Creepy (A Geolocation OSINT Tool) :: Tools

<p style="text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTMXR4-ayRdnriidUVQ4oZz3fyWm7PYeRQO3N5-pTyBtsw5Y4l_w6u_0VdPVfnV5IYPkcMwFhxmtgg2HZ8inLe_DG4acjmxSsWAQMA_5a4e_FZV4LPDsm5TOoHb7ZFBZmgMwaPRgSmuk1q/s1854/creepy.png" style="margin-left: 1em; margin-right: 1em;"><img alt="Creepy - A Geolocation OSINT Tool" border="0" data-original-height="1080" data-original-width="1854" height="233" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTMXR4-ayRdnriidUVQ4oZz3fyWm7PYeRQO3N5-pTyBtsw5Y4l_w6u_0VdPVfnV5IYPkcMwFhxmtgg2HZ8inLe_DG4acjmxSsWAQMA_5a4e_FZV4LPDsm5TOoHb7ZFBZmgMwaPRgSmuk1q/w400-h233/creepy.png" title="Creepy - A Geolocation OSINT Tool" width="400" /> </a></p><p style="text-align: justify;">Creepy is an open-source Geolocation intelligence tool. It collects information about Geolocation by using various social networking platforms and image hosting services that are already published somewhere else. Creepy presents the reports on the map, using a search filter based on the exact location and date. These reports are available in CSV or KML format to export for additional analysis.</p><h3>Quick Start Instructions</h3> <ul><li>Download creepy ( source code or the installers provided here for your platform )</li><li>Configure the plugins. Edit -> Plugins Configuration -> Select plugin and run the wizards, following the instructions</li><li>Create a new project : Creepy -> New Project -> Person Based Project . Search for the target selecting the available plugins.</li><li>Right click on the project -> Analyze Current Project</li><li>Wait :)</li><li>The locations will be drawn on the map, once the analysis is complete.</li><li>Filter locations, export locations, view them on the map.</li></ul><div style="text-align: left;"><b>Installation:</b><a href="https://www.geocreepy.com/" target="_blank"><b> </b>Installation Guide</a></div><div style="text-align: left;"> </div><div style="text-align: left;"><div style="text-align: left;"><b>Download Here:  </b></div><div style="text-align: left;"><a href="https://github.com/jkakavas/creepy/releases/download/v1.4.1/creepy_setup_v1.4.1_x86_64.exe" target="_blank">Creepy v1.4.1 Windows x64</a></div><div style="text-align: left;"><a href="https://github.com/jkakavas/creepy/releases/download/v1.4.1/creepy_setup_v1.4.1_x86_32.exe" rel="nofollow" target="_blank">Creepy v1.4.1 Windows x32</a></div><div style="text-align: left;"><a href="https://github.com/jkakavas/creepy/releases/download/v1.4.1/cree.py_1.4.1.dmg.zip" rel="nofollow" target="_blank">Creepy v1.4.1 OSX</a><br /></div></div>

Creepy (A Geolocation OSINT Tool) :: Tools

    Creepy is an open-source Geolocation intelligence tool. It collects information about Geolocation by using various social networking ...

Read more »

SubBrute (Subdomain Bruteforcer) :: Tools

<p style="text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir8Vkrnp22NNcwJ4TRgPi1YAm_XJvNmKenaVQ0w98RW2yv5rqslLJflOiKfr0HEHmjopBvu_-nmjjxc3eYsn0w8kMP6PHuX9xMhvRigmyxoBDd-bwTEbnjX-H_haEpL0DfBWjSX9-CfDA/s1600/SubBrute.jpg" style="margin-left: 1em; margin-right: 1em;"><img alt="subbrute subdomain bruteforce" border="0" data-original-height="900" data-original-width="1600" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEir8Vkrnp22NNcwJ4TRgPi1YAm_XJvNmKenaVQ0w98RW2yv5rqslLJflOiKfr0HEHmjopBvu_-nmjjxc3eYsn0w8kMP6PHuX9xMhvRigmyxoBDd-bwTEbnjX-H_haEpL0DfBWjSX9-CfDA/w400-h225/SubBrute.jpg" title="subbrute subdomain bruteforce" width="400" /> </a></p><p style="text-align: justify;">SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting. This design also provides a layer of anonymity, as SubBrute does not send traffic directly to the target's name servers.</p><p><span style="font-size: medium;"><b>I<span>nstallation & Use:</span></b> </span></p><p>No install required for Windows, just cd into the 'windows' folder:</p> <ul><li>subbrute.exe google.com</li></ul> <p>Easy to install: You just need and python2.7 or python3. This tool should work under any operating system: bsd, osx, windows, linux...</p> <p>(On a side note giving a makefile root always bothers me, it would be a great way to install a backdoor...)</p> <p>Under Ubuntu/Debian all you need is:</p> <ul><li>sudo apt-get install python-dnspython</li></ul> <p>On other operating systems you may have to install dnspython manually:</p> <p>Easy to use:</p> <ul><li>./subbrute.py google.com</li></ul> <p>Tests multiple domains:</p> <ul><li>./subbrute.py google.com gmail.com blogger.com</li></ul> <p>or a newline delimited list of domains:</p> <ul><li>./subbrute.py -t list.txt</li></ul> <p>Also keep in mind that subdomains can have subdomains (example: _xmpp-server._tcp.gmail.com):</p> <ul><li> <p>./subbrute.py gmail.com > gmail.out</p> </li><li> <p>./subbrute.py -t gmail.out</p> </li></ul><p style="text-align: justify;"><b><span style="font-size: small;">Download: <a href="https://github.com/TheRook/subbrute" target="_blank">Subbrute v1.2.1</a><br /></span></b></p>

SubBrute (Subdomain Bruteforcer) :: Tools

    SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool. Some of th...

Read more »

OWASP Amass - Subdomain Enumeration/Scanner : Tool

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMkkEOynUt7XrCQ08ZO7DXwHrtiOnQ6KzkLBUGr1ORjHVElgEpZ9YVI12g5k_1CWCHXdVc6OtERaG_LVt1zaJauILNLAlL8-xYEHP_XzhiMuaTTQvj24MNCzzlTviXcpeJyIidAxA-V08e/s1600/Amass.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="OWASP Amass Subdomain Scanner" border="0" data-original-height="327" data-original-width="647" height="202" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMkkEOynUt7XrCQ08ZO7DXwHrtiOnQ6KzkLBUGr1ORjHVElgEpZ9YVI12g5k_1CWCHXdVc6OtERaG_LVt1zaJauILNLAlL8-xYEHP_XzhiMuaTTQvj24MNCzzlTviXcpeJyIidAxA-V08e/s400/Amass.JPG" title="OWASP Amass Subdomain Scanner" width="400" /></a></div> <br /> <div style="text-align: justify;"> The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques.</div> <b><br /> </b> <b>Information Gathering Techniques Used:</b><br /> <br /> <div style="text-align: justify;"> 1] DNS: Basic enumeration, Brute forcing (upon request), Reverse DNS sweeping, Subdomain name alterations/permutations, Zone transfers (upon request)</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> 2] Scraping: Ask, Baidu, Bing, CommonCrawl, DNSDumpster, DNSTable, Dogpile, Exalead, FindSubdomains, Google, HackerOne, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ViewDNS, Yahoo</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> 3] Certificates: Active pulls (upon request), Censys, CertDB, CertSpotter, Crtsh, Entrust</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> 4] APIs: AlienVault, BinaryEdge, BufferOver, CIRCL, DNSDB, HackerTarget, Mnemonic, NetworksDB, PassiveTotal, RADb, Robtex, SecurityTrails, ShadowServer, Shodan, Sublist3rAPI, TeamCymru, ThreatCrowd, Twitter, Umbrella, URLScan, VirusTotal</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> 5] Web Archives: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, Wayback</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Video Tutorial:</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/mEQnVkSG19M/0.jpg" frameborder="0" height="330" src="https://www.youtube.com/embed/mEQnVkSG19M?feature=player_embedded" width="100%"></iframe></div> <h3 style="text-align: justify;">  </h3> <h3 style="text-align: justify;"> Documentation:  </h3> <div style="text-align: justify;"> 1] <a href="https://github.com/OWASP/Amass/blob/master/doc/install.md" target="_blank">Installation Guide </a></div> <div style="text-align: justify;"> 2] <a href="https://github.com/OWASP/Amass/blob/master/doc/user_guide.md" target="_blank">User's Manual/How to Use</a></div> <h3 style="text-align: justify;"> Download:</h3> <div style="text-align: justify;"> Amass is available for various platforms like Linux, Windows, MacOS etc.</div> <div style="text-align: justify;"> 1] <a href="https://github.com/OWASP/Amass" target="_blank">Download Link</a></div> <div style="text-align: justify;"> 2] <a href="https://github.com/OWASP/Amass/releases" target="_blank">Precompiled Binary</a> (Windows, MacOS, Linux)</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Official Page:</b> <a href="https://github.com/OWASP/Amass" target="_blank">OWASP Amass</a></div>

OWASP Amass - Subdomain Enumeration/Scanner : Tool

The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and p...

