Havij (Automated and Advanced SQL Injection) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioLo4B-qKdYseDgGxhjbYAMCI7gaFHDgHkgIq5nk4dlAJO0srvzZGs1WbL6gv8T7LyU5lWZUKXpKhEsv8E2TzwySAI8vwXixwYRtOdsOAI9e9eZh9iwwT3SM_Wfnp6ipZPZXMJ40J6uwTV/s1600/Havij.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Havij Screenshot" border="0" height="319" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioLo4B-qKdYseDgGxhjbYAMCI7gaFHDgHkgIq5nk4dlAJO0srvzZGs1WbL6gv8T7LyU5lWZUKXpKhEsv8E2TzwySAI8vwXixwYRtOdsOAI9e9eZh9iwwT3SM_Wfnp6ipZPZXMJ40J6uwTV/s1600/Havij.png" title="Havij Screenshot" width="320" /></a></div> <b>Havij</b> is an <b>automated SQL Injection tool</b> that helps <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration</a> testers to find and exploit SQL Injection vulnerabilities on a <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> page.  It can take advantage of a vulnerable web application. By using this software, user can perform back-end database fingerprinting, retrieve DBMS login names and <a href="http://www.toolwar.com/search/label/Password" target="_blank">password</a> <a href="http://www.toolwar.com/search/label/Hash" target="_blank">hashes</a>, dump tables and columns, fetch data from the database, execute SQL statements against the server, and even access the underlying file system and execute operating system shell commands.<br /> The distinctive power of <b>Havij</b> that differentiates it from similar <a href="http://www.toolwar.com/search/label/Tools" target="_blank"> tools</a> lies in its unique methods of injection. The success rate of attack on vulnerable targets using <b>Havij</b> is above 95%.  The user friendly <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI (Graphical User Interface)</a> of Havij and its automated configuration and heuristic detections make it easy to use for everyone even amateurs.</div> <h3 style="text-align: justify;"> <b>Tutorials :: </b></h3> <div style="text-align: justify;"> <span style="font-size: small;"><span style="font-family: inherit;"><b>URL Rewrite :: </b><a href="http://www.itsecteam.com/files/havij/URL%20Rewrite/url_rewrite.htm" target="_blank">Click Here</a></span></span></div> <div style="text-align: justify;"> <span style="font-size: small;"><span style="font-family: inherit;"><b>MSSQL :: </b></span></span><a href="http://www.itsecteam.com/files/havij/MsSQL/mssql.htm" target="_blank"><span style="font-size: small;"><span style="font-family: inherit;">Click Here</span></span></a></div> <div style="text-align: justify;"> <span style="font-size: small;"><span style="font-family: inherit;"><b>PostGreSQL :: </b></span></span><a href="http://www.itsecteam.com/files/havij/PostgreSQL/postgresql.htm" target="_blank"><span style="font-size: small;"><span style="font-family: inherit;">Click Here</span></span></a></div> <div style="text-align: justify;"> <span style="font-size: small;"><span style="font-family: inherit;"><b>Pro Features :: </b></span></span><a href="http://www.itsecteam.com/files/havij/Pro%20Features/pro%20features.htm" target="_blank"><span style="font-size: small;"><span style="font-family: inherit;">Click Here</span></span></a></div> <div style="text-align: justify;"> <span style="font-size: small;"><span style="font-family: inherit;"><b>Oracle :: </b></span></span><a href="http://www.itsecteam.com/files/havij/Oracle/oracle.htm" target="_blank"><span style="font-size: small;"><span style="font-family: inherit;">Click Here</span></span></a></div> <div style="text-align: justify;"> <span style="font-size: small;"><span style="font-family: inherit;"><b>Multi-Thread Blind Injection :: </b></span></span><a href="http://www.itsecteam.com/files/havij/multi%20thread%20blind%20injection/multi%20thread%20blind%20injection.htm" target="_blank"><span style="font-size: small;"><span style="font-family: inherit;">Click Here</span></span></a></div> <div style="text-align: justify;"> <b><span style="font-size: small;"><span style="font-family: inherit;">Dump All :: </span></span></b><a href="http://www.itsecteam.com/files/havij/Dump%20All/Dump_All.html" target="_blank"><span style="font-size: small;"><span style="font-family: inherit;"><span style="font-size: small;"><span style="font-family: inherit;">Click Here</span></span></span></span></a><b> </b></div> <div style="text-align: justify;"> <br /> <b>How to use ::</b></div> <div class="rtejustify" style="text-align: justify;"> You can use this utility to find and potentially exploit SQL Injection vulnerabilities in web application. To use this tool, some knowledge of SQL Injection - even though abasic one - is essential. Most of what you will have to do, in typical cases, will be to enter the URL of the suceptible page, selecting the applicable method clicking 'Analyze'. Almost everything needed to reveal and make use of the vulnerabilities is done by the utility. For best results, the URL should be one that returns a normal response (rather than one that returns a 4xx response).</div> <div class="rtejustify" style="text-align: justify;"> <br /></div> <div class="rtejustify" style="text-align: justify;"> <b>Video ::</b> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/7ubB9VocgnQ?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="rtejustify" style="text-align: justify;"> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/dEM7YRRSvP8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows ::</b>  <a href="http://www.itsecteam.com/files/havij/Havij1.15Free.rar" target="_blank">Havij v1.15</a> (.rar) | <b>Trial</b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://itsecteam.com/products/havij-advanced-sql-injection/">http://itsecteam.com/products/havij-advanced-sql-injection/</a><b> </b></div>

Havij (Automated and Advanced SQL Injection) :: Tools

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web p...

Read more »

dotDefender (Web Application Firewall) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="dotdefender logo" border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNgB-QvtDSLba1_oj3raWHinKyPHlXi03q3ECtSO3gJ48vp-5nB4zTE6VeGXuf2zMoyT4qML8f8UFcVw3vF3eTqukbzuWA2BuOh0SMj7nVWNE42TjUn1Ljvis_vmEN16ihNYTUeLwR-dwx/s640/dotDefender+logo.jpg" title="dotdefender logo" width="640" /></div> <br /> <b>dotDefender</b> is the market-leading software <b>Web Application Firewall (WAF)</b>. <b>dotDefender</b> boasts enterprise-class <a href="http://www.toolwar.com/search/label/Security" target="_blank">security,</a> advanced integration capabilities, easy maintenance and low total cost of ownership (TCO). <b>dotDefender</b> is the perfect choice for protecting your website and <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> applications today. </div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> <b>Tutorials :: </b></h3> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/DKlTdoIiaSU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <h3 style="text-align: justify;"> <b>Download ::</b> </h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://www.applicure.com/downloads/5.12%20no%20SP/DotDefender%20Install%2032Bit%20v5.12.13275%20msi.exe" target="_blank">dotDefender V5.12</a></div> <div style="text-align: justify;"> <b>Debian :: </b><a href="http://www.applicure.com/downloads/5.12/Linux/i386/dotDefender-5.12.Linux.i386.deb.bin.gz" target="_blank">dotDefender V5.12</a></div> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://www.applicure.com/downloads/5.12/Linux/i386/dotDefender-5.12.Linux.i386.gen.bin.gz" target="_blank">dotDefender V5.12</a></div> <b>RPM :: </b><a href="http://www.applicure.com/downloads/5.12/Linux/i386/dotDefender-5.12.Linux.i386.rpm.bin.gz" target="_blank">dotDefender V5.12</a> <b> </b><br /> <b>Official Website :: </b><a href="http://www.applicure.com/">http://www.applicure.com/</a>

dotDefender (Web Application Firewall) :: Tools

dotDefender is the market-leading software Web Application Firewall (WAF) . dotDefender boasts enterprise-class security, advanced ...

