ToolWar | Information Security (InfoSec) Tools: Unix

Mobile Security Framework (MobSF) : Framework

<div class="separator" style="clear: both; text-align: center;">
<img alt="Mobile Security Framework : ToolWar" border="0" height="232" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg92QuRFrhtVqI-D5Nzc-bu8_p0vvCirYl6qqK45JFNtlLSChwXklrMauZ_BLYvAZfq7H7ml0YTzaijl0GfbktnY_-sHW34h8B1tteqowCXjg_ELksZixDcb5Ff1B0JPxCVUTK9mYO9iNhL/s400-rw/MobSF.png" title="Mobile Security Framework : ToolWar" width="400" /></div>
<div style="text-align: justify;">
<b>Mobile Security Framework (MobSF)</b> is an intelligent, all-in-one open 
source mobile application (Android/iOS) automated pen-testing framework 
capable of performing static and dynamic analysis. It can be used for 
effective and fast security analysis of Android and iOS Applications and
 supports both binaries (APK & IPA) and zipped source code.<b> MobSF</b> 
can also perform Web API Security testing with it's API Fuzzer that can 
do Information Gathering, analyze Security Headers, identify Mobile API 
specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other
 logical issues related to Session and API Rate Limiting.</div>
<div style="text-align: justify;">
<br /></div>
<h3>
Tutorial: </h3>
<ul>
<li><a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/wiki/1.-Documentation">https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/wiki/1.-Documentation</a></li>
</ul>
<h3>
Video Tutorial: </h3>
<h3>
Download: <strong> </strong></h3>
<strong>Windows</strong>: Extract the <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to C:\MobSF<strong> </strong><br />
<strong>Mac</strong>: Extract <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to /Users/[username]/MobSF<strong> </strong><br />
<strong>Linux</strong>: Extract <a href="https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/archive/master.zip" target="_blank">MobSF</a> compressed file to /home/[username]/MobSF<br />
<br />
<div style="text-align: justify;">
<br /></div>

Mobile Security Framework (MobSF) : Framework

Mobile Security Framework (MobSF) is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing fram...

EtherApe (Graphical Network Monitor) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9-e6IMfm4L4BPvg8xBw_1z3S4tjBYqsZ0F40EyiJ_0oUmUbu8GJcn7a0xXie8ubZmErEnq-syvMbFgasiJG8trgldY0-0DMZs6LaVP-hTmlN6qvezeaFjLZzXZnbZt-F_d9hXYuUH-VN-/s1600/etherape_intro2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="etherape screenshot" border="0" height="246" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9-e6IMfm4L4BPvg8xBw_1z3S4tjBYqsZ0F40EyiJ_0oUmUbu8GJcn7a0xXie8ubZmErEnq-syvMbFgasiJG8trgldY0-0DMZs6LaVP-hTmlN6qvezeaFjLZzXZnbZt-F_d9hXYuUH-VN-/s1600-rw/etherape_intro2.png" title="etherape screenshot" width="400" /></a></div>
<b>EtherApe</b> is a <b>graphical network monitor for Unix</b> modeled after <i>etherman</i>. Featuring link layer, IP and TCP modes, it displays <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> activity graphically. Hosts and links change in size with traffic. Color coded <a href="http://www.toolwar.com/search/label/Protocol" target="_blank">protocols</a> display.<br />
It supports Ethernet, FDDI, Token Ring, ISDN, PPP, SLIP and WLAN devices, plus several  encapsulation formats.  It can filter traffic to be shown, and can read <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packets</a> from a file as well as live from the network. Node statistics can be exported.</div>
<div style="text-align: justify;">
<b>As of version 0.9.13, EtherApe as these features, in no particular order:
      </b><br />
<ul>
<li><span style="background-color: white;">Network traffic is displayed graphically. The more
"talkative" a node is, the bigger its representation. </span></li>
<li><span style="background-color: white;">Node and link color shows the most used protocol. </span></li>
<li><span style="background-color: white;">User may select what level of the protocol stack to
concentrate on. </span></li>
<li><span style="background-color: white;">You may either look at traffic within your network,
end to end IP, or even port to port TCP. </span></li>
<li><span style="background-color: white;">Data can be captured "off the wire" from a live
network connection, or read from a tcpdump capture file. </span></li>
<li><span style="background-color: white;">Live data can be read from ethernet, FDDI, PPP, SLIP and WLAN interfaces, 
        plus several other incapsulated formats (e.g. Linux cooked, PPI).</span></li>
<li><span style="background-color: white;">The following frame and packet types are currently
supported: ETH_II, 802.2, 803.3, IP, IPv6, ARP, X25L3, REVARP, ATALK,
AARP, IPX, VINES, TRAIN, LOOP, VLAN, ICMP, IGMP, GGP, IPIP, TCP, EGP,
PUP, UDP, IDP, TP, ROUTING, RSVP, GRE, ESP, AH, EON,
VINES, EIGRP, OSPF, ENCAP, PIM, IPCOMP, VRRP; and most TCP and UDP
services, like TELNET, FTP, HTTP, POP3, NNTP, NETBIOS, IRC, DOMAIN,
SNMP, etc. </span></li>
<li><span style="background-color: white;">Data display can be refined using a network filter using pcap syntax.</span></li>
<li><span style="background-color: white;">Display averaging and node persistence times are
fully configurable. </span></li>
<li><span style="background-color: white;">Name resolution is done using standard libc
functions, thus supporting DNS, hosts file, etc. </span></li>
<li><span style="background-color: white;">Clicking on a node/link opens a detail
dialog showing protocol breakdown and other traffic
statistics. </span></li>
<li><span style="background-color: white;">Protocol summary dialog shows global traffic
statistics by protocol.</span></li>
<li><span style="background-color: white;">Node summary dialog shows traffic
statistics by node.</span></li>
<li><span style="background-color: white;">Node statistics export to XML file.</span></li>
<li><span style="background-color: white;">A single node can be centered on the display.</span></li>
<li><span style="background-color: white;">Scrollkeeper/rarian-compatible manual integrated with yelp.</span></li>
</ul>
</div>
<h3 style="text-align: justify;">
Tutorial ::</h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/3S95lWky9CU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a href="http://sourceforge.net/projects/etherape/files/latest/download?source=files" target="_blank">Etherape v0.9.11</a> (.tar.gz)</div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://etherape.sourceforge.net/">http://etherape.sourceforge.net/</a></div>

EtherApe (Graphical Network Monitor) :: Tools

EtherApe is a graphical network monitor for Unix modeled after etherman . Featuring link layer, IP and TCP modes, it displays network ...

Scalpel (Data Carving / Forensics) :: Tools

<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<img alt="Scalpel File Carving" border="0" height="401" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3VpA7fvHWtvtTu1En4hyKfrQQ-P789lCCdh2-IYD099ppsXp5Vhruf9DLfp_3pcxvEU9irpL6sjH0wpQQua8wSJVqplQItpzc4tlOPDG__ydIAUTBDybUKBMBHnVX60mxAi3pbZ0zZSJD/s1600-rw/Scalpel+Forensics.jpg" title="Scalpel File Carving" width="640" /></div>
<br />
<b>Scalpel</b> is a <b>file carving and indexing application</b> that runs on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> and <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>.  The first version of <b>Scalpel</b>, released in 2005, was based on <a href="http://www.toolwar.com/2013/11/foremost-tools.html" target="_blank">Foremost</a> 0.69. There have been a number of internal releases since the last public release, 1.60, primarily to support our own research.  The newest public release v2.0, has a number of additional features, including:<br />
<ul>
<li>Minimum carve sizes.</li>
<li>Multithreading for quicker execution on multicore CPUs.</li>
<li>Asynchronous I/O that allows disk operations to overlap with pattern matching--this results in a substantial performance improvement.</li>
<li>Regular expression support for headers/footers.</li>
<li>Embedded header/footer matching for better processing of structured file types that may contain embedded files.</li>
<li>For advanced users, support for massively-threaded execution on Graphics Processing Units (GPUs).  This feature is available only on Linux and requires installation of the NVIDIA CUDA SDK, modification of scalpel.h to enable the GPU threading mode, and compilation with the CUDA toolchain.  Our implementation also requires an NVIDIA GPU with compute capability >= 1.2, so older CUDA-capable cards probably won't work.  The NVIDIA GTX 260 is relatively inexpensive and powerful and has the appropriate compute capability.  The GPU-enhanced version of Scalpel is able to do preview carving at rates that exceed the disk bandwidth of most file servers, so for big jobs, it may be worth the extra effort required to use this feature.  Note that regular expression-based headers and footers are NOT currently supported when GPU acceleration is in use!  We might address this in a future release.</li>
</ul>
<br />
<b>Scalpel</b> performs <a href="http://www.toolwar.com/search/label/Carving" target="_blank">file carving</a> operations based on patterns that describe particular file or data fragment "types".  These patterns may be based on either fixed binary strings or regular expressions. A number of default patterns are included in the configuration file included in the distribution, <b>"scalpel.conf"</b>.  The comments in the configuration file explain the format of the file carving patterns supported by <b>Scalpel</b>.<br />
<br />
Important note: The default configuration file, "scalpel.conf", has all supported file patterns commented out--you must edit this file before running Scalpel to activate some patterns.  Resist the urge to simply uncomment all file carving patterns; this wastes time and will generate a huge number of false positives.  Instead, uncomment only the patterns for the file types you need.<br />
<br />
<b>Scalpel </b>options are described in the <b>Scalpel</b> man page, "scalpel.1". You may also execute Scalpel w/o any <a href="http://www.toolwar.com/search/label/CLI" target="_blank">command line</a> arguments to see a list of options.<br />
<br />