Read more »

Raptor (Web Application Firewall) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiadcCxjJTdux51f0JnZ23ps_ghlV5q5tBnR2Xv4ExUOtd8LXLQSWTjZCMEyLd7dUktgn7BL70xkpRD5Hh2v461lGfjvlUGFsntnBgcuOUEU_JBZhfqZHYDfF-NPfiBj6aYlvqwxsQHwQ-z/s1600/Raptor.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Download Web Application Firewall Raptor" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiadcCxjJTdux51f0JnZ23ps_ghlV5q5tBnR2Xv4ExUOtd8LXLQSWTjZCMEyLd7dUktgn7BL70xkpRD5Hh2v461lGfjvlUGFsntnBgcuOUEU_JBZhfqZHYDfF-NPfiBj6aYlvqwxsQHwQ-z/s1600/Raptor.png" title="Raptor Web Application Firewall" /></a></div> <div style="text-align: justify;"> <b>Raptor</b> is an Open Source Tool, your focus is study of attacks and find intelligent ways to block attacks. Raptor is made in pure C, don’t use regex or other common ways to block attacks, use deterministic finite automaton, yes is diferent and fast like a raptor dinosaur, Raptor follow principle KISS (Keep It Simple), you can use Raptor to simulate attacks and learning new ways to bypasses.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> WAF stands for Web Application Firewall. It is widely used nowadays to detect and defend SQL Injections and XSS...</div> <ul> <li>    You can block XSS, SQL injection attacks and path traversal with Raptor</li> <li>    You can use blacklist of IPs to block some users at config/blacklist ip.txt</li> <li>    You can use IPv6 and IPv4 at communications</li> <li>    At the future DoS protector, request limit, rule interpreter and Malware detector at uploads.</li> <li>    At the future SSL/TLS...</li> </ul> <b>Installation: </b><br /> to run:<br />$ git clone https://github.com/CoolerVoid/raptor_waf<br />$ cd raptor_waf; make; bin/raptor<br /> <br /> <b>Usage: </b><br /> Up some HTTPd server at port 80<br />$ bin/Raptor -h localhost -p 80 -r 8883 -w 4 -o loglog.txt<br /> <b> </b><br /> <b>Documentation: </b><a href="https://github.com/CoolerVoid/raptor_waf/blob/master/doc/raptor.pdf" rel="nofollow" target="_blank">Click Here</a><b> </b><br /> <h3> <b>Download: </b></h3> <b>Linux: </b><a href="http://sourceforge.net/projects/raptorwaf/files/latest/download" rel="nofollow" target="_blank">Raptor</a>  <b><br /></b>

Raptor (Web Application Firewall) :: Tools

Raptor is an Open Source Tool, your focus is study of attacks and find intelligent ways to block attacks. Raptor is made in pure C, don’...

Read more »

Echo Mirage 3.1 :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifvB-lq7ocGqBXR7di9weB76khloj25f-AdTfIHjMhY1mlB5EDYxX5kz5DJnyRjhDaI2IfKRsb65SReUbaFQn-CqfpIec1dx1biJwetM3rFPQHtE5dLix-SIWXUaIbKm9jlayP2-4whOkm/s1600/Echo+Mirage.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Download Echo Mirage" border="0" height="219" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifvB-lq7ocGqBXR7di9weB76khloj25f-AdTfIHjMhY1mlB5EDYxX5kz5DJnyRjhDaI2IfKRsb65SReUbaFQn-CqfpIec1dx1biJwetM3rFPQHtE5dLix-SIWXUaIbKm9jlayP2-4whOkm/s320/Echo+Mirage.jpg" title="Echo Mirage 3.1 from ToolWar" width="320" /></a></div> <div style="text-align: justify;"> <b>Echo Mirage</b> is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function calls so that data transmitted and received by local applications can be observed and modified.<br /><br />Windows encryption and OpenSSL functions are also hooked so that plain text of data being sent and received over an encrypted session is also available.<br /><br />Traffic can be intercepted in real-time, or manipulated with regular expressions and action scripts.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> Note: Echo Mirage is no longer available from author. Here is the archived copy of it. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>License: </b>Freeware<b> </b></div> <div style="text-align: justify;"> <b>Download:: </b><a href="http://woodmann.com/collaborative/tools/images/Bin_Echo_Mirage_2014-1-11_17.28_EchoMirage-3.1.rar" rel="nofollow" target="_blank">Echo Mirage 3.1</a> (.exe) </div> <div style="text-align: justify;"> <br /></div>

Echo Mirage 3.1 :: Tools

Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function call...

Read more »

Mobile Security Framework (MobSF) : Framework

<div class="separator" style="clear: both; text-align: center;"> <img alt="Mobile Security Framework : ToolWar" border="0" height="232" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg92QuRFrhtVqI-D5Nzc-bu8_p0vvCirYl6qqK45JFNtlLSChwXklrMauZ_BLYvAZfq7H7ml0YTzaijl0GfbktnY_-sHW34h8B1tteqowCXjg_ELksZixDcb5Ff1B0JPxCVUTK9mYO9iNhL/s400/MobSF.png" title="Mobile Security Framework : ToolWar" width="400" /></div> <div style="text-align: justify;"> <b>Mobile Security Framework (MobSF)</b> is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code.<b> MobSF</b> can also perform Web API Security testing with it's API Fuzzer that can do Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session and API Rate Limiting.</div> <div style="text-align: justify;"> <br /></div> <h3> Tutorial: </h3> <ul> <li><a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/wiki/1.-Documentation">https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/wiki/1.-Documentation</a></li> </ul> <h3> Video Tutorial: </h3> <h3> Download: <strong> </strong></h3> <strong>Windows</strong>: Extract the <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to C:\MobSF<strong> </strong><br /> <strong>Mac</strong>: Extract <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to /Users/[username]/MobSF<strong> </strong><br /> <strong>Linux</strong>: Extract <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to /home/[username]/MobSF<br /> <br /> <div style="text-align: justify;"> <br /></div>

Mobile Security Framework (MobSF) : Framework

Mobile Security Framework (MobSF) is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing fram...

Read more »

File Checksum Integrity Verifier (FCIV) :: Tools

<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifiuoVgmPKnVv9FUPZCSghpYzLaUQwzuaKU8v8skrGBuWZoj41I7sJPa5FdwMXd-6eNTmk1tDeez_445FFajOVtFnJ41J5DDpJt86mLlt_wOEi4IlFikSdtZmR1TuI6jvApYPg6gM-Gx52/s1600/File+Checksum+Integrity+Verifier+FCIV.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="File Checksum Integrity Verifier (FCIV)" border="0" height="299" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifiuoVgmPKnVv9FUPZCSghpYzLaUQwzuaKU8v8skrGBuWZoj41I7sJPa5FdwMXd-6eNTmk1tDeez_445FFajOVtFnJ41J5DDpJt86mLlt_wOEi4IlFikSdtZmR1TuI6jvApYPg6gM-Gx52/s640/File+Checksum+Integrity+Verifier+FCIV.JPG" title="File Checksum Integrity Verifier (FCIV)" width="640" /></a></div><div style="text-align: justify;">The File Checksum Integrity Verifier (FCIV) is a command-prompt utility that computes and verifies cryptographic hash values of files. FCIV can compute MD5 or SHA-1 cryptographic hash values. These values can be displayed on the screen or saved in an XML file database for later use and verification.</div><div style="text-align: justify;">FCIV (File Checksum Integrity Verifier) is a small tool or utility from Microsoft that allow us to compute (MD5 and SHA1) and verify Integrity of files. If you are a malware analyst or a researcher or a user who want secure things then you can done a fabulous things with this small utility.</div><h3 class="sbody-h3" style="text-align: justify;">Features</h3><div style="text-align: justify;">The FCIV utility has the following features:</div><ul class="sbody-free_list"><li style="text-align: justify;"> Supports MD5 or SHA1 hash algorithms (The default is MD5.)</li> <li style="text-align: justify;"> Can output hash values to the console or store the hash value and file name in an XML file</li> <li style="text-align: justify;">Can recursively generate hash values for all files in a directory and in all subdirectories (for example, <span class="text-base">fciv.exe c:\ -r</span>)</li> <li style="text-align: justify;">Supplies an exception list to specify files or directories to hash</li> <li style="text-align: justify;">Can store hash values for a file with or without the full path of the file</li> </ul><h3> Example usage</h3><ul class="sbody-free_list"><li>To display the MD5 hash of a file, type the following command at a command prompt: <div class="indent"><span class="sbody-userinput">fciv.exe <var class="sbody-var">filename</var></span></div><span class="text-base">Note </span><var class="sbody-var"> filename</var> is the name of the file.</li> <li>To compute a hash of a file, type a command line that is similar to any one of the following command lines: <div class="indent"><span class="sbody-userinput">fciv.exe c:\mydir\<var class="sbody-var"><var class="sbody-var">myfile.dll</var></var></span><br /> <br /> <span class="sbody-userinput">fciv.exe c:\ -r -exc exceptions.txt -sha1 -xml dbsha.xml</span><br /> <br /> <span class="sbody-userinput">fciv.exe c:\<var class="sbody-var">mydir</var> -type *.exe</span><br /> <br /> <span class="sbody-userinput">fciv.exe c:\<var class="sbody-var">mydir</var> -wp -both -xml db.xml</span></div></li> <li>To list the hashes that are stored in a database, type a command line that is similar to the following command line: <div class="indent"><span class="sbody-userinput">fciv.exe -list -sha1 -xml db.xml</span></div></li> <li>To verify a hash in a file, type a command line that is similar to any one of the following command lines: <div class="indent"><span class="sbody-userinput">fciv.exe -v -sha1 -xml db.xml</span><br /> <br /> <span class="sbody-userinput">fciv.exe -v -bp c:\<var class="sbody-var">mydir</var> -sha1 -xml db.xml</span></div></li> </ul><h3>Video Tutorial::</h3><br /> <div class="separator" style="clear: both; text-align: center;"><br /> <iframe width="100%" height="330" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/sOtnut9wM38/0.jpg" src="https://www.youtube.com/embed/sOtnut9wM38?feature=player_embedded" frameborder="0" allowfullscreen></iframe></div><br /> <h3>Download ::</h3><b>Windows:</b> <a href="http://www.microsoft.com/en-in/download/details.aspx?id=11533" rel="nofollow" target="_blank">Microsoft FCIV</a>

File Checksum Integrity Verifier (FCIV) :: Tools

The File Checksum Integrity Verifier (FCIV) is a command-prompt utility that computes and verifies cryptographic hash values of files. FCI...