Read more »

Flunym0us (Wordpress Vulnerability Scanner) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRufBOKc1OhlATweF2T2DA6RzQ1RaW4teULU82vacYOyWYROE7IcTk2iaaqm8nd8OaWbZQKEKAcmX1x6UG1k6hOByiwXeU2uE2jDdkKAfuxwxAxBHilBRXcwC9kgA0aZyHPjIMuJhyphenhyphenDCN5/s1600/wordpress+vulnerability+scanner.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Wordpress Vulnerability Scanner" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRufBOKc1OhlATweF2T2DA6RzQ1RaW4teULU82vacYOyWYROE7IcTk2iaaqm8nd8OaWbZQKEKAcmX1x6UG1k6hOByiwXeU2uE2jDdkKAfuxwxAxBHilBRXcwC9kgA0aZyHPjIMuJhyphenhyphenDCN5/s400/wordpress+vulnerability+scanner.jpg" title="Wordpress Vulnerability Scanner" width="400" /></a></div> <br /> <b>Flunym0us</b> is a <i><b>Vulnerability <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">Scanner</a> for Wordpress and Moodle</b></i> designed by Flu Project Team. <b>Flunym0us</b> has been developed in <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>.<b> Flunym0us</b> performs dictionary attacks against <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> sites. By default, <b>Flunym0us</b> includes a dictionary for <b>Wordpress </b>and other for Moodle. </div> <h3> Tutorials :: </h3> <b>Flunym0us requires python. Arguments allowed: </b><br /> <blockquote> <span style="font-family: "Courier New",Courier,monospace;">-h, --help: Show this help message and exit </span></blockquote> <blockquote> <span style="font-family: "Courier New",Courier,monospace;">-wp, --wordpress: Scan WordPress site </span></blockquote> <blockquote> <span style="font-family: "Courier New",Courier,monospace;">-mo, --moodle: Scan Moodle site </span></blockquote> <blockquote> <span style="font-family: "Courier New",Courier,monospace;">-H HOST, --host HOST: Website to be scanned </span></blockquote> <blockquote> <span style="font-family: "Courier New",Courier,monospace;">-w WORDLIST, --wordlist WORDLIST: Path to the wordlist to use </span></blockquote> <blockquote> <span style="font-family: "Courier New",Courier,monospace;">-t TIMEOUT, --timeout TIMEOUT: Connection timeout </span></blockquote> <blockquote> <span style="font-family: "Courier New",Courier,monospace;">-r RETRIES, --retries RETRIES: Connection retries </span></blockquote> <blockquote> <span style="font-family: "Courier New",Courier,monospace;">-p PROCESS, --process PROCESS: Number of process to use </span></blockquote> <blockquote> <span style="font-family: "Courier New",Courier,monospace;">-T THREADS, --threads THREADS: Number of threads (per process) to use </span></blockquote> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/qDeHQYbFuxM?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> <span style="font-family: inherit;">Download ::</span> </h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="https://flunym0us.googlecode.com/files/flunym0us2.0.tar.gz" target="_blank">Flunym0us.tar.gz</a></div> <div style="text-align: justify;"> <b>Official Website :: </b>http://www.flu-project.com/</div>

Flunym0us (Wordpress Vulnerability Scanner) :: Tools

Flunym0us is a Vulnerability Scanner for Wordpress and Moodle designed by Flu Project Team. Flunym0us has been developed in Python ...

Read more »

Xenotix XSS Exploit Framework v4.5 :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://www.owasp.org/images/9/98/Xenotix.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Xenotix XSS Framework" border="0" height="237" src="https://www.owasp.org/images/9/98/Xenotix.png" title="Xenotix XSS Framework" width="400" /></a></div> <div style="text-align: justify;"> <b>OWASP Xenotix XSS Exploit Framework</b> is an advanced <a href="http://www.toolwar.com/search/label/XSS" target="_blank">Cross Site Scripting (XSS)</a> vulnerability detection and exploitation <a href="http://www.toolwar.com/search/label/Framework" target="_blank">framework</a>. It provides Zero False Positive scan results with its unique Triple Browser Engine (Trident, WebKit, and Gecko) embedded <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner.</a> It is claimed to have the world’s 2nd largest XSS Payloads of about 1500+ distinctive XSS Payloads for effective XSS vulnerability detection and WAF Bypass. It is incorporated with a feature rich <a href="http://www.toolwar.com/search/label/Information-Gathering" target="_blank">Information Gathering</a> module for target Reconnaissance. The Exploit Framework includes highly offensive XSS <a href="http://www.toolwar.com/search/label/Exploitation" target="_blank">exploitation</a> modules for <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">Penetration</a> Testing and Proof of Concept creation. </div> <div style="text-align: justify;"> <div style="border: none; color: black; font-size: 120%; margin: 0;"> <br /> <span style="font-size: small;"><b>SCANNER MODULES</b></span> <br /> <span style="font-size: small;"> </span><ul> <li><span style="font-size: small;">Manual Mode Scanner </span></li> <li><span style="font-size: small;">Auto Mode Scanner </span></li> <li><span style="font-size: small;">DOM Scanner </span></li> <li><span style="font-size: small;">Multiple Parameter Scanner </span></li> <li><span style="font-size: small;">POST Request Scanner </span></li> <li><span style="font-size: small;">Header Scanner </span></li> <li><span style="font-size: small;">Fuzzer </span></li> <li><span style="font-size: small;">Hidden Parameter Detector </span></li> </ul> <span style="font-size: small;"> </span><span style="font-size: small;"><b>INFORMATION GATHERING MODULES</b></span> <br /> <span style="font-size: small;"> </span><ul> <li><span style="font-size: small;">WAF Fingerprinting </span></li> <li><span style="font-size: small;">Victim Fingerprinting </span></li> <li><span style="font-size: small;">Browser Fingerprinting </span></li> <li><span style="font-size: small;">Browser Features Detector </span></li> <li><span style="font-size: small;">Ping Scan </span></li> <li><span style="font-size: small;">Port Scan </span></li> <li><span style="font-size: small;">Internal Network Scan </span></li> </ul> <span style="font-size: small;"> </span><span style="font-size: small;"><b>EXPLOITATION MODULES</b></span> <br /> <span style="font-size: small;"> </span><ul> <li><span style="font-size: small;">Send Message </span></li> <li><span style="font-size: small;">Cookie Thief </span></li> <li><span style="font-size: small;">Phisher </span></li> <li><span style="font-size: small;">Tabnabbing </span></li> <li><span style="font-size: small;">Keylogger </span></li> <li><span style="font-size: small;">HTML5 DDoSer </span></li> <li><span style="font-size: small;">Load File </span></li> <li><span style="font-size: small;">Executable Drive By </span></li> <li><span style="font-size: small;">JavaScript Shell </span></li> <li><span style="font-size: small;">Reverse HTTP WebShell </span></li> <li><span style="font-size: small;">Drive-By Reverse Shell </span></li> <li><span style="font-size: small;">Metasploit Browser Exploit </span></li> <li><span style="font-size: small;">Firefox Reverse Shell Addon (Persistent) </span></li> <li><span style="font-size: small;">Firefox Session Stealer Addon (Persistent) </span></li> <li><span style="font-size: small;">Firefox Keylogger Addon (Persistent) </span></li> <li><span style="font-size: small;">Firefox DDoSer Addon (Persistent) </span></li> <li><span style="font-size: small;">Firefox Linux Credential File Stealer Addon (Persistent) </span></li> <li><span style="font-size: small;">Firefox Download and Execute Addon (Persistent) </span></li> </ul> <span style="font-size: small;"> </span><span style="font-size: small;"><b>UTILITY MODULES</b></span> <br /> <span style="font-size: small;"> </span><ul> <li><span style="font-size: small;">WebKit Developer Tools </span></li> <li><span style="font-size: small;">Payload Encoder </span></li> <li><span style="font-size: small;">JavaScript Beautify </span></li> <li><span style="font-size: small;">Hash Calculator </span></li> <li><span style="font-size: small;">Hash Detector </span></li> </ul> </div> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/dCo5BCJWOdA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> <b>Windows :: </b><span style="color: #3d85c6;"><span style="background-color: white;"><a href="http://opensecurity.in/downloads/Xenotix_XSS_Exploit_Framework_v4.5.rarhttp://opensecurity.in/downloads/Xenotix_XSS_Exploit_Framework_v4.5.rar" target="_blank">OWASP Xenotix v4.5</a> </span></span></div> <div style="text-align: justify;"> <b>Official Websites :: </b>http://www.owasp.org/</div> </div>

Xenotix XSS Exploit Framework v4.5 :: Framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework . It...

