ToolWar | Information Security (InfoSec) Tools: Penetration

WebReaver (Advanced Web Security Scanner) :: Framework

<p style="text-align: center;"><img alt="WebReaver (Advanced Web Security Scanner)" border="0" data-original-height="1180" data-original-width="2048" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3ne2Pm852WocBoS6pz22kpKIauMIwx-ZeFPTcJO-aGtAj8oSokpLjpSwuepPZHfMMuzME0wJa_nx8KJc62uNIUMKOuGHy9Pdf_-zlKrlYFmpW3gVbABfveI7jWvWSWUKFOEyyiUGrtMQ/w400-h230/01.png" title="WebReaver (Advanced Web Security Scanner)" width="400" />  </p><p>WebReaver is an elegant, easy to use and fully-automated, web 
application security security testing tool for Mac, Windows and Linux, 
suitable for novice as well as advanced users.</p>
<p>WebReaver allows you easily test any web application for a large 
variety of web vulnerabilities from the sever kinds such as SQL 
Injection, Local and Remote File Includes, Command Injection, Cross-site
 Scripting and Expression Injection to the less severe ones such as 
variety of session and headers problems, information leakage and many 
more.</p><p><b>Tutorial</b>:</p><p> </p><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="" class="BLOG_video_class" height="266" src="https://www.youtube.com/embed/4w5QbNTED8I" width="320" youtube-src-id="4w5QbNTED8I"></iframe></div><br /><br /><p></p><p><b>Download :</b></p><p><a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver+Setup+0.1.0.exe" rel="nofollow" target="_blank">Windows</a><b> |</b> <a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver-0.1.0.dmg" rel="nofollow" target="_blank">macOS</a><b> | </b><a href="https://s3-eu-west-1.amazonaws.com/data-desktop.secapps.com/webreaver/WebReaver-0.1.0-x86_64.AppImage" rel="nofollow" target="_blank">Linux</a><b><br /></b></p><p><a href="https://webreaver.com/" rel="nofollow" target="_blank"><b>Official Website</b> <br /></a></p>

WebReaver (Advanced Web Security Scanner) :: Framework

WebReaver is an elegant, easy to use and fully-automated, web application security security testing tool for Mac, Windows and Linux, sui...

SubBrute (Subdomain Bruteforcer) :: Tools

<p style="text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir8Vkrnp22NNcwJ4TRgPi1YAm_XJvNmKenaVQ0w98RW2yv5rqslLJflOiKfr0HEHmjopBvu_-nmjjxc3eYsn0w8kMP6PHuX9xMhvRigmyxoBDd-bwTEbnjX-H_haEpL0DfBWjSX9-CfDA/s1600/SubBrute.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="subbrute subdomain bruteforce" border="0" data-original-height="900" data-original-width="1600" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir8Vkrnp22NNcwJ4TRgPi1YAm_XJvNmKenaVQ0w98RW2yv5rqslLJflOiKfr0HEHmjopBvu_-nmjjxc3eYsn0w8kMP6PHuX9xMhvRigmyxoBDd-bwTEbnjX-H_haEpL0DfBWjSX9-CfDA/w400-h225/SubBrute.jpg" title="subbrute subdomain bruteforce" width="400" /> </a></p><p style="text-align: justify;">SubBrute is a community driven project with the goal of creating the 
fastest, and most accurate subdomain enumeration tool.  Some of the 
magic behind SubBrute is that it uses open resolvers as a kind of proxy 
to circumvent DNS rate-limiting.  This design also provides a layer of anonymity, as SubBrute does not send traffic directly to the target's name servers.</p><p><span style="font-size: medium;"><b>I<span>nstallation & Use:</span></b> </span></p><p>No install required for Windows,  just cd into the 'windows' folder:</p>
<ul><li>subbrute.exe google.com</li></ul>
<p>Easy to install:
You just need and python2.7 or python3.  This tool should work under any operating system:  bsd, osx, windows, linux...</p>
<p>(On a side note giving a makefile root always bothers me,  it would be a great way to install a backdoor...)</p>
<p>Under Ubuntu/Debian all you need is:</p>
<ul><li>sudo apt-get install python-dnspython</li></ul>
<p>On other operating systems you may have to install dnspython manually:</p>

<p>Easy to use:</p>
<ul><li>./subbrute.py google.com</li></ul>
<p>Tests multiple domains:</p>
<ul><li>./subbrute.py google.com gmail.com blogger.com</li></ul>
<p>or a newline delimited list of domains:</p>
<ul><li>./subbrute.py -t list.txt</li></ul>
<p>Also keep in mind that subdomains can have subdomains (example: _xmpp-server._tcp.gmail.com):</p>
<ul><li>
<p>./subbrute.py gmail.com > gmail.out</p>
</li><li>
<p>./subbrute.py -t gmail.out</p>
</li></ul><p style="text-align: justify;"><b><span style="font-size: small;">Download: <a href="https://github.com/TheRook/subbrute" target="_blank">Subbrute v1.2.1</a><br /></span></b></p>

SubBrute (Subdomain Bruteforcer) :: Tools

SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool. Some of th...

WebSlayer (Brute Forcing Web Applications) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB-Km_jr9rLE0PT8dWcX5nBk3Vg169tYvpjuYXyHIlJIjQjQiVszr8nD96mwiNPVRW85LZcoW5X_mMyw2crhTWikoBQ8v4OiWpaaZvhMCSAk5UzTLY5r67QXW9yjWBoUkY_WEAQKAphe81/s1600/webslayer-1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="OWASP WebSlayer :: ToolWar" border="0" height="318" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB-Km_jr9rLE0PT8dWcX5nBk3Vg169tYvpjuYXyHIlJIjQjQiVszr8nD96mwiNPVRW85LZcoW5X_mMyw2crhTWikoBQ8v4OiWpaaZvhMCSAk5UzTLY5r67QXW9yjWBoUkY_WEAQKAphe81/s1600/webslayer-1.png" title="OWASP WebSlayer :: ToolWar" width="400" /></a></div>
<div style="text-align: justify;">
<b>WebSlayer</b> is a tool designed for brute forcing Web  Applications, it can be used for finding  resources not linked  (directories, servlets, scripts,files, etc), brute force GET and POST  parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc.  The tools has a payload generator and an easy and powerful results  analyzer. </div>
<div style="text-align: justify;">
You can perform attacks like: </div>
<ul style="text-align: justify;">
<li>Predictable resource locator, recursion supported (Discovery) </li>
</ul>
<ul style="text-align: justify;">
<li>Login forms brute force </li>
</ul>
<ul style="text-align: justify;">
<li>Session brute force </li>
</ul>
<ul style="text-align: justify;">
<li>Parameter brute force </li>
</ul>
<ul style="text-align: justify;">
<li>Parameter fuzzing  and injection (XSS, SQL) </li>
</ul>
<ul style="text-align: justify;">
<li>Basic and Ntml authentication brute forcing </li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Ce413RcYuGI?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
</div>
<br />
<b>Download Here ::</b> 
<a href="https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/webslayer/WebSlayer-Beta.msi" target="_blank">WebSlayer Beta</a><b><br /></b><br />
<b>Official Website :: </b>http://www.edge-security.com/webslayer.php </div>

WebSlayer (Brute Forcing Web Applications) :: Tools

WebSlayer is a tool designed for brute forcing Web Applications, it can be used for finding resources not linked (directories, servl...

Katana (Penetration Testing) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhw1qTlDYqNtKvMj9NxyH9Z1j3SfWPp0LHjUlIvAoh3fymYv3sUWHQ5obhS3z3ZjfPDr8j-FcvHs27sgD2ea_KOxRs-iXdsa31FWYMOA5E8hajACfsjq2Q23aDoRo334OJnAsTMUjM7Cfo_/s1600/Katana+Framework.png" imageanchor="1"><img alt="Download Katana Framework For Penetration Testing" border="0" height="130" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhw1qTlDYqNtKvMj9NxyH9Z1j3SfWPp0LHjUlIvAoh3fymYv3sUWHQ5obhS3z3ZjfPDr8j-FcvHs27sgD2ea_KOxRs-iXdsa31FWYMOA5E8hajACfsjq2Q23aDoRo334OJnAsTMUjM7Cfo_/s400/Katana+Framework.png" title="Katana Framework" width="400" /></a></div>
<div style="text-align: justify;">
<b>Katana</b> is a framework written in <b>python</b> for making penetration testing,  based on a simple and comprehensive structure for anyone to use, modify  and share, the goal is to unify tools serve for professional when making  a penetration test or simply as a routine tool, The current version is  not completely stable, is recommended update ever that you use it.</div>
<h3>
<b>Installation::</b></h3>
Installation of Katana framework: is necesary install all dependencies for a good performance. <br />
<blockquote class="tr_bq">
<pre><i>git clone https://github.com/PowerScript/KatanaFramework.git
cd KatanaFramework
sudo sh dependencies
sudo python install
</i></pre>
<div style="text-align: justify;">
<br /></div>
</blockquote>
<b>How to Use:: </b><a href="https://github.com/PowerScript/KatanaFramework/wiki/How-to-use" rel="nofollow" target="_blank">Click Here</a> <br />
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Video Tutorial: </b></div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/B0QsDwYTrnI/0.jpg" frameborder="0" height="330px" src="https://www.youtube.com/embed/B0QsDwYTrnI?feature=player_embedded" width="100%"></iframe></div>
<div style="text-align: justify;">
<h3>
<b>Download:</b></h3>
<b>Linux:  </b><a href="https://github.com/PowerScript/KatanaFramework" rel="nofollow" target="_blank">Katana Framework</a><br />
<br />
<b>Submitted By: </b>RedToor</div>

Katana (Penetration Testing) :: Framework

Katana is a framework written in python for making penetration testing, based on a simple and comprehensive structure for anyone to us...

Echo Mirage 3.1 :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifvB-lq7ocGqBXR7di9weB76khloj25f-AdTfIHjMhY1mlB5EDYxX5kz5DJnyRjhDaI2IfKRsb65SReUbaFQn-CqfpIec1dx1biJwetM3rFPQHtE5dLix-SIWXUaIbKm9jlayP2-4whOkm/s1600/Echo+Mirage.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Download Echo Mirage" border="0" height="219" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifvB-lq7ocGqBXR7di9weB76khloj25f-AdTfIHjMhY1mlB5EDYxX5kz5DJnyRjhDaI2IfKRsb65SReUbaFQn-CqfpIec1dx1biJwetM3rFPQHtE5dLix-SIWXUaIbKm9jlayP2-4whOkm/s320/Echo+Mirage.jpg" title="Echo Mirage 3.1 from ToolWar" width="320" /></a></div>
<div style="text-align: justify;">
<b>Echo Mirage</b> is a generic network proxy. It uses DLL injection and 
function hooking techniques to redirect network related function calls 
so that data transmitted and received by local applications can be 
observed and modified.<br /><br />Windows encryption and OpenSSL functions 
are also hooked so that plain text of data being sent and received over 
an encrypted session is also available.<br /><br />Traffic can be intercepted in real-time, or manipulated with regular expressions and action scripts.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Note: Echo Mirage is no longer available from author. Here is the archived copy of it. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>License: </b>Freeware<b> </b></div>
<div style="text-align: justify;">
<b>Download:: </b><a href="http://woodmann.com/collaborative/tools/images/Bin_Echo_Mirage_2014-1-11_17.28_EchoMirage-3.1.rar" rel="nofollow" target="_blank">Echo Mirage 3.1</a> (.exe) </div>
<div style="text-align: justify;">
<br /></div>

Echo Mirage 3.1 :: Tools

Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function call...

SpiderFoot (Open Source Footprinting) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="spiderfoot logo" border="0" height="97" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3OsA6C6TqkPGzSteLe5Il6DIbd5vJ2R2ygYKxmMpztIbUkSadC9dsHcwl_7QR802M4qPoJJisrwSlI8DMAEUell4jeIyK4qx3jReRPGdrFQmb11OzHZZF0LqZ5PMxpn_9YKKrUSujN-Vq/s1600/spiderfoot-logo-named.jpg" title="spiderfoot logo" width="320" /></div>
<div style="text-align: justify;">
<b>SpiderFoot</b> is a free, <b>open-source footprinting tool</b>, enabling you to perform various scans against a given domain name in order to <i>obtain information</i> such as <i>sub-domains, e-mail addresses, owned netblocks, <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> server versions</i> and so on. The main objective of <b>SpiderFoot</b> is to automate the <b>footprinting</b> process to the greatest extent possible, freeing up a penetration tester’s time to focus their efforts on the <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> <a href="http://www.toolwar.com/search/label/Testing" target="_blank">testing</a> itself. <br />
<br />
<h3>
Features ::</h3>
</div>
<ul style="text-align: justify;">
<li><b>SpiderFoot's</b> simple web-based interface enables you to kick off a scan immediately after install - just give your scan a name, the domain name of your target and select which modules to enable. </li>
<li>You will quickly obtain information such as: URLs handling <a href="http://www.toolwar.com/search/label/Password" target="_blank">passwords</a>, <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> ranges (netblocks), web servers, open ports, information about SSL certificates, and much more.</li>
<li>All <b>SpiderFoot</b> scan results are stored within an internal SQLite database, meaning that during a running scan and after a scan has completed, you can easily browse results, export to CSV and soon also be able to search scan results.</li>
<li><b>SpiderFoot</b> is designed from the ground-up to be modular. This means you can easily add your own modules that consume data from other modules to perform whatever task you desire. As a simple example, you could create a module that automatically attempts to <a href="http://www.toolwar.com/search/label/Bruteforce" target="_blank">brute-force </a>usernames and passwords any time a password-handling webpage is identified by the spidering module.</li>
</ul>
<h3>
Tutorials ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/jD2rgooP2T0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
 </h3>
<b>Installing ::</b> <a href="https://github.com/smicallef/spiderfoot/wiki/Installing" target="_blank">Click Here</a>  
<b> </b><br />
<b>Release Notes ::</b> <a href="https://github.com/smicallef/spiderfoot/wiki/Release-Notes" target="_blank">Click Here</a>

<br />
<br />
<h3>
Download ::</h3>
<b>Windows ::</b> <a href="http://sourceforge.net/projects/spiderfoot/files/SpiderFoot-2.1.0-w32.zip/download" target="_blank">SpiderFoot v2.1.0x86</a> (.zip)<br />
<b>Linux/Solaris/BSD ::</b> <a href="http://sourceforge.net/projects/spiderfoot/files/spiderfoot-2.1.0-src.tar.gz/download" target="_blank">SpiderFoot v2.10</a> (.tar.gz)
<b> </b><br />
<b>Official Website :: </b><a href="http://www.spiderfoot.net/">http://www.spiderfoot.net/</a>

SpiderFoot (Open Source Footprinting) :: Tools

SpiderFoot is a free, open-source footprinting tool , enabling you to perform various scans against a given domain name in order to obta...

XSSYA v2.0 (Cross Site Scripting Vulnerability Confirmation) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="XSSYA" border="0" height="331" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNyLNtuNpGkSYVXv-zl0SWTmpu-N6hsMjZKUMWHY9Yr3-POS5ttLGClLCyeE9UKcizHkGBuH-983P6_jdBjo6CSewy_F_t5UcNwzj63_46CmPuWVQDysRaMutNYvz6cp9a2otmjHFyIcjA/s1600/XSSYA+Screenshot.png" title="XSSYA Screenshot" width="640" /></div>
<br />
<div style="text-align: justify;">
<b>XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation)</b> written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a> scripting language confirm the <a href="http://www.toolwar.com/search/label/XSS" target="_blank">XSS Vulnerability</a> in two method first work by execute the payload encoded to bypass <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> Application Firewall which is the first method  request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie. </div>
<br />
<h3>
Key Features:</h3>
<ul>
<li>Support HTTPS</li>
<li>After Confirmation (execute payload to get cookies)</li>
<li>Can be run in (Windows - Linux)</li>
<li>Identify 3 types of WAF (Mod_Security - WebKnight - F5 BIG IP)</li>
<li>XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)</li>
<li>Support Saving The Web HTML Code Before Executing</li>
<li>the Payload Viewing the Web HTML Code into the Screen or Terminal</li>
</ul>
<h3>
What's New: </h3>
(XSSYA v 2.0 has more payloads; library contains 41 payloads to enhance detection level XSS scanner is now removed from XSSYA to reduce false positive. URLs to be tested used to not allow any character at the end of the URL except (/ - = -?) but now this limitation has been removed.<br />
<br />
<div style="text-align: justify;">
Custom Payload 1 – You have the ability to Choose your Custom Payload Ex: and you can encode your custom payload with different types of encodings like (B64 – HEX – URL_Encode –- HEX with Semi Columns). (HTML Entities à Single & Double Quote only - brackets – And – or Encode all payload with HTML Entities) This feature will support also XSS vulnerability confirmation method which is you choose you custom payload and custom Encoding execute if response 200 check for same payload decoded in HTM code page. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
HTML5 Payloads XSYSA V2.0 contains a library of 44 HTLM5 payloads XSSYA have a Library for the most vulnerable application with XSS – Cross site scripting and this library counting (Apache – WordPress – PHPmy Admin) If you choose application it give the CVE Number version of Apache which is affected and the link for CVE for more details so it will be easy to search for certain version that is affected with XSS. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
XSSYA has the feature to convert the IP address of the attacker to (Hex, Dword, Octal) to bypass any security mechanism or IPS that will be exist on the target Domain. XSSYA check is the target is Vulnerable to XST (Cross Site Trace) which it sends custom Trace Request and check if the target domain is Vulnerable the request will be like this: </div>
<br />TRACE / HTTP/1.0 <br />Host: demo.testfire.net <br />Header1: < script >alert(document.cookie);<br />
<h3>
Tutorials:</h3>
<b>User Guide:</b> <a href="http://labs.dts-solution.com/xssya-forget-the-browser-for-xss-by-yehia-mamdouh/" target="_blank">Click Here</a><br />
<h3>
Download:</h3>
<b>Python: </b><a href="https://github.com/yehia-mamdouh/XSSYA-V-2.0/archive/master.zip" target="_blank">XSSYA v2.0</a>

XSSYA v2.0 (Cross Site Scripting Vulnerability Confirmation) :: Tools

XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation) written in python scripting language confirm the XSS Vulnerabili...

Mandiant Redline (Memory and File Analysis) :: Tools

<div class="separator" style="clear: both; text-align: center;">
 <img alt="Mandiant Redline Logo" border="0" height="233" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi85inxEf7aGj9rwDfJlLA1TZjt029HkuPRCGRhLSQHEAM3zBvwbuLTQ5KRk0_EUdzGhbt6PbzzhpzYo2kQigms2_eBtiT3rOaRdXb8fjaQlF-7JuBE_st3IAFkZd3E5dxJ-TJdPkeBzB0X/s400/Memoryze+Logo.png" title="Mandiant Redline Logo" width="400" /></div>
<div style="text-align: justify;">
<b>Redline, Mandiant’s</b> premier free tool, provides<i> host investigative</i> 
capabilities to users to find signs of <i>malicious activity through memory
 and file analysis</i>, and the development of a threat assessment profile. 
 With <b>Redline,</b> users can:</div>
<ul style="text-align: justify;">
<li>Thoroughly audit and collect all running processes and drivers 
from <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a>, file system metadata, <a href="http://www.toolwar.com/search/label/Registry" target="_blank">registry</a> data, event logs, <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> 
information, services, tasks, and <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> history.</li>
<li>Analyze and view imported audit data, including narrowing and 
filtering results around a given timeframe using <b>Redline’s</b> Timeline 
functionality with the TimeWrinkle™ and TimeCrunch™ features.</li>
<li>Streamline memory analysis with a proven workflow for analyzing <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> based on relative priority.</li>
<li>Identify processes more likely worth investigating based on the <b>Redline</b> Malware Risk Index (MRI) score.</li>
<li>Perform Indicator of Compromise (IOC) <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a>. Supplied with a set 
of IOCs, the Redline Portable Agent is automatically configured to 
gather the data required to perform the IOC analysis and an IOC hit 
result review. </li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In addition, <b>Redline</b> can be used in conjunction with <b>Mandiant for Intelligent Response®(MIR®)</b> and <b>Mandiant for Security Operations™:</b></div>
<div style="text-align: justify;">
</div>
<ul style="text-align: justify;">
<li>Investigators can open audits gathered in Mandiant for 
Intelligent Response (MIR) directly in Redline to quickly identify a 
malicious process and create an IOC based on the analysis. MIR can use 
this IOC to quickly sweep a <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> to identify all other systems 
running the same or similar malware.</li>
<li>Mandiant for Security Operations users can open triage collections 
directly in Redline in order to perform in-depth <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> allowing the 
user to establish a timeline and the scope of an incident.</li>
</ul>
<b>Mandiant Redline 1.11</b> includes various changes to improve your user 
experience, and adds support for <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> 8 and 2012. A redesigned find 
panel remains open and offers users the ability to search and filter on a
 specific column. You can also filter lists by multiple tags at the same
 time and choose whether to include only items that do or do not have a 
comment. Finally, the Redline Collector now provides beta support for 
gathering Windows 2012 and Windows 8 data..<br />
<br />
<br />
<b>Supported Operating Systems:</b> Windows XP, Windows Vista, Windows 7, Windows 8 (32-bit and 64-bit)<br />
<br />
<h3>
Tutorials ::</h3>
<b>User Guide :: </b><a href="http://www.mandiant.com/library/Redline1.11_UserGuide.pdf">Mandiant Redline 1.11 (PDF)</a><br />
<b>Redline Blog :: </b><a href="https://www.mandiant.com/blog/tag/redline/" target="_blank">Mandiant Redline Blog </a><br />
<br />
<h3>
Download ::</h3>
<b>Windows :: </b><a href="https://www.mandiant.com/library/Redline-1.11.msi" target="_blank">Mandiant Redline v1.11</a><b><br /></b><br />
<b>Official Website ::</b> <a href="https://www.mandiant.com/resources/download/redline">https://www.mandiant.com/resources/download/redline</a>

Mandiant Redline (Memory and File Analysis) :: Tools

Redline, Mandiant’s premier free tool, provides host investigative capabilities to users to find signs of malicious activity throug...

AndiParos (Web Application Security Assessments) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjH1vpXX0DjZZItydH0KB9zNnfXlCbRkY7UWHW5FiqbE4Hx-kZMJEJs4iZIKQXj74FOKOYKrBbA0ws0u1Dw5qCx02GfzGD3M8_BRJhHOetEmnneVAQP2WANvMYpwj_5WJdX8W1M8Ndcsq2S/s1600/Andiparos_Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="AndiParos Screenshot" border="0" height="307" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjH1vpXX0DjZZItydH0KB9zNnfXlCbRkY7UWHW5FiqbE4Hx-kZMJEJs4iZIKQXj74FOKOYKrBbA0ws0u1Dw5qCx02GfzGD3M8_BRJhHOetEmnneVAQP2WANvMYpwj_5WJdX8W1M8Ndcsq2S/s1600/Andiparos_Screenshot.png" title="AndiParos Screenshot" width="400" /></a></div>
<div style="text-align: justify;">
<b>Andiparos</b> is a fork of the famous <a href="http://www.toolwar.com/2013/09/paros-proxy-tools.html" rel="" target="_blank">Paros Proxy</a>.
 It is an open source <b>web application security assessment tool</b> that 
gives <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration</a> testers the ability to spider websites, analyze 
content, intercept and modify requests, etc. </div>
<div style="text-align: justify;">
The advantage of 
<b>Andiparos</b> is mainly the support of Client Certificates on Smartcards. 
Moreover it has several small interface enhancements, making the life 
easier for penetration testers... </div>
<div style="text-align: justify;">
Features: </div>
<ul style="text-align: justify;">
<li>Smartcard support </li>
<li>BeanShell support </li>
<li>History Filter (URLs) </li>
<li>Passive Scanner </li>
<li>Advanced search functionality </li>
<li>MultiTags for request/response </li>
<li>Mark Request/Response </li>
<li>Better<a href="http://www.toolwar.com/search/label/Mac" target="_blank"> Mac OS X</a> integration </li>
<li>other nice enhancements... </li>
</ul>
<h3>
Tutorials ::</h3>
<b>Wiki ::</b> <a href="https://code.google.com/p/andiparos/w/list" target="_blank">Click Here</a>  <br />
<h3>
Download ::</h3>
<b>Linux | Windows | Mac :: </b><a href="https://code.google.com/p/andiparos/downloads/detail?name=Andiparos-1.0.6.zip" target="_blank">Andiparos v1.0.6</a> (.zip) | <a href="https://code.google.com/p/andiparos/downloads/detail?name=Andiparos-1.0.6-Installer.exe" target="_blank">Andiparos v1.0.6</a> (.exe) | <a href="https://code.google.com/p/andiparos/downloads/detail?name=Andiparos-v1.0.6.dmg" target="_blank">Andiparos v1.0.6</a> (.dmg) <br />
<b>Source Website :: </b><a href="https://code.google.com/p/andiparos/">https://code.google.com/p/andiparos/</a>

AndiParos (Web Application Security Assessments) :: Tools

Andiparos is a fork of the famous Paros Proxy . It is an open source web application security assessment tool that gives penetration ...

KisMAC (Sniffer/Scanner for Mac OS X) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="KisMAC Logo" border="0" height="277" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT0hq_xqF0S3TgubdqI2kXMyQJdIa4Xw5tz6EqhN_X9lUnO1W1Dy4wjcwJ9tMbIWnyC8-GYuHFmw13erY5ILu7_KOBlGEksaYGYIK-_qu-pDLXXY2SdMuEAG8TXkP4qSN0eOa4tJo6OGPl/s1600/kisMAC+logo.png" title="KisMAC Logo" width="320" /></div>
<div style="text-align: justify;">
<b>KisMAC</b> is a popular <b>wireless stumbler for Mac OS X</b> offers many of the features of its namesake <a class="local" href="http://www.toolwar.com/2013/09/kismet-tools.html" target="_blank">Kismet</a>,  though the codebase is entirely different. Unlike console-based Kismet,  <b>KisMAC</b> offers a pretty <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI</a> and was around before Kismet was ported to  OS X. It also offers mapping, Pcap-format import and logging, and even  some decryption and deauthentication attacks.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>KisMAC</b> is an open-source and free <a href="http://www.toolwar.com/search/label/Sniffer" target="_blank">sniffer</a>/<a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner</a> application for <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X</a>. It has an advantage over MacStumbler / iStumbler / <a href="http://www.toolwar.com/2013/09/netstumbler-tools.html" target="_blank">NetStumbler</a> in  that it uses monitor mode and passive scanning.  </div>
<div style="text-align: justify;">
KisMAC supports many third party <a href="http://www.toolwar.com/search/label/USB" target="_blank">USB</a> devices:  Intersil Prism2, Ralink  rt2570, rt73, and Realtek rtl8187 chipsets. All of the internal AirPort  hardware is supported for scanning. </div>
<div style="text-align: justify;">
The rest of this wiki assumes you are prepared for advanced topics and know what you are doing with your system. </div>
<h3 id="Features" style="text-align: justify;">
Features ::</h3>
<ul style="text-align: justify;">
<li>Reveals hidden / cloaked / closed SSIDs </li>
<li>Shows logged in clients (with MAC Addresses, IP addresses and signal strengths) </li>
<li>Mapping and GPS support </li>
<li>Can draw area maps of network coverage </li>
<li>PCAP import and export </li>
<li>Support for 802.11b/g </li>
<li>Different attacks against encrypted networks </li>
<li>Deauthentication attacks </li>
<li>AppleScript-able </li>
<li>Kismet drone support (capture from a Kismet drone) </li>
</ul>
<h3 id="Supportedhardwarechipsets" style="text-align: justify;">
Supported Hardware Chipsets :: </h3>
<ul style="text-align: justify;">
<li>Apple AirPort and AirPort Extreme (dependent upon Apple's drivers) </li>
<li>Intersil Prism 2, 2.5, 3  USB devices </li>
<li>Ralink rt2570 and rt73 USB devices </li>
<li>Realtek RTL8187L USB (such as the Alfa AWUS036H, which does not work on Mac OS 10.6.7 or later) </li>
</ul>
<h3 id="Cryptosupport" style="text-align: justify;">
Crypto Support :: </h3>
<ul style="text-align: justify;">
<li>Bruteforce attacks against LEAP, WPA and WEP </li>
<li>Weak scheduling attack against WEP </li>
<li>Newsham 21-bit attack against WEP </li>
</ul>
<h3 style="text-align: justify;">
Tutorials :: </h3>
<div style="text-align: justify;">
<b>Wiki ::</b> <a href="http://trac.kismac-ng.org/" target="_blank">Click Here</a></div>
<div style="text-align: justify;">
<b>Forum ::</b> <a href="http://forum.kismac-ng.org/" target="_blank">Click Here </a></div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/lBGN5OGCPgI?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
Download :: </h3>
<div style="text-align: justify;">
<b>Mac :: </b><a href="http://update.kismacmirror.com/binaries/KisMAC-0.3.3.dmg" target="_blank">KisMAC v0.3.3</a> (.dmg)<b>
</b></div>
<div style="text-align: justify;">
<b>Official Website ::  </b><a href="http://kismac-ng.org/">http://kismac-ng.org/</a></div>

KisMAC (Sniffer/Scanner for Mac OS X) :: Tools

KisMAC is a popular wireless stumbler for Mac OS X offers many of the features of its namesake Kismet , though the codebase is entirel...

FS-NyarL (Pentesting and Forensics) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<img alt="FS-NyarL Logo" border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyvqhfIV1vfEKDsDPoTq-IY5y6kdJuGAIfRzvtSPL90-6xtK2hDdppU1kPwgvztn_cudPZFcOqOalRYynOeDEflS5wufjqugLOyzJNrbZhqLjb34aHNnZuPJhRLZ_SInYW0BFppZeFQqDm/s1600/FS-NyarL+Logo.jpg" title="FS-NyarL Logo" width="248" /></div>
<div style="text-align: justify;">
<b>NyarL</b> it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony.  It's represent Crawling Chaos and <b>FS-NyarL</b> it's The <b>Crawling Chaos of Cyber Security</b>. A <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> takeover & <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensic analysis tool</a> - useful to advanced  PenTest tasks & for fun and profit - but use it at your own risk! </div>
<ul style="text-align: justify;">
<li>Interactive Console</li>
<li>Real Time Passwords Found</li>
<li>Real Time Hosts Enumeration</li>
<li>Tuned Injections & Client Side Attacks</li>
<li>ARP Poisoning & SSL Hijacking</li>
<li>Automated HTTP Report Generator</li>
</ul>
<div style="text-align: justify;">
<b>ATTACKS IMPLEMENTED:</b> </div>
<ul style="text-align: justify;">
<li>MITM (Arp Poisoning)</li>
<li>Sniffing (With & Without Arp Poisoning)</li>
<li>SSL Hijacking (Full SSL/TLS Control)</li>
<li>HTTP Session Hijaking (Take & Use Session Cookies)</li>
<li>Client Browser Takeover (with Filter Injection in data stream)</li>
<li>Browser AutoPwn (with Filter Injection in data steam)</li>
<li>Evil Java Applet (with Filter Injection in data stream)</li>
<li>DNS Spoofing</li>
<li>Port Scanning</li>
</ul>
<table class="notableborder" style="margin-left: 0px; margin-right: 0px; text-align: left;"><tbody>
<tr><td colspan="2"><b>POST ATTACKS DATA OBTAINED:</b><br />
<ul>
<li>Passwords extracted from data stream</li>
<li>Pcap file with whole data stream for deep analysis</li>
<li>Session flows extracted from data stream (Xplico & Chaosreader)</li>
<li>Files extracted from data stream</li>
<li>Hosts enumeration (IP,MAC,OS)</li>
<li>URLs extracted from data stream</li>
<li>Cookies extracted from data stream</li>
<li>Images extracted from data stream</li>
<li>List of HTTP files downloaded extracted from URLs</li>
</ul>
</td> </tr>
<tr><td><b>DEPENDENCIES (aka USED TOOLS):</b><br />
<ul>
<li>Chaosreader (already in bin folder)</li>
<li><a href="http://www.toolwar.com/2013/11/xplico-tools.html" target="_blank">Xplico</a></li>
<li><a href="http://www.toolwar.com/2013/09/ettercap-076-tools.html" target="_blank">Ettercap</a></li>
<li>Arpspoof</li>
<li>Arp-scan</li>
<li>Mitmproxy</li>
<li><a href="http://www.toolwar.com/2014/02/nmap-and-zenmap-network-discovery-and.html" target="_blank">Nmap</a></li>
<li><a href="http://www.toolwar.com/2013/09/tcpdump-is-network-sniffer-we-all-used.html" target="_blank">Tcpdump</a></li>
<li><a href="http://www.toolwar.com/2013/09/beef-browser-exploitation-framework.html" target="_blank">Beef</a></li>
</ul>
</td> <td><ul>
<li><a href="http://www.toolwar.com/2013/10/social-engineering-toolkit-set-tools.html" target="_blank">SET</a></li>
<li><a href="http://www.toolwar.com/2013/09/metasploit-framework.html" target="_blank">Metasploit</a></li>
<li><a href="http://www.toolwar.com/2013/09/dsniff-tools.html" target="_blank">Dsniff</a></li>
<li><a href="http://www.toolwar.com/2013/10/technitium-mac-address-changer-v6-tools.html" target="_blank">Macchanger</a></li>
<li>Hamster</li>
<li>Ferret</li>
<li><a href="http://www.toolwar.com/2013/10/p0f-tools.html" target="_blank">P0f</a></li>
<li><a href="http://www.toolwar.com/2013/11/foremost-tools.html" target="_blank">Foremost</a></li>
<li>SSLStrip</li>
<li><a href="http://www.toolwar.com/2014/02/sslsplit-mitm-attack-against-ssltls.html" target="_blank">SSLSplit</a></li>
</ul>
</td></tr>
</tbody></table>
<br />
<table class="notableborder" style="margin-left: 0px; margin-right: 0px; text-align: left;"><tbody>
<tr><td><h3>
Tutorials ::</h3>
<b>Screenshots ::  </b><a href="http://www.fulgursecurity.com/en/content/fs-nyarl" target="_blank">Click Here</a> <br />
<h3>
Download ::</h3>
<b>Linux ::</b> <a href="http://www.fulgursecurity.com/tools/fs-nyarl/FS-NyarL_v1.0-kali.tar.gz" target="_blank">FS-NyarL v1.0</a> (.tar.gz)<br />
<b>Official Website :: </b><a href="http://www.fulgursecurity.com/en/content/fs-nyarl">http://www.fulgursecurity.com/en/content/fs-nyarl</a></td></tr>
</tbody></table>

