Nipper Studio (Network Security Audit for Firewall, Switches and Router) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjog3YqJ3FIoxb_rLEWgJPXiIWYhWS7Ihd2IOrLYGhAqOaRm7ioEB6gatr6PgzNw7OJf7ol2pC-Z9-TVfpQewGb_ryDyAt_h2uNqzrlhRtW194rN4xFfH7jYM3ivYb0TPmgsj7rIChoKIYR/s1600/Nipper+Home+Report+2.2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="nipper tutorial" border="0" height="333" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjog3YqJ3FIoxb_rLEWgJPXiIWYhWS7Ihd2IOrLYGhAqOaRm7ioEB6gatr6PgzNw7OJf7ol2pC-Z9-TVfpQewGb_ryDyAt_h2uNqzrlhRtW194rN4xFfH7jYM3ivYb0TPmgsj7rIChoKIYR/s1600/Nipper+Home+Report+2.2.jpg" title="nipper tutorial" width="400" /></a></div> <div style="text-align: justify;"> <b>Nipper (short for Network Infrastructure Parser, previously known as CiscoParse)</b> audits the security of network devices such as switches, routers, and firewalls. It works by parsing and analyzing device configuration file which the <b>Nipper</b> user must supply. This was an open source tool until its developer (Titania) released a commercial version and tried to hide their old GPL releases. During a <b>network audit Nipper Studio</b> processes the devices’ native configurations and enables you to create a variety of different audit reports. By using traditional methodology for your <a href="http://www.toolwar.com/search/label/Network" target="_blank">network audit</a>, such as manual <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">Penetration Testing</a>, Agent-based software and <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">Network Scanners</a>, you could experience various drawbacks, which does not affect Nipper Studio <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> audit software:<br /> <ul> <li>Network scanners send huge numbers of network probes to a device and can impact performance. Only exposed vulnerabilities are identified, potentially missing many issues.</li> <li>Agent-based audit software requires software to be installed on the devices during the network audit. This is not possible for all devices and can introduce additional security vulnerabilities.</li> <li>Manual Penetration Tests examine individual <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> devices in detail. However this is slow, expensive and results in point in time audits of only a sample of devices.</li> <li>Flatten the <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability assessment</a> process and reduce human error by automatically producing an instant, device specific configuration report, readable by non-technical experts.  </li> <li>Achieve significant cost savings by automating a detailed configuration vulnerability analysis, typically provided by costly external Penetration Testing. </li> <li>Improve the productivity and scope of the network audit by quickly performing a thorough vulnerability assessment of multiple complex network devices, providing a detailed security audit report, unachievable with vulnerability scanning technologies. </li> <li>Stay secure as our security audit software requires no additional services on the device or agents to be installed and can audit the network devices without connecting or scanning them</li> </ul> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/wUtAmowwVD8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3>  </h3> <h3> Download ::</h3> <b>Windows | Linux | Mac :: </b> <b> </b><br /> <b>Buy :: </b><a href="https://www.titania.com/shop" target="_blank">Click Here</a><b> </b> <b> </b><br /> <b>Evaluate Copy :: </b><a href="https://www.titania.com/evaluate" target="_blank">Click Here</a><b>  </b> <b> </b><br /> <b>Official Website :: </b><a href="https://www.titania.com/nipperstudio" target="_blank">https://www.titania.com/nipperstudio </a></div>

Nipper Studio (Network Security Audit for Firewall, Switches and Router) :: Tools

Nipper (short for Network Infrastructure Parser, previously known as CiscoParse) audits the security of network devices such as switche...

Read more »

Fiddler (Web Debugger Proxy) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoMGV0ZYokZLN2EHLK6qkK_j46ll8DxX5tNAWsuTWrfhCFoHDzxx4SUQFYGKOWgGNkc3p12cIAU1IWKWCKRo16-Ffc1JXOnqM6M60CPkbbxgDqnRKDKo0SJjH0htwNuFreOKr16MRNlihG/s1600/Fiddler+logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="251" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoMGV0ZYokZLN2EHLK6qkK_j46ll8DxX5tNAWsuTWrfhCFoHDzxx4SUQFYGKOWgGNkc3p12cIAU1IWKWCKRo16-Ffc1JXOnqM6M60CPkbbxgDqnRKDKo0SJjH0htwNuFreOKr16MRNlihG/s1600/Fiddler+logo.png" width="400" /></a></div> <div style="text-align: justify;"> <b>Fiddler</b> is a <b>Web Debugging Proxy</b> which logs all HTTP(S) traffic between your computer and the Internet. <b>Fiddler</b> allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.</div> <ul style="text-align: justify;"> <li><b>HTTP/HTTPS Traffic Recording :: </b>Fiddler is a free <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> <a href="http://www.toolwar.com/search/label/Debugger" target="_blank">debugging</a> proxy which logs all HTTP(s) traffic between your computer and the Internet. Use it to debug traffic from virtually any application that supports a proxy like IE, Chrome, Safari, Firefox, Opera and more.</li> <li><b>Web Session Manipulation ::</b> Easily manipulate and edit web sessions. All you need to do is set a breakpoints to pause the processing of the session and permit alteration of the request/response. You can also compose your own HTTP requests to run through <b>Fiddler</b>.</li> <li><b>Web Debugging :: </b>Debug traffic from PC, <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac</a> or <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux systems</a> and <a href="http://www.toolwar.com/search/label/Mobile" target="_blank">mobile devices</a>. Ensure the proper cookies, headers and cache directives are transferred between the client and server. Supports any framework, including .NET, Java, Ruby, etc.</li> <li><b> Security Testing :: </b>Use <b>Fiddler</b> for <a href="http://www.toolwar.com/search/label/Security" target="_blank">security testing</a> your web applications -- decrypt HTTPS traffic, and display and modify requests using a man-in-the-middle decryption technique. Configure Fiddler to decrypt all traffic, or only specific sessions.</li> <li><b>Performance Testing :: </b>Fiddler lets you see the “total page weight,” HTTP caching and compression at a glance. Isolate performance bottlenecks with rules like “Flag any uncompressed responses larger than 25kb.”</li> <li><b>Customizing Fiddler :: </b>Benefit from a rich extensibility model, ranging from simple FiddlerScript to powerful Extensions which can be developed using any .NET language.  </li> <li><div class="sfContentBlock"> <b>Simulate Real User Load Using Fiddler Captures ::</b> Fiddler is an excellent tool for understanding the performance of your website, but how does your performance change when lots of users are hitting the site? Check out Telerik Test Studio powered by Fiddler to get an in-depth understanding of how your site performance degrades as the number of users increases.</div> </li> </ul> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/gujBKFGwjd4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;">  </h3> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://www.telerik.com/docs/default-source/fiddler/fiddler4setup.exe?sfvrsn=2" target="_blank">Fiddler v4.4.6.2</a> (.exe) <b> </b></div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://www.telerik.com/download/fiddler">http://www.telerik.com/download/fiddler</a></div>

Fiddler (Web Debugger Proxy) :: Tools

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect...

Read more »