Read more »

VirusTotal (Analyze files and URLs) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="virustotal logo" border="0" height="70" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_tdl85tCDSMyYMpacR9LL_CK2AehDKuIiji7z27f0HCHva-H4cBOUdzchlHBuKhIMi7y-qAjBkrxhPNy9QG9vMIgh180-_lugQgdYdr5OKvqWU_gT4lZqr9v8ppC2b39ZnvLE-LyNkSWa/s400/virustotal+logo.png" title="virustotal logo" width="400" /> </div> <div style="text-align: justify;"> <b>VirusTotal</b>, a subsidiary of Google, is a <i><b>free <a href="http://www.toolwar.com/search/label/Online" target="_blank">online</a> service that analyzes files and URLs</b></i> enabling the <i>identification of viruses, worms, trojans and other kinds of malicious content</i> detected by antivirus engines and website <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanners.</a> At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners. </div> <div style="text-align: justify;"> <b>VirusTotal’</b>s mission is to help in improving the antivirus and <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> industry and make the internet a safer place through the development of free tools and services.<b> VirusTotal's</b> main characteristics are highlighted below. </div> <h3 style="text-align: justify;"> Free unbiased service ::</h3> <div style="text-align: justify;"> <b>VirusTotal</b>, is offered freely to end users as long as its use has no commercial purpose and does not become part of any business activity. Even though the service works with engines belonging to different enterprises and organizations, <b>VirusTotal</b> does not distribute or advertise any products belonging to third parties, but simply acts as an aggregator of information. This prevents us from being subjected to any kind of bias and allows us to offer an objective service to our users. </div> <h3 style="text-align: justify;"> Runs multiple antivirus engines and website scanners ::</h3> <div style="text-align: justify;"> <b>VirusTotal</b> simply acts as an information aggregator. The aggregated data is the output of different antivirus engines, website scanners, file and URL <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> tools and user contributions. The full list of antivirus solutions and website scanners used in VirusTotal can be found in the credits and collaboration acknowledgements section. </div> <h3 style="text-align: justify;"> Runs multiple file and URL characterization tools ::</h3> <div style="text-align: justify;"> As previously stated,<b> VirusTotal</b> also aggregates the output of a number of file and URL characterization tools. These tools cover a wide range of purposes, ranging from providing structural information about Microsoft Windows portable executables (PEs) to identifying signed software. The full list of file and URL characterization tools used in <b>VirusTotal</b> can be found in the credits and collaboration acknowledgements section. </div> <h3 style="text-align: justify;"> Real time updates of virus signatures and blacklists ::</h3> <div style="text-align: justify;"> The <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> signatures of antivirus solutions present in VirusTotal are periodically updated as they are developed and distributed by the antivirus companies. The update polling frequency is 15 minutes—this makes sure that the products are using the latest signature sets. </div> <div style="text-align: justify;"> <a href="http://www.toolwar.com/search/label/Web" target="_blank">Website</a> scanning is done via API queries to the different companies providing the particular solution, hence, the most updated version of their dataset is always used. </div> <h3 style="text-align: justify;"> Detailed results from each scanner ::</h3> <div style="text-align: justify;"> <b>VirusTotal </b>not only tells you whether a given antivirus solution detected a submitted file, but also displays the exact detection label returned by each engine (e.g. <span class="label important">I-Worm.Allaple.gen</span>). </div> <div style="text-align: justify;"> This feature is also present in URL scanners. Most of them will discriminate malware sites, phishing sites, suspicious sites, etc. Moreover, some of the engines will provide additional information explicitly stating whether a given URL belongs to a particular botnet, which brand is targeted by a given phishing site, etc. </div> <h3 style="text-align: justify;"> Real time global service operation statistics ::</h3> <div style="text-align: justify;"> Information about the number of resources (files and URLs) processed by <b>VirusTotal</b> can be found in the statistics section. These statistics provide a number of notions and groupings, such as global detection ratios for the received files, submissions per country, most popular detection labels, etc. No statistics comparing the different antivirus products and website detection engines are generated—neither will they ever be generated (on a public or private basis), even though their calculation is trivial. The reason is that using <b>VirusTotal </b> for antivirus testing is a bad idea. </div> <h3 style="text-align: justify;"> Automation API ::</h3> <div style="text-align: justify;"> File and URL scanning can be automated with a free public API. For obvious reasons (including prevention of competition with the antivirus products present in <b>VirusTotal</b>), the public API is subjected to a strong request rate limitation. Should a user require a higher request rate, a honeypot API is available for researchers and a private mass API is offered to individuals with commercial and product enhancement intentions. A detailed specification of the different APIs can be found in the advanced features section. </div> <h3 style="text-align: justify;"> Online malware research community ::</h3> <div style="text-align: justify;"> In August 2010 <b>VirusTotal </b>integrated a pseudo-social network that allows its users to interact with other users and comment on files and URLs. These comments may range from deep malware analyses to information on the distribution vector and in-the-wild locations of the submitted files, hence, the community acts as the collective intelligence component of VirusTotal. Files and URLs can be voted as malicious or innocuous, building a community maliciousness score for the resource. </div> <div style="text-align: justify;"> In other words, when security products fail (false positives/false negatives), there is still a chance that some VirusTotal Community user will have produced a useful review of the resource for its community peers. </div> <h3 style="text-align: justify;"> Desktop applications for interacting with the service ::</h3> <div style="text-align: justify;"> With the aim of making the Internet a safer place <b>VirusTotal's</b> team has released a number of desktop applications and tools for interacting with the service (one-click file uploader, <a href="http://www.toolwar.com/search/label/Browser" target="_blank">browser</a> extensions, etc.). Many of <b>VirusTotal's</b> users have also developed their own applications and have made them publicly available on the Internet. More information about these resources can be found in the advanced features section. </div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/TFSmJaiO_G0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /> <b>Online :: </b><a href="https://www.virustotal.com/">https://www.virustotal.com/</a></div>

VirusTotal (Analyze files and URLs) :: Tools

  VirusTotal , a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of v...

Read more »

Sahi Pro (Web Application Testing) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="sahi pro logo" border="0" height="186" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQ6Br5uAi7vygfur1Hk2sXAQcW0JE-b8lFTIo5sO0ffn0u_e9kyHMselsNClcHQ8FuG1YZGONiJsC1UqXRp7AGDAvLG-zLfOprOI3HK1n-aV0xQqwBo0CEXuAMiMb4ffw39t_TvswkwYA3/s400/sahi+pro+logo.png" title="sahi pro logo" width="400" /></div> <span style="font-size: small;"><b>Sahi Pro</b> is a powerful tool for <i><b>automation of <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> application testing</b></i>. <b>Sahi Pro</b> helps <i>test web applications across different browsers</i> with high reliability and low maintenance. Existing testing teams with minimal programming knowledge can easily get started and contribute to test automation. </span> </div> <div style="text-align: justify;"> <span style="font-size: small;">Sahi is especially suited for cross-browser/multi-<a href="http://www.toolwar.com/search/label/Browser" target="_blank">browser</a> <a href="http://www.toolwar.com/search/label/Testing" target="_blank">testing</a> of complex web 2.0 applications with lots of AJAX and dynamic content. <b>Sahi</b> works well in Agile development environments, enabling rapid automation and maintenance and easily integrating with build systems. Sahi saves time and effort with faster development, less maintenance and fast distributed playback. Sahi runs on any modern browser which supports javascript.</span></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <span style="font-size: small;">For testing teams in product companies and captive IT units which need rapid reliable web automation, Sahi would be the best choice among web automation tools. </span><br /> <h3 class="pro_feature_heading"> Record & Playback on Any Browser</h3> <div class="pro_feature_body"> Record and playback any web application on any browser, any operating system. Recording saves time and helps non-technical users contribute to automation. The Sahi Controller helps easily identify and experiment with elements on any browser. <b>The same script works on all browsers</b> </div> <div class="pro_feature_body"> <h3 class="pro_feature_heading"> Smart Accessor Identification</h3> <div class="pro_feature_body"> Sahi identifies elements in simple stable ways. Sahi works even on applications with dynamic ids, using _near, _in etc. APIs to easily locate one element with respect to another. Sahi can automate applications built using ExtJS, ZK, Dojo, YUI or any other framework. </div> <div class="pro_feature_body"> <h3 class="pro_feature_heading"> AJAX? No Timeout Issues</h3> <div class="pro_feature_body"> Sahi’s technology eliminates need for wait statements even for inconsistent page loads and AJAX. Sahi tests are stable and do not fail because of timing issues. Sahi scripts need less code and are easier to maintain. </div> <div class="pro_feature_body"> <h3 class="pro_feature_heading"> Rich Inbuilt Reports and Logs</h3> <div class="pro_feature_body"> See complete information of script execution. From concise summaries and graphs across runs, to exact line of script failure in code, get full end to end reporting. All logs are stored in database. Reports can be easily customized. </div> <div class="pro_feature_body"> <h3 class="pro_feature_heading"> Fast Parallel Batch Playback</h3> <div class="pro_feature_body"> Club together thousands of Sahi scipts in a suite file and let Sahi execute them in parallel on one machine or distribute it across machines. Cut play back time by upto 90%. Run from <b>command line</b>, <b>ant</b> or <b>build</b> and <b>continuous integration</b> systems. </div> <div class="pro_feature_body"> <h3 class="pro_feature_heading"> Simple Powerful Scripting</h3> <div class="pro_feature_body"> Sahi Script is based on Javascript. Interact with your File-System, Databases, Excel sheets, CSV files with ease. Call any Java code or library from Sahi Script to get added power. </div> <div class="pro_feature_body"> <h3 class="pro_feature_heading"> Inbuilt Excel Framework</h3> <div class="pro_feature_body"> Use the inbuilt Excel Framework to let your business analysts and non technical testers contribute to testing. Easily test from the Controller. Get detailed inbuilt reports. </div> </div> <h3> <span style="font-size: small;">Tutorials ::</span></h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/5VlbtlrFv3E?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> </div> </div> <div class="pro_feature_body"> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/lnaFZynoeyw?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> <span style="font-size: small;">Download ::</span></h3> <span style="font-size: small;"><b>Windows ::</b> <a href="http://sahi.co.in/download-sahi-pro" target="_blank"><span style="font-weight: normal;">Sahi</span> <span style="font-weight: normal;">Pro v5.1.0</span></a></span> <span style="font-size: small;"><span style="font-weight: normal;"><b> </b></span></span><br /> <span style="font-size: small;"><span style="font-weight: normal;"><b>Buy ::</b> <a href="https://crm.sahi.co.in/pay/index.php/order/create" target="_blank">Sahi Pro</a> in $495 </span></span><br /> <span style="font-size: small;"><span style="font-weight: normal;"><b>Official Website ::  </b><a href="http://sahi.co.in/">http://sahi.co.in/</a> </span></span></div> </div> </div> </div> </div> </div>

