ToolWar | Information Security (InfoSec) Tools: Python

WebSlayer (Brute Forcing Web Applications) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB-Km_jr9rLE0PT8dWcX5nBk3Vg169tYvpjuYXyHIlJIjQjQiVszr8nD96mwiNPVRW85LZcoW5X_mMyw2crhTWikoBQ8v4OiWpaaZvhMCSAk5UzTLY5r67QXW9yjWBoUkY_WEAQKAphe81/s1600/webslayer-1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="OWASP WebSlayer :: ToolWar" border="0" height="318" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB-Km_jr9rLE0PT8dWcX5nBk3Vg169tYvpjuYXyHIlJIjQjQiVszr8nD96mwiNPVRW85LZcoW5X_mMyw2crhTWikoBQ8v4OiWpaaZvhMCSAk5UzTLY5r67QXW9yjWBoUkY_WEAQKAphe81/s1600/webslayer-1.png" title="OWASP WebSlayer :: ToolWar" width="400" /></a></div>
<div style="text-align: justify;">
<b>WebSlayer</b> is a tool designed for brute forcing Web  Applications, it can be used for finding  resources not linked  (directories, servlets, scripts,files, etc), brute force GET and POST  parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc.  The tools has a payload generator and an easy and powerful results  analyzer. </div>
<div style="text-align: justify;">
You can perform attacks like: </div>
<ul style="text-align: justify;">
<li>Predictable resource locator, recursion supported (Discovery) </li>
</ul>
<ul style="text-align: justify;">
<li>Login forms brute force </li>
</ul>
<ul style="text-align: justify;">
<li>Session brute force </li>
</ul>
<ul style="text-align: justify;">
<li>Parameter brute force </li>
</ul>
<ul style="text-align: justify;">
<li>Parameter fuzzing  and injection (XSS, SQL) </li>
</ul>
<ul style="text-align: justify;">
<li>Basic and Ntml authentication brute forcing </li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Ce413RcYuGI?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
</div>
<br />
<b>Download Here ::</b> 
<a href="https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/webslayer/WebSlayer-Beta.msi" target="_blank">WebSlayer Beta</a><b><br /></b><br />
<b>Official Website :: </b>http://www.edge-security.com/webslayer.php </div>

WebSlayer (Brute Forcing Web Applications) :: Tools

WebSlayer is a tool designed for brute forcing Web Applications, it can be used for finding resources not linked (directories, servl...

Sublist3r - Subdomain Enumeration / Scanner : Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX9xrud6fayQX7f2OmbYU-qjmsBfi35Y0IOMLeMSt1J-XnREvEI3TP99ySPRbENncML8CtP-8Nj8ppzVMR1nkfJWP_4ACocVhp1ZkHhCTFlQlNxlDPkC0htQNyVAN8KELdRTWwRfydGVt3/s1600/Sublist3r.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Sublist3r - Subdomain Enumeration" border="0" data-original-height="413" data-original-width="867" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX9xrud6fayQX7f2OmbYU-qjmsBfi35Y0IOMLeMSt1J-XnREvEI3TP99ySPRbENncML8CtP-8Nj8ppzVMR1nkfJWP_4ACocVhp1ZkHhCTFlQlNxlDPkC0htQNyVAN8KELdRTWwRfydGVt3/s400/Sublist3r.JPG" title="Sublist3r - Subdomain Scanner" width="400" /></a></div>
<div style="text-align: justify;">
Sublist3r is a python tool designed to enumerate subdomains of websites 
using OSINT. It helps penetration testers and bug hunters collect and 
gather subdomains for the domain they are targeting. Sublist3r 
enumerates subdomains using many search engines such as Google, Yahoo, 
Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using 
Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS.</div>
<div style="text-align: justify;">
<br /></div>
<h2 style="text-align: justify;">
<span style="font-size: large;">Installation:</span></h2>
<blockquote class="tr_bq">
<pre><code>git clone https://github.com/aboul3la/Sublist3r.git</code></pre>
</blockquote>
<b><span style="font-size: small;">Dependencies:</span></b><br />
<blockquote class="tr_bq">
<pre><code>sudo pip install -r requirements.txt</code></pre>
</blockquote>
<b><span style="font-size: small;">How To Use:</span></b> <br />
<blockquote class="tr_bq">
<span style="font-size: large;"> </span><code>python sublist3r.py -v -d example.com</code></blockquote>
where -V : Verbose, -d : Domain<br />
<br />
<h3>
<b>Download:: </b> </h3>
Linux & Windows : <a href="https://github.com/aboul3la/Sublist3r" rel="nofollow" target="_blank">Sublis3r (Official Page)</a>

Sublist3r - Subdomain Enumeration / Scanner : Tools

Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collec...

Katana (Penetration Testing) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhw1qTlDYqNtKvMj9NxyH9Z1j3SfWPp0LHjUlIvAoh3fymYv3sUWHQ5obhS3z3ZjfPDr8j-FcvHs27sgD2ea_KOxRs-iXdsa31FWYMOA5E8hajACfsjq2Q23aDoRo334OJnAsTMUjM7Cfo_/s1600/Katana+Framework.png" imageanchor="1"><img alt="Download Katana Framework For Penetration Testing" border="0" height="130" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhw1qTlDYqNtKvMj9NxyH9Z1j3SfWPp0LHjUlIvAoh3fymYv3sUWHQ5obhS3z3ZjfPDr8j-FcvHs27sgD2ea_KOxRs-iXdsa31FWYMOA5E8hajACfsjq2Q23aDoRo334OJnAsTMUjM7Cfo_/s400/Katana+Framework.png" title="Katana Framework" width="400" /></a></div>
<div style="text-align: justify;">
<b>Katana</b> is a framework written in <b>python</b> for making penetration testing,  based on a simple and comprehensive structure for anyone to use, modify  and share, the goal is to unify tools serve for professional when making  a penetration test or simply as a routine tool, The current version is  not completely stable, is recommended update ever that you use it.</div>
<h3>
<b>Installation::</b></h3>
Installation of Katana framework: is necesary install all dependencies for a good performance. <br />
<blockquote class="tr_bq">
<pre><i>git clone https://github.com/PowerScript/KatanaFramework.git
cd KatanaFramework
sudo sh dependencies
sudo python install
</i></pre>
<div style="text-align: justify;">
<br /></div>
</blockquote>
<b>How to Use:: </b><a href="https://github.com/PowerScript/KatanaFramework/wiki/How-to-use" rel="nofollow" target="_blank">Click Here</a> <br />
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Video Tutorial: </b></div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/B0QsDwYTrnI/0.jpg" frameborder="0" height="330px" src="https://www.youtube.com/embed/B0QsDwYTrnI?feature=player_embedded" width="100%"></iframe></div>
<div style="text-align: justify;">
<h3>
<b>Download:</b></h3>
<b>Linux:  </b><a href="https://github.com/PowerScript/KatanaFramework" rel="nofollow" target="_blank">Katana Framework</a><br />
<br />
<b>Submitted By: </b>RedToor</div>

Katana (Penetration Testing) :: Framework

Katana is a framework written in python for making penetration testing, based on a simple and comprehensive structure for anyone to us...

