Extundelete binary system play binary options demo account without registering online
With FUSE capabilities built in. This code dissects the internal data structures in ELF files. Deepmagic Information Gathering Tool. Gathers information about hosts. It is able to gather possible subdomains, email addresses, and uptime information and run tcp port scans, whois lookups, and more.
Script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. Nasty creature constantly searching for DNS servers. It uses standard dns queries and waits for the replies. Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks. A flexible fuzzer, not only for web, has a CSV output for efficient output analysis platform independant.
This is a small python tool that scans websites to look for PHP shells, backups, admin panels, and more. This is a custom EIGRP packet generator and sniffer developed to test the security and overall operation quality of this brilliant Cisco routing protocol.
A tool to decode obfuscated shellcodes using the unicorn-engine for the emulation and the capstone-engine to print the asm code. Tool which aims to lure attackers using various types of web vulnerability scanners by tricking them into believing that they have found a vulnerability on a host. Windows tool which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. Man-in-the-middle attack framework used for phishing credentials and session cookies of any web service.
Modular framework that takes advantage of poor upgrade implementations by injecting fake updates. Looks for all export and import names that contain a specified string in all Portable Executable in a directory tree. Irregular methods on regular expressions. Exrex is a command line tool and python module that generates all - or random - matching strings to a given regular expression and more.
It's pure python, without external dependencies. Designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. This script tries to guess passwords for a given facebook account using a list of passwords dictionary.
Black Alchemy's Fake AP generates thousands of counterfeit Hide in plain sight amongst Fake AP's cacophony of beacon frames. Designed for distribution, indexation and analyze of the generated data during the process of a security audit. This is a framework for HTTP related attacks. It is written in Perl with a GTK interface, has a proxy for debugging and manipulation, proxy chaining, evasion rules, and more. A little tool for local and remote file inclusion auditing and exploitation.
A penetration testing tool that allows you to punch reverse TCP tunnels out of a compromised network. A console program to recover files based on their headers, footers, and internal data structures. Simple and fast forking port scanner written in perl. Can only scan one host at a time, the forking is done on the specified port range.
Or on the default range of This is a utility to parse a F-Prot Anti Virus log file, in order to sort them into a malware archive for easier maintanence of your collection. Its primary purpose is to help detecting file race condition vulnerabilities and since version 3, to exploit them with loadable DSO modules also called "payload modules" or "paymods".
Automates file system mirroring through remote file disclosure vulnerabilities on Linux machines. FTP investigation tool - Scans ftp server for the following: It sends a bunch of more or less bogus packets to the host of your choice.
A simple tool designed to help out with crash analysis during fuzz testing. It selectively 'un-fuzzes' portions of a fuzzed file that is known to cause a crash, re-launches the targeted application, and sees if it still crashes. This little tools is designed to get geolocalization information of a host, it get the information from two sources maxmind and geoiptool. Like doing 'lsnrctl service'. A Google scraper which performs automated searches and returns results of search queries in the form of URLs or hostnames.
Halberd discovers HTTP load balancers. It is useful for web application security auditing and for load balancer configuration testing. An small application designed to analyze your system searching for global objects related to running proccess and display information for every found object, like tokens, semaphores, ports, files,..
A tool that allows you to quickly hash plaintext strings, or compare hashed values with a plaintext locally. A Python framework for finding C structures from process memory - heap analysis - Memory structures forensics. Script that listens on TCP port and responds with completely bogus SSL heartbeat responses, unless it detects the start of a byte pattern similar to that used in Jared Stafford's.
A very versatile packet injector and sniffer that provides a command-line framework for raