Kippo (Medium Interaction SSH honeypot) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="honeypot logo" border="0" height="147" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrUVnK5ckDMkuVIbcWb8PF91rmwlb202CsV5COPsOlOiB9OW8Kf3estPjnnsJ6541JweeCI7JeDX-vx7oaPW0hMvub34spaMUEdGh-MXyBI-z7LolJEQMxbiOP3YbNt9dKiStrduzDLTvT/s200/honeypot_icon.jpg" title="honeypot logo" width="200" /></div> <div style="text-align: justify;"> <b>Kippo</b> is a <i>medium interaction SSH honeypot</i> designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <span style="font-size: large;">Features</span></div> <div style="text-align: justify;"> Some interesting features: </div> <ul style="text-align: justify;"> <li>Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included </li> <li>Possibility of adding fake file contents so the attacker can 'cat' files such as /etc/passwd. Only minimal file contents are included </li> <li>Session logs stored in an UML compatible format for easy replay with original timings </li> <li>Just like Kojoney, Kippo saves files downloaded with wget for later inspection </li> <li>Trickery; ssh pretends to connect somewhere, exit doesn't really exit, etc </li> </ul> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/7ACOXgeX3ik?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here :: </b><a href="http://kippo.googlecode.com/files/kippo-0.8.tar.gz" target="_blank">Kippo v0.8.tar.gz</a></div> <div style="text-align: justify;"> <b>Source :: </b> http://code.google.com/p/kippo/</div> </div>

Kippo (Medium Interaction SSH honeypot) :: Tools

Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction pe...

Read more »

Belch (Binary Protocol Pen-Testing) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="binary penetration toolwar" border="0" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghScz4peffH3Ja7mGFWJDPwhNDV6F4dfiL3mFvd9W2fuHuDBj4LvJqkwRydZCF__q-Jqq-K6-2OXS-TClsJUkaXYlrCPp9PFm8VAOBw9kSfvH6lN6y8ylw5xcy5epYUTDvXIBCmCMXlHKl/s400/binary+penetration+toolwar.jpg" title="binary penetration toolwar" width="400" /></div> <span style="font-family: inherit;"><b>Belch</b> is a B<i>inary Protocol Pen-Testing Tool.</i> It is used to aid in automation of testing AMF and Java-Serialization applications.</span></div> <div style="text-align: justify;"> <span style="font-family: inherit;"> </span></div> <div style="text-align: justify;"> <span style="font-family: inherit;"><b>Belch</b> performs on the fly transformation of binary data to human readable XML format. It was tested successfully against AMF version 3 and Java Serialization applications. Belch can be used as a translation peer for any Automatic scanner integrating automatic testing to the binary communication. Belch has been tested with various scanners such as BurpSuite, Accunetix, AppScan, Sqlmap etc.</span></div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/6wiCy3yZvl4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b><span style="font-family: inherit;">Download Here ::</span></b><span style="font-family: inherit;"> <a href="https://www.appsec-labs.com/system/files/Belch_1.0.13.zip" target="_blank">Belch 1.0.13 (Windows)</a></span><b><span style="font-family: inherit;"> </span></b></div> <div style="text-align: justify;"> <span style="font-family: inherit;"><b>Official Website :: </b>https://appsec-labs.com/ </span></div> </div>

Belch (Binary Protocol Pen-Testing) :: Tools

Belch is a B inary Protocol Pen-Testing Tool. It is used to aid in automation of testing AMF and Java-Serialization applications. ...

Read more »

SSL Vulnerability Analyzer :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiH12DB6_ms3O3s1_td8BwM7StWC_nv4S2ExjursWZTouuu445awygxmJEjwkFBQ0YsXbsZFoHvtP3lH0D5vlc-ZXpPbRGp9kb5moG1o_dK7LjMhPelK6CgYkRdbRcbRtGtRxmmoQ5qcQGU/s1600/ssl+vulnerability+analyzer+toolwar.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="SSL Vulnerability Analyzer toolwar" border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiH12DB6_ms3O3s1_td8BwM7StWC_nv4S2ExjursWZTouuu445awygxmJEjwkFBQ0YsXbsZFoHvtP3lH0D5vlc-ZXpPbRGp9kb5moG1o_dK7LjMhPelK6CgYkRdbRcbRtGtRxmmoQ5qcQGU/s320/ssl+vulnerability+analyzer+toolwar.png" title="SSL Vulnerability Analyzer toolwar" width="264" /></a></div> <div style="text-align: justify;"> The <b>SSL Vulnerabilities Analyzer</b> is designed for website owners and security testers. The tool takes a domain and/or IP address, tests the encryptions and algorithms supported by them and analyzes the results in a graphic form, reporting problematic encryption methods.</div> <div style="text-align: justify;"> PS, the browser may warn you about a danger file, but it's because that the zip file contains an installation file.</div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Help/Tutorial :: </b><a href="https://appsec-labs.com/SSL_Analyzer/help" target="_blank">Click Here</a> </div> <div style="text-align: justify;"> <b>Download Here :: </b><a href="https://appsec-labs.com/sites/default/files/d/tools/SSL_Vulnerabilities_analyzer/SSL_Analyzer_v1.1.zip" target="_blank">SSL Vulnerability Analyzer</a></div> <div style="text-align: justify;"> <b>Official Website :: </b>https://appsec-labs.com/ </div> </div>

SSL Vulnerability Analyzer :: Tools

The SSL Vulnerabilities Analyzer is designed for website owners and security testers. The tool takes a domain and/or IP address, tes...

