Echo Mirage 3.1 :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifvB-lq7ocGqBXR7di9weB76khloj25f-AdTfIHjMhY1mlB5EDYxX5kz5DJnyRjhDaI2IfKRsb65SReUbaFQn-CqfpIec1dx1biJwetM3rFPQHtE5dLix-SIWXUaIbKm9jlayP2-4whOkm/s1600/Echo+Mirage.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Download Echo Mirage" border="0" height="219" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifvB-lq7ocGqBXR7di9weB76khloj25f-AdTfIHjMhY1mlB5EDYxX5kz5DJnyRjhDaI2IfKRsb65SReUbaFQn-CqfpIec1dx1biJwetM3rFPQHtE5dLix-SIWXUaIbKm9jlayP2-4whOkm/s320-rw/Echo+Mirage.jpg" title="Echo Mirage 3.1 from ToolWar" width="320" /></a></div> <div style="text-align: justify;"> <b>Echo Mirage</b> is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function calls so that data transmitted and received by local applications can be observed and modified.<br /><br />Windows encryption and OpenSSL functions are also hooked so that plain text of data being sent and received over an encrypted session is also available.<br /><br />Traffic can be intercepted in real-time, or manipulated with regular expressions and action scripts.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> Note: Echo Mirage is no longer available from author. Here is the archived copy of it. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>License: </b>Freeware<b> </b></div> <div style="text-align: justify;"> <b>Download:: </b><a href="http://woodmann.com/collaborative/tools/images/Bin_Echo_Mirage_2014-1-11_17.28_EchoMirage-3.1.rar" rel="nofollow" target="_blank">Echo Mirage 3.1</a> (.exe) </div> <div style="text-align: justify;"> <br /></div>

Echo Mirage 3.1 :: Tools

Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function call...

Read more »

File Checksum Integrity Verifier (FCIV) :: Tools

<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifiuoVgmPKnVv9FUPZCSghpYzLaUQwzuaKU8v8skrGBuWZoj41I7sJPa5FdwMXd-6eNTmk1tDeez_445FFajOVtFnJ41J5DDpJt86mLlt_wOEi4IlFikSdtZmR1TuI6jvApYPg6gM-Gx52/s1600/File+Checksum+Integrity+Verifier+FCIV.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="File Checksum Integrity Verifier (FCIV)" border="0" height="299" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifiuoVgmPKnVv9FUPZCSghpYzLaUQwzuaKU8v8skrGBuWZoj41I7sJPa5FdwMXd-6eNTmk1tDeez_445FFajOVtFnJ41J5DDpJt86mLlt_wOEi4IlFikSdtZmR1TuI6jvApYPg6gM-Gx52/s640-rw/File+Checksum+Integrity+Verifier+FCIV.JPG" title="File Checksum Integrity Verifier (FCIV)" width="640" /></a></div><div style="text-align: justify;">The File Checksum Integrity Verifier (FCIV) is a command-prompt utility that computes and verifies cryptographic hash values of files. FCIV can compute MD5 or SHA-1 cryptographic hash values. These values can be displayed on the screen or saved in an XML file database for later use and verification.</div><div style="text-align: justify;">FCIV (File Checksum Integrity Verifier) is a small tool or utility from Microsoft that allow us to compute (MD5 and SHA1) and verify Integrity of files. If you are a malware analyst or a researcher or a user who want secure things then you can done a fabulous things with this small utility.</div><h3 class="sbody-h3" style="text-align: justify;">Features</h3><div style="text-align: justify;">The FCIV utility has the following features:</div><ul class="sbody-free_list"><li style="text-align: justify;"> Supports MD5 or SHA1 hash algorithms (The default is MD5.)</li> <li style="text-align: justify;"> Can output hash values to the console or store the hash value and file name in an XML file</li> <li style="text-align: justify;">Can recursively generate hash values for all files in a directory and in all subdirectories (for example, <span class="text-base">fciv.exe c:\ -r</span>)</li> <li style="text-align: justify;">Supplies an exception list to specify files or directories to hash</li> <li style="text-align: justify;">Can store hash values for a file with or without the full path of the file</li> </ul><h3> Example usage</h3><ul class="sbody-free_list"><li>To display the MD5 hash of a file, type the following command at a command prompt: <div class="indent"><span class="sbody-userinput">fciv.exe <var class="sbody-var">filename</var></span></div><span class="text-base">Note </span><var class="sbody-var"> filename</var> is the name of the file.</li> <li>To compute a hash of a file, type a command line that is similar to any one of the following command lines: <div class="indent"><span class="sbody-userinput">fciv.exe c:\mydir\<var class="sbody-var"><var class="sbody-var">myfile.dll</var></var></span><br /> <br /> <span class="sbody-userinput">fciv.exe c:\ -r -exc exceptions.txt -sha1 -xml dbsha.xml</span><br /> <br /> <span class="sbody-userinput">fciv.exe c:\<var class="sbody-var">mydir</var> -type *.exe</span><br /> <br /> <span class="sbody-userinput">fciv.exe c:\<var class="sbody-var">mydir</var> -wp -both -xml db.xml</span></div></li> <li>To list the hashes that are stored in a database, type a command line that is similar to the following command line: <div class="indent"><span class="sbody-userinput">fciv.exe -list -sha1 -xml db.xml</span></div></li> <li>To verify a hash in a file, type a command line that is similar to any one of the following command lines: <div class="indent"><span class="sbody-userinput">fciv.exe -v -sha1 -xml db.xml</span><br /> <br /> <span class="sbody-userinput">fciv.exe -v -bp c:\<var class="sbody-var">mydir</var> -sha1 -xml db.xml</span></div></li> </ul><h3>Video Tutorial::</h3><br /> <div class="separator" style="clear: both; text-align: center;"><br /> <iframe width="100%" height="330" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/sOtnut9wM38/0.jpg" src="https://www.youtube.com/embed/sOtnut9wM38?feature=player_embedded" frameborder="0" allowfullscreen></iframe></div><br /> <h3>Download ::</h3><b>Windows:</b> <a href="http://www.microsoft.com/en-in/download/details.aspx?id=11533" rel="nofollow" target="_blank">Microsoft FCIV</a>

File Checksum Integrity Verifier (FCIV) :: Tools

The File Checksum Integrity Verifier (FCIV) is a command-prompt utility that computes and verifies cryptographic hash values of files. FCI...

Read more »

Distributed Network Attack (DNA) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Distributed Network Attack (DNA)" border="0" height="356" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgN1ZMHUWsjTC9Dt1gSGHwIb7uX_fVP2wEVefcDrl4xAEhFWtrS40MMQJeHNbsyJpHPAyBuMo5re53V-mtj7tDVo_foJL2k5V5G6MGzC34betwn72UCVNwMKUzShO9IwPYFmaiSd_gp0vu3/s1600-rw/Distributed+Network+Attack+(DNA).jpg" title="Distributed Network Attack (DNA)" width="640" /></div> <b>Distributed Network Attack (DNA)</b> is a new approach to <i>recovering password protected files</i>. In the past, recoveries have been limited to the processing power of one machine. <b>Distributed Network Attack (DNA)</b> uses the power of machines across the <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> or across the world to decrypt <a href="http://www.toolwar.com/search/label/Password" target="_blank">passwords</a>. The DNA Server is installed in a central location where machines running the <b>Distributed Network Attack (DNA)</b> Client can access it over the network. DNA Manager coordinates the attack, assigning small portions of the key search to machines distributed throughout the network. The DNA Client will run in the background, only taking unused processor time. <b>Distributed Network Attack (DNA)</b> is used in many different environments to provide specific, <b>password <a href="http://www.toolwar.com/search/label/Cracking" target="_blank">cracking</a></b> related functions. <b><i>For example</i></b>, law enforcement and corporate <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> professionals can use <b>PRTK and DNA</b> in <i>computer <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensic</a> investigations</i> to access password-protected files. IT administrators can use <b>DNA</b> to recover system passwords, while individual users can use PRTK and DNA to recover lost passwords to personal files. These two products provide access to passwords for a large number of popular software applications. <b>DNA</b> uses multiple machines across the network or across the world to conduct key space and dictionary <a href="http://www.toolwar.com/search/label/Attack" target="_blank">attacks</a>. In many cases, this makes use of time those computers would normally be idle, saving the cost of additional hardware. Many organizations find that the cost of additional hardware is justified for a secure, dedicated password recovery lab. </div> <div style="text-align: justify;"> <br /> <div class="ui-tabs-panel ui-widget-content ui-corner-bottom" id="dna-features"> <div class="featurewrapper"> <div class="FeatureRow"> <b>Distributed Network Attack® (DNA®) Features ::</b><br /> <ul class="square"> <li>Leverage graphic processing units on Microsoft Windows machines with CUDA-enabled GPUs.</li> <li>Easy to read Statistics and Graphs</li> <li>Add user dictionaries</li> <li>Optimization for password attacks for specific <a href="http://www.toolwar.com/search/label/Language" target="_blank">languages</a></li> <li>Customize user dictionaries</li> <li>Stealth client installation functionality</li> <li>Automatic Client update when updating the DNA Server</li> <li>Control which clients work on certain jobs</li> </ul> </div> </div> </div> <b>DNA® Worker Minimum Requirements :: </b><br /> <ul class="square"> <li>Operating System:</li> </ul> <ul class="square"><ul class="square"> <li><a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>® XP/2000</li> <li>Macintosh OSX 10.3.9/10.4.x</li> <li><a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> Red Hat/Fedora Core 4</li> <li>Solaris</li> </ul> </ul> <ul class="square"> <li>Processor:</li> </ul> <ul class="square"><ul class="square"> <li>Intel Pentium® III/P4/AMD Athlon™</li> <li>Power PC G4/G5</li> <li>Sparc</li> </ul> </ul> <ul class="square"> <li>RAM: 1 Gb</li> <li>Hard Disk Space: 40 Gb</li> </ul> </div> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/EJxrRbrf12I?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/ghaOJoJ08cw?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://marketing.accessdata.com/acton/attachment/4390/u-001a/0/-/-/-/-/" target="_blank">Distributed Network Attack (DNA) version 7.0.0 (.iso)</a></div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://www.accessdata.com/">http://www.accessdata.com/</a> </div>