XSSYA v2.0 (Cross Site Scripting Vulnerability Confirmation) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="XSSYA" border="0" height="331" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNyLNtuNpGkSYVXv-zl0SWTmpu-N6hsMjZKUMWHY9Yr3-POS5ttLGClLCyeE9UKcizHkGBuH-983P6_jdBjo6CSewy_F_t5UcNwzj63_46CmPuWVQDysRaMutNYvz6cp9a2otmjHFyIcjA/s1600/XSSYA+Screenshot.png" title="XSSYA Screenshot" width="640" /></div>
<br />
<div style="text-align: justify;">
<b>XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation)</b> written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a> scripting language confirm the <a href="http://www.toolwar.com/search/label/XSS" target="_blank">XSS Vulnerability</a> in two method first work by execute the payload encoded to bypass <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> Application Firewall which is the first method  request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie. </div>
<br />
<h3>
Key Features:</h3>
<ul>
<li>Support HTTPS</li>
<li>After Confirmation (execute payload to get cookies)</li>
<li>Can be run in (Windows - Linux)</li>
<li>Identify 3 types of WAF (Mod_Security - WebKnight - F5 BIG IP)</li>
<li>XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)</li>
<li>Support Saving The Web HTML Code Before Executing</li>
<li>the Payload Viewing the Web HTML Code into the Screen or Terminal</li>
</ul>
<h3>
What's New: </h3>
(XSSYA v 2.0 has more payloads; library contains 41 payloads to enhance detection level XSS scanner is now removed from XSSYA to reduce false positive. URLs to be tested used to not allow any character at the end of the URL except (/ - = -?) but now this limitation has been removed.<br />
<br />
<div style="text-align: justify;">
Custom Payload 1 – You have the ability to Choose your Custom Payload Ex: and you can encode your custom payload with different types of encodings like (B64 – HEX – URL_Encode –- HEX with Semi Columns). (HTML Entities à Single & Double Quote only - brackets – And – or Encode all payload with HTML Entities) This feature will support also XSS vulnerability confirmation method which is you choose you custom payload and custom Encoding execute if response 200 check for same payload decoded in HTM code page. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
HTML5 Payloads XSYSA V2.0 contains a library of 44 HTLM5 payloads XSSYA have a Library for the most vulnerable application with XSS – Cross site scripting and this library counting (Apache – WordPress – PHPmy Admin) If you choose application it give the CVE Number version of Apache which is affected and the link for CVE for more details so it will be easy to search for certain version that is affected with XSS. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
XSSYA has the feature to convert the IP address of the attacker to (Hex, Dword, Octal) to bypass any security mechanism or IPS that will be exist on the target Domain. XSSYA check is the target is Vulnerable to XST (Cross Site Trace) which it sends custom Trace Request and check if the target domain is Vulnerable the request will be like this: </div>
<br />TRACE / HTTP/1.0 <br />Host: demo.testfire.net <br />Header1: < script >alert(document.cookie);<br />
<h3>
Tutorials:</h3>
<b>User Guide:</b> <a href="http://labs.dts-solution.com/xssya-forget-the-browser-for-xss-by-yehia-mamdouh/" target="_blank">Click Here</a><br />
<h3>
Download:</h3>
<b>Python: </b><a href="https://github.com/yehia-mamdouh/XSSYA-V-2.0/archive/master.zip" target="_blank">XSSYA v2.0</a>

XSSYA v2.0 (Cross Site Scripting Vulnerability Confirmation) :: Tools

XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation) written in python scripting language confirm the XSS Vulnerabili...

NoGoToFail :: Network Traffic Security Testing Tool

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrZyKNhyphenhyphenNN1-cYypGXqoLUErO5y7F-od5ou1fO4m9ViAXljsDDnINyDGBvdk1SGRfYbZnVDNBvg_-b7pOI4JTOSKEGfSxfYai6pY0-f5hP_4TTJuvyLdgBbo3Ef4pUS5ylCqFhZZx2SvwW/s1600/NoGotofail+toolwar.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="272" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrZyKNhyphenhyphenNN1-cYypGXqoLUErO5y7F-od5ou1fO4m9ViAXljsDDnINyDGBvdk1SGRfYbZnVDNBvg_-b7pOI4JTOSKEGfSxfYai6pY0-f5hP_4TTJuvyLdgBbo3Ef4pUS5ylCqFhZZx2SvwW/s1600/NoGotofail+toolwar.jpg" width="640" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Nogotofail</b> is a <b>network security testing tool</b> designed to help developers and
<a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> researchers spot and fix weak TLS/SSL connections and sensitive
cleartext traffic on devices and applications in a flexible, scalable, powerful way.
It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL
library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.</div>
<div style="text-align: justify;">
<b>Google</b> is committed to increasing the use of TLS/SSL in all applications and services. But “HTTPS everywhere” is not enough; it also needs to be used correctly. Most platforms and devices have secure defaults, but some applications and libraries override the defaults for the worse, and in some instances we’ve seen platforms make mistakes as well. As applications get more complex, connect to more services, and use more third party libraries, it becomes easier to introduce these types of mistakes.<br />The Android Security Team has built a tool, called <b>nogotofail</b>, that provides an easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations. <b>Nogotofail</b> works for <a href="http://www.toolwar.com/search/label/Android" target="_blank">Android</a>, iOS, <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, Chrome OS, OSX, in fact any device you use to connect to the Internet. There’s an easy-to-use client to configure the settings and get notifications on Android and Linux, as well as the attack engine itself which can be deployed as a router, VPN server, or proxy.<br />We’ve been using this tool ourselves for some time and have worked with many developers to improve the security of their apps. But we want the use of TLS/SSL to advance as quickly as possible. Today, we’re releasing it as an open source project, so anyone can test their applications, contribute new features, provide support for more platforms, and help improve the security of the Internet.</div>
<h3 style="text-align: justify;">
<b>Download ::</b></h3>
<div style="text-align: justify;">
<b>Python:</b> <a href="https://github.com/google/nogotofail/archive/dev.zip" target="_blank">nogotofail</a> (Github)</div>
<div style="text-align: justify;">
<b>Official Website:</b> https://github.com/google/nogotofail</div>

NoGoToFail :: Network Traffic Security Testing Tool

Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connect...