Read more »

WAppEx (Web Application Exploiter) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjy69Bs634VQydTJdv0uGtFpQKr3ts7eZw6ppQEaiyIybkyhkxNo7FP1mBlS7oZ-MTfnVkAX0YqJg5yifhrgQ90taO_P751HCiUSd3hrXBXP1-qD46VxnlmEySD4yRYu_eyy_XS5xdzAJwO/s1600/wappex+screenshot+toolwar.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="WAppEx Screenshot ToolWar" border="0" height="235" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjy69Bs634VQydTJdv0uGtFpQKr3ts7eZw6ppQEaiyIybkyhkxNo7FP1mBlS7oZ-MTfnVkAX0YqJg5yifhrgQ90taO_P751HCiUSd3hrXBXP1-qD46VxnlmEySD4yRYu_eyy_XS5xdzAJwO/s400/wappex+screenshot+toolwar.png" title="WAppEx Screenshot ToolWar" width="400" /></a></div> <div style="text-align: justify;"> <b>WAppEx</b> is an integrated <i>Web Application security</i> assessment and exploitation platform designed with the whole spectrum of security professionals to web application hobbyists in mind. It suggests a security assessment model which revolves around an extensible exploit database. Further, it complements the power with various tools required to perform all stages of a web application attack.</div> <div style="text-align: justify;"> The Exploit Database contains the all the logic associated with trivial fingerprinting, exploitation techniques, and payloads that address a wide range of web application vulnerabilities with the emphasis being on high-risk and zero-day vulnerabilities.</div> <div style="text-align: justify;"> Some of the vulnerabilities already bundled within the Exploit Database include Local File Disclosure (LFD), Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL Injection (SQLI), Remote OS Command Execution (RCE), and Server-side Code Injection (SCI). WAppEx can detect these vulnerabilities in a target, take full advantage of it, and through neatly designed payload codes get as much access to the exploited target as possible in as short a time as possible. Some of the payloads included within the database are various reverse shells, arbitrary code execution, command execution, arbitrary file upload…</div> <div style="text-align: justify;"> Since all the attack logic rests in the form of scripts within the Exploit Database, it is easily extensible, flexible and updatable through community servers. Users, too, can add mature, sophisticated exploits and payloads in the same fashion. The database grows on a daily basis, and our dedicated team of research and development are working non-stop to maintain the richest, most up-to-date aggregate of exploits. The number of exploits is soon bound to surpass hundreds. Meanwhile, users can share their own created exploits and payloads with the community and contribute to this growing momentum.</div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/6IXFN5fTvNk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here :: </b><a href="http://itsecteam.com/counter/?files=WAppEx/WAppEx2.0.exe" target="_blank">WAppEx 2.0.exe</a></div> <div style="text-align: justify;"> <b>Official Website :: </b>http://www.itsecteam.com/ </div> </div>

WAppEx (Web Application Exploiter) :: Tools

WAppEx is an integrated Web Application security assessment and exploitation platform designed with the whole spectrum of security p...

Read more »

OWASP Bricks (Web Application Security Learning Platform) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="owasp bricks logo toolwar" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxsW3jxRxCdfOllufBaZ0_uBwcmN-L7j2Fru8xOc1lTFeRLUMkcvyN_lnUYOrjG-Cv-Kr7b_qYk_j1a9LcRAikKyTgFkdJ9FQiNFFmJxMlrHdzndXtyTN6QhxPsCgBWGFX6oyy1lcxLLeR/s200/owasp+bricks+logo+toolwar.png" title="owasp bricks logo toolwar" width="199" /></div> <div style="text-align: justify;"> <b>OWASP Bricks</b> is a <i>Web application security learning platform</i> built on PHP and MySQL. <b>Bricks</b> is a deliberately vulnerable web application built on PHP and MySQL. The project focuses on variations of commonly seen application security vulnerabilities and exploits. Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br /> <br /> <b>Bricks</b> is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.<br /> <br /> <b>Bricks</b> is a completely free and open source project brought to you by OWASP. The complete documentation and instruction videos can also be accessed or downloaded for free. Bricks are classified into three different sections: login pages, file upload pages and content pages.</div> <b></b><br /> <b></b><br /> <b></b><br /> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/j5I0wPvQxTg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/mCo6ajvBv50?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <b>D</b><b>ownload Here :: </b><a href="http://sourceforge.net/projects/owaspbricks/files/Atrai%20-%201.8/OWASP%20Bricks%20-%20Atrai.zip/download" target="_blank">OWASP Bricks v1.8</a><br /> <b>Official Website :: </b>http://sechow.com/<b><br /></b></div>

OWASP Bricks (Web Application Security Learning Platform) :: Framework

OWASP Bricks is a Web application security learning platform built on PHP and MySQL. Bricks is a deliberately vulnerable web applicat...

Read more »

Revenssis (Penetration Testing Suite for Android Devices) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;">  <img alt="revenssis logo toolwar" border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5akPP1gYogJsMY0bpiMUplwpdcoAnNdS8L6KM7gDgc3SKxos7q-Nq9vqTkjw6087MYguSsXpZd_73Azac59n9vrG46CPIYY881-rMZxH42vQUcK0mtCLM0EZlZuMtE4t2Owqa8liUPc55/s320/revenssis+logo+toolwar.jpg" title="revenssis logo toolwar" width="213" /></div> <div style="text-align: justify;"> <b>Revenssis</b> is a complete <i>Penetration testing suite for Android devices</i>. Nicknamed as the "Smartphone Version of Backtrack", Revenssis Penetration Suite is a set of all the useful types of tools used in Computer and Web Application security. Tools available in it include: Web App scanners, Encode/Decode & Hashing tools, Vulnerability Research Lab, Forensics Lab, plus the must-have utilities (Shell, SSH, DNS/WHOIS Lookup, Traceroute, Port Scanner, Spam DB Lookup, Netstat... etc). All these fitting in an application approx. 10MB (post installation). </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Download Here ::</b> <a href="http://revenssis-penetration-testing-suite.googlecode.com/files/Revenssis.apk" target="_blank">Revenssis.apk</a> & (Available at Play Store)</div> <div style="text-align: justify;"> <b>Source ::</b> http://code.google.com/p/revenssis-penetration-testing-suite/</div> </div>

Revenssis (Penetration Testing Suite for Android Devices) :: Tools

  Revenssis is a complete Penetration testing suite for Android devices . Nicknamed as the "Smartphone Version of Backtrack",...

Read more »

Web-Sorrow (Web Security Scanner) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="web-sorrow logo toolwar" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnOHBqWrrM6YdiWnHWuSXu1hw29NNTVhSAjq4r1DQIgKad8aYZSfNdcOvACdnf8mUPaNbFAYLbM1Tt853Lb_tpG0qgN_XQLCNnSFMsuNr8A1JT216rUO42Z3DHdJwp6-OoBk1VmU4cdoRt/s1600/websorrow+logo+toolwar.jpg" title="web-sorrow logo toolwar" /></div> <div style="text-align: justify;"> <b>Web-Sorrow </b>is a<span itemprop="description"> <i>versatile security scanner</i> for the <i>information disclosure and fingerprinting</i> phases of pentesting.</span><b>Web-Sorrow</b> is a perl based tool for misconfiguration, version detection, enumeration, and server information scanning. It's entirely focused on Enumeration and collecting Info on the target server. <b>Web-Sorrow</b> is a "safe to run" program, meaning it is not designed to be an exploit or perform any harmful attacks. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <span style="font-size: large;">Basic overview of capabilities:</span></div> <ul style="text-align: justify;"> <li><b>Web Services:</b> a CMS and it's version number, Social media widgets and buttons, Hosting provider, CMS plugins, and favicon fingerprints.</li> <li><b>Authentication areas:</b> logins, admin logins, email webapps.</li> <li><b>Bruteforce:</b> Subdomains, Files and Directories.</li> <li><b>Stealth:</b> with -ninja you can gather valuable info on the target with as few as 6 requests, with -shadow you can request pages via google cache instead of from the host.</li> <li><b>AND MORE:</b> Sensitive files, default files, source disclosure, directory indexing, banner grabbing (see below for full capabilities) </li> </ul> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/1n1zKEi6BF8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <b>Download Here :: </b><a href="http://web-sorrow.googlecode.com/files/Web-Sorrow_v1.5.0FINAL%28patched_version%29.zip" target="_blank">Web-Sorrow 1.5.0.zip</a><br /> <b>Source ::</b> http://code.google.com/p/web-sorrow/<br /> <ul style="text-align: justify;"> </ul> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> </div>

Web-Sorrow (Web Security Scanner) :: Tools

Web-Sorrow is a versatile security scanner for the information disclosure and fingerprinting phases of pentesting. Web-Sorrow is a p...

Read more »

RAFT (Response Analysis and Further Testing Tool) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="raft screenshot toolwar" border="0" height="234" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimx_ZNEI51-G8nYISMge30CIKHECpzubYpi9piek4_sk1Vx-fycO9fyXjDqnJonrPsM9JtQnHlVYfLJherJ3izDMfofh8e8Io_SK8VHPH0kXza5Dzz389c2CdCyGPhWSsUJwgEhDhOo7Fi/s320/raft+logo+toolwar.png" title="raft screenshot toolwar" width="320" /></div> <div style="text-align: justify;"> <span style="font-family: Arial,Helvetica,sans-serif;"><b>RAFT</b> is a<i> Response Analysis and Further Testing Tool</i>. <b>RAFT</b> is a testing tool for the identification of vulnerabilities in web applications. <b>RAFT</b> is a suite of tools that utilize common shared elements to make testing and analysis easier. The tool provides visibility in to areas that other tools do not such as various client side storage.<b> RAFT</b> uses markup to create templates for fuzz testing. </span></div> <div style="text-align: justify;"> <b><br /></b></div> <div style="text-align: justify;"> <b>Download Here :: </b><a href="http://raft.googlecode.com/files/RAFT-3.0.1-win32-setup.exe" target="_blank">RAFT 3.0.1.exe</a></div> <div style="text-align: justify;"> <b>Source ::</b> http://code.google.com/p/raft/</div> </div>

RAFT (Response Analysis and Further Testing Tool) :: Tools

RAFT is a Response Analysis and Further Testing Tool . RAFT is a testing tool for the identification of vulnerabilities in web appli...