Sahi Pro (Web Application Testing) :: Tools

Sahi Pro is a powerful tool for automation of web application testing . Sahi Pro helps test web applications across different browse...

Read more »

ModSecurity (Web Application Firewall) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="modsecurity logo" border="0" height="212" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqIaR3MOqqt6M9kImwLEM90dn9peh4HGb7o2VN5_LqA_bdR7pZqI6NiXKpATu9GK7SXtf7mbPlWzHP-zqQrAfCIPEzsQuiMRdYdAsbjCDXBBaqUZI9R5Pk_6no9f8fPoZakuUWdh6BxuN1/s640/mod-security+logo.jpg" title="modsecurity logo" width="640" /></div> </div> <div style="text-align: justify;"> <b>ModSecurity</b> is a <i>web application firewall</i> that can work either embedded or as a <b>reverse proxy</b>. It provides protection from a range of <a href="http://www.toolwar.com/search/label/Attack" target="_blank">attacks</a> against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. </div> <h2 style="text-align: justify;"> ModSecurity: Overview</h2> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> With over 70% of all attacks now carried out over the web application level, organisations need every help they can get in making their systems secure. <b>Web application firewalls</b> are deployed to establish an external <a href="http://security/" target="_blank">security</a> layer that increases security, detects, and prevents attacks before they reach web applications. </div> <h3 style="text-align: justify;"> HTTP Traffic Logging</h3> <div style="text-align: justify;"> <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> servers are typically well-equipped to log traffic in a form useful for marketing analyses, but fall short when it comes to logging of traffic to web applications. In particular, most are not capable of logging the request bodies. Your adversaries know this, and that is why most attacks are now carried out via POST requests, rendering your systems blind. </div> <div style="text-align: justify;"> ModSecurity makes full HTTP transaction logging possible, allowing complete requests and responses to be logged. Its logging facilities also allow fine-grained decisions to be made about exactly what is logged and when, ensure only the relevant data is recorded. </div> <h3 style="text-align: justify;"> Real-Time Monitoring and Attack Detection</h3> <div style="text-align: justify;"> In addition to providing logging facilities, <b>ModSecurity</b> can <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">monitor</a> the HTTP traffic in real time in order to detect attacks. In this case <b> ModSecurity</b> operates as a web intrusion detection tool, allowing you to react to suspicious events that take place at your web systems. </div> <h3 style="text-align: justify;"> Attack Prevention and Just-in-time Patching</h3> <div style="text-align: justify;"> <b>ModSecurity</b> can also act immediately to prevent attacks from reaching your web applications. There are three commonly used approaches: </div> <ol style="text-align: justify;"> <li><b>Negative security model.</b> Negative security model monitors requests for anomalies, unusual behaviour, and common web application attacks. It keeps anomaly scores for each request, IP addresses, application sessions, and user accounts. Requests with high anomaly scores are either logged or rejected altogether. </li> <li><b>Known weaknesses and vulnerabilities.</b> Its rule language makes ModSecurity an ideal external patching tool. External patching is all about reducing the window of opportunity. Time needed to patch application vulnerabilities often runs to weeks in many organisations. With ModSecurity, applications can be patched from the outside, without touching the application source code (and even without any access to it), making your systems secure until a proper patch is produced. </li> <li><b>Positive security model.</b> When positive security model is deployed, only requests that are known to be valid are accepted, with everything else rejected. This approach works best with applications that are heavily used but rarely updated. </li> </ol> <h3 style="text-align: justify;"> Flexible Rule Engine</h3> <div style="text-align: justify;"> A flexible rule engine sits in the heart of ModSecurity. It implements the ModSecurity Rule <a href="http://www.toolwar.com/search/label/Language" target="_blank">Language</a>, which is a specialised programming language designed to work with HTTP transaction data. The <b>ModSecurity</b> Rule Language was designed to be easy to use, yet flexible: common operations are simple while complex operations are possible.</div> <div style="text-align: justify;"> Certified ModSecurity Rules, included with subscription to <b>ModSecurity</b>, contain a comprehensive set of rules that implement general-purpose hardening, common web application security issues. Heavily commented, these rules can be used as a learning tool.</div> <h3 style="text-align: justify;"> Embedded Deployment</h3> <div style="text-align: justify;"> ModSecurity is an embeddable web application firewall, which means it can be deployed as part of your existing web server infrastructure (Apache, IIS7 and Nginx).</div> <div style="text-align: justify;"> This deployment method has certain advantages:</div> <ol style="text-align: justify;"> <li>No changes to existing network. It only takes a few minutes to add ModSecurity to your existing web servers. And because it was designed to be completely passive by default, you are free to deploy it incrementally and only use the features you need. It is equally easy to remove or deactivate it should decide you don't want it any more. </li> <li>No single point of failure. Unlike with network-based deployments, you will not be introducing a new point of failure to your system. </li> <li>Implicit load balancing and scaling. Because it works embedded in web servers, <b>ModSecurity</b> will automatically take advantage of the additional load balancing and scalability features. You will not need to think of load balancing and scaling unless your existing system needs them. </li> <li>Minimal overhead. Because it works from inside the web server process there is no overhead for network communication and minimal overhead in parsing and data exchange. </li> <li>No problem with encrypted or compressed content. Many <a href="http://www.toolwar.com/search/label/IDS" target="_blank">IDS</a> systems have difficulties analysing SSL traffic. This is not a problem for ModSecurity because it is positioned to work when the traffic is decrypted and decompressed. </li> </ol> <div style="text-align: justify;"> ModSecurity is known to work well on a wide range of operating systems. Our customers are successfully running it on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, Mac OS X, and HP-UX. </div> <h3 style="text-align: justify;"> Network-Based Deployment</h3> <div style="text-align: justify;"> <b>ModSecurity</b> works equally well when deployed as part of a reverse proxy server, and many of our customers choose to do so. In this scenario, one installation of <b>ModSecurity </b>can protect any number or type of back-end web servers. </div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/7w9aHEx-BmE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/P-KJU785CKg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/nMGtIgrVv8s?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Linux :: </b></div> <div style="text-align: justify;"> <b>Installation - Ubuntu/Debian</b> <span style="font-family: "Courier New",Courier,monospace;"> </span><br /> <span style="font-family: "Courier New",Courier,monospace;">$ sudo apt-get install libapache2-mod-security </span><br /> <span style="font-family: "Courier New",Courier,monospace;">$ sudo a2enmod mod-security </span><br /> <span style="font-family: "Courier New",Courier,monospace;">$ sudo /etc/init.d/apache2 force-reload</span><br /> <br />  <b>Installation - Fedora/CentOS</b><span style="font-family: "Courier New",Courier,monospace;"> </span><br /> <span style="font-family: "Courier New",Courier,monospace;">$ sudo yum install mod_security </span><br /> <span style="font-family: "Courier New",Courier,monospace;">$ sudo /etc/init.d/httpd restart</span> <b> </b><br /> <br /> <b>Windows ::</b></div> <ul> <li><a href="https://www.modsecurity.org/tarball/2.7.5/ModSecurityIIS_2.7.5.msi">ModSecurity for IIS MSI Installer</a> </li> <li><a href="https://www.modsecurity.org/tarball/2.7.5/ModSecurityIIS_2.7.5.msi.sha256">ModSecurity for IIS MSI Installer SHA25</a></li> </ul> <b>Official Website :: </b><a href="http://www.modsecurity.org/">http://www.modsecurity.org/</a><br /> <ul> </ul> <div style="text-align: justify;"> </div>

