FARADAY (Integrated Penetration Testing IDE) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="FARADAY Logo" border="0" height="91" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj03zjrenjfh3-P90KLn_GSw8ONyaQLqXdR6otoyPAiIMj1ETcLzdJpofOdDKILtTGY6U_4FS4zlEyLZEVF0IEjyTWLMkZrm9wa3U-YS1L8K8A1NQO_j0muNmj9wiuSaqph9OyYKddiOc-f/s1600-rw/Faraday-Logo.png" title="FARADAY Logo" width="400" /></div> <b>Faraday</b> introduces a new concept (IPE) <b>Integrated Penetration-Test Environment</b> a multiuser <b>Penetration test IDE</b>. Designed for distribution, indexation and analysis of the generated data during the process of a <a href="http://www.toolwar.com/search/label/Security" target="_blank"> security audit</a>.</div> <div style="text-align: justify;"> The main purpose of <b>Faraday</b> is to re-use the available tools in the community to take advantage of them in a multiuser way.</div> <div style="text-align: justify;"> Design for simplicity, users should feel no difference between their own terminal application and the one included in <b>Faraday</b>. Developed with a specialized set of functionalities that help users improve their own work. Do you remember yourself programming without an IDE? Well, <b>Faraday</b> does the same an IDE does for you when programming, but from the perspective of a <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration test</a>.</div> <div style="text-align: justify;"> <br /> <b>Requirement ::  </b></div> <div style="text-align: justify;"> <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Modern Linux</a> (Tested Debian / Ubuntu * / <a href="http://www.toolwar.com/2013/09/kali-linux-toolwar.html" target="_blank">Kali</a> / <a href="http://www.toolwar.com/2013/09/backtrack-5-r3-distribution.html" target="_blank">Backtrack</a>)</div> <ul style="text-align: justify;"> <li>Python 2.6.x and 2.7.x</li> <li>Qt3</li> <li>CouchDB >= 1.2.0<br /> </li> <li>The following python libs: <ul> <li>mockito </li> <li>couchdbkit </li> <li>whoosh </li> <li>argparse </li> <li>psycopg2</li> <li>IPy</li> <li>requests</li> </ul> <h3> </h3> </li> </ul> <h3 style="text-align: justify;"> Tutorials :: </h3> <div style="text-align: justify;"> <b>Installation :: </b> </div> <div style="text-align: justify;"> Preferably, you can download faraday by cloning the Git repository:</div> <div style="text-align: justify;"> <pre><code>$ git clone https://github.com/infobyte/faraday.git faraday-dev $ cd faraday-dev $ ./install </code></pre> </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Usage :: </b></div> <div style="text-align: justify;"> To get started, simply execute faraday and use the new console to start working in the pentest: </div> <div style="text-align: justify;"> <pre><code>$ ./faraday</code></pre> <pre><code> </code></pre> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/EBz0g6ya7Mg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> </div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="https://github.com/infobyte/faraday/archive/master.zip" target="_blank">Faraday</a> (tarball) <b> </b></div> <div style="text-align: justify;"> <b>Source Website :: </b><a href="https://github.com/infobyte/faraday">https://github.com/infobyte/faraday</a></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.faradaysec.com/">http://www.faradaysec.com/</a></div>

FARADAY (Integrated Penetration Testing IDE) :: Framework

Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE . Designed for distrib...

Read more »

Cloud Cracker (Online WPA/WPA2 and Hash Cracker) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img border="0" height="360" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVFL3einLDFs5tDqL8eAuXhoGPJQrptNIIRuTPXL1eIi8qGVslIyvatgz3avdggGXMvql_LWYckXFASVLqyvgKqt8rXQXBwWcXGHS32SSdSewaltZzS7hF8f2Bvzw3wh5yNTrS1vK3ToYD/s1600-rw/password-cracking.jpg" width="640" /></div> </div> <div style="text-align: justify;"> <b>Cloud Cracker</b> is an <a href="http://www.toolwar.com/search/label/Online" target="_blank">online</a> <b>password cracking service</b> for penetration testers and network auditors who need to check the security of WPA protected <a href="http://www.toolwar.com/search/label/Wireless" target="_blank">wireless</a> networks, crack password <a href="http://www.toolwar.com/search/label/Hash" target="_blank">hashes</a> or break document encryption. </div> <div style="text-align: justify;"> <h3> Features :: </h3> </div> <ul style="text-align: justify;"> <li>Ease to use</li> <li>Save money, save time</li> <li>Support WPA/WPA2, NTLM, SHA-512, MD5, MS-CHAPv2 </li> <li>Secure transmission</li> <li>Fast password cracking service</li> </ul> <div style="text-align: justify;"> <b>Online Website ::</b> <a href="https://www.cloudcracker.com/" target="_blank">https://www.cloudcracker.com/ </a></div>

Cloud Cracker (Online WPA/WPA2 and Hash Cracker) :: Tools

Cloud Cracker is an online password cracking service for penetration testers and network auditors who need to check the secu...

Read more »

SIPVicious (Auditing SIP Based VoIP System) :: Tools

<div style="text-align: justify;"><div class="separator" style="clear: both; text-align: center;"><img alt="SIP VoIP " border="0" height="324" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgs5pKQQ6VdyR7URrQT6nS1VVL0igxhRv5L4g9jfkKRkBLjfBegI6eKZANJ63AqMiWYIf8m2YEb8azNj4j9bwx-gCWo_jYM66n1k2GggJOHg0mLwLS0hJ7h7UWskxn3gWk6PAqEtxcvgABJ/s1600-rw/SIP+VoIP.png" title="SIP VoIP " width="640" /></div><b>SVMAP</b> is a part of a suite of tools called <b>SIPVicious</b> and it’s my favorite <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner</a> of choice It can be used to scan identify and fingerprint a single IP or a range of IP addresses. <b>Svmap</b> allows specifying the request method which is being used for scanning, the default method is OPTIONS, it offers debug and verbosity options and even allows scanning the SRV records for SIP on the destination domain. You can use the <b>./svmap –h</b> in order to view all the available arguments </div><div style="text-align: justify;"><b>SIPVicious suite</b> is a set of <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a> that can be used to audit SIP based <a href="http://www.toolwar.com/search/label/VOIP" target="_blank">VoIP systems</a>. It currently consists of four tools: </div><ul style="text-align: justify;"><li>svmap - this is a sip scanner. Lists SIP devices found on an IP range </li> <li>svwar - identifies active extensions on a PBX </li> <li>svcrack - an online password cracker for SIP PBX </li> <li>svreport - manages sessions and exports reports to various formats </li> <li>svcrash - attempts to stop unauthorized svwar and svcrack scans </li> </ul><div style="text-align: justify;">It was tested on the following systems: </div><ul style="text-align: justify;"><li><a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux </a></li> <li><a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X </a></li> <li><a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows </a></li> <li><a href="http://www.toolwar.com/search/label/FreeBSD" target="_blank">FreeBSD 6.2 </a></li> <li>Jailbroken iPhone with python installed </li> </ul><div style="text-align: justify;">If you use it on systems that are not mentioned here please let me know goes it goes. </div><h3 style="text-align: justify;">Tutorials ::</h3><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Zp_gzjV8l4c?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div><div style="text-align: justify;"></div><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/3a7xJeNQfOk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div><h3 style="text-align: justify;"> </h3><h3 style="text-align: justify;">Download ::</h3><div style="text-align: justify;"><b>Linux | Windows | Mac | FreeBSD :: </b><a href="http://sipvicious.googlecode.com/files/sipvicious-0.2.8.zip" target="_blank">SIPVicious v0.2.8</a> (.zip) | <a href="http://sipvicious.googlecode.com/files/sipvicious-0.2.8.tar.gz" target="_blank">SIPVicious v0.2.8</a> (.tar.gz)<b> </b></div><div style="text-align: justify;"><b>Official Website :: </b> <a href="http://code.google.com/p/sipvicious/">http://code.google.com/p/sipvicious/</a></div>

SIPVicious (Auditing SIP Based VoIP System) :: Tools

SVMAP is a part of a suite of tools called SIPVicious and it’s my favorite scanner of choice It can be used to scan identify and fingerp...

Read more »

VoIPong (VoIP Sniffer and Call Detector) :: Tools

<div class="separator" style="clear: both; text-align: center;"><img alt="VoIP Hacking " border="0" height="337" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBxH793kkyuODvT2YM2SvDUf4q_9lL0i3cTdtxNEAo0qVv-QShCchSo0Ehnp75muGHbqnHldC6K2_wNn69CsW7RtQY-YphAkIyGJe1_VtlepwwSyy73nzn1i4ezE1fZdcy-tCJ8QdLUlCp/s1600-rw/VoIP+Hacking.jpg" title="VoIP Hacking " width="640" /></div><div class="style3" style="text-align: justify;"><b>VoIPong</b> is a utility which detects all <b><a href="http://www.toolwar.com/search/label/VOIP" target="_blank">Voice Over IP</a> calls on a pipeline</b>, and for those which are G711 encoded, dumps actual conversation to seperate wave files. It supports SIP, H323, Cisco's Skinny Client Protocol, RTP and RTCP. </div><div class="style3" style="text-align: justify;">It's been written in C language for performance reasons, proved to be running on Solaris, <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a> and <a href="http://www.toolwar.com/search/label/FreeBSD" target="_blank">FreeBSD</a>; though it's thought to compile and run on other platforms as well. </div><div class="style3" style="text-align: justify;">On a 45 Mbit/sec network traffic, it's been verified that <b>VoIPong</b> successfully detected all <a href="http://www.toolwar.com/search/label/VOIP" target="_blank">VoIP </a>gateways and the VoIP calls. CPU utilization during the run has been found ranging between 66% - 80% on a 256MB RAM, Celeron 1700 Mhz Toshiba notebook. </div><span class="style1"><b>Features :: </b></span><br /> <ul><li class="style2">Produces real .Wav files for direct audio hearing. </li> <li class="style2">Simple, optimized, extandable fast code </li> <li class="style2">The algorithm doesn't depend on signalling but on RTP/RTCP </li> <li class="style2">Detailed logging. (Comfortable for 'cut' and 'cat' operations to produce statistics.) </li> <li class="style2">Powerful management console interface </li> <li class="style2">Easy installation and administration</li> <li class="style2">Easy debugging. </li> </ul><h3 class="style3" style="text-align: justify;">Tutorials ::</h3><b>Users Manual ::</b> <a href="http://www.enderunix.org/voipong/users-manual/" target="_blank">Click Here</a><br />   <br /> <div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/ow1bRp6E8og?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 class="style3" style="text-align: justify;">Download ::</h3><div class="style3" style="text-align: justify;"><b>Linux :: </b><a href="https://github.com/EnderUNIX/VoIPong/archive/master.zip" target="_blank">VoIPong v2.0</a></div><div class="style3" style="text-align: justify;"><b>Official Website :: </b><a href="http://www.enderunix.org/voipong/">http://www.enderunix.org/voipong/</a></div>

VoIPong (VoIP Sniffer and Call Detector) :: Tools

VoIPong is a utility which detects all Voice Over IP calls on a pipeline , and for those which are G711 encoded, dumps actual conversati...

Read more »

SNMPCheck (SNMP Enumeration) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="SNMPCheck" border="0" height="316" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNQCGr22VHfWJI20ydnqXWT0FpVBP1u6mdLTIESgT_IN6QGduciK1QWIlWG0O__y2nvACefsDE1DFwXrHO973XbWbfbepc3FXB2bD_TX7jy6oZwLrfRXAkd_PCKf9C_28TD-klFE3QJk_P/s1600-rw/SNMPCheck.jpg" title="SNMPCheck" width="400" /></div> <b>SNMPCheck</b> allows you to <b>enumerate the SNMP</b> devices and places the output in a very human readable friendly format. It could be useful for <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a> or <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">systems monitoring</a>. Distributed under GPL license and based on "Athena-2k" script by jshaw.</div> <h3 style="text-align: justify;"> Features :: </h3> <div style="text-align: justify;"> SNMPCheck supports the following enumerations:</div> <ul style="text-align: justify;"> <li> contact</li> <li>description</li> <li> detect write access (separate action by enumeration)|</li> <li> devices</li> <li> domain</li> <li> hardware and storage informations</li> <li> hostname</li> <li> IIS statistics</li> <li> IP forwarding</li> <li> listening UDP ports</li> <li> location</li> <li> motd</li> <li> mountpoints</li> <li> network interfaces</li> <li> network services</li> <li> processes</li> <li> routing information</li> <li> software components</li> <li> system uptime</li> <li> TCP connections</li> <li> total memory</li> <li> uptime</li> <li> user accounts</li> </ul> <h3> Tutorials ::</h3> <b>Report Examples :: </b><a href="http://www.nothink.org/codes/snmpcheck/report_windows_xp.txt" target="_blank">Windows XP</a> | <a href="http://www.nothink.org/codes/snmpcheck/report_linux_ubuntu.txt" target="_blank">Linux Ubuntu</a><b><br /></b><br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/RIVV4--m4dU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> Download ::</h3> <b>Perl Script :: </b><a href="http://www.nothink.org/codes/snmpcheck/snmpcheck-1.8.pl" target="_blank">SNMPCheck</a> (.pl) <b> </b><br /> <b>Official Website ::</b> <a href="http://www.nothink.org/codes/snmpcheck/">http://www.nothink.org/codes/snmpcheck/</a> <br /> <div class="alert alert-success" style="text-align: justify;"> </div>

SNMPCheck (SNMP Enumeration) :: Tools

SNMPCheck allows you to enumerate the SNMP devices and places the output in a very human readable friendly format. It could be useful ...

Read more »

NBTScan (Scans for Open NETBIOS Name Servers) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdxS-BqEkVq8gRluzMKok1FYN4f43CO1Nnia5lF4ZTvXelpQ-Z0lC0lJaBxzhpiwFLZgrk16y7re7wk-pbt1ZcUl405HynotcqrIyBXTQdkdqkzndKFNmdELfpOXIW8jXlCv-B8F8Geaxp/s1600/nbtscan+screenshot.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="nbtscan screenshot windows" border="0" height="333" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdxS-BqEkVq8gRluzMKok1FYN4f43CO1Nnia5lF4ZTvXelpQ-Z0lC0lJaBxzhpiwFLZgrk16y7re7wk-pbt1ZcUl405HynotcqrIyBXTQdkdqkzndKFNmdELfpOXIW8jXlCv-B8F8Geaxp/s1600-rw/nbtscan+screenshot.gif" title="nbtscan screenshot windows" width="400" /></a></div> <div style="text-align: justify;"> <b>nbtscan</b> is a <a href="http://www.toolwar.com/search/label/CLI" target="_blank">command-line tool</a> that scans for open <b>NETBIOS nameservers</b> on a local or remote TCP/IP <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a>, and this is a first step in finding of open shares. It is based on the functionality of the standard <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows tool</a> nbtstat, but it operates on a range of addresses instead of just one. I wrote this <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tool</a> because the existing tools either didn't do what I wanted or ran only on the Windows platforms: mine runs on just about everything.</div> <div style="text-align: justify;"> <b>Windows</b> - The Win32 version of the tool, which works well on Windows 9x, NT and 2000, is available below as nbtscan.exe. It's written in portable C and is less than 40 kbytes, requires no special libraries or DLLs, and is run in an MS-DOS command window. I promise that the tools have no viruses, backdoors, or any other kind of overt bad behavior. I don't promise that there are no bugs. </div> <div style="text-align: justify;"> <b>LINUX</b> - the code works fine on <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, and a version built on Red Hat Linux 6.2 is available as well. I have reports that this binary works on Red Hat Linux 6.0 - 8.0, Debian "woody", and Mandrake 8.1 (we don't think we've found a Red Hat, CentOS, or Fedora system that it didn't run on). </div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <pre class="codeblock">C:\> <b>nbtstat -A 192.168.1.99</b> NetBIOS Remote Machine Name Table Name Type Status --------------------------------------------- XPDEV <00> UNIQUE Registered UNIXWIX <00> GROUP Registered XPDEV <03> UNIQUE Registered XPDEV <20> UNIQUE Registered UNIXWIX <1E> GROUP Registered MAC Address = 00-50-04-6D-50-37</pre> <pre class="codeblock"> </pre> <pre class="codeblock">C:\> <b>nbtscan 192.168.1.0/24</b> 192.168.1.3 MTNDEW\WINDEV SHARING DC 192.168.1.5 MTNDEW\TESTING 192.168.1.9 MTNDEW\WIZ SHARING U=STEVE 192.168.1.99 MTNDEW\XPDEV SHARING </pre> <h3 style="text-align: justify;"> </h3> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows | Linux :: </b><a href="http://www.unixwiz.net/tools/nbtscan-1.0.35.exe" target="_blank">NBTScan</a> (.exe)<b> | </b><a href="http://www.unixwiz.net/tools/nbtscan-source-1.0.35.tgz" target="_blank">NBTScan</a> (.tgz)</div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.unixwiz.net/tools/nbtscan.html">http://www.unixwiz.net/tools/nbtscan.html</a></div>

NBTScan (Scans for Open NETBIOS Name Servers) :: Tools

nbtscan is a command-line tool that scans for open NETBIOS nameservers on a local or remote TCP/IP network , and this is a first step ...

Read more »

Maligno (Penetration Testing) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7dM_W5x1h5uszgk0spEosIclT4KmaGO2uPukBWl2ETl36hFooZ0Eb50A3PfpPjjzUqZ2HTI5NHF-L7q4sAxnRD14MGiXgvHkHLi_zCKB5hs8jd0TiUAyaYrsEJ5M4nq67pzu47VcLwRET/s1600/PenTest_Image.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="maligno image" border="0" height="307" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7dM_W5x1h5uszgk0spEosIclT4KmaGO2uPukBWl2ETl36hFooZ0Eb50A3PfpPjjzUqZ2HTI5NHF-L7q4sAxnRD14MGiXgvHkHLi_zCKB5hs8jd0TiUAyaYrsEJ5M4nq67pzu47VcLwRET/s1600-rw/PenTest_Image.png" title="maligno image" width="400" /></a></div> <div style="text-align: justify;"> <b>Maligno</b> is an open source <b>penetration testing tool</b> written in python, that serves <a href="http://www.toolwar.com/2013/09/metasploit-framework.html" target="_blank">Metasploit</a> payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://www.encripto.no/tools/maligno-1.0.tar.gz" target="_blank">Maligno v1.0</a> (.tar.gz)</div> <div style="text-align: justify;"> <b>Official Website :: </b> <a href="http://www.encripto.no/tools/">http://www.encripto.no/tools/</a></div>

Maligno (Penetration Testing) :: Tools

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with ms...

Read more »

URLCrazy (Check for Mistyped Domain Names) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyLyWDBoVsveQYb2dGL_PuWnsuRw1nokIuQKd_361RbcaREom6CLNFECgU-VoE2dThMoAADFfaWbckc79TaK68iLysT77s5PgM_l4a921ztqCrvKcHKXbTMWJbRjSlQJx2KE-BebY_gUjr/s1600/URLCrazy+Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="URLCrazy Screenshot" border="0" height="339" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyLyWDBoVsveQYb2dGL_PuWnsuRw1nokIuQKd_361RbcaREom6CLNFECgU-VoE2dThMoAADFfaWbckc79TaK68iLysT77s5PgM_l4a921ztqCrvKcHKXbTMWJbRjSlQJx2KE-BebY_gUjr/s1600-rw/URLCrazy+Screenshot.png" title="URLCrazy Screenshot" width="640" /></a></div> <div style="text-align: justify;"> <b>URLCrazy</b> checks for mistyped domain names of websites. It can detect typo domain squatters and help protect your domain <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> by identifying domain names to preemptively register. It generates 15 types of typos, including bitflipped domains, knows over 8,000 common misspellings and over 450 homophones, supports multiple keyboard layouts, checks whether a typo is a valid domain, and can test whether domain typos are in use and estimate the popularity of a typo. Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.</div> <h3 style="text-align: justify;"> Usage </h3> <div style="text-align: justify;"> * Detect typo squatters profiting from typos on your domain name<br /> * Protect your brand by registering popular typos<br /> * Identify typo domain names that will receive traffic intended for another domain<br /> * Conduct phishing attacks during a <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration test</a></div> <h3 style="text-align: justify;"> Features</h3> <div style="text-align: justify;"> * Generates 15 types of domain variants<br /> * Knows over 8000 common misspellings<br /> * Supports cosmic ray induced bit flipping<br /> * Multiple keyboard layouts (qwerty, azerty, qwertz, dvorak)<br /> * Checks if a domain variant is valid<br /> * Test if domain variants are in use<br /> * Estimate popularity of a domain variant<br /> * URLCrazy requires Linux and the Ruby interpreter.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <b>Installation :: </b><br /> <span style="font-family: "Courier New",Courier,monospace;">If you are using Ubuntu or Debian try:<br /> $ sudo apt-get install ruby-1.8</span><br />   <br /> <h3> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://www.morningstarsecurity.com/downloads/urlcrazy-0.5.tar.gz" target="_blank">URLCrazy v0.5</a> (.tar.gz)</div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.morningstarsecurity.com/research/urlcrazy">http://www.morningstarsecurity.com/research/urlcrazy</a></div>

URLCrazy (Check for Mistyped Domain Names) :: Tools

URLCrazy checks for mistyped domain names of websites. It can detect typo domain squatters and help protect your domain security by ...