Read more »

Vega (Web Vulnerability Scanner) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="vega scanner logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitqDoBTtkOWZbJB0V8gJz3IkgP9erP4PYe2g0GG_Yy1h0owqXN7iIoOt6_0ZGHotmGgJUAsjT1XP8PoV330tgVjFZjEvyHtvN7NybCqt60IAafpqq3fE7IoBM0cA88uyjM6qtiEiQbLOW9/s1600/vega+scanner+logo.JPG" title="vega scanner logo" /></div> <div style="text-align: justify;"> <b>Vega</b> is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on <b>Linux</b>, <b>OS X</b>, and <b>Windows</b>. <br /> <br /> Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web: <b>Javascript</b>.<br /> <div id="modules"> <h3> Modules</h3> <ul id="modulesList"> <li>Cross Site Scripting (XSS)</li> <li>SQL Injection</li> <li>Directory Traversal</li> <li>URL Injection</li> <li>Error Detection</li> <li>File Uploads</li> <li>Sensitive Data Discovery</li> </ul> <div id="core"> <h3> Core</h3> <ul id="coreList"> <li>Automated Crawler and Vulnerability Scanner</li> <li>Consistent UI</li> <li>Website Crawler</li> <li>Intercepting Proxy</li> <li>SSL MITM</li> <li>Content Analysis</li> <li>Extensibility through a Powerful Javascript Module API</li> <li>Customizable alerts</li> <li>Database and Shared Data Model</li> </ul> </div> </div> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/X3BGO9U8zuU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here :: </b><a href="http://www.subgraph.com/downloads/VegaSetup32.exe">Microsoft Windows 32-bit (x86)</a><br />                                <a href="http://www.subgraph.com/downloads/VegaBuild-linux.gtk.x86.zip">Linux GTK 32-bit Intel</a><br />                                <a href="http://www.subgraph.com/downloads/Vega.dmg">Mac OS X 32-bit Intel</a>  <b> </b><br /> <b>Official Website :: </b>http://www.subgraph.com/ </div> </div>

Vega (Web Vulnerability Scanner) :: Tools

Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and valid...

Read more »

WebSploit (Social Engineering) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="websploit toolwar" border="0" height="168" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEje9oakw4MwuEK6iy3HIek2xj5mb_LsZOay9_XMRBRyU35SQN-xtsA4v-gwp4fWeo1cV1b8_dEqn9HhojRyIDzb7nJoYNan32e9z42TsFIncTz5P9HCekjl9StYeAHMUqCPD7VGIrOiOAZI/s200/websploit+toolwar.png" title="websploit toolwar" width="200" /></div> <div style="text-align: justify;"> <b>WebSploit</b> is a <b>Framework</b> for Social Engineering Works, Scan, Crawler & Analysis Web, Automatic Exploiter, Network Attacks and done a lot things.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> [+]Autopwn - Used From Metasploit For Scan and Exploit Target Service</div> <div style="text-align: justify;"> [+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin</div> <div style="text-align: justify;"> [+]format infector - inject reverse & bind payload into file format</div> <div style="text-align: justify;"> [+]phpmyadmin Scanner</div> <div style="text-align: justify;"> [+]LFI Bypasser</div> <div style="text-align: justify;"> [+]Apache Users Scanner</div> <div style="text-align: justify;"> [+]Dir Bruter </div> <div style="text-align: justify;"> [+]admin finder </div> <div style="text-align: justify;"> [+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks</div> <div style="text-align: justify;"> [+]MITM - Man In The Middle Attack</div> <div style="text-align: justify;"> [+]Java Applet Attack</div> <div style="text-align: justify;"> [+]MFOD Attack Vector </div> <div style="text-align: justify;"> [+]USB Infection Attack </div> <div style="text-align: justify;"> [+]ARP Dos Attack</div> <div style="text-align: justify;"> [+]Web Killer Attack</div> <div style="text-align: justify;"> [+]Fake Update Attack</div> <div style="text-align: justify;"> [+]Fake Access point Attack</div> <div style="text-align: justify;"> [+]Wifi Honeypot</div> <div style="text-align: justify;"> [+]Wifi Jammer</div> <div style="text-align: justify;"> [+]Wifi Dos</div> <div style="text-align: justify;"> [+]Bluetooth POD Attack</div> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/E80oxU4qH_k?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <b>Download Here :: </b><a href="http://sourceforge.net/projects/websploit/files/latest/download" target="_blank">WebSploit Framework v2.0.4</a> (for Linux)<br /> <b>Source ::</b> http://sourceforge.net/projects/websploit/</div>

WebSploit (Social Engineering) :: Framework

WebSploit is a Framework for Social Engineering Works, Scan, Crawler & Analysis Web, Automatic Exploiter, Network Attacks and done...