Read more »

SpiderFoot (Open Source Footprinting) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="spiderfoot logo" border="0" height="97" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3OsA6C6TqkPGzSteLe5Il6DIbd5vJ2R2ygYKxmMpztIbUkSadC9dsHcwl_7QR802M4qPoJJisrwSlI8DMAEUell4jeIyK4qx3jReRPGdrFQmb11OzHZZF0LqZ5PMxpn_9YKKrUSujN-Vq/s1600/spiderfoot-logo-named.jpg" title="spiderfoot logo" width="320" /></div> <div style="text-align: justify;"> <b>SpiderFoot</b> is a free, <b>open-source footprinting tool</b>, enabling you to perform various scans against a given domain name in order to <i>obtain information</i> such as <i>sub-domains, e-mail addresses, owned netblocks, <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> server versions</i> and so on. The main objective of <b>SpiderFoot</b> is to automate the <b>footprinting</b> process to the greatest extent possible, freeing up a penetration tester’s time to focus their efforts on the <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> <a href="http://www.toolwar.com/search/label/Testing" target="_blank">testing</a> itself. <br /> <br /> <h3> Features ::</h3> </div> <ul style="text-align: justify;"> <li><b>SpiderFoot's</b> simple web-based interface enables you to kick off a scan immediately after install - just give your scan a name, the domain name of your target and select which modules to enable. </li> <li>You will quickly obtain information such as: URLs handling <a href="http://www.toolwar.com/search/label/Password" target="_blank">passwords</a>, <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> ranges (netblocks), web servers, open ports, information about SSL certificates, and much more.</li> <li>All <b>SpiderFoot</b> scan results are stored within an internal SQLite database, meaning that during a running scan and after a scan has completed, you can easily browse results, export to CSV and soon also be able to search scan results.</li> <li><b>SpiderFoot</b> is designed from the ground-up to be modular. This means you can easily add your own modules that consume data from other modules to perform whatever task you desire. As a simple example, you could create a module that automatically attempts to <a href="http://www.toolwar.com/search/label/Bruteforce" target="_blank">brute-force </a>usernames and passwords any time a password-handling webpage is identified by the spidering module.</li> </ul> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/jD2rgooP2T0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3>  </h3> <b>Installing ::</b> <a href="https://github.com/smicallef/spiderfoot/wiki/Installing" target="_blank">Click Here</a>  <b> </b><br /> <b>Release Notes ::</b> <a href="https://github.com/smicallef/spiderfoot/wiki/Release-Notes" target="_blank">Click Here</a> <br /> <br /> <h3> Download ::</h3> <b>Windows ::</b> <a href="http://sourceforge.net/projects/spiderfoot/files/SpiderFoot-2.1.0-w32.zip/download" target="_blank">SpiderFoot v2.1.0x86</a> (.zip)<br /> <b>Linux/Solaris/BSD ::</b> <a href="http://sourceforge.net/projects/spiderfoot/files/spiderfoot-2.1.0-src.tar.gz/download" target="_blank">SpiderFoot v2.10</a> (.tar.gz) <b> </b><br /> <b>Official Website :: </b><a href="http://www.spiderfoot.net/">http://www.spiderfoot.net/</a>

SpiderFoot (Open Source Footprinting) :: Tools

SpiderFoot is a free, open-source footprinting tool , enabling you to perform various scans against a given domain name in order to obta...

Read more »

Suricata (IDS/IPS Engine) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="suricata logo" border="0" height="265" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBA8R1kVvwx8gIls0T9zJesWG83diVGoQDvpgQ64t30hKH72d_JYtyh6xI7vCSI20ZvkEvN3A3va6GdCt1J0dGvzTFshoa1K338lSeSq1we3BTEUrhBpV9mg7FY32RNfglod3Y94UbDU91/s1600/suricata.png" title="suricata logo" width="320" /></div> <b>The Suricata Engine</b> is an <b>Open Source Next Generation Intrusion Detection and Prevention Engine.</b> This engine is not intended to just replace or emulate the existing <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> in the industry, but will bring new ideas and technologies to the field.<br /> <br /> <b>OISF</b> is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as through the very generous support of the members of the OISF Consortium. More information about the Consortium is available, as well as a list of our current Consortium Members.<br /> <br /> The <b>Suricata </b>Engine and the HTP Library are available to use under the GPLv2.<br /> <br /> The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod <a href="http://www.toolwar.com/search/label/Security" target="_blank">Security</a> fame for the OISF. This integrates and provides very advanced processing of HTTP streams for <b>Suricata</b>. The HTP library is required by the engine, but may also be used independently in a range of applications and tools.</div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <h3> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/A8e3y2DRiWg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> </div> </div> <div style="text-align: justify;"> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/-CDGwRm2ue8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> </div> <div style="text-align: justify;"> <b>Unix, Linux & Mac :: </b><a href="https://redmine.openinfosecfoundation.org/attachments/download/971/Suricata-1.4.7-1-32bit.msi" target="_blank">Suricata v1.4.7</a> (.tar.gz)<b> </b></div> <div style="text-align: justify;"> <b>Windows :: </b><a href="https://redmine.openinfosecfoundation.org/attachments/download/971/Suricata-1.4.7-1-32bit.msi" target="_blank">Suricata v1.4.7.1</a> (.msi)</div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://www.openinfosecfoundation.org/index.php/download-suricata">http://www.openinfosecfoundation.org/index.php/download-suricata</a></div>

Suricata (IDS/IPS Engine) :: Tools

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just re...

Read more »

XSSYA v2.0 (Cross Site Scripting Vulnerability Confirmation) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="XSSYA" border="0" height="331" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNyLNtuNpGkSYVXv-zl0SWTmpu-N6hsMjZKUMWHY9Yr3-POS5ttLGClLCyeE9UKcizHkGBuH-983P6_jdBjo6CSewy_F_t5UcNwzj63_46CmPuWVQDysRaMutNYvz6cp9a2otmjHFyIcjA/s1600/XSSYA+Screenshot.png" title="XSSYA Screenshot" width="640" /></div> <br /> <div style="text-align: justify;"> <b>XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation)</b> written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a> scripting language confirm the <a href="http://www.toolwar.com/search/label/XSS" target="_blank">XSS Vulnerability</a> in two method first work by execute the payload encoded to bypass <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> Application Firewall which is the first method  request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie. </div> <br /> <h3> Key Features:</h3> <ul> <li>Support HTTPS</li> <li>After Confirmation (execute payload to get cookies)</li> <li>Can be run in (Windows - Linux)</li> <li>Identify 3 types of WAF (Mod_Security - WebKnight - F5 BIG IP)</li> <li>XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)</li> <li>Support Saving The Web HTML Code Before Executing</li> <li>the Payload Viewing the Web HTML Code into the Screen or Terminal</li> </ul> <h3> What's New: </h3> (XSSYA v 2.0 has more payloads; library contains 41 payloads to enhance detection level XSS scanner is now removed from XSSYA to reduce false positive. URLs to be tested used to not allow any character at the end of the URL except (/ - = -?) but now this limitation has been removed.<br /> <br /> <div style="text-align: justify;"> Custom Payload 1 – You have the ability to Choose your Custom Payload Ex: and you can encode your custom payload with different types of encodings like (B64 – HEX – URL_Encode –- HEX with Semi Columns). (HTML Entities à Single & Double Quote only - brackets – And – or Encode all payload with HTML Entities) This feature will support also XSS vulnerability confirmation method which is you choose you custom payload and custom Encoding execute if response 200 check for same payload decoded in HTM code page. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> HTML5 Payloads XSYSA V2.0 contains a library of 44 HTLM5 payloads XSSYA have a Library for the most vulnerable application with XSS – Cross site scripting and this library counting (Apache – WordPress – PHPmy Admin) If you choose application it give the CVE Number version of Apache which is affected and the link for CVE for more details so it will be easy to search for certain version that is affected with XSS. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> XSSYA has the feature to convert the IP address of the attacker to (Hex, Dword, Octal) to bypass any security mechanism or IPS that will be exist on the target Domain. XSSYA check is the target is Vulnerable to XST (Cross Site Trace) which it sends custom Trace Request and check if the target domain is Vulnerable the request will be like this: </div> <br />TRACE / HTTP/1.0 <br />Host: demo.testfire.net <br />Header1: < script >alert(document.cookie);<br /> <h3> Tutorials:</h3> <b>User Guide:</b> <a href="http://labs.dts-solution.com/xssya-forget-the-browser-for-xss-by-yehia-mamdouh/" target="_blank">Click Here</a><br /> <h3> Download:</h3> <b>Python: </b><a href="https://github.com/yehia-mamdouh/XSSYA-V-2.0/archive/master.zip" target="_blank">XSSYA v2.0</a>

XSSYA v2.0 (Cross Site Scripting Vulnerability Confirmation) :: Tools

XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation) written in python scripting language confirm the XSS Vulnerabili...

