Wifislax (Wireless Security and Forensic) :: Distribution

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="wifislax logo toolwar" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjF4P8a1KMCdkVYaPLGKUNXWKY5r3RBA-jVAQk9ZIyE-tZcQERTe91zNkfqs0cpT_VP1Q7348n4Q94pxQl26E0ZF1jgopk13oNTCA0WbhaOoeuBcukeJmNEsZDBOZNYsyOXQ-ewywl45zSr/s1600/wifislax+logo+toolwar.png" title="wifislax logo toolwar" /></div> <div style="text-align: justify;"> Wifislax is a Slackware-based live CD containing a variety of security and forensics tools. The distribution's main claim to fame is the integration of various unofficial network drivers into the Linux kernel, thus providing out-of-the-box support for a large number of wired and wireless network cards. </div> <div style="text-align: justify;"> <a href="http://distrowatch.com/wifislax"></a> Wifislax 4.6, an updated build of the Slackware-based live CD with a collection of security and forensics tools, has been released. This is mostly a maintenance release to fix a serious bug in Reaver, a WiFi passphrase brute-force attack utility, the use of which resulted in segmentation fault in the previous release of Wifislax. The Linux kernel has been updated to version 3.6.11 with a number of new drivers to support tablets, touchscreen devices, multi-function printers, etc. The KDE desktop has been upgraded to version 4.10.5 and an option to boot into a lighter Xfce desktop remains available. Other package upgrades include Firefox 22.0, OpenJDK 7u25 and Wireshark 1.10.0, as well as the latest version of the Flash browser plugin. A number of new programs, such as nano and texinfo, have been added. The release announcement which contains a full changelog is in Spanish only, but the distribution itself can boot into either Spanish or English localisation of the KDE or Xfce desktops. </div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/KOy6JmoxlYM?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here ::</b> <a href="http://www.downloadwireless.net/isos-fase-testing/wifislax-current/wifislax-4.7-22092013.iso" target="_blank">Wifislax 4.7 ISO</a></div> <div style="text-align: justify;"> <b>Official Website ::</b> http://www.wifislax.com/</div> </div>

Wifislax (Wireless Security and Forensic) :: Distribution

Wifislax is a Slackware-based live CD containing a variety of security and forensics tools. The distribution's main claim to fame i...

Read more »

OWASP Bricks (Web Application Security Learning Platform) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="owasp bricks logo toolwar" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxsW3jxRxCdfOllufBaZ0_uBwcmN-L7j2Fru8xOc1lTFeRLUMkcvyN_lnUYOrjG-Cv-Kr7b_qYk_j1a9LcRAikKyTgFkdJ9FQiNFFmJxMlrHdzndXtyTN6QhxPsCgBWGFX6oyy1lcxLLeR/s200/owasp+bricks+logo+toolwar.png" title="owasp bricks logo toolwar" width="199" /></div> <div style="text-align: justify;"> <b>OWASP Bricks</b> is a <i>Web application security learning platform</i> built on PHP and MySQL. <b>Bricks</b> is a deliberately vulnerable web application built on PHP and MySQL. The project focuses on variations of commonly seen application security vulnerabilities and exploits. Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP). The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br /> <br /> <b>Bricks</b> is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.<br /> <br /> <b>Bricks</b> is a completely free and open source project brought to you by OWASP. The complete documentation and instruction videos can also be accessed or downloaded for free. Bricks are classified into three different sections: login pages, file upload pages and content pages.</div> <b></b><br /> <b></b><br /> <b></b><br /> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/j5I0wPvQxTg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/mCo6ajvBv50?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <b>D</b><b>ownload Here :: </b><a href="http://sourceforge.net/projects/owaspbricks/files/Atrai%20-%201.8/OWASP%20Bricks%20-%20Atrai.zip/download" target="_blank">OWASP Bricks v1.8</a><br /> <b>Official Website :: </b>http://sechow.com/<b><br /></b></div>

OWASP Bricks (Web Application Security Learning Platform) :: Framework

OWASP Bricks is a Web application security learning platform built on PHP and MySQL. Bricks is a deliberately vulnerable web applicat...

Read more »

Revenssis (Penetration Testing Suite for Android Devices) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;">  <img alt="revenssis logo toolwar" border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5akPP1gYogJsMY0bpiMUplwpdcoAnNdS8L6KM7gDgc3SKxos7q-Nq9vqTkjw6087MYguSsXpZd_73Azac59n9vrG46CPIYY881-rMZxH42vQUcK0mtCLM0EZlZuMtE4t2Owqa8liUPc55/s320/revenssis+logo+toolwar.jpg" title="revenssis logo toolwar" width="213" /></div> <div style="text-align: justify;"> <b>Revenssis</b> is a complete <i>Penetration testing suite for Android devices</i>. Nicknamed as the "Smartphone Version of Backtrack", Revenssis Penetration Suite is a set of all the useful types of tools used in Computer and Web Application security. Tools available in it include: Web App scanners, Encode/Decode & Hashing tools, Vulnerability Research Lab, Forensics Lab, plus the must-have utilities (Shell, SSH, DNS/WHOIS Lookup, Traceroute, Port Scanner, Spam DB Lookup, Netstat... etc). All these fitting in an application approx. 10MB (post installation). </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Download Here ::</b> <a href="http://revenssis-penetration-testing-suite.googlecode.com/files/Revenssis.apk" target="_blank">Revenssis.apk</a> & (Available at Play Store)</div> <div style="text-align: justify;"> <b>Source ::</b> http://code.google.com/p/revenssis-penetration-testing-suite/</div> </div>

Revenssis (Penetration Testing Suite for Android Devices) :: Tools

  Revenssis is a complete Penetration testing suite for Android devices . Nicknamed as the "Smartphone Version of Backtrack",...

Read more »

Yara (Malware Identification and Classification) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="yara logo toolwar" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKAYkHKynInHb6UvL_uNSYygzssfvA8Usl6A5CEKTElTLxrhw14_GJ2R_-QH8rkImx08HK67pJi4trQH6Osr7rRBGdHk631OfVQLHOgusXNlZKrc_EdCURJUhlOA8pc3i1axVRFoAyaLpH/s200/yara+logo+toolwar.png" title="yara logo toolwar" width="180" /></div> <div style="text-align: justify;"> <b>YARA</b> is a tool aimed at helping malware researchers to identify and classify malware samples. With <b>YARA</b> you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic.</div> <div style="text-align: justify;"> This is just a simple example, more complex and powerful rules can be created by using binary strings with wild-cards, case-insensitive text strings, special operators, regular expressions and many other features that you can find explained in <b>YARA's </b>documentation. </div> <div style="text-align: justify;"> <b>YARA</b> is multi-platform, running on Windows, Linux and Mac OS X, and can be used through its command-line interface or from your own Python scripts with the yara-python extension. </div> <div style="text-align: justify;"> Python users can also use yara-ctypes by Michael Dorman. He has also written a multi-threaded command-line YARA scanner based on yara-ctypes that can exploit the benefits of current multi-core CPUs when scanning big file collections. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/JyS3bnGBErw?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here ::</b> <a href="http://yara-project.googlecode.com/files/yara-1.7.tar.gz" target="_blank">Yara 1.7.tar.gz</a> (for Linux)<br />                                <a href="http://yara-project.googlecode.com/files/yara-1.7-win32.zip" target="_blank">Yara 1.7 win32.zip</a> (for Windows)</div> <div style="text-align: justify;"> <b>Source :: </b>http://code.google.com/p/yara-project/ </div> </div>

Yara (Malware Identification and Classification) :: Tools

YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions ...

Read more »

Web-Sorrow (Web Security Scanner) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="web-sorrow logo toolwar" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnOHBqWrrM6YdiWnHWuSXu1hw29NNTVhSAjq4r1DQIgKad8aYZSfNdcOvACdnf8mUPaNbFAYLbM1Tt853Lb_tpG0qgN_XQLCNnSFMsuNr8A1JT216rUO42Z3DHdJwp6-OoBk1VmU4cdoRt/s1600/websorrow+logo+toolwar.jpg" title="web-sorrow logo toolwar" /></div> <div style="text-align: justify;"> <b>Web-Sorrow </b>is a<span itemprop="description"> <i>versatile security scanner</i> for the <i>information disclosure and fingerprinting</i> phases of pentesting.</span><b>Web-Sorrow</b> is a perl based tool for misconfiguration, version detection, enumeration, and server information scanning. It's entirely focused on Enumeration and collecting Info on the target server. <b>Web-Sorrow</b> is a "safe to run" program, meaning it is not designed to be an exploit or perform any harmful attacks. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <span style="font-size: large;">Basic overview of capabilities:</span></div> <ul style="text-align: justify;"> <li><b>Web Services:</b> a CMS and it's version number, Social media widgets and buttons, Hosting provider, CMS plugins, and favicon fingerprints.</li> <li><b>Authentication areas:</b> logins, admin logins, email webapps.</li> <li><b>Bruteforce:</b> Subdomains, Files and Directories.</li> <li><b>Stealth:</b> with -ninja you can gather valuable info on the target with as few as 6 requests, with -shadow you can request pages via google cache instead of from the host.</li> <li><b>AND MORE:</b> Sensitive files, default files, source disclosure, directory indexing, banner grabbing (see below for full capabilities) </li> </ul> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/1n1zKEi6BF8?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <b>Download Here :: </b><a href="http://web-sorrow.googlecode.com/files/Web-Sorrow_v1.5.0FINAL%28patched_version%29.zip" target="_blank">Web-Sorrow 1.5.0.zip</a><br /> <b>Source ::</b> http://code.google.com/p/web-sorrow/<br /> <ul style="text-align: justify;"> </ul> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> </div>

Web-Sorrow (Web Security Scanner) :: Tools

Web-Sorrow is a versatile security scanner for the information disclosure and fingerprinting phases of pentesting. Web-Sorrow is a p...