ModSecurity (Web Application Firewall) :: Tools

ModSecurity is a web application firewall that can work either embedded or as a reverse proxy . It provides protection from a range ...

Read more »

CSRFTester (CSRF Vulnerability Tester) :: Tools

<div style="text-align: justify;"> <div style="text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiknqrcJ0AaQrbIi2UugREgBG1Z7upbwf_PCp5NSgxfWNpFLOAh1v96V2StvLmvgsPEtP2oPyKdCM89YAwgSZIES4vC0cqy0W8AduQVObDEuZoVJVWEKAAnYQeQDeGbotNoS0AoMnH2kYv7/s1600/CSRF-tester+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="csrf tester screenshot" border="0" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiknqrcJ0AaQrbIi2UugREgBG1Z7upbwf_PCp5NSgxfWNpFLOAh1v96V2StvLmvgsPEtP2oPyKdCM89YAwgSZIES4vC0cqy0W8AduQVObDEuZoVJVWEKAAnYQeQDeGbotNoS0AoMnH2kYv7/s400/CSRF-tester+screenshot.png" title="csrf tester screenshot" width="400" /></a> </div> <b>OWASP CSRFTester</b> is a tool for <b>testing CSRF vulnerability in websites</b>. Just when developers are starting to run in circles over Cross Site Scripting, the 'sleeping giant' awakes for yet another web-catastrophe.<b> Cross-Site Request Forgery (CSRF) </b>is an attack whereby the victim is tricked into loading information from or submitting information to a web application for which they are currently authenticated. The problem is that the web application has no means of verifying the integrity of the request. The <b>OWASP CSRFTester </b>Project attempts to give developers the ability to test their applications for CSRF flaws. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Luocnr0t8_o?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Zip :: </b><a href="https://www.owasp.org/images/0/08/CSRFTester-1.0.zip" target="_blank">CSRFTester-1.0.zip</a><br /> <b>Official Website :: </b> <a href="https://www.owasp.org/">https://www.owasp.org/</a></div>

CSRFTester (CSRF Vulnerability Tester) :: Tools

  OWASP CSRFTester is a tool for testing CSRF vulnerability in websites . Just when developers are starting to run in circles over Cross...

Read more »

DVWA (Damn Vulnerable Web Application) :: Framework

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6lDm7-Ac-rSmIX0YYaz1CD7DrJi4lxkPqEbHy1wd3ZlxeWqM20xjQXp8T9E5nT1CDbMuyH4AGydtLIqMTwMKyQ_aHiKCwQDdUYZjvXHUR36d_Axi8Fxb1iAFQfaMoXTPwxnu2yp6flOqQ/s1600/Screenshot-Damn+Vulnerable+Web+App+(DVWA).png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Screenshot-Damn Vulnerable Web App (DVWA)" border="0" height="280" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6lDm7-Ac-rSmIX0YYaz1CD7DrJi4lxkPqEbHy1wd3ZlxeWqM20xjQXp8T9E5nT1CDbMuyH4AGydtLIqMTwMKyQ_aHiKCwQDdUYZjvXHUR36d_Axi8Fxb1iAFQfaMoXTPwxnu2yp6flOqQ/s400/Screenshot-Damn+Vulnerable+Web+App+(DVWA).png" title="Screenshot-Damn Vulnerable Web App (DVWA)" width="400" /></a></div> <div style="text-align: justify;"> <b>Damn Vulnerable Web App (DVWA)</b> is a <i>PHP/MySQL web application</i> that is <i>damn vulnerable</i>. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/ywnVlyuP7SY?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;">  <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/B75FgRT2npc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Zip ::</b> <a href="https://github.com/RandomStorm/DVWA/archive/v1.0.8.zip" target="_blank">DVWA 1.0.8</a></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.dvwa.co.uk/">http://www.dvwa.co.uk/</a></div>

DVWA (Damn Vulnerable Web Application) :: Framework

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable . Its main goals are to be an aid for security ...

Read more »

Moblie Sandbox (Malware Analysis) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_qbvIc8E9v5X4r0t44FgOmDqC7zmSCQI18Co_RwJhj0LT7b4V-Fj-eVHPAknjUafduiYnS9pLdD13ccoRx_BiMGYy_llqPPE47AkWGQqbljQmA3IhxZeudMKZ9SsaZtPxKZpIvhO9NBXn/s1600/Mobile+Sandbox+Logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Mobile Sandbox Logo" border="0" height="146" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_qbvIc8E9v5X4r0t44FgOmDqC7zmSCQI18Co_RwJhj0LT7b4V-Fj-eVHPAknjUafduiYnS9pLdD13ccoRx_BiMGYy_llqPPE47AkWGQqbljQmA3IhxZeudMKZ9SsaZtPxKZpIvhO9NBXn/s400/Mobile+Sandbox+Logo.png" title="Mobile Sandbox Logo" width="400" /></a></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Mobile-Sandbox</b>.com is part of the <b>MobWorm</b> project and provides<b> static and dynamic malware analysis</b> for Android OS smartphones.<br /> <b>Mobile Sandbox</b> provides static analysis of <a href="http://www.toolwar.com/search/label/Malware" target="_blank">malware</a> images with an easy accessible <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> interface for submission.<br /> This service is still under continuous development and is run purely as a research tool and a best effort service. We reserve the right to take it down at any point for maintenance or other reasons.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Online Website ::<a href="http://www.blogger.com/goog_1673190333"> </a></b><a href="http://mobilesandbox.org/">http://mobilesandbox.org/</a></div>

Moblie Sandbox (Malware Analysis) :: Tools

Mobile-Sandbox .com is part of the MobWorm project and provides static and dynamic malware analysis for Android OS smartphones. Mob...