Read more »

Juli (MITM) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="MITM Attack Security" border="0" height="305" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO8ISFmjA0ekD7MPO8ICWGwpqxp0xB5sjipk9sIvcZyXydEZ4YA3TdPy0DID6206FpnsQF94cYahJVQlvRI8mFhifxNHnoqQe8lRrQSzD1Nb0FulPIAmHltwTkMP-pCvxsLo32-8Gk8M3K/s1600/Parasite-Attack-MITM.jpg" title="MITM Attack Security" width="640" /></div> <br /> A simple automated perl script for MiTM ( man-in-the-middle ) attacks. <br /> <h4> </h4> <h4> Requirements:</h4> <ul class="task-list"> <li>Linux ( I tested it on Ubuntu 14.04 LTS )</li> <li>Perl</li> <li>sslstrip <a href="https://github.com/moxie0/sslstrip">https://github.com/moxie0/sslstrip</a> </li> <li>arpsoof ( from dsniff can be found here <a href="http://www.monkey.org/%7Edugsong/dsniff/">http://www.monkey.org/~dugsong/dsniff/</a> )</li> </ul> <h4> Usage:</h4> Script must be runned as a root user<br /> <ul class="task-list"> <li> sudo juli.pl interface targetip</li> </ul> <b>Download:</b><br /> <b>Linux: <a href="https://github.com/em616/Juli" target="_blank">Juli.pl</a></b>

Juli (MITM) :: Tools

A simple automated perl script for MiTM ( man-in-the-middle ) attacks. Requirements: Linux ( I tested it on Ubuntu 14.04 LTS ) Per...

Read more »

Orbot (Tor for Android Devices) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="orbot logo" border="0" height="312" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5RYmrfY-dbfDYpMMg0kD6ucxTAaijL-WLejZZ5J8cNhrGhCl0Y07Wnk3u8L2K65SE63V51dEeDhwL_hVod55CRBWkisVhoF5PHttLmmDBqNtI-0OLlkc9RkbWIcFGN0qHryBxqCyEOEI-/s640/orbot+logo.png" title="orbot logo" width="640" /></div> <div style="text-align: justify;"> <b>Orbot</b> is a <b>free proxy app</b> that empowers other apps to use the <i> internet more securely</i>. <b>Orbot</b> uses Tor to <a href="http://www.toolwar.com/search/label/Encryption" target="_blank">encrypt</a> your Internet traffic and then hides it by bouncing through a series of computers around the world. <a href="http://www.toolwar.com/search/label/Tor" target="_blank"><b>Tor</b></a> is <a href="http://www.toolwar.com/search/label/Free" target="_blank">free</a> software and an open <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a>.</div> <div style="text-align: justify;"> <b>Orbot</b> is the only app that creates a truly private internet connection. As the New York Times writes, “when a communication arrives from Tor, you can never know where or whom it’s from.” Tor won the 2012 Electronic Frontier Foundation (EFF) Pioneer Award.</div> <div style="text-align: justify;"> <br /> <b>ACCEPT NO SUBSTITUTES</b>: <b>Orbot</b> is the safest way to use the Internet on <a href="http://www.toolwar.com/search/label/Android" target="_blank">Android</a>. Period. <b>Orbot</b> bounces your encrypted traffic several times through computers around the world, instead of connecting you directly like <a href="http://www.toolwar.com/search/label/Proxy" target="_blank">VPNs and proxies</a>. This process takes a little longer, but the strongest privacy and identity protection available is worth the wait.</div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Dcf5sh99ze0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <h3 style="text-align: justify;">  </h3> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Android Play Store ::</b> <a href="https://market.android.com/details?id=org.torproject.android" target="_blank">Orbot</a> </div> <div style="text-align: justify;"> <b>Direct Download :: </b><a href="https://guardianproject.info/releases/orbot-latest.apk" target="_blank">Orbot.apk</a></div> <div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> </div> </div> <div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: left;"> <b>Official Website :: </b><a href="https://guardianproject.info/apps/orbot/">https://guardianproject.info/apps/orbot/</a></div> <div class="separator" style="clear: both; text-align: left;"> <b> </b></div> <b> </b></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div>

Orbot (Tor for Android Devices) :: Tools

Orbot is a free proxy app that empowers other apps to use the internet more securely . Orbot uses Tor to encrypt your Internet traff...

Read more »

Mandiant Redline (Memory and File Analysis) :: Tools

<div class="separator" style="clear: both; text-align: center;">  <img alt="Mandiant Redline Logo" border="0" height="233" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi85inxEf7aGj9rwDfJlLA1TZjt029HkuPRCGRhLSQHEAM3zBvwbuLTQ5KRk0_EUdzGhbt6PbzzhpzYo2kQigms2_eBtiT3rOaRdXb8fjaQlF-7JuBE_st3IAFkZd3E5dxJ-TJdPkeBzB0X/s400/Memoryze+Logo.png" title="Mandiant Redline Logo" width="400" /></div> <div style="text-align: justify;"> <b>Redline, Mandiant’s</b> premier free tool, provides<i> host investigative</i> capabilities to users to find signs of <i>malicious activity through memory and file analysis</i>, and the development of a threat assessment profile.  With <b>Redline,</b> users can:</div> <ul style="text-align: justify;"> <li>Thoroughly audit and collect all running processes and drivers from <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a>, file system metadata, <a href="http://www.toolwar.com/search/label/Registry" target="_blank">registry</a> data, event logs, <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> information, services, tasks, and <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> history.</li> <li>Analyze and view imported audit data, including narrowing and filtering results around a given timeframe using <b>Redline’s</b> Timeline functionality with the TimeWrinkle™ and TimeCrunch™ features.</li> <li>Streamline memory analysis with a proven workflow for analyzing <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> based on relative priority.</li> <li>Identify processes more likely worth investigating based on the <b>Redline</b> Malware Risk Index (MRI) score.</li> <li>Perform Indicator of Compromise (IOC) <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a>. Supplied with a set of IOCs, the Redline Portable Agent is automatically configured to gather the data required to perform the IOC analysis and an IOC hit result review. </li> </ul> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> In addition, <b>Redline</b> can be used in conjunction with <b>Mandiant for Intelligent Response®(MIR®)</b> and <b>Mandiant for Security Operations™:</b></div> <div style="text-align: justify;"> </div> <ul style="text-align: justify;"> <li>Investigators can open audits gathered in Mandiant for Intelligent Response (MIR) directly in Redline to quickly identify a malicious process and create an IOC based on the analysis. MIR can use this IOC to quickly sweep a <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> to identify all other systems running the same or similar malware.</li> <li>Mandiant for Security Operations users can open triage collections directly in Redline in order to perform in-depth <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> allowing the user to establish a timeline and the scope of an incident.</li> </ul> <b>Mandiant Redline 1.11</b> includes various changes to improve your user experience, and adds support for <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> 8 and 2012. A redesigned find panel remains open and offers users the ability to search and filter on a specific column. You can also filter lists by multiple tags at the same time and choose whether to include only items that do or do not have a comment. Finally, the Redline Collector now provides beta support for gathering Windows 2012 and Windows 8 data..<br /> <br /> <br /> <b>Supported Operating Systems:</b> Windows XP, Windows Vista, Windows 7, Windows 8 (32-bit and 64-bit)<br /> <br /> <h3> Tutorials ::</h3> <b>User Guide :: </b><a href="http://www.mandiant.com/library/Redline1.11_UserGuide.pdf">Mandiant Redline 1.11 (PDF)</a><br /> <b>Redline Blog :: </b><a href="https://www.mandiant.com/blog/tag/redline/" target="_blank">Mandiant Redline Blog </a><br /> <br /> <h3> Download ::</h3> <b>Windows :: </b><a href="https://www.mandiant.com/library/Redline-1.11.msi" target="_blank">Mandiant Redline v1.11</a><b><br /></b><br /> <b>Official Website ::</b> <a href="https://www.mandiant.com/resources/download/redline">https://www.mandiant.com/resources/download/redline</a>

Mandiant Redline (Memory and File Analysis) :: Tools

  Redline, Mandiant’s premier free tool, provides host investigative capabilities to users to find signs of malicious activity throug...