Read more »

RAFT (Response Analysis and Further Testing Tool) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="raft screenshot toolwar" border="0" height="234" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimx_ZNEI51-G8nYISMge30CIKHECpzubYpi9piek4_sk1Vx-fycO9fyXjDqnJonrPsM9JtQnHlVYfLJherJ3izDMfofh8e8Io_SK8VHPH0kXza5Dzz389c2CdCyGPhWSsUJwgEhDhOo7Fi/s320/raft+logo+toolwar.png" title="raft screenshot toolwar" width="320" /></div> <div style="text-align: justify;"> <span style="font-family: Arial,Helvetica,sans-serif;"><b>RAFT</b> is a<i> Response Analysis and Further Testing Tool</i>. <b>RAFT</b> is a testing tool for the identification of vulnerabilities in web applications. <b>RAFT</b> is a suite of tools that utilize common shared elements to make testing and analysis easier. The tool provides visibility in to areas that other tools do not such as various client side storage.<b> RAFT</b> uses markup to create templates for fuzz testing. </span></div> <div style="text-align: justify;"> <b><br /></b></div> <div style="text-align: justify;"> <b>Download Here :: </b><a href="http://raft.googlecode.com/files/RAFT-3.0.1-win32-setup.exe" target="_blank">RAFT 3.0.1.exe</a></div> <div style="text-align: justify;"> <b>Source ::</b> http://code.google.com/p/raft/</div> </div>

RAFT (Response Analysis and Further Testing Tool) :: Tools

RAFT is a Response Analysis and Further Testing Tool . RAFT is a testing tool for the identification of vulnerabilities in web appli...

Read more »

Vega (Web Vulnerability Scanner) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="vega scanner logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitqDoBTtkOWZbJB0V8gJz3IkgP9erP4PYe2g0GG_Yy1h0owqXN7iIoOt6_0ZGHotmGgJUAsjT1XP8PoV330tgVjFZjEvyHtvN7NybCqt60IAafpqq3fE7IoBM0cA88uyjM6qtiEiQbLOW9/s1600/vega+scanner+logo.JPG" title="vega scanner logo" /></div> <div style="text-align: justify;"> <b>Vega</b> is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on <b>Linux</b>, <b>OS X</b>, and <b>Windows</b>. <br /> <br /> Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web: <b>Javascript</b>.<br /> <div id="modules"> <h3> Modules</h3> <ul id="modulesList"> <li>Cross Site Scripting (XSS)</li> <li>SQL Injection</li> <li>Directory Traversal</li> <li>URL Injection</li> <li>Error Detection</li> <li>File Uploads</li> <li>Sensitive Data Discovery</li> </ul> <div id="core"> <h3> Core</h3> <ul id="coreList"> <li>Automated Crawler and Vulnerability Scanner</li> <li>Consistent UI</li> <li>Website Crawler</li> <li>Intercepting Proxy</li> <li>SSL MITM</li> <li>Content Analysis</li> <li>Extensibility through a Powerful Javascript Module API</li> <li>Customizable alerts</li> <li>Database and Shared Data Model</li> </ul> </div> </div> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/X3BGO9U8zuU?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here :: </b><a href="http://www.subgraph.com/downloads/VegaSetup32.exe">Microsoft Windows 32-bit (x86)</a><br />                                <a href="http://www.subgraph.com/downloads/VegaBuild-linux.gtk.x86.zip">Linux GTK 32-bit Intel</a><br />                                <a href="http://www.subgraph.com/downloads/Vega.dmg">Mac OS X 32-bit Intel</a>  <b> </b><br /> <b>Official Website :: </b>http://www.subgraph.com/ </div> </div>

Vega (Web Vulnerability Scanner) :: Tools

Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and valid...

Read more »

WebSploit (Social Engineering) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="websploit toolwar" border="0" height="168" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEje9oakw4MwuEK6iy3HIek2xj5mb_LsZOay9_XMRBRyU35SQN-xtsA4v-gwp4fWeo1cV1b8_dEqn9HhojRyIDzb7nJoYNan32e9z42TsFIncTz5P9HCekjl9StYeAHMUqCPD7VGIrOiOAZI/s200/websploit+toolwar.png" title="websploit toolwar" width="200" /></div> <div style="text-align: justify;"> <b>WebSploit</b> is a <b>Framework</b> for Social Engineering Works, Scan, Crawler & Analysis Web, Automatic Exploiter, Network Attacks and done a lot things.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> [+]Autopwn - Used From Metasploit For Scan and Exploit Target Service</div> <div style="text-align: justify;"> [+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin</div> <div style="text-align: justify;"> [+]format infector - inject reverse & bind payload into file format</div> <div style="text-align: justify;"> [+]phpmyadmin Scanner</div> <div style="text-align: justify;"> [+]LFI Bypasser</div> <div style="text-align: justify;"> [+]Apache Users Scanner</div> <div style="text-align: justify;"> [+]Dir Bruter </div> <div style="text-align: justify;"> [+]admin finder </div> <div style="text-align: justify;"> [+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks</div> <div style="text-align: justify;"> [+]MITM - Man In The Middle Attack</div> <div style="text-align: justify;"> [+]Java Applet Attack</div> <div style="text-align: justify;"> [+]MFOD Attack Vector </div> <div style="text-align: justify;"> [+]USB Infection Attack </div> <div style="text-align: justify;"> [+]ARP Dos Attack</div> <div style="text-align: justify;"> [+]Web Killer Attack</div> <div style="text-align: justify;"> [+]Fake Update Attack</div> <div style="text-align: justify;"> [+]Fake Access point Attack</div> <div style="text-align: justify;"> [+]Wifi Honeypot</div> <div style="text-align: justify;"> [+]Wifi Jammer</div> <div style="text-align: justify;"> [+]Wifi Dos</div> <div style="text-align: justify;"> [+]Bluetooth POD Attack</div> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/E80oxU4qH_k?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <b>Download Here :: </b><a href="http://sourceforge.net/projects/websploit/files/latest/download" target="_blank">WebSploit Framework v2.0.4</a> (for Linux)<br /> <b>Source ::</b> http://sourceforge.net/projects/websploit/</div>

WebSploit (Social Engineering) :: Framework

WebSploit is a Framework for Social Engineering Works, Scan, Crawler & Analysis Web, Automatic Exploiter, Network Attacks and done...

Read more »

Plecost (Wordpress Fingerprinting) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="plecost toolwar" border="0" height="125" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBHuory4E0AoQuGVKSzfeD2m0Sg2jDwQH2-3a65iMNtFyqZWvaHXt4atW0QBG1toIQHMJ9k_LJMY0XxohKsnpaV_TDkE3duLnLEzYs6hcT0cojeU1vZD4MPCJvJZrzEtKiFfvgmc1C8-en/s200/logo_plecost.jpg" title="plecost toolwar" width="200" /></div> <div style="text-align: left;"> <span id="goog_705127854"></span><span id="goog_705127855"></span><br /></div> <div style="text-align: justify;"> <b>Plecost  </b>is a <i>Wordpress finger printer tool</i>, plecost search and retrieve information about the plugins versions installed in Wordpress systems. It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin, if there. </div> <div style="text-align: justify;"> <b>Plecost </b>retrieves the information contained on Web sites supported by Wordpress, and also allows a search on the results indexed by Google. </div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/ZoKlR2UhgWY?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here :: <a href="http://plecost.googlecode.com/files/plecost-0.2.2-9-beta.tar.gz" target="_blank">Plecost 0.2.2.9beta </a></b>(for Linux)</div> <div style="text-align: justify;"> <b>Official Website :: </b>http://www.iniqua.com/ </div> </div>

Plecost (Wordpress Fingerprinting) :: Tools

Plecost  is a Wordpress finger printer tool , plecost search and retrieve information about the plugins versions installed in Wordpr...

Read more »

SlowHTTPTest (Application layer DoS Attack Simulator) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguHH9H1c1Ail2JmaexznmUpz8OOX6xd1BpSatqYMcDLkiSGVLWRnnaWTBzxOJvjMNnPeni9xxPU3g8yfyqTFtEYO2LAOxLJAAswaULjm3Hq3qMbfrLUmyAnRpHiPj10rZMj-ZnL2t9jVle/s1600/logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguHH9H1c1Ail2JmaexznmUpz8OOX6xd1BpSatqYMcDLkiSGVLWRnnaWTBzxOJvjMNnPeni9xxPU3g8yfyqTFtEYO2LAOxLJAAswaULjm3Hq3qMbfrLUmyAnRpHiPj10rZMj-ZnL2t9jVle/s1600/logo.png" /></a></div> <div style="text-align: justify;"> <b><b>SlowHTTPTest </b></b>is a <i>Application layer DoS Attack Simulator.</i> <b>SlowHTTPTest </b>is a highly configurable tool that simulates some Application Layer Denial of Service attacks. It works on majority of Linux platforms, OSX and Cygwin - a Unix-like environment and command-line interface for Microsoft Windows. </div> <div style="text-align: justify;"> It implements most common low-bandwidth Application Layer DoS attacks, such as <b>slowloris</b>, <b>Slow HTTP POST</b>, <b>Slow Read attack</b> (based on TCP persist timer exploit) by draining concurrent connections pool, as well as <b>Apache Range Header attack</b> by causing very significant memory and CPU usage on the server. </div> <div style="text-align: justify;"> Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy, this creates a denial of service. This tool is sending partial HTTP requests, trying to get denial of service from target HTTP server. </div> <div style="text-align: justify;"> Slow Read DoS attack aims the same resources as slowloris and slow POST, but instead of prolonging the request, it sends legitimate HTTP request and reads the response slowly. </div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/Jq1nDEuvGjg?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here ::</b> <a href="https://slowhttptest.googlecode.com/files/slowhttptest-1.5.tar.gz" target="_blank">slowhttptest-1.5.tar.gz</a></div> <div style="text-align: justify;"> <b>Source :: </b>https://code.google.com/p/slowhttptest/<b><i><br /></i></b></div> </div>

SlowHTTPTest (Application layer DoS Attack Simulator) :: Tools

SlowHTTPTest is a Application layer DoS Attack Simulator. SlowHTTPTest is a highly configurable tool that simulates some Application L...