PeePDF (PDF Analysis, Forensics, Creation and Modification) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdfssXOHi8T0g4PNVG2niVEqC8bGVS2bQv8_wc0aLv8WDhBJ6Qf4HmwrkQoJlcQQtkcpLkUrvaJT9SEivG30mCR9_7y4Shf87TpVzinYYtGUbSzmXiSqszzlHsUI0d9T1VuVnq7P5KubfM/s1600/PeePDF.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="PeePDF Analysis" border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdfssXOHi8T0g4PNVG2niVEqC8bGVS2bQv8_wc0aLv8WDhBJ6Qf4HmwrkQoJlcQQtkcpLkUrvaJT9SEivG30mCR9_7y4Shf87TpVzinYYtGUbSzmXiSqszzlHsUI0d9T1VuVnq7P5KubfM/s1600/PeePDF.jpg" title="PeePDF Analysis" width="400" /></a></div>
<b>PeePDF</b> is a <b>Python tool to explore PDF files</b> in  order to find out if the file can be harmful or not. The aim of this <a href="http://www.toolwar.com/search/label/Tools" target="_blank"> tool</a> is to provide all the necessary components that a <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a>  researcher could need in a <a href="http://www.toolwar.com/search/label/PDF" target="_blank">PDF analysis</a> without using 3 or 4 tools to  make all the tasks. With peepdf it's possible to see all the objects in  the document showing the suspicious elements, supports all the most used  filters and encodings, it can parse different versions of a file,  object streams and encrypted files. With the installation of PyV8 and Pylibemu it provides <b>Javascript and shellcode <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a></b> wrappers too. Apart of this it's able to create new PDF files and to modify/obfuscate existent ones. </div>
<div style="text-align: justify;">
<br />
The main functionalities of peepdf are the following: </div>
<div style="text-align: justify;">
<h3>
<b> Analysis: </b></h3>
</div>
<ul style="text-align: justify;">
<li> Decodings: hexadecimal, octal, name objects </li>
<li> More used filters </li>
<li> References in objects and where an object is referenced </li>
<li> Strings search (including streams) </li>
<li> Physical structure (offsets) </li>
<li> Logical tree structure </li>
<li> Metadata </li>
<li> Modifications between versions (changelog) </li>
<li> Compressed objects (object streams) </li>
<li> Analysis and modification of Javascript (PyV8): unescape, replace, join </li>
<li> Shellcode analysis (Libemu python wrapper, pylibemu) </li>
<li> Variables (set command) </li>
<li> Extraction of old versions of the document </li>
<li> Easy extraction of objects, Javascript code, shellcodes (>, >>, $>, $>>) </li>
<li> Checking hashes on <a href="http://www.toolwar.com/2013/12/virustotal-analyze-files-and-urls-tools.html" target="_blank"><b>VirusTotal</b></a> </li>
</ul>
<div style="text-align: justify;">
<b> Creation/Modification: </b></div>
<ul style="text-align: justify;">
<li> Basic PDF creation </li>
<li> Creation of PDF with Javascript executed wen the document is opened </li>
<li> Creation of object streams to compress objects </li>
<li> Embedded PDFs </li>
<li> Strings and names obfuscation </li>
<li> Malformed PDF output: without endobj, garbage in the header, bad header... </li>
<li> Filters modification </li>
<li> Objects modification </li>
</ul>
<div style="text-align: justify;">
<b> Execution modes: </b></div>
<ul style="text-align: justify;">
<li> Simple command line execution </li>
<li> <b>Powerful interactive console</b> (colorized or not) </li>
<li> Batch mode </li>
</ul>
<div style="text-align: justify;">
<b> TODO: </b></div>
<ul style="text-align: justify;">
<li> Embedded PDFs analysis </li>
<li> Improving automatic Javascript analysis </li>
<li> GUI </li>
</ul>
<h3>
Tutorials :: </h3>
<b>PeePDF Installation :: </b><a href="http://code.google.com/p/peepdf/wiki/Installation" target="_blank">Click Here</a><b><a href="http://code.google.com/p/peepdf/wiki/Installation" target="_blank"> </a></b><br />
<b>PeePDF Execution :: </b><a href="http://code.google.com/p/peepdf/wiki/Execution" target="_blank">Click Here</a><br />
<b>PeePDF Commands ::  </b><a href="http://code.google.com/p/peepdf/wiki/Commands" target="_blank">Click Here</a><br />
<b>PDF Forensics and Analysis eBook</b> :: <a href="https://www.amazon.com/dp/B00LSF1TU6" target="_blank">Click Here</a> <br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/T1GcheLaY5M?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
Download ::</h3>
<b>Linux | Windows :: </b><a href="http://peepdf.googlecode.com/files/peepdf_0.2-BlackHatVegas.zip" target="_blank">peepdf v0.2</a> (.zip)<b> | </b><a href="http://peepdf.googlecode.com/files/peepdf_0.2-BlackHatVegas.tar.gz" target="_blank">peepdf v0.2</a> (.tar.gz)
<b> </b><br />
<b>Source Website ::</b> <a href="http://code.google.com/p/peepdf/">http://code.google.com/p/peepdf/</a>

PeePDF (PDF Analysis, Forensics, Creation and Modification) :: Tools

PeePDF is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to prov...

GoldenEye (DoS Testing) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="ddos icon" border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJOQnS__a36My3QgFrkkZZnKbMa2sQ5wymnzD-TYPn2-Hi3HzwaqF7hyphenhyphenimikRz5C7uJ3EQc2UHSYhjBNDc4TDogFEdp8zIL-ab7q41TBZPSowkU6qXuTkKbYPg3QOuCHEa5gb1WjXFL0js/s1600/ddos+logo.jpg" title="ddos icon" width="400" /></div>
<div style="text-align: justify;">
<b>GoldenEye</b> is a <b>HTTP DoS test tool</b>. This software is distributed under the <i>GNU General Public License</i> version 3 (GPLv3). <b>GoldenEye</b> is a <b><acronym title="HyperText Transfer Protocol">HTTP</acronym>/S
 Layer 7 <a href="http://www.toolwar.com/search/label/DDoS" target="_blank">Denial-of-Service</a> Testing Tool</b>. It uses KeepAlive (and 
Connection: keep-alive) paired with Cache-Control options to persist 
socket connection busting through caching (when possible) until it 
consumes all available sockets on the <acronym title="HyperText Transfer Protocol">HTTP</acronym>/S server.</div>
<div style="text-align: justify;">
This project started by the influence of Barry Shteiman who created HULK, a Proof-of-concept <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tool</a> that I decided to improve which later became <b>GoldenEye</b>. Kudos for you Barry! This software is written in purely<a href="http://www.toolwar.com/search/label/Python" target="_blank"> Python</a>.</div>
<h3 style="text-align: justify;">
Tutorial ::</h3>
<div style="text-align: justify;">
<b>Usages :: </b></div>
<pre><span style="font-family: "Courier New",Courier,monospace;"><code> USAGE: ./goldeneye.py <url> [OPTIONS]

OPTIONS:
     Flag           Description                     Default
     -t, --threads      Number of concurrent threads                (default: 500)
     -m, --method       HTTP Method to use 'get' or 'post'  or 'random'         (default: get)
     -d, --debug        Enable Debug Mode [more verbose output]         (default: False)
     -h, --help         Shows this help</code></span></pre>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b><span style="font-size: small;"><span style="font-weight: normal;">Python :: <a href="https://github.com/jseidl/GoldenEye/archive/master.zip" target="_blank">GoldenEye</a><b> (.py)</b></span></span></b></div>
<div style="text-align: justify;">
<b>Source Website ::</b>  <a href="https://github.com/jseidl/GoldenEye">https://github.com/jseidl/GoldenEye</a></div>

GoldenEye (DoS Testing) :: Tools

GoldenEye is a HTTP DoS test tool . This software is distributed under the GNU General Public License version 3 (GPLv3). GoldenEye is ...

KillerBee (Exploiting ZigBee and IEEE 802.15.4 Networks) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<img alt="KillerBee Image" border="0" height="329" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7xn4xzkvBYoqeDLAxh3GYVmNcCIj8wfF43o7uU-YZX4qDFqdlP91terOVNJqb8Zo0hS94LsqWhLGHvoJXzHFJkVYwmnD8YzrW6f-H_ndMaXeF-7iquPRYHz01XL2GKY3V2yXWvycWpApy/s1600/KillerBee+Image.jpg" title="KillerBee Image" width="640" /></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>KillerBee</b> is a Python based <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> and tool set for <b>exploring and 
exploiting the security of ZigBee and IEEE 802.15.4 networks.</b>  Using 
<b>KillerBee</b> tools and a compatible IEEE 802.15.4 radio interface, you can 
eavesdrop on ZigBee networks, replay traffic, attack cryptosystems and 
much more.  Using the <b>KillerBee framework</b>, you can build your own <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>,
 implement ZigBee fuzzing, emulate and attack end-devices, routers and 
coordinators and much more. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Install on Linux :: </b><a href="https://code.google.com/p/killerbee/wiki/InstallLinuxBackTrack" target="_blank">Click Here</a></div>
<div style="text-align: justify;">
<b>Install on Mac :: </b><a href="https://code.google.com/p/killerbee/wiki/InstallOSX" target="_blank">Click Here</a></div>
<b>Wiki :: </b><a href="https://code.google.com/p/killerbee/w/list" target="_blank">Click Here</a><br />
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux | Mac :: </b><a href="https://killerbee.googlecode.com/files/killerbee_1_0.tar" target="_blank">KillerBee v1.0</a> (.tar.gz)</div>
<div style="text-align: justify;">
<b>Source Website :: </b><a href="https://code.google.com/p/killerbee/">https://code.google.com/p/killerbee/</a></div>

KillerBee (Exploiting ZigBee and IEEE 802.15.4 Networks) :: Framework

KillerBee is a Python based framework and tool set for exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks. ...