Read more »

Microsoft's Network Monitor (Capturing and Protocol Analysis of Network Traffic) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuFsGavVKjtg1dEaRPRUk32xdWIKamQW4Z316g0h_uszkMWNGQsKf4s1b6LprmWBYZ5WnOg38bBpcuJjEQQGQuK7HkywR3J1kJzcPIYR7FEZKbW1rI6kIMDrqpJjnmw7Kcbd8Aa_qiQehH/s1600/Microsoft+Network+Monitor+Sceenshot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Microsoft Network Monitor Screenshot" border="0" height="377" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuFsGavVKjtg1dEaRPRUk32xdWIKamQW4Z316g0h_uszkMWNGQsKf4s1b6LprmWBYZ5WnOg38bBpcuJjEQQGQuK7HkywR3J1kJzcPIYR7FEZKbW1rI6kIMDrqpJjnmw7Kcbd8Aa_qiQehH/s1600/Microsoft+Network+Monitor+Sceenshot.jpg" title="Microsoft Network Monitor Screenshot" width="640" /></a></div> <div style="text-align: justify;"> <b>Microsoft's Network Monitor</b> is a tools that allow <b>capturing and protocol analysis of network traffic</b>. Network Monitor 3 is a <a href="http://www.toolwar.com/search/label/Protocol" target="_blank">protocol analyzer</a>. It enables you to capture, to view, and to analyze <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> data. You can use it to help troubleshoot problems with applications on the network. This article contains download and support information, installation notes, and general usage information about Network Monitor 3. Network Monitor 3.4 is the latest version.</div> <div style="text-align: justify;"> <b>Network Monitor 3 </b> is a complete overhaul of the earlier Network Monitor 2.<var>x</var> version. Some key features of Network Monitor 3 include the following:</div> <ul style="text-align: justify;"> <li>Script-based parser model with frequent updates </li> <li>Concurrent live capture sessions</li> <li>Support for Windows 7</li> <li>Support for 32-bit platforms and for 64-bit platforms </li> <li>Support for network conversations and process tracking</li> <li> API to access capture and parsing engine</li> <li> <a href="http://www.toolwar.com/search/label/Wireless" target="_blank">Wireless</a> Monitor Mode Capturing</li> </ul> <div class="toggle-area" style="display: block; text-align: justify;"> <div class="system-requirements"> <div class="supported-os"> <b>Supported Operating System ::</b></div> <div itemprop="operatingSystems"> <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> 7, Windows 8, Windows Server 2003 Service Pack 2, Windows Server 2003 Service Pack 2 x64 Edition, Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 R2 for Itanium-based Systems, Windows Server 2012, Windows Vista 64-bit Editions Service Pack 1, Windows Vista Service Pack 1, Windows XP 64-bit, Windows XP Service Pack 3 </div> <ul class="htmldetails other-requirements"> Hardware :: <ul> <li>1 GHz or greater CPU</li> <li>1 GB or greater <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a></li> <li>60 MB free hard disk space plus extra room for capture files</li> </ul> </ul> </div> </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Installation Instruction :: </b> </div> <div style="text-align: justify;"> The Network <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">Monitor</a> core engine has been decoupled from the parser set. To install the full <b>Network Monitor 3.4</b> product: </div> <ul style="text-align: justify;"> <li>Run the setup.exe for the platform you are installing.</li> <li>You will be prompted first to install the core engine. Follow the installation directions. Make sure you close existing instances of netmon.exe, nmcap.exe and any running NMAPI applications.</li> <li>Next you will be prompted to install the parser package. Follow the installation directions:</li> </ul> <div style="text-align: justify;"> <b> To uninstall the full Network Monitor 3.4 product ::</b></div> <ul style="text-align: justify;"> <li>Go to Add/Remove Programs in Control Panel</li> <li>Uninstall both <b>Microsoft Network Monitor 3.4</b> and Microsoft Network Monitor: Network Monitor Parsers 3.4</li> </ul> <b>Network Monitor Blog ::</b> <a href="http://go.microsoft.com/fwlink/?LinkID=92890" target="_blank">Click Here</a><br /> <b>Network Monitor Blog ::</b> <a href="http://go.microsoft.com/fwlink/?LinkID=151800" target="_blank">Click Here</a><br /> <br /> <b>Video Tutorial :: </b> <a href="http://www.youtube.com/watch?v=jsShLK5bhoY" target="_blank">Click Here</a><br /> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: <a href="https://www.microsoft.com/en-in/download/details.aspx?id=4865" target="_blank">Network Monitor 3.4</a> (x86 & x64)</b><a href="http://www.microsoft.com/en-us/download/details.aspx?id=4865" target="_blank"></a></div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://www.microsoft.com/en-us/download/details.aspx?id=4865">http://www.microsoft.com/en-us/download/details.aspx?id=4865</a></div> <div style="text-align: justify;"> <br /></div> </div>

Microsoft's Network Monitor (Capturing and Protocol Analysis of Network Traffic) :: Tools

Microsoft's Network Monitor is a tools that allow capturing and protocol analysis of network traffic . Network Monitor 3 is a proto...

Read more »

WAIDPS (Wireless Auditing and IDS/IPS) :: Tools

<div class="MsoNormal" style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP2brw15uNZM6cni3F7-EtWQHYhj-0aNTw7yRP5neqqvJNHGdMiVN1N_0W3-Viquk330eFmeUtUUvL8svfYNwbfTIeN9EHznj0wezjqVUp-xF_BlO8Gs1EjB_PoXg6gp8JdoTV0ztUiuyz/s1600/WAIDPS.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="281" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP2brw15uNZM6cni3F7-EtWQHYhj-0aNTw7yRP5neqqvJNHGdMiVN1N_0W3-Viquk330eFmeUtUUvL8svfYNwbfTIeN9EHznj0wezjqVUp-xF_BlO8Gs1EjB_PoXg6gp8JdoTV0ztUiuyz/s1600/WAIDPS.png" width="400" /></a></div> <div class="separator" style="clear: both; text-align: center;"> </div> <span style="font-family: Arial;"><b>WAIDPS</b> (Wireless Auditing, Intrusion Detection and Prevention System) is an open source <b>wireless swissknife</b> written in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> and work on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> environment. This is a multipurpose tools designed for audit (<a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a>) networks, detect wireless intrusion (WEP/WPA/WPS attacks) and also intrusion prevention (stopping station from associating to access point). Apart from these, it will harvest all <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">WiFi</a> information in the surrounding and store in databases. This will be useful when it comes to auditing a <a href="http://www.toolwar.com/search/label/Network" target="_blank">network </a>if the access point is ‘MAC filtered’ or ‘hidden SSID’ and there isn’t any existing client at that moment. </span></div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;"><b>WAIDPS</b> may be useful to penetration testers, <a href="http://www.toolwar.com/search/label/Wireless" target="_blank">wireless</a> trainers, law enforcement agencies and those who is interested to know more about wireless auditing and protection. The primarily purpose for this script is to detect intrusion. Once wireless detect is found, it display on screen and also log to file on the attack. Additional features are added to current script where previous WIDS does not have are :</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">automatically save the attack packets into a file</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">interactive mode where users are allow to perform many functions</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">allow user to analyse captured packets</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">load previously saved pcap file or any other pcap file to be examine</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">customizing filters</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">customize detection threshold (sensitivity of IDS in detection)</span></div> <div class="MsoNormal" style="margin-left: 0.5in; text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">At present, <b>WAIDPS</b> is able to detect the following wireless attacks and will subsequently add other detection found in the previous WIDS.</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Association / Authentication flooding</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect mass deauthentication which may indicate a possible WPA attack for handshake </span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WEP attack using the ARP request replay method</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WEP attack using chopchop method</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detect possible WPS pin bruteforce attack by Reaver, Bully, etc.</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detection of Evil-Twin</span></div> <div class="MsoNormal" style="margin-left: 0.75in; text-align: justify; text-indent: -0.25in;"> <span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;">         </span></span><span style="font-family: Arial;">Detection of Rogue Access Point</span></div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">The whole structure of the <a href="http://www.toolwar.com/search/label/WiFi" target="_blank">Wireless Auditing</a>, <a href="http://www.toolwar.com/search/label/IDS" target="_blank">Intrusion Detection</a> & <a href="http://www.toolwar.com/search/label/IPS" target="_blank">Prevention System</a> will comprise of </span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">Harvesting WiFi Information         [Done]</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">Intrusion Detection                         [Done]</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">Intrusion Prevention                       [Done]</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">Auditing (Testing network)            [Done]</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">Other additional item include analyzing of packets, display of captured dump, display network barchart and much more.</span></div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> <b><span style="font-family: Arial;">Requirements</span></b></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">No special equipment is required to use this script as long as you have the following :</span></div> <div class="MsoNormal" style="text-align: justify;"> </div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   1. Root access (admin)</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">2. Wireless interface which is capable of monitoring and injection</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">3. Python 2.7 installed </span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">4. <a href="http://www.toolwar.com/2013/09/aircrack-ng-12-beta.html" target="_blank">Aircrack-NG suite</a>installed</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">5. TShark installed</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">6 TCPDump installed</span></div> <div class="MsoNormal" style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">7 Mergecap installed (for joining pcap files)</span></div> <div style="text-align: justify;"> <span style="font-family: Arial;">   </span><span style="font-family: Arial;">8 xterm  installed</span></div> <div style="text-align: justify;"> <div style="text-align: left;"> <br /></div> <div style="text-align: left;"> <b><span style="font-weight: normal;"><span style="font-family: Arial;"><b>Structure of WAIDS’ Display :: </b></span></span></b></div> <div class="MsoNormal"> <span style="font-family: Arial;">Before starting with the detail description of the whole application, WAIDPS display structures are separated in several parts. For better understanding, the structures are as below.</span></div> <div class="MsoNormal"> </div> <div class="MsoNormal"> <b><span style="font-family: Arial;">WiFi-Harvesting Module</span></b></div> <div class="MsoNormal"> <span style="font-family: Arial;">- Collecting/Storing of Access Points/Stations details and the relationship with each other. [<b>Access Points / Wireless Clients Listing</b>]</span></div> <span style="font-family: Arial;">- Displaying of unassociated station information and its probe </span></div> <div style="text-align: justify;"> <span style="font-family: Arial;">[<b>Unassociated Stations</b>]</span> <br /> <div class="MsoNormal"> <span style="font-family: Arial;">- Allowing user to enter MAC addresses / Names to be monitored </span></div> <div class="MsoNormal"> <span style="font-family: Arial;">[<b>Monitoring Panel</b>]</span></div> <span style="font-family: Arial;">- Association of stations to access point, station switch from one access point to another, station acting as both a wireless client and access point, etc </span></div> <div style="text-align: justify;"> <span style="font-family: Arial;">[<b>Association/Connection Alert</b>]</span> <br /> <div class="MsoNormal"> </div> <div class="MsoNormal"> <b><span style="font-family: Arial;">Intrusion Detection</span></b></div> <div class="MsoNormal"> <span style="font-family: Arial;">- Capture/Analyzing of packets </span></div> <div class="MsoNormal"> <span style="font-family: Arial;">- Displaying of Station/Access Point MAC addresses and detected suspicious data count [<b>Suspicious Activity Listing</b>]</span></div> <div class="MsoNormal"> <span style="font-family: Arial;">- Displaying of analysed WEP/WPA/WPS attack pattern and its detail [<b>Attack Detected</b>]</span></div> <div class="MsoNormal"> </div> </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Screenshots ::  </b><a href="http://syworks.blogspot.in/2014/04/waidps-wireless-auditing-intrusion.html" target="_blank">Click Here</a><br /> <b>Text & Image Tutorial :: </b><a href="http://syworks.blogspot.in/2014/04/waidps-wireless-auditing-intrusion.html" target="_blank">Click Here</a><br /> <b>Installation Tutorial::</b><br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/aGTQAWoeujA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <span id="goog_894600077"></span><span id="goog_894600078"></span> </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>More Video Tutorials: </b> <a href="https://www.youtube.com/watch?v=s7kzQqOY3X0&index=2&list=PLrekpjW7JwW-T0CeXP8GwudtJmTJ6KZ8O" target="_blank">Click Here</a></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="https://github.com/SYWorks/waidps/archive/master.zip" target="_blank">WAIDPS</a><b> (.py)</b></div> <div style="text-align: justify;"> <b>Source ::</b> <a href="https://github.com/SYWorks/waidps" target="_blank">https://github.com/SYWorks/waidps</a> </div> <div style="text-align: justify;"> <b>Submitted By :: </b>SYChua</div>