Read more »

Owasp Mantra (Browser Based Web Security Framework) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Owasp Mantra logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRrctdBWOhmYDQr246V7zjjW9kQoBxnS08108GujNouk7J1REEDUIjd6xdFgb7tlZvc9AGb1xJ1_E1wXBIkhT4Rg6ILFmQmUQkgns4JDBPiUh4Juv9Xy6p3vvVRuT2Wt2AqC8o3fI5OSGf/s1600/Owasp+Mantra+Logo.jpg" title="Owasp Mantra logo" /></div> <b></b><br /> <div style="text-align: justify;"> <b><span itemprop="description">OWASP Mantra</span></b><span itemprop="description"> is a  Free and Open Source <i>Browser Based Web Security Framework</i></span><b>. OWASP Mantra</b> is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>OWASP Mantra</b> is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up. </div> <div style="text-align: justify;"> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/CRJkGZlV6Vk?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Download Here :: </b><a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download" target="_blank">OWASP Mantra</a> (for Windows)<b> </b></div> <div style="text-align: justify;">                               <a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download" target="_blank"> OWASP Mantra</a> (for Linux)<b> </b></div> <div style="text-align: justify;">                               <a href="http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download" target="_blank"> OWASP Mantra </a>(for MAC)<b> </b></div> <div style="text-align: justify;"> <b>Official Website ::</b>  http://www.getmantra.com/</div> </div>

Owasp Mantra (Browser Based Web Security Framework) :: Framework

OWASP Mantra is a  Free and Open Source Browser Based Web Security Framework . OWASP Mantra is a collection of free and open source ...

Read more »

HookMe (TCP Proxy or Data Tamper) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Hookme logo" border="0" height="199" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjD7iNC6DDK6uUUeAaJB_uJ2MBw7gyt2V4gPRpegA6nltUfzH3NC7u_90KU_8ECFkDJ2ZtaR-d-h3h6k5uidUbWCh8fNz2FX1dF_phUL8FmD19YZt2xCvIilyl-gDR7_HcwANNP-YwfmvS3/s1600/HookMe+logo.jpg" title="HookMe logo" width="200" /></div> <div style="text-align: justify;"> <b>HookMe </b>is a <i>TCP Proxy or Data Tamper</i> and <b>HookME </b>is a software designed for <i>intercepting communications by hooking</i> the desired process and hooking the API calls for sending and receiving network data (even SSL clear data). <b>HookMe</b> provides a nice graphic user interface allowing you to change the packet content in real time, dropping or forwarding the packet. It also has a python system plugin to extend the <b>HookMe</b> functionality. </div> <div style="text-align: justify;"> <b>It can be used for a lot of purposes such as: </b></div> <ol style="text-align: justify;"> <li>Analyzing and modifying network protocols </li> <li>Creation of malware or backdoors embebed into network protocols </li> <li>Protocol vulnerability memory patching </li> <li>Firewall at protocol layer </li> <li>As post explotation tool </li> <li>whatever you can create with plugins using your imagination </li> </ol> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/ZviZxxzMUlQ?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <b>Download Here :: </b><a href="https://hookme.googlecode.com/files/0.2.1.0b.zip" target="_blank">HookMe 0.2.1.0b.zip</a> <b> </b><br /> <b>Source ::</b> https://code.google.com/p/hookme/</div>

HookMe (TCP Proxy or Data Tamper) :: Tools

HookMe is a TCP Proxy or Data Tamper and HookME is a software designed for intercepting communications by hooking the desired process...

Read more »

coWPAtty (WiFi Cracking or Wireless Auditor) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="cowpatty-toolwar" border="0" height="259" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvdO2iG-N-zYDRs_-h4FyA_aE3Th2ssXoZT1NVkBTNYIW_x8W7o9nOFmx32fIhIf5NU-VdwpQce8bplapFQnE9uULCMJhwNYEs0IQuBAm1hwrXjD_DUz_6wwrkNwmgJaxM7E3_xS-t92rp/s1600/cowpatty1.png" title="cowpatty-toolwar" width="640" /></div> <br /> <div style="text-align: justify;"> <b>coWPAtty</b> is a <b>wireless auditor</b> for pre-shared key selected in Wifi Protected Access (WPA) Network.</div> <div style="text-align: justify;"> <br /></div> <div class="paragraph_style_3" style="text-indent: 0px;"> <div style="text-align: justify;"> <b>Quick feature summary:</b></div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> 1. Implementation of an offline dictionary attack against WPA-PSK and WPA2-PSK networks</div> <div style="text-align: justify;"> 2. Can use permutated dictionaries by passing input through STDIN (example in screenshot below using John the Ripper)</div> <div style="text-align: justify;"> 3. Supports accelerated password attacks with precomputed PMK files generated with the “genpmk” tool (included)</div> <b><br /> </b> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/YW8wNEb7SVQ?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <b>Download Here :: </b><a href="http://www.willhackforsushi.com/code/cowpatty/4.3/cowpatty-4.3.tgz" target="_blank">coWPAtty 4.3.tgz</a> <b> </b><br /> <b>Project Homepage :: </b>http://www.willhackforsushi.com/Cowpatty.html</div> <ol style="text-align: justify;"></ol> </div>

coWPAtty (WiFi Cracking or Wireless Auditor) :: Tools

coWPAtty is a wireless auditor for pre-shared key selected in Wifi Protected Access (WPA) Network. Quick feature summary: 1....

Read more »

WebVulScan :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="webvulscan logo" border="0" height="81" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9FLujpJDiKSgCxd2omhEfyclXF4hvby5jnLlqtMync5SkKiG0L0vl9k5Q8U8Bcvae_LHuY-IRdDxwntDNxTuzxnreDQb76xx2Be-jBECYlRfWn_Adw-ZQp9g01-H_oEeg1B1jcd2SdgzA/s1600/webvulscan+logo.png" title="webvulscan logo" width="320" /></div> <div style="text-align: justify;"> <b>WebVulScan</b> is a <i>web application vulnerability scanner</i>. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found. </div> <div style="text-align: justify;"> After a scan is complete, a detailed PDF report is emailed to the user. The report includes descriptions of the vulnerabilities found, recommendations and details of where and how each vulnerability was exploited. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>The vulnerabilities tested by WebVulScan are:</b><br /> </div> <ul style="text-align: justify;"> <li>Reflected Cross-Site Scripting</li> <li>Stored Cross-Site Scripting</li> <li>Standard SQL Injection</li> <li>Broken Authentication using SQL Injection</li> <li>Autocomplete Enabled on Password Fields</li> <li>Potentially Insecure Direct Object References</li> <li>Directory Listing Enabled</li> <li>HTTP Banner Disclosure</li> <li>SSL Certificate not Trusted</li> <li>Unvalidated Redirects</li> </ul> <div style="text-align: justify;"> <b>Features:</b><br /> </div> <ul style="text-align: justify;"> <li>Crawler: Crawls a website to identify and display all URLs belonging to the website.</li> <li>Scanner: Crawls a website and scans all URLs found for vulnerabilities.</li> <li>Scan History: Allows a user to view or download PDF reports of previous scans that they performed.</li> <li>Register: Allows a user to register with the web application.</li> <li>Login: Allows a user to login to the web application.</li> <li>Options: Allows a user to select which vulnerabilities they wish to test for (all are enabled by default).</li> <li>PDF Generation: Dynamically generates a detailed PDF report.</li> <li>Report Delivery: The PDF report is emailed to the user as an attachment.</li> </ul> <div style="text-align: justify;"> <b>Download Here :: </b><a href="https://webvulscan.googlecode.com/files/webvulscan_v0.12.zip" target="_blank">WebVulScan v0.12</a></div> <div style="text-align: justify;"> <b>Source ::</b> https://code.google.com/p/webvulscan/</div> </div>

WebVulScan :: Tools

WebVulScan is a web application vulnerability scanner . It is a web application itself written in PHP and can be used to test remote,...