Read more »

Vyatta (Vitrual Router, Firewall and VPN) :: Framework

<div class="block-content content" style="text-align: justify;"> <div style="text-align: justify;"> <br /> <article class="article article-type-page clearfix" id="article-6745" role="article"> <div class="article-content"> <div class="field field-name-body field-type-text-with-summary field-label-hidden"> <div class="field-items"> <div class="field-item even"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Vyatta Logo" border="0" height="320" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjZ08VeGbo_xXjPTm80en0xpKtHVEsztocx4UkyNj8XcEOklwOsoLpOrOJ9RIi5nqp4y9IlAQ4uUUssHWFzDRGtuowfzaD9ujUFVSNWPnhTLhA8CJf3JethTM45UNfDaSOy-aplzk6SivT/s1600-rw/vyatta+logo.png" title="Vyatta Logo" width="320" /></div> The free community <b>Vyatta Core software(VC)</b> is an award-winning open source <a href="http://www.toolwar.com/search/label/Network" target="_blank"> network</a> operating system providing advanced IPv4 and IPv6 routing, stateful <a href="http://www.toolwar.com/search/label/Firewalls" target="_blank">firewalling</a>, IPSec and SSL OpenVPN, and more. When you add <b>Vyatta</b> to a standard x86 hardware system, you can create an enterprise grade network appliance that easily scales from DSL to 10Gbps. <b>Vyatta</b> is also optimized to run in VMware, Citrix XenServer, Xen, KVM, and Hyper V, providing networking and <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> services to <a href="http://www.toolwar.com/search/label/Virutal" target="_blank">virtual machines</a> and cloud computing environments. <b>Vyatta</b> has been downloaded over 1,000,000 times, has a community of hundreds of thousands of registered users and counts dozens of fortune 500 businesses among its commercial customers.<br /> On this site, you'll find all the downloads, <a href="http://www.toolwar.com/search/label/Tools" target="_blank">tools</a>, documentation, and community resources to help you get up and running with your own <b>Vyatta-based</b> system. Ask questions in the Forums. Propose new features and vote on existing proposals. Participate and have fun. We have been working together with our community for over five years to continue to enhance the world's leading software-based network OS.<br /> A commercial version of the <b>Vyatta network OS</b> (Vyatta Subscription Edition) is also available with enterprise-ready management and security product extensions and complete engineering support including proactive notifications of security alerts and software releases as well as priority access to patches & bug fixes.<br /> <b>Vyatta's </b>open, software-based approach to networking has created a complete network OS that can connect and secure physical <a href="http://www.toolwar.com/search/label/Network" target="_blank">networks</a> as well as virtual and cloud computing infrastructures. <b>Vyatta</b> software and appliances offer users a flexible, affordable alternative to proprietary, hardware-based routers, firewalls, and VPN devices.<br /> Vyatta can help you: <br /> <ul> <li>Affordably scale large BGP implementations </li> <li>Keep your network safe with a stateful-inspection firewall </li> <li>Securely connect remote offices with <a href="http://www.toolwar.com/search/label/VPN" target="_blank">VPN </a></li> <li>Scale from DSL to 10-Gbps with a single software package</li> <li>Avoid costly proprietary networking upgrades </li> <li>Run virtualized networking environments in Xen, KVM and VMware </li> <li>Add networking and security to blade servers in your data center </li> <li>Offer cloud based managed security services </li> <li>Add network redundancy regardless of vendor equipment </li> <li>Build your own best-of-breed Branch office solution </li> </ul> <br /> The <b>Vyatta Core</b> is an integration of a number of components from a variety of different sources, much the same way as a standard Linux distribution. Many of the components are licensed under the GNU GPL. Others carry a BSD license. Still others carry less-popular licenses. All components of the <b>Vyatta Core</b> carry licenses defined as open source.<br /> License files are included with every package installed in the system and can be viewed in the /usr/share/doc/package/copyright file.<br /> <br /> <h3> Tutorials ::</h3> <b>Use Tips and Tricks :: </b><a href="http://www.vyatta.org/documentation/tips-tricks" target="_blank">Click Here</a><b><br /> </b><br /> <b>Documentations :: </b><a href="http://www.vyatta.org/documentation/translated-docs" target="_blank">Click Here</a><br /> <b>Vyatta Forum :: </b><a href="http://www.vyatta.org/forum" target="_blank">Click Here</a> <br /> <div class="separator" style="clear: both; text-align: center;"> <br /></div> <div style="text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/5JJOE5zeVbM?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <h3> Download ::</h3> <b>Live CD :: </b><a href="http://packages.vyatta.com/vyatta/iso/VC6.6/vyatta-livecd_VC6.6R1_i386.iso" target="_blank">Vyatta Live CD v6.6</a> (.iso)<b></b><br /> <b>Visualization ISO :: </b><a href="http://packages.vyatta.com/vyatta/iso/VC6.6/vyatta-livecd_VC6.6R1_i386.iso" target="_blank">Vyatta Visualization v6.6</a> (.iso)<b> </b> <b> </b><br /> <b>Official Website ::<a href="https://www.blogger.com/goog_2084089245"> </a></b><a href="http://www.vyatta.org/">http://www.vyatta.org/</a> </div> </div> </div> </div> </article></div> </div>

Vyatta (Vitrual Router, Firewall and VPN) :: Framework

The free community Vyatta Core software(VC) is an award-winning open source network operating system providing...

Read more »

Nagios XI (System and Network Monitoring) :: Tools

<div style="text-align: justify;"><div class="separator" style="clear: both; text-align: center;"><img alt="Nagios Logo" border="0" height="139" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijPJbT23GqEsND51gYYV9dlritrv4VMN0Y_kXrjsPpMF35HF9jV7QqyVxhKZU5jyF825HFNPBEghQzSXXvo9xLLhE3Hc1ybP9g6HiYYyh2rdXCLL-4OPuEAaCQhLgw9nJ8CBXoG1BT6l5L/s1600-rw/xi-logo-large.png" title="Nagios Logo" width="320" /></div><b>Nagios XI </b>is a system and <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">network monitoring</a> application. It watches hosts and services that you specify, alerting you when things go bad and when they get better. Some of its many features include monitoring of <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> services (SMTP, POP3, HTTP, NNTP, ICMP, etc.), monitoring of host resources (processor load, disk usage, etc.), and contact notifications when service or host problems occur and get resolved (via email, pager, or user-defined method).</div><div style="text-align: justify;"><b>With Nagios you can:</b> </div><ul style="padding-left: 25px;"><li>Monitor your entire IT infrastructure</li> <li>Spot problems <i>before</i> they occur</li> <li>Know immediately when problems arise</li> <li>Share availability data with stakeholders</li> <li>Detect security breaches</li> <li>Plan and budget for IT upgrades</li> <li>Reduce downtime and business losses</li> </ul><div style="text-align: justify;"><br /> </div><h3 style="text-align: justify;">Tutorials ::</h3><div style="text-align: justify;"><b>Text Tutorials :: </b><a href="http://library.nagios.com/library/products/nagiosxi/tutorials/" target="_blank">Click Here </a> </div><div style="text-align: justify;"><b>Documentation :: </b><a href="http://library.nagios.com/library/products/nagiosxi/documentation" target="_blank">Click Here</a> </div><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/mXUxXV17Nd4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div><div style="text-align: justify;"> </div><h3 style="text-align: justify;">Download ::</h3><div style="text-align: justify;"><b>Windows | Linux  :: </b><a href="http://library.nagios.com/library/products/nagiosxi/downloads/main" target="_blank">Nagios XI</a><b> </b></div><div style="text-align: justify;"><b>Official Website :: </b> <a href="http://www.nagios.org/">http://www.nagios.org/</a></div>

Nagios XI (System and Network Monitoring) :: Tools

Nagios XI is a system and network monitoring application. It watches hosts and services that you specify, alerting you when things go bad ...

Read more »

Nipper Studio (Network Security Audit for Firewall, Switches and Router) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjog3YqJ3FIoxb_rLEWgJPXiIWYhWS7Ihd2IOrLYGhAqOaRm7ioEB6gatr6PgzNw7OJf7ol2pC-Z9-TVfpQewGb_ryDyAt_h2uNqzrlhRtW194rN4xFfH7jYM3ivYb0TPmgsj7rIChoKIYR/s1600/Nipper+Home+Report+2.2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="nipper tutorial" border="0" height="333" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjog3YqJ3FIoxb_rLEWgJPXiIWYhWS7Ihd2IOrLYGhAqOaRm7ioEB6gatr6PgzNw7OJf7ol2pC-Z9-TVfpQewGb_ryDyAt_h2uNqzrlhRtW194rN4xFfH7jYM3ivYb0TPmgsj7rIChoKIYR/s1600-rw/Nipper+Home+Report+2.2.jpg" title="nipper tutorial" width="400" /></a></div> <div style="text-align: justify;"> <b>Nipper (short for Network Infrastructure Parser, previously known as CiscoParse)</b> audits the security of network devices such as switches, routers, and firewalls. It works by parsing and analyzing device configuration file which the <b>Nipper</b> user must supply. This was an open source tool until its developer (Titania) released a commercial version and tried to hide their old GPL releases. During a <b>network audit Nipper Studio</b> processes the devices’ native configurations and enables you to create a variety of different audit reports. By using traditional methodology for your <a href="http://www.toolwar.com/search/label/Network" target="_blank">network audit</a>, such as manual <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">Penetration Testing</a>, Agent-based software and <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">Network Scanners</a>, you could experience various drawbacks, which does not affect Nipper Studio <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> audit software:<br /> <ul> <li>Network scanners send huge numbers of network probes to a device and can impact performance. Only exposed vulnerabilities are identified, potentially missing many issues.</li> <li>Agent-based audit software requires software to be installed on the devices during the network audit. This is not possible for all devices and can introduce additional security vulnerabilities.</li> <li>Manual Penetration Tests examine individual <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> devices in detail. However this is slow, expensive and results in point in time audits of only a sample of devices.</li> <li>Flatten the <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability assessment</a> process and reduce human error by automatically producing an instant, device specific configuration report, readable by non-technical experts.  </li> <li>Achieve significant cost savings by automating a detailed configuration vulnerability analysis, typically provided by costly external Penetration Testing. </li> <li>Improve the productivity and scope of the network audit by quickly performing a thorough vulnerability assessment of multiple complex network devices, providing a detailed security audit report, unachievable with vulnerability scanning technologies. </li> <li>Stay secure as our security audit software requires no additional services on the device or agents to be installed and can audit the network devices without connecting or scanning them</li> </ul> <h3> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/wUtAmowwVD8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3>  </h3> <h3> Download ::</h3> <b>Windows | Linux | Mac :: </b> <b> </b><br /> <b>Buy :: </b><a href="https://www.titania.com/shop" target="_blank">Click Here</a><b> </b> <b> </b><br /> <b>Evaluate Copy :: </b><a href="https://www.titania.com/evaluate" target="_blank">Click Here</a><b>  </b> <b> </b><br /> <b>Official Website :: </b><a href="https://www.titania.com/nipperstudio" target="_blank">https://www.titania.com/nipperstudio </a></div>

Nipper Studio (Network Security Audit for Firewall, Switches and Router) :: Tools

Nipper (short for Network Infrastructure Parser, previously known as CiscoParse) audits the security of network devices such as switche...

Read more »

Argus (Auditing Network Activity) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="Argus Logo" border="0" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhB9EePKFj7bOOAmUlulpXxUps3bKmylywSIIPNjOKR95TlmXfzBpotmDPvTpombemgv5gs8g-qGAFLcjAB8y7S0iSCjatcaY9LTAFt-OoP0EOMiONWPCNZ_119wIkga4ZTRn1ILz9jhpfa/s1600-rw/ArgusOptimizationCycle.gif" title="Argus Logo" /></div> <div style="text-align: justify;"> <b>Argus</b> is a fixed-model Real Time Flow <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">Monitor</a> designed to track and report on the status and performance of all network transactions seen in a data <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information.</div> <div style="text-align: justify;"> <br /></div> <div class="plaintext" style="text-align: justify;"> <b>Argus </b>is composed of an advanced comprehensive network flow data generator, the<b> Argus</b> sensor, which processes packets (either capture files or live <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packet</a> data) and generates detailed network flow status reports of all the flows in the packet stream. Argus captures much of the packet dynamics and semantics of each flow, with a great deal of data reduction, so you can store, process, inspect and <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analyze</a> large amounts of network data efficiently. <b>Argus</b> provides reachability, availability, connectivity, duration, rate, load, good-put, loss, jitter, retransmission, and delay metrics for all network flows, and captures most attributes that are available from the packet contents, such as L2 addresses, tunnel identifiers (MPLS, GRE, ESP, etc...), <a href="http://www.toolwar.com/search/label/IDS" target="_blank">protocol ids</a>, SAP's, hop-count, options, L4 transport identification (RTP, RTCP detection), host flow control indications, etc...</div> <div class="plaintext" style="text-align: justify;"> <br /></div> <div class="plaintext" style="text-align: justify;"> Argus is used by many sites to generate network activity reports for every network transaction on their networks. The network audit data that <b>Argus</b> generates is great for <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a>, operations and performance management. The data is used for network forensics, non-repudiation, network asset and service inventory, behavioral baselining of server and client relationships, detecting covert channels, and analyzing Zero day events.</div> <div class="plaintext" style="text-align: justify;"> <br /></div> <div class="plaintext" style="text-align: justify;"> Argus is an Open Source project, currently running on <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X,</a> <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, IRIX, <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (under Cygwin) and OpenWrt, and has been ported to many hardware accelerated platforms, such as Bivio, Pluribus, Arista, and Tilera. The software should be portable to many other environments with littleor no modifications. Performance is such that auditing an entire enterprise's Internet activity can be accomplished using modest computing resources.</div> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>How To :: </b><a href="http://www.qosient.com/argus/howto.shtml" target="_blank">Click Here</a><b><br /></b></div> <b>Wiki :: </b><a href="http://nsmwiki.org/index.php?title=Argus" target="_blank">Click Here</a><br /> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows | Mac | Linux ::  </b><a href="http://qosient.com/argus/src/argus-3.0.6.1.tar.gz" target="_blank">Argus v3.0.6.1</a><b> | </b><a href="http://qosient.com/argus/src/argus-clients-3.0.6.2.tar.gz" target="_blank">Argus v3.0.6.1 Client</a><b> </b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.qosient.com/argus/">http://www.qosient.com/argus/</a><b><br /></b></div> <div style="text-align: justify;"> <br /></div>

Argus (Auditing Network Activity) :: Tools

Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions s...

Read more »

Fiddler (Web Debugger Proxy) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoMGV0ZYokZLN2EHLK6qkK_j46ll8DxX5tNAWsuTWrfhCFoHDzxx4SUQFYGKOWgGNkc3p12cIAU1IWKWCKRo16-Ffc1JXOnqM6M60CPkbbxgDqnRKDKo0SJjH0htwNuFreOKr16MRNlihG/s1600/Fiddler+logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="251" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoMGV0ZYokZLN2EHLK6qkK_j46ll8DxX5tNAWsuTWrfhCFoHDzxx4SUQFYGKOWgGNkc3p12cIAU1IWKWCKRo16-Ffc1JXOnqM6M60CPkbbxgDqnRKDKo0SJjH0htwNuFreOKr16MRNlihG/s1600-rw/Fiddler+logo.png" width="400" /></a></div> <div style="text-align: justify;"> <b>Fiddler</b> is a <b>Web Debugging Proxy</b> which logs all HTTP(S) traffic between your computer and the Internet. <b>Fiddler</b> allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.</div> <ul style="text-align: justify;"> <li><b>HTTP/HTTPS Traffic Recording :: </b>Fiddler is a free <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> <a href="http://www.toolwar.com/search/label/Debugger" target="_blank">debugging</a> proxy which logs all HTTP(s) traffic between your computer and the Internet. Use it to debug traffic from virtually any application that supports a proxy like IE, Chrome, Safari, Firefox, Opera and more.</li> <li><b>Web Session Manipulation ::</b> Easily manipulate and edit web sessions. All you need to do is set a breakpoints to pause the processing of the session and permit alteration of the request/response. You can also compose your own HTTP requests to run through <b>Fiddler</b>.</li> <li><b>Web Debugging :: </b>Debug traffic from PC, <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac</a> or <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux systems</a> and <a href="http://www.toolwar.com/search/label/Mobile" target="_blank">mobile devices</a>. Ensure the proper cookies, headers and cache directives are transferred between the client and server. Supports any framework, including .NET, Java, Ruby, etc.</li> <li><b> Security Testing :: </b>Use <b>Fiddler</b> for <a href="http://www.toolwar.com/search/label/Security" target="_blank">security testing</a> your web applications -- decrypt HTTPS traffic, and display and modify requests using a man-in-the-middle decryption technique. Configure Fiddler to decrypt all traffic, or only specific sessions.</li> <li><b>Performance Testing :: </b>Fiddler lets you see the “total page weight,” HTTP caching and compression at a glance. Isolate performance bottlenecks with rules like “Flag any uncompressed responses larger than 25kb.”</li> <li><b>Customizing Fiddler :: </b>Benefit from a rich extensibility model, ranging from simple FiddlerScript to powerful Extensions which can be developed using any .NET language.  </li> <li><div class="sfContentBlock"> <b>Simulate Real User Load Using Fiddler Captures ::</b> Fiddler is an excellent tool for understanding the performance of your website, but how does your performance change when lots of users are hitting the site? Check out Telerik Test Studio powered by Fiddler to get an in-depth understanding of how your site performance degrades as the number of users increases.</div> </li> </ul> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/gujBKFGwjd4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;">  </h3> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="http://www.telerik.com/docs/default-source/fiddler/fiddler4setup.exe?sfvrsn=2" target="_blank">Fiddler v4.4.6.2</a> (.exe) <b> </b></div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://www.telerik.com/download/fiddler">http://www.telerik.com/download/fiddler</a></div>

Fiddler (Web Debugger Proxy) :: Tools

Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect...

Read more »

Foremost (File Carving) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdkN2Ugs8yPIpW9bdhSCRtfTQisB-mmEgSeRyCTN_07YHLjIom3zkuOAPeUS8z8s7WHAT-qFoxrqYH6hrVHV9q-40PTsRzLLn9SMc0DbYBMNR944nbfhqU8fPWiPYTWV_PcywGGNhbEMS8/s1600/foremost+screenshot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="foremost screenshot" border="0" height="275" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdkN2Ugs8yPIpW9bdhSCRtfTQisB-mmEgSeRyCTN_07YHLjIom3zkuOAPeUS8z8s7WHAT-qFoxrqYH6hrVHV9q-40PTsRzLLn9SMc0DbYBMNR944nbfhqU8fPWiPYTWV_PcywGGNhbEMS8/s400-rw/foremost+screenshot.jpg" title="foremost screenshot" width="400" /></a></div> <br /> <b>Foremost</b> is a <b><i>console program to recover files</i></b> based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. <b> Foremost</b> can work on image files, such as those generated by dd, Safeback, <a href="http://www.toolwar.com/2013/09/encase-forensics-v7-tools.html" target="_blank">Encase</a>, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use <a href="http://www.toolwar.com/search/label/CLI" target="_blank">command line</a> switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery. </div> <div style="text-align: justify;"> <br /> <h3> Tutorial ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/9AkY-IefI4Q?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3> </h3> </div> <h3 style="text-align: justify;"> Download :: </h3> <div style="text-align: justify;"> <b>Linux ::</b> <a href="http://foremost.sourceforge.net/pkg/foremost-1.5.7.tar.gz" target="_blank">Foremost 1.5.7 (.tar.gz)</a><br /> <b>Official Website :: </b><a href="http://foremost.sourceforge.net/" target="_blank">http://foremost.sourceforge.net/ </a></div>

Foremost (File Carving) :: Tools

Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is common...