WAIDPS (Wireless Auditing and IDS/IPS) :: Tools

WAIDPS (Wireless Auditing, Intrusion Detection and Prevention System) is an open source wireless swissknife written in Python and wo...

Read more »

Detekt :: Malware Detection Tool against Government Surveillance

<div class="separator" style="clear: both; text-align: justify;"> <img alt="detekt" border="0" height="280" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhev1ECdbJcOGLhQL5rphVoj1Ux8wBh3wGbWoySuzKDc4CdDPi5_A0kU4YBambTUqKZPghRdvmePb2aFihp_n_8vHEbCjhc9MbMcXYyPKs6gK7h0tUCeqyuiR8ONVh-AS7WUIAu_Kv_yhaD/s1600/detekt-1d.png" title="Detekt" width="640" /></div> <div style="text-align: justify;"> <b>Detekt</b> is a <b>free tool</b> that scans your <b>Windows computer for traces of known surveillance spyware</b> used to target and monitor human rights defenders and journalists around the world. It is important to underline that if <b>Detekt </b>does not find trace of spyware on a computer, it does not necessarily mean that none is present. Some spyware will likely be updated in response to the release of <b>Detekt </b>in order to avoid detection. In addition, there may be existing versions of spyware, from these or other providers, which are not detected by this tool.</div> <div style="text-align: justify;"> In recent years we have witnessed a huge growth in the adoption and trade in communication surveillance technologies. Such spyware provides the ability to read personal emails, listen-in skype conversations or even remotely turn on a computers camera and microphone without its owner knowing about it.</div> <div style="text-align: justify;"> Some of this software is widely available on the Internet, while some more sophisticated alternatives are made and sold by private companies based in industrialized countries to state law enforcement and intelligence agencies in countries across the world.</div> <div style="text-align: justify;"> There is little to no regulation currently in place to safeguard against these technologies being sold or used by repressive governments or others who are likely to use them for serious human rights violations and abuses.</div> <div style="text-align: justify;"> <strong>How widely do governments use surveillance technology?</strong></div> <div style="text-align: justify;"> Governments are increasingly using surveillance technology, and targeted surveillance in particular, to monitor the legitimate activities of human rights activists and journalists. <span>Powerful software developed by companies allows governments and intelligence agencies to read personal emails, listen-in on Skype conversations or even remotely turn on a computers camera and microphone without its owner knowing about it.</span></div> <div style="text-align: justify;"> <span>In many cases, the information they gather through those means is used to detain, imprison and even torture activists into confessing to crimes. It's impossible, however, to give an accurate estimate of how many people are affected by this surveillance spyware. This is because the companies that build and sell such software market themselves on their ability to hide it from users. Recent research has shown that known spyware has been found present in dozens of countries, covering all regions of the world. <b>Detekt</b> is the first public tool that will assist activists, journalists and civil society groups to scan their computers for spyware.</span></div> <h3 style="text-align: justify;"> <span>Download:  </span></h3> <div style="text-align: justify;"> <b><span>Windows:: </span></b><span><a href="https://github.com/botherder/detekt/releases/download/v1.2/detekt.exe" target="_blank">Detekt v1.2</a> (.exe)</span></div> <div style="text-align: justify;"> <span><b>Source Code:: </b>https://github.com/botherder/detekt/archive/v1.2.zip<b> </b></span></div> <div style="text-align: justify;"> <span><b>Official Website::</b> https://resistsurveillance.org/</span></div>

Detekt :: Malware Detection Tool against Government Surveillance

Detekt is a free tool that scans your Windows computer for traces of known surveillance spyware used to target and monitor human righ...

Read more »

NoGoToFail :: Network Traffic Security Testing Tool

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrZyKNhyphenhyphenNN1-cYypGXqoLUErO5y7F-od5ou1fO4m9ViAXljsDDnINyDGBvdk1SGRfYbZnVDNBvg_-b7pOI4JTOSKEGfSxfYai6pY0-f5hP_4TTJuvyLdgBbo3Ef4pUS5ylCqFhZZx2SvwW/s1600/NoGotofail+toolwar.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="272" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrZyKNhyphenhyphenNN1-cYypGXqoLUErO5y7F-od5ou1fO4m9ViAXljsDDnINyDGBvdk1SGRfYbZnVDNBvg_-b7pOI4JTOSKEGfSxfYai6pY0-f5hP_4TTJuvyLdgBbo3Ef4pUS5ylCqFhZZx2SvwW/s1600/NoGotofail+toolwar.jpg" width="640" /></a></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Nogotofail</b> is a <b>network security testing tool</b> designed to help developers and <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.</div> <div style="text-align: justify;"> <b>Google</b> is committed to increasing the use of TLS/SSL in all applications and services. But “HTTPS everywhere” is not enough; it also needs to be used correctly. Most platforms and devices have secure defaults, but some applications and libraries override the defaults for the worse, and in some instances we’ve seen platforms make mistakes as well. As applications get more complex, connect to more services, and use more third party libraries, it becomes easier to introduce these types of mistakes.<br />The Android Security Team has built a tool, called <b>nogotofail</b>, that provides an easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations. <b>Nogotofail</b> works for <a href="http://www.toolwar.com/search/label/Android" target="_blank">Android</a>, iOS, <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, Chrome OS, OSX, in fact any device you use to connect to the Internet. There’s an easy-to-use client to configure the settings and get notifications on Android and Linux, as well as the attack engine itself which can be deployed as a router, VPN server, or proxy.<br />We’ve been using this tool ourselves for some time and have worked with many developers to improve the security of their apps. But we want the use of TLS/SSL to advance as quickly as possible. Today, we’re releasing it as an open source project, so anyone can test their applications, contribute new features, provide support for more platforms, and help improve the security of the Internet.</div> <h3 style="text-align: justify;"> <b>Download ::</b></h3> <div style="text-align: justify;"> <b>Python:</b> <a href="https://github.com/google/nogotofail/archive/dev.zip" target="_blank">nogotofail</a> (Github)</div> <div style="text-align: justify;"> <b>Official Website:</b> https://github.com/google/nogotofail</div>

NoGoToFail :: Network Traffic Security Testing Tool

Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connect...