FS-NyarL (Pentesting and Forensics) :: Framework

NyarL it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony. It's represent Crawling Chaos...

FARADAY (Integrated Penetration Testing IDE) :: Framework

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="FARADAY Logo" border="0" height="91" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj03zjrenjfh3-P90KLn_GSw8ONyaQLqXdR6otoyPAiIMj1ETcLzdJpofOdDKILtTGY6U_4FS4zlEyLZEVF0IEjyTWLMkZrm9wa3U-YS1L8K8A1NQO_j0muNmj9wiuSaqph9OyYKddiOc-f/s1600/Faraday-Logo.png" title="FARADAY Logo" width="400" /></div>
<b>Faraday</b> introduces a new concept (IPE) <b>Integrated Penetration-Test  Environment</b> a multiuser <b>Penetration test IDE</b>. Designed for distribution,  indexation and analysis of the generated data during the process of a <a href="http://www.toolwar.com/search/label/Security" target="_blank"> security audit</a>.</div>
<div style="text-align: justify;">
The main purpose of <b>Faraday</b> is to re-use the available tools in the community to take advantage of them in a multiuser way.</div>
<div style="text-align: justify;">
Design for simplicity, users should feel no difference between their  own terminal application and the one included in <b>Faraday</b>. Developed with  a specialized set of functionalities that help users improve their own  work. Do you remember yourself programming without an IDE? Well, <b>Faraday</b>  does the same an IDE does for you when programming, but from the  perspective of a <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration test</a>.</div>
<div style="text-align: justify;">
<br />
<b>Requirement ::  </b></div>
<div style="text-align: justify;">
<a href="http://www.toolwar.com/search/label/Linux" target="_blank">Modern Linux</a> (Tested Debian / Ubuntu  * / <a href="http://www.toolwar.com/2013/09/kali-linux-toolwar.html" target="_blank">Kali</a> / <a href="http://www.toolwar.com/2013/09/backtrack-5-r3-distribution.html" target="_blank">Backtrack</a>)</div>
<ul style="text-align: justify;">
<li>Python 2.6.x and 2.7.x</li>
<li>Qt3</li>
<li>CouchDB >= 1.2.0<br />
</li>
<li>The following python libs:  <ul>
<li>mockito </li>
<li>couchdbkit </li>
<li>whoosh </li>
<li>argparse </li>
<li>psycopg2</li>
<li>IPy</li>
<li>requests</li>
</ul>
<h3>
</h3>
</li>
</ul>
<h3 style="text-align: justify;">
Tutorials :: </h3>
<div style="text-align: justify;">
<b>Installation :: </b> </div>
<div style="text-align: justify;">
Preferably, you can download faraday by cloning the Git repository:</div>
<div style="text-align: justify;">
<pre><code>$ git clone https://github.com/infobyte/faraday.git faraday-dev
$ cd faraday-dev
$ ./install
</code></pre>
</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Usage :: </b></div>
<div style="text-align: justify;">
To get started, simply execute faraday and use the new console to start working in the pentest: </div>
<div style="text-align: justify;">
<pre><code>$ ./faraday</code></pre>
<pre><code> </code></pre>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/EBz0g6ya7Mg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
</div>
<h3 style="text-align: justify;">
Download :: </h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="https://github.com/infobyte/faraday/archive/master.zip" target="_blank">Faraday</a> (tarball) <b>
</b></div>
<div style="text-align: justify;">
<b>Source Website :: </b><a href="https://github.com/infobyte/faraday">https://github.com/infobyte/faraday</a></div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://www.faradaysec.com/">http://www.faradaysec.com/</a></div>

FARADAY (Integrated Penetration Testing IDE) :: Framework

Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE . Designed for distrib...

SIPVicious (Auditing SIP Based VoIP System) :: Tools

<div style="text-align: justify;"><div class="separator" style="clear: both; text-align: center;"><img alt="SIP VoIP " border="0" height="324" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgs5pKQQ6VdyR7URrQT6nS1VVL0igxhRv5L4g9jfkKRkBLjfBegI6eKZANJ63AqMiWYIf8m2YEb8azNj4j9bwx-gCWo_jYM66n1k2GggJOHg0mLwLS0hJ7h7UWskxn3gWk6PAqEtxcvgABJ/s1600/SIP+VoIP.png" title="SIP VoIP " width="640" /></div><b>SVMAP</b> is a part of a suite of tools called <b>SIPVicious</b> and it’s my  favorite <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner</a> of choice It can be used to scan identify and fingerprint a single IP or a range  of IP addresses. <b>Svmap</b> allows specifying the request method which is being used for  scanning, the default method is OPTIONS, it offers debug and verbosity  options and even allows scanning the SRV records for SIP on the  destination domain. You can use the <b>./svmap –h</b> in order to view all the available arguments </div><div style="text-align: justify;"><b>SIPVicious suite</b> is a set of <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> that can be used to audit SIP based <a href="http://www.toolwar.com/search/label/VOIP" target="_blank">VoIP systems</a>.  It currently consists of four tools: </div><ul style="text-align: justify;"><li>svmap - this is a sip scanner. Lists SIP devices found on an IP range </li>
<li>svwar - identifies active extensions on a PBX </li>
<li>svcrack - an online password cracker for SIP PBX </li>
<li>svreport - manages sessions and exports reports to various formats </li>
<li>svcrash - attempts to stop unauthorized svwar and svcrack scans </li>
</ul><div style="text-align: justify;">It was tested on the following systems: </div><ul style="text-align: justify;"><li><a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux </a></li>
<li><a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X </a></li>
<li><a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows </a></li>
<li><a href="http://www.toolwar.com/search/label/FreeBSD" target="_blank">FreeBSD 6.2 </a></li>
<li>Jailbroken iPhone with python installed </li>
</ul><div style="text-align: justify;">If you use it on systems that are not mentioned here please let me know goes it goes. </div><h3 style="text-align: justify;">Tutorials ::</h3><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Zp_gzjV8l4c?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div><div style="text-align: justify;"></div><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/3a7xJeNQfOk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div><h3 style="text-align: justify;"> </h3><h3 style="text-align: justify;">Download ::</h3><div style="text-align: justify;"><b>Linux | Windows | Mac | FreeBSD :: </b><a href="http://sipvicious.googlecode.com/files/sipvicious-0.2.8.zip" target="_blank">SIPVicious v0.2.8</a> (.zip) | <a href="http://sipvicious.googlecode.com/files/sipvicious-0.2.8.tar.gz" target="_blank">SIPVicious v0.2.8</a> (.tar.gz)<b>
</b></div><div style="text-align: justify;"><b>Official Website :: </b> <a href="http://code.google.com/p/sipvicious/">http://code.google.com/p/sipvicious/</a></div>

SIPVicious (Auditing SIP Based VoIP System) :: Tools

SVMAP is a part of a suite of tools called SIPVicious and it’s my favorite scanner of choice It can be used to scan identify and fingerp...