NOTE: Compilation is necessary on Unix platforms and on <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X</a>.  For Windows platforms, a precompiled scalpel.exe is provided.  If you do wish to recompile <b>Scalpel</b> on Windows, you'll need a mingw (gcc) setup. Scalpel will not compile using Visual Studio C compilers.  Note that our compilation environment for <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> is currently 32-bit; we haven't tested on the 64-bit version of mingw, but will address this int the future.<br />
<br />
<b>Other Supportive Platforms :: </b></div>
<div style="text-align: justify;">
<br />
We are not currently supporting <b>Scalpel</b> on <a href="http://www.toolwar.com/search/label/Unix" target="_blank">Unix</a> variants other than Linux. Go ahead and try a ./configure and make and see what happens, but be sure to do thorough testing before using <b>Scalpel</b> in production work.  If you are interested in supporting a version of <b>Scalpel </b>on an alternate platforms, please contact us.  If you are interested in supporting a GPU-enhanced version of Scalpel on Windows, we are also interesting in hearing from you.<br />
<br />
<b>Limitations ::</b> <br />
<br />
Carving Windows physical and logical device files (e.g., \\.\physicaldrive0 or \\.\c:) isn't currently supported because it requires us to rewrite some portions of <b>Scalpel </b>to use Windows file I/O functions rather than standard Unix calls.  This may be supported in a future release.<br />
<br />
Block map features are currently disabled, as we are rewriting this subsystem to enhance interoperability with the <a href="http://www.toolwar.com/2014/01/the-sleuth-kit-tsk-forensics-framework.html" target="_blank">Sleuthkit</a>.  An improved version of the block map features will return in a subsequent release. The -s command line option ("skip") has been removed and will be replaced with a more robust facility in the next major release.<br />
<br />
<br />
<b>Dependencies ::</b><br />
<br />
Scalpel uses the POSIX threads library.  On Win32, Scalpel is distributed with the Pthreads-win32 - POSIX Threads Library for Win32, which is Copyright(C) 1998 John E. Bossom and Copyright(C) 1999,2005 by Pthreads-win32 contributors.  This library is licensed under the LGPL.<br />
<br />
Scalpel for Win32 uses the tre regular expression library and is distributed with tre-0.7.5, which is licensed under the LGPL.</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<h3>
Tutorials :: </h3>
<b>COMPILE INSTRUCTIONS ON SUPPORTED PLATFORMS :: </b><br />
<b>Linux/Mac OS X ::</b> <br />
<div style="text-align: justify;">
<span style="font-family: "Courier New",Courier,monospace;">./configure and then make</span><br />
<br />
<b>Windows :: </b> </div>
cd to src directory and then:<br />
<span style="font-family: "Courier New",Courier,monospace;">mingw32-make -f Makefile.win</span><br />
<br />
and  enjoy.  If you want to install the binary and man page in a more  permanent place, just copy "scalpel" (or "scalpel.exe") and "scalpel.1"  to appropriate locations, e.g., on Linux, "/usr/local/bin" and  "/usr/local/man/man1", respectively.  On Windows, you'll also need to  copy the pthreads and tre regular expression library dlls into the same  directory as "scalpel.exe".<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/5Z9JsBazOdw?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<h3>
Download ::</h3>
</div>
<div style="text-align: justify;">
<b>Linux | Windows | Mac :: </b><a href="https://github.com/sleuthkit/scalpel/archive/master.zip" target="_blank">Scalpel</a> (.zip)<b>
</b></div>
<div style="text-align: justify;">
<b>Official Website :: </b> <a href="https://github.com/sleuthkit/scalpel">https://github.com/sleuthkit/scalpel</a></div>

Scalpel (Data Carving / Forensics) :: Tools

Scalpel is a file carving and indexing application that runs on Linux and Windows . The first version of Scalpel , released in 2005,...