Read more »

Plecost (Wordpress Fingerprinting) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="plecost toolwar" border="0" height="125" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBHuory4E0AoQuGVKSzfeD2m0Sg2jDwQH2-3a65iMNtFyqZWvaHXt4atW0QBG1toIQHMJ9k_LJMY0XxohKsnpaV_TDkE3duLnLEzYs6hcT0cojeU1vZD4MPCJvJZrzEtKiFfvgmc1C8-en/s200/logo_plecost.jpg" title="plecost toolwar" width="200" /></div> <div style="text-align: left;"> <span id="goog_705127854"></span><span id="goog_705127855"></span><br /></div> <div style="text-align: justify;"> <b>Plecost  </b>is a <i>Wordpress finger printer tool</i>, plecost search and retrieve information about the plugins versions installed in Wordpress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin, if there. </div> <div style="text-align: justify;"> <b>Plecost </b>retrieves the information contained on Web sites supported by Wordpress, and also allows a search on the results indexed by Google. </div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/ZoKlR2UhgWY?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here :: <a href="http://plecost.googlecode.com/files/plecost-0.2.2-9-beta.tar.gz" target="_blank">Plecost 0.2.2.9beta </a></b>(for Linux)</div> <div style="text-align: justify;"> <b>Official Website :: </b>http://www.iniqua.com/ </div> </div>

Plecost (Wordpress Fingerprinting) :: Tools

Plecost  is a Wordpress finger printer tool , plecost search and retrieve information about the plugins versions installed in Wordpr...

Read more »

Owasp Mantra (Browser Based Web Security Framework) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Owasp Mantra logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRrctdBWOhmYDQr246V7zjjW9kQoBxnS08108GujNouk7J1REEDUIjd6xdFgb7tlZvc9AGb1xJ1_E1wXBIkhT4Rg6ILFmQmUQkgns4JDBPiUh4Juv9Xy6p3vvVRuT2Wt2AqC8o3fI5OSGf/s1600/Owasp+Mantra+Logo.jpg" title="Owasp Mantra logo" /></div> <b></b><br /> <div style="text-align: justify;"> <b><span itemprop="description">OWASP Mantra</span></b><span itemprop="description"> is a  Free and Open Source <i>Browser Based Web Security Framework</i></span><b>. OWASP Mantra</b> is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>OWASP Mantra</b> is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up. </div> <div style="text-align: justify;"> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/CRJkGZlV6Vk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Download Here :: </b><a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download" target="_blank">OWASP Mantra</a> (for Windows)<b> </b></div> <div style="text-align: justify;">                               <a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download" target="_blank"> OWASP Mantra</a> (for Linux)<b> </b></div> <div style="text-align: justify;">                               <a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download" target="_blank"> OWASP Mantra </a>(for MAC)<b> </b></div> <div style="text-align: justify;"> <b>Official Website ::</b>  http://www.getmantra.com/</div> </div>

Owasp Mantra (Browser Based Web Security Framework) :: Framework

OWASP Mantra is a  Free and Open Source Browser Based Web Security Framework . OWASP Mantra is a collection of free and open source ...

Read more »

WebVulScan :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="webvulscan logo" border="0" height="81" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9FLujpJDiKSgCxd2omhEfyclXF4hvby5jnLlqtMync5SkKiG0L0vl9k5Q8U8Bcvae_LHuY-IRdDxwntDNxTuzxnreDQb76xx2Be-jBECYlRfWn_Adw-ZQp9g01-H_oEeg1B1jcd2SdgzA/s1600/webvulscan+logo.png" title="webvulscan logo" width="320" /></div> <div style="text-align: justify;"> <b>WebVulScan</b> is a <i>web application vulnerability scanner</i>. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found. </div> <div style="text-align: justify;"> After a scan is complete, a detailed PDF report is emailed to the user. The report includes descriptions of the vulnerabilities found, recommendations and details of where and how each vulnerability was exploited. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>The vulnerabilities tested by WebVulScan are:</b><br /> </div> <ul style="text-align: justify;"> <li>Reflected Cross-Site Scripting</li> <li>Stored Cross-Site Scripting</li> <li>Standard SQL Injection</li> <li>Broken Authentication using SQL Injection</li> <li>Autocomplete Enabled on Password Fields</li> <li>Potentially Insecure Direct Object References</li> <li>Directory Listing Enabled</li> <li>HTTP Banner Disclosure</li> <li>SSL Certificate not Trusted</li> <li>Unvalidated Redirects</li> </ul> <div style="text-align: justify;"> <b>Features:</b><br /> </div> <ul style="text-align: justify;"> <li>Crawler: Crawls a website to identify and display all URLs belonging to the website.</li> <li>Scanner: Crawls a website and scans all URLs found for vulnerabilities.</li> <li>Scan History: Allows a user to view or download PDF reports of previous scans that they performed.</li> <li>Register: Allows a user to register with the web application.</li> <li>Login: Allows a user to login to the web application.</li> <li>Options: Allows a user to select which vulnerabilities they wish to test for (all are enabled by default).</li> <li>PDF Generation: Dynamically generates a detailed PDF report.</li> <li>Report Delivery: The PDF report is emailed to the user as an attachment.</li> </ul> <div style="text-align: justify;"> <b>Download Here :: </b><a href="https://webvulscan.googlecode.com/files/webvulscan_v0.12.zip" target="_blank">WebVulScan v0.12</a></div> <div style="text-align: justify;"> <b>Source ::</b> https://code.google.com/p/webvulscan/</div> </div>

WebVulScan :: Tools

WebVulScan is a web application vulnerability scanner . It is a web application itself written in PHP and can be used to test remote,...