Read more »

PHP Vulnerability Hunter :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="PHP Vulnerability Hunter" border="0" height="100" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhG8un62G9aI66KfYY1jKVyVDkPxQhrDMFRtAWDZgKTmruDEGViZovWt_bflJZPkTCbSYaOmr8DJqXBgmmuJIMVMdAQ-3FgZomagEe0TatijEm9wWpy-1xtJThMKH18EiW2zCe6NYqEaB3l/s1600/PHP-Vulnerability-Hunter.jpg" title="PHP Vulnerability Hunter" width="400" /></div> <div style="text-align: justify;"> <b>PHP Vulnerability Hunter</b> is an <b>whitebox fuzz testing tool</b> capable of detected several classes of vulnerabilities in PHP web applications.</div> <div style="text-align: justify;"> While most web application fuzzers rely on the user to specify application inputs, PHP vulnerability hunter uses a combination of static and dynamic analysis to automatically map the target application. Because it works by instrumenting application, PHP Vulnerability Hunter can detect inputs that are not referenced in the forms of the rendered page.</div> <div style="text-align: justify;"> PHP Vulnerability Hunter is aware of many different types of vulnerabilities found in PHP applications, from the most common such as cross-site scripting and local file inclusion to the lesser known, such as user controlled function invocation and class instantiation. <br /> <br /> <b>PHP Vulnerability Hunter</b> can detect the following classes of vulnerabilities: </div> <ul style="text-align: justify;"> <li>Arbitrary command execution</li> <li>Arbitrary file read/write/change/rename/delete</li> <li>Local file inclusion</li> <li>Arbitrary PHP execution</li> <li>SQL injection</li> <li>User controlled function invocatino</li> <li>User controlled class instantiation</li> <li>Reflected cross-site scripting (XSS)</li> <li>Open redirect</li> <li>Full path disclosure</li> </ul> <div style="text-align: justify;"> <b>Download Here :: </b><a class="FileNameLink" href="https://phpvulnhunter.codeplex.com/downloads/get/690936" id="fileDownload0" tabindex="9">PHP Vulnerability Hunter 1.4.0.20 Unstable</a></div> <div style="text-align: justify;"> <b>Source Website ::</b> https://phpvulnhunter.codeplex.com</div> </div>

PHP Vulnerability Hunter :: Tools

PHP Vulnerability Hunter is an whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applicati...

Read more »

XSSF (Cross Site Scripting Framework) :: Frameworks

<div dir="ltr" style="text-align: left;" trbidi="on"> <div style="text-align: center;">  <img alt="xssf logo" border="0" height="78" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRD7_Qf3uczuo0jjl0Zn_xPYsVPilG-slUfjqxWr6RMznK9kSfykhHi_5W-1840tZGKc1ZvtGq8u5QN8FR7UESwAG-5eb_FgAwzBqGQGXISA38J5LPbFteBRt4N5f9hiDXxFAsRLttzrq9/s1600/xssf+logo.png" title="xssf logo" width="200" /> </div> <div style="text-align: justify;"> The <b>Cross-Site Scripting Framework </b>(<b>XSSF</b>) is a security tool designed to turn the XSS vulnerability exploitation task into a much easier work. The <b>XSSF</b> project aims to demonstrate the real dangers of XSS vulnerabilities, vulgarizing their exploitation. This project is created solely for education, penetration testing and lawful research purposes. </div> <div style="text-align: justify;"> XSSF allows creating a <b>communication channel</b> with the targeted browser (from a XSS vulnerability) in order to perform further attacks. Users are free to select existing modules (a module = an attack) in order to target specific browsers. </div> <div style="text-align: justify;"> XSSF provides a powerfull documented API, which facilitates development of modules and attacks. In addition, its integration into the <b>Metasploit Framework</b> allows users to launch MSF browser based exploit easilly from an XSS vulnerability. </div> <div style="text-align: justify;"> In addition, an interesting though exploiting an XSS inside a victim's browser could be to browse website on attacker's browser, using the connected victim's session. In most of cases, simply stealing the victim cookie will be sufficient to realize this action. But in minority of cases (intranets, network tools portals, etc.), cookie won't be useful for an external attacker. That's why <b>XSSF Tunnel</b> was created to help the attacker to help the attacker browsing on affected domain using the victim's session. </div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/AhUhOirEfTE?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: center;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: left;"> <br /> <b>Download Here ::</b> <a href="https://xssf.googlecode.com/files/XSSF-3.0.zip" target="_blank">XSSF-3.0.zip</a></div> <div style="text-align: left;"> <b>Source :: </b>https://code.google.com/p/xssf/</div> </div>

XSSF (Cross Site Scripting Framework) :: Frameworks

  The Cross-Site Scripting Framework ( XSSF ) is a security tool designed to turn the XSS vulnerability exploitation task into a much...

Read more »

Subterfuge (Automated Man-in-the-Middle Attack Framework) :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="subterfuge logo" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGb-vG4899yTmXjSo7XRKez6Aw4wrLKvoCwFgYGJNWwt-n_CXvFKygAPCymPWbyBraF_uuQ3LfM_MebI3suMkXGpU4X_-Gv0pruqQOLbTtYCDYO20zetlTAkXFvP6YhHiTyxEeaoUFa6d0/s1600/subterfuge+logo.png" title="subterfuge logo" width="196" /></div> <div style="text-align: justify;"> <b>Subterfuge </b>is a <i>Automated Man-in-the-Middle Attack Framework</i>. Enter<b> Subterfuge</b>, a <b>Framework</b> to take the arcane art of<i> Man-in-the-Middle Attack</i> and make it as simple as point and shoot. A beautiful, easy to use interface which produces a more transparent and effective attack is what sets <b>Subterfuge</b> apart from other attack tools. Subterfuge demonstrates vulnerabilities in the ARP Protocol by harvesting credentials that go across the network, and even exploiting machines through race conditions. Now walk into a corporation… </div> <div style="text-align: justify;"> A rapidly-expanding portion of today’s Internet strives to increase personal efficiency by turning tedious or complex processes into a framework which provides instantaneous results. On the contrary, much of the information security community still finds itself performing manual, complicated tasks to administer and protect their computer networks. Given the increase in automated hacking tools, it is surprising that a simplistic, “push-button” tool has not been created for information security professionals to validate their networks’ ability to protect against a <i>Man-In-The-Middle attack. </i><b>Subterfuge</b> is a small but devastatingly effective credential-harvesting program which exploits a vulnerability in the Address Resolution Protocol. It does this in a way that a non-technical user would have the ability, at the push of a button, to harvest all of the usernames and passwords of victims on their connected network, thus equipping information and network security professionals with a “push-button” security validation tool. </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/x-L80d1USn4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: center;"> </div> <div style="text-align: left;"> <b> Download Here :: </b><a href="https://subterfuge.googlecode.com/files/SubterfugePublicBeta5.0.tar.gz" target="_blank">SubterfugePublicBeta5.0</a></div> <div style="text-align: left;"> <b> Source :: </b>https://code.google.com/p/subterfuge/</div> </div>

Subterfuge (Automated Man-in-the-Middle Attack Framework) :: Framework

Subterfuge is a Automated Man-in-the-Middle Attack Framework . Enter Subterfuge , a Framework to take the arcane art of Man-in-the-M...

Read more »

Wavsep (Web Application Vulnerability Scanner) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="wavsep toolwar" border="0" height="331" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMSoRbPxK7O4Yj9z_uKOjtWacWbm1y998Bf2-i_alefuOMauXKrwgdJxF8pcp09hpZ7d49PMUzgrTmZ7eRH199RCw1d4rlsbz6PmOvb-bY3Au-exVkvJpmGS6OVdOe61ns-Q5MZPGO89_r/s1600/Wavsep+logo.png" title="wavsep toolwar" width="640" /></div> <div style="text-align: justify;"> <b>Wavsep</b> is a <b>Web Application Vulnerability Scanner Evaluation Project.</b> and <b>Wavsep</b> is a <i>vulnerable web application</i> designed to help assessing the features, quality and accuracy of web application vulnerability scanners. </div> <div style="text-align: justify;"> This evaluation platform contains a collection of unique vulnerable web pages that can be used to test the various properties of web application scanners. </div> <div style="text-align: justify;"> Although some of the test cases are vulnerable to additional exposures, the purpose of each test case is to evaluate the detection accuracy of one type of exposure, and thus, “out of scope” exposures should be ignored when evaluating the accuracy of vulnerability scanners.  </div> <div style="text-align: justify;"> <b><br /></b></div> <div style="text-align: justify;"> <b>Download Here :: </b><a href="https://wavsep.googlecode.com/files/wavsep-v1.2-war-linux.zip" target="_blank">Wavsep 1.2</a> (for Linux)<b></b></div> <div style="text-align: justify;">                                <a href="https://wavsep.googlecode.com/files/wavsep-v1.2-war.zip" target="_blank">Wavsep 1.2</a> (for Windows)<b><br /></b></div> <div style="text-align: justify;"> <b>Read More :: </b>https://code.google.com/p/wavsep/</div> </div>

Wavsep (Web Application Vulnerability Scanner) :: Tools

Wavsep is a Web Application Vulnerability Scanner Evaluation Project. and Wavsep is a vulnerable web application designed to help as...