SNMPCheck (SNMP Enumeration) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="SNMPCheck" border="0" height="316" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNQCGr22VHfWJI20ydnqXWT0FpVBP1u6mdLTIESgT_IN6QGduciK1QWIlWG0O__y2nvACefsDE1DFwXrHO973XbWbfbepc3FXB2bD_TX7jy6oZwLrfRXAkd_PCKf9C_28TD-klFE3QJk_P/s1600/SNMPCheck.jpg" title="SNMPCheck" width="400" /></div>
<b>SNMPCheck</b> allows you to <b>enumerate the SNMP</b> devices and places the  output in a very human readable friendly format. It could be useful for  <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a> or <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">systems monitoring</a>. Distributed under GPL license  and based on "Athena-2k" script by jshaw.</div>
<h3 style="text-align: justify;">
Features :: </h3>
<div style="text-align: justify;">
SNMPCheck supports the following enumerations:</div>
<ul style="text-align: justify;">
<li>    contact</li>
<li>description</li>
<li> detect write access (separate action by enumeration)|</li>
<li> devices</li>
<li> domain</li>
<li> hardware and storage informations</li>
<li> hostname</li>
<li> IIS statistics</li>
<li> IP forwarding</li>
<li> listening UDP ports</li>
<li> location</li>
<li> motd</li>
<li> mountpoints</li>
<li> network interfaces</li>
<li> network services</li>
<li> processes</li>
<li> routing information</li>
<li> software components</li>
<li> system uptime</li>
<li> TCP connections</li>
<li> total memory</li>
<li> uptime</li>
<li> user accounts</li>
</ul>
<h3>
Tutorials ::</h3>
<b>Report Examples :: </b><a href="http://www.nothink.org/codes/snmpcheck/report_windows_xp.txt" target="_blank">Windows XP</a> | <a href="http://www.nothink.org/codes/snmpcheck/report_linux_ubuntu.txt" target="_blank">Linux Ubuntu</a><b><br /></b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/RIVV4--m4dU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
Download ::</h3>
<b>Perl Script :: </b><a href="http://www.nothink.org/codes/snmpcheck/snmpcheck-1.8.pl" target="_blank">SNMPCheck</a> (.pl)
<b> </b><br />
<b>Official Website ::</b> <a href="http://www.nothink.org/codes/snmpcheck/">http://www.nothink.org/codes/snmpcheck/</a>
<br />
<div class="alert alert-success" style="text-align: justify;">
</div>

SNMPCheck (SNMP Enumeration) :: Tools

SNMPCheck allows you to enumerate the SNMP devices and places the output in a very human readable friendly format. It could be useful ...

Maligno (Penetration Testing) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7dM_W5x1h5uszgk0spEosIclT4KmaGO2uPukBWl2ETl36hFooZ0Eb50A3PfpPjjzUqZ2HTI5NHF-L7q4sAxnRD14MGiXgvHkHLi_zCKB5hs8jd0TiUAyaYrsEJ5M4nq67pzu47VcLwRET/s1600/PenTest_Image.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="maligno image" border="0" height="307" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7dM_W5x1h5uszgk0spEosIclT4KmaGO2uPukBWl2ETl36hFooZ0Eb50A3PfpPjjzUqZ2HTI5NHF-L7q4sAxnRD14MGiXgvHkHLi_zCKB5hs8jd0TiUAyaYrsEJ5M4nq67pzu47VcLwRET/s1600/PenTest_Image.png" title="maligno image" width="400" /></a></div>
<div style="text-align: justify;">
<b>Maligno</b> is an open source <b>penetration testing tool</b> written in python, 
that serves <a href="http://www.toolwar.com/2013/09/metasploit-framework.html" target="_blank">Metasploit</a> payloads. It generates shellcode with msfvenom 
and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES
 and encoded with Base64 prior to transmission.</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://www.encripto.no/tools/maligno-1.0.tar.gz" target="_blank">Maligno v1.0</a> (.tar.gz)</div>
<div style="text-align: justify;">
<b>Official Website :: </b> <a href="http://www.encripto.no/tools/">http://www.encripto.no/tools/</a></div>

Maligno (Penetration Testing) :: Tools

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with ms...

Immunity Canvas (Vulnerability Exploitation) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqwXRB2JW_wTRBZeFsPrNZqP7KK7Xyn3JC7nG4SvaFbLePxH0hRCMjN9Qmahzts9eQvlEvfqI-ZtbOgvXHS6d2EBgXNSHvEgPXs_l3QYQyy_cg2IrSmwwJThp4ddWSXS5oV4GoJEOJbLUo/s1600/img-canvas.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Immunity Canvas" border="0" height="171" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqwXRB2JW_wTRBZeFsPrNZqP7KK7Xyn3JC7nG4SvaFbLePxH0hRCMjN9Qmahzts9eQvlEvfqI-ZtbOgvXHS6d2EBgXNSHvEgPXs_l3QYQyy_cg2IrSmwwJThp4ddWSXS5oV4GoJEOJbLUo/s1600/img-canvas.gif" title="Immunity Canvas" width="400" /></a></div>
<b>Immunity Canvas</b> is a commercial <b>vulnerability exploitation tool </b>from Dave Aitel's ImmunitySec. It includes more than 370 exploits and is less expensive than Core Impact or the commercial versions of <a href="http://www.toolwar.com/2013/09/metasploit-framework.html" target="_blank">Metasploit</a>.  It comes with full source code, and occasionally even includes zero-day exploits.<b> </b><br />
<b>Immunity's CANVAS</b> makes available hundreds of exploits, an automated <a href="http://www.toolwar.com/search/label/Exploitation" target="_blank">exploitation</a> system, and a comprehensive, reliable exploit development framework to <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration</a> testers and <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> professionals worldwide. To see CANVAS in action please see our  movies. For users new to CANVAS or experienced users looking to get just a little more out of CANVAS we have <a href="http://www.toolwar.com/search/label/PDF" target="_blank">PDF</a> based tutorials available for download.</div>
<div style="text-align: justify;">
  </div>
<div style="text-align: justify;">
<b>Supported Platforms and Installations</b><br />
- <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (requires Python & PyGTK)<br />
- <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a><br />
- <a href="http://www.toolwar.com/search/label/Mac" target="_blank">MacOSX</a> (requires PyGTK)<br />
- All other <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> environments such as mobile phones and commercial Unixes (command line version only supported, GUI may also be available)</div>
<div style="text-align: justify;">
<b>Architecture</b><br />
- CANVAS' completely open design allows a team to adapt CANVAS to their environment and needs.  </div>
<div style="text-align: justify;">
<b>Documentation</b><br />
- all documentation is delivered in the form of demonstration movies<br />
- exploit modules have additional information windows</div>
<div style="text-align: justify;">
<b> Exploits</b><br />
- currently over 490 exploits, an average of 4 exploits added every monthly release<br />
- Immunity carefully selects vulnerabilities for inclusion as CANVAS exploits. Top priorities are high-value vulnerabilities such as remote, pre-authentication, and new vulnerabilities in mainstream software.<br />
- Exploits span all common platforms and applications</div>
<div style="text-align: justify;">
<b> Payload Options</b><br />
- to provide maximum reliability, exploits always attempt to reuse socket<br />
- if socket reuse is not suitable, connect-back is used<br />
- subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions (file management, screenshots, etc)<br />
- bouncing and split-bouncing automatically available via MOSDEF<br />
- adjustable covertness level</div>
<div style="text-align: justify;">
<b> Exploit Delivery</b><br />
- regular monthly updates made available via <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a><br />
- exploit modules and CANVAS engine are updated simultaneously<br />
- customers reminded of monthly updates via email</div>
<div style="text-align: justify;">
<b> Exploit Creation Time</b><br />
- exploits included in next release as soon as they are stable</div>
<div style="text-align: justify;">
<b> Effectiveness of Exploits</b><br />
- all exploits fully QA'd prior to release<br />
- exploits demonstrated via flash movies<br />
- exploit development team available via direct email for support</div>
<div style="text-align: justify;">
<b> Ability to make Custom Exploits</b><br />
- unique MOSDEF development environment allows rapid exploit development</div>
<div style="text-align: justify;">
<b> Product Support and Maintenance</b><br />
- subscriptions include email and phone support M-F 9am - 5pm EST, directly with development team<br />
- minimum monthly updates</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<h3>
Tutorials ::</h3>
<ol>
<li><a href="http://www.immunitysec.com/documentation/tutorials/Windows_Install.pdf">Detailed Windows Installation Instructions</a></li>
<li><a href="http://www.immunitysec.com/documentation/tutorials/canvas101-part1.pdf">CANVAS 101 (Part 1)</a></li>
<li><a href="http://www.immunitysec.com/documentation/tutorials/canvas101-part2.pdf">CANVAS 101 (Part 2)</a></li>
<li><a href="http://www.immunitysec.com/documentation/tutorials/HCN-Part1.pdf">HCN Rootkit (Part 1)</a></li>
<li><a href="http://www.immunitysec.com/documentation/tutorials/ties-that-binder-dot-py.pdf">The Ties That Binder.py</a></li>
</ol>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/FAz-Bek4RfU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<ol></ol>
</div>
<div style="text-align: justify;">
<h3>
Download ::</h3>
</div>
<div style="text-align: justify;">
<b>Linux | Mac | Windows :: Contact Here ::</b> sales@immunityinc.com
<b> </b><br />
<b>Official Website ::</b> <a href="https://www.immunitysec.com/products-canvas.shtml">https://www.immunitysec.com/products-canvas.shtml</a></div>