Read more »

The Sleuth Kit (TSK - Forensics) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;">  <img alt="the sleuth kit logo" border="0" height="166" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPBlwuWRltXOU2hEze6gjFS1OxwMM7HIYQuU4ElDgNsV8TmyWm9VYKauKsZbzStobxPbL4KSrUSqGxKXIYhNU4IluquGMQPe90Q6zRuGBMq_N92DQ2PK4G6lfCg8iLWGVDyVT8B8THFPHd/s1600/the+sleuth+kit+logo.gif" title="the sleuth kit logo" width="200" /></div> <b>The Sleuth Kit</b> is a C++ library and collection of open source file system <a href="http://www.toolwar.com/search/label/Forensics" target="_blank"><b>forensics tools</b></a> that allow you to, among other things, view allocated and deleted data from NTFS, FAT, FFS, EXT2, Ext3, HFS+, and ISO9660 images. <br /> <b>The Sleuth Kit® (TSK)</b> is a library and collection of command line <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> that allow you to investigate disk images. The core functionality of <b>TSK</b> allows you to <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analyze</a> volume and file system data. The plug-in <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> allows you to incorporate additional modules to analyze file contents and build automated systems. The library can be incorporated into larger digital forensics tools and the <a href="http://www.toolwar.com/search/label/CLI" target="_blank">command line</a> tools can be directly used to find evidence. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> There are three different packages for each <b>The Sleuth Kit® (TSK) </b>release.</div> <ul style="text-align: justify;"> <li><b>sleuthkit-X.X.X.tar.gz</b>: This is the source code release of TSK core and framework that you must compile on your computer. This is most commonly used on non-<a href="http://www.toolwar.com/search/label/Windows" target="_blank">windows</a> systems.</li> <li><b>sleuthkit-X.X.X-win32.zip</b>: This is the compiled windows release of TSK core. This has executables and libraries that allow you to run this on windows.</li> <li><b>sleuthkit-X.X.X-framework-win32.zip</b>: This is the compiled windows release of the framework. It has the tsk_analyzeimg program that allows you to run the framework on a disk image.</li> </ul> <div style="text-align: justify;"> <br /></div> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/YybBQycLL9w?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/3ieolkMJxJk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> <b>Windows (x86) :: </b><a class="name" href="http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.2/sleuthkit-4.1.2-win32.zip/download" title="Click to download sleuthkit-4.1.2-win32.zip">Sleuthkit-4.1.2-win32.zip</a> | <a class="name" href="http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.2/sleuthkit-4.1.2-framework-win32.zip/download" title="Click to download sleuthkit-4.1.2-framework-win32.zip">Sleuthkit-4.1.2-framework-win32.zip</a> <b> </b><br /> <b>Linux :: </b><a class="name" href="http://sourceforge.net/projects/sleuthkit/files/sleuthkit/4.1.2/sleuthkit-4.1.2.tar.gz/download" title="Click to download sleuthkit-4.1.2.tar.gz">Sleuthkit-4.1.2.tar.gz</a> <br /> <b>Official Website :: </b> <a href="http://www.sleuthkit.org/sleuthkit/">http://www.sleuthkit.org/sleuthkit/</a>

The Sleuth Kit (TSK - Forensics) :: Framework

  The Sleuth Kit is a C++ library and collection of open source file system forensics tools that allow you to, among other things, vie...

Read more »