Read more »

WebSecurify (Web Application Security Testing Suite) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="WebSecurify Logo" border="0" height="165" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6oDiePzFfVKkO_hIeIuuwUrY6JK_X5Dj2Qixb9RxFDbSH9HJQhnKNdbrUrhYJgkZvvGLDCGDwSM_WrRrnjNY0SljItRogRVQLCbGVrWM0Lj4E5vwOcNvmid67GVlEJUmenmwit6QPaN3P/s1600/Websecurify+logo.jpg" title="WebSecurify Logo" width="320" /></div> <div style="text-align: justify;"> <b>Websecurify</b> is a <i>web application security testing</i> suite designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. It is available for all major desktop platforms including mobile devices and web via our online security suite. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> Main features of <b>Websecurify</b> include: </div> <ul style="text-align: justify;"> <li>Simple to use user interface. </li> <li>World-class analytical and scanning technology. </li> <li>Available for all major operating systems (Windows, Mac, Linux) including mobile devices (iOS, Android). </li> <li>Easily extensible with the help of add-ons and plugins. </li> <li>Moduler and reusable design. </li> <li>Built-in internationalization support.  </li> <li>Powerful manual testing tools and helper facilities included. </li> <li>Flexible, hassle-free licensing. </li> <li>Innovative in every way.  </li> <li>Frequent updates. </li> <li>Much, much more. </li> </ul> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/PMT_A7YtEAs?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <b>Download Here :: </b><a href="https://websecurify.googlecode.com/files/websecurify-for-firefox-2.1.0.xpi" target="_blank">WebSecurify 2.1.0</a> (for Firefox)<br />                                <a href="https://websecurify.googlecode.com/files/Websecurify%20Suite%201.0.0.tar.gz" target="_blank">WebSecurify Suite 1.0.0</a> (for Linux)<br />                                <a href="https://websecurify.googlecode.com/files/Websecurify%20Suite%201.0.0.exe" target="_blank">WebSecurify Suite 1.0.0</a> (for Windows)<br />                                <a href="https://websecurify.googlecode.com/files/Websecurify%20Suite%201.0.0.dmg" target="_blank">WebSecurify Suite 1.0.0</a> (for MAC)<br /> <b>Official Website :: </b>http://www.websecurify.com/<br /> <ul style="text-align: justify;"> </ul> <div style="text-align: center;"> </div> <div style="text-align: center;"> </div> <div style="text-align: center;"> </div> </div>

WebSecurify (Web Application Security Testing Suite) :: Tools

Websecurify is a web application security testing suite designed from the ground up to provide the best combination of automatic and...

Read more »

Ostinato (Network Packet Crafter/Traffic Generator) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Ostinato tool" border="0" height="219" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjc8RI2nSUpvvqFFqJrsEGNipvYGwMQ2FTCQ49BQbwTK-t6m_jr4H5WqWV15UE7ZVZRCRO4JEFSuz-oVI1PoQwza2ph2hrBpDcLapFzbD-P-CKn_X3SjxAr2oqoUW_djYn2h2eLtt39sBj/s1600/ostinato+logo.jpg" title="Ostinato tool" width="640" /></div> <div style="text-align: justify;"> <b>Ostinato</b> is an open-source, cross-platform <b>network packet crafter/traffic generator</b> and analyzer with a friendly GUI. Craft and send packets of several streams with different protocols at different rates. For the full feature list see below.Ostinato aims to be "Wireshark in Reverse" and become complementary to Wireshark. </div> <h1 style="text-align: justify;"> <span style="font-size: large;">Features</span></h1> <ul style="text-align: justify;"> <li>Runs on Windows, Linux, BSD and Mac OS X (Will probably run on other platforms also with little or no modification but this hasn't been tested) </li> <li>Open, edit, replay and save PCAP files </li> <li>Support for the most common standard protocols </li> <ul> <li>Ethernet/802.3/LLC SNAP </li> <li>VLAN (with QinQ) </li> <li>ARP, IPv4, IPv6, IP-in-IP a.k.a IP Tunnelling (6over4, 4over6, 4over4, 6over6) </li> <li>TCP, UDP, ICMPv4, ICMPv6, IGMP, MLD </li> <li>Any text based protocol (HTTP, SIP, RTSP, NNTP etc.) </li> <li>More protocols in the works ... </li> </ul> <li>Modify any field of any protocol (some protocols allow changing packet fields with every packet at run time e.g. changing IP/MAC addresses) </li> <li>User provided Hex Dump - specify some or all bytes in a packet </li> <li>User defined script to substitute for an unimplemented protocol (EXPERIMENTAL) </li> <li>Stack protocols in any arbitrary order </li> <li>Create and configure multiple streams </li> <li>Configure stream rates, bursts, no. of packets </li> <li>Single client can control and configure multiple ports on multiple computers generating traffic </li> <li>Exclusive control of a port to prevent the OS from sending stray packets provides a controlled testing environment </li> <li>Statistics Window shows realtime port receive/transmit statistics and rates </li> <li>Capture packets and view them (needs Wireshark to view the captured packets) </li> <li>Framework to add new protocol builders easily </li> </ul> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/On64lQYEFlY?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <b>Download Here :: </b><a href="http://ostinato.googlecode.com/files/ostinato-src-0.5.1.tar.gz" target="_blank">Ostinato 0.5.1</a> (Linux)<br />                                <a href="http://ostinato.googlecode.com/files/ostinato-bin-win32-0.5.1.zip" target="_blank">Ositinato win32 0.5.1</a> (Windows)<br /> <b>Source ::</b> http://code.google.com/<br /> <ul style="text-align: justify;"> </ul> <div class="separator" style="clear: both; text-align: center;"> </div> <div class="separator" style="clear: both; text-align: center;"> </div> <div style="text-align: center;"> </div> </div>

Ostinato (Network Packet Crafter/Traffic Generator) :: Tools

Ostinato is an open-source, cross-platform network packet crafter/traffic generator and analyzer with a friendly GUI. Craft and send...

Read more »

Dsniff (Network Auditing and Penetration Testing) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="dsniff logo" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglUy8nXzRshwrinWN2ncP0FaDpYLKIOQs5Y27PszGBcR3CoDhFcwdi-kGlc0Cm9CZTT-uxTsAEkp4gGy6sDWgCGvNHeulvsGzdM-nZMX_xPVe_Ztr9HwuRetrvK8KwwB5q2UtbhWE67EiC/s200/dsniff+logo.png" title="dsniff logo" width="166" /></div> <div style="text-align: justify;"> <b>Dsniff</b> is a collection of tools for network auditing and penetration testing. <b>dsniff</b>, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.</div> <div style="text-align: justify;"> </div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/QTWwNsTj5FA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here :: </b><a href="http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz" target="_blank">dsniff 2.3.tar.gz</a></div> <div style="text-align: justify;"> <b>Official Website :: </b> http://www.monkey.org/</div> </div>

Dsniff (Network Auditing and Penetration Testing) :: Tools

Dsniff is a collection of tools for network auditing and penetration testing. dsniff , filesnarf, mailsnarf, msgsnarf, urlsnarf, and we...

Read more »

Zed Attack Proxy ( Zaproxy ) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="ZAProxy Logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmu0fkacdAzN-GWTtIyI1XINok6jSC1qVPlNiE4-TnxAZ1UesBgsD1o8zq0598LWwrn0_K48Bo-3AMzgdRMhxFYo6Sh3Ze0nN4RV2sTOxOO0ZL0ixnKLkIUryAOAPhyphenhypheng44Kda8MJxtYJxR/s1600/Zed+Attack+Proxy+Logo.png" title="ZAProxy logo" /></div> <div style="text-align: justify;"> The <b>Zed Attack Proxy (ZAP)</b> is an easy to use integrated penetration testing tool for finding <b>vulnerabilities in web applications.</b> It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. <b>ZAProxy</b> provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. </div> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/a-lJafBdAeM?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <b> </b> <b> </b><br /> <b>Download Here :: </b><a href="http://zaproxy.googlecode.com/files/ZAP_2.2.1_Mac_OS_X.zip" target="_blank">ZAP 2.2.1 MAC-OS.zip</a> (for MAC OS)                           <br />                                <a href="http://zaproxy.googlecode.com/files/ZAP_2.2.1_Windows.exe" target="_blank">ZAP 2.2.1.exe </a>(for Windows)                            <br />                                <a href="http://zaproxy.googlecode.com/files/ZAP_2.2.1_Linux.tar.gz" target="_blank">ZAP 2.2.1.tar.gz</a> (for Linux) <b> </b><br /> <b>Official Website ::</b> https://www.owasp.org/</div>

Zed Attack Proxy ( Zaproxy ) :: Tools

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It ...

Read more »