Immunity Canvas (Vulnerability Exploitation) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqwXRB2JW_wTRBZeFsPrNZqP7KK7Xyn3JC7nG4SvaFbLePxH0hRCMjN9Qmahzts9eQvlEvfqI-ZtbOgvXHS6d2EBgXNSHvEgPXs_l3QYQyy_cg2IrSmwwJThp4ddWSXS5oV4GoJEOJbLUo/s1600/img-canvas.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Immunity Canvas" border="0" height="171" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqwXRB2JW_wTRBZeFsPrNZqP7KK7Xyn3JC7nG4SvaFbLePxH0hRCMjN9Qmahzts9eQvlEvfqI-ZtbOgvXHS6d2EBgXNSHvEgPXs_l3QYQyy_cg2IrSmwwJThp4ddWSXS5oV4GoJEOJbLUo/s1600/img-canvas.gif" title="Immunity Canvas" width="400" /></a></div> <b>Immunity Canvas</b> is a commercial <b>vulnerability exploitation tool </b>from Dave Aitel's ImmunitySec. It includes more than 370 exploits and is less expensive than Core Impact or the commercial versions of <a href="http://www.toolwar.com/2013/09/metasploit-framework.html" target="_blank">Metasploit</a>. It comes with full source code, and occasionally even includes zero-day exploits.<b> </b><br /> <b>Immunity's CANVAS</b> makes available hundreds of exploits, an automated <a href="http://www.toolwar.com/search/label/Exploitation" target="_blank">exploitation</a> system, and a comprehensive, reliable exploit development framework to <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration</a> testers and <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> professionals worldwide. To see CANVAS in action please see our movies. For users new to CANVAS or experienced users looking to get just a little more out of CANVAS we have <a href="http://www.toolwar.com/search/label/PDF" target="_blank">PDF</a> based tutorials available for download.</div> <div style="text-align: justify;">   </div> <div style="text-align: justify;"> <b>Supported Platforms and Installations</b><br /> - <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (requires Python & PyGTK)<br /> - <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a><br /> - <a href="http://www.toolwar.com/search/label/Mac" target="_blank">MacOSX</a> (requires PyGTK)<br /> - All other <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> environments such as mobile phones and commercial Unixes (command line version only supported, GUI may also be available)</div> <div style="text-align: justify;"> <b>Architecture</b><br /> - CANVAS' completely open design allows a team to adapt CANVAS to their environment and needs. </div> <div style="text-align: justify;"> <b>Documentation</b><br /> - all documentation is delivered in the form of demonstration movies<br /> - exploit modules have additional information windows</div> <div style="text-align: justify;"> <b> Exploits</b><br /> - currently over 490 exploits, an average of 4 exploits added every monthly release<br /> - Immunity carefully selects vulnerabilities for inclusion as CANVAS exploits. Top priorities are high-value vulnerabilities such as remote, pre-authentication, and new vulnerabilities in mainstream software.<br /> - Exploits span all common platforms and applications</div> <div style="text-align: justify;"> <b> Payload Options</b><br /> - to provide maximum reliability, exploits always attempt to reuse socket<br /> - if socket reuse is not suitable, connect-back is used<br /> - subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions (file management, screenshots, etc)<br /> - bouncing and split-bouncing automatically available via MOSDEF<br /> - adjustable covertness level</div> <div style="text-align: justify;"> <b> Exploit Delivery</b><br /> - regular monthly updates made available via <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a><br /> - exploit modules and CANVAS engine are updated simultaneously<br /> - customers reminded of monthly updates via email</div> <div style="text-align: justify;"> <b> Exploit Creation Time</b><br /> - exploits included in next release as soon as they are stable</div> <div style="text-align: justify;"> <b> Effectiveness of Exploits</b><br /> - all exploits fully QA'd prior to release<br /> - exploits demonstrated via flash movies<br /> - exploit development team available via direct email for support</div> <div style="text-align: justify;"> <b> Ability to make Custom Exploits</b><br /> - unique MOSDEF development environment allows rapid exploit development</div> <div style="text-align: justify;"> <b> Product Support and Maintenance</b><br /> - subscriptions include email and phone support M-F 9am - 5pm EST, directly with development team<br /> - minimum monthly updates</div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <h3> Tutorials ::</h3> <ol> <li><a href="http://www.immunitysec.com/documentation/tutorials/Windows_Install.pdf">Detailed Windows Installation Instructions</a></li> <li><a href="http://www.immunitysec.com/documentation/tutorials/canvas101-part1.pdf">CANVAS 101 (Part 1)</a></li> <li><a href="http://www.immunitysec.com/documentation/tutorials/canvas101-part2.pdf">CANVAS 101 (Part 2)</a></li> <li><a href="http://www.immunitysec.com/documentation/tutorials/HCN-Part1.pdf">HCN Rootkit (Part 1)</a></li> <li><a href="http://www.immunitysec.com/documentation/tutorials/ties-that-binder-dot-py.pdf">The Ties That Binder.py</a></li> </ol> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/FAz-Bek4RfU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <ol></ol> </div> <div style="text-align: justify;"> <h3> Download ::</h3> </div> <div style="text-align: justify;"> <b>Linux | Mac | Windows :: Contact Here ::</b> sales@immunityinc.com <b> </b><br /> <b>Official Website ::</b> <a href="https://www.immunitysec.com/products-canvas.shtml">https://www.immunitysec.com/products-canvas.shtml</a></div>

Immunity Canvas (Vulnerability Exploitation) :: Tools

Immunity Canvas is a commercial vulnerability exploitation tool from Dave Aitel's ImmunitySec. It includes more than 370 exploits an...

Read more »

QualysGuard (Cloud Security) :: Framework

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghdzpjPZX2FLqOdTxqOBOsBcHPK-BGXs4z6FvMDEBWtOdSSQDhFqcOvSs8HLf2_C0gGeR9JzfehTMjygryKrJFU1Andf_8LVNhhNiAMihWAnzULkz0Qj63VCASwzVjkCQVNBGQnopmccia/s1600/qualys-logo.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Qualys logo" border="0" height="306" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghdzpjPZX2FLqOdTxqOBOsBcHPK-BGXs4z6FvMDEBWtOdSSQDhFqcOvSs8HLf2_C0gGeR9JzfehTMjygryKrJFU1Andf_8LVNhhNiAMihWAnzULkz0Qj63VCASwzVjkCQVNBGQnopmccia/s1600/qualys-logo.jpeg" title="Qualys logo" width="320" /></a></div> <div style="text-align: justify;"> <b>QualysGuard</b> is a popular <b>SaaS (software as a service) vulnerability management</b> offering. It's web-based UI offers <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> discovery and mapping, asset prioritization, <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> assessment reporting and remediation tracking according to business risk. Internal scans are handled by Qualys appliances which communicate back to the <a href="http://www.toolwar.com/search/label/Cloud" target="_blank">cloud-based</a> system.</div> <h3 style="text-align: justify;"> Tutorials ::</h3> <h3 style="text-align: justify;"> </h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/XfeyNLb7ZDc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/5Cbq5wudtZE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Trial Linux | Mac | Windows :: </b><a href="http://www.qualys.com/forms/trials/qualysguard/" target="_blank">QualysGuard</a><b> </b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.qualys.com/" target="_blank">http://www.qualys.com/ </a></div>

QualysGuard (Cloud Security) :: Framework

QualysGuard is a popular SaaS (software as a service) vulnerability management offering. It's web-based UI offers network discov...

Read more »

Skipfish (Web Application Security Scanner) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWet3cqxS_RaHFSPFgDcVyLfRIrD075ildwUJOYxN7KDyiHkwz5nOjJPSSvtMoZzRLq_g1vGKdWJsR2avZ_xoeGfBYB4C_YjX_Ulr5xlGhii4h2OWhJ_f2_3UkGgBCQ6pOtci-zTNqau4-/s1600/skipfish+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Skipfish Screenshot" border="0" height="329" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWet3cqxS_RaHFSPFgDcVyLfRIrD075ildwUJOYxN7KDyiHkwz5nOjJPSSvtMoZzRLq_g1vGKdWJsR2avZ_xoeGfBYB4C_YjX_Ulr5xlGhii4h2OWhJ_f2_3UkGgBCQ6pOtci-zTNqau4-/s1600/skipfish+screenshot.png" title="Skipfish Screenshot" width="640" /></a></div> <div style="text-align: justify;"> <b><i>Skipfish</i></b> is an active <b>web application security reconnaissance tool</b>. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> checks. The final report generated by the tool is meant to serve as a foundation for professional <a href="http://www.toolwar.com/search/label/Web" target="_blank">web application</a> security assessments. </div> <div style="text-align: justify;"> Key features: </div> <ul style="text-align: justify;"> <li><b>High speed</b>: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets. </li> </ul> <ul style="text-align: justify;"> <li><b>Ease of use</b>: heuristics to support a variety of quirky web <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">frameworks</a> and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion. </li> </ul> <ul style="text-align: justify;"> <li><b>Cutting-edge security logic</b>: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors. </li> </ul> <div style="text-align: justify;"> The tool is believed to support <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, FreeBSD, <a href="http://www.toolwar.com/search/label/Mac" target="_blank">MacOS X</a>, and <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (Cygwin) environments. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/kqx8rp7Cnwc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;">  </h3> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows | Mac | Linux ::</b> <a href="http://skipfish.googlecode.com/files/skipfish-2.10b.tgz" target="_blank">Skipfish v2.10b</a> (.tgz)</div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://code.google.com/p/skipfish/">http://code.google.com/p/skipfish/</a></div>

Skipfish (Web Application Security Scanner) :: Tools

Skipfish is an active web application security reconnaissance tool . It prepares an interactive sitemap for the targeted site by carryi...