OWASP Androick (Forensic Analysis on Android) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="Android Forensics" border="0" height="290" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZJ_1RDUELmZ8Hp8cgrssB5b0X5mgQR8j1Vwh1HV1yITtkSA9nd57u9Vod3tLTOgvRJRdActpiJ0szI73A-Y38mXv3e43879WHZ30qYNoak_X9fz6wcJjDDe8pYSZc4iYwuJFzZmPMKizj/s1600/Android+Forensics.jpg" title="Android Forensics" width="400" /></div>
<div style="text-align: justify;">
<b>OWASP Androick</b> is a <a href="http://www.toolwar.com/search/label/Python" target="_blank">python tool</a> to help in <b>forensics analysis on android</b>.
Put the package name, some options and the programm will download 
automatically apk, datas, files permissions, manifest, databases and 
logs.
It is easy to use and avoid all repetitives tasks !</div>
<h3 style="text-align: justify;">
Tutorials :: </h3>
<div style="text-align: justify;">
<b>Usages :: </b></div>
<pre><code><span style="font-family: "Courier New",Courier,monospace;">1) show help message
    ./androick.py -h
</span>
2) show informations
    ./androick.py -a

3) select device to use
    ./androick.py -D serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...
    ./androick.py --device serial_number PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...

4) find package name
    ./androick.py [-v] -f <Part of package name>

5) download all related things of application
    ./androick.py [-v] -A PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...

6) select only things you want extract
    ./androick.py [-v] [-d --datas] [-s --sql] [-m --manifest] [-p --permissions] </code></pre>
<pre><code>[-m --memory-dump]  [-l --logs] [--keyLogs="keywords"] PACKAGE_NAME_1 PACKAGE_NAME_2 ETC...

7) how to use option --keyLogs
        --keyLogs="key1,key2,key3"
    if more than one package
        --keyLogs="key1_P1,key2_P1|key1_P2|key1_P3,key2_P3,key3_P3" </code></pre>
<pre><code> </code></pre>
<pre><code>Example :
./androick.py -l --keyLogs="antivirus,protection|music,licence" com.package.antivirus com.music.player

/!\ The memory dump option will mostly not works with production builds </code></pre>
<h2>
<a class="anchor" href="https://github.com/Flo354/Androick#author" name="user-content-author"></a><code> </code></h2>
<h3 style="text-align: justify;">
Dependencies ::</h3>
<div style="text-align: justify;">
Python - Python >=2.6 | Python Magic</div>
<div style="text-align: justify;">
SDK - aapt | adb | hprof-conv</div>
<div style="text-align: justify;">
Others - a rooted device | sqlite3</div>
<h3 style="text-align: justify;">
Download :: </h3>
<div style="text-align: justify;">
<b>Windows | Linux | Mac :: </b><a href="https://github.com/Flo354/Androick/archive/master.zip" target="_blank">OWASP Androick</a><b> </b></div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="https://www.owasp.org/index.php/OWASP_Androick_Project">https://www.owasp.org/index.php/OWASP_Androick_Project</a></div>

OWASP Androick (Forensic Analysis on Android) :: Tools

OWASP Androick is a python tool to help in forensics analysis on android . Put the package name, some options and the programm will dow...

OWASP iOSForensics (Forensic Analysis on iOS) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="OWASP iOSForensics" border="0" height="376" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVLCKwgu3zOqgZkzDNIxnBt6nCpUZPd2gX3PNuOAtqysK41AnLv8Yicnn5Jgj86S9f4u3QXuw29oLRJLVkYa4JbGB_6UDqINyA0snRuKK-rGGhtp-8MZRzGoaJqm0heDkj6NmbBr9scPd_/s1600/iOSForensics.jpg" title="OWASP iOSForensics" width="640" /></div>
<div style="text-align: justify;">
<b>OWASP iOSForensic</b> is a <a href="http://www.toolwar.com/search/label/Python" target="_blank">python tool</a> to help in <b>forensics analysis on iOS</b>. It get files, logs, extract sqlite3 databases and uncompress .plist files in xml.
<b>OWASP iOSForensic</b> is free to use. It is licensed under the GNU GPL v3 
License, so you can copy, distribute and transmit the work, and you can 
adapt it, and use it commercially, but all provided that you attribute 
the work and if you alter, transform, or build upon this work, you may 
distribute the resulting work only under the same or similar license to 
this one. </div>
<h3 style="text-align: justify;">
Features :: </h3>
OWASP iOSForensic  provides:
<br />

<ul>
<li> Application's files
</li>
<li> Conversion of .plist files in XML
</li>
<li> Extract all databases
</li>
<li> Conversion of binary cookies
</li>
<li> Application's logs
</li>
<li> A List of all packages
</li>
<li> Extraction multiple packages </li>
</ul>
<h3>
Tutorials :: </h3>
<b>Usages :: </b><br />
<ul class="task-list">
<li>  -h --help : show help message</li>
<li>  -a --about : show informations</li>
<li>  -v --verbose : verbose mode</li>
<li>  -i --ip : local ip address of the iOS terminal</li>
<li>  -p --port : ssh port of the iOS terminal (default 22)</li>
<li>  -P --password : root password of the iOS terminal (default alpine)</li>
</ul>
<b>Examples :: </b> <br />
<br />
<pre><code>./iOSForensic.py -i 192.168.1.10 [OPTIONS] APP_NAME.app INCOMPLETE_APP_NAME APP_NAME2_WITHOUT_DOT_APP
./iOSForensic.py -i 192.168.1.10 -p 1337 -P pwd MyApp.app angry MyApp2</code></pre>
<h3>
Download ::</h3>
<b>Linux :: </b><a href="https://github.com/Flo354/iOSForensic/archive/master.zip" target="_blank">OWASP iOSForensics</a><br />
<b>Official Website :: </b><a href="https://www.owasp.org/index.php/Projects/OWASP_iOSForensic">https://www.owasp.org/index.php/Projects/OWASP_iOSForensic</a><br />
<div style="text-align: justify;">
<br /></div>

OWASP iOSForensics (Forensic Analysis on iOS) :: Tools

OWASP iOSForensic is a python tool to help in forensics analysis on iOS . It get files, logs, extract sqlite3 databases and uncompress ...