Read more »

WebBrowserPassView :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCSZC7Azmf_Cu7J8oiUk0Q5txbNfNPGepi_KAKICm9Gmn4SOBF9_exVxI9nCvHR1A7oa_zoklqRtbqvAy-63o0udy_PN_2awmSZns8B4NMWLrHSJZJ1IZkB0csY2SDJDVBLyHefnK5WXJK/s1600/webbrowserpassview.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="WebBrowserPassView Screenshot" border="0" height="201" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCSZC7Azmf_Cu7J8oiUk0Q5txbNfNPGepi_KAKICm9Gmn4SOBF9_exVxI9nCvHR1A7oa_zoklqRtbqvAy-63o0udy_PN_2awmSZns8B4NMWLrHSJZJ1IZkB0csY2SDJDVBLyHefnK5WXJK/s400/webbrowserpassview.gif" title="WebBrowserPassView Screenshot" width="400" /></a></div> <div style="text-align: justify;"> <b>WebBrowserPassView </b>is a <b>password recovery tool</b> that reveals the<b> passwords stored by the following <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> <a href="http://www.toolwar.com/search/label/Browser" target="_blank">browsers</a>: Internet Explorer (Version 4.0 - 10.0), Mozilla Firefox (All Versions), Google Chrome, Safari, and Opera</b>. This tool can be used to recover your lost/forgotten password of any Website, including popular Web sites, like Facebook, Yahoo, Google, and GMail, as long as the password is stored by your Web Browser. </div> <div style="text-align: justify;"> After retrieving your lost passwords, you can save them into text/html/csv/xml file, by using the 'Save Selected Items' option (Ctrl+S). </div> <h3 class="utilsubject" style="text-align: justify;"> System Requirements And Limitations</h3> <ul style="text-align: justify;"> <li>This utility works on any version of <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> starting from Windows 2000, and up to Windows 8, including 64-bit systems. Older versions of Windows (Windows 98/ME) are not supported, because this utility is a Unicode application. </li> <li>Currently, <b>WebBrowserPassView</b> cannot retrieve the passwords if they are <a href="http://www.toolwar.com/search/label/Encryption" target="_blank">encrypted </a>with a master password. Support for master password will probably be added in future versions. </li> <li>Currently, <b>WebBrowserPassView</b> cannot retrieve passwords from external hard-drive. Support for that might be added in future versions. </li> <li>On Internet Explorer 7.0-9.0, the passwords are encrypted with the URL of the Web site, so <b>WebBrowserPassView</b> uses the history file of Internet Explorer to decrypt the passwords. If you clear the history of Internet Explorer, <b>WebBrowserPassView</b> won't be able to decrypt the passwords. </li> <li>On Google Chrome - passwords originally imported from Internet Explorer 7.0-9.0, cannot be decrypted. </li> </ul> <h3 class="utilsubject" style="text-align: justify;"> Using WebBrowserPassView</h3> <div style="text-align: justify;"> <b>WebBrowserPassView </b>doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file - WebBrowserPassView.exe </div> <div style="text-align: justify;"> After running it, the main window of <b>WebBrowserPassView </b>displays the list of all Web browser passwords found in your system. You can select one or more passwords and then copy the list to the clipboard (Ctrl+C) or export them into text/xml/html/csv file (Ctrl+S). </div> <div style="text-align: justify;"> </div> <h3 class="utilsubject" style="text-align: justify;"> False Virus/Trojan Warning</h3> <div style="text-align: justify;"> <b>WebBrowserPassView</b> is a <a href="http://www.toolwar.com/search/label/tools" target="_blank">tool</a> that retrieves secret passwords stored in your system, and thus your Antivirus may falsely detect this tool is infected with Trojan/Virus. <a href="http://blog.nirsoft.net/2009/05/17/antivirus-companies-cause-a-big-headache-to-small-developers/" target="false_positive">Click here</a> to read more about false alerts in Antivirus programs. </div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://www.nirsoft.net/utils/webbrowserpassview.zip" target="_blank">WebBrowserPassView 1.45</a></div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://www.nirsoft.net/utils/web_browser_password.html" target="_blank">http://www.nirsoft.net/utils/web_browser_password.html</a></div>

WebBrowserPassView :: Tools

WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers : Internet Explorer (Ve...

Read more »

Vulture (Reverse Proxy and Web Application Firewall) :: Tools

<div class="separator" style="clear: both; text-align: justify;"> <img alt="Vulture Web Application firewall logo" border="0" height="120" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcN3Rs0hVvmx1PZMlzm4cKq8LfrgzLmawv5_6MTJGCGcv80todCVORuLNw89N_c_q6Bdo12ScoCZC5pVkwGY4LZjHRpyykzf-7j32yGUKJIY-_FBDWsdfPinXJLDDJ1x8ofO4ztGKtEKS1/s640/vulture+web+application+firewall+logo.png" title="Vulture Web Application firewall logo" width="640" /></div> <div style="text-align: justify;"> <b>Vulture </b>is a <i><span itemprop="description">Open Source Reverse Proxy / Web Application Firewall</span></i><b>. Vulture </b>is a Web-SSO solution based on technology<i> reverse <a href="http://www.toolwar.com/search/label/Proxy" target="_blank">proxy</a></i> implemented on a base Apache 2.2. Vulture also provides <i>application <a href="http://www.toolwar.com/search/label/Firewalls" target="_blank">firewall</a></i> functionality and interfaces between <i><a href="http://www.toolwar.com/search/label/Web" target="_blank">Web</a> applications </i>and Internet to provide unified <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> and authentication. </div> <h3 style="text-align: justify;"> <b>Features :: </b></h3> <div style="text-align: justify;"> The authentication of users with many methods supported LDAP, SQL, text file, radius server, digital certificates ... Modular design allows you to add new authentication methods The spread of authentication on protected applications The encryption flow Filtering and rewriting content Some features to protect against injection attacks Load balancing .</div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="https://googledrive.com/host/0B73hnOQoTupkUkdwM2VGOGNWVTA/" target="_blank">Vulture 2.0.7</a> </div> <h2 style="text-align: justify;"> <span class="mw-headline" id="Details"> </span></h2>

Vulture (Reverse Proxy and Web Application Firewall) :: Tools

Vulture is a Open Source Reverse Proxy / Web Application Firewall . Vulture is a Web-SSO solution based on technology reverse proxy im...

Read more »

Xplico (Internet Traffic Capture) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhADe8Vu4zpdECwwvaAUMUBIlNyGzgvoW1gtLMdHKUZdSDUYlA3t6WdcEN1U1D5ec7BhAtfCN00j4FkO__Ft1LEMzYbd6sUlKDkbK_M05ShgYfYXn2To-j6g4BHCtrNsI1X5D6zJB4dzCE5/s1600/xplico+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="xplico screenshot" border="0" height="217" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhADe8Vu4zpdECwwvaAUMUBIlNyGzgvoW1gtLMdHKUZdSDUYlA3t6WdcEN1U1D5ec7BhAtfCN00j4FkO__Ft1LEMzYbd6sUlKDkbK_M05ShgYfYXn2To-j6g4BHCtrNsI1X5D6zJB4dzCE5/s400/xplico+screenshot.png" title="xplico screenshot" width="400" /></a></div> <b>Xplico</b> is <i>extract from an internet traffic capture</i> the applications data contained.  For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).<br /> Xplico is released under the <b>GNU General Public License</b> and with some scripts under <b>Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported</b> (CC BY-NC-SA 3.0) License. For more details see License.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Features</h3> <ul style="text-align: justify;"> <li>Protocols supported: HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv6. </li> <li>Port Independent Protocol Identification (PIPI) for each application protocol;</li> <li>Multithreading;</li> <li>Output data and information in SQLite database or Mysql database and/or files;</li> <li>At each data reassembled by Xplico is associated a XML file that uniquely identifies the flows and the pcap containing the data reassembled;</li> <li>Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer -RAM, CPU, HD access time. </li> <li>TCP reassembly with ACK verification for any packet or soft ACK verification;</li> <li>Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server;</li> <li>No size limit on data entry or the number of files entrance (the only limit is HD size);</li> <li>IPv4 and IPv6 support;</li> <li>Modularity. Each Xplico component is modular. The input interface, the protocol decoder (Dissector) and the output interface (dispatcher) are all modules;</li> <li> The ability to easily create any kind of dispatcher with which to organize the data extracted in the most appropriate and useful to you.</li> </ul> <h3> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/uzn8yDEbKC0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Ek8uSUwEjC8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> <b>Ubuntu ::</b> <a href="http://sourceforge.net/projects/xplico/files/Xplico%20versions" target="_blank">Download here</a><br /> OR <br /> <code>sudo bash -c 'echo "deb http://repo.xplico.org/ $(lsb_release -s -c) main" >> /etc/apt/sources.list'<br /> sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 791C25CE<br /> sudo apt-get update<br /> sudo apt-get install xplico</code> <br /> <br /> <b>Deafult Users ::</b><br /> user: admin, xplico<br /> password: xplico, xplico<br /> <h3> </h3>

Xplico (Internet Traffic Capture) :: Tools

Xplico is extract from an internet traffic capture the applications data contained.  For example, from a pcap file Xplico extracts each...