Read more »

Immunity Canvas (Vulnerability Exploitation) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqwXRB2JW_wTRBZeFsPrNZqP7KK7Xyn3JC7nG4SvaFbLePxH0hRCMjN9Qmahzts9eQvlEvfqI-ZtbOgvXHS6d2EBgXNSHvEgPXs_l3QYQyy_cg2IrSmwwJThp4ddWSXS5oV4GoJEOJbLUo/s1600/img-canvas.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Immunity Canvas" border="0" height="171" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqwXRB2JW_wTRBZeFsPrNZqP7KK7Xyn3JC7nG4SvaFbLePxH0hRCMjN9Qmahzts9eQvlEvfqI-ZtbOgvXHS6d2EBgXNSHvEgPXs_l3QYQyy_cg2IrSmwwJThp4ddWSXS5oV4GoJEOJbLUo/s1600-rw/img-canvas.gif" title="Immunity Canvas" width="400" /></a></div> <b>Immunity Canvas</b> is a commercial <b>vulnerability exploitation tool </b>from Dave Aitel's ImmunitySec. It includes more than 370 exploits and is less expensive than Core Impact or the commercial versions of <a href="http://www.toolwar.com/2013/09/metasploit-framework.html" target="_blank">Metasploit</a>. It comes with full source code, and occasionally even includes zero-day exploits.<b> </b><br /> <b>Immunity's CANVAS</b> makes available hundreds of exploits, an automated <a href="http://www.toolwar.com/search/label/Exploitation" target="_blank">exploitation</a> system, and a comprehensive, reliable exploit development framework to <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration</a> testers and <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> professionals worldwide. To see CANVAS in action please see our movies. For users new to CANVAS or experienced users looking to get just a little more out of CANVAS we have <a href="http://www.toolwar.com/search/label/PDF" target="_blank">PDF</a> based tutorials available for download.</div> <div style="text-align: justify;">   </div> <div style="text-align: justify;"> <b>Supported Platforms and Installations</b><br /> - <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (requires Python & PyGTK)<br /> - <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a><br /> - <a href="http://www.toolwar.com/search/label/Mac" target="_blank">MacOSX</a> (requires PyGTK)<br /> - All other <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a> environments such as mobile phones and commercial Unixes (command line version only supported, GUI may also be available)</div> <div style="text-align: justify;"> <b>Architecture</b><br /> - CANVAS' completely open design allows a team to adapt CANVAS to their environment and needs. </div> <div style="text-align: justify;"> <b>Documentation</b><br /> - all documentation is delivered in the form of demonstration movies<br /> - exploit modules have additional information windows</div> <div style="text-align: justify;"> <b> Exploits</b><br /> - currently over 490 exploits, an average of 4 exploits added every monthly release<br /> - Immunity carefully selects vulnerabilities for inclusion as CANVAS exploits. Top priorities are high-value vulnerabilities such as remote, pre-authentication, and new vulnerabilities in mainstream software.<br /> - Exploits span all common platforms and applications</div> <div style="text-align: justify;"> <b> Payload Options</b><br /> - to provide maximum reliability, exploits always attempt to reuse socket<br /> - if socket reuse is not suitable, connect-back is used<br /> - subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions (file management, screenshots, etc)<br /> - bouncing and split-bouncing automatically available via MOSDEF<br /> - adjustable covertness level</div> <div style="text-align: justify;"> <b> Exploit Delivery</b><br /> - regular monthly updates made available via <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a><br /> - exploit modules and CANVAS engine are updated simultaneously<br /> - customers reminded of monthly updates via email</div> <div style="text-align: justify;"> <b> Exploit Creation Time</b><br /> - exploits included in next release as soon as they are stable</div> <div style="text-align: justify;"> <b> Effectiveness of Exploits</b><br /> - all exploits fully QA'd prior to release<br /> - exploits demonstrated via flash movies<br /> - exploit development team available via direct email for support</div> <div style="text-align: justify;"> <b> Ability to make Custom Exploits</b><br /> - unique MOSDEF development environment allows rapid exploit development</div> <div style="text-align: justify;"> <b> Product Support and Maintenance</b><br /> - subscriptions include email and phone support M-F 9am - 5pm EST, directly with development team<br /> - minimum monthly updates</div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <h3> Tutorials ::</h3> <ol> <li><a href="http://www.immunitysec.com/documentation/tutorials/Windows_Install.pdf">Detailed Windows Installation Instructions</a></li> <li><a href="http://www.immunitysec.com/documentation/tutorials/canvas101-part1.pdf">CANVAS 101 (Part 1)</a></li> <li><a href="http://www.immunitysec.com/documentation/tutorials/canvas101-part2.pdf">CANVAS 101 (Part 2)</a></li> <li><a href="http://www.immunitysec.com/documentation/tutorials/HCN-Part1.pdf">HCN Rootkit (Part 1)</a></li> <li><a href="http://www.immunitysec.com/documentation/tutorials/ties-that-binder-dot-py.pdf">The Ties That Binder.py</a></li> </ol> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/FAz-Bek4RfU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <ol></ol> </div> <div style="text-align: justify;"> <h3> Download ::</h3> </div> <div style="text-align: justify;"> <b>Linux | Mac | Windows :: Contact Here ::</b> sales@immunityinc.com <b> </b><br /> <b>Official Website ::</b> <a href="https://www.immunitysec.com/products-canvas.shtml">https://www.immunitysec.com/products-canvas.shtml</a></div>

Immunity Canvas (Vulnerability Exploitation) :: Tools

Immunity Canvas is a commercial vulnerability exploitation tool from Dave Aitel's ImmunitySec. It includes more than 370 exploits an...

Read more »

QualysGuard (Cloud Security) :: Framework

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghdzpjPZX2FLqOdTxqOBOsBcHPK-BGXs4z6FvMDEBWtOdSSQDhFqcOvSs8HLf2_C0gGeR9JzfehTMjygryKrJFU1Andf_8LVNhhNiAMihWAnzULkz0Qj63VCASwzVjkCQVNBGQnopmccia/s1600/qualys-logo.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Qualys logo" border="0" height="306" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghdzpjPZX2FLqOdTxqOBOsBcHPK-BGXs4z6FvMDEBWtOdSSQDhFqcOvSs8HLf2_C0gGeR9JzfehTMjygryKrJFU1Andf_8LVNhhNiAMihWAnzULkz0Qj63VCASwzVjkCQVNBGQnopmccia/s1600-rw/qualys-logo.jpeg" title="Qualys logo" width="320" /></a></div> <div style="text-align: justify;"> <b>QualysGuard</b> is a popular <b>SaaS (software as a service) vulnerability management</b> offering. It's web-based UI offers <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> discovery and mapping, asset prioritization, <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> assessment reporting and remediation tracking according to business risk. Internal scans are handled by Qualys appliances which communicate back to the <a href="http://www.toolwar.com/search/label/Cloud" target="_blank">cloud-based</a> system.</div> <h3 style="text-align: justify;"> Tutorials ::</h3> <h3 style="text-align: justify;"> </h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/XfeyNLb7ZDc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/5Cbq5wudtZE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Trial Linux | Mac | Windows :: </b><a href="http://www.qualys.com/forms/trials/qualysguard/" target="_blank">QualysGuard</a><b> </b></div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://www.qualys.com/" target="_blank">http://www.qualys.com/ </a></div>

QualysGuard (Cloud Security) :: Framework

QualysGuard is a popular SaaS (software as a service) vulnerability management offering. It's web-based UI offers network discov...

Read more »

Skipfish (Web Application Security Scanner) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWet3cqxS_RaHFSPFgDcVyLfRIrD075ildwUJOYxN7KDyiHkwz5nOjJPSSvtMoZzRLq_g1vGKdWJsR2avZ_xoeGfBYB4C_YjX_Ulr5xlGhii4h2OWhJ_f2_3UkGgBCQ6pOtci-zTNqau4-/s1600/skipfish+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Skipfish Screenshot" border="0" height="329" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWet3cqxS_RaHFSPFgDcVyLfRIrD075ildwUJOYxN7KDyiHkwz5nOjJPSSvtMoZzRLq_g1vGKdWJsR2avZ_xoeGfBYB4C_YjX_Ulr5xlGhii4h2OWhJ_f2_3UkGgBCQ6pOtci-zTNqau4-/s1600-rw/skipfish+screenshot.png" title="Skipfish Screenshot" width="640" /></a></div> <div style="text-align: justify;"> <b><i>Skipfish</i></b> is an active <b>web application security reconnaissance tool</b>. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> checks. The final report generated by the tool is meant to serve as a foundation for professional <a href="http://www.toolwar.com/search/label/Web" target="_blank">web application</a> security assessments. </div> <div style="text-align: justify;"> Key features: </div> <ul style="text-align: justify;"> <li><b>High speed</b>: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets. </li> </ul> <ul style="text-align: justify;"> <li><b>Ease of use</b>: heuristics to support a variety of quirky web <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">frameworks</a> and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion. </li> </ul> <ul style="text-align: justify;"> <li><b>Cutting-edge security logic</b>: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors. </li> </ul> <div style="text-align: justify;"> The tool is believed to support <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, FreeBSD, <a href="http://www.toolwar.com/search/label/Mac" target="_blank">MacOS X</a>, and <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (Cygwin) environments. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/kqx8rp7Cnwc?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;">  </h3> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows | Mac | Linux ::</b> <a href="http://skipfish.googlecode.com/files/skipfish-2.10b.tgz" target="_blank">Skipfish v2.10b</a> (.tgz)</div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://code.google.com/p/skipfish/">http://code.google.com/p/skipfish/</a></div>

Skipfish (Web Application Security Scanner) :: Tools

Skipfish is an active web application security reconnaissance tool . It prepares an interactive sitemap for the targeted site by carryi...

Read more »

GoLismero (The Web Knife) :: Framework

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJYxDNAmrpLOxGHjpb6huddkmpfTYX3pDCUkzAP5ZvTN4YHVhKeSoNVz0mP3edsRRLaggj3y4jcannl6jCd928BDdVuz0XMqsJrc4uaybV2Vo1azKfWDoSHkN3sWgH2iEF7wp3DJ79MdTj/s1600/Golismero+WIndows+Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Golismero " border="0" height="380" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJYxDNAmrpLOxGHjpb6huddkmpfTYX3pDCUkzAP5ZvTN4YHVhKeSoNVz0mP3edsRRLaggj3y4jcannl6jCd928BDdVuz0XMqsJrc4uaybV2Vo1azKfWDoSHkN3sWgH2iEF7wp3DJ79MdTj/s1600-rw/Golismero+WIndows+Screenshot.png" title="Golismero " width="640" /></a></div> <div style="text-align: justify;"> <b>GoLismero</b> is an open source framework for <a href="http://www.toolwar.com/search/label/Security" target="_blank"><b>security testing</b></a>. It's currently geared towards <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> security, but it can easily be expanded to other kinds of scans.</div> <div style="text-align: justify;"> The most interesting features of the <a href="http://www.toolwar.com/search/label/Frameworks" target="_blank">framework</a> are:</div> <ul style="text-align: justify;"> <li>Real platform independence. Tested on <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, *BSD and <a href="http://www.toolwar.com/search/label/Mac" target="_blank">OS X</a>.</li> <li>No native library dependencies. All of the framework has been written in pure Python.</li> <li>Good performance when compared with other frameworks written in Python and other scripting languages.</li> <li>Very easy to use.</li> <li>Plugin development is extremely simple.</li> <li>The framework also collects and unifies the results of well known tools: <a href="http://www.toolwar.com/2013/09/sqlmap-tools.html" target="_blank">sqlmap</a>, xsser, <a href="http://www.toolwar.com/2013/09/openvas-is-advanced-open-source.html" target="_blank">openvas</a>, <a href="http://www.toolwar.com/2013/10/dnsrecon-tools.html" target="_blank">dnsrecon</a>, <a href="http://www.toolwar.com/2013/09/theharvester-tools.html" target="_blank">theharvester</a>...</li> <li>Integration with standards: CWE, CVE and OWASP.</li> <li>Designed for cluster deployment in mind (not available yet).</li> </ul> <h3> Tutorials ::</h3> <b>Installation :: </b> <br /> Strictly speaking, GoLismero doesn't require installation - only its dependencies do. So if you want to use it on a system where you don't have root privileges, you can ask the system administrator to install them for you, and just run the "git checkout" command on your home folder.<br /> <b>Briefly Tutorial of Installation :: </b> <a href="https://github.com/golismero/golismero">Click Here</a><br /> <b>Basic Usages ::</b> <a href="https://github.com/golismero/golismero" target="_blank">Click Here</a><br /> <h3> Download ::</h3> <b>Linux | Mac | Windows :: </b><a href="https://github.com/golismero/golismero/archive/master.zip" target="_blank">GoLismero Archive</a> (.zip)<b> </b><br /> <b>Official Website :: </b><a href="https://github.com/golismero/golismero" target="_blank">https://github.com/golismero/golismero</a>

GoLismero (The Web Knife) :: Framework

GoLismero is an open source framework for security testing . It's currently geared towards web security, but it can easily be expa...