Immunity Canvas (Vulnerability Exploitation) :: Tools

Immunity Canvas is a commercial vulnerability exploitation tool from Dave Aitel's ImmunitySec. It includes more than 370 exploits an...

GoLismero (The Web Knife) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJYxDNAmrpLOxGHjpb6huddkmpfTYX3pDCUkzAP5ZvTN4YHVhKeSoNVz0mP3edsRRLaggj3y4jcannl6jCd928BDdVuz0XMqsJrc4uaybV2Vo1azKfWDoSHkN3sWgH2iEF7wp3DJ79MdTj/s1600/Golismero+WIndows+Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Golismero " border="0" height="380" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJYxDNAmrpLOxGHjpb6huddkmpfTYX3pDCUkzAP5ZvTN4YHVhKeSoNVz0mP3edsRRLaggj3y4jcannl6jCd928BDdVuz0XMqsJrc4uaybV2Vo1azKfWDoSHkN3sWgH2iEF7wp3DJ79MdTj/s1600/Golismero+WIndows+Screenshot.png" title="Golismero " width="640" /></a></div>
<div style="text-align: justify;">
<b>GoLismero</b> is an open source framework for <a href="http://www.toolwar.com/search/label/Security" target="_blank"><b>security testing</b></a>. It's 
currently geared towards <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> security, but it can easily be expanded to 
other kinds of scans.</div>
<div style="text-align: justify;">
The most interesting features of the <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> are:</div>
<ul style="text-align: justify;">
<li>Real platform independence. Tested on <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, *BSD and <a href="http://www.toolwar.com/search/label/Mac" target="_blank">OS X</a>.</li>
<li>No native library dependencies. All of the framework has been written in pure Python.</li>
<li>Good performance when compared with other frameworks written in Python and other scripting languages.</li>
<li>Very easy to use.</li>
<li>Plugin development is extremely simple.</li>
<li>The framework also collects and unifies the results of well known tools: <a href="http://www.toolwar.com/2013/09/sqlmap-tools.html" target="_blank">sqlmap</a>, xsser, <a href="http://www.toolwar.com/2013/09/openvas-is-advanced-open-source.html" target="_blank">openvas</a>, <a href="http://www.toolwar.com/2013/10/dnsrecon-tools.html" target="_blank">dnsrecon</a>, <a href="http://www.toolwar.com/2013/09/theharvester-tools.html" target="_blank">theharvester</a>...</li>
<li>Integration with standards: CWE, CVE and OWASP.</li>
<li>Designed for cluster deployment in mind (not available yet).</li>
</ul>
<h3>
Tutorials ::</h3>
<b>Installation :: </b> <br />
Strictly speaking, GoLismero doesn't require installation - only its 
dependencies do. So if you want to use it on a system where you don't 
have root privileges, you can ask the system administrator to install 
them for you, and just run the "git checkout" command on your home 
folder.<br />
<b>Briefly Tutorial of Installation :: </b> <a href="https://github.com/golismero/golismero">Click Here</a><br />
<b>Basic Usages ::</b> <a href="https://github.com/golismero/golismero" target="_blank">Click Here</a><br />
<h3>
Download ::</h3>
<b>Linux | Mac | Windows :: </b><a href="https://github.com/golismero/golismero/archive/master.zip" target="_blank">GoLismero Archive</a> (.zip)<b> </b><br />
<b>Official Website :: </b><a href="https://github.com/golismero/golismero" target="_blank">https://github.com/golismero/golismero</a>

GoLismero (The Web Knife) :: Framework

GoLismero is an open source framework for security testing . It's currently geared towards web security, but it can easily be expa...

SAINT 8 (Security Auditing Suite) :: Framework

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="SAINT LOGO" border="0" height="107" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA7ITNbIsTcKUwW4ShEmmGIi_tc3r93_yUAm8uaCmmHsBBhYfr3EemJ8Cqkmicl1Fhpd9D3UxPy_DS7kuqAJEVvVADbttEn7PYmcWl3xA3gQEQWKeMojScYzNb7yO1L08sAs_4K6kEYXHm/s1600/SAINT.jpg" title="SAINT LOGO" width="200" /></div>
<b>SAINT 8</b> is a <b>fully-integrated security tool suite</b> that combines <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability scanning</a>, with <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a>, social engineering 
tools and configuration assessments. Use the combined power of these 
tools to identify vulnerabilities on <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> devices, operating systems,
 desktop applications, <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web applications</a>, databases, and more; run 
packaged penetration tests through pre-configured policies, run 
vulnerability-specific exploits for target-directed investigation; 
execute social engineering through packaged exploit Tools; and execute 
platform-specific configuration auditing, using NIST’s SCAP standards 
and protocols.  <b>SAINT 8 </b>then provides a robust set of <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> and 
reporting features to perform ad hoc analytics, view strategic level 
results across 1 or many assessments, and then build reports from 
pre-defined templates, compliance reports or build your own custom 
reports from over 150 customizable settings. <b>SAINT's</b> current repository 
includes over 4,200 <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> checks and 900+ exploits - which span 
over 48,000 Common Vulnerability Exposures (CVEs), plus numerous 
vulnerabilities that do not currently have a CVE assigned. Vulnerability
 checks and exploit development is a daily activity, that includes 
delivery of new checks twice a week, through an automated plug-in. This 
agentless scanning solution can be delivered via a cloud-based version <b>
(WebSAINT Pro 8)</b>, deployed standalone, shared as a server-based 
solution, or as a multi-<a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner</a> architecture for large enterprise or 
load balanced scanning.</div>
<br />
<h3>
Tutorials ::</h3>
<b>Video Tutorial :: </b><a href="http://www.youtube.com/watch?v=ibW6gLNYrf8" target="_blank">Click Here </a><br />
<b>Exploit Tools List :: </b><a href="http://www.saintcorporation.com/solutions/exploitTools.html" target="_blank">Click Here</a><b></b><br />
<br />
<h3>
Download :: </h3>
<b>Windows :: </b><a href="https://www.saintcorporation.com/resources/requestEvaluation.html" target="_blank">Request a Evaluation Copy</a><b> </b><br />
<b>Official Website :: </b><a href="https://www.saintcorporation.com/products/SAINT8.html">https://www.saintcorporation.com/products/SAINT8.html</a><br />
<b>Submitted By :: </b>SAINT Corporation <br />
<div style="text-align: justify;">
<br /></div>

SAINT 8 (Security Auditing Suite) :: Framework

SAINT 8 is a fully-integrated security tool suite that combines vulnerability scanning , with penetration testing , social engineering ...