Read more »

PHP Vulnerability Hunter :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="PHP Vulnerability Hunter" border="0" height="100" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhG8un62G9aI66KfYY1jKVyVDkPxQhrDMFRtAWDZgKTmruDEGViZovWt_bflJZPkTCbSYaOmr8DJqXBgmmuJIMVMdAQ-3FgZomagEe0TatijEm9wWpy-1xtJThMKH18EiW2zCe6NYqEaB3l/s1600/PHP-Vulnerability-Hunter.jpg" title="PHP Vulnerability Hunter" width="400" /></div> <div style="text-align: justify;"> <b>PHP Vulnerability Hunter</b> is an <b>whitebox fuzz testing tool</b> capable of detected several classes of vulnerabilities in PHP web applications.</div> <div style="text-align: justify;"> While most web application fuzzers rely on the user to specify application inputs, PHP vulnerability hunter uses a combination of static and dynamic analysis to automatically map the target application. Because it works by instrumenting application, PHP Vulnerability Hunter can detect inputs that are not referenced in the forms of the rendered page.</div> <div style="text-align: justify;"> PHP Vulnerability Hunter is aware of many different types of vulnerabilities found in PHP applications, from the most common such as cross-site scripting and local file inclusion to the lesser known, such as user controlled function invocation and class instantiation. <br /> <br /> <b>PHP Vulnerability Hunter</b> can detect the following classes of vulnerabilities: </div> <ul style="text-align: justify;"> <li>Arbitrary command execution</li> <li>Arbitrary file read/write/change/rename/delete</li> <li>Local file inclusion</li> <li>Arbitrary PHP execution</li> <li>SQL injection</li> <li>User controlled function invocatino</li> <li>User controlled class instantiation</li> <li>Reflected cross-site scripting (XSS)</li> <li>Open redirect</li> <li>Full path disclosure</li> </ul> <div style="text-align: justify;"> <b>Download Here :: </b><a class="FileNameLink" href="https://phpvulnhunter.codeplex.com/downloads/get/690936" id="fileDownload0" tabindex="9">PHP Vulnerability Hunter 1.4.0.20 Unstable</a></div> <div style="text-align: justify;"> <b>Source Website ::</b> https://phpvulnhunter.codeplex.com</div> </div>

PHP Vulnerability Hunter :: Tools

PHP Vulnerability Hunter is an whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applicati...

Read more »

XSSF (Cross Site Scripting Framework) :: Frameworks

<div dir="ltr" style="text-align: left;" trbidi="on"> <div style="text-align: center;">  <img alt="xssf logo" border="0" height="78" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRD7_Qf3uczuo0jjl0Zn_xPYsVPilG-slUfjqxWr6RMznK9kSfykhHi_5W-1840tZGKc1ZvtGq8u5QN8FR7UESwAG-5eb_FgAwzBqGQGXISA38J5LPbFteBRt4N5f9hiDXxFAsRLttzrq9/s1600/xssf+logo.png" title="xssf logo" width="200" /> </div> <div style="text-align: justify;"> The <b>Cross-Site Scripting Framework </b>(<b>XSSF</b>) is a security tool designed to turn the XSS vulnerability exploitation task into a much easier work. The <b>XSSF</b> project aims to demonstrate the real dangers of XSS vulnerabilities, vulgarizing their exploitation. This project is created solely for education, penetration testing and lawful research purposes. </div> <div style="text-align: justify;"> XSSF allows creating a <b>communication channel</b> with the targeted browser (from a XSS vulnerability) in order to perform further attacks. Users are free to select existing modules (a module = an attack) in order to target specific browsers. </div> <div style="text-align: justify;"> XSSF provides a powerfull documented API, which facilitates development of modules and attacks. In addition, its integration into the <b>Metasploit Framework</b> allows users to launch MSF browser based exploit easilly from an XSS vulnerability. </div> <div style="text-align: justify;"> In addition, an interesting though exploiting an XSS inside a victim's browser could be to browse website on attacker's browser, using the connected victim's session. In most of cases, simply stealing the victim cookie will be sufficient to realize this action. But in minority of cases (intranets, network tools portals, etc.), cookie won't be useful for an external attacker. That's why <b>XSSF Tunnel</b> was created to help the attacker to help the attacker browsing on affected domain using the victim's session. </div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/AhUhOirEfTE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: center;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: left;"> <br /> <b>Download Here ::</b> <a href="https://xssf.googlecode.com/files/XSSF-3.0.zip" target="_blank">XSSF-3.0.zip</a></div> <div style="text-align: left;"> <b>Source :: </b>https://code.google.com/p/xssf/</div> </div>

XSSF (Cross Site Scripting Framework) :: Frameworks

  The Cross-Site Scripting Framework ( XSSF ) is a security tool designed to turn the XSS vulnerability exploitation task into a much...