HconSTF Firebase :: Framework

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="HconSTF Firebase logo" border="0" height="124" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie59x9tAQk0z4gWdFP2_zVG1GYhru2Q-ffsIeHFz0fVVWbmFlESGeDp_0EaPo_5EBjV7q8jPR-ll7DpTFN_Ry2bbhg6_OaVIhavnDlThkzqn_f9SWnf0Z5zRxonm4_2do3wWOoioBCWC6d/s640/HconSTF+Logo.jpg" title="HconSTF Firebase logo" width="640" /></div> <br /> <div style="text-align: justify;"> <b>HconSTF Firebase</b> is Fully Customizable, Versatile in Usage can be used in many Web related hacking needs, Simple and easy to use interface, small in size and light on resources. contains hundreds of features for :</div> <ul style="text-align: justify;"> <li>Web Penetration Testing</li> <li>Web Exploits Development</li> <li>Web Malware Analysis</li> <li>OSINT & Cyber spying </li> </ul> <div style="text-align: justify;"> Very comprehensive and plenty of tools for exploitation and supports verbose debugging features for Web Exploit Development. <span style="clear: left; float: left; margin-top: 0px; margin-top: 0px; position: relative; z-index: 10;"></span> <b>HconSTF</b> <b>Firebase</b> contains blend of online and offline tools for Pentesting called 'WebUI'. includes scanners, encoders, and much more. IDB is Integrated database with huge amount of Web payload. Helps in many Open source intelligence based tasks like</div> <ul style="text-align: justify;"> <li>Passive Web & Network Reconnaissance</li> <li>Doxing <br /></li> <li>Cyber Spying</li> <li>Hash cracking</li> </ul> <div style="text-align: justify;"> Encoding / Decoding & hashing Features and tools, supports wide variety of formats, character set and algorithms for making payloads undetectable. Darknets and proxies integrated, Spoofing tools. supports integration with many decoy options, includes many tools for proxies and anonymizing networks.  </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b> PDF Tutorials :: </b><a href="http://www.hcon.in/uploads/1/8/1/9/1819392/quick_malware_analysis_using_hconstf.pdf" target="_blank">Quick Malware Analysis Using HconSTF</a><br />                               <a href="http://www.hcon.in/uploads/1/8/1/9/1819392/http_headers_spoofing_using_hconstf.pdf" target="_blank">HTTP Headers Spoofing Using HconSTF</a></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Download Here :: </b><a href="http://sourceforge.net/projects/hconframework/files/HconFramework-Fire/HconSTF_0.5_Prime/HconSTF_v0.5_Prime.exe" target="_blank">Firebase_0.5.exe</a><b> </b>(for Windows)<b> </b></div> <div style="text-align: justify;">                                <a href="http://sourceforge.net/projects/hconframework/files/HconFramework-Fire/HconSTF_0.5_Prime/HconSTF_v0.5_Linux_x86.tar.bz2" target="_blank">Firebase_0.5.tar.bz2</a> (for Linux)<b><br /></b></div> <div style="text-align: justify;"> <b>Official Website ::</b> http://www.hcon.in/</div> </div>

HconSTF Firebase :: Framework

HconSTF Firebase is Fully Customizable, Versatile in Usage can be used in many Web related hacking needs, Simple and easy to use int...

Read more »

Reaver (WiFi Cracking or Wireless Auditor) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="wifi logo" border="0" height="245" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiV-NPgsuzClXAHxkWhbCHhzK2NTn1xbiJssKhzPeNVEHgd7UYq4a5gjLn5UDIfWLH4CG9pkT_RtThm11mzMWjbpmZVDdzgNsSXDpHyOsvuPneH5OUQPNTcEhToCtCF8mYfP2ZmA-O_BNDM/s320/wifi+logo.jpg" title="wifi logo" width="320" /></div> <div style="text-align: justify;"> <b>Reaver </b>implements a <i>brute force attack</i> against <i>Wifi Protected Setup (WPS)</i> registrar PINs in order to recover WPA/WPA2 passphrases.<b> Reaver</b> is a <i>WPA attack tool </i>developed by <b>Tactical Network Solutions </b> and sold by Reaver Systems, LLC that exploits a protocol design flaw in <i>WiFi Protected Setup (WPS)</i>. This vulnerability exposes a side-channel attack against Wi-Fi Protected Access (WPA) versions 1 and 2 allowing the extraction of the Pre-Shared Key (PSK) used to secure the network. With a well-chosen PSK, the WPA and WPA2 security protocols are assumed to be secure by a majority of the 802.11 security community.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> WPS allows users to enter an 8 digit PIN to connect to a secured network without having to enter a passphrase. When a user supplies the correct PIN the access point essentially gives the user the WPA/WPA2 PSK that is needed to connect to the network. Reaver will determine an access point's PIN and then extract the PSK and give it to the attacker.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> Current attacks against WPA networks involve the computation of rainbow tables based on a dictionary of potential keys and the name (SSID) of the network being attacked. Rainbow tables must be re-generated for each network encountered and are only successful if the PSK is a dictionary word. However, <b>Reaver</b> is not restricted by the limitations of traditional dictionary-based attacks. Reaver is able to extract the WPA PSK from the access point within 4 - 10 hours and roughly 95% of modern consumer-grade access points ship with WPS enabled by default.</div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/eWy5DDc5Hn0?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Download Here :: </b><a href="http://reaver-wps.googlecode.com/files/reaver-1.4.tar.gz" target="_blank">Reaver 1.4.tar.gz</a></div> <div style="text-align: justify;"> <b>Official Website ::  </b>http://www.tacnetsol.com/</div> </div>

Reaver (WiFi Cracking or Wireless Auditor) :: Tools

Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases. R...

Read more »

TOR :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="TOR Logo :: ToolWar" border="0" height="202" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyyARrPvpVxCbs27_V9z_I7eiYf6vKlAU3NSgxPPVrtH8oiCvPx5XVYp_tRUQdSsTNoN-cqZuUykCYKshqTrkRJ6FYg08wKhEL4MAJ-HPtxU4_HQAYY5nSICcYuOEvSgF7zT7gQAGvJz3n/s1600/Tor_project_logo_hq.png" title="TOR Logo :: ToolWar" width="320" /></div> <div style="text-align: justify;"> <b>Tor</b> is a network of <i>virtual tunnels</i> designed to improve privacy and security on the Internet by routing your requests through a series of intermediate machines. It uses a normal <i>proxy server interface</i> so that ordinary Internet applications like web browsers and chat programs can be configured to use it. In addition to helping preserve users' anonymity, <b>Tor</b> can help evade firewall restrictions. <b>Tor's</b> hidden services allow users publish web sites and other services without revealing their identity or location. For a free cross-platform GUI, users recommend Vidalia. Remember that Tor exit nodes are sometimes run by malicious parties and can sniff your traffic, so avoid authenticating using insecure network protocols (such as non-SSL web sites and mail servers). That is always dangerous, but particularly bad when routing through Tor.</div> <div style="text-align: justify;"> <b>Tor</b> protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.</div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/KDNEoddcBSY?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Download Here :: </b><a href="http://www.torproject.org.in/dist/torbrowser/tor-browser-2.2.37-1_en-US.exe" target="_blank">TOR 2.2.37.exe</a><b> (for Windows)</b></div> <div style="text-align: justify;"> <b>Official Website :: </b>http://www.torproject.org.in/ </div> </div>

TOR :: Tools

Tor is a network of virtual tunnels designed to improve privacy and security on the Internet by routing your requests through a serie...

Read more »

OSSIM (Open Source Security Information Management.) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="OSSIM Logo" border="0" height="76" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKHiO374Af3mSSAyULAoG0kCcQsJVpOHnKzFd1sZtjNBW2G8UhmbrtP8agq2Spe3qGKouz9XwP-21bnqVjI68dIP1EnBlYiQxz-IkZ17TIBU4XKfl1m-JdgG3bw0hpwXRNpKUvaESnAC-V/s1600/ossim.jpg" title="OSSIM Logo" width="400" /></div> <div style="text-align: justify;"> <b>OSSIM</b> stands for <b>Open Source Security Information Management</b>. Its goal is to provide a comprehensive compilation of tools which, when working together, grant network/security administrators with a detailed view over each and every aspect of networks, hosts, physical access devices, and servers. OSSIM incorporates several other tools, including Nagios and OSSEC HIDS. <b>OSSIM</b> is a powerful suite of geospatial libraries and applications used to process imagery, maps, terrain, and vector data. The software has been under active development since 1996 and is deployed across a number of private, federal and civilian agencies.  </div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/AfwSZuND8QI?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> <b></b></div> <div style="text-align: justify;"> <br /> <b>Download Here ::  </b><a href="http://download.osgeo.org/ossim/release/latest/rhel5-8/sandbox-x86_64-gcc-4.1/dot_gvm.tgz">dot_gvm.tgz</a></div> <div style="text-align: justify;">                                 <a href="http://download.osgeo.org/ossim/release/latest/windows/omar-server-1.8.16-x86_64-installer.exe">omar-server-1.8.16-x86_64-installer.exe</a></div> <div style="text-align: justify;"> <b>Official Website ::</b> http://trac.osgeo.org</div> </div>

OSSIM (Open Source Security Information Management.) :: Tools

OSSIM stands for Open Source Security Information Management . Its goal is to provide a comprehensive compilation of tools which, when...

Read more »

RainbowCrack (Hash Cracker) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzJYFAQ1ZowEr0O-hBjoYx_in8LWuYgBGp9CG8opPoLR-EnqndzTvJdQpayZzCGTm9GKB8yvaKGFNJh5oT4PP0mjO5psUGVOEghQDswrb0XNcUu4-CqIV3-GCeD08AcRq7lw1fon5zp4el/s1600/rainbowcrack+screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="RainbowCrack :: ToolWar" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzJYFAQ1ZowEr0O-hBjoYx_in8LWuYgBGp9CG8opPoLR-EnqndzTvJdQpayZzCGTm9GKB8yvaKGFNJh5oT4PP0mjO5psUGVOEghQDswrb0XNcUu4-CqIV3-GCeD08AcRq7lw1fon5zp4el/s1600/rainbowcrack+screenshot.png" title="RainbowCrack :: ToolWar" width="400" /></a></div> <div style="text-align: justify;"> <br /> The <b>RainbowCrack</b> tool is a<i> hash cracker </i>that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called <b>"rainbow tables"</b>. It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished. <br /> <b>RainbowCrack</b> is a general propose implementation of <i>Philippe Oechslin's</i> faster time-memory trade-off technique. It crack hashes with rainbow tables.<b> RainbowCrack</b> uses time-memory tradeoff algorithm to crack hashes. It differs from brute force hash crackers.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> A brute force hash cracker generate all possible plaintexts and compute the corresponding hashes on the fly, then compare the hashes with the hash to be cracked. Once a match is found, the plaintext is found. If all possible plaintexts are tested and no match is found, the plaintext is not found. With this type of hash cracking, all intermediate computation results are discarded.</div> <div style="text-align: justify;"> A time-memory tradeoff hash cracker need a pre-computation stage, at the time all plaintext/hash pairs within the selected hash algorithm, charset, plaintext length are computed and results are stored in files called rainbow table. It is time consuming to do this kind of computation. But once the one time pre-computation is finished, hashes stored in the table can be cracked with much better performance than a brute force cracker.</div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/HnXj0Hm7QE4?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <b>Download Here :: </b><a href="http://project-rainbowcrack.com/rainbowcrack-1.5-win32.zip">rainbowcrack-1.5-win32.zip</a> (for Windows)</div> <div style="text-align: justify;">                                 <a href="http://project-rainbowcrack.com/rainbowcrack-1.5-linux32.zip">rainbowcrack-1.5-linux32.zip</a> (for Linux)   </div> <div style="text-align: justify;"> <b>Official Website ::</b> http://project-rainbowcrack.com/</div> </div>

RainbowCrack (Hash Cracker) :: Tools

The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tri...