Read more »

WhatWeb (Identifies Websites) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1Y3Xc5XJJiJAmm6k8YcIZNOrOB7uG7CgdTi3S5kN-OmfZ98jwawq6HH-Ntm-wT192dKf5QrY_p3LgrMXJGEVlT8HbDjmC9PZILfoV_kY9uhM5FewuU0d2gOcSmRjuqbeh80xsr9j3mUSS/s1600/whatweb+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="WhatWeb Screenshot" border="0" height="188" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1Y3Xc5XJJiJAmm6k8YcIZNOrOB7uG7CgdTi3S5kN-OmfZ98jwawq6HH-Ntm-wT192dKf5QrY_p3LgrMXJGEVlT8HbDjmC9PZILfoV_kY9uhM5FewuU0d2gOcSmRjuqbeh80xsr9j3mUSS/s400/whatweb+screenshot.png" title="WhatWeb Screenshot" width="400" /></a></div> <div style="text-align: justify;"> <b>WhatWeb </b><i>identifies websites.</i> Its goal is to answer the question, “<i>What is that Website?”</i>. <b>WhatWeb</b> recognises <i>web technologie</i>s including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.</div> <div style="text-align: justify;"> <b>WhatWeb</b> can be stealthy and fast, or thorough but slow. <b>WhatWeb</b> supports an aggression level to control the trade off between speed and reliability. When you visit a website in your browser, the transaction includes many hints of what web technologies are powering that website. Sometimes a single webpage visit contains enough information to identify a website but when it does not, <b>WhatWeb</b> can interrogate the website further. The default level of aggression, called ‘passive’, is the fastest and requires only one HTTP request of a website. This is suitable for scanning public websites. More aggressive modes were developed for in penetration tests.</div> <div style="text-align: justify;"> Most WhatWeb plugins are thorough and recognise a range of cues from subtle to obvious. For example, most WordPress websites can be identified by the meta HTML tag, e.g. ‘‘, but a minority of WordPress websites remove this identifying tag but this does not thwart WhatWeb. The WordPress <b>WhatWeb</b> plugin has over 15 tests, which include checking the favicon, default installation files, login pages, and checking for “/wp-content/” within relative links.</div> <h3> Features:</h3> <div style="text-align: justify;"> * Over 900 plugins<br /> * Control the trade off between speed/stealth and reliability<br /> * Plugins include example URLs<br /> * Performance tuning. Control how many websites to scan concurrently.<br /> * Multiple log formats: Brief (greppable), Verbose (human readable), XML, JSON, MagicTree, RubyObject, MongoDB.<br /> * Recursive web spidering<br /> * Proxy support including TOR<br /> * Custom HTTP headers<br /> * Basic HTTP authentication<br /> * Control over webpage redirection<br /> * Nmap-style IP ranges<br /> * Fuzzy matching<br /> * Result certainty awareness<br /> * Custom plugins defined on the command line</div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://www.morningstarsecurity.com/downloads/whatweb-0.4.7.tar.gz">whatweb-0.4.7.tar.gz</a></div> <div style="text-align: justify;"> <b>Tutorial :: </b>  <a href="http://www.morningstarsecurity.com/research/whatweb" target="_blank">Click Here </a></div> <div style="text-align: justify;"> </div>

WhatWeb (Identifies Websites) :: Tools

WhatWeb identifies websites. Its goal is to answer the question, “ What is that Website?” . WhatWeb recognises web technologie s inclu...

Read more »

Polipo (Fast Caching Web Proxy) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-NyUbYXHd__DneQqwv5fvd1SVGs74usTJyhqxbZKsUNdTap7RuNPogsL8ETY0pKvOltAv4cV3YLUaGUWh04ihvwKbvm0rLcHhSbvj22zKYf-dY-FI2PAaxKo4wOc5WHr7ZTFYTSpxkkdS/s1600/polipo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="polipo" border="0" height="272" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-NyUbYXHd__DneQqwv5fvd1SVGs74usTJyhqxbZKsUNdTap7RuNPogsL8ETY0pKvOltAv4cV3YLUaGUWh04ihvwKbvm0rLcHhSbvj22zKYf-dY-FI2PAaxKo4wOc5WHr7ZTFYTSpxkkdS/s320/polipo.png" title="polipo" width="320" /></a></div> <div style="text-align: justify;"> <b>Polipo</b> is a small and<i> fast caching web proxy</i> (a web cache, an HTTP proxy, a proxy server). While <b>Polipo </b>was designed to be used by one person or a small group of people, there is nothing that prevents it from being used by a larger group. </div> <div style="text-align: justify;"> <b>Polipo </b>has some features that are, as far as I know, unique among currently available proxies: </div> <ul style="text-align: justify;"> <li><b>Polipo </b>will use HTTP/1.1 pipelining if it believes that the remote server supports it, whether the incoming requests are pipelined or come in simultaneously on multiple connections (this is more than the simple usage of persistent connections, which is done by <i>e.g.</i> Squid); </li> <li><b>Polipo</b> will cache the initial segment of an instance if the download has been interrupted, and, if necessary, complete it later using Range requests; </li> <li><b>Polip</b>o will upgrade client requests to HTTP/1.1 even if they come in as HTTP/1.0, and up- or downgrade server replies to the client's capabilities (this may involve conversion to or from the HTTP/1.1 chunked encoding); </li> <li><b>Polipo </b>has complete support for IPv6 (except for scoped (link-local) addresses). </li> <li><b>Polipo </b>can optionally use a technique known as Poor Man's Multiplexing to reduce latency even further. </li> </ul> <div style="text-align: justify;"> In short, <b>Polipo u</b>ses a plethora of techniques to make web browsing (seem) faster. </div> <div style="text-align: justify;"> <br /></div> <b>Download Here ::</b> git clone git://git.wifi.pps.univ-paris-diderot.fr/polipo<br />                               <a href="http://freehaven.net/~chrisd/polipo/polipo-1.0.4.tar.gz" target="_blank">Polipo-1.0.4.tar.gz (for Linux)</a><br />                               <a href="http://freehaven.net/~chrisd/polipo/polipo-1.0.4-win32.zip" target="_blank">Polipo-1.0.4-win32.zip</a><br /> <b>Tutorial & Official Website ::</b>  http://www.pps.univ-paris-diderot.fr/~jch/software/polipo/

Polipo (Fast Caching Web Proxy) :: Tools

Polipo is a small and fast caching web proxy (a web cache, an HTTP proxy, a proxy server). While Polipo was designed to be used by on...

Read more »

HULK (Web Server DDoS) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="hulk ddos tool" border="0" height="212" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmkIpDIrPxvWHtvaai_4lmV1eyCCUucwGOrd8aUni-ylFt1wNOuMbrXPPPrtc8hntwhyphenhyphenoPGGfY1vutVU40iKl62ewiHoIVJpoPAVQxG0fGoJuJYywjG5L1Kwvzl-NBExPpV23vg0rSOtoY/s320/hulk+web+server+logo.jpg" title="hulk ddos tool" width="320" /></div> <b>HULK</b> is a <i>web server denial of service tool (DDoS Tool)</i> written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> The <b>Hulk Web server</b> is a brainchild of Barry Shteiman. This<i> DDoS attack tool </i>distinguishes itself from many of the other tools out in the wild. According to its creator, the Hulk Web server was born of his conclusion that most available DDoS attack tools produced predictable repeated patterns that could easily be mitigated. The principle behind the Hulk Web server is that a unique pattern is generated at each and every request, with the intention of increasing the load on the servers as well as evading any intrusion detection and prevention systems. </div> <h3 style="text-align: justify;"> Some Techniques</h3> <ul style="text-align: justify;"> <li>Obfuscation of Source Client – this is done by using a list of known User Agents, and for every request that is constructed, the User Agent is a random value out of the known list</li> <li>Reference Forgery – the <i>referer</i> that points at the request is obfuscated and points into either the host itself or some major prelisted websites.</li> <li>Stickiness – using some standard Http command to try and ask the server to maintain open connections by using Keep-Alive with variable time window</li> <li>no-cache – this is a given, but by asking the HTTP server for <i>no-cache</i> , a server that is not behind a dedicated caching service will present a unique page.</li> <li>Unique Transformation of URL – to eliminate caching and other optimization tools, I crafted custom parameter names and values and they are randomized and attached to each request, rendering it to be Unique, causing the server to process the response on each event.</li> </ul> <div style="text-align: justify;"> <b>Video Tutorial :: </b><a href="https://www.youtube.com/watch?v=dYjx2VoXjEA" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <b>Download Here :: </b><a href="http://packetstormsecurity.com/files/download/112856/hulk.zip" target="_blank">Hulk.zip</a><b><a href="http://packetstormsecurity.com/files/download/112856/hulk.zip" target="_blank"> </a></b></div> <div style="text-align: justify;"> <b>Official Website :: </b>http://www.sectorix.com/ </div>

HULK (Web Server DDoS) :: Tools

HULK is a web server denial of service tool (DDoS Tool) written for research purposes. It is designed to generate volumes of unique an...