AIEngine (Artificial Intelligent Engine) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="AIEngine (Artificial Intelligent Engine)" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjygwBGjzyQv3FxAMBFEPi4jiHrZl-rqa1pCdx-9Ypc4ofp70ziOSWVZj2iWVv2sA9Dx5YI-3q4in1P1E4PBAX0AQABh8-VVaoynf29hQswZ8nNPEuJ9z-vrteUA8KGJFyshyVafOArLC7F/s1600/Artificial+Intelligent+Engine.jpg" title="AIEngine (Artificial Intelligent Engine)" /></div>
<div style="text-align: justify;">
<b>AIEngine</b> is a next generation interactive/programmable packet inspection engine with capabilities of learning without any human intervention, NIDS functionality, DNS domain classification, network collector and many others.  <b><br /></b><br />
<b>AIEngine (Artificial Intelligent Engine)</b> is a <i><a href="http://www.toolwar.com/search/label/Packet" target="_blank">packet</a> inspection engine</i> with capabilities of learning without any human intervention. <b>AIEngine</b> helps <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>/security profesionals to <b>identify traffic</b> and develop signatures for use them on<b> </b><i>NIDS, <a href="http://www.toolwar.com/search/label/Firewalls" target="_blank">Firewalls</a>, Traffic classifiers</i> and so on.</div>
<div style="text-align: justify;">
<b>AIEngine</b> is written in c++11 and Python, so by using the flexibility of 
<a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>, AIEngine could be integrated easely with other functionalities 
and modules in a easy way.<br />
<h3>
Features ::  </h3>
</div>
<ul>
<li>- Counters for IP fragmentation packets.</li>
<li>- Support for TLS1.2 on the SSLProtocol</li>
<li>- Exposed the FrequencyGroup and the LearnerEngine on python.</li>
<li>- Integrate with NetfilterPython or other packet systems.</li>
<li>- Support for python 3.x versions (check INSTALL).</li>
<li>- Sorts the outputs of the HTTP, SSL and DNS most used domains (aiengine binary).</li>
<li>- Support for HTTP1.1 (URI Cache), all the flows will have all the paths taken by the user.</li>
<li>- Shell support. The system have a interactive shell so the user can interact on realtime with the system.</li>
</ul>
<h3>
Tutorial ::</h3>
<b>Configuration :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Configurations" target="_blank">Click Here</a><b> </b><br />
<b>Uses & Examples :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Home" target="_blank">Click Here</a><br />
<b>Wiki :: </b><a href="https://bitbucket.org/camp0/aiengine/wiki/Home" target="_blank">Click Here</a><br />
<h3>
Download :: </h3>
<b>Linux :: </b><a href="https://bitbucket.org/camp0/aiengine/downloads/aiengine-1.5.tar.gz" rel="nofollow" target="_blank">AIEngine v1.5</a><b> (.tar.gz)</b><br />
<b>Source ::</b> <a href="https://bitbucket.org/camp0/aiengine/overview">https://bitbucket.org/camp0/aiengine/overview</a><br />
<b>Submitted By :: </b>Luis

AIEngine (Artificial Intelligent Engine) :: Tools

AIEngine is a next generation interactive/programmable packet inspection engine with capabilities of learning without any human interven...

DFF (Digital Forensics Framework) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIl1DdbsO0WfC9qJDGu02Asu8jmU-fMvvGqJMnoXYIsycbH4eFW775XwZteITm_g2b8WSSdGZMbd7O8O3wZHb-6a1jsPqXb98HsFnIMVxzOlcFkVtQFC1j5SodKKFdqH5k_nWuugslcbtP/s1600/DFF+LOgo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="DFF Logo" border="0" height="166" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIl1DdbsO0WfC9qJDGu02Asu8jmU-fMvvGqJMnoXYIsycbH4eFW775XwZteITm_g2b8WSSdGZMbd7O8O3wZHb-6a1jsPqXb98HsFnIMVxzOlcFkVtQFC1j5SodKKFdqH5k_nWuugslcbtP/s1600/DFF+LOgo.png" title="DFF Logo" width="400" /></a></div>
<div style="text-align: justify;">
<b>DFF (Digital Forensics Framework)</b> is a free and Open Source <b>computer  forensics software</b> built on top of a dedicated Application Programming  Interface (API). It can be used both by professional and non-expert people in order to quickly  and easily collect, preserve and reveal digital evidences without  compromising systems and data.</div>
<h3 style="text-align: justify;">
Features :: </h3>
<ul style="text-align: justify;">
<li>Preserve digital chain of custody - Software write blocker, cryptographic <a href="http://www.toolwar.com/search/label/Hash" target="_blank">hash</a> calculation</li>
<li>Access to local and remote devices - Disk drives, removable devices, remote file systems</li>
<li>Read standard <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">digital forensics</a> file formats - Raw, Encase EWF, AFF 3 file formats</li>
<li><a href="http://www.toolwar.com/search/label/Virtual" target="_blank">Virtual machine</a> disk reconstruction - VmWare (VMDK) compatible</li>
<li><a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> and <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux OS</a> forensics - <a href="http://www.toolwar.com/search/label/Registry" target="_blank">Registry</a>, Mailboxes, NTFS, EXTFS 2/3/4, FAT 12/16/32 file systems</li>
<li>Quickly triage and search for (meta-)data - Regular expressions, dictionaries, content search, tags, time-line</li>
<li><a href="http://www.toolwar.com/search/label/Recovery" target="_blank">Recover</a> hidden and deleted artifacts - Deleted files / folders, unallocated spaces, carving</li>
<li>Volatile <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory forensics</a> - Processes, local files, binary extraction, network connections</li>
</ul>
<div style="text-align: justify;">
<b>Digital Forensics Framework (DFF)</b> is an open source computer forensics software. It advertises the ability to be used by both professionals and non-experts to collect, preserve, and reveal digital evidence without compromising systems and data. </div>
<div style="text-align: justify;">
<b>Digital Forensics Framework</b> offers two user interfaces, a graphical one developed in PyQt and providing classical tree view but also more advanced features such as recursive view, tagging, live search or bookmarking. Its command line interface enables to perform <a href="http://www.toolwar.com/search/label/Investigation" target="_blank">digital investigation</a> remotely and comes with usual functionnalities available in common shell such as completion, tasks management, globing or keyboard shortcuts. DFF can also run batch scripts at startup to automate repetitive tasks. Advanced users and developers can also use DFF directly from a <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> interpreter to script their investigation.</div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>DFF Blog :: </b><a href="http://www.digital-forensic.org/blog/" target="_blank">Click Here</a><b><br />
</b></div>
<b>DFF Wiki :: </b><a href="http://wiki.digital-forensic.org/" target="_blank">Click Here</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/02uZv72KS88?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux | Windows :: </b><a href="http://www.digital-forensic.org/en/downloads/dff/" target="_blank">DFF v1.3.0</a> (Free Edition)</div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://wiki.digital-forensic.org/index.php/Main_Page">http://wiki.digital-forensic.org/index.php/Main_Page</a></div>

DFF (Digital Forensics Framework) :: Framework

DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Progra...

Liffy (Local File Inclusion Exploitation) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEHgUv3G2cSh18uLQRim8Gb5IXVYRmDrm0RRYDS4PNvOY9nqx1BixII41qCSV_QuR3s_OemRkq0lnNGMxMxDVuUZSsKF7L_yVBxEjzkNtuPb0tWrQVme-kk6yZvRanaLs-Vo9GRkRU6CSJ/s1600/Liffy.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Liffy Tool" border="0" height="260" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEHgUv3G2cSh18uLQRim8Gb5IXVYRmDrm0RRYDS4PNvOY9nqx1BixII41qCSV_QuR3s_OemRkq0lnNGMxMxDVuUZSsKF7L_yVBxEjzkNtuPb0tWrQVme-kk6yZvRanaLs-Vo9GRkRU6CSJ/s1600/Liffy.jpg" title="Liffy Tool" width="400" /></a></div>
<div style="text-align: justify;">
<b>Liffy</b> is a tool to exploit local file inclusion <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> using 
the built-in wrappers php://input, data://, and a process control 
extension called 'expect'. <b>Liffy</b> is written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>.</div>
<ul class="task-list" style="text-align: justify;">
<li>Updates * Now comes with ability to use poisoned Apache access logs,
 and php://filter for code execution and arbitrary file reads.</li>
</ul>
<div style="text-align: justify;">
<b>Liffy</b> requires the following libraries: requests, argparse, blessings, urlparse In order to host the payload you may use Node's HTTP server. Or you can simply spawn python's SimpleHTTPServer in /tmp on port 
8000.  Further development of the tool will eventually include spawning a
 built-in web server in order to download, for now you can adjust the 
location and port in the source code for your needs.  These can be 
changed in core.py under the execute functions.</div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Example Use ::</b> ./liffy --url http://target/pdfs/vulnerable.php?= --data </div>
<h3 style="text-align: justify;">
Download :: </h3>
<div style="text-align: justify;">
<b>Linux | Windows | Mac :: </b><a href="https://github.com/rotlogix/liffy/archive/master.zip" target="_blank">Click Here</a><b><br /></b></div>
<div style="text-align: justify;">
<b>Source Website :: </b><a href="https://github.com/rotlogix/liffy">https://github.com/rotlogix/liffy</a></div>