Lynis (Security and System Auditing) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPJSrg2v61K-1SHIewex9MB7DLBAqrgKTy2REJhuc1jyKxL99Tia_vx44VmSeUWWxbHdgZtEVAjWn5GUbxWD9dLfe1o2Suta4Ww_ZgfvwIITFiR8JkMpR5A-ZkTq17LVggAJlfumpTReoW/s1600/lynis-screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="lynis screenshot" border="0" height="300" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPJSrg2v61K-1SHIewex9MB7DLBAqrgKTy2REJhuc1jyKxL99Tia_vx44VmSeUWWxbHdgZtEVAjWn5GUbxWD9dLfe1o2Suta4Ww_ZgfvwIITFiR8JkMpR5A-ZkTq17LVggAJlfumpTReoW/s320-rw/lynis-screenshot.png" title="lynis screenshot" width="400" /></a></div>
<div style="text-align: justify;">
<b>Lynis</b> is a <b><i>Security and system auditing tool</i> </b>to harden <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> systems. <b>Lynis</b> is an <b>auditing tool </b>for Unix/Linux (specialists). It scans the  <a href="http://www.toolwar.com/search/label/System" target="_blank">system</a> and available software and performs many individual <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a>  checks. It determines the hardening state of the machine and <a href="http://www.toolwar.com/search/label/Detect" target="_blank">detects</a>  security issues. Beside security related information it will also scan  for general system information, installed packages and possible  configuration errors. <b>Lynis</b> is a <a href="http://www.toolwar.com/search/label/Security" target="_blank">security tool</a> to audit and harden Unix and Linux based  systems. It scans the system by performing many security control checks,  looks for installed software and determines compliance to standards. Also will it detects security issues and errors in configuration. At the  end of the scan it will provide the warnings and suggestions to help  you improving the security defense of your systems.<br />
<br />
This software aims in assisting automated  auditing, hardening, software patch management, <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> and  <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> scanning of Unix/Linux based systems. It can be run without  prior installation, so inclusion on read only storage is possible (<a href="http://www.toolwar.com/search/label/USB" target="_blank">USB</a>  stick, cd/dvd).<br />
<br />
<b>Lynis </b>assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits.<br />
<br />
<b>Intended audience:</b><br />
Security specialists, penetration testers, system auditors, system/network managers.<br />
<br />
<b>Examples of audit tests:</b><br />
- Available authentication methods<br />
- Expired SSL certificates<br />
- Outdated software<br />
- User accounts without password<br />
- Incorrect file permissions<br />
- Configuration errors<br />
- Firewall auditing<br />
<br />
<b>Current state:</b><br />
Stable releases are available, development is active.<br />
<h3>
Tutorials :: </h3>
<b>Documentation :: </b><a href="http://www.rootkit.nl/files/lynis-documentation.html" target="_blank">Click Here</a> </div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/FgkC4k1kJaE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<h3>
<b>Download </b></h3>
<b>Linux ::</b> <a href="http://cisofy.com/files/lynis-1.4.0.tar.gz" target="_blank">Llynis-1.4.0</a> (.tar.gz)</div>
<div style="text-align: justify;">
<b>Official Website :: </b><a href="http://www.rootkit.nl/projects/lynis.html" target="_blank">http://www.rootkit.nl/projects/lynis.html </a></div>
</div>

Lynis (Security and System Auditing) :: Tools

Lynis is a Security and system auditing tool to harden Linux systems. Lynis is an auditing tool for Unix/Linux (specialists). It sca...

PuTTY (SSH and Telnet Client) :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="putty logo" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3zvoJcKewErjVHSTjvbSDUjRlAnvLx8DNoFccuOvxFsCFHnuKCMJYOJ1NrhyfEBId03fqOnulo2MIoeDxqIbix4vgflC093Md_UhkccEcdQQ4NZiRT5mNwvddKjRoz6N4izQD-ufOng6j/s1600-rw/putty+logo.png" title="putty logo" /></div>
<div style="text-align: justify;">
<b>PuTTY</b> is a free <b>implementation of Telnet and SSH for Windows and Unix</b> platforms, along with an <code>xterm</code> terminal emulator. It is written and maintained primarily by Simon Tatham. </div>
<div style="text-align: justify;">
<b>PuTTY</b> is a free and <i>open-source terminal emulator</i>, serial console and <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> file transfer application. It supports several network <a href="http://www.toolwar.com/search/label/Protocol" target="_blank">protocols</a>, including SCP, SSH, Telnet and rlogin. The name "<b>PuTTY</b>" has no definitive meaning, though "tty" is the name for a terminal in the Unix tradition, usually held to be short for Teletype.<br />
<br />
<b>PuTTY</b> was originally written for Microsoft <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, but it has been ported to various other operating systems. Official ports are available for some Unix-like platforms, with work-in-progress ports to Classic Mac OS and <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac</a> OS X, and unofficial ports have been contributed to platforms such as Symbian and Windows Mobile.<br />
</div>
<h3 style="text-align: justify;">
Tutorials :: </h3>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/9CZphjhQxIQ?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Windows :: </b><a href="http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe" target="_blank">PuTTY x86</a> <b>(.exe)</b></div>
<div style="text-align: justify;">
<b>Unix :: </b><a href="http://the.earth.li/~sgtatham/putty/latest/putty-0.63.tar.gz" target="_blank">PuTTY</a><b> (.tar.gz)</b></div>
<div style="text-align: justify;">
<b>Official Website ::</b> <a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/">http://www.chiark.greenend.org.uk/~sgtatham/putty/</a></div>

PuTTY (SSH and Telnet Client) :: Tools

PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator. It is written ...