Read more »

Search Admin Page :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdcso7UY1h5XykvO-IVJgbC7WBbxEMzF5qNNokr9_1Qn_h3XUVzOaC9vF31WIxkYIrecDz-y7AY_03oY1TckohiD4gHeEPavrbbxUXu6xIISF-n-pX8cy3XbCkg9aCHwdwPVMqZ85x5ADg/s1600/admin-page-logo.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a><img alt="admin page logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj97Ace25MACKbume5zTfWwhcH97pPJJSgUkBumonW7ThiP9l85PtQfgOS2xUDDoi1qwpu5I_PzD9J79Lo5Jfy68wAxHwkX8ONP6t6bIuVeXeA2mrmh7aRVkY7u9rYcJKpXkE_Oeu6RStIr/s1600/admin+page.jpg" title="admin page logo" /></div> <br /> <b>Search Admin Page</b> is a script that written in python. With the help <i>admin page finder script</i> we can find admin panel of website. This codes searches for admin pages, and in the future will also execute SQL/XSS injections and return the outputs.  <br />   <br /> <b>Download Here ::</b> <a href="https://github.com/ephexeve/Search-admin-page/archive/master.zip" target="_blank">Search Admin Finder (.py)</a><br /> <b>Source ::</b> https://github.com/ephexeve/Search-admin-page

Search Admin Page :: Tools

Search Admin Page is a script that written in python. With the help admin page finder script we can find admin panel of website. This c...

Read more »

Burp Suite 2020.12.1 :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAT2UhRmZvzULaQVdcEZDtIFgNvPBCuTUbZWHvPtZZ5gx6ibqfq6BYj-4RfUfNMVxfg1JsA6uD4KKYpcQKye1XV_E1DMgkYO8CCKDPceWmNfn-3OVLCMEvmMVmLYzvRih9jGTKLa8xnlbs/s836/Burp-Suite-Professional-2020-Free-Download.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Burp Suite Professional 2020.12.1" border="0" data-original-height="484" data-original-width="836" height="231" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAT2UhRmZvzULaQVdcEZDtIFgNvPBCuTUbZWHvPtZZ5gx6ibqfq6BYj-4RfUfNMVxfg1JsA6uD4KKYpcQKye1XV_E1DMgkYO8CCKDPceWmNfn-3OVLCMEvmMVmLYzvRih9jGTKLa8xnlbs/w400-h231/Burp-Suite-Professional-2020-Free-Download.jpg" title="Burp Suite Professional 2020.12.1" width="400" /></a></div><br /><div style="text-align: justify;"> <b>Burp Suite</b> is a large platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. </div> <div style="text-align: justify;"> Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.</div> <div style="text-align: justify;"> It contains a variety of tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All of the tools share the same framework for handling and displaying HTTP messages, persistence, authentication, proxies, logging, alerting and extensibility. There is a limited free version and also Burp Suite Professional ($399 per user per year). </div> <div class="rounded-corner-box grey-box"> <ul class="green-list" style="text-align: justify;"> <li>An intercepting <b>Proxy</b>, which lets you inspect and modify traffic between your browser and the target application.</li> <li>An application-aware <b>Spider</b>, for crawling content and functionality.</li> <li>An advanced web application <b>Scanner</b>, for automating the detection of numerous types of vulnerability.</li> <li>An <b>Intruder</b> tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.</li> <li>A <b>Repeater</b> tool, for manipulating and re-sending individual requests.</li> <li>A <b>Sequencer</b> tool, for testing the randomness of session tokens.</li> <li>The ability to <b> save your work</b> and resume working later.</li> <li><b>Extensibility</b>, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.</li> </ul> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/pBkzvp7xuCI?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: center;"> </div> <div style="text-align: left;"> <br /> <b>Download Here :: </b><a href="https://portswigger.net/burp/releases/professional-community-2020-12-1" target="_blank">Burp Suite v2020.12.1</a><b> </b></div> <div style="text-align: left;"> <b>Source ::</b> http://portswigger.net/index.html</div> </div> </div>

Burp Suite 2020.12.1 :: Tools

Burp Suite is a large platform for performing security testing of web applications. Its various tools work seamlessly together to suppor...

Read more »

KOLKATA (Web Application Fingerprinting) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="kolkata web application fingerpriniting tool" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjblh7okaX78YSdEtAzJwG8C6OYlRXWupeC8svbS39nXWePEaV3Mo3xwGCYqinIFajRoXhBNxjZq6rPBWvgB2KbTQUATdjhFPRbPkVyKrcJykmaOUlLLJs27Q6mzqszFpUXleLMIcCjPYT-/s1600/Web-App-fingerprint-sized-293x150.jpg" title="kolkata web application fingerpriniting tool" /></div> <div style="text-align: justify;"> <b>Kolkata</b> is a <i>web application fingerprinting engine</i> written in <a href="http://www.toolwar.com/2013/09/perl-language.html" target="_blank" title="Perl">Perl</a> that combines cryptography with IDS evasion. Kolkata uses session splicing for IDS evasion and configurable checksums of static files in order to determine the version of a web application. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Download Here ::</b> <a href="http://www.blackhatlibrary.net/releases/kolkata.tgz" target="_blank">Kolkata.tgz</a> </div> <div style="text-align: justify;"> <b>Official Website ::</b> http://www.blackhatlibrary.net/Kolkata</div> </div>

KOLKATA (Web Application Fingerprinting) :: Tools

Kolkata is a web application fingerprinting engine written in Perl that combines cryptography with IDS evasion. Kolkata uses session ...

Read more »

FOCA (Metadata Analyzer) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="foca logo toolwar" border="0" height="163" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_r5MVkxBwNCvxK4jGg_H_RQHnfDhbTNp2Ed3tEy8FL8RJflwgVTcEHORzatASmF21pYF3JkyjxWwvdkXkQPlEFQ9LqD0YSXkcSyanqj0nX60zI8V7FRSOWyo3v2q1_uhF7VZYi4VsChVJ/s400/foca+logo.jpg" title="foca logo toolwar" width="400" /></div> <div style="text-align: justify;"> <b>FOCA</b> will <b>analyze metadata</b> from Microsoft Office Documents, PDF files, Open Office Files and Word Perfect files, EXIF Metadata out of images and the best part is that you can add the files you collected manually or found and downloaded thru web searches using Google and Live Search witch makes it extremely flexible for pentests. it will enumerate Users, Folders, Printers, Emails and the version of Software used to create the file. This tool will run on Windows XP and Windows Vista, I found it to be really unstable in Windows 7 Beta.</div> <div style="text-align: justify;"> <b>FOCA</b> means seal in Spanish language. <b>FOCA</b> or <b>Fingerprinting Organizations with Collected Archives</b> is a tool to discover files on target website and extract metadata from it. FOCA is a Windows based tool for the metadata extraction. It provides a GUI for easy usage. FOCA basically uses search engines for the purpose of discovering files and extracts metadata from them. There also exists an online version of the application, which can be found at http://www.informatica64.com/foca/ </div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/c2LSHt8HB34?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here :: </b><a href="http://dl2.downloadcrew.com/?r=SBPN%2FSBPN_3.0.mvc&t=1382010847&c=c77d0352a0aaf602ef24185ec25a0bdc6fe7b201&sw=22211" target="_blank">FOCA 3.0</a><b> </b></div> <div style="text-align: justify;"> <b>Online Version :: </b>http://www.informatica64.com/foca/ </div> <div style="text-align: justify;"> <b>Official Website :: </b>http://www.informatica64.com/foca.aspx</div> </div>

FOCA (Metadata Analyzer) :: Tools

FOCA will analyze metadata from Microsoft Office Documents, PDF files, Open Office Files and Word Perfect files, EXIF Metadata out of...

Read more »