Distributed Network Attack (DNA) :: Framework

Distributed Network Attack (DNA) is a new approach to recovering password protected files . In the past, recoveries have been limi...

Read more »

Volatility (Advanced Memory Forensics Framework) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Volatility Framework (Advance Memory Framework)" border="0" height="244" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwYsvSKFWGazVkY8HTm3e9MOP8FLgDHrNIEhfik5auQuUNypN7S2Vl_ZHpcAkdSMaAcULytu3T0GEW5lT53Towrr6YEo48gjALbDFYqIdwWgbH_SwnzwssHoTNoZWyDysqNDN1W5rFYL0S/s320-rw/volatility+logo.png" title="Volatility Framework (Advance Memory Framework)" width="320" /></div> <b>Volatility Framework</b> is a <i>Advanced Memory Forensics Framework. </i>The <b>Volatility Framework</b> is a completely open collection of <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>, implemented in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> under the GNU General Public License, for the extraction of digital artifacts from volatile <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank"> framework</a> is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile <a href="http://www.toolwar.com/search/label/Memory" target="_blank"> memory</a> samples and provide a platform for further work into this exciting area of research. <br /> The <b>Volatility Framework</b> demonstrates our commitment to and belief in the importance of open source digital investigation <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> . Volatile Systems is committed to the belief that the technical procedures used to extract digital evidence should be open to peer analysis and review. We also believe this is in the best interest of the digital investigation community, as it helps increase the communal knowledge about systems we are forced to investigate. Similarly, we do not believe the availability of these tools should be restricted and therefore encourage people to modify, extend, and make derivative works, as permitted by the GPL. </div> <h3 style="text-align: left;"> <span style="font-size: small;">Capabilities :-</span></h3> <div style="text-align: justify;"> The <b>Volatility Framework</b> currently provides the following extraction capabilities for memory samples </div> <ul style="list-style-type: disc; text-align: justify;"> <li>Image information (date, time, CPU count)</li> <li>Running processes</li> <li>Process SIDs and environment variables</li> <li>Open network sockets</li> <li>Open network connections</li> <li>DLLs loaded for each process</li> <li>Open handles to all kernel/executive objects (files, keys, mutexes)</li> <li>OS kernel modules</li> <li>Dump any process, DLL, or module to disk</li> <li>Mapping physical offsets to virtual addresses</li> <li>Virtual Address Descriptor information</li> <li>Addressable memory for each process</li> <li>Memory maps for each process</li> <li>Extract executable samples</li> <li>Scanning examples: processes, threads, sockets, connections, modules</li> <li>Command histories (cmd.exe) and console input/output buffers</li> <li>Imported and exported API functions</li> <li>PE version information</li> <li>System call tables (IDT, GDT, SSDT)</li> <li>API hooks in user- and kernel-mode (inline, IAT, EAT, NT syscall, winsock)</li> <li>Explore cached registry hives</li> <li>Dump LM/NTLM hashes and LSA secrets</li> <li>User assist and shimcache exploration</li> <li>Scan for byte patterns, regular expressions, or strings in memory</li> <li>Analyze kernel timers and callback functions</li> <li>Report on windows services</li> </ul> <h3> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/zhQP07YKLL0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> </h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/zXh-1mK5FyU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> </h3> <h3> Download ::</h3> <b>Windows :: </b><a href="https://volatility.googlecode.com/files/volatility-2.3.1.standalone.exe" target="_blank">Volatility 2.3.1 Standalone </a><b> </b> <b> </b><br /> <b>Linux :: </b><a href="https://volatility.googlecode.com/files/volatility-2.3.1.tar.gz" target="_blank">Volatility 2.3.1.tar.gz</a><b> </b> <b> </b><br /> <b>Mac :: </b><a href="https://volatility.googlecode.com/files/MacProfilesAll.zip" target="_blank">Volatility Framework </a><br /> <b></b><b>Source :: </b><a href="https://code.google.com/p/volatility/">https://code.google.com/p/volatility/</a><b> </b>

Volatility (Advanced Memory Forensics Framework) :: Framework

Volatility Framework is a Advanced Memory Forensics Framework. The Volatility Framework is a completely open collection of tools , imp...

Read more »

OCFA (Open Computer Forensics Architecture) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="OCFA Tools" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFBvdLhCyjycLRfN5dNkY5dJ8DhTpyO1-LAAjtlqcZoz2odPBUVyhs1KU3f-t8QDFAa_LJxuuVAVJRfE1niARh9DzFRqu_wZnESr3NRQFqR6wF8YVJceurWGKd0469rTy_vUIhApL46dEN/s1600-rw/Computer-Forensics.jpg" title="OCFA TOols" /></div> </div> <div style="text-align: justify;"> The <b>Open Computer Forensics Architecture (OCFA)</b> is a modular computer <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensics</a> framework built by the Dutch National Police Agency [KLPD/Dutch]. The main goal is to automate the digital forensic process to speed up the <a href="http://www.toolwar.com/search/label/Investigation" target="_blank">investigation</a> and give tactical investigators direct access to the seized data through an easy to use search and browse interface.<br /> <br /> The architecture forms an environment where existing <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensic tools</a> and libraries can be easily plugged into the architecture and can thus be made part of the recursive extraction of data and metadata from digital evidence. The <b>Open Computer Forensics Architecture</b> aims to be highly modular, robust, fault tolerant, recursive and scalable in order to be usable in large investigations that spawn numerous terabytes of evidence data and covers hundreds of evidence items.<br /> <br /> Modules in <b>OCFA</b> for reasons of fault tolerance are processes. The basic OcfaLib API makes it possible and relatively easy to build an <b>OCFA</b> module out of any data processing library or tool. OCFA comes with numerous such modules that are mostly wrappers around libraries like libmagic or tools such as those found in the <a href="http://www.toolwar.com/2014/01/the-sleuth-kit-tsk-forensics-framework.html" target="_blank">Sleuthkit</a>.<br /> <br /> The 2.2 version of OCFA (released April 2009) makes the previously internal OCFA treegraph API available for OCFA module development. The OCFA treegraph API allows more advanced dissectors that produce data and meta-data for a treegraph representation of an input file. The OCFA treegraph API also allows dissectors that are programed to be CarvFs aware to use zero storage <a href="http://www.toolwar.com/search/label/Carving" target="_blank">carving</a>.<br /> <br /> Communication between modules within OCFA is governed by a two layered communication infrastructure as provided by <b>OCFA</b>. At the lowest layer is a messaging system with at is center the OCFA Anycast Relay. The Anycast Relay provides the facilities of module crash resistance, distributed processing load balancing and flow control. At a higher level of communication, the OCFA XML Router provides for the routing of individual pieces of evidence through the most appropriate tool chain for its particular type of content.<br /> <br /> Although <b>OCFA</b> contains a rudimentary user interface, most of its power is in the backend architecture. The last and final module in the tool chain of any evidence will be the OCFA Data Store Module. This module processes the evidence XML (that contains all of the evidence data its meta data) and stores relevant parts into a postgesql database. Extending the apache based user interface with interfaces for your own case bound queries is something that should proof very useful in most investigations. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Wiki :: </b> <a href="http://ocfa.wiki.sourceforge.net/" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <b>Installation ::</b> <a href="http://ocfa.sourceforge.net/files/InstallingOcfaOnUbuntu.pdf" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <b>Practical Usages :: </b><a href="http://ocfa.sourceforge.net/files/PracticalUseOCFA.pdf" target="_blank">Click Here</a></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://sourceforge.net/projects/ocfa/files/latest/download" target="_blank">OCFA</a> (.tar.bz2)<br /> <b>Official Website ::</b> <a href="http://ocfa.sourceforge.net/">http://ocfa.sourceforge.net/</a></div>

OCFA (Open Computer Forensics Architecture) :: Framework

The Open Computer Forensics Architecture (OCFA) is a modular computer forensics framework built by the Dutch National Police Agency [...

Read more »

Liffy (Local File Inclusion Exploitation) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEHgUv3G2cSh18uLQRim8Gb5IXVYRmDrm0RRYDS4PNvOY9nqx1BixII41qCSV_QuR3s_OemRkq0lnNGMxMxDVuUZSsKF7L_yVBxEjzkNtuPb0tWrQVme-kk6yZvRanaLs-Vo9GRkRU6CSJ/s1600/Liffy.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Liffy Tool" border="0" height="260" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEHgUv3G2cSh18uLQRim8Gb5IXVYRmDrm0RRYDS4PNvOY9nqx1BixII41qCSV_QuR3s_OemRkq0lnNGMxMxDVuUZSsKF7L_yVBxEjzkNtuPb0tWrQVme-kk6yZvRanaLs-Vo9GRkRU6CSJ/s1600-rw/Liffy.jpg" title="Liffy Tool" width="400" /></a></div> <div style="text-align: justify;"> <b>Liffy</b> is a tool to exploit local file inclusion <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> using the built-in wrappers php://input, data://, and a process control extension called 'expect'. <b>Liffy</b> is written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>.</div> <ul class="task-list" style="text-align: justify;"> <li>Updates * Now comes with ability to use poisoned Apache access logs, and php://filter for code execution and arbitrary file reads.</li> </ul> <div style="text-align: justify;"> <b>Liffy</b> requires the following libraries: requests, argparse, blessings, urlparse In order to host the payload you may use Node's HTTP server. Or you can simply spawn python's SimpleHTTPServer in /tmp on port 8000. Further development of the tool will eventually include spawning a built-in web server in order to download, for now you can adjust the location and port in the source code for your needs. These can be changed in core.py under the execute functions.</div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Example Use ::</b> ./liffy --url http://target/pdfs/vulnerable.php?= --data </div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Linux | Windows | Mac :: </b><a href="https://github.com/rotlogix/liffy/archive/master.zip" target="_blank">Click Here</a><b><br /></b></div> <div style="text-align: justify;"> <b>Source Website :: </b><a href="https://github.com/rotlogix/liffy">https://github.com/rotlogix/liffy</a></div>

Liffy (Local File Inclusion Exploitation) :: Tools

Liffy is a tool to exploit local file inclusion vulnerability using the built-in wrappers php://input, data://, and a process control ...

Read more »

NBTScan (Scans for Open NETBIOS Name Servers) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdxS-BqEkVq8gRluzMKok1FYN4f43CO1Nnia5lF4ZTvXelpQ-Z0lC0lJaBxzhpiwFLZgrk16y7re7wk-pbt1ZcUl405HynotcqrIyBXTQdkdqkzndKFNmdELfpOXIW8jXlCv-B8F8Geaxp/s1600/nbtscan+screenshot.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="nbtscan screenshot windows" border="0" height="333" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdxS-BqEkVq8gRluzMKok1FYN4f43CO1Nnia5lF4ZTvXelpQ-Z0lC0lJaBxzhpiwFLZgrk16y7re7wk-pbt1ZcUl405HynotcqrIyBXTQdkdqkzndKFNmdELfpOXIW8jXlCv-B8F8Geaxp/s1600-rw/nbtscan+screenshot.gif" title="nbtscan screenshot windows" width="400" /></a></div> <div style="text-align: justify;"> <b>nbtscan</b> is a <a href="http://www.toolwar.com/search/label/CLI" target="_blank">command-line tool</a> that scans for open <b>NETBIOS nameservers</b> on a local or remote TCP/IP <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>, and this is a first step in finding of open shares. It is based on the functionality of the standard <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows tool</a> nbtstat, but it operates on a range of addresses instead of just one. I wrote this <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tool</a> because the existing tools either didn't do what I wanted or ran only on the Windows platforms: mine runs on just about everything.</div> <div style="text-align: justify;"> <b>Windows</b> - The Win32 version of the tool, which works well on Windows 9x, NT and 2000, is available below as nbtscan.exe. It's written in portable C and is less than 40 kbytes, requires no special libraries or DLLs, and is run in an MS-DOS command window. I promise that the tools have no viruses, backdoors, or any other kind of overt bad behavior. I don't promise that there are no bugs. </div> <div style="text-align: justify;"> <b>LINUX</b> - the code works fine on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, and a version built on Red Hat Linux 6.2 is available as well. I have reports that this binary works on Red Hat Linux 6.0 - 8.0, Debian "woody", and Mandrake 8.1 (we don't think we've found a Red Hat, CentOS, or Fedora system that it didn't run on). </div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <pre class="codeblock">C:\> <b>nbtstat -A 192.168.1.99</b> NetBIOS Remote Machine Name Table Name Type Status --------------------------------------------- XPDEV <00> UNIQUE Registered UNIXWIX <00> GROUP Registered XPDEV <03> UNIQUE Registered XPDEV <20> UNIQUE Registered UNIXWIX <1E> GROUP Registered MAC Address = 00-50-04-6D-50-37</pre> <pre class="codeblock"> </pre> <pre class="codeblock">C:\> <b>nbtscan 192.168.1.0/24</b> 192.168.1.3 MTNDEW\WINDEV SHARING DC 192.168.1.5 MTNDEW\TESTING 192.168.1.9 MTNDEW\WIZ SHARING U=STEVE 192.168.1.99 MTNDEW\XPDEV SHARING </pre> <h3 style="text-align: justify;"> </h3> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows | Linux :: </b><a href="http://www.unixwiz.net/tools/nbtscan-1.0.35.exe" target="_blank">NBTScan</a> (.exe)<b> | </b><a href="http://www.unixwiz.net/tools/nbtscan-source-1.0.35.tgz" target="_blank">NBTScan</a> (.tgz)</div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.unixwiz.net/tools/nbtscan.html">http://www.unixwiz.net/tools/nbtscan.html</a></div>

NBTScan (Scans for Open NETBIOS Name Servers) :: Tools

nbtscan is a command-line tool that scans for open NETBIOS nameservers on a local or remote TCP/IP network , and this is a first step ...

Read more »

Lynis (Security and System Auditing) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPJSrg2v61K-1SHIewex9MB7DLBAqrgKTy2REJhuc1jyKxL99Tia_vx44VmSeUWWxbHdgZtEVAjWn5GUbxWD9dLfe1o2Suta4Ww_ZgfvwIITFiR8JkMpR5A-ZkTq17LVggAJlfumpTReoW/s1600/lynis-screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="lynis screenshot" border="0" height="300" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPJSrg2v61K-1SHIewex9MB7DLBAqrgKTy2REJhuc1jyKxL99Tia_vx44VmSeUWWxbHdgZtEVAjWn5GUbxWD9dLfe1o2Suta4Ww_ZgfvwIITFiR8JkMpR5A-ZkTq17LVggAJlfumpTReoW/s320-rw/lynis-screenshot.png" title="lynis screenshot" width="400" /></a></div> <div style="text-align: justify;"> <b>Lynis</b> is a <b><i>Security and system auditing tool</i> </b>to harden <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> systems. <b>Lynis</b> is an <b>auditing tool </b>for Unix/Linux (specialists). It scans the <a href="http://www.toolwar.com/search/label/System" target="_blank">system</a> and available software and performs many individual <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> checks. It determines the hardening state of the machine and <a href="http://www.toolwar.com/search/label/Detect" target="_blank">detects</a> security issues. Beside security related information it will also scan for general system information, installed packages and possible configuration errors. <b>Lynis</b> is a <a href="http://www.toolwar.com/search/label/Security" target="_blank">security tool</a> to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks, looks for installed software and determines compliance to standards. Also will it detects security issues and errors in configuration. At the end of the scan it will provide the warnings and suggestions to help you improving the security defense of your systems.<br /> <br /> This software aims in assisting automated auditing, hardening, software patch management, <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> and <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> scanning of Unix/Linux based systems. It can be run without prior installation, so inclusion on read only storage is possible (<a href="http://www.toolwar.com/search/label/USB" target="_blank">USB</a> stick, cd/dvd).<br /> <br /> <b>Lynis </b>assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits.<br /> <br /> <b>Intended audience:</b><br /> Security specialists, penetration testers, system auditors, system/network managers.<br /> <br /> <b>Examples of audit tests:</b><br /> - Available authentication methods<br /> - Expired SSL certificates<br /> - Outdated software<br /> - User accounts without password<br /> - Incorrect file permissions<br /> - Configuration errors<br /> - Firewall auditing<br /> <br /> <b>Current state:</b><br /> Stable releases are available, development is active.<br /> <h3> Tutorials :: </h3> <b>Documentation :: </b><a href="http://www.rootkit.nl/files/lynis-documentation.html" target="_blank">Click Here</a> </div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/FgkC4k1kJaE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <h3> <b>Download </b></h3> <b>Linux ::</b> <a href="http://cisofy.com/files/lynis-1.4.0.tar.gz" target="_blank">Llynis-1.4.0</a> (.tar.gz)</div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.rootkit.nl/projects/lynis.html" target="_blank">http://www.rootkit.nl/projects/lynis.html </a></div> </div>

Lynis (Security and System Auditing) :: Tools

Lynis is a Security and system auditing tool to harden Linux systems. Lynis is an auditing tool for Unix/Linux (specialists). It sca...

Read more »

Autopsy (Digital Investigation Analysis) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Autopsy logo" border="0" height="200" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjf21td83eNESL_QTE9NjV-ZSQnqexy4JbWFatUW-4KkqydKjwnSYKqQmPFBy6cnZG7rQZEG7X211P1v_klRTAzd3_Ee5pDqpYn3sfpupP4ff-ao6WwTUaeq8fqKi0PgJQiwb-loD4CvqrI/s1600-rw/autopsy+logo.jpg" title="Autopsy logo" width="200" /></div> <div style="text-align: justify;"> <b>Autopsy</b> is a graphical interface to the <a href="http://www.toolwar.com/search/label/CLI" target="_blank"><i>command line</i></a> <b>digital investigation analysis tools</b> in <a href="http://www.toolwar.com/2014/01/the-sleuth-kit-tsk-forensics-framework.html" target="_blank"> The Sleuth Kit</a>. Together, they can analyze <i>Windows and UNIX</i> disks and file systems (NTFS, FAT, UFS1/2, Ext2/3).</div> <div style="text-align: justify;"> <b>The Sleuth Kit </b>and <b>Autopsy</b> are both Open Source and run on UNIX platforms (you can use Cygwin to run them both on <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>). As <b>Autopsy</b> is HTML-based, you can connect to the <b>Autopsy</b> server from any platform using an HTML browser. Autopsy provides a "File Manager"-like interface and shows details about deleted data and file system structures.</div> <h3 style="text-align: justify;"> <span style="font-size: small;">Analysis Modes</span></h3> <ul style="text-align: justify;"> <li>A <b>dead analysis</b> occurs when a dedicated <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> system is used to examine the data from a suspect system. In this case, <b>Autopsy</b> and The Sleuth Kit are run in a trusted environment, typically in a lab. Autopsy and TSK support raw, Expert Witness, and AFF file formats. </li> <li>A <b>live analysis</b> occurs when the suspect <a href="http://www.toolwar.com/search/label/System" target="_blank">system</a> is being analyzed while it is running. In this case, <b>Autopsy</b> and The Sleuth Kit are run from a CD in an untrusted environment. This is frequently used during incident response while the incident is being confirmed. After it is confirmed, the system can be acquired and a dead analysis performed. </li> </ul> <h3 style="text-align: justify;"> Evidence Search Techniques</h3> <ul style="text-align: justify;"> <li><b>File Listing</b>: Analyze the files and directories, including the names of deleted files and files with Unicode-based names.</li> <li><b>File Content</b>: The contents of files can be viewed in raw, hex, or the ASCII strings can be extracted. When data is interpreted, Autopsy sanitizes it to prevent damage to the local analysis system. Autopsy does not use any client-side scripting languages.</li> <li><b>Hash Databases</b>: Lookup unknown files in a <a href="http://www.toolwar.com/search/label/Hash" target="_blank">hash</a> database to quickly identify it as good or bad. Autopsy uses the NIST <i>National Software Reference Library (NSRL)</i> and user created databases of known good and known bad files </li> <li><b>File Type Sorting</b>: Sort the files based on their internal signatures to identify files of a known type. Autopsy can also extract only graphic images (including thumbnails). The extension of the file will also be compared to the file type to identify files that may have had their extension changed to hide them.</li> <li><b>Timeline of File Activity</b>: In some cases, having a timeline of file activity can help identify areas of a file system that may contain evidence. Autopsy can create timelines that contain entries for the Modified, Access, and Change (MAC) times of both allocated and unallocated files.</li> <li><b>Keyword Search</b>: Keyword searches of the file system image can be performed using ASCII strings and grep regular expressions. Searches can be performed on either the full file system image or just the unallocated space. An index file can be created for faster searches. Strings that are frequently searched for can be easily configured into Autopsy for automated searching. </li> <li><b>Meta Data Analysis</b>: Meta Data structures contain the details about files and directories. Autopsy allows you to view the details of any meta data structure in the file system. This is useful for recovering deleted content. Autopsy will search the directories to identify the full path of the file that has allocated the structure.</li> <li><b>Data Unit Analysis</b>: Data Units are where the file content is stored. Autopsy allows you to view the contents of any data unit in a variety of formats including ASCII, hexdump, and strings. The file type is also given and Autopsy will search the meta data structures to identify which has allocated the data unit. </li> <li><b>Image Details</b>: File system details can be viewed, including on-disk layout and times of activity. This mode provides information that is useful during data recovery. </li> </ul> <h3 style="text-align: justify;"> Case Management</h3> <ul style="text-align: justify;"> <li><b>Case Management</b>: Investigations are organized by <i>cases</i>, which can contain one or more <i>hosts</i>. Each host is configured to have its own time zone setting and clock skew so that the times shown are the same as the original user would have seen. Each host can contain one or more file system images to analyze. </li> <li><b>Event Sequencer</b>: Time-based events can be added from file activity or IDS and firewall logs. Autopsy sorts the events so that the sequence of incident events can be more easily determined. </li> <li><b>Notes</b>: Notes can be saved on a per-host and per-investigator basis. These allow you to make quick notes about files and structures. The original location can be easily recalled with the click of a button when the notes are later reviewed. All notes are stored in an ASCII file. </li> <li><b>Image Integrity</b>: It is crucial to ensure that files are not modified during analysis. Autopsy, by default, will generate an MD5 value for all files that are imported or created. The integrity of any file that Autopsy uses can be validated at any time. </li> <li><b>Reports</b>: Autopsy can create ASCII reports for files and other file system structures. This enables you to quickly make consistent data sheets during the investigation.</li> <li><b>Logging</b>: Audit logs are created on a case, host, and investigator level so that actions can be easily recalled. The exact Sleuth Kit commands that are executed are also logged.</li> <li><b>Open Design</b>: The code of Autopsy is open source and all files that it uses are in a raw format. All configuration files are in ASCII text and cases are organized by directories. This makes it easy to export the data and archive it. It also does not restrict you from using other tools that may solve the specific problem more appropriately.</li> <li><b>Client Server Model</b>: Autopsy is HTML-based and therefore you do not have to be on the same system as the file system images. This allows multiple investigators to use the same server and connect from their personal systems.</li> </ul> <div style="text-align: justify;"> <b>Autopsy</b> is written in <a href="http://www.toolwar.com/2013/09/perl-language.html" target="_blank">Perl</a> and runs on the same UNIX platforms as <a href="http://www.toolwar.com/2014/01/the-sleuth-kit-tsk-forensics-framework.html" target="_blank">The Sleuth Kit</a>:</div> <ul style="text-align: justify;"> <li><a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a></li> <li><a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X</a></li> <li>Open & FreeBSD</li> <li>Solaris</li> <li>Cygwin (you cannot use the win32 executables that can be downloaded from this site, you must build in Cygwin) </li> </ul> <h3> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/RUgmkvt2WNg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3>  </h3> <h3> Download ::</h3> <b>Windows :: </b><a href="http://sourceforge.net/projects/autopsy/files/autopsy/3.0.8/autopsy-3.0.8-32bit.msi/download" target="_blank">Autopsy 3.0.8x32</a> (.msi) | <a href="http://sourceforge.net/projects/autopsy/files/autopsy/3.0.8/autopsy-3.0.8-64bit.msi/download" target="_blank">Autopsy 3.0.8x64</a> (.msi)<br /> <b>Linux :: </b><a href="http://sourceforge.net/projects/autopsy/files/autopsy/2.24/autopsy-2.24.tar.gz/download" target="_blank">Autopsy 2.08</a> (.tar.gz)<br /> <b>Official Website :: </b><a href="http://www.sleuthkit.org/autopsy/index.php" target="_blank">http://www.sleuthkit.org/autopsy/index.php </a>

Autopsy (Digital Investigation Analysis) :: Tools

Autopsy is a graphical interface to the command line digital investigation analysis tools in The Sleuth Kit . Together, they can anal...

Read more »

RegistryDecoder (Windows Registry Forensics) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="registrydecoder icon" border="0" height="261" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMIhBRUMLX-a4LG7hoynF82A7nZ5ngAu4onGUOBohjYbLn-IK4dmej-52Gm9WbEUW3G_GW8-L8FWNEUG7vINlaxS0WNP8AiLqL_PFc5P8OfHcpf-3A5H4yMIdRnaZIx6-GlK3wDOKDOHhm/s1600-rw/registrydecoder.png" title="registrydecoder icon" width="400" /></div> <span itemprop="description" style="font-size: small;"><b>RegistryDecoder</b> is a automated <i>Acquisition, Analysis, and Reporting of Registry</i> Contents</span><span style="font-size: small;">. <b>Registry Decoder</b> provides a single tool in which to perform <i>browsing, searching, <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a>, and reporting of <a href="http://www.toolwar.com/search/label/Registry" target="_blank">registry</a> hive</i> contents. All functionality is exposed through an intuitive <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI</a> interface and accommodates even novice investigators. <b>Registry Decoder</b> also acts as a great resource for new research and experimenting within the registry.</span><br /> <div style="text-align: justify;"> <span style="font-size: small;"><b>Digital <a href="http://www.toolwar.com/search/label/Forensics" target="_blank">forensics</a></b> deals with the analysis of artifacts on all types of digital devices. One of the most prevalent analysis techniques performed is that of the registry hives contained in Microsoft <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> operating systems. <b> Registry Decoder</b> was developed with the purpose of providing a single <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tool</a> for the acquisition, analysis, and reporting of registry contents.</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: "Times New Roman","serif"; font-size: small; line-height: 115%;"><b>Registry Decoder</b> consists of two components, the first of which is a tool for <a href="http://www.toolwar.com/search/label/Online" target="_blank">online</a> acquisition of registry files from a running machine. To safely acquire files from a running machine, we ‘freeze’ a copy of the current registry files using the System Restore Facility. This places the files into a read-only location and ensures that the operating system will not have the files opened (which would prevent them from being copied to external storage).</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: "Times New Roman","serif"; font-size: small; line-height: 115%;">Beyond the current set of registry files, the acquisition component can also acquire historical files from the running system. These historical files are acquired from XP machines through the <a href="http://www.toolwar.com/search/label/System" target="_blank">System </a>Restore Point facility and through the Volume Shadow Service on Vista and Windows 7 machines.</span></div> <div style="text-align: justify;"> <span style="font-size: small;"><br /></span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: "Times New Roman","serif"; font-size: small; line-height: 115%;">The analysis section of the offline component contains a number of powerful features. The first feature is Search, which allows for powerful searching across <a href="http://www.toolwar.com/search/label/Registry" target="_blank">registry</a> hives. The searching abilities include:</span></div> <div class="MsoNormal" style="text-align: justify;"> <br /></div> <ul style="text-align: justify;"> <li><span style="font-family: Symbol; font-size: 12pt; line-height: 115%;"><span style="font: 7pt "Times New Roman";"> </span></span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Filtering by hive keys, name, and data</span></li> <li><span style="font-family: Symbol; font-size: 12pt; line-height: 115%;"><span style="font: 7pt "Times New Roman";"> </span></span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Filtering by the last write time of keys</span></li> <li><span style="font-family: Symbol; font-size: 12pt; line-height: 115%;"><span style="font: 7pt "Times New Roman";"> </span></span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Searching individual terms or with a newline delimited search term file</span></li> <li><span style="font-family: Symbol; font-size: 12pt; line-height: 115%;"><span style="font: 7pt "Times New Roman";"> </span></span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Exact or wildcard based search</span><span style="font-family: Symbol; font-size: 12pt; line-height: 115%;"><span style="font: 7pt "Times New Roman";"> </span></span></li> <li><span style="font-family: Symbol; font-size: 12pt; line-height: 115%;"><span style="font: 7pt "Times New Roman";"> </span></span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Viewing of search results</span></li> <li><span style="font-family: Symbol; font-size: 12pt; line-height: 115%;"><span style="font: 7pt "Times New Roman";"> </span></span><span style="font-family: "Times New Roman","serif"; font-size: 12pt; line-height: 115%;">Automated reporting of search contents to HTML, PDF, or XLS</span></li> </ul> <br /> <h3> Tutorials ::</h3> <b>Text Tutorial (PDF) :: </b><a href="http://registrydecoder.googlecode.com/files/RegistryDecoder-Offline-Analysis-Instructions-v1.1.pdf" target="_blank">Click Here </a><br /> <b>FAQ ::</b> <a href="http://code.google.com/p/registrydecoder/wiki/FAQ" target="_blank">Click Here </a><br /> <br /> <h3> Download ::</h3> <b>Windows :: </b><a href="http://registrydecoder.googlecode.com/files/regedcoderR103.zip" target="_blank">RegistryDecoder (.zip)</a><b><br /></b><br /> <b>Official Website :: </b><a href="http://www.registrydecoder.com/">http://www.registrydecoder.com/</a><b><br /></b>

RegistryDecoder (Windows Registry Forensics) :: Tools

RegistryDecoder is a automated Acquisition, Analysis, and Reporting of Registry Contents . Registry Decoder provides a single tool in w...

Read more »

Hook Analyzer (Malware Analysis and Cyber Intelligence) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Hook Analyser 3.0" border="0" height="324" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0OmIirqGeQmdgB2nH4Gn-Cqwf17KXdZUVLYFVDBGbtK70u1NfT5MPvoVYbSj89mfPHKKK9qJbxCL4tIc_vpxb7syDkjmX59Dk7oizgHoIhfCoQ6GvkGLEhf5EwK0_GI4yov3373V6Ljyz/s640-rw/Hook+Analyser+3.0.png" title="Hook Analyser 3.0" width="640" /></div> <div style="text-align: justify;"> <b>Hook Analyser</b> is a <i>malware analysis</i> and <i>cyber intelligence</i> (gathering and analysis) utility. As well as <b>Hook Analyzer</b> performs spawn and hook to application, hook to a specific running application process, perform static <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> analysis, application crash <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a>, EXE extractor from process, and cyber threat intelligence.<br /> <b><br /> The project/utility has six (6) key functionalities -</b><br /> <b>1. Spawn and Hook to Application</b> - This feature allows analyst to spawn an application, and hook into it. The module performs the following -<br /> a. PE validation<br /> b. Static <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> analysis.<br /> c. Other options (such as pattern search or dump all)<br /> d. Type of hooking (Automatic, Smart or manual)<br /> e. Spawn and hook<br /> <br /> With the ‘hook’ module, there are three types of hooking being supported –<br /> <br /> a) Automatic – The tool will parse the application import tables, and based upon that will hook into specified APIs<br /> b) Manual – On this, the tool will ask end-user for each API, if it needs to be hooked.<br /> c) Smart – This is essentially a subset of automatic hooking however, excludes uninteresting APIs.<br /> <br /> <b>2. Hook to a specific running process</b>- The option allows analyst to hook to a running (active) process. The module performs the following operations –<br /> <br /> a. List all running process<br /> b. Identify the running process executable path.<br /> c. Perform static malware analysis on executable (fetched from process executable path)<br /> d. Other options (such as pattern search or dump all)<br /> e. Type of hooking (Automatic, Smart or manual)<br /> f. Hook to a specific running process<br /> g. Hook and continue the process<br /> <br /> <b>3. Static Malware Analysis -</b> This module is one of the most interesting and useful module of <b>Hook Analyzer</b>, which performs scanning on PE or <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> executable (and DLLs) to identify potential malware traces. <br /> <br /> a. PE file validation<br /> b. CRC and timestamps validation<br /> c. PE properties such as Image Base, Entry point, sections, subsystem<br /> d. TLS entry <a href="http://www.toolwar.com/search/label/Detect" target="_blank">detection</a>.<br /> e. Entry point verification (if falls in suspicious section)<br /> f. Suspicious entry point detection<br /> g. Packer detection<br /> h. Signature trace (extended from malware analyzer project), such as Anti VM aware, debug aware, keyboard hook aware etc. This particular function searches for more than 20 unique malware behaviors (using 100’s of signature).<br /> i. Import Intel scanning.<br /> j. Deep search (module) <br /> k. Online search of MD5 (of executable) on Threat Expert.<br /> l. String dump (ASCII)<br /> m. Executable file information<br /> n. Hexdump<br /> o. PEfile info dumping<br /> p. ...and more.<br /> <br /> <b>4. Application crash analysis</b> - This module enables <a href="http://www.toolwar.com/search/label/Exploitation" target="_blank">exploit</a> researcher and/or application developer to analyse memory content when an application crashes. This module essentially displays data in different <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> register (such as EIP).<br /> <br /> <br /> <b>5. Exe extractor</b> - This module essentially extracts executables from running process/s, which could then be further analyzed using Hook Analyzer, Malware Analyzer or other solutions. This module is potentially useful for incident responders<br /> <br /> <br /> <b>6. Cyber Threat Intelligence </b>- This module is being created to gather and analyze information related to Cyber Threats and <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerabilities</a>. The module can be run using HookAnalyser.exe (via Option 6), or can be run directly.<br /> <br /> The module present information on a web browser (with dashboard alike representation). It has three (3) presentations - <br /> • Threat Vectors - by Country (through url.txt - provided)<br /> • Threat Vectors - by Geography (through url.txt - provided)<br /> • Vulnerability / Threat Feed (through rss.txt)</div> <div style="text-align: justify;"> <b><br /> </b></div> <h3 style="text-align: justify;"> <b>Tutorials :: </b></h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/msYo7pPsu6A?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <b> </b></div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/sdnRP90weT4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> <b>Download ::</b></h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="https://docs.google.com/file/d/0B4eYJx0xZdQAcDlvS3JhcmxmMjQ/edit" target="_blank">Hook Analyzer v3.0</a><b> </b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://hookanalyser.com/">http://hookanalyser.com/</a></div> <div style="text-align: justify;"> <b>Submitted By :: </b>Beenu Arora </div>

Hook Analyzer (Malware Analysis and Cyber Intelligence) :: Tools

Hook Analyser is a malware analysis and cyber intelligence (gathering and analysis) utility. As well as Hook Analyzer performs spawn ...

Read more »

GDB GNU Debugger :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="gdb logo" border="0" height="255" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtcV7G_5LSgJmJVC3QAj64NTirUIMtUbntKldesIZ8v0GBoSxbgoqxPZo67Icvw7I_Ppk27F8UIyqslHsk26Gp3S1WOVzXcwuYbEQ35s36pYuxP41VWN0UWFH3WO3x0clk7PGxh3yFsKYf/s400-rw/gdb-logo.png" title="gdb logo" width="400" /></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>GDB, the GNU Project <a href="http://www.toolwar.com/search/label/Debugger" target="_blank">debugger</a></b>, allows you to see what is going on `inside' another program while it executes -- or what another program was doing at the moment it crashed. </div> <div style="text-align: justify;"> <b>GDB </b>can do four main kinds of things (plus other things in support of these) to help you catch bugs in the act: </div> <ul style="text-align: justify;"> <li>Start your program, specifying anything that might affect its behavior. </li> <li>Make your program stop on specified conditions. </li> <li>Examine what has happened, when your program has stopped. </li> <li>Change things in your program, so you can experiment with correcting the effects of one bug and go on to learn about another. </li> </ul> <div style="text-align: justify;"> The program being debugged can be written in Ada, C, C++, Objective-C, Pascal (and many other <a href="http://www.toolwar.com/search/label/Language" target="_blank">languages</a>). Those programs might be executing on the same machine as GDB (native) or on another machine (remote). GDB can run on most popular UNIX and Microsoft <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> variants.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials :: </h3> <div style="text-align: justify;"> <b>Video Tutorials ::</b> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/sCtY--xRUyI?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/k-zAgbDq5pk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <b>Text Tutorials :: </b><a href="http://sourceware.org/gdb/current/onlinedocs/gdb/" target="_blank">Click Here</a> <br /> <h3> Download :: </h3> <b>Linux ::</b> <a href="ftp://sourceware.org/pub/gdb/releases/gdb-7.6.tar.gz" target="_blank">GDB v7.6.tar.gz</a> <b> </b><br /> <b>Official Site :: </b><a href="http://www.gnu.org/">http://www.gnu.org/</a>

GDB GNU Debugger :: Tools

GDB, the GNU Project debugger , allows you to see what is going on `inside' another program while it executes -- or what another pr...

Read more »

WinDbg (Windows Debugger) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIZ53_pO0bAOCjl_oxpv2f2XhKxp-Z63nXIjIntBQxqPPcI_HT1qhdI4UMOb7ZHKD6D-KSRcJC068J4vvrq4tnFkTp0rQw0pgwPGLIASpGS7YoWpZ1srx4fVezCo-TPQ5gjHVyw-uyEUUw/s1600/windbg+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Windbg screenshot" border="0" height="271" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIZ53_pO0bAOCjl_oxpv2f2XhKxp-Z63nXIjIntBQxqPPcI_HT1qhdI4UMOb7ZHKD6D-KSRcJC068J4vvrq4tnFkTp0rQw0pgwPGLIASpGS7YoWpZ1srx4fVezCo-TPQ5gjHVyw-uyEUUw/s400-rw/windbg+screenshot.png" title="Windbg screenshot" width="400" /></a></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>WinDbg</b> is a <i>graphical debugger from Microsoft</i>. It is actually just one component of the <i>Debugging Tools for <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> package</i>, which also includes the KD, CDB, and NTSD <a href="http://www.toolwar.com/search/label/Debugger" target="_blank">debuggers</a>. Its claim to fame is debugging <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a> dumps produced after a crash. It can even debug in kernel mode. For downloads and more information.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/q-IWHHFQcXg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/1R0zqStq7ss?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows (x86) ::</b> <a class="FileNameLink" href="http://archive.msdn.microsoft.com/Project/Download/FileDownload.aspx?ProjectName=debugtoolswindows&DownloadId=13748" id="ctl00_ctl00_Content_TabContentPanel_Content_ReleaseFiles_FileList_ctl01_FileNameLink" tabindex="9" target="_blank">dbg_x86_6.12.2.633</a></div> <div style="text-align: justify;"> <b>Windows (x64) ::</b> <a href="http://archive.msdn.microsoft.com/Project/Download/FileDownload.aspx?ProjectName=debugtoolswindows&DownloadId=13747" target="_blank">WinDbg_x64</a>  </div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="https://www.microsoft.com/" target="_blank">https://www.microsoft.com/ </a></div>

WinDbg (Windows Debugger) :: Tools

WinDbg is a graphical debugger from Microsoft . It is actually just one component of the Debugging Tools for Windows package , which...