DriveCrypt (Disk Encryption) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJG1cJGABe9up2Ykue6hyZD7gWDJwSIxIEt8NeFLzGON-W0RfSsZEyBnePNOIAohuBuGfUEy9DwcvZLs_u7ZwvBxLWlSStcVz4Ew7DqEz1pzfA34LzP_7M-ZJWaPTX-ELgYeVKUfJfQ7HA/s1600/DeviceCrypt+Image.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="DeviceCrypt Image" border="0" height="291" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJG1cJGABe9up2Ykue6hyZD7gWDJwSIxIEt8NeFLzGON-W0RfSsZEyBnePNOIAohuBuGfUEy9DwcvZLs_u7ZwvBxLWlSStcVz4Ew7DqEz1pzfA34LzP_7M-ZJWaPTX-ELgYeVKUfJfQ7HA/s1600/DeviceCrypt+Image.jpg" title="DeviceCrypt Image" width="320" /></a></div> <div style="text-align: justify;"> <span class="style_5"><b>DRIVECRYPT</b> <i> securely and easily protects all proprietary data</i> on notebooks and desktop computers 100% of the time without users having to think about <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a>. Any organization, from a small company to a large international firm with thousands of users in the field, can effectively protect business plans, client lists, product specifications, confidential corporate memos, stock information, and much more with this <b>disk <a href="http://www.toolwar.com/search/label/Encryption" target="_blank">encryption</a></b> product.</span><br /> <table border="0" cellpadding="0" cellspacing="1" style="height: 269px; width: 100%px;"><tbody> <tr><td><br /> <div class="style_5" style="text-align: justify;"> <span class="style_title_3">With its Traveller modus functionality, <b>DriveCrypt</b> is the ideal solution to encrypt <a href="http://www.toolwar.com/search/label/USB" target="_blank">USB</a> disks and Pen drives without needing to install the software on the computer.</span></div> <div class="style_title_3"> <br /> <span class="style_title_1"><b> How DriveCrypt`s On-the-fly Encryption Works ::</b><br /> </span></div> <div class="style_5"> <br /></div> <div style="text-align: justify;"> <span class="style_5"> As data is read from the hard disk, <b>DeviceCrypt</b> automatically decrypts the data before it is loaded into <a href="http://www.toolwar.com/search/label/Memory" target="_blank">memory</a>. When data is written back to the hard disk, it is automatically re-encrypted. The disk encryption/ decryption process is completely transparent to the user or any application program -the data is caught "on the fly" as it transfers back and forth between the hard disk and memory. Consequently, users don't need to remember to decrypt or re-encrypt their data, or change the normal operation of the PC. In addition, only individual files are decrypted at any one time, not the whole hard disk.</span></div> </td> <td align="center" valign="top"><div style="text-align: center;"> <br /></div> <div class="style_5" style="text-align: center;"> <br /></div> </td> </tr> </tbody> </table> <h3> <span class="style_title_1"><b>DriveCrypt Key Features ::</b></span></h3> <h3> <span class="style_title_1"> </span></h3> <div class="style_5"> <span class="style_5"><b> 1. Strong Cryptography ::</b><br /> </span></div> <div class="style_5" style="text-align: justify;"> <span class="style_5">1344 Bit Military Strength <b>disk encryption</b> using the best and most proven <a href="http://www.toolwar.com/search/label/Cryptography" target="_blank">cryptography</a> algorithms such as AES, Blowfish, Tea 16, Tea 32, Des, Triple Des, Misty 1 and Square. <br /> </span><br /> <b> 2. Easy to Install, Deploy & Use ::<br /> </b></div> <div class="style_5" style="text-align: justify;"> <span class="style_5"><b>DeviceCrypt</b> data encryption software requires minimal administration and user training. <b>Disk encryption</b> is completely transparent, requiring no change in the way users work with the computer.</span></div> <div class="style_5"> <span class="style_5"> </span><span class="style_title_1"></span><span class="style_5"><br /> <b> 3. Maximize Your Security, Minimize Your Risk </b>::<br /> </span></div> <div class="style_5" style="text-align: justify;"> <b><span class="style_5"> </span></b><span class="style_5">DRIVECRYPT protects your data with very fast and a true "on the fly" disk encryption process. Other products that claim to be "on the fly" decrypt an entire file and load it into memory, creating significant security risks. <b>DriveCrypt</b> </span><span class="style_5">file encryption software</span><span class="style_5"> is smarter and more secure because it decrypts only the specific portion of a file that is in use. Unprotected data never resides on a DriveCrypt encrypted hard drive. </span><b><span class="style_5"><br /> </span></b><span class="style_5"><br /> </span></div> <span class="style_5"></span><span class="style_5"><b>4. Disk Partition and file volume encryption :: </b>(Partition encryption with DriveCrypt standard edition only) <br /> </span> <br /> <div class="style_5" style="text-align: justify;"> <span class="style_5">DRIVECRYPT allows both, the encryption of an entire Hard Disk partition, as well as the creation of a <a href="http://www.toolwar.com/search/label/Virtual" target="_blank">virtual</a> container file that will store all the encrypted information.</span></div> <div class="style_5" style="text-align: justify;"> <br /></div> <div class="style_5" style="text-align: justify;"> <span class="style_5"><b>5. Invisible Containers :: </b>(DriveCrypt standard edition only)<br /> The <b>DriveCrypt</b> Standard edition has the ability to create an INVISIBLE disk INSIDE a container or partition. This way you define two <a href="http://www.toolwar.com/search/label/Password" target="_blank">passwords</a> for a container. The invisible disks password gives you access to your working disk, which is hidden in the unused area of your "outer" disk, while another password gives you access to the pre-setup <b> DriveCrypt </b>volume in which you only store data that you would want others to believe is the only data in the container or partition. This is very useful in cases where an aggressor may force you to reveal the DriveCrypt disk's password: By revealing the password of the first or "outer" disk, the aggressor will ONLY see the "prepared data": IE data you put in there, before creating the hidden disk, while he will not be able to see or get evidence that there is another invisible container that securely stores confidential data on the disk. <br /> </span><span class="style_5"><br /> <b> 6. Hide data into music files </b></span><span class="style_5">::<br /> Using special so called "Steganographic" functionalities, DRIVECRYPT allows you to hide all your sensitive information into music files. Just authorized users will be able to access secret information, anyone else will only find harmless music on the computer… <br /> </span></div> <span class="style_5"><b>7. Easily encrypts Pen-Drives and USB disks on a container or partition level. </b>::<br /> </span> <br /> <div style="text-align: justify;"> <span class="style_5">With the HOT Disk option, DriveCrypt can also optionally automatically request the users authentication data as soon as the USB device is inserted. When the USB disk is removed from the computer, all the data are automatically inaccessible to unauthorized persons.</span></div> <span class="style_5"><br /> <b> 8. Improved Password Security ::</b><br /> DRIVECRYPT allows administrators to configure several password settings: <br /> - Master Password Settings <br /> - Restricted second user Passwords <br /> - Second user Password Expiration <br /> - Console Lock-Out Password <br /> </span><span class="style_5"><br /> </span><span class="style_5"><b> 9. Password Sniffing Protection</b></span> ::<br /> <span class="style_5"></span><br /> <div style="text-align: justify;"> <span class="style_5"> DRIVECRYPT integrates special functionalities that prevent passwords from being sniffed by Hackers or Trojan horses such as Back Orifice, SubSeven etc...</span></div> <span class="style_5"><br /> </span><span class="style_5"><b> 10. No-Evidence Encryption </b>::<br /> </span> <br /> <div style="text-align: justify;"> <span class="style_5">DRIVECRYPT container files do not have any file header that indicates it is a DriveCrypt encrypted file. Therefore, without knowing the right passphrase, it is impossible to prove that a large container file on the computer is a DriveCrypt virtual disk container.</span></div> <span class="style_title_1"></span><span class="style_title_1"></span><span class="style_5"><br /> <b> 11. Administrator Password Control (keyfiles) ::</b><br /> DRIVECRYPT allows system Administrators to assign different passwords to different users. <br /> </span><span class="style_title_1"></span><span class="style_5"><br /> </span><span class="style_5"><b> 12. Anti Dictionary or Brute Force Attack mechanism </b></span>::<br /> <div style="text-align: justify;"> <span class="style_5">DRIVECRYPT makes Dictionary or Brute Force attacks against encrypted volumes much harder than any of the actual competitor products by dramatically slowing down these processes.</span></div> <span class="style_title_1"></span><span class="style_5"><br /> <b> 13. Easy and fast hotkey control </b>::<br /> DRIVECRYPT allows the most used commands like mount or dismount encrypted volumes… to be rapidly accessed trough Hotkeys and/or the toolbar. <br /> </span><span class="style_title_1"><span class="style_5"></span></span><span class="style_title_1"><span class="style_5"></span></span><span class="style_5"><br /> <b> 14. Second User Access </b>::<br /> DRIVECRYPT allows the creation of a master password, as well as different lower rights second user passwords (keyfiles). <br /> </span><span class="style_title_1"></span><span class="style_title_1"></span><span class="style_5"><br /> </span><span class="style_5"><b> 15. Forgotten user password recovery </b>::<br /> </span> <br /> <div style="text-align: justify;"> <span class="style_5">DRIVECRYPT allows administrators using the master password, to access an encrypted disk even if the user has forgotten his user password. This ensures that a company can restore a user password if forgotten. DriveCrypt prevents loss of valuable data from user's workstations and notebooks by allowing three methods of encrypted data access: the Master Password, the user password (keyfile) and/or hardware device access such as optional fingerprint-/Smartcard Readers or USB Token devices.</span></div> <span class="style_title_1"></span><span class="style_title_1"></span><span class="style_5"><br /> </span><span class="style_5"><b> 16. Eliminate the Danger Of Unattended Computers ::</b><br /> </span> <br /> <div style="text-align: justify;"> <span class="style_5">DRIVECRYPT provides an automatic and/or manual lock-out feature that locks out the user's console and displays a password-protected screen saver. This lock-out functionality can be activated manually or automatically after a specified period of computer inactivity. The computer remains secure even when left unattended. To restore the screen and unlock the keyboard, the password for the current user or Master Password must be entered.</span></div> <span class="style_title_1"></span><span class="style_title_1"></span><span class="style_5"><br /> <b> 17. Secure Disk Deletion (Disk Wiping) ::</b><br /> DRIVECRYPT allows you to wipe the free space on a disk. This ensures that deleted files will never be recovered by special disk tools. <br /> </span><span class="style_title_1"></span><span class="style_5"><br /> </span><span class="style_5"><b> 18. Encrypted Volume Resizing (DriveCrypt Standard edition) ::</b><br /> </span> <br /> <div style="text-align: justify;"> <span class="style_5">An Encrypted Volume may, with time, become too small or too big, for the amount of data it has to contain. Therefore, DriveCrypt offers you a Volume-Resize functionality. This will allow you to easily adapt a volume to your needs at any time, and optimise the Hard Disk space.</span></div> <span class="style_title_1"> </span><span class="style_5"><br /> <b> 19. External Hardware Support ::</b><br /> DRIVECRYPT supports optional external hardware devices such as: Fingerprint and Smartcard reader, as well as USB token. <br /> </span><span class="style_title_1"></span><span class="style_5"><br /> </span><span class="style_5"><b>20. Works on any Storage Medium </b>::<br /> </span> <br /> <div style="text-align: justify;"> <span class="style_5">DRIVECRYPT works on any kind of Hard Disk, and removable medium such as Floppy-, Zip-, Jazz-, Sygate-, CD-Rom, DVD- Drives etc… and manages up to 16 TERABITE of encrypted data (Standard edition) or 4 GB (Home Edition)</span></div> <span class="style_title_1"></span><span class="style_title_1"></span><span class="style_title_1"></span><span class="style_5"><br /> </span><span class="style_5"><b> 21. Installation is Easy and Safe ::</b><br /> </span> <br /> <div style="text-align: justify;"> <span class="style_5">The installation is easy and fast. During installation, the administrator simply selects the drives to be encrypted, the encryption method he would like to use and the master password. DRIVECRYPT will then make the rest and crypt the selected disks.</span></div> <span class="style_title_1"></span><span class="style_title_1"></span><span class="style_5"><br /> </span><span class="style_5"><b> 22. Encrypted Data is Easily Recovered ::</b><br /> </span> <br /> <div style="text-align: justify;"> <span class="style_5">If a user leaves the organization, the encrypted data on the PC is easily recovered and restored to a decrypted state by the administrator using the Master Password or the Local Administrator Password.</span></div> <span class="style_title_1"><span class="style_5"></span></span><span class="style_title_1"></span><span class="style_title_1"><span class="style_5"></span></span><span class="style_5"><br /> <b> 23. No Backdoors present ::</b><br /> </span> <br /> <div style="text-align: justify;"> <span class="style_5"> DriveCrypt does NOT include any backdoor. Encrypted data are only accessible by the legitimate users. Neither the vendor nor any other entities are able to break DriveCrypt <b>disk encryption</b>. <br /> </span><span class="style_5"></span></div> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <h3> <span class="style_5">Download ::</span></h3> </div> <div style="text-align: justify;"> <b><span class="style_5">Windows :: </span></b><span class="style_5"><a href="http://www.securstar.com/downloads.php?option=download" target="_blank">DeviceCrypt (30 Days Trial)</a> | Windows 7 & Windows 8 Compatible</span><b><span class="style_5"> </span></b></div> <div style="text-align: justify;"> <b><span class="style_5">Price :: </span></b><span class="style_5">82$</span><b><span class="style_5"><br /></span></b></div> <div style="text-align: justify;"> <span class="style_5"><b>Official Website :: </b><a href="http://www.securstar.com/products_drivecrypt.php">http://www.securstar.com/products_drivecrypt.php</a> </span></div>

DriveCrypt (Disk Encryption) :: Tools

DRIVECRYPT securely and easily protects all proprietary data on notebooks and desktop computers 100% of the time without users having...

Read more »

NIELD (Network Forensics) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Network Forensics" border="0" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiv5UkdWZtYhJYA6juKwBWqbScPIAPAkUhoLvGVeVrnlB4umNPTnorlKGSInBzLSy5Faqe9YyG7bXA-bWiHYnBzqN5Tu9v9dATd-eeiHXBlHWrgZjE8-jsyhz7TnGf6q93Y-6Tm_4WPr1RJ/s400/Network+Forensics.jpg" title="Network Forensics" width="400" /></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>NIELD (Network Interface Events Logging Daemon)</b> is a tool that receives notifications from the kernel through the netlink socket, and generates logs related to interfaces, neighbor cache(ARP,NDP), IP address(IPv4,IPv6), routing, FIB rules, traffic control.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Installation :: </b><a href="http://nield.sourceforge.net/install.html" target="_blank">Click Here </a></div> <div style="text-align: justify;"> <b>Help :: </b><a href="http://nield.sourceforge.net/man.html" target="_blank">Click Here</a> </div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://sourceforge.net/projects/nield/files/nield-0.4.0/nield-0.4.0.tar.gz/download" target="_blank">NIELD 0.4.0 (.tar.gz)</a></div> <div style="text-align: justify;"> <b>Source :: </b><a href="http://nield.sourceforge.net/index.html">http://nield.sourceforge.net/index.html</a></div>

NIELD (Network Forensics) :: Tools

NIELD (Network Interface Events Logging Daemon) is a tool that receives notifications from the kernel through the netlink socket, and...

Read more »