Read more »

Wavsep (Web Application Vulnerability Scanner) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="wavsep toolwar" border="0" height="331" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMSoRbPxK7O4Yj9z_uKOjtWacWbm1y998Bf2-i_alefuOMauXKrwgdJxF8pcp09hpZ7d49PMUzgrTmZ7eRH199RCw1d4rlsbz6PmOvb-bY3Au-exVkvJpmGS6OVdOe61ns-Q5MZPGO89_r/s1600/Wavsep+logo.png" title="wavsep toolwar" width="640" /></div> <div style="text-align: justify;"> <b>Wavsep</b> is a <b>Web Application Vulnerability Scanner Evaluation Project.</b> and <b>Wavsep</b> is a <i>vulnerable web application</i> designed to help assessing the features, quality and accuracy of web application vulnerability scanners. </div> <div style="text-align: justify;"> This evaluation platform contains a collection of unique vulnerable web pages that can be used to test the various properties of web application scanners. </div> <div style="text-align: justify;"> Although some of the test cases are vulnerable to additional exposures, the purpose of each test case is to evaluate the detection accuracy of one type of exposure, and thus, “out of scope” exposures should be ignored when evaluating the accuracy of vulnerability scanners.  </div> <div style="text-align: justify;"> <b><br /></b></div> <div style="text-align: justify;"> <b>Download Here :: </b><a href="https://wavsep.googlecode.com/files/wavsep-v1.2-war-linux.zip" target="_blank">Wavsep 1.2</a> (for Linux)<b></b></div> <div style="text-align: justify;">                                <a href="https://wavsep.googlecode.com/files/wavsep-v1.2-war.zip" target="_blank">Wavsep 1.2</a> (for Windows)<b><br /></b></div> <div style="text-align: justify;"> <b>Read More :: </b>https://code.google.com/p/wavsep/</div> </div>

Wavsep (Web Application Vulnerability Scanner) :: Tools

Wavsep is a Web Application Vulnerability Scanner Evaluation Project. and Wavsep is a vulnerable web application designed to help as...

Read more »

WebSecurify (Web Application Security Testing Suite) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="WebSecurify Logo" border="0" height="165" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6oDiePzFfVKkO_hIeIuuwUrY6JK_X5Dj2Qixb9RxFDbSH9HJQhnKNdbrUrhYJgkZvvGLDCGDwSM_WrRrnjNY0SljItRogRVQLCbGVrWM0Lj4E5vwOcNvmid67GVlEJUmenmwit6QPaN3P/s1600/Websecurify+logo.jpg" title="WebSecurify Logo" width="320" /></div> <div style="text-align: justify;"> <b>Websecurify</b> is a <i>web application security testing</i> suite designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. It is available for all major desktop platforms including mobile devices and web via our online security suite. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> Main features of <b>Websecurify</b> include: </div> <ul style="text-align: justify;"> <li>Simple to use user interface. </li> <li>World-class analytical and scanning technology. </li> <li>Available for all major operating systems (Windows, Mac, Linux) including mobile devices (iOS, Android). </li> <li>Easily extensible with the help of add-ons and plugins. </li> <li>Moduler and reusable design. </li> <li>Built-in internationalization support.  </li> <li>Powerful manual testing tools and helper facilities included. </li> <li>Flexible, hassle-free licensing. </li> <li>Innovative in every way.  </li> <li>Frequent updates. </li> <li>Much, much more. </li> </ul> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/PMT_A7YtEAs?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <b>Download Here :: </b><a href="https://websecurify.googlecode.com/files/websecurify-for-firefox-2.1.0.xpi" target="_blank">WebSecurify 2.1.0</a> (for Firefox)<br />                                <a href="https://websecurify.googlecode.com/files/Websecurify%20Suite%201.0.0.tar.gz" target="_blank">WebSecurify Suite 1.0.0</a> (for Linux)<br />                                <a href="https://websecurify.googlecode.com/files/Websecurify%20Suite%201.0.0.exe" target="_blank">WebSecurify Suite 1.0.0</a> (for Windows)<br />                                <a href="https://websecurify.googlecode.com/files/Websecurify%20Suite%201.0.0.dmg" target="_blank">WebSecurify Suite 1.0.0</a> (for MAC)<br /> <b>Official Website :: </b>http://www.websecurify.com/<br /> <ul style="text-align: justify;"> </ul> <div style="text-align: center;"> </div> <div style="text-align: center;"> </div> <div style="text-align: center;"> </div> </div>

WebSecurify (Web Application Security Testing Suite) :: Tools

Websecurify is a web application security testing suite designed from the ground up to provide the best combination of automatic and...

Read more »

Zed Attack Proxy ( Zaproxy ) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="ZAProxy Logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmu0fkacdAzN-GWTtIyI1XINok6jSC1qVPlNiE4-TnxAZ1UesBgsD1o8zq0598LWwrn0_K48Bo-3AMzgdRMhxFYo6Sh3Ze0nN4RV2sTOxOO0ZL0ixnKLkIUryAOAPhyphenhypheng44Kda8MJxtYJxR/s1600/Zed+Attack+Proxy+Logo.png" title="ZAProxy logo" /></div> <div style="text-align: justify;"> The <b>Zed Attack Proxy (ZAP)</b> is an easy to use integrated penetration testing tool for finding <b>vulnerabilities in web applications.</b> It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. <b>ZAProxy</b> provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. </div> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/a-lJafBdAeM?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <b> </b> <b> </b><br /> <b>Download Here :: </b><a href="http://zaproxy.googlecode.com/files/ZAP_2.2.1_Mac_OS_X.zip" target="_blank">ZAP 2.2.1 MAC-OS.zip</a> (for MAC OS)                           <br />                                <a href="http://zaproxy.googlecode.com/files/ZAP_2.2.1_Windows.exe" target="_blank">ZAP 2.2.1.exe </a>(for Windows)                            <br />                                <a href="http://zaproxy.googlecode.com/files/ZAP_2.2.1_Linux.tar.gz" target="_blank">ZAP 2.2.1.tar.gz</a> (for Linux) <b> </b><br /> <b>Official Website ::</b> https://www.owasp.org/</div>

Zed Attack Proxy ( Zaproxy ) :: Tools

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It ...