Read more »

GoLismero (The Web Knife) :: Framework

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJYxDNAmrpLOxGHjpb6huddkmpfTYX3pDCUkzAP5ZvTN4YHVhKeSoNVz0mP3edsRRLaggj3y4jcannl6jCd928BDdVuz0XMqsJrc4uaybV2Vo1azKfWDoSHkN3sWgH2iEF7wp3DJ79MdTj/s1600/Golismero+WIndows+Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Golismero " border="0" height="380" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJYxDNAmrpLOxGHjpb6huddkmpfTYX3pDCUkzAP5ZvTN4YHVhKeSoNVz0mP3edsRRLaggj3y4jcannl6jCd928BDdVuz0XMqsJrc4uaybV2Vo1azKfWDoSHkN3sWgH2iEF7wp3DJ79MdTj/s1600/Golismero+WIndows+Screenshot.png" title="Golismero " width="640" /></a></div> <div style="text-align: justify;"> <b>GoLismero</b> is an open source framework for <a href="http://www.toolwar.com/search/label/Security" target="_blank"><b>security testing</b></a>. It's currently geared towards <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> security, but it can easily be expanded to other kinds of scans.</div> <div style="text-align: justify;"> The most interesting features of the <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> are:</div> <ul style="text-align: justify;"> <li>Real platform independence. Tested on <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, *BSD and <a href="http://www.toolwar.com/search/label/Mac" target="_blank">OS X</a>.</li> <li>No native library dependencies. All of the framework has been written in pure Python.</li> <li>Good performance when compared with other frameworks written in Python and other scripting languages.</li> <li>Very easy to use.</li> <li>Plugin development is extremely simple.</li> <li>The framework also collects and unifies the results of well known tools: <a href="http://www.toolwar.com/2013/09/sqlmap-tools.html" target="_blank">sqlmap</a>, xsser, <a href="http://www.toolwar.com/2013/09/openvas-is-advanced-open-source.html" target="_blank">openvas</a>, <a href="http://www.toolwar.com/2013/10/dnsrecon-tools.html" target="_blank">dnsrecon</a>, <a href="http://www.toolwar.com/2013/09/theharvester-tools.html" target="_blank">theharvester</a>...</li> <li>Integration with standards: CWE, CVE and OWASP.</li> <li>Designed for cluster deployment in mind (not available yet).</li> </ul> <h3> Tutorials ::</h3> <b>Installation :: </b> <br /> Strictly speaking, GoLismero doesn't require installation - only its dependencies do. So if you want to use it on a system where you don't have root privileges, you can ask the system administrator to install them for you, and just run the "git checkout" command on your home folder.<br /> <b>Briefly Tutorial of Installation :: </b> <a href="https://github.com/golismero/golismero">Click Here</a><br /> <b>Basic Usages ::</b> <a href="https://github.com/golismero/golismero" target="_blank">Click Here</a><br /> <h3> Download ::</h3> <b>Linux | Mac | Windows :: </b><a href="https://github.com/golismero/golismero/archive/master.zip" target="_blank">GoLismero Archive</a> (.zip)<b> </b><br /> <b>Official Website :: </b><a href="https://github.com/golismero/golismero" target="_blank">https://github.com/golismero/golismero</a>

GoLismero (The Web Knife) :: Framework

GoLismero is an open source framework for security testing . It's currently geared towards web security, but it can easily be expa...

Read more »

SAINT 8 (Security Auditing Suite) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="SAINT LOGO" border="0" height="107" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA7ITNbIsTcKUwW4ShEmmGIi_tc3r93_yUAm8uaCmmHsBBhYfr3EemJ8Cqkmicl1Fhpd9D3UxPy_DS7kuqAJEVvVADbttEn7PYmcWl3xA3gQEQWKeMojScYzNb7yO1L08sAs_4K6kEYXHm/s1600/SAINT.jpg" title="SAINT LOGO" width="200" /></div> <b>SAINT 8</b> is a <b>fully-integrated security tool suite</b> that combines <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability scanning</a>, with <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a>, social engineering tools and configuration assessments. Use the combined power of these tools to identify vulnerabilities on <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> devices, operating systems, desktop applications, <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web applications</a>, databases, and more; run packaged penetration tests through pre-configured policies, run vulnerability-specific exploits for target-directed investigation; execute social engineering through packaged exploit Tools; and execute platform-specific configuration auditing, using NIST’s SCAP standards and protocols.  <b>SAINT 8 </b>then provides a robust set of <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> and reporting features to perform ad hoc analytics, view strategic level results across 1 or many assessments, and then build reports from pre-defined templates, compliance reports or build your own custom reports from over 150 customizable settings. <b>SAINT's</b> current repository includes over 4,200 <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> checks and 900+ exploits - which span over 48,000 Common Vulnerability Exposures (CVEs), plus numerous vulnerabilities that do not currently have a CVE assigned. Vulnerability checks and exploit development is a daily activity, that includes delivery of new checks twice a week, through an automated plug-in. This agentless scanning solution can be delivered via a cloud-based version <b> (WebSAINT Pro 8)</b>, deployed standalone, shared as a server-based solution, or as a multi-<a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner</a> architecture for large enterprise or load balanced scanning.</div> <br /> <h3> Tutorials ::</h3> <b>Video Tutorial :: </b><a href="http://www.youtube.com/watch?v=ibW6gLNYrf8" target="_blank">Click Here </a><br /> <b>Exploit Tools List :: </b><a href="http://www.saintcorporation.com/solutions/exploitTools.html" target="_blank">Click Here</a><b></b><br /> <br /> <h3> Download :: </h3> <b>Windows :: </b><a href="https://www.saintcorporation.com/resources/requestEvaluation.html" target="_blank">Request a Evaluation Copy</a><b> </b><br /> <b>Official Website :: </b><a href="https://www.saintcorporation.com/products/SAINT8.html">https://www.saintcorporation.com/products/SAINT8.html</a><br /> <b>Submitted By :: </b>SAINT Corporation <br /> <div style="text-align: justify;"> <br /></div>

SAINT 8 (Security Auditing Suite) :: Framework

SAINT 8 is a fully-integrated security tool suite that combines vulnerability scanning , with penetration testing , social engineering ...

Read more »

Fragroute :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ7jo1_vjG2XgLQxevu8HSHLP5HXWK9U13ZtsPZ-8BjIWb42nfMZoi3lZP38PUekGaUY_b7EUj2OB5KGIYr97sJmVvd8ToD6esQTAUUuliELCScxrLNogl82uw6gc38sPZXclTroqB0vzd/s1600/fragroute.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="fragroute screenshot" border="0" height="235" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ7jo1_vjG2XgLQxevu8HSHLP5HXWK9U13ZtsPZ-8BjIWb42nfMZoi3lZP38PUekGaUY_b7EUj2OB5KGIYr97sJmVvd8ToD6esQTAUUuliELCScxrLNogl82uw6gc38sPZXclTroqB0vzd/s1600/fragroute.JPG" title="fragroute screenshot" width="400" /></a></div> <div style="text-align: justify;"> <b>Fragroute</b> intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998. </div> <div style="text-align: justify;"> It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. </div> <div style="text-align: justify;"> This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour. Please do not abuse this software. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <b> Required libraries ::</b> <br /> <ul> <li>libdnet </li> <li>libpcap </li> <li>libevent (for non-Windows platforms) </li> </ul> <div style="text-align: justify;"> <b>Installation :: </b><a href="http://www.monkey.org/~dugsong/fragroute/INSTALL" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <b>ManPage :: </b><a href="http://www.monkey.org/~dugsong/fragroute/fragroute.8.txt" target="_blank">Click Here</a><br /> <b>Video Tutorial :: </b> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/k7viy_NN8f4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://www.monkey.org/~dugsong/fragroute/fragroute-1.2.tar.gz" target="_blank">Fragroute v1.2</a> (.tar.gz)</div> <div style="text-align: justify;"> <b>Official Website :: </b> <a href="http://www.monkey.org/~dugsong/fragroute/">http://www.monkey.org/~dugsong/fragroute/</a></div>

Fragroute :: Tools

Fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in...