GDB GNU Debugger :: Tools

<div class="separator" style="clear: both; text-align: center;">
<img alt="gdb logo" border="0" height="255" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtcV7G_5LSgJmJVC3QAj64NTirUIMtUbntKldesIZ8v0GBoSxbgoqxPZo67Icvw7I_Ppk27F8UIyqslHsk26Gp3S1WOVzXcwuYbEQ35s36pYuxP41VWN0UWFH3WO3x0clk7PGxh3yFsKYf/s400-rw/gdb-logo.png" title="gdb logo" width="400" /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>GDB, the GNU Project <a href="http://www.toolwar.com/search/label/Debugger" target="_blank">debugger</a></b>, allows you to see what is going on `inside' another program while it executes -- or what another program was doing at the moment it crashed.  </div>
<div style="text-align: justify;">
<b>GDB </b>can do four main kinds of things (plus other things in support of these) to help you catch bugs in the act:  </div>
<ul style="text-align: justify;">
<li>Start your program, specifying anything that might affect its behavior. </li>
<li>Make your program stop on specified conditions. </li>
<li>Examine what has happened, when your program has stopped. </li>
<li>Change things in your program, so you can experiment with correcting the effects of one bug and go on to learn about another. </li>
</ul>
<div style="text-align: justify;">
The program being debugged can be written in Ada, C, C++, Objective-C, Pascal (and many other <a href="http://www.toolwar.com/search/label/Language" target="_blank">languages</a>).  Those programs might be executing on the same machine as GDB (native) or on another machine (remote).  GDB can run on most popular UNIX and Microsoft <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> variants.</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorials :: </h3>
<div style="text-align: justify;">
<b>Video Tutorials ::</b> </div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/sCtY--xRUyI?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/k-zAgbDq5pk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<br />
<b>Text Tutorials :: </b><a href="http://sourceware.org/gdb/current/onlinedocs/gdb/" target="_blank">Click Here</a> <br />
<h3>
Download :: </h3>
<b>Linux ::</b> <a href="ftp://sourceware.org/pub/gdb/releases/gdb-7.6.tar.gz" target="_blank">GDB v7.6.tar.gz</a>
<b> </b><br />
<b>Official Site :: </b><a href="http://www.gnu.org/">http://www.gnu.org/</a>

GDB GNU Debugger :: Tools

GDB, the GNU Project debugger , allows you to see what is going on `inside' another program while it executes -- or what another pr...

Bizploit (ERP Penetration Testing) :: Framework

<div class="separator" style="clear: both; text-align: center;">
<img alt="onapsis logo" border="0" height="157" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEin6I42nzkLY76YbK6quX_PVYjdXrZ8ZpxDui0742p564fJp9gziwUTmwc3CRFGoTz5et3sDfyb3dBOMb7o0I9stsuh20N8o7GqsAhA_mdKp5AO_osq2EkqNGSDHp9JvasUAXoL_9P3L4Ce/s400-rw/onapsis+logo.png" title="onapsis logo" width="400" /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="text-align: justify;">
<b>Bizploit</b> is the first Opensource <i>ERP Penetration Testing framework</i>. 
Developed by the <b>Onapsis Research Labs,</b> <b>Bizploit</b> assists security 
professionals in the discovery, exploration, vulnerability assessment 
and exploitation phases of specialized <b>ERP Penetration Tests</b>.<br />
Currently, <b>Bizploit</b> is shipped with many plugins to assess the security 
of SAP business platforms. Plugins for other popular ERPs will be 
included in the short term.</div>
<div style="text-align: justify;">
<br /></div>
<h3 style="text-align: justify;">
Tutorials :: </h3>
<h3 style="text-align: justify;">
Download ::</h3>
<div style="text-align: justify;">
<b>Linux :: </b><a class="download" href="http://www.onapsis.com/get.php?resid=bizploit-linux-1-5">Bizploit v1.50-rc1</a></div>
<div style="text-align: justify;">
<b>Windows ::</b> <a class="download" href="http://www.onapsis.com/get.php?resid=bizploit-win32-1-5">Bizploit v1.50-rc1</a><br />
<b>Official Website :: </b><a href="http://www.onapsis.com/">http://www.onapsis.com</a>/</div>

Bizploit (ERP Penetration Testing) :: Framework

Bizploit is the first Opensource ERP Penetration Testing framework . Developed by the Onapsis Research Labs, Bizploit assists secur...

Burp Suite 2020.12.1 :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAT2UhRmZvzULaQVdcEZDtIFgNvPBCuTUbZWHvPtZZ5gx6ibqfq6BYj-4RfUfNMVxfg1JsA6uD4KKYpcQKye1XV_E1DMgkYO8CCKDPceWmNfn-3OVLCMEvmMVmLYzvRih9jGTKLa8xnlbs/s836/Burp-Suite-Professional-2020-Free-Download.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Burp Suite Professional 2020.12.1" border="0" data-original-height="484" data-original-width="836" height="231" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAT2UhRmZvzULaQVdcEZDtIFgNvPBCuTUbZWHvPtZZ5gx6ibqfq6BYj-4RfUfNMVxfg1JsA6uD4KKYpcQKye1XV_E1DMgkYO8CCKDPceWmNfn-3OVLCMEvmMVmLYzvRih9jGTKLa8xnlbs/w400-h231-rw/Burp-Suite-Professional-2020-Free-Download.jpg" title="Burp Suite Professional 2020.12.1" width="400" /></a></div><br /><div style="text-align: justify;">
<b>Burp Suite</b> is a large platform for performing security testing of web applications. Its various tools work seamlessly  together to support the entire testing process, from initial mapping and  analysis of an application's attack surface, through to finding and  exploiting security vulnerabilities. </div>
<div style="text-align: justify;">
Burp gives you full control, letting you combine advanced manual  techniques with state-of-the-art automation, to make your work faster, more  effective, and more fun.</div>
<div style="text-align: justify;">
It contains a variety of tools with numerous interfaces between them  designed to facilitate and speed up the process of attacking an  application. All of the tools share the same framework for handling and  displaying HTTP messages, persistence, authentication, proxies, logging,  alerting and extensibility.  There is a limited free version and also  Burp Suite Professional ($399 per user per year). </div>
<div class="rounded-corner-box grey-box">
<ul class="green-list" style="text-align: justify;">
<li>An intercepting <b>Proxy</b>,  which lets you inspect and modify traffic between your browser and the  target application.</li>
<li>An application-aware <b>Spider</b>,  for crawling content and functionality.</li>
<li>An advanced web application <b>Scanner</b>,  for automating the detection of numerous types of vulnerability.</li>
<li>An <b>Intruder</b> tool, for  performing powerful customized attacks to find and exploit unusual  vulnerabilities.</li>
<li>A <b>Repeater</b> tool, for  manipulating and re-sending individual requests.</li>
<li>A <b>Sequencer</b> tool, for  testing the randomness of session tokens.</li>
<li>The ability to <b> save your work</b> and resume working later.</li>
<li><b>Extensibility</b>, allowing you  to easily write your own plugins, to perform complex and highly  customized tasks within Burp.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/pBkzvp7xuCI?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
</div>
<div style="text-align: left;">
<br />
<b>Download Here :: </b><a href="https://portswigger.net/burp/releases/professional-community-2020-12-1" target="_blank">Burp Suite v2020.12.1</a><b>
</b></div>
<div style="text-align: left;">
<b>Source ::</b> http://portswigger.net/index.html</div>
</div>
</div>

Burp Suite 2020.12.1 :: Tools

Burp Suite is a large platform for performing security testing of web applications. Its various tools work seamlessly together to suppor...

Wavsep (Web Application Vulnerability Scanner) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="wavsep toolwar" border="0" height="331" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMSoRbPxK7O4Yj9z_uKOjtWacWbm1y998Bf2-i_alefuOMauXKrwgdJxF8pcp09hpZ7d49PMUzgrTmZ7eRH199RCw1d4rlsbz6PmOvb-bY3Au-exVkvJpmGS6OVdOe61ns-Q5MZPGO89_r/s1600-rw/Wavsep+logo.png" title="wavsep toolwar" width="640" /></div>
<div style="text-align: justify;">
<b>Wavsep</b> is a <b>Web Application Vulnerability Scanner Evaluation Project.</b> and <b>Wavsep</b> is a <i>vulnerable web application</i> designed to help assessing the features,
 quality and accuracy of web application vulnerability scanners. </div>
<div style="text-align: justify;">
This
 evaluation platform contains a collection of unique vulnerable web 
pages that can be used to test the various properties of web application
 scanners. </div>
<div style="text-align: justify;">
Although some of the test cases are vulnerable to additional exposures, 
the purpose of each test case is to evaluate the detection accuracy of 
one type of exposure, and thus, “out of scope” exposures should be 
ignored when evaluating the accuracy of vulnerability scanners.  </div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
<b>Download Here :: </b><a href="https://wavsep.googlecode.com/files/wavsep-v1.2-war-linux.zip" target="_blank">Wavsep 1.2</a> (for Linux)<b></b></div>
<div style="text-align: justify;">
                               <a href="https://wavsep.googlecode.com/files/wavsep-v1.2-war.zip" target="_blank">Wavsep 1.2</a> (for Windows)<b><br /></b></div>
<div style="text-align: justify;">
<b>Read More :: </b>https://code.google.com/p/wavsep/</div>
</div>

Wavsep (Web Application Vulnerability Scanner) :: Tools

Wavsep is a Web Application Vulnerability Scanner Evaluation Project. and Wavsep is a vulnerable web application designed to help as...

