"> <b>Hping</b> works on the following unix-like systems: Linux, FreeBSD, NetBSD, OpenBSD, Solaris, MacOs X, Windows.</div> <div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/fRxnzAWX5ag?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> <b><br /></b></div> <div class="separator" style="clear: both; text-align: left;"> <b>Download Here :: </b><a href="http://www.hping.org/hping3-20051105.tar.gz">hping3-20051105</a></div> <div class="separator" style="clear: both; text-align: left;"> <b>Official Website ::</b> http://hping.org/</div> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div style="text-align: center;"> </div> </div>

Hping (Assembling or Analysing TCP/IP Packets) :: Tools

Hping is a command-line tool for assembling or analysing TCP/IP packets .The interface is inspired to the ping(8) unix command, but hp...

Read more »

TCPDump (Network Sniffer) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div style="text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <img alt="tcpdump logo" border="0" height="55" src="http://upload.wikimedia.org/wikipedia/commons/7/72/Tcpdump&libpcap.png" title="tcpdump logo" width="400" /></div> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <br /> <div style="text-align: justify;"> <span style="font-family: inherit;"><b>Tcpdump</b> is used when Wireshark is not developed. <b>Tcpdump</b> is the network sniffer that we all used before (Wireshark) came on the scene, and many of us continue to use it frequently. It may not have the bells and whistles (such as a pretty GUI and parsing logic for hundreds of application protocols) that <i>Wireshark</i> has, but it does the job well and with less security risk. It also requires fewer system resources. While Tcpdump doesn't receive new features often, it is actively maintained to fix bugs and portability problems. It is great for tracking down network problems or monitoring activity. There is a separate Windows port named <i>WinDump</i>. <b>tcpdump</b> is the source of the <i>Libpcap/WinPcap</i> packet capture library, which is used by Nmap and many other tools.</span></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/R3kl85QFG0w?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: center;"> </div> <div style="text-align: left;"> <br /> <span style="font-family: inherit;"><b>Download Here :: </b><a href="http://www.tcpdump.org/release/tcpdump-4.4.0.tar.gz" target="_blank">tcpdump 4.4.0.tar.gz</a><b> </b></span></div> <div style="text-align: left;"> <span style="font-family: inherit;"><b>Official Website ::</b> </span>http://www.tcpdump.org/</div> </div>

TCPDump (Network Sniffer) :: Tools

Tcpdump is used when Wireshark is not developed. Tcpdump is the network sniffer that we all used before (Wireshark) came on the ...

Read more »