Read more »

Medusa (Network Login Auditor) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Medusa :: ToolWar" border="0" height="255" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiK3f_MFbnEtHpKhpPlu5AEr0HOMWDTCNtT7ERsvlMInBpQ4WrVB7ZFRlxi1jlprgRtVU1R6Le31k_akZEbQzDS_JYoDjL3Il_Xmtd3nweVcYg1hjtM58kLrq4Hlmcij2WZnXlyeS2ouNAA/s1600/medusaLogo.jpg" title="Medusa :: ToolWar" width="320" /></div> <div style="text-align: justify;"> <b>Medusa </b>is a <i>Parallel Network Login Auditor</i> and <b>Medusa </b>is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application: </div> <ul style="text-align: justify;"> <li><b>Thread-based parallel testing.</b> Brute-force testing can be performed against multiple hosts, users or passwords concurrently. </li> <li><b>Flexible user input.</b> Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing. </li> <li><b>Modular design.</b> Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing. </li> </ul> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/WTpjaYxbITw?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <b>Download Here :: </b>  <a href="http://www.foofus.net/jmk/tools/medusa-2.1.1.tar.gz" target="_blank">Medusa 2.1.1.tar.gz</a><b><br /></b><br /> <b>Official Website :: </b>http://foofus.net/ </div>

Medusa (Network Login Auditor) :: Tools

Medusa is a Parallel Network Login Auditor and Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The ...

Read more »

Ntopng (Network Traffic) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="ntop logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQC-FRUFjRvLyaY9yXMGSelHOEh0UATbuipctkwpL4fDcTGpiq_OG6fGuOqc5CmX6DYVsegpj5rP4yvk6R-mC9ggf8Zg6FgPnUNqyV2K43kGkvcLkFpmpac148XDdV5B_sTjQBPmrkoBGC/s1600/ntop+logo.png" title="ntop logo" /></div> <div style="text-align: justify;"> <b>Ntopng</b>, the next generation version of the original ntop, a <i>network traffic</i> probe that shows the network usage, similar to what the popular top Unix command does. ntopng is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform, MacOSX and on Win32 as well.<b> </b></div> <div style="text-align: justify;"> <b>Ntop</b> shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a Web server, creating an HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics.</div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/-P7C0by-TLA?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: center;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here :: </b><a href="http://sourceforge.net/projects/ntop/files/ntopng/ntopng-1.0.tar.gz/download" target="_blank">ntopng-1.0.tar.g<b>z</b></a><b> </b>(for Linux )<b>  </b></div> <div style="text-align: justify;"> <b>                               </b><a href="http://www.nmon.net/packages/Win32/ntopng-1.0-demo.exe" target="_blank">ntopng-1.0demo.exe</a> (for Windows)  <b> </b><br /> <b>Official Website :: </b>http://www.ntop.org/ </div> </div>

Ntopng (Network Traffic) :: Tools

Ntopng , the next generation version of the original ntop, a network traffic probe that shows the network usage, similar to what the p...

Read more »

Retina Network Security Scanner :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="Retina Network Security Scanner " border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiubNWtpBLmbJ5zJZSm-gdz7mA4T5y-QACUD_rdWidlyjJ7_VlIZN5D2o2FIEvy5sND_8Gdpb0i-B3KgskplhrSDJDXXGI2dOx-jt_KdGbygaLWWfWIftLGqTijaSPk9XAsdsDdCRzyiKZK/s1600/retina_scanner.gif" title="Retina Network Security Scanner " /></div> <h3 style="text-align: justify;"> Retina Network Security Scanner: Integrated Network, Web and Virtual Vulnerability Assessment ::</h3> <div style="text-align: justify;"> With over 10,000 deployments since 1998, BeyondTrust® <b>Retina Network Security Scanner</b> is the most sophisticated vulnerability assessment solution on the market. Available as a standalone application or as part of the Retina CS unified vulnerability management platform, Retina Security Scanner enables you to efficiently identify IT exposures and prioritize remediation enterprise-wide. Retina Network Security Scanner, the industry’s most mature and effective vulnerability scanning technology, identifies the vulnerabilities – missing patches, configuration weaknesses, and industry best practices - to protect an organization’s IT assets. Retina provides cost-effective security risk assessment, as well as enables security best practices, policy enforcement, and regulatory audits.</div> <div style="text-align: justify;"> <br /></div> <div class="box"> <h3 style="text-align: left;"> Why Beyond Trust for Network Security Scanning </h3> <ul class="list" style="text-align: justify;"> <li><b>Discover</b> all network (local and remote), web and virtual assets in your environment</li> <li><b>Reveal</b> at-risk personally identifiable information (PII) and other sensitive data</li> <li><b>Identify</b> system, application, database, OS and web application vulnerabilities via agent-based and/or agentless scanning</li> <li><b>Assess</b> risk and prioritize remediation based on exploitability (from Core Impact®, Metasploit®, Exploit-db), CVSS, & other factors</li> <li><b>Confirm</b> exploitability through penetration testing, with one click to the open-source Metasploit Framework</li> <li><b>Report</b> progress and results to colleagues in management, compliance, audit, risk and other roles</li> <li><b>Analyze</b> threats and gain security intelligence through the optional Retina CS vulnerability management console</li> <li><b>Share</b> data with popular solutions for SIEM, GRC and other security management platforms</li> <li>Full support for VMware environments, including online and offline virtual image scanning, virtual application scanning and integration with vCenter</li> <li>Ability to audit for Personally Identifiable Information (PII) on remote targets</li> </ul> </div> <div style="text-align: justify;"> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/ZxxHl3c9mkQ?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: center;"> </div> </div> <div style="text-align: justify;"> <br /> <b>Download Here :: </b><a href="http://www.beyondtrust.com/Products/RetinaNetworkSecurityScanner/" target="_blank">Retina Scanner Trial</a><b> </b></div> <div style="text-align: justify;"> <b>Official Website ::</b> http://www.beyondtrust.com/</div> </div>

Retina Network Security Scanner :: Tools

Retina Network Security Scanner: Integrated Network, Web and Virtual Vulnerability Assessment :: With over 10,000 deployments si...

Read more »

GFI LanGuard (Network Security and Vulnerability Scanner) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="GFI LanGuard Logo" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcaqnxj6PryFfmdA27PMtg6RTLi_D2RinrCLnRHafGyxaPJRNIoWk3SvBnIBNY4P7sQ8srkEZpziGDQrFZB4SVr4qudT5JnTTnLu3wxxndRRYlMOdipE_hRPoKWZ6ZTpdyfiUfKHWmOjnB/s1600/gfi+languard+logo.jpg" title="GFI LanGuard Logo" /></div> <div style="text-align: justify;"> <b>GFI LanGuard</b> is a network security and vulnerability scanner designed to help with patch management, network and software audits, and vulnerability assessments. The price is based on the number of IP addresses you wish to scan. A free trial version (up to 5 IP addresses) is available.</div> <div style="text-align: justify;"> <br /></div> <div class="listing-content" style="text-align: justify;"> <div class="listing-head"> <b>Patch management: Fix vulnerabilities before an attack</b></div> <div class="rtf-content"> Patch management is vital to your business. Network security breaches are most commonly caused by missing network patches. GFI LanGuard scans and detects network vulnerabilities before they are exposed, reducing the time required to patch machines on your network. GFI LanGuard patches Microsoft ®, Mac® OS X®, Linux® and more than 50 third-party operating systems and applications, and deploys both security and non-security patches.</div> </div> <div style="text-align: justify;"> <br /></div> <div class="listing-head" style="text-align: justify;"> <b>Vulnerability assessment: Discover security threats early</b></div> <div style="text-align: justify;"> More than 50,000 vulnerability assessments are carried out across your networks, including virtual environments. GFI LanGuard scans your operating systems, virtual environments and installed applications through vulnerability check databases such as OVAL and SANS Top 20. GFI LanGuard enables you to analyze the state of your network security, identify risks to the network, determine its degree of exposure, and address how to take action before it is compromised.</div> <div style="text-align: justify;"> <br /></div> <div class="listing-head" style="text-align: justify;"> <b>Network auditing: Analyze your network centrally</b></div> <div style="text-align: justify;"> GFI LanGuard provides a detailed analysis of the state of your network. This includes applications or default configurations posing a security risk. GFI LanGuard also gives you a complete picture of installed applications; hardware on your network; mobile devices that connect to the Exchange servers; the state of security applications (antivirus, anti-spam, firewalls, etc.); open ports; and any existing shares and services running on your machines.</div> <div style="text-align: justify;"> </div> <div style="text-align: center;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/ui6OGUxz0YQ?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <br /> <b>Download Here :: </b><a href="http://www.gfi.com/products-and-solutions/network-security-solutions/gfi-languard/download" target="_blank">GFI LanGuard Trial</a><b> </b></div> <div style="text-align: justify;"> <b>Official Website ::</b> http://www.gfi.com/</div> <div style="text-align: justify;"> </div> </div>

GFI LanGuard (Network Security and Vulnerability Scanner) :: Tools

GFI LanGuard is a network security and vulnerability scanner designed to help with patch management, network and software audits, and ...