Liffy (Local File Inclusion Exploitation) :: Tools

Liffy is a tool to exploit local file inclusion vulnerability using the built-in wrappers php://input, data://, and a process control ...

Android Data Extractor Lite (ADEL) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQBpxZgandE5D5alwBw5L_UGL3iMqOEB0ajg_cfYZfsGPuJNAb6b2XDZfvsItEsMGGwHvN19IrpDsUI8B7mEdp8miG2w4DADZEoN2Q964MIdgKQA_fMBhm-xtiEUygQ23IwbcP7PNdMoOI/s1600/ADEL+Image.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="ADEL Android" border="0" height="287" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQBpxZgandE5D5alwBw5L_UGL3iMqOEB0ajg_cfYZfsGPuJNAb6b2XDZfvsItEsMGGwHvN19IrpDsUI8B7mEdp8miG2w4DADZEoN2Q964MIdgKQA_fMBhm-xtiEUygQ23IwbcP7PNdMoOI/s1600/ADEL+Image.png" title="ADEL Android" width="400" /></a></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>Android Data Extractor Lite (ADEL)</b> is a <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> script that dumps all important SQLite Databases from a 
connected <a href="http://www.toolwar.com/search/label/Android" target="_blank">Android</a> smartphone to the local disk and analyzes these files 
in a forensically accurate workflow. If no smartphone is connected you 
can specify a local directory which contains the databases you want to <a href="http://www.toolwar.com/search/label/Anaysis" target="_blank">analyze</a>. Afterwards this script creates a clearly structured XML report.</div>
<div style="text-align: justify;">
If you connect a smartphone you need a rooted and insecure kernel or a custom recovery installed on the smartphone.</div>
<div style="text-align: justify;">
</div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
ADEL needs a predefined configuration for each device to work proper. This configuration has to be added in the following file:</div>
<div style="text-align: justify;">
<pre><code>xml/phone_configs.xml</code></pre>
<pre><code> </code></pre>
</div>
<div style="text-align: justify;">
As an example we added the configuration for the Samsung Galaxy S2 running Android 2.3.3, more phone configurations will follow. Example for the use of ADEL with a connected smartphone:</div>
<div style="text-align: justify;">
<pre><code>adel.py -d device -l 4</code></pre>
<pre><code> </code></pre>
</div>
<div style="text-align: justify;">
Example for the use of ADEL with database backups:</div>
<div style="text-align: justify;">
<pre><code>adel.py -d /home/user/backup -l 4
</code></pre>
</div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Python Supported Platform :: </b><a href="https://github.com/mspreitz/ADEL/archive/master.zip" target="_blank">ADEL</a> (.py)<br /><b>Source Website ::</b> <a href="https://github.com/mspreitz/ADEL">https://github.com/mspreitz/ADEL</a></div>

Android Data Extractor Lite (ADEL) :: Tools

Android Data Extractor Lite (ADEL) is a Python script that dumps all important SQLite Databases from a connected Android smartphone...

Fern WiFi Cracker (Wireless Security Auditing) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_r9FW3TnXSaixk_XdPQeulTjkmnrUgCEaSMttahhSYB74fXxI7yrdv1fpiOwsdke6A8UYl_jOglpFZZF0snnVewT3z3Er5LlcI-Roo6j-vtoGbv6kPZMrd9BUb6gl3IdqLt_Iqp2tDCCF/s1600/fern+wifi+cracker+toolwar.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_r9FW3TnXSaixk_XdPQeulTjkmnrUgCEaSMttahhSYB74fXxI7yrdv1fpiOwsdke6A8UYl_jOglpFZZF0snnVewT3z3Er5LlcI-Roo6j-vtoGbv6kPZMrd9BUb6gl3IdqLt_Iqp2tDCCF/s1600/fern+wifi+cracker+toolwar.png" /></a></div>
<div style="text-align: justify;">
<b>Fern Wifi Cracker</b> is a <b><i>Wireless security auditing</i></b> and attack software program written using the <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> Programming Language and the Python Qt GUI library,  the program is able to crack and recover WEP/WPA/WPS keys and also run  other <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> based <a href="http://www.toolwar.com/search/label/Attack" target="_blank">attacks</a> on wireless or ethernet based networks.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Features :-</b></div>
<div style="text-align: justify;">
<ul>
<li>WEP <a href="http://www.toolwar.com/search/label/Cracking" target="_blank">Cracking</a> with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or WPS attack </li>
<li>WPA/WPA2 Cracking with Dictionary or WPS based attacks</li>
<li>Automatic saving of key in database on successful crack</li>
<li>Automatic Access Point Attack System</li>
<li>Session Hijacking (Passive and Ethernet Modes)</li>
<li>Access Point MAC Address Geo Location Tracking</li>
<li>Internal <a href="http://www.toolwar.com/search/label/MITM" target="_blank">MITM</a> Engine</li>
<li>Bruteforce Attacks (HTTP,HTTPS,TELNET,FTP)</li>
<li>Update Support</li>
</ul>
<h3>
<b>Tutorials ::  </b></h3>
<b>Session Hijacking Demonstration ::</b><br />
<b> </b> <br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Bi-8JRNpMqo?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<br />
<b>Bruteforcing Routers with Fern-Wifi-Cracker ::</b>  <br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/_ztQQWMoVX4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<br />
<b>Cracking WEP Security with Fern-Wifi-Cracker ::</b>  <br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/vpiOPEZD6qw?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<br />
<h3>
<b>Download :: </b></h3>
<b>Download Here :: </b><a href="http://code.google.com/p/fern-wifi-cracker/downloads/list" target="_blank">Fern WiFi Cracker</a> <b> </b><br />
<b>Source Website ::</b> <a href="http://code.google.com/p/fern-wifi-cracker/">http://code.google.com/p/fern-wifi-cracker/</a></div>
</div>

Fern WiFi Cracker (Wireless Security Auditing) :: Tools

Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the P...