WebSecurify (Web Application Security Testing Suite) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="WebSecurify Logo" border="0" height="165" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6oDiePzFfVKkO_hIeIuuwUrY6JK_X5Dj2Qixb9RxFDbSH9HJQhnKNdbrUrhYJgkZvvGLDCGDwSM_WrRrnjNY0SljItRogRVQLCbGVrWM0Lj4E5vwOcNvmid67GVlEJUmenmwit6QPaN3P/s1600-rw/Websecurify+logo.jpg" title="WebSecurify Logo" width="320" /></div>
<div style="text-align: justify;">
<b>Websecurify</b> is a <i>web application security testing</i> suite  designed from the ground up to provide the best combination of automatic  and manual vulnerability testing technologies. It is available for all  major desktop platforms including mobile devices and web via our online  security suite. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Main features of <b>Websecurify</b> include: </div>
<ul style="text-align: justify;">
<li>Simple to use user interface. </li>
<li>World-class analytical and scanning technology. </li>
<li>Available for all major operating systems (Windows, Mac, Linux) including mobile devices (iOS, Android). </li>
<li>Easily extensible with the help of add-ons and plugins. </li>
<li>Moduler and reusable design. </li>
<li>Built-in internationalization support.  </li>
<li>Powerful manual testing tools and helper facilities included. </li>
<li>Flexible, hassle-free licensing. </li>
<li>Innovative in every way.  </li>
<li>Frequent updates. </li>
<li>Much, much more. </li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/PMT_A7YtEAs?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<br />
<b>Download Here :: </b><a href="https://websecurify.googlecode.com/files/websecurify-for-firefox-2.1.0.xpi" target="_blank">WebSecurify 2.1.0</a> (for Firefox)<br />
                               <a href="https://websecurify.googlecode.com/files/Websecurify%20Suite%201.0.0.tar.gz" target="_blank">WebSecurify Suite 1.0.0</a> (for Linux)<br />
                               <a href="https://websecurify.googlecode.com/files/Websecurify%20Suite%201.0.0.exe" target="_blank">WebSecurify Suite 1.0.0</a> (for Windows)<br />
                               <a href="https://websecurify.googlecode.com/files/Websecurify%20Suite%201.0.0.dmg" target="_blank">WebSecurify Suite 1.0.0</a> (for MAC)<br />
<b>Official Website :: </b>http://www.websecurify.com/<br />
<ul style="text-align: justify;">
</ul>
<div style="text-align: center;">
</div>
<div style="text-align: center;">
</div>
<div style="text-align: center;">
</div>
</div>

WebSecurify (Web Application Security Testing Suite) :: Tools

Websecurify is a web application security testing suite designed from the ground up to provide the best combination of automatic and...

Dsniff (Network Auditing and Penetration Testing) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="dsniff logo" border="0" height="200" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglUy8nXzRshwrinWN2ncP0FaDpYLKIOQs5Y27PszGBcR3CoDhFcwdi-kGlc0Cm9CZTT-uxTsAEkp4gGy6sDWgCGvNHeulvsGzdM-nZMX_xPVe_Ztr9HwuRetrvK8KwwB5q2UtbhWE67EiC/s200-rw/dsniff+logo.png" title="dsniff logo" width="166" /></div>
<div style="text-align: justify;">
<b>Dsniff</b> is a collection of tools for network auditing and penetration testing. <b>dsniff</b>, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.</div>
<div style="text-align: justify;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/QTWwNsTj5FA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br />
<b>Download Here :: </b><a href="http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz" target="_blank">dsniff 2.3.tar.gz</a></div>
<div style="text-align: justify;">
<b>Official Website :: </b> http://www.monkey.org/</div>
</div>

Dsniff (Network Auditing and Penetration Testing) :: Tools

Dsniff is a collection of tools for network auditing and penetration testing. dsniff , filesnarf, mailsnarf, msgsnarf, urlsnarf, and we...