Read more »

Immunity Debugger :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Immunity Debugger logo" border="0" height="340" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9Tz7osQXiMIGssd8NGbnuYt2UuNlyHH6exkoSIEvMi6eJWYewN-waCLbYG-2ZjR-PbZhLWL2A9wBOmtAo9V0AKXaUBpGgoDlDoMAhMep5Qott6zJB-zoqQuUaLf0pzc5oMPvczcOOL0pJ/s400-rw/debugger-logo.png" title="Immunity Debugger logo" width="400" /></div> <div style="text-align: justify;"> <b>Immunity Debugger</b> is a powerful new way to <i>write exploits, <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analyze</a> <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a>, and reverse engineer binary files.</i> It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> API for easy extensibility.</div> <div style="text-align: justify;"> <img border="0" loading="lazy" src="http://www.immunityinc.com/bullet.gif" /> A <a href="http://www.toolwar.com/search/label/Debugger" target="_blank">debugger</a> with functionality designed specifically for the security industry<br /> <img border="0" loading="lazy" src="http://www.immunityinc.com/bullet.gif" />Cuts exploit development time by 50%<br /> <img border="0" loading="lazy" src="http://www.immunityinc.com/bullet.gif" />Simple, understandable interfaces<br /> <img border="0" loading="lazy" src="http://www.immunityinc.com/bullet.gif" />Robust and powerful scripting language for automating intelligent debugging<br /> <img border="0" loading="lazy" src="http://www.immunityinc.com/bullet.gif" />Lightweight and fast debugging to prevent corruption during complex analysis<br /> <img border="0" loading="lazy" src="http://www.immunityinc.com/bullet.gif" />Connectivity to fuzzers and exploit development <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/fIUOiwYTpho?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/KlcLLzdtT2U?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> </div> <div style="text-align: justify;"> <h3> Download ::</h3> </div> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://debugger.immunityinc.com/ID_register.py" target="_blank">Immunity Debugger </a><b> </b></div> <div style="text-align: justify;"> <b>Official Website ::</b>  <a href="http://debugger.immunityinc.com/">http://debugger.immunityinc.com/</a></div>

Immunity Debugger :: Tools

Immunity Debugger is a powerful new way to write exploits, analyze malware , and reverse engineer binary files. It builds on a solid ...

Read more »

Patriot NG (Changes Detection in Windows or in Network) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwNXqM7_LHQ7YPJaUfI2fTX1hrSU-cv68o0zWKOpWgQrMx00ihDHzEZ1zQqnMcN-LrAwuFoK8Lafq4glQ95bKL1ZOkMdq_O7GD58r9VgXtkOFpMY9SAsHN-3vcCy0tsleeTTehuydm0HHK/s1600/Patriot+NG+Screenshot.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="400" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwNXqM7_LHQ7YPJaUfI2fTX1hrSU-cv68o0zWKOpWgQrMx00ihDHzEZ1zQqnMcN-LrAwuFoK8Lafq4glQ95bKL1ZOkMdq_O7GD58r9VgXtkOFpMY9SAsHN-3vcCy0tsleeTTehuydm0HHK/s400-rw/Patriot+NG+Screenshot.JPG" width="176" /></a></div> <div style="text-align: justify;"> <b>Patriot NG</b> is a <i>'Host IDS' tool</i> which allows <i>real time monitoring of changes in Win<span style="font-size: 14px; line-height: 1.4em;">dows systems or Network attacks.</span></i></div> <i> </i> <h3> Patriot monitors:</h3> <ul> <li>New files in 'Startup' directories</li> <li>Changes in Registry keys: Indicating whether any sensitive key (autorun, internet explorer settings...) is altered</li> <li>New Users in the System</li> <li>New Services installed</li> <li>Changes in the hosts file</li> <li>New scheduled jobs</li> <li>Alteration of the integrity of Internet Explorer: (New BHOs, configuration changes, new toolbars)</li> <li>Changes in ARP table (Prevention of MITM attacks)</li> <li>Installation of new Drivers</li> <li>New Netbios shares</li> <li>TCP/IP Defense (New open ports, new connections made by processes, PortScan detection...)</li> <li>Files in critical directories (New executables, new DLLs...)</li> <li>New hidden windows (cmd.exe / Internet Explorer using OLE objects)</li> <li>Netbios connections to the System</li> <li>ARP Watch (New hosts in your network)</li> <li>NIDS (Detect anomalous network traffic based on editable rules)</li> </ul> <h3> Download ::</h3> <b>Windows :: </b><a href="http://sbdtools.googlecode.com/files/PatriotNG2.01.zip" target="_blank">Patriot NG 2.01</a><br /> <h3> Official Website ::</h3> http://www.security-projects.com/

Patriot NG (Changes Detection in Windows or in Network) :: Tools

Patriot NG is a 'Host IDS' tool which allows real time monitoring of changes in Win dows systems or Network attacks. Patrio...

Read more »

RadioGraPhy (Windows Forensics):: Tools

<h1 style="text-align: justify;"> </h1> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGdfL6aAjuUZfL4cv2ishXKH3b7wm0sBeE4Mv263XGux7kLLjdPx__2bfEER6EfwdbeuHKidz9M_nQnouYZOdT9g4CP8dg9gYZnPyIeR22fWyzdCN8nK9OJwlrCztFqYhjnDtG_ChHcUGu/s1600/radiography+screenshot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="RadioGraPhy Screenshot" border="0" height="308" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGdfL6aAjuUZfL4cv2ishXKH3b7wm0sBeE4Mv263XGux7kLLjdPx__2bfEER6EfwdbeuHKidz9M_nQnouYZOdT9g4CP8dg9gYZnPyIeR22fWyzdCN8nK9OJwlrCztFqYhjnDtG_ChHcUGu/s320-rw/radiography+screenshot.jpg" title="RadioGraPhy Screenshot" width="320" /></a></div> <div style="text-align: justify;"> <b>Radiography</b> is a<i> forensic tool </i>which <i>grabs as much information as possible from a Windows system.</i></div> <h3 style="text-align: justify;"> Its checks:</h3> <ul style="text-align: justify;"> <li><b>Registry keys related to startup process</b></li> <li><b>Registry keys with Internet Explorer settings</b></li> <li><b>System Accounts and properties</b></li> <li><b>Startup files</b></li> <li><b>System services</b></li> <li><b>Hosts file contents</b></li> <li><b>TaskScheduler tasks</b></li> <li><b>Loaded System Drivers</b></li> <li><b>NetBios Shares</b></li> <li><b>Hidden Windows</b></li> <li><b>System processes running (and their location if possible)</b></li> <li><b>Network information (Open connections, listening ports ...) </b></li> </ul> <h3 style="text-align: justify;"> <b>It has also unique features:</b></h3> <div style="text-align: justify;"> -When it identifies a process (running or configured in registry keys, startup directories or task scheduler) it checks its hash with Team Cymru's MALWARE HASH REGISTRY<span style="font-size: 14px; line-height: 1.4em;"> service to identify potential threats</span></div> <div style="text-align: justify;"> -RadioGraPhy does a process integrity test using 'WinUnhide' to catch hidden processes</div> <div style="text-align: justify;"> -Dump a copy of Eventlog and grab a copy of the process binaries for later review </div> <div style="text-align: justify;"> RadioGraPhy is <b>OpenSource</b> (GPL License) and come with a <b>CLI version</b> and a <b>graphic frontend</b> (please have a look to Screenshots section)</div> <h3 style="text-align: justify;">  </h3> <h3 style="text-align: justify;"> Download ::  </h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://sbdtools.googlecode.com/files/RadioGraPhyV2.zip" target="_blank"><b></b>RadioGraPhy 2.0</a><br /> <h3> Official Website :: </h3> http://www.security-projects.com/ </div>

RadioGraPhy (Windows Forensics):: Tools

Radiography is a forensic tool which grabs as much information as possible from a Windows system. Its checks: Registry keys relat...