Read more »

Cisco Torch (Scanning, Fingerprinting and Exploitation) :: Tools

<div style="text-align: justify;"> </div> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrDBORXGRkO4-BVNT3r3mNPK_ogJ94i5y-vnarwHNshmXWd2qBKmXLLFyAlwuJM32ULoRNrOznorFUhaZ4b3jXomvwheUARBWfq9WYFeRUL_t0fvlOOf1yW2UUaYIEdzhS7mtfN0guCsfD/s1600/cisco-torch.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Cisco Torch" border="0" height="294" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrDBORXGRkO4-BVNT3r3mNPK_ogJ94i5y-vnarwHNshmXWd2qBKmXLLFyAlwuJM32ULoRNrOznorFUhaZ4b3jXomvwheUARBWfq9WYFeRUL_t0fvlOOf1yW2UUaYIEdzhS7mtfN0guCsfD/s1600-rw/cisco-torch.PNG" title="Cisco Torch" width="640" /></a></div> <div style="text-align: justify;"> <b>Cisco Torch</b> is a <b>mass scanning, fingerprinting, and exploitation tool</b> was written while working on the next edition of the "Hacking Exposed Cisco Networks", since the <a href="http://www.toolwar.com/search/label/Tools">tools</a> availalbe on the market could not meet our needs. <br />The main feature that makes<b> Cisco-torch</b> different from similar tools is the extensive use of forking to launch multiple scanning processes on the background for maximum <a href="http://www.toolwar.com/search/label/Scanner">scanning</a> efficiency. Also, it uses several methods of application layer fingerprinting simultaneously, if needed. We wanted something fast to discover remote Cisco hosts running Telnet, SSH, Web, NTP and SNMP services and launch dictionary attacks against the services discovered. </div> <br /><h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows | Mac | Linux :: </b><a href="http://www.arhont.com/en/wp-content/uploads/2010/01/cisco-torch-0.4b.tar.gz" target="_blank">Cisco-Torch v0.4b</a> (.tar.bz2)<b> | Language ::</b> Perl<b><br /></b></div> <div style="text-align: justify;"> <b>Official Website :: </b> <a href="http://www.arhont.com/en/category/resources/tools-utilities/">http://www.arhont.com/en/category/resources/tools-utilities/</a></div>

Cisco Torch (Scanning, Fingerprinting and Exploitation) :: Tools

Cisco Torch is a mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the "Hac...

Read more »

Nmap and Zenmap (Network Discovery and Security Auditing) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="nmap scanner logo" border="0" height="210" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPn1QPXq_tY_zK1uLIjY-6fyXimOMxgo3rq52s-03wGFIiM3FEUXb1R_uZpS2QvMEucVny6EK7w0eYYGJ5JKDgUtasnKL7WqkAIA5QMKqB05XXAv_va-hOLNd2wlIHxv1cUDpxCVa4kxbF/s1600-rw/nmap.jpg" title="nmap scanner logo" width="400" /></div> </div> <div style="text-align: justify;"> <b>Nmap ("Network Mapper")</b> is a free and open source (license) utility for <b>network discovery and security auditing.</b> Many systems and network administrators also find it useful for tasks such as <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> inventory, managing service upgrade schedules, and <a href="http://www.toolwar.com/search/label/Monitoring" target="_blank">monitoring</a> host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of <a href="http://www.toolwar.com/search/label/Packet" target="_blank">packet</a> filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a>, and <a href="http://www.toolwar.com/search/label/Mac" target="_blank">Mac OS X</a>. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced <a href="http://www.toolwar.com/search/label/GUI" target="_blank">GUI</a> and results viewer <b>(Zenmap)</b>, a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis tool</a> (Nping).<br /> <br /> <b>Nmap</b> was named “<a href="http://www.toolwar.com/search/label/Security" target="_blank">Security</a> Product of the Year” by Linux Journal, Info World, LinuxQuestions.Org, and Codetalker Digest. It was even featured in twelve movies, including The Matrix Reloaded, Die Hard 4, Girl With the Dragon Tattoo, and The Bourne Ultimatum.<br /> <br /> <b>Nmap is::</b></div> <ul style="text-align: justify;"> <li>    Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, <a href="http://www.toolwar.com/search/label/IDS" target="_blank">firewalls</a>, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), <b>OS detection</b>, version detection, ping sweeps, and more. See the documentation page.</li> <li>    Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines.</li> <li>    Portable: Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.</li> <li>    Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source.</li> <li>    Free: The primary goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/auditors/hackers with an advanced tool for exploring their networks. Nmap is available for free download, and also comes with full source code that you may modify and redistribute under the terms of the license.</li> <li>    Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, tutorials, and even a whole book! Find them in multiple languages here.</li> <li>    Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-traffic nmap-hackers announcement list. You can also find Nmap on Facebook and Twitter. For real-time chat, join the #nmap channel on Freenode or EFNet.</li> <li>    Acclaimed: <b>Nmap</b> has won numerous awards, including "Information Security Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles, several movies, dozens of books, and one comic book series. Visit the press page for further details.</li> <li>    Popular: Thousands of people download <b>Nmap</b> every day, and it is included with many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc). It is among the top ten (out of 30,000) programs at the Freshmeat.Net repository. This is important because it lends Nmap its vibrant development and user support communities. </li> </ul> <h3> Tutorials ::</h3> <b>Tutorial (Max OS X) :: </b><a href="http://nmap.org/book/inst-macosx.html#inst-macosx-source">Click Here</a><br /> <b>Tutorial (Windows) :: </b><a href="http://nmap.org/book/inst-windows.html#inst-win-source">Click Here</a> <b><br /> </b><br /> <b>Tutorial (Linux) ::</b> <a href="http://nmap.org/book/inst-source.html">Click Here</a><br /> <b>Installation :: </b><a href="http://nmap.org/book/install.html" target="_blank">Click Here</a>   <br /> <b>Tutorials From Basics :: </b><a href="http://nmap.org/bennieston-tutorial/">Click Here </a><br /> <b>Video Tutorial :: </b><br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/RJxF7puQFXI?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <b> </b> <br /> <h3> Download ::</h3> <h3> </h3> <b>Download ZenMap (GUI of Nmap) :: </b><a href="http://nmap.org/zenmap/">Click Here</a><b> </b><br /> <b>Windows :: </b><a href="http://nmap.org/dist/nmap-6.40-setup.exe">Nmap-Latest</a> (.exe) <b> </b><br /> <b>Linux :: </b><a href="http://nmap.org/dist/nmap-6.40.tar.bz2">Nmap Latest</a> (.tar.bz2)<b> </b><br /> <b>Mac :: </b><a href="http://nmap.org/dist/nmap-6.40-2.dmg">Nmap Latest</a> (.dmg)<b> </b> <b>  </b><br /> <b>Official Website ::</b> <a href="http://nmap.org/">http://nmap.org/</a> <br /> <div style="text-align: justify;"> </div>

Nmap and Zenmap (Network Discovery and Security Auditing) :: Tools

Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many syste...

Read more »

SAINT 8 (Security Auditing Suite) :: Framework

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <img alt="SAINT LOGO" border="0" height="107" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA7ITNbIsTcKUwW4ShEmmGIi_tc3r93_yUAm8uaCmmHsBBhYfr3EemJ8Cqkmicl1Fhpd9D3UxPy_DS7kuqAJEVvVADbttEn7PYmcWl3xA3gQEQWKeMojScYzNb7yO1L08sAs_4K6kEYXHm/s1600-rw/SAINT.jpg" title="SAINT LOGO" width="200" /></div> <b>SAINT 8</b> is a <b>fully-integrated security tool suite</b> that combines <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability scanning</a>, with <a href="http://www.toolwar.com/search/label/Penetration" target="_blank">penetration testing</a>, social engineering tools and configuration assessments. Use the combined power of these tools to identify vulnerabilities on <a href="http://www.toolwar.com/search/label/Network" target="_blank">network</a> devices, operating systems, desktop applications, <a href="http://www.toolwar.com/search/label/Web" target="_blank">Web applications</a>, databases, and more; run packaged penetration tests through pre-configured policies, run vulnerability-specific exploits for target-directed investigation; execute social engineering through packaged exploit Tools; and execute platform-specific configuration auditing, using NIST’s SCAP standards and protocols.  <b>SAINT 8 </b>then provides a robust set of <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">analysis</a> and reporting features to perform ad hoc analytics, view strategic level results across 1 or many assessments, and then build reports from pre-defined templates, compliance reports or build your own custom reports from over 150 customizable settings. <b>SAINT's</b> current repository includes over 4,200 <a href="http://www.toolwar.com/search/label/Vulnerability" target="_blank">vulnerability</a> checks and 900+ exploits - which span over 48,000 Common Vulnerability Exposures (CVEs), plus numerous vulnerabilities that do not currently have a CVE assigned. Vulnerability checks and exploit development is a daily activity, that includes delivery of new checks twice a week, through an automated plug-in. This agentless scanning solution can be delivered via a cloud-based version <b> (WebSAINT Pro 8)</b>, deployed standalone, shared as a server-based solution, or as a multi-<a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanner</a> architecture for large enterprise or load balanced scanning.</div> <br /> <h3> Tutorials ::</h3> <b>Video Tutorial :: </b><a href="http://www.youtube.com/watch?v=ibW6gLNYrf8" target="_blank">Click Here </a><br /> <b>Exploit Tools List :: </b><a href="http://www.saintcorporation.com/solutions/exploitTools.html" target="_blank">Click Here</a><b></b><br /> <br /> <h3> Download :: </h3> <b>Windows :: </b><a href="https://www.saintcorporation.com/resources/requestEvaluation.html" target="_blank">Request a Evaluation Copy</a><b> </b><br /> <b>Official Website :: </b><a href="https://www.saintcorporation.com/products/SAINT8.html">https://www.saintcorporation.com/products/SAINT8.html</a><br /> <b>Submitted By :: </b>SAINT Corporation <br /> <div style="text-align: justify;"> <br /></div>

SAINT 8 (Security Auditing Suite) :: Framework

SAINT 8 is a fully-integrated security tool suite that combines vulnerability scanning , with penetration testing , social engineering ...