FARADAY (Integrated Penetration Testing IDE) :: Framework

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="FARADAY Logo" border="0" height="91" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj03zjrenjfh3-P90KLn_GSw8ONyaQLqXdR6otoyPAiIMj1ETcLzdJpofOdDKILtTGY6U_4FS4zlEyLZEVF0IEjyTWLMkZrm9wa3U-YS1L8K8A1NQO_j0muNmj9wiuSaqph9OyYKddiOc-f/s1600/Faraday-Logo.png" title="FARADAY Logo" width="400" /></div>
<b>Faraday</b> introduces a new concept (IPE) <b>Integrated Penetration-Test  Environment</b> a multiuser <b>Penetration test IDE</b>. Designed for distribution,  indexation and analysis of the generated data during the process of a <a href="http://www.toolwar.com/search/label/Security" target="_blank"> security audit</a>.</div>
<div style="text-align: justify;">
The main purpose of <b>Faraday</b> is to re-use the available tools in the community to take advantage of them in a multiuser way.</div>
<div style="text-align: justify;">
Design for simplicity, users should feel no difference between their  own terminal application and the one included in <b>Faraday</b>. Developed with  a specialized set of functionalities that help users improve their own  work. Do you remember yourself programming without an IDE? Well, <b>Faraday</b>  does the same an IDE does for you when programming, but from the  perspective of a <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration test</a>.</div>
<div style="text-align: justify;">
<br />
<b>Requirement ::  </b></div>
<div style="text-align: justify;">
<a href="http://www.toolwar.com/search/label/Linux" target="_blank">Modern Linux</a> (Tested Debian / Ubuntu  * / <a href="http://www.toolwar.com/2013/09/kali-linux-toolwar.html" target="_blank">Kali</a> / <a href="http://www.toolwar.com/2013/09/backtrack-5-r3-distribution.html" target="_blank">Backtrack</a>)</div>
<ul style="text-align: justify;">
<li>Python 2.6.x and 2.7.x</li>
<li>Qt3</li>
<li>CouchDB >= 1.2.0<br />
</li>
<li>The following python libs:  <ul>
<li>mockito </li>
<li>couchdbkit </li>
<li>whoosh </li>
<li>argparse </li>
<li>psycopg2</li>
<li>IPy</li>
<li>requests</li>
</ul>
<h3>
</h3>
</li>
</ul>
<h3 style="text-align: justify;">
Tutorials :: </h3>
<div style="text-align: justify;">
<b>Installation :: </b> </div>
<div style="text-align: justify;">
Preferably, you can download faraday by cloning the Git repository:</div>
<div style="text-align: justify;">
<pre><code>$ git clone https://github.com/infobyte/faraday.git faraday-dev
$ cd faraday-dev
$ ./install
</code></pre>
</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Usage :: </b></div>
<div style="text-align: justify;">
To get started, simply execute faraday and use the new console to start working in the pentest: </div>
<div style="text-align: justify;">
<pre><code>$ ./faraday</code></pre>
<pre><code> </code></pre>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/EBz0g6ya7Mg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
</div>
<h3 style="text-align: justify;">
Download :: </h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="https://github.com/infobyte/faraday/archive/master.zip" target="_blank">Faraday</a> (tarball) <b>
</b></div>
<div style="text-align: justify;">
<b>Source Website :: </b><a href="https://github.com/infobyte/faraday">https://github.com/infobyte/faraday</a></div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://www.faradaysec.com/">http://www.faradaysec.com/</a></div>

FARADAY (Integrated Penetration Testing IDE) :: Framework

Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE . Designed for distrib...

SIPVicious (Auditing SIP Based VoIP System) :: Tools

<div style="text-align: justify;"><div class="separator" style="clear: both; text-align: center;"><img alt="SIP VoIP " border="0" height="324" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgs5pKQQ6VdyR7URrQT6nS1VVL0igxhRv5L4g9jfkKRkBLjfBegI6eKZANJ63AqMiWYIf8m2YEb8azNj4j9bwx-gCWo_jYM66n1k2GggJOHg0mLwLS0hJ7h7UWskxn3gWk6PAqEtxcvgABJ/s1600/SIP+VoIP.png" title="SIP VoIP " width="640" /></div><b>SVMAP</b> is a part of a suite of tools called <b>SIPVicious</b> and it’s my  favorite <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner</a> of choice It can be used to scan identify and fingerprint a single IP or a range  of IP addresses. <b>Svmap</b> allows specifying the request method which is being used for  scanning, the default method is OPTIONS, it offers debug and verbosity  options and even allows scanning the SRV records for SIP on the  destination domain. You can use the <b>./svmap –h</b> in order to view all the available arguments </div><div style="text-align: justify;"><b>SIPVicious suite</b> is a set of <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> that can be used to audit SIP based <a href="http://www.toolwar.com/search/label/VOIP" target="_blank">VoIP systems</a>.  It currently consists of four tools: </div><ul style="text-align: justify;"><li>svmap - this is a sip scanner. Lists SIP devices found on an IP range </li>
<li>svwar - identifies active extensions on a PBX </li>
<li>svcrack - an online password cracker for SIP PBX </li>
<li>svreport - manages sessions and exports reports to various formats </li>
<li>svcrash - attempts to stop unauthorized svwar and svcrack scans </li>
</ul><div style="text-align: justify;">It was tested on the following systems: </div><ul style="text-align: justify;"><li><a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux </a></li>
<li><a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X </a></li>
<li><a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows </a></li>
<li><a href="http://www.toolwar.com/search/label/FreeBSD" target="_blank">FreeBSD 6.2 </a></li>
<li>Jailbroken iPhone with python installed </li>
</ul><div style="text-align: justify;">If you use it on systems that are not mentioned here please let me know goes it goes. </div><h3 style="text-align: justify;">Tutorials ::</h3><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Zp_gzjV8l4c?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div><div style="text-align: justify;"></div><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/3a7xJeNQfOk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div><h3 style="text-align: justify;"> </h3><h3 style="text-align: justify;">Download ::</h3><div style="text-align: justify;"><b>Linux | Windows | Mac | FreeBSD :: </b><a href="http://sipvicious.googlecode.com/files/sipvicious-0.2.8.zip" target="_blank">SIPVicious v0.2.8</a> (.zip) | <a href="http://sipvicious.googlecode.com/files/sipvicious-0.2.8.tar.gz" target="_blank">SIPVicious v0.2.8</a> (.tar.gz)<b>
</b></div><div style="text-align: justify;"><b>Official Website :: </b> <a href="http://code.google.com/p/sipvicious/">http://code.google.com/p/sipvicious/</a></div>

SIPVicious (Auditing SIP Based VoIP System) :: Tools

SVMAP is a part of a suite of tools called SIPVicious and it’s my favorite scanner of choice It can be used to scan identify and fingerp...

Maligno (Penetration Testing) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7dM_W5x1h5uszgk0spEosIclT4KmaGO2uPukBWl2ETl36hFooZ0Eb50A3PfpPjjzUqZ2HTI5NHF-L7q4sAxnRD14MGiXgvHkHLi_zCKB5hs8jd0TiUAyaYrsEJ5M4nq67pzu47VcLwRET/s1600/PenTest_Image.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="maligno image" border="0" height="307" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7dM_W5x1h5uszgk0spEosIclT4KmaGO2uPukBWl2ETl36hFooZ0Eb50A3PfpPjjzUqZ2HTI5NHF-L7q4sAxnRD14MGiXgvHkHLi_zCKB5hs8jd0TiUAyaYrsEJ5M4nq67pzu47VcLwRET/s1600/PenTest_Image.png" title="maligno image" width="400" /></a></div>
<div style="text-align: justify;">
<b>Maligno</b> is an open source <b>penetration testing tool</b> written in python, 
that serves <a href="http://www.toolwar.com/2013/09/metasploit-framework.html" target="_blank">Metasploit</a> payloads. It generates shellcode with msfvenom 
and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES
 and encoded with Base64 prior to transmission.</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://www.encripto.no/tools/maligno-1.0.tar.gz" target="_blank">Maligno v1.0</a> (.tar.gz)</div>
<div style="text-align: justify;">
<b>Official Website :: </b> <a href="http://www.encripto.no/tools/">http://www.encripto.no/tools/</a></div>

Maligno (Penetration Testing) :: Tools

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with ms...