Read more »

HconSTF Firebase :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="HconSTF Firebase logo" border="0" height="124" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie59x9tAQk0z4gWdFP2_zVG1GYhru2Q-ffsIeHFz0fVVWbmFlESGeDp_0EaPo_5EBjV7q8jPR-ll7DpTFN_Ry2bbhg6_OaVIhavnDlThkzqn_f9SWnf0Z5zRxonm4_2do3wWOoioBCWC6d/s640/HconSTF+Logo.jpg" title="HconSTF Firebase logo" width="640" /></div> <br /> <div style="text-align: justify;"> <b>HconSTF Firebase</b> is Fully Customizable, Versatile in Usage can be used in many Web related hacking needs, Simple and easy to use interface, small in size and light on resources. contains hundreds of features for :</div> <ul style="text-align: justify;"> <li>Web Penetration Testing</li> <li>Web Exploits Development</li> <li>Web Malware Analysis</li> <li>OSINT & Cyber spying </li> </ul> <div style="text-align: justify;"> Very comprehensive and plenty of tools for exploitation and supports verbose debugging features for Web Exploit Development. <span style="clear: left; float: left; margin-top: 0px; margin-top: 0px; position: relative; z-index: 10;"></span> <b>HconSTF</b> <b>Firebase</b> contains blend of online and offline tools for Pentesting called 'WebUI'. includes scanners, encoders, and much more. IDB is Integrated database with huge amount of Web payload. Helps in many Open source intelligence based tasks like</div> <ul style="text-align: justify;"> <li>Passive Web & Network Reconnaissance</li> <li>Doxing <br /></li> <li>Cyber Spying</li> <li>Hash cracking</li> </ul> <div style="text-align: justify;"> Encoding / Decoding & hashing Features and tools, supports wide variety of formats, character set and algorithms for making payloads undetectable. Darknets and proxies integrated, Spoofing tools. supports integration with many decoy options, includes many tools for proxies and anonymizing networks.  </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b> PDF Tutorials :: </b><a href="http://www.hcon.in/uploads/1/8/1/9/1819392/quick_malware_analysis_using_hconstf.pdf" target="_blank">Quick Malware Analysis Using HconSTF</a><br />                               <a href="http://www.hcon.in/uploads/1/8/1/9/1819392/http_headers_spoofing_using_hconstf.pdf" target="_blank">HTTP Headers Spoofing Using HconSTF</a></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Download Here :: </b><a href="http://sourceforge.net/projects/hconframework/files/HconFramework-Fire/HconSTF_0.5_Prime/HconSTF_v0.5_Prime.exe" target="_blank">Firebase_0.5.exe</a><b> </b>(for Windows)<b> </b></div> <div style="text-align: justify;">                                <a href="http://sourceforge.net/projects/hconframework/files/HconFramework-Fire/HconSTF_0.5_Prime/HconSTF_v0.5_Linux_x86.tar.bz2" target="_blank">Firebase_0.5.tar.bz2</a> (for Linux)<b><br /></b></div> <div style="text-align: justify;"> <b>Official Website ::</b> http://www.hcon.in/</div> </div>

HconSTF Firebase :: Framework

HconSTF Firebase is Fully Customizable, Versatile in Usage can be used in many Web related hacking needs, Simple and easy to use int...

Read more »

AppScan (Automates Application Security Testing) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx8YPLDg0utLh0EPbSdrLn4k-qEIsYaJriNRe839ymoJtopG6opHEI6k2EyXF-zKLYHNategTWApxVIkRCPjNK3Vz5xXWAeopPY9pF7zfL_EC4upmJp5CpballXpiDa014AMp9cMGmkkpd/s1600/appscan_logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx8YPLDg0utLh0EPbSdrLn4k-qEIsYaJriNRe839ymoJtopG6opHEI6k2EyXF-zKLYHNategTWApxVIkRCPjNK3Vz5xXWAeopPY9pF7zfL_EC4upmJp5CpballXpiDa014AMp9cMGmkkpd/s1600/appscan_logo.png" /></a></div> <div style="text-align: justify;"> <b>IBM Security AppScan</b> software automates application security testing by scanning applications, identifying vulnerabilities and generating reports with intelligent fix recommendations to ease remediation. </div> <div style="text-align: justify;"> <b>AppScan</b> provides security testing throughout the application development lifecycle, easing unit testing and security assurance early in the development phase. Appscan scans for many common vulnerabilities, such as cross site scripting, HTTP response splitting, parameter tampering, hidden field manipulation, backdoors/debug options, buffer overflows and more. AppScan was merged into IBM's Rational division after IBM purchased its original developer (Watchfire) in 2007.</div> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/bLOTiObtNLo?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: center;"> <b> </b></div> <b> </b> <b> </b><br /> <b>Download Here ::  </b> <a href="http://www-03.ibm.com/software/products/us/en/appscan/" target="_blank">AppScan Trial</a><b><br /></b><br /> <b>Official Website :: </b>http://www-03.ibm.com</div>

AppScan (Automates Application Security Testing) :: Tools

IBM Security AppScan software automates application security testing by scanning applications, identifying vulnerabilities and generat...

Read more »