FTester (Testing Firewall Filtering Policies and IDS Capabilities) :: Tools

<div style="text-align: justify;">
<div class="section">
      <div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2h4CgTrZX0VYiu63TmUAtbc4QAObotOLBVPALrQnQ8EFD3Xii02746KHPmYlcOy05O2996O4ZQkhmZ02DFzrpgLuSLR8wzAHvdVCdJO_f9rD6xOK9IV7pzIgiROpp2C_RJvsLGF0IkuR7/s1600/FTester+Screenshot.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="FTester Screenshot" border="0" height="267" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2h4CgTrZX0VYiu63TmUAtbc4QAObotOLBVPALrQnQ8EFD3Xii02746KHPmYlcOy05O2996O4ZQkhmZ02DFzrpgLuSLR8wzAHvdVCdJO_f9rD6xOK9IV7pzIgiROpp2C_RJvsLGF0IkuR7/s1600/FTester+Screenshot.JPG" title="FTester Screenshot" width="400" /></a></div>
The <b>Firewall Tester (FTester)</b> is a tool designed for <b>testing firewall
      filtering policies and Intrusion Detection System (IDS) capabilities.</b><br />

The tool consists of two perl scripts, a <span id="goog_1392660018"></span><a href="http://www.toolwar.com/search/label/Packet">packet injector<span id="goog_1392660019"></span></a> (ftest) and a
      listening <a href="http://www.toolwar.com/search/label/Sniffer">sniffer</a> (ftestd). The first script injects custom packets, defined
      in ftest.conf, with a signature in the data part while the sniffer listens for
      such marked packets. The scripts both write a log file which is in the same
      form for both scripts. A comparison of the two produced log files (ftest.log and ftestd.log)
      outlines the packets that were unable to reach the sniffer due to filtering rules
      if these two scripts are ran on hosts placed on two different sides of a
      <a href="http://www.toolwar.com/search/label/IDS">firewall</a>. Stateful inspection firewalls are handled with the 'connection
      spoofing' option. A script called freport is also available to automatically
      parse the log files.<br />

Using the tool is not a completely automated process, ftest.conf must
      be crafted for every different situation. Examples and rules are included in
      the attached configuration file.<br />

The <a href="http://www.toolwar.com/search/label/IDS">IDS (Intrusion Detection System)</a> testing feature can be used
      either with ftest only or with the additional support of ftestd for handling
      stateful inspection IDS, ftest can also use common IDS evasion techniques. The
      script can also process snort rule definition files.<br />

<h3>
Features:</h3>
<ul>
<li>firewall testing</li>
<li>IDS testing</li>
<li>simulation of real tcp connections for stateful inspection firewalls and IDS</li>
<li>TCP connection spoofing</li>
<li>IP fragmentation / TCP segmentation</li>
<li>IDS evasion techniques</li>
</ul>
<b>NOTE</b>: this tool is now outdated and is presented here for historical
      reasons, a complete rewrite with new features and IPv6 support is scheduled for
      sometime in the future.<br />

</div>
</div>
<div style="text-align: justify;">
<br />
<h3>
Tutorials ::</h3>
<b>Installation ::</b><br />

<div class="MsoNormal">
FTester components are PERL scripts. They can be executed on
any platform with a recent version of PERL. Three perl modules -<span style="mso-spacerun: yes;">Ý </span>Net::RawIP, Net::PcapUtils, and NetPacket ñ
are also required. These can be downloaded at the Comprehensive Perl Archive
Network (<a href="http://www.cpan.org/" target="_new">CPAN</a>), and<span style="color: red;"> </span>you
can install them using the CPAN shell. </div>
<div class="MsoNormal">
Installation is quite simple. <span style="font-family: Courier;">Untar</span>
the latest archive. Everything you need will be decompressed along with an
example configuration file, documentation and a script called <span style="font-family: Courier;">freport</span> for comparing <span style="font-family: Courier;">ftest</span> and <span style="font-family: Courier;">ftestd</span>
log files. Before using the package I recommend to read and fully understand
all documentation.</div>
<b>ManPage ::</b> <a href="http://www.inversepath.com/ftester_man.html" target="_blank">Click Here</a><br />
<b>Documentation :: </b><a href="http://dev.inversepath.com/ftester/README" target="_blank">Click Here</a><br />
<b>Published Paper ::</b> <a href="http://www.tisc-insight.com/newsletters/56.html" target="_blank">Click Here</a></div>
<div style="text-align: justify;">
<h3>
Download ::</h3>
</div>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://dev.inversepath.com/ftester/ftester-latest.tar.gz" target="_blank">FTester-Latest</a> (.tar.gz)<b><br /></b></div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.inversepath.com/ftester.html" target="_blank">http://www.inversepath.com/ftester.html</a></div>

FTester (Testing Firewall Filtering Policies and IDS Capabilities) :: Tools

The Firewall Tester (FTester) is a tool designed for testing firewall filtering policies and Intrusion Detection System (ID...

SARA (Security Auditor's Research Assistant) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="SARA - Security Auditor's Research Assistant" border="0" height="328" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTrFtEfewv2qJbhJrO35NMjPReB75buAjazNxPAGzn_8ewu8Kl2MR6bqR7jOcWgPl2nauo85Ttm13awIkk-HKsG3RzQwwaqJLguI0HYkFQBNeOqERU6aVXWY7Iloxk6dJPbufNj51Rz3NM/s1600/network-security-tips.jpg" title="SARA - Security Auditor's Research Assistant" width="640" /></div>
<div style="text-align: justify;">
The <b>Security Auditor's Research Assistant (SARA)</b> is a third generation <b>network security analysis tool</b> that that has been available and actively updated for over 10 years. Sadly, all good things have to come to an end and so it goes for SARA. <b>SARA 7.9.1</b> is our last release.(1 May 2009) Actually, SARA-7.9.2a is the final release (1 August 2009).<br /><br />SARA:</div>
<ol style="text-align: justify;">
<li>    Operates under Unix, <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, <a href="http://www.toolwar.com/search/label/Mac" target="_blank">MAC OS/X</a> or <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (through coLinux) OS'.</li>
<li>    Integrates the National Vulnerability Database (NVD).</li>
<li>    Performs SQL injection tests.</li>
<li>    Performs exhaustive XSS tests</li>
<li>    Can adapt to many firewalled environments.</li>
<li>    Support remote self scan and API facilities.</li>
<li>    Used for CIS benchmark initiatives</li>
<li>    Plug-in facility for third party apps</li>
<li>    CVE standards support</li>
<li>    Enterprise search module</li>
<li>    Standalone or daemon mode</li>
<li>    Free-use open SATAN oriented license</li>
</ol>
<div style="text-align: justify;">
The first generation assistant, the Security Administrator's Tool for Analyzing <a href="http://www.toolwar.com/search/label/Network" target="_blank">Networks</a> (SATAN) was developed in early 1995. It became the benchmark for <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">network security analysis</a> for several years. However, few updates were provided and the tool slowly became obsolete in the growing threat environment. <br /><br /><h3>
Tutorials ::</h3>
<b><span style="font-size: small;">Installation ::</span></b> <span style="font-weight: normal;"><a href="http://www-arc.com/sara/cosara/index.shtml" target="_blank">Click Here</a></span><br />
<h3>
Download ::</h3>
<b>Windows :: </b><a href="http://www-arc.com/sara/downloads/cosara/cosara-7.4.1.exe" target="_blank">coSARA v7.4.1</a> (.exe)<b><br />Linux :: </b><a href="http://www-arc.com/sara/downloads/sara-7.9.2a.tgz" target="_blank">SARA v7.9.2a</a> (.tar.gz)<b><br />Official Website :: </b><a href="http://www-arc.com/sara/">http://www-arc.com/sara/</a><br /><br /></div>

SARA (Security Auditor's Research Assistant) :: Tools

The Security Auditor's Research Assistant (SARA) is a third generation network security analysis tool that that has been available ...

Subscribe to: Posts ( Atom )