Read more »

SARA (Security Auditor's Research Assistant) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="SARA - Security Auditor's Research Assistant" border="0" height="328" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTrFtEfewv2qJbhJrO35NMjPReB75buAjazNxPAGzn_8ewu8Kl2MR6bqR7jOcWgPl2nauo85Ttm13awIkk-HKsG3RzQwwaqJLguI0HYkFQBNeOqERU6aVXWY7Iloxk6dJPbufNj51Rz3NM/s1600/network-security-tips.jpg" title="SARA - Security Auditor's Research Assistant" width="640" /></div> <div style="text-align: justify;"> The <b>Security Auditor's Research Assistant (SARA)</b> is a third generation <b>network security analysis tool</b> that that has been available and actively updated for over 10 years. Sadly, all good things have to come to an end and so it goes for SARA. <b>SARA 7.9.1</b> is our last release.(1 May 2009) Actually, SARA-7.9.2a is the final release (1 August 2009).<br /><br />SARA:</div> <ol style="text-align: justify;"> <li>    Operates under Unix, <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, <a href="http://www.toolwar.com/search/label/Mac" target="_blank">MAC OS/X</a> or <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (through coLinux) OS'.</li> <li>    Integrates the National Vulnerability Database (NVD).</li> <li>    Performs SQL injection tests.</li> <li>    Performs exhaustive XSS tests</li> <li>    Can adapt to many firewalled environments.</li> <li>    Support remote self scan and API facilities.</li> <li>    Used for CIS benchmark initiatives</li> <li>    Plug-in facility for third party apps</li> <li>    CVE standards support</li> <li>    Enterprise search module</li> <li>    Standalone or daemon mode</li> <li>    Free-use open SATAN oriented license</li> </ol> <div style="text-align: justify;"> The first generation assistant, the Security Administrator's Tool for Analyzing <a href="http://www.toolwar.com/search/label/Network" target="_blank">Networks</a> (SATAN) was developed in early 1995. It became the benchmark for <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">network security analysis</a> for several years. However, few updates were provided and the tool slowly became obsolete in the growing threat environment. <br /><br /><h3> Tutorials ::</h3> <b><span style="font-size: small;">Installation ::</span></b> <span style="font-weight: normal;"><a href="http://www-arc.com/sara/cosara/index.shtml" target="_blank">Click Here</a></span><br /> <h3> Download ::</h3> <b>Windows :: </b><a href="http://www-arc.com/sara/downloads/cosara/cosara-7.4.1.exe" target="_blank">coSARA v7.4.1</a> (.exe)<b><br />Linux :: </b><a href="http://www-arc.com/sara/downloads/sara-7.9.2a.tgz" target="_blank">SARA v7.9.2a</a> (.tar.gz)<b><br />Official Website :: </b><a href="http://www-arc.com/sara/">http://www-arc.com/sara/</a><br /><br /></div>

SARA (Security Auditor's Research Assistant) :: Tools

The Security Auditor's Research Assistant (SARA) is a third generation network security analysis tool that that has been available ...

Read more »

IronWASP (Web Application Advaced Security Testing Platform) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiIe0rfi3alWm5nNnOkzOsCwxWkvTGEZszoQ6V6CqzE9CWjbo_A4crurTQ2UKyOjm5HLNA9FL0P67Vjg2Rvnfuaj9HaEy5iky1SX9TfSfsJi_qC8Zn3KcLEp5JD_gC0J3Wo6HKzEwuAMrm/s1600/IronWASP+Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="IronWASP Screenshot" border="0" height="222" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiIe0rfi3alWm5nNnOkzOsCwxWkvTGEZszoQ6V6CqzE9CWjbo_A4crurTQ2UKyOjm5HLNA9FL0P67Vjg2Rvnfuaj9HaEy5iky1SX9TfSfsJi_qC8Zn3KcLEp5JD_gC0J3Wo6HKzEwuAMrm/s1600/IronWASP+Screenshot.png" title="IronWASP Screenshot" width="640" /></a></div> <b>IronWASP (Iron Web application Advanced Security testing Platform)</b> is an open source <a href="http://www.toolwar.com/search/label/System" target="_blank">system</a> for <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> application <a href="http://www.toolwar.com/search/label/Vulenrability" target="_blank">vulnerability</a> testing. It is designed to be customizable to the extent where users can create their own custom <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanners</a> using it. Though an advanced user with <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners. </div> <div style="text-align: justify;"> <b>IronWASP</b> has a plugin system that supports Python and Ruby. The version of Python and Ruby used in <b>IronWASP</b> is IronPython and IronRuby which is syntactically similar to CPython and CRuby. However some of the standard libraries might not be available, instead plugin authors can make use of the powerful IronWASP API.  </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>IronWASP Blog : : </b><a href="http://blog.ironwasp.org/" target="_blank">Click Here </a></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/yUoPRnEf22I?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;">  </h3> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="https://ironwasp.org/ironwasp.zip" target="_blank">IronWASP v0.9.7.5</a><b> </b>(.zip)</div> <div style="text-align: justify;"> <b>Linux :: </b></div> <div style="text-align: justify;"> <b><span style="font-family: "Courier New",Courier,monospace;">wget http://blog.anantshri.info/content/uploads/2013/01/ironwasp_installer.sh.txt -O ~/ironwasp_installer.sh && sh ~/ironwasp_installer.sh </span></b></div> <div style="text-align: justify;"> <b>Mac :: </b>IronWASP runs on Mac with <a href="http://www.codeweavers.com/products/">CrossOver</a>.</div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://ironwasp.org/">http://ironwasp.org/</a></div>

IronWASP (Web Application Advaced Security Testing Platform) :: Tools

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testin...

Read more »

Cisco Global Exploiter (CGE) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjE95qKAuiFSSG89yP0adW44_GbFhQyPv25VQtzfb0sXlcZULk_kYsSmrKlhrhZGj95J1CaXicGo9aMbA-IJhRw9fBfpplvCZg7YWDn-cmp9n3DCvhhPeuPYQ-IYA8jjcmpyRd95Mee7XKc/s1600/Cisco+Global+Exploiter.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="CISCO Global Exploiter" border="0" height="285" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjE95qKAuiFSSG89yP0adW44_GbFhQyPv25VQtzfb0sXlcZULk_kYsSmrKlhrhZGj95J1CaXicGo9aMbA-IJhRw9fBfpplvCZg7YWDn-cmp9n3DCvhhPeuPYQ-IYA8jjcmpyRd95Mee7XKc/s1600/Cisco+Global+Exploiter.PNG" title="CISCO Global Exploiter" width="320" /></a></div> <div style="text-align: justify;"> <b>Cisco Global Exploiter (CGE)</b>, is an advanced, simple and fast <a href="http://www.toolwar.com/search/label/Security" target="_blank"> security</a> testing tool/ exploit engine, that is able to exploit 14 <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank"> vulnerabilities</a> in disparate Cisco switches and routers.  CGE is <a href="http://www.toolwar.com/search/label/CLI" target="_blank">command-line</a> driven <a href="http://www.toolwar.com/2013/09/perl-language.html" target="_blank">perl </a>script which has a simple and easy to use front-end.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> CGE can exploit the following 14 vulnerabilities:</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[1] - Cisco 677/678 Telnet Buffer Overflow Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[2] - Cisco IOS Router Denial of Service Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[3] - Cisco IOS HTTP Auth Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[4] - Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability[5] - Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[6] - Cisco 675 Web Administration Denial of Service Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[7] - Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[8] - Cisco IOS Software HTTP Request Denial of Service Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[9] - Cisco 514 UDP Flood Denial of Service Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[10] - CiscoSecure ACS for Windows NT Server Denial of Service Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[11] - Cisco Catalyst Memory Leak Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[12] - Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[13] - 0 Encoding IDS Bypass Vulnerability (UTF)</span></div> <div style="text-align: justify;"> <span style="font-family: Times New Roman;">[14] - Cisco IOS HTTP Denial of Service Vulnerability</span></div> <div style="text-align: justify;"> <br /></div> <h3 style="margin-bottom: 0px; margin-top: 0px; text-align: justify;"> Tutorial :: </h3> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Installation:</b></div> <div style="text-align: justify;"> <span style="font-family: Courier New;">tar -zxvf cge-13.tar.gz</span></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b><span style="font-family: Times New Roman;">Execution:</span></b></div> <div style="text-align: justify;"> <span style="font-family: Courier New; font-size: x-small;">perl cge.pl <target> <vulnerability number></span></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Example output:</b></div> <div style="text-align: justify;"> <span style="font-size: x-small;"><span style="font-family: Courier New;">[root@hacker cge-13]# perl cge.pl 192.168.1.254 3</span><br /> <span style="font-family: Courier New;">Vulnerability successful exploited with [http://192.168.1.254/level/17/exec/....] ...</span></span></div> <div style="margin-bottom: 0px; margin-top: 0px; text-align: justify;"> The above is trying to exploit <span style="font-family: Times New Roman;">the Cisco IOS HTTP Auth Vulnerability and hopefully using the nice link provided we should have basic access to the switch we are attacking, (not enable):</span></div> <div style="margin-bottom: 0px; margin-top: 0px; text-align: justify;">   </div> <h3 style="margin-bottom: 0px; margin-top: 0px; text-align: justify;"> Download ::</h3> <div style="margin-bottom: 0px; margin-top: 0px; text-align: justify;"> <b>Linux :: </b><a href="http://packetstormsecurity.org/0405-exploits/cge-13.tar.gz" target="_blank">Cisco Global Exploiter</a> (.tar.gz)<b><br /></b></div> <div style="margin-bottom: 0px; margin-top: 0px; text-align: justify;"> <b>Official Website :: </b><a href="http://www.vulnerabilityassessment.co.uk/cge.htm">http://www.vulnerabilityassessment.co.uk/cge.htm</a></div>