Read more »

FTester (Testing Firewall Filtering Policies and IDS Capabilities) :: Tools

<div style="text-align: justify;"> <div class="section"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2h4CgTrZX0VYiu63TmUAtbc4QAObotOLBVPALrQnQ8EFD3Xii02746KHPmYlcOy05O2996O4ZQkhmZ02DFzrpgLuSLR8wzAHvdVCdJO_f9rD6xOK9IV7pzIgiROpp2C_RJvsLGF0IkuR7/s1600/FTester+Screenshot.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="FTester Screenshot" border="0" height="267" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2h4CgTrZX0VYiu63TmUAtbc4QAObotOLBVPALrQnQ8EFD3Xii02746KHPmYlcOy05O2996O4ZQkhmZ02DFzrpgLuSLR8wzAHvdVCdJO_f9rD6xOK9IV7pzIgiROpp2C_RJvsLGF0IkuR7/s1600-rw/FTester+Screenshot.JPG" title="FTester Screenshot" width="400" /></a></div> The <b>Firewall Tester (FTester)</b> is a tool designed for <b>testing firewall filtering policies and Intrusion Detection System (IDS) capabilities.</b><br /> The tool consists of two perl scripts, a <span id="goog_1392660018"></span><a href="http://www.toolwar.com/search/label/Packet">packet injector<span id="goog_1392660019"></span></a> (ftest) and a listening <a href="http://www.toolwar.com/search/label/Sniffer">sniffer</a> (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for such marked packets. The scripts both write a log file which is in the same form for both scripts. A comparison of the two produced log files (ftest.log and ftestd.log) outlines the packets that were unable to reach the sniffer due to filtering rules if these two scripts are ran on hosts placed on two different sides of a <a href="http://www.toolwar.com/search/label/IDS">firewall</a>. Stateful inspection firewalls are handled with the 'connection spoofing' option. A script called freport is also available to automatically parse the log files.<br /> Using the tool is not a completely automated process, ftest.conf must be crafted for every different situation. Examples and rules are included in the attached configuration file.<br /> The <a href="http://www.toolwar.com/search/label/IDS">IDS (Intrusion Detection System)</a> testing feature can be used either with ftest only or with the additional support of ftestd for handling stateful inspection IDS, ftest can also use common IDS evasion techniques. The script can also process snort rule definition files.<br /> <h3> Features:</h3> <ul> <li>firewall testing</li> <li>IDS testing</li> <li>simulation of real tcp connections for stateful inspection firewalls and IDS</li> <li>TCP connection spoofing</li> <li>IP fragmentation / TCP segmentation</li> <li>IDS evasion techniques</li> </ul> <b>NOTE</b>: this tool is now outdated and is presented here for historical reasons, a complete rewrite with new features and IPv6 support is scheduled for sometime in the future.<br /> </div> </div> <div style="text-align: justify;"> <br /> <h3> Tutorials ::</h3> <b>Installation ::</b><br /> <div class="MsoNormal"> FTester components are PERL scripts. They can be executed on any platform with a recent version of PERL. Three perl modules -<span style="mso-spacerun: yes;">Ý </span>Net::RawIP, Net::PcapUtils, and NetPacket ñ are also required. These can be downloaded at the Comprehensive Perl Archive Network (<a href="http://www.cpan.org/" target="_new">CPAN</a>), and<span style="color: red;"> </span>you can install them using the CPAN shell. </div> <div class="MsoNormal"> Installation is quite simple. <span style="font-family: Courier;">Untar</span> the latest archive. Everything you need will be decompressed along with an example configuration file, documentation and a script called <span style="font-family: Courier;">freport</span> for comparing <span style="font-family: Courier;">ftest</span> and <span style="font-family: Courier;">ftestd</span> log files. Before using the package I recommend to read and fully understand all documentation.</div> <b>ManPage ::</b> <a href="http://www.inversepath.com/ftester_man.html" target="_blank">Click Here</a><br /> <b>Documentation :: </b><a href="http://dev.inversepath.com/ftester/README" target="_blank">Click Here</a><br /> <b>Published Paper ::</b> <a href="http://www.tisc-insight.com/newsletters/56.html" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <h3> Download ::</h3> </div> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://dev.inversepath.com/ftester/ftester-latest.tar.gz" target="_blank">FTester-Latest</a> (.tar.gz)<b><br /></b></div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://www.inversepath.com/ftester.html" target="_blank">http://www.inversepath.com/ftester.html</a></div>

FTester (Testing Firewall Filtering Policies and IDS Capabilities) :: Tools

The Firewall Tester (FTester) is a tool designed for testing firewall filtering policies and Intrusion Detection System (ID...

Read more »

Wafw00f (Web Application Firewall Detection) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEPFB63-uWGx3aIVZ5ZzxS1NkiNshLYe7Jic5FFeulXya-517a-PboH8hrWZkQpOl-mI9kSJMdQo1aByMhfdZITiQalnRB5h2HIgcbwvGtxg6nKUL_ePCsWTbosFDnmLr2IEwNhPzBYca9/s1600/wafw00f+screenshot.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="wafw00f screenshot" border="0" height="281" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEPFB63-uWGx3aIVZ5ZzxS1NkiNshLYe7Jic5FFeulXya-517a-PboH8hrWZkQpOl-mI9kSJMdQo1aByMhfdZITiQalnRB5h2HIgcbwvGtxg6nKUL_ePCsWTbosFDnmLr2IEwNhPzBYca9/s1600-rw/wafw00f+screenshot.JPG" title="wafw00f screenshot" width="400" /></a></div> <div style="text-align: justify;"> <b>Web Application Firewalls (WAFs) </b>can be detected through stimulus/response testing scenarios. Here is a short listing of possible detection methods: </div> <ul style="text-align: justify;"> <li><b>Cookies</b>: Some WAF products add their own cookie in the HTTP communication. </li> <li><b>Server Cloaking</b>: Altering URLs and Response Headers </li> <li><b>Response Codes</b>: Different error codes for hostile pages/parameters values </li> <li><b>Drop Action</b>: Sending a FIN/RST packet (technically could also be an IDS/IPS) </li> <li><b>Pre Built-In Rules</b>: Each WAF has different negative security signatures </li> </ul> <div style="text-align: justify;"> <b>WafW00f </b>is based on these assumptions to determine remote WAFs. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <pre>$ <b>python wafw00f.py http://www.aldeid.com</b> ^ ^ _ __ _ ____ _ __ _ _ ____ ///7/ /.' \ / __////7/ /,' \ ,' \ / __/ | V V // o // _/ | V V // 0 // 0 // _/ |_n_,'/_n_//_/ |_n_,' \_,' \_,'/_/ < ...' WAFW00F - Web Application Firewall Detection Tool By Sandro Gauci && Wendel G. Henrique Checking http://www.aldeid.com Generic Detection results: The site http://www.aldeid.com <span style="background: #ffff00; color: black;">seems to be behind a WAF </span> Reason: Blocking is being done at connection/packet level. Number of requests: 13</pre> <div style="text-align: justify;"> <br /></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b></div> <pre>$ <b>cd /data/pentest/web/</b> $ <b>svn checkout <a class="external free" href="http://waffit.googlecode.com/svn/trunk/" rel="nofollow" target="_blank">http://waffit.googlecode.com/svn/trunk/</a> waffit-read-only</b></pre> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://www.aldeid.com/wiki/Wafw00f">http://www.aldeid.com/wiki/Wafw00f</a></div>

Wafw00f (Web Application Firewall Detection) :: Tools

Web Application Firewalls (WAFs) can be detected through stimulus/response testing scenarios. Here is a short listing of possible detec...

Read more »

Fragroute :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ7jo1_vjG2XgLQxevu8HSHLP5HXWK9U13ZtsPZ-8BjIWb42nfMZoi3lZP38PUekGaUY_b7EUj2OB5KGIYr97sJmVvd8ToD6esQTAUUuliELCScxrLNogl82uw6gc38sPZXclTroqB0vzd/s1600/fragroute.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="fragroute screenshot" border="0" height="235" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ7jo1_vjG2XgLQxevu8HSHLP5HXWK9U13ZtsPZ-8BjIWb42nfMZoi3lZP38PUekGaUY_b7EUj2OB5KGIYr97sJmVvd8ToD6esQTAUUuliELCScxrLNogl82uw6gc38sPZXclTroqB0vzd/s1600-rw/fragroute.JPG" title="fragroute screenshot" width="400" /></a></div> <div style="text-align: justify;"> <b>Fragroute</b> intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998. </div> <div style="text-align: justify;"> It features a simple ruleset language to delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, or otherwise monkey with all outbound packets destined for a target host, with minimal support for randomized or probabilistic behaviour. </div> <div style="text-align: justify;"> This tool was written in good faith to aid in the testing of network intrusion detection systems, firewalls, and basic TCP/IP stack behaviour. Please do not abuse this software. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <b> Required libraries ::</b> <br /> <ul> <li>libdnet </li> <li>libpcap </li> <li>libevent (for non-Windows platforms) </li> </ul> <div style="text-align: justify;"> <b>Installation :: </b><a href="http://www.monkey.org/~dugsong/fragroute/INSTALL" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <b>ManPage :: </b><a href="http://www.monkey.org/~dugsong/fragroute/fragroute.8.txt" target="_blank">Click Here</a><br /> <b>Video Tutorial :: </b> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/k7viy_NN8f4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Linux :: </b><a href="http://www.monkey.org/~dugsong/fragroute/fragroute-1.2.tar.gz" target="_blank">Fragroute v1.2</a> (.tar.gz)</div> <div style="text-align: justify;"> <b>Official Website :: </b> <a href="http://www.monkey.org/~dugsong/fragroute/">http://www.monkey.org/~dugsong/fragroute/</a></div>

Fragroute :: Tools

Fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in...