Read more »

AppScan (Automates Application Security Testing) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx8YPLDg0utLh0EPbSdrLn4k-qEIsYaJriNRe839ymoJtopG6opHEI6k2EyXF-zKLYHNategTWApxVIkRCPjNK3Vz5xXWAeopPY9pF7zfL_EC4upmJp5CpballXpiDa014AMp9cMGmkkpd/s1600/appscan_logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx8YPLDg0utLh0EPbSdrLn4k-qEIsYaJriNRe839ymoJtopG6opHEI6k2EyXF-zKLYHNategTWApxVIkRCPjNK3Vz5xXWAeopPY9pF7zfL_EC4upmJp5CpballXpiDa014AMp9cMGmkkpd/s1600/appscan_logo.png" /></a></div> <div style="text-align: justify;"> <b>IBM Security AppScan</b> software automates application security testing by scanning applications, identifying vulnerabilities and generating reports with intelligent fix recommendations to ease remediation. </div> <div style="text-align: justify;"> <b>AppScan</b> provides security testing throughout the application development lifecycle, easing unit testing and security assurance early in the development phase. Appscan scans for many common vulnerabilities, such as cross site scripting, HTTP response splitting, parameter tampering, hidden field manipulation, backdoors/debug options, buffer overflows and more. AppScan was merged into IBM's Rational division after IBM purchased its original developer (Watchfire) in 2007.</div> <br /> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/bLOTiObtNLo?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: center;"> <b> </b></div> <b> </b> <b> </b><br /> <b>Download Here ::  </b> <a href="http://www-03.ibm.com/software/products/us/en/appscan/" target="_blank">AppScan Trial</a><b><br /></b><br /> <b>Official Website :: </b>http://www-03.ibm.com</div>

AppScan (Automates Application Security Testing) :: Tools

IBM Security AppScan software automates application security testing by scanning applications, identifying vulnerabilities and generat...

Read more »

Netsparker (Web Application Security Scanner) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <img alt="netsparker logo" border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicMGrfOExKRYZTaQVyTdfHiWt-z5hlFOGb-jetJ4qBhS-ehtZKfmqajzNgrERuXbA8XaLQbut0_2wHGyY1z0w6415SADANeramfxe6Q9GM0nJ1FJ_cc_JQfaP-olfXaWJohX6S2CeTgiTW/s1600/netsparker+logo.jpg" title="netsparker logo" width="200" /></div> <br /> <div style="text-align: justify;"> <b>Netsparker</b> is the only False-positive-free web application security scanner. Simply point it at your website and it will automatically discover the flaws that could leave you dangerously exposed. <b>Netsparker</b> is a web application security scanner, with support for both detection and exploitation of vulnerabilities. It aims to be false positive–free by only reporting confirmed vulnerabilities after successfully exploiting or otherwise testing them.</div> <div style="text-align: justify;"> With its unique <b>False-Positive Free</b> guarantee, Netsparker is the only web application security scanner that uses a built-in exploitation engine to positively confirm vulnerabilities, leaving you free to spend your time eliminating threats, not proving them.</div> <div style="text-align: justify;"> Netsparker’s <b>Post Exploitation</b> feature takes automated exploitation to the next level, revealing additional insight into your security infrastructure that no other automated testing product can match.</div> <div style="text-align: justify;"> And with <b>Integrated Exploitation</b> you can manually exploit identified vulnerabilities directly from within Netsparker, enabling you to see the real impact of an attack just by clicking a button.</div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/ZszVng1qC4g?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here :: </b><a href="https://www.mavitunasecurity.com/demo/" target="_blank">Netsparker Demo</a><b> </b></div> <div style="text-align: justify;"> <b>Official Website :: </b> https://www.mavitunasecurity.com/</div> </div>

Netsparker (Web Application Security Scanner) :: Tools

Netsparker is the only False-positive-free web application security scanner. Simply point it at your website and it will automaticall...

Read more »

HosProxy (HTTP to SMTP Proxy) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLBxI1RnSP18NLjVt5I0QjbdHaiR-Fshh1E_VEvvQcMdQENM0ZPMBdUK8lm38zoBWPgjKA009eLSPWbOLSyLpX4U7eW8wslkOt5rd-s_cqgMyFp2W4Da3Wgb3Bbgc74tRip8au6LmBAAkn/s1600/hosproxy.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="hosproxy :: toolwar" border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLBxI1RnSP18NLjVt5I0QjbdHaiR-Fshh1E_VEvvQcMdQENM0ZPMBdUK8lm38zoBWPgjKA009eLSPWbOLSyLpX4U7eW8wslkOt5rd-s_cqgMyFp2W4Da3Wgb3Bbgc74tRip8au6LmBAAkn/s1600/hosproxy.png" title="Hosproxy :: toolwar" width="289" /></a></div> <div style="text-align: justify;"> <b>HosProxy</b> is a <i>HTTP to SMTP proxy</i> or we can say that this is a<i> HTTP tunneler</i>. <b>HosProxy</b> is a tool designed to let you access the web in a LAN without internet connection but with access to an E-mail system only. HoS means Http over SMTP, that is to say, using the E-mail system as http-proxy to navigate the web.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>HoSProxy is made up of two parts:</b> </div> <div style="text-align: justify;"> <b>HosTunnel</b>: You need an external server (outside LAN) which must be running HoSTunnel (with root privileges to listen on port 25) and which receives and sends emails with encoded and packaged http requests/responses.</div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>HoSProxy</b>: An internal proxy connected to the web browser, that sends HTTP request trough emails via the company SMTP server, and polls for responses in the company POP/IMAP server. </div> <div style="text-align: justify;"> <br /></div> <div style="text-align: justify;"> <b>Download Here :: <a href="http://www.edge-security.com/soft/hosProxy-1.0.tar.gz" target="_blank">HosProxy1.0</a> </b></div> <div style="text-align: justify;"> <b>Official Website ::</b> </div> </div>

HosProxy (HTTP to SMTP Proxy) :: Tools

HosProxy is a HTTP to SMTP proxy or we can say that this is a HTTP tunneler . HosProxy is a tool designed to let you access the web ...

Read more »

ProxyStrike (Web Application Proxy) :: Tools

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEge78U7MQQKmBqqrofRPUEQ8S5bYcppmr1mk7FrI-pqVmZXoW3WPniXtP2cfLNP1GdtGlQzq165Y2DSHUK7MACZoWV7Bu4izxybRx63m-unu5dcdFSeHnTLGfhyI6rsmrtNjga-GHs1EE8F/s1600/proxystrike+logo.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="86" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEge78U7MQQKmBqqrofRPUEQ8S5bYcppmr1mk7FrI-pqVmZXoW3WPniXtP2cfLNP1GdtGlQzq165Y2DSHUK7MACZoWV7Bu4izxybRx63m-unu5dcdFSeHnTLGfhyI6rsmrtNjga-GHs1EE8F/s1600/proxystrike+logo.jpg" width="400" /></a></div> <div style="text-align: justify;"> <b>ProxyStrike v2.1</b> is an active Web Application Proxy. It's a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so we came with this proxy. </div> <div style="text-align: justify;"> Right now it has available Sql injection and XSS plugins. Both plugins are designed to catch as many vulnerabilities as we can, it's that why the SQL Injection plugin is a Python port of the great DarkRaver "Sqlibf". </div> <div style="text-align: justify;"> The process is very simple, ProxyStrike runs like a proxy listening in port 8008 by default, so you have to browse the desired web site setting your browser to use ProxyStrike as a proxy, and ProxyStrike will analyze all the paremeters in background mode. For the user is a passive proxy because you won't see any different in the behaviour of the application, but in the background is very active. :) </div> <div style="text-align: justify;"> <br /></div> <div class="separator" style="clear: both; text-align: center;"> <iframe allowfullscreen="allowfullscreen" frameborder="0" height="266" mozallowfullscreen="mozallowfullscreen" src="https://www.youtube.com/embed/l8kioy4QX7U?feature=player_embedded" webkitallowfullscreen="webkitallowfullscreen" width="320"></iframe></div> <div style="text-align: center;"> </div> <div style="text-align: justify;"> </div> <div style="text-align: justify;"> <br /> <b>Download Here :: </b><a href="http://proxystrike.googlecode.com/files/proxystrike-2.2.tar.bz2">ProxyStrike-2.2.tar.gz</a> (for Linux)<br />                                <a href="http://proxystrike.googlecode.com/files/ProxyStrike-2.2.zip" target="_blank">ProxyStrike-2.2.zip  </a>(for Windows)<b>  </b></div> <div style="text-align: justify;"> <b>Official Website ::</b> http://www.edge-security.com/proxystrike.php</div> </div>

ProxyStrike (Web Application Proxy) :: Tools

ProxyStrike v2.1 is an active Web Application Proxy. It's a tool designed to find vulnerabilities while browsing an application....

Read more »