Cisco Global Exploiter (CGE) :: Tools

Cisco Global Exploiter (CGE) , is an advanced, simple and fast security testing tool/ exploit engine, that is able to exploit 14...

Read more »

Advanced Encryption Package :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="encryption-window-algorithm-expanded" border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJ0GkaQws6zeP9BDAKJLLBj9oZrkk5m3h0V-j-MCgf5SnIhooYtvusIkM6347PhQZWuy9tQVYiEhoP4FdUG4Wakmw1cCrqnwMuO0TzXm9psLCcd6WqPlLHgKdbV4eFVaSo82gBFtvY14s-/s1600/encryption-window-algorithm-expanded.jpg" title="encryption-window-algorithm-expanded" width="387" /></div> <div style="text-align: justify;"> <b>Advanced Encryption Package</b> is a File <a href="http://www.toolwar.com/search/label/Encryption" target="_blank">encryption</a>, Secure File Transfer, Batch File Encryption and Encrypted Backups. <b>Advanced Encryption Package</b> adds new features to the context menu of <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> Explorer. As you can see on this screenshot, context menu has new menu item AEP and some subitems under this item: Encrypt, Decrypt, Create Self-Extracting File, Wipe. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Features ::</b></div> <div style="text-align: justify;"> <ul> <li><strong>Easy to use</strong> for novices. It integrates nicely with Windows Explorer and made easy for novices.</li> <li><strong>Strong and proven algorithms</strong> to protect your sensitive documents (20 encryption algorithms).</li> <li><strong>File</strong> and/or <strong>text</strong> encryption.</li> <li>Symmetric and asymmetric algorithms (17 data destruction algorithms).</li> <li><strong>Secure</strong> file <strong>deletion</strong>.</li> <li>Using <a href="http://www.toolwar.com/search/label/USB" target="_blank">USB</a> flash drives to store [en]-decryption keys.</li> <li>Creating <strong>encrypted self-extracting file</strong> to send it as <strong>email</strong> attachement. No additional software is required on other end!</li> <li>Complete <strong><a href="http://www.toolwar.com/search/label/CLI" target="_blank">command line</a> support</strong> to fully <strong>automate</strong> [en]-decryption tasks.</li> </ul> </div> <h3 style="text-align: justify;"> <b>  </b></h3> <h3> <b>Tutorials ::</b></h3> <b> How to Article :: </b><a href="http://www.aeppro.com/support/security-articles.shtml" target="_blank">Click Here</a><b> </b><br /> <h3> <b>Download ::</b></h3> <b>Windows :: </b><a href="http://www.aeppro.com/download/aep_setup.msi" target="_blank">Advanced Encryption Package Pro 2014</a> (.msi)<br /> <b>Official Website :: </b><a href="http://www.aeppro.com/products/aep.shtml" target="_blank">http://www.aeppro.com/products/aep.shtml</a>

Advanced Encryption Package :: Tools

Advanced Encryption Package is a File encryption , Secure File Transfer, Batch File Encryption and Encrypted Backups. Advanced Encryptio...

Read more »

DLL Hijack Auditor (Audit DLL Hijacking Vulnerability) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOMHBbtHY3M6lvqsdBgjSk97gxPEL_jkS-pkAh5TEJuqCY9FzYDNWnoURsXelk8hGovQ8lYwslQO2KHcGTN-_ojdmJ42ufcLJfz-U3TZ9vZzCfTJ7HrP4jFfCwaVRaSa2v93a91_Jkh7zO/s1600/dllhijackauditor_screenshot1_main_small.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="dllhijackauditor" border="0" height="303" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOMHBbtHY3M6lvqsdBgjSk97gxPEL_jkS-pkAh5TEJuqCY9FzYDNWnoURsXelk8hGovQ8lYwslQO2KHcGTN-_ojdmJ42ufcLJfz-U3TZ9vZzCfTJ7HrP4jFfCwaVRaSa2v93a91_Jkh7zO/s1600/dllhijackauditor_screenshot1_main_small.jpg" title="dllhijackauditor" width="400" /></a></div> <div style="text-align: justify;"> <b>Dll Hijack Auditor</b> is the smart tool to <b>Audit against the Dll Hijacking Vulnerability</b> in any <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> application. This is one of the critical security issue affecting almost all Windows systems. Though most of the apps have been fixed, but still many Windows applications are susceptible to this <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> which can allow any attacker to completely take over the system. DllHijackAuditor helps in discovering all such Vulnerable Dlls in a Windows application which otherwise can lead to successful exploitation resulting in total compromise of the system.<br /><br />With its simple <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI interface</a> <b>DllHijackAuditor</b> makes it easy for anyone to instantly perform the auditing operation. It also presents detailed technical Audit report which can help the developer in fixing all vulnerable points in the application. <b>DllHijackAuditor</b> is a standalone portable application which also comes with Installer for local Installation & Uninstallation of software. </div> <div style="text-align: justify;"> It works on wide range of platforms starting from Windows XP to latest operating system, Windows 8.<br /><h3> Features ::</h3> <ul> <li>Here are some of the smart features of<b> DllHijackAuditor,</b></li> <li>Directly & Instantly audit any Windows Application.</li> <li>Allows complete testing to uncover all Vulnerable points in the target Application</li> <li>Smart <a href="http://www.toolwar.com/search/label/Debugger" target="_blank">Debugger</a> based 'Interception Engine' for consistent and efficent performance without intrusion.</li> <li>Support for specifying as well as auditing of application with custom & multiple Extensions.</li> <li>Timeout Configuration to alter the waiting time for each Application.</li> <li>Generates complete auditing report (in HTML format) about all vulnerable hijack points in the Application.</li> <li>GUI based tool, makes it easy for anyone with minimum knowledge to perform the auditing operation.</li> <li>Does not require any special privilege for auditing of the application (unless target application requires)</li> <li>Free from Antivirus as it does not use any shellcodes or exploit codes which trigger Antivirus to terminate the operation.</li> <li>Fully portable tool which can be run directly on any system.</li> <li>Support for local Installation and uninstallation of the software. </li> </ul> <h3> Tutorials :: </h3> </div> <div style="text-align: justify;"> <b>Installation & Uninstallation ::</b><br />It comes with simple Instaler that helps you to install it locally on your system for regular usage. It has intuitive setup wizard which guides you through series of steps in completion of installation. At any point of time, you can uninstall the product using the Uninstaller located at following location (by default)</div> <div style="text-align: justify;"> <br />[Windows 32 bit]<br />C:\Program Files\SecurityXploded\DllHijackAuditor<br /><br />[Windows 64 bit]<br />C:\Program Files (x86)\SecurityXploded\DllHijackAuditor<br /><br /><b>How to use ::</b><br /><ul> <li>Here are simple tests to use <b>DllHijackAuditor</b> for auditing of any Windows application.</li> <li>Launch the DllHijackAuditor after copying it or installing it on your local system. </li> <li>Now click on 'Browse' button to select application and then click on 'Start Audit' to begin the operation.</li> <li>Next click on 'Exploit' button (only if it has found any vulnerable DLLs in the previous phase) to perform real Exploitation test.</li> <li>Finally click on 'Report' button to generate complete Audit report. </li> </ul> You can tick the check box ( 'Do not terminate application' ) to make DllHijackAuditor to wait until you perform complete testing of all vulnerable points within the application. Once you are done with the testing, close the application so that <b>DllHijackAuditor</b> will continue with auditing operation.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Video :: </b></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/EBXGA8eMrT4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <b> </b></div> <div style="text-align: justify;"> <h3> <b>Download ::</b></h3> </div> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://securityxploded.com/download-file.php?id=7777" target="_blank">DLL Hijack Auditor v3.0 </a><b><br /></b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://securityxploded.com/dllhijackauditor.php">http://securityxploded.com/dllhijackauditor.php</a></div>

DLL Hijack Auditor (Audit DLL Hijacking Vulnerability) :: Tools

Dll Hijack Auditor is the smart tool to Audit against the Dll Hijacking Vulnerability in any Windows application. This is one of the c...

Read more »

SSLsplit (MITM Attack against SSL/TLS) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="sslsplit" border="0" height="220" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiKnDa1SmFAz2I_uUyfY8OE-KawIYa9Rk7T3wbyfUM42-zCwgo1Hs18FThDil200FpKE2OdkcCO9Uvk0_lHGNieQuDLgJxQVuvj7VN0Yhxbtky5w-AyzRHrrqWZB4Qrf8q5dafKyblfRnO/s1600/SSLsplit.jpg" title="sslsplit" width="400" /></div> <div style="text-align: justify;"> <span style="font-family: inherit;"><b>SSLsplit</b> is a tool for <b><a href="http://www.toolwar.com/search/label/MITM" target="_blank">man-in-the-middle attacks</a> against SSL/TLS</b> encrypted <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. <b>SSLsplit</b> terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensics</a> and <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a>.</span></div> <br /> <div style="text-align: justify;"> <span style="font-family: inherit;"><b>SSLsplit </b>supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. <b>SSLsplit</b> fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. <b>SSLsplit </b>can also use existing certificates of which the private key is available, instead of generating forged ones. <b>SSLsplit</b> supports NULL-prefix CN certificates and can deny OCSP requests in a generic way. SSLsplit removes HPKP response headers in order to prevent public key pinning.</span></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Installation ::</b></div> <div style="text-align: justify;"> SSLsplit is or will be available as a package or port on the following systems:</div> <ul style="text-align: justify;"> <li>OpenBSD: security/sslsplit</li> <li>Arch Linux AUR: sslsplit</li> <li>Fedora: sslsplit</li> <li>Kali: sslsplit</li> <li>Backtrack: sslsplit</li> </ul> <div style="text-align: justify;"> <b>To install from source:</b></div> <div style="text-align: justify;"> <pre><code class=" ruby">make make <span class="keymethods">test</span> <span class="comment"># optional unit tests</span> make install <span class="comment"># optional install</span> </code></pre> </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Usage ::</b></div> <div style="text-align: justify;"> <pre><code class=" sql">% sslsplit -h <span class="keyword">Usage</span>: sslsplit [options...] [proxyspecs...] -c pemfile use CA cert (<span class="keyword">and</span> <span class="keyword">key</span>) <span class="keyword">from</span> pemfile <span class="keyword">to</span> sign forged certs -k pemfile use CA <span class="keyword">key</span> (<span class="keyword">and</span> cert) <span class="keyword">from</span> pemfile <span class="keyword">to</span> sign forged certs -C pemfile use CA chain <span class="keyword">from</span> pemfile (intermediate <span class="keyword">and</span> root CA certs) -K pemfile use <span class="keyword">key</span> <span class="keyword">from</span> pemfile <span class="keyword">for</span> leaf certs (<span class="keyword">default</span>: generate) -t certdir use cert+chain+<span class="keyword">key</span> PEM files <span class="keyword">from</span> certdir <span class="keyword">to</span> target <span class="keyword">all</span> sites matching the common <span class="keyword">names</span> (non-matching: generate if CA) -O deny <span class="keyword">all</span> OCSP requests <span class="keyword">on</span> <span class="keyword">all</span> proxyspecs -P passthrough SSL connections if they cannot be split because <span class="keyword">of</span> client cert auth <span class="keyword">or</span> <span class="keyword">no</span> matching cert <span class="keyword">and</span> <span class="keyword">no</span> CA (<span class="keyword">default</span>: <span class="keyword">drop</span>) -g pemfile use DH <span class="keyword">group</span> params <span class="keyword">from</span> pemfile (<span class="keyword">default</span>: keyfiles <span class="keyword">or</span> auto) -G curve use ECDH named curve (<span class="keyword">default</span>: secp160r2 <span class="keyword">for</span> non-RSA leafkey) -Z disable SSL/TLS compression <span class="keyword">on</span> <span class="keyword">all</span> connections -s ciphers use the given OpenSSL cipher suite spec (<span class="keyword">default</span>: <span class="keyword">ALL</span>:-aNULL) -e engine specify <span class="keyword">default</span> NAT engine <span class="keyword">to</span> use (<span class="keyword">default</span>: ipfw) -E list available NAT engines <span class="keyword">and</span> exit -u <span class="keyword">user</span> <span class="keyword">drop</span> <span class="keyword">privileges</span> <span class="keyword">to</span> <span class="keyword">user</span> (<span class="keyword">default</span> if run <span class="keyword">as</span> root: nobody) -j jaildir chroot() <span class="keyword">to</span> jaildir (<span class="keyword">default</span> if run <span class="keyword">as</span> root: /var/empty) -p pidfile <span class="keyword">write</span> pid <span class="keyword">to</span> pidfile (<span class="keyword">default</span>: <span class="keyword">no</span> pid file) -l logfile <span class="keyword">connect</span> log: log one line summary per <span class="keyword">connection</span> <span class="keyword">to</span> logfile -L logfile content log: <span class="keyword">full</span> data <span class="keyword">to</span> file <span class="keyword">or</span> named pipe (excludes -S) -S logdir content log: <span class="keyword">full</span> data <span class="keyword">to</span> separate files <span class="keyword">in</span> dir (excludes -L) -d daemon mode: run <span class="keyword">in</span> background, log error messages <span class="keyword">to</span> syslog -D debug mode: run <span class="keyword">in</span> foreground, log debug messages <span class="keyword">on</span> stderr -V print version information <span class="keyword">and</span> exit -h print <span class="keyword">usage</span> information <span class="keyword">and</span> exit proxyspec = type listenaddr+port [natengine|targetaddr+port|<span class="string">"sni"</span>+port] e.g. http <span class="number">0.0</span>.<span class="number">0.0</span> <span class="number">8080</span> www.roe.ch <span class="number">80</span> # http/<span class="number">4</span>; static hostname dst https ::<span class="number">1</span> <span class="number">8443</span> <span class="number">2001</span>:db8::<span class="number">1</span> <span class="number">443</span> # https/<span class="number">6</span>; static address dst https <span class="number">127.0</span>.<span class="number">0.1</span> <span class="number">9443</span> sni <span class="number">443</span> # https/<span class="number">4</span>; SNI DNS lookups tcp <span class="number">127.0</span>.<span class="number">0.1</span> <span class="number">10025</span> # tcp/<span class="number">4</span>; <span class="keyword">default</span> NAT engine ssl <span class="number">2001</span>:db8::<span class="number">2</span> <span class="number">9999</span> pf # ssl/<span class="number">6</span>; NAT engine <span class="string">'pf'</span> Example: sslsplit -k ca.<span class="keyword">key</span> -c ca.pem -P https <span class="number">127.0</span>.<span class="number">0.1</span> <span class="number">8443</span> https ::<span class="number">1</span> <span class="number">8443</span></code></pre> </div> <div style="text-align: justify;"> <code class=" sql"><span style="font-family: "Courier New",Courier,monospace;"><b><span style="font-weight: normal;"><span class="number"><br /></span></span></b></span> </code></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Requirements ::</h3> <div style="text-align: justify;"> SSLsplit depends on the OpenSSL and libevent 2.x libraries. The build depends on GNU make and a POSIX.2 environment in <code>PATH</code>. The (optional) unit tests depend on the check library.</div> <div style="text-align: justify;"> SSLsplit currently supports the following operating systems and NAT engines:</div> <ul style="text-align: justify;"> <li>FreeBSD: pf rdr and divert-to, ipfw fwd, ipfilter rdr</li> <li>OpenBSD: pf rdr-to and divert-to</li> <li>Linux: netfilter REDIRECT and TPROXY</li> <li>Mac OS X: ipfw fwd and pf rdr (experimental)</li> </ul> <h3> Download ::</h3> <b>Linux :: </b><a href="http://mirror.roe.ch/rel/sslsplit/sslsplit-0.4.8.tar.bz2" target="_blank">SSLsplit v0.4.8</a> (.tar.bz2)<b><br /></b><br /> <b>Official Website ::</b> <a href="http://www.roe.ch/SSLsplit">http://www.roe.ch/SSLsplit</a><br /><code class=" ruby"><span class="comment"></span> </code>

SSLsplit (MITM Attack against SSL/TLS) :: Tools

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently interc...

Read more »

Rootkit Hunter (Rootkit Scanner) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <b><img alt="rootkit hunter logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmAKcX4SzdyaNdf4DapqpG3d1wMIQl85Bf0MAAPmJDtEku0X-3BPe_s9_ozZkwyHMyJrfIXdORod7eI9TGZejFbegPFldu185F6m872hTfpFEgo8CPqIQPMyFm9ltA2FzzD6V9PhSLSoVP/s1600/Rkhunter.jpg" title="rootkit hunter logo" /></b></div> <b>Rootkit Hunter</b> is <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanning tool</a> to ensure you for about 99.9%* you're clean of nasty <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>. This tool <i>scans for <a href="http://www.toolwar.com/search/label/Rootkit" target="_blank">rootkits</a>, backdoors and local exploits</i> by running tests like:<br /> <br />     - MD5 <a href="http://www.toolwar.com/search/label/Hash" target="_blank">hash</a> compare<br />     - Look for default files used by rootkits<br />     - Wrong file permissions for binaries<br />     - Look for suspected strings in LKM and KLD modules<br />     - Look for hidden files<br />     - Optional scan within plaintext and binary files<br /> <br /> <b>Rootkit Hunter</b> is released as GPL licensed project and free for everyone to use.* No, not really 99.9%.. It's just another security layer<br /> <br /> <b>System requirements:</b><br />     - Compatible operating system (see 'Supported operating systems')<br />     - Bourne Again Shell (BASH)<br /> <br /> <b>Supported operating systems ::</b><br /> - Most <a href="http://www.toolwar.com/search/label/Distribution" target="_blank">Linux distributions</a><br /> - Most *BSD distributions</div> <div style="text-align: justify;"> <h3> Tutorial ::</h3> <b>Scanning Techniques :: </b><a href="http://www.rootkit.nl/articles/rootkit_scanning_techniques.html" target="_blank">Click Here</a><br /> <b>Documentations :: </b><a href="http://www.rootkit.nl/files/rootkit_documentation.html" target="_blank">Click Here</a><br /> <b>Video Tutorial ::</b>  <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/5ngeBpeRros?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> </div> <div style="text-align: justify;"> <h3> Download ::</h3> </div> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://sourceforge.net/projects/rkhunter/files/latest/download" target="_blank">RootKit Hunter v1.4.0</a> (.tar.gz)<b> </b></div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://www.rootkit.nl/projects/rootkit_hunter.html">http://www.rootkit.nl/projects/rootkit_hunter.html</a></div>

Rootkit Hunter (Rootkit Scanner) :: Tools

Rootkit Hunter is scanning tool to ensure you for about 99.9%* you're clean of nasty tools . This tool scans for rootkits , backdoo...

Read more »

Lynis (Security and System Auditing) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPJSrg2v61K-1SHIewex9MB7DLBAqrgKTy2REJhuc1jyKxL99Tia_vx44VmSeUWWxbHdgZtEVAjWn5GUbxWD9dLfe1o2Suta4Ww_ZgfvwIITFiR8JkMpR5A-ZkTq17LVggAJlfumpTReoW/s1600/lynis-screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="lynis screenshot" border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPJSrg2v61K-1SHIewex9MB7DLBAqrgKTy2REJhuc1jyKxL99Tia_vx44VmSeUWWxbHdgZtEVAjWn5GUbxWD9dLfe1o2Suta4Ww_ZgfvwIITFiR8JkMpR5A-ZkTq17LVggAJlfumpTReoW/s320/lynis-screenshot.png" title="lynis screenshot" width="400" /></a></div> <div style="text-align: justify;"> <b>Lynis</b> is a <b><i>Security and system auditing tool</i> </b>to harden <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> systems. <b>Lynis</b> is an <b>auditing tool </b>for Unix/Linux (specialists). It scans the <a href="http://www.toolwar.com/search/label/System" target="_blank">system</a> and available software and performs many individual <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> checks. It determines the hardening state of the machine and <a href="http://www.toolwar.com/search/label/Detect" target="_blank">detects</a> security issues. Beside security related information it will also scan for general system information, installed packages and possible configuration errors. <b>Lynis</b> is a <a href="http://www.toolwar.com/search/label/Security" target="_blank">security tool</a> to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks, looks for installed software and determines compliance to standards. Also will it detects security issues and errors in configuration. At the end of the scan it will provide the warnings and suggestions to help you improving the security defense of your systems.<br /> <br /> This software aims in assisting automated auditing, hardening, software patch management, <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> and <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> scanning of Unix/Linux based systems. It can be run without prior installation, so inclusion on read only storage is possible (<a href="http://www.toolwar.com/search/label/USB" target="_blank">USB</a> stick, cd/dvd).<br /> <br /> <b>Lynis </b>assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits.<br /> <br /> <b>Intended audience:</b><br /> Security specialists, penetration testers, system auditors, system/network managers.<br /> <br /> <b>Examples of audit tests:</b><br /> - Available authentication methods<br /> - Expired SSL certificates<br /> - Outdated software<br /> - User accounts without password<br /> - Incorrect file permissions<br /> - Configuration errors<br /> - Firewall auditing<br /> <br /> <b>Current state:</b><br /> Stable releases are available, development is active.<br /> <h3> Tutorials :: </h3> <b>Documentation :: </b><a href="http://www.rootkit.nl/files/lynis-documentation.html" target="_blank">Click Here</a> </div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/FgkC4k1kJaE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <h3> <b>Download </b></h3> <b>Linux ::</b> <a href="http://cisofy.com/files/lynis-1.4.0.tar.gz" target="_blank">Llynis-1.4.0</a> (.tar.gz)</div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.rootkit.nl/projects/lynis.html" target="_blank">http://www.rootkit.nl/projects/lynis.html </a></div> </div>

Lynis (Security and System Auditing) :: Tools

Lynis is a Security and system auditing tool to harden Linux systems. Lynis is an auditing tool for Unix/Linux (specialists). It sca...

Read more »

PuTTY (SSH and Telnet Client) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="putty logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3zvoJcKewErjVHSTjvbSDUjRlAnvLx8DNoFccuOvxFsCFHnuKCMJYOJ1NrhyfEBId03fqOnulo2MIoeDxqIbix4vgflC093Md_UhkccEcdQQ4NZiRT5mNwvddKjRoz6N4izQD-ufOng6j/s1600/putty+logo.png" title="putty logo" /></div> <div style="text-align: justify;"> <b>PuTTY</b> is a free <b>implementation of Telnet and SSH for Windows and Unix</b> platforms, along with an <code>xterm</code> terminal emulator. It is written and maintained primarily by Simon Tatham. </div> <div style="text-align: justify;"> <b>PuTTY</b> is a free and <i>open-source terminal emulator</i>, serial console and <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> file transfer application. It supports several network <a href="http://www.toolwar.com/search/label/Protocol" target="_blank">protocols</a>, including SCP, SSH, Telnet and rlogin. The name "<b>PuTTY</b>" has no definitive meaning, though "tty" is the name for a terminal in the Unix tradition, usually held to be short for Teletype.<br /> <br /> <b>PuTTY</b> was originally written for Microsoft <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, but it has been ported to various other operating systems. Official ports are available for some Unix-like platforms, with work-in-progress ports to Classic Mac OS and <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac</a> OS X, and unofficial ports have been contributed to platforms such as Symbian and Windows Mobile.<br /> </div> <h3 style="text-align: justify;"> Tutorials :: </h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/9CZphjhQxIQ?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe" target="_blank">PuTTY x86</a> <b>(.exe)</b></div> <div style="text-align: justify;"> <b>Unix :: </b><a href="http://the.earth.li/~sgtatham/putty/latest/putty-0.63.tar.gz" target="_blank">PuTTY</a><b> (.tar.gz)</b></div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/">http://www.chiark.greenend.org.uk/~sgtatham/putty/</a></div>

PuTTY (SSH and Telnet Client) :: Tools

PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator. It is written ...

Read more »

WormTrack (Network IDS) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="wormtrack " border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhS_UOobtkh2f05uE8fyvAf88MMYAlPr8YiidihA2xGZvHZMsYhmnbVhGG_lwY9beh6w82FX9GdK-B4yEJK56j-SYiyBfKseSVHH6hyc4cS5aWRJgwp1oGurg46HM1l9BIs7JRt2d_jPsWn/s1600/WormTrack.jpg" title="wormtrack " width="400" /></div> <b>WormTrack</b> is a <b>Network based intrusion detection system (NIDS)</b> designed to identify scanning activity on the <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>, in particular of <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanning</a> worms (horizontal scanning of the network). It attempts to do that WITHOUT having any type of privileged access to the network equipment, for example a MONITOR port on a switch. It also doesn't require a constant updating of its signature engine, as new threats are released, since it is based on <a href="http://www.toolwar.com/search/label/Detect" target="_blank">detection</a> of anomalous activity - which all Worms, that propagate through the network, would exhibit in order to survive and spread efficiently. A <b>Network IDS </b>which allows detection of scanning worms on a Local Area Network by <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">monitoring</a> of anomalous ARP traffic. This allows detection of scanning threats on the network, without having a privileged access on a Switch to set up a dedicated Monitor PORT, nor does it require a constant updating of the rules engine to address new threats. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>General Info & Configuration :: </b><a href="http://code.google.com/p/wormtrack/wiki/GeneralInfo" target="_blank">Click Here</a> </div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://wormtrack.googlecode.com/files/wormtrack-0.1.tar.gz" target="_blank">WormTrackv0.1</a> (.tar.gz)<b><br /></b></div> <div style="text-align: justify;"> <b>Source Website ::</b><a href="http://code.google.com/p/wormtrack/" target="_blank"> http://code.google.com/p/wormtrack/</a></div>

WormTrack (Network IDS) :: Tools

WormTrack is a Network based intrusion detection system (NIDS) designed to identify scanning activity on the network , in particular o...

Read more »

Pytbull (IDS/IPS Testing) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;">  <img alt="pytbull ids mode" border="0" height="291" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBUJPMHKujz46n6sRck2NZDM075hEsNEerHmckZ-25awz2AFXTsWET-KZg7ngqkBZi0hpKmBHgm9_EwaLliZYrhmFPjNhRYcjqM3beHBHH4szekg9xDZKMPb1parSaCEd4KfgunPEj-e4f/s1600/pytbull-ids-mode.png" title="pytbull ids mode" width="400" /></div> <b>Pytbull</b> is an <b>Intrusion Detection/Prevention System (IDS/IPS) testing framework</b> for <i><a href="http://www.toolwar.com/2013/09/snort-tools_7.html" target="_blank">Snort</a> and Suricata.</i> We all know the greatness of these two projects. Even though it concentrates on Snort and Suricata, it can possibly be used to test the <a href="http://www.toolwar.com/search/label/Detect" target="_blank">detection</a> and blocking capabilities of other <b><a href="http://www.toolwar.com/search/label/IDS" target="_blank">IDS</a>/<a href="http://www.toolwar.com/search/label/IPS" target="_blank">IPS</a></b> also. You can also use it to compare IDS/IPS, or compare their configuration modifications or to simply check/validate configurations. The <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> is well equipped with about 300 tests grouped in 8 testing modules, such as:You've just set up your Intrusion Detection/Prevention System (IDS/IPS) and feel "Now I'm secure". But how can you be so sure? And how much do you trust your IDS/IPS?</div> <div style="text-align: justify;"> The only way to ensure your <b>IDS/IPS</b> detects and blocks unwanted traffic is to test it with specific payloads and <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>, but this job can take hours or even days...</div> <div style="text-align: justify;"> Why all this pain? Here is where pytbull comes in!</div> <div style="text-align: justify;"> <b>Pytbull</b> is a <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a> based flexible IDS/IPS <a href="http://www.toolwar.com/search/label/Testing" target="_blank">testing</a> framework shipped with more than 300 tests, grouped in 9 modules, covering a large scope of attacks (clientSideAttacks, testRules, badTraffic, fragmentedPackets, multipleFailedLogins, evasionTechniques, shellCodes, denialOfService, pcapReplay)</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/_zS1f-F9niw?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux ::</b> <a href="https://downloads.sourceforge.net/project/pytbull/pytbull-2.0.tar.bz2" target="_blank">Pytbull v2.0</a> (.tar.bz2)</div> <div style="text-align: justify;"> <b>Official Website :: </b>http://pytbull.sourceforge.net/ </div>

Pytbull (IDS/IPS Testing) :: Framework

  Pytbull is an Intrusion Detection/Prevention System (IDS/IPS) testing framework for Snort and Suricata. We all know the greatness o...

Read more »

MobiSec (Mobile Penetration Testing) :: Distribution

<div class="separator" style="clear: both; text-align: center;"> <img alt="MobiSec Logo" border="0" height="290" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW59x4V_GWksXI63xJZsmQMOSfrNW-Ii9BKcCHQs0KpNexigf5nqIW5Pt5JcSmZpM7Uxe08zCrygo5pOcxAKd1lXE3ahraIJm1PGjx0zhX1wk_aVJwBdE77smzaA_kljI8pBqlY8MP4d_L/s1600/MobiSec+Logo.jpg" title="MobiSec Logo" width="400" /></div> <div style="text-align: justify;"> The <b>MobiSec</b> Live Environment <b>Mobile Testing open source project</b> is a live environment for testing <a href="http://www.toolwar.com/search/label/Phone" target="_blank">mobile</a> environments, including devices, applications, and supporting infrastructure. The purpose is to provide attackers and defenders the ability to test their mobile environments to identify design weaknesses and vulnerabilities.</div> <div style="text-align: justify;"> <b>MobiSec</b> provides a single environment for testers to leverage the best of all available open source <a href="http://www.toolwar.com/search/label/Phone" target="_blank">mobile testing tools</a>, as well as the ability to install additional <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> and platforms, that will aid the penetration tester through the testing process as the environment is structured and organized based on an industry-proven testing <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a>. Using a live environment provides penetration testers the ability to boot the <b>MobiSec</b> Live Environment on any Intel-based system from a DVD or USB flash drive, or run the test environment within a virtual machine.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>MobiSec</b> is a <b>bootable Linux distribution</b> that penetration testers, ethical hackers, and other information <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> pros can use to evaluate and analyze mobile devices, applications, and supporting infrastructures. Created by <b>SecureIdeas</b>, the <b>MobiSec framework</b> lets you test mobile environments to identify design weaknesses and vulnerabilities, all with the goal of improving security. Instead of you having to download countless tools, install them in your own environment, and then troubleshoot interoperability issues, the <b>MobiSec</b> team has done all of that work for you, pulling together best-of-breed free tools for mobile device and infrastructure <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> into one handy distribution.</div> <div style="text-align: justify;"> The <b>MobiSec</b> Live Environment includes the following capabilities:</div> <ul style="text-align: justify;"> <li>Creates a single environment for testers to leverage the best of all available open source mobile testing tools</li> <li>Allows installation of additional tools and platforms</li> <li>Assists the penetration tester throughout the testing process as the environment is structured and organized based on an industry-proven testing framework</li> <li>Provides penetration testers the ability to boot the MobiSec Live Environment on any x86- or x64-based system from a DVD or <a href="http://www.toolwar.com/search/label/USB" target="_blank">USB flash drive</a>, or run the test environment within a <a href="http://www.toolwar.com/search/label/Virtual" target="_blank">virtual machine</a></li> </ul> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/n1GlXOvBuqg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://sourceforge.net/projects/mobisec/files/latest/download" target="_blank">MobiSec 1.1</a> (.iso)</div> <div style="text-align: justify;"> <b>Official Website :: </b>http://mobisec.professionallyevil.com/</div>

MobiSec (Mobile Penetration Testing) :: Distribution

The MobiSec Live Environment Mobile Testing open source project is a live environment for testing mobile environments, including d...

Read more »