GoLismero (The Web Knife) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJYxDNAmrpLOxGHjpb6huddkmpfTYX3pDCUkzAP5ZvTN4YHVhKeSoNVz0mP3edsRRLaggj3y4jcannl6jCd928BDdVuz0XMqsJrc4uaybV2Vo1azKfWDoSHkN3sWgH2iEF7wp3DJ79MdTj/s1600/Golismero+WIndows+Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Golismero " border="0" height="380" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJYxDNAmrpLOxGHjpb6huddkmpfTYX3pDCUkzAP5ZvTN4YHVhKeSoNVz0mP3edsRRLaggj3y4jcannl6jCd928BDdVuz0XMqsJrc4uaybV2Vo1azKfWDoSHkN3sWgH2iEF7wp3DJ79MdTj/s1600/Golismero+WIndows+Screenshot.png" title="Golismero " width="640" /></a></div>
<div style="text-align: justify;">
<b>GoLismero</b> is an open source framework for <a href="http://www.toolwar.com/search/label/Security" target="_blank"><b>security testing</b></a>. It's 
currently geared towards <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> security, but it can easily be expanded to 
other kinds of scans.</div>
<div style="text-align: justify;">
The most interesting features of the <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> are:</div>
<ul style="text-align: justify;">
<li>Real platform independence. Tested on <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, *BSD and <a href="http://www.toolwar.com/search/label/Mac" target="_blank">OS X</a>.</li>
<li>No native library dependencies. All of the framework has been written in pure Python.</li>
<li>Good performance when compared with other frameworks written in Python and other scripting languages.</li>
<li>Very easy to use.</li>
<li>Plugin development is extremely simple.</li>
<li>The framework also collects and unifies the results of well known tools: <a href="http://www.toolwar.com/2013/09/sqlmap-tools.html" target="_blank">sqlmap</a>, xsser, <a href="http://www.toolwar.com/2013/09/openvas-is-advanced-open-source.html" target="_blank">openvas</a>, <a href="http://www.toolwar.com/2013/10/dnsrecon-tools.html" target="_blank">dnsrecon</a>, <a href="http://www.toolwar.com/2013/09/theharvester-tools.html" target="_blank">theharvester</a>...</li>
<li>Integration with standards: CWE, CVE and OWASP.</li>
<li>Designed for cluster deployment in mind (not available yet).</li>
</ul>
<h3>
Tutorials ::</h3>
<b>Installation :: </b> <br />
Strictly speaking, GoLismero doesn't require installation - only its 
dependencies do. So if you want to use it on a system where you don't 
have root privileges, you can ask the system administrator to install 
them for you, and just run the "git checkout" command on your home 
folder.<br />
<b>Briefly Tutorial of Installation :: </b> <a href="https://github.com/golismero/golismero">Click Here</a><br />
<b>Basic Usages ::</b> <a href="https://github.com/golismero/golismero" target="_blank">Click Here</a><br />
<h3>
Download ::</h3>
<b>Linux | Mac | Windows :: </b><a href="https://github.com/golismero/golismero/archive/master.zip" target="_blank">GoLismero Archive</a> (.zip)<b> </b><br />
<b>Official Website :: </b><a href="https://github.com/golismero/golismero" target="_blank">https://github.com/golismero/golismero</a>

GoLismero (The Web Knife) :: Framework

GoLismero is an open source framework for security testing . It's currently geared towards web security, but it can easily be expa...

BlindElephant (Web Application Fingerprinting) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipt-PGEQbszCnUumUvyuXZt9TWyLVMKHh4zJ6Nms53hyphenhyphenEdN-vLqt0RuDiSAnxFXphRcokFnxoZolzQ5zf4XZL-iQlMn-HMKs3twBbf5TdM_E1hO169ojrWt8AAj2r1IrStX8rDokXXSae8/s1600/BlindElephant+logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="287" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipt-PGEQbszCnUumUvyuXZt9TWyLVMKHh4zJ6Nms53hyphenhyphenEdN-vLqt0RuDiSAnxFXphRcokFnxoZolzQ5zf4XZL-iQlMn-HMKs3twBbf5TdM_E1hO169ojrWt8AAj2r1IrStX8rDokXXSae8/s1600/BlindElephant+logo.png" width="320" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The <b>BlindElephant</b> is a <b>Web Application Fingerprinter</b> attempts to discover the 
version of a (known) <a href="http://www.toolwar.com/search/label/Web" target="_blank">web application</a> by comparing static files at known 
locations against precomputed <a href="http://www.toolwar.com/search/label/Hash" target="_blank">hashes</a> for versions of those files in all 
all available releases. The technique is fast, low-bandwidth, 
non-invasive, generic, and highly automatize. </div>
<h3 style="text-align: justify;">
Tutorials ::</h3>
<div style="text-align: justify;">
<b>Discussion and Forum :: </b><a href="http://www.qualys.com/blindelephant" target="_blank">Click Here</a></div>
<div style="text-align: justify;">
<b>Installation ::</b></div>
<div style="text-align: justify;">
Installation is only required if you plan to use BlindElephant as a 
library. Make sure that your <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a> installation has distutils, and then
 do: </div>
<div style="text-align: justify;">
<span style="font-size: large;"><span style="font-family: "Courier New",Courier,monospace;"><code>cd blindelephant/src</code><code>sudo python setup.py install</code></span></span></div>
<br />
<b>Example Usage (Command Line) :: </b><br />

setup.py will have placed BlindElephant.py in your /usr/local/bin dir. 
<br />
<pre style="border-left: 5px solid #ddd; padding: 10px;"><span style="font-family: "Courier New",Courier,monospace;">$ BlindElephant.py 
Usage: BlindElephant.py [options] url appName

Options:
  -h, --help            show this help message and exit
  -p PLUGINNAME, --pluginName=PLUGINNAME
                        Fingerprint version of plugin (should apply to web app
                        given in appname)
  -s, --skip            Skip fingerprinting webpp, just fingerprint plugin
  -n NUMPROBES, --numProbes=NUMPROBES
                        Number of files to fetch (more may increase accuracy).
                        Default: 15
  -w, --winnow          If more than one version are returned, use winnowing
                        to attempt to narrow it down (up to numProbes
                        additional requests).
  -l, --list            List supported webapps and plugins

Use "guess" as app or plugin name to attempt to attempt to
discover which supported apps/plugins are installed.

$ python BlindElephant.py http://laws.qualys.com movabletype
Loaded /usr/local/lib/python2.6/dist-packages/blindelephant/dbs/movabletype.pkl with 96 versions, 2229 differentiating paths, and 209 version groups.
Starting BlindElephant fingerprint for version of movabletype at http://laws.qualys.com

Fingerprinting resulted in:
4.22-en
4.22-en-COM
4.23-en
4.23-en-COM

Best Guess: 4.23-en-COM</span>
</pre>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-size: large;"><span style="font-family: "Courier New",Courier,monospace;"><code><span style="font-family: "Helvetica Neue",Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>More Help :: </b><a href="http://sourceforge.net/p/blindelephant/code/HEAD/tree/trunk/" target="_blank">Click Here</a></span></span> </code></span></span></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: left;">
<b>Linux Command  :: </b><code>svn co https://blindelephant.svn.sourceforge.net/svnroot/blindelephant/trunk blindelephant</code></div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://blindelephant.sourceforge.net/">http://blindelephant.sourceforge.net/</a></div>

BlindElephant (Web Application Fingerprinting) :: Tools

The BlindElephant is a Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing sta...

Subscribe to: Posts ( Atom )