Read more »

BlindElephant (Web Application Fingerprinting) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipt-PGEQbszCnUumUvyuXZt9TWyLVMKHh4zJ6Nms53hyphenhyphenEdN-vLqt0RuDiSAnxFXphRcokFnxoZolzQ5zf4XZL-iQlMn-HMKs3twBbf5TdM_E1hO169ojrWt8AAj2r1IrStX8rDokXXSae8/s1600/BlindElephant+logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="287" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipt-PGEQbszCnUumUvyuXZt9TWyLVMKHh4zJ6Nms53hyphenhyphenEdN-vLqt0RuDiSAnxFXphRcokFnxoZolzQ5zf4XZL-iQlMn-HMKs3twBbf5TdM_E1hO169ojrWt8AAj2r1IrStX8rDokXXSae8/s1600-rw/BlindElephant+logo.png" width="320" /></a></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> The <b>BlindElephant</b> is a <b>Web Application Fingerprinter</b> attempts to discover the version of a (known) <a href="http://www.toolwar.com/search/label/Web" target="_blank">web application</a> by comparing static files at known locations against precomputed <a href="http://www.toolwar.com/search/label/Hash" target="_blank">hashes</a> for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatize. </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>Discussion and Forum :: </b><a href="http://www.qualys.com/blindelephant" target="_blank">Click Here</a></div> <div style="text-align: justify;"> <b>Installation ::</b></div> <div style="text-align: justify;"> Installation is only required if you plan to use BlindElephant as a library. Make sure that your <a href="http://www.toolwar.com/search/label/Python" target="_blank">python</a> installation has distutils, and then do: </div> <div style="text-align: justify;"> <span style="font-size: large;"><span style="font-family: "Courier New",Courier,monospace;"><code>cd blindelephant/src</code><code>sudo python setup.py install</code></span></span></div> <br /> <b>Example Usage (Command Line) :: </b><br /> setup.py will have placed BlindElephant.py in your /usr/local/bin dir. <br /> <pre style="border-left: 5px solid #ddd; padding: 10px;"><span style="font-family: "Courier New",Courier,monospace;">$ BlindElephant.py Usage: BlindElephant.py [options] url appName Options: -h, --help show this help message and exit -p PLUGINNAME, --pluginName=PLUGINNAME Fingerprint version of plugin (should apply to web app given in appname) -s, --skip Skip fingerprinting webpp, just fingerprint plugin -n NUMPROBES, --numProbes=NUMPROBES Number of files to fetch (more may increase accuracy). Default: 15 -w, --winnow If more than one version are returned, use winnowing to attempt to narrow it down (up to numProbes additional requests). -l, --list List supported webapps and plugins Use "guess" as app or plugin name to attempt to attempt to discover which supported apps/plugins are installed. $ python BlindElephant.py http://laws.qualys.com movabletype Loaded /usr/local/lib/python2.6/dist-packages/blindelephant/dbs/movabletype.pkl with 96 versions, 2229 differentiating paths, and 209 version groups. Starting BlindElephant fingerprint for version of movabletype at http://laws.qualys.com Fingerprinting resulted in: 4.22-en 4.22-en-COM 4.23-en 4.23-en-COM Best Guess: 4.23-en-COM</span> </pre> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <span style="font-size: large;"><span style="font-family: "Courier New",Courier,monospace;"><code><span style="font-family: "Helvetica Neue",Arial,Helvetica,sans-serif;"><span style="font-size: small;"><b>More Help :: </b><a href="http://sourceforge.net/p/blindelephant/code/HEAD/tree/trunk/" target="_blank">Click Here</a></span></span> </code></span></span></div> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: left;"> <b>Linux Command  :: </b><code>svn co https://blindelephant.svn.sourceforge.net/svnroot/blindelephant/trunk blindelephant</code></div> <div style="text-align: justify;"> <b>Official Website ::</b> <a href="http://blindelephant.sourceforge.net/">http://blindelephant.sourceforge.net/</a></div>

BlindElephant (Web Application Fingerprinting) :: Tools

The BlindElephant is a Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing sta...

Read more »

SARA (Security Auditor's Research Assistant) :: Tools

<div class="separator" style="clear: both; text-align: center;"> <img alt="SARA - Security Auditor's Research Assistant" border="0" height="328" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTrFtEfewv2qJbhJrO35NMjPReB75buAjazNxPAGzn_8ewu8Kl2MR6bqR7jOcWgPl2nauo85Ttm13awIkk-HKsG3RzQwwaqJLguI0HYkFQBNeOqERU6aVXWY7Iloxk6dJPbufNj51Rz3NM/s1600-rw/network-security-tips.jpg" title="SARA - Security Auditor's Research Assistant" width="640" /></div> <div style="text-align: justify;"> The <b>Security Auditor's Research Assistant (SARA)</b> is a third generation <b>network security analysis tool</b> that that has been available and actively updated for over 10 years. Sadly, all good things have to come to an end and so it goes for SARA. <b>SARA 7.9.1</b> is our last release.(1 May 2009) Actually, SARA-7.9.2a is the final release (1 August 2009).<br /><br />SARA:</div> <ol style="text-align: justify;"> <li>    Operates under Unix, <a href="http://www.toolwar.com/search/label/Linux" target="_blank">Linux</a>, <a href="http://www.toolwar.com/search/label/Mac" target="_blank">MAC OS/X</a> or <a href="http://www.toolwar.com/search/label/Windows" target="_blank">Windows</a> (through coLinux) OS'.</li> <li>    Integrates the National Vulnerability Database (NVD).</li> <li>    Performs SQL injection tests.</li> <li>    Performs exhaustive XSS tests</li> <li>    Can adapt to many firewalled environments.</li> <li>    Support remote self scan and API facilities.</li> <li>    Used for CIS benchmark initiatives</li> <li>    Plug-in facility for third party apps</li> <li>    CVE standards support</li> <li>    Enterprise search module</li> <li>    Standalone or daemon mode</li> <li>    Free-use open SATAN oriented license</li> </ol> <div style="text-align: justify;"> The first generation assistant, the Security Administrator's Tool for Analyzing <a href="http://www.toolwar.com/search/label/Network" target="_blank">Networks</a> (SATAN) was developed in early 1995. It became the benchmark for <a href="http://www.toolwar.com/search/label/Analysis" target="_blank">network security analysis</a> for several years. However, few updates were provided and the tool slowly became obsolete in the growing threat environment. <br /><br /><h3> Tutorials ::</h3> <b><span style="font-size: small;">Installation ::</span></b> <span style="font-weight: normal;"><a href="http://www-arc.com/sara/cosara/index.shtml" target="_blank">Click Here</a></span><br /> <h3> Download ::</h3> <b>Windows :: </b><a href="http://www-arc.com/sara/downloads/cosara/cosara-7.4.1.exe" target="_blank">coSARA v7.4.1</a> (.exe)<b><br />Linux :: </b><a href="http://www-arc.com/sara/downloads/sara-7.9.2a.tgz" target="_blank">SARA v7.9.2a</a> (.tar.gz)<b><br />Official Website :: </b><a href="http://www-arc.com/sara/">http://www-arc.com/sara/</a><br /><br /></div>

SARA (Security Auditor's Research Assistant) :: Tools

The Security Auditor's Research Assistant (SARA) is a third generation network security analysis tool that that has been available ...

Read more »

IronWASP (Web Application Advaced Security Testing Platform) :: Tools

<div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiIe0rfi3alWm5nNnOkzOsCwxWkvTGEZszoQ6V6CqzE9CWjbo_A4crurTQ2UKyOjm5HLNA9FL0P67Vjg2Rvnfuaj9HaEy5iky1SX9TfSfsJi_qC8Zn3KcLEp5JD_gC0J3Wo6HKzEwuAMrm/s1600/IronWASP+Screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="IronWASP Screenshot" border="0" height="222" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiIe0rfi3alWm5nNnOkzOsCwxWkvTGEZszoQ6V6CqzE9CWjbo_A4crurTQ2UKyOjm5HLNA9FL0P67Vjg2Rvnfuaj9HaEy5iky1SX9TfSfsJi_qC8Zn3KcLEp5JD_gC0J3Wo6HKzEwuAMrm/s1600-rw/IronWASP+Screenshot.png" title="IronWASP Screenshot" width="640" /></a></div> <b>IronWASP (Iron Web application Advanced Security testing Platform)</b> is an open source <a href="http://www.toolwar.com/search/label/System" target="_blank">system</a> for <a href="http://www.toolwar.com/search/label/Web" target="_blank">web</a> application <a href="http://www.toolwar.com/search/label/Vulenrability" target="_blank">vulnerability</a> testing. It is designed to be customizable to the extent where users can create their own custom <a href="http://www.toolwar.com/search/label/Security" target="_blank">security</a> <a href="http://www.toolwar.com/search/label/Scanner" target="_blank">scanners</a> using it. Though an advanced user with <a href="http://www.toolwar.com/search/label/Python" target="_blank">Python</a>/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners. </div> <div style="text-align: justify;"> <b>IronWASP</b> has a plugin system that supports Python and Ruby. The version of Python and Ruby used in <b>IronWASP</b> is IronPython and IronRuby which is syntactically similar to CPython and CRuby. However some of the standard libraries might not be available, instead plugin authors can make use of the powerful IronWASP API.  </div> <h3 style="text-align: justify;"> Tutorials ::</h3> <div style="text-align: justify;"> <b>IronWASP Blog : : </b><a href="http://blog.ironwasp.org/" target="_blank">Click Here </a></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/yUoPRnEf22I?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <h3 style="text-align: justify;">  </h3> <h3 style="text-align: justify;"> Download ::</h3> <div style="text-align: justify;"> <b>Windows :: </b><a href="https://ironwasp.org/ironwasp.zip" target="_blank">IronWASP v0.9.7.5</a><b> </b>(.zip)</div> <div style="text-align: justify;"> <b>Linux :: </b></div> <div style="text-align: justify;"> <b><span style="font-family: "Courier New",Courier,monospace;">wget http://blog.anantshri.info/content/uploads/2013/01/ironwasp_installer.sh.txt -O ~/ironwasp_installer.sh && sh ~/ironwasp_installer.sh </span></b></div> <div style="text-align: justify;"> <b>Mac :: </b>IronWASP runs on Mac with <a href="http://www.codeweavers.com/products/">CrossOver</a>.</div> <div style="text-align: justify;"> <b>Official Website :: </b><a href="http://ironwasp.org/">http://ironwasp.org/</a></div>

IronWASP (Web Application Advaced Security Testing Platform) :: Tools

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testin...

Read more »