Reaver (WiFi Cracking or Wireless Auditor) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="wifi logo" border="0" height="245" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiV-NPgsuzClXAHxkWhbCHhzK2NTn1xbiJssKhzPeNVEHgd7UYq4a5gjLn5UDIfWLH4CG9pkT_RtThm11mzMWjbpmZVDdzgNsSXDpHyOsvuPneH5OUQPNTcEhToCtCF8mYfP2ZmA-O_BNDM/s320-rw/wifi+logo.jpg" title="wifi logo" width="320" /></div>
<div style="text-align: justify;">
<b>Reaver </b>implements a <i>brute force attack</i> against <i>Wifi Protected Setup  (WPS)</i> registrar PINs in order to recover WPA/WPA2 passphrases.<b> Reaver</b> is a <i>WPA attack tool </i>developed by <b>Tactical Network Solutions </b> and sold by Reaver Systems, LLC that exploits a protocol design flaw in  <i>WiFi Protected Setup (WPS)</i>. This vulnerability exposes a side-channel  attack against Wi-Fi Protected Access (WPA) versions 1 and 2 allowing  the extraction of the Pre-Shared Key (PSK) used to secure the network.  With a well-chosen PSK, the WPA and WPA2 security protocols are assumed  to be secure by a majority of the 802.11 security community.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
WPS allows users to enter an 8 digit PIN to connect to a secured  network without having to enter a passphrase.  When a user supplies the  correct PIN the access point essentially gives the user the WPA/WPA2 PSK  that is needed to connect to the network.  Reaver will determine an  access point's PIN and then extract the PSK and give it to the attacker.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Current attacks against WPA networks involve the computation of  rainbow tables based on a dictionary of potential keys and the name  (SSID) of the network being attacked. Rainbow tables must be  re-generated for each network encountered and are only successful if the  PSK is a dictionary word. However, <b>Reaver</b> is not restricted by the  limitations of traditional dictionary-based attacks. Reaver is able to  extract the WPA PSK from the access point within 4 - 10 hours and  roughly 95% of modern consumer-grade access points ship with WPS enabled  by default.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/eWy5DDc5Hn0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b>Download Here :: </b><a href="http://reaver-wps.googlecode.com/files/reaver-1.4.tar.gz" target="_blank">Reaver 1.4.tar.gz</a></div>
<div style="text-align: justify;">
<b>Official Website ::  </b>http://www.tacnetsol.com/</div>
</div>

Reaver (WiFi Cracking or Wireless Auditor) :: Tools

Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases. R...

Ntopng (Network Traffic) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="ntop logo" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQC-FRUFjRvLyaY9yXMGSelHOEh0UATbuipctkwpL4fDcTGpiq_OG6fGuOqc5CmX6DYVsegpj5rP4yvk6R-mC9ggf8Zg6FgPnUNqyV2K43kGkvcLkFpmpac148XDdV5B_sTjQBPmrkoBGC/s1600-rw/ntop+logo.png" title="ntop logo" /></div>
<div style="text-align: justify;">
<b>Ntopng</b>, the next generation version of the original ntop, a <i>network  traffic</i> probe that shows the network usage, similar to what the popular  top Unix command does. ntopng is based on libpcap and it has been  written in a portable way in order to virtually run on every Unix  platform, MacOSX and on Win32 as well.<b> </b></div>
<div style="text-align: justify;">
<b>Ntop</b> shows network usage in a way similar to what top does for  processes. In interactive mode, it displays the network status on the  user's terminal. In Web mode, it acts as a Web server, creating an HTML  dump of the network status. It sports a NetFlow/sFlow emitter/collector,  an HTTP-based client interface for creating ntop-centric monitoring  applications, and RRD for persistently storing traffic statistics.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/-P7C0by-TLA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<br />
<b>Download Here :: </b><a href="http://sourceforge.net/projects/ntop/files/ntopng/ntopng-1.0.tar.gz/download" target="_blank">ntopng-1.0.tar.g<b>z</b></a><b> </b>(for Linux )<b>  </b></div>
<div style="text-align: justify;">
<b>                               </b><a href="http://www.nmon.net/packages/Win32/ntopng-1.0-demo.exe" target="_blank">ntopng-1.0demo.exe</a> (for Windows)  <b> </b><br />
<b>Official Website :: </b>http://www.ntop.org/ </div>
</div>

Ntopng (Network Traffic) :: Tools

Ntopng , the next generation version of the original ntop, a network traffic probe that shows the network usage, similar to what the p...

John the Ripper (Password Cracker) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<img alt="John the Ripper logo" border="0" loading="lazy" src="http://img830.imageshack.us/img830/9775/45275642.jpg" title="John the Ripper logo" /></div>
<br />
<div style="text-align: justify;">
<b>John the Ripper</b> is a most usable and famous fast <i>password cracker</i>, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows <i>LM hashes</i>, plus lots of other hashes and ciphers in the community-enhanced version. </div>
<div style="text-align: justify;">
<b>John the Ripper</b> is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper <i>Pro</i>, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance. </div>
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/ME4NP7JanXY?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div>
<div style="text-align: center;">
<b>
</b></div>
<div style="text-align: left;">
<br />
<b>Download Here :: </b><a href="http://www.openwall.com/john/h/john179w2.zip" target="_blank">John the Ripper 1.7.9</a><b> (for Windows)</b></div>
<div style="text-align: left;">
                               <a href="http://www.openwall.com/john/j/john-1.8.0.tar.gz" target="_blank">John the Ripper 1.8.0</a><b> (for Unix)</b></div>
<div style="text-align: left;">
<b>Official Website ::</b> http://www.openwall.com/john/</div>
</div>

John the Ripper (Password Cracker) :: Tools

John the Ripper is a most usable and famous fast password cracker , currently available for many flavors of Unix, Windows, DOS, BeOS, ...

Subscribe to: Comments ( Atom )