Read more »

Resource Hacker :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpZjVrGJFtH2BFitMappIozYSxt03ch0tyD_rxMWkU1soLQT3wgej5yZ06mQAN7xBudt2kdUQDrSIVJbk3jU5LdZyJq4CEpCc0PruQ86DigUqc-UV15TtqvYQJ2nCeEa40Db6HlweBfjig/s1600/resource+hacker+logo.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="resource-hacker-logo" border="0" height="106" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpZjVrGJFtH2BFitMappIozYSxt03ch0tyD_rxMWkU1soLQT3wgej5yZ06mQAN7xBudt2kdUQDrSIVJbk3jU5LdZyJq4CEpCc0PruQ86DigUqc-UV15TtqvYQJ2nCeEa40Db6HlweBfjig/s320-rw/resource+hacker+logo.gif" title="resource-hacker-logo" width="320" /></a></div> <div style="text-align: justify;"> <b>Resource Hacker</b>^{<span style="font-size: xx-small;"></span>} is a <strong>freeware</strong> utility to <i>view, modify, rename, add, delete and extract resources in 32bit & 64bit Windows executables and resource files (*.res).</i> It incorporates an internal resource script compiler and decompiler and works on all (Win95 - Win7) Windows operating systems.<br /><br /> <i><b>Viewing Resources</b>:</i> Cursor, Icon, Bitmap, GIF, AVI, and JPG resource images can be viewed. WAV and MIDI audio resources can be played. Menus, Dialogs, MessageTables, StringTables, Accelerators, Delphi Forms, and VersionInfo resources can be viewed as decompiled resource scripts. Menus and Dialogs can also be viewed as they would appear in a running application.<br /><br /> <b><i>Saving Resources:</i></b> Resources can be saved as image files (*.ico, *.bmp etc), as script files (*.rc), as binary resource files (*.res), or as untyped binary files (*.bin).<br /><br /> <i><b>Modifying Resources</b>:</i> Resources can be modified by replacing the resource with a resource located in another file (*.ico, *.bmp, *.res etc) or by using the internal resource script compiler (for menus, dialogs etc). Dialog controls can also be visually moved and/or resized by clicking and dragging the respective dialog controls prior to recompiling with the internal compiler.<br /><b><br /> <i>Adding Resources:</i></b> Resources can be added to an application by copying them from external resource files (*.res).<br /><br /> <b><i>Deleting Resources:</i></b> Most compilers add resources into applications which are never used by the application. Removing unused resources can reduce an application's size. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Text :: </b><a href="http://www.askvg.com/tutorial-all-about-resource-hacker-in-a-brief-tutorial/" target="_blank">Click Here </a></div> <div style="text-align: justify;"> <b>Video ::</b></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/KfMZRjXxQ9w?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/e0QRLcCqUEc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://www.angusj.com/resourcehacker/reshack_setup.exe" target="_blank">Resource Hacker 3.6.0</a></div>

Resource Hacker :: Tools

Resource Hacker is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit & 64bit Windows executa...

Read more »

Nessus Vulnerability Scanner :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Nessus Scanner" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6OR9csOrOT-agaTAXqGm7Dc8g1dfaiyPSJfkytcfchemokfyYVleLfHTCbQ9BcaJeSphdnxcTWuwqbwY2H-DyYcG9WrHIjhQT4QOqsXXnCcZ_bjDwaor0JP3kIOYpZsIKzRe_L22Uaf0C/s1600-rw/images.jpg" title="Nessus Scanner" /> </div> <div style="text-align: justify;"> <b>Nessus Vulnereability Scanner</b> is one of the most powerful, popular and capable vulnerability scanners, particularly for UNIX or Windows systems. It was initially free and open source, but they closed the source code in 2005 and removed the free "Registered Feed" version in 2008. It now costs $1,200 per year, which still beats many of its competitors. A free “Home Feed” is also available, though it is limited and only licensed for home network use. </div> <div style="text-align: justify;"> <b>Nessus</b> is constantly updated, with more than 46,000 plugins. Key features include remote and local (authenticated) security checks, a client/server architecture with a web-based interface, and an embedded scripting language for writing your own plugins or understanding the existing ones. Agentless auditing of configurations, patches, and web applications. 55,000+ vulnerability and configuration checks (plugins) – new plugins updated daily. Scans networks, systems, data, and applications. Post-scan analysis and monitoring tools. Part of Tenable's enterprise USM platform – providing centralized management of multiple vulnerability scanners and real-time vulnerability, log, and compliance management.</div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/sqFXXvaA8p4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <b>Download Here</b><b> ::</b> <a href="http://www.tenable.com/products/nessus/select-your-operating-system" target="_blank">Nessus 5.2</a></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Official Website</b><u><b> </b></u><b>::</b> http://www.tenable.com/products/nessus </div> </div>

Nessus Vulnerability Scanner :: Tools

  Nessus Vulnereability Scanner is one of the most powerful, popular and capable vulnerability scanners, particularly for UNIX or Wind...

Read more »

XMPPloit - Attack XMPP Connections :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="XMPP-Logo" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJbbgjGa7xols5pAsNzkM1VxoM5c361s5-R8quLAeqhK24S_-FJUhWnV6NmA7YYihS6gMpZsXAcmxfKvVwPvAx293lwDoPcJaQRz79xsMy9SDuaADWq_QG9HIv8dxxC9mPfHr1mvJcSX6w/s1600-rw/xmpp+logo.png" title="XMPP Logo" /></div> <div style="text-align: justify;"> <ins style="background-color: transparent; border: none; display: inline-table; height: 15px; margin: 0; padding: 0; position: relative; visibility: visible; width: 728px;"><ins id="aswift_0_anchor" style="background-color: transparent; border: none; display: block; height: 15px; margin: 0; padding: 0; position: relative; visibility: visible; width: 728px;"></ins></ins><b>XMPPloit</b> is a <i>command-line tool to attack XMPP connections</i>, allowing the attacker to place a gateway between the client and the server and perform different attacks on the client stream. </div> <div style="text-align: justify;"> The tool exploit implements vulnerabilities at the client & server side utilizing the <b>XMPP protocol.</b></div> <div style="text-align: justify;"> The main goal is that all the process is transparently for the user and never replace any certificate (like HTTPS attacks).</div> <div style="text-align: justify;"> <strong>Features</strong></div> <ul style="text-align: justify;"> <li> Downgrade the authentication mechanism (can obtain the user credentials)</li> <li> Force the client not to use an encrypted communication</li> <li> Set filters for traffic manipulation</li> </ul> <div style="text-align: justify;"> Filters that have been implemented in this version for Google Talk are:</div> <ul style="text-align: justify;"> <li> Read all the the user’s account mails</li> <li> Read and modify all the user’s account contacts (being or not in the roster).</li> </ul> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Fj5kbwqXsqY?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Download Here :: </b><a href="http://www.ldelgado.es/aplicaciones/xmpploit/XMPPloit.7z" target="_blank">XMPPloit (for Win)</a><b><br /></b></div> <div style="text-align: justify;"> <b>Official Website :: </b>http://www.ldelgado.es/index.php?dir=aplicaciones/xmpploit </div> </div>

XMPPloit - Attack XMPP Connections :: Tools

XMPPloit is a command-line tool to attack XMPP connections , allowing the attacker to place a gateway between the client and the serv...

Read more »

Ncrack (High-speed Network Authentication Cracking Tool) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="ncrack logo" border="0" height="320" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTZ3lIMmsg2bXFQ3EfDcXfWLUJYog8aMnAtiIuV7NgIFh5oFH9Cs8lIdCCaS_kVyWFjG3wzkScAgwHcpPTnk5dnBtQS-drog-Hs0joSkX89M1wR7jfrG6DXK-qbBc19tSAKwdvG0eWaygL/s320-rw/ncrack_logo.png" title="ncrack logo" width="284" /></div> <div style="text-align: justify;"> <b>Ncrack</b> is a <i>High-speed Network Authentication Cracking Tool</i>. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on <b>Ncrack</b> when auditing their clients. <b>Ncrack</b> was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts. </div> <div style="text-align: justify;"> <b>Ncrack's</b> features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap's and many more. Protocols supported include RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and telnet. </div> <div style="text-align: justify;"> <b>Ncrack</b> was started as a "<i>Google Summer of Code"</i> Project in 2009. While it is already useful for some purposes, it is still unfinished, alpha quality software. It is released as a standalone tool and can be downloaded from the section below. Be sure to read the Ncrack man page to fully understand Ncrack usage. If you are a developer and want to write your own Ncrack modules, studying the Ncrack Developer's Guide would be the first step. </div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/bmldcBOxyvc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b> Download Here ::</b> <a href="http://nmap.org/ncrack/dist/ncrack-0.4ALPHA-setup.exe">ncrack-0.4ALPHA-setup.exe</a><b> (</b>for Windows)</div> <div style="text-align: justify;">                                <a href="http://nmap.org/ncrack/dist/ncrack-0.4ALPHA.tar.gz">ncrack-0.4ALPHA.tar.gz</a> (for Linux) </div> <div style="text-align: justify;"> <b>Official Website ::</b> http://nmap.org/ncrack/ </div> </div>

Ncrack (High-speed Network Authentication Cracking Tool) :: Tools

Ncrack is a High-speed Network Authentication Cracking Tool . It was built to help companies secure their networks by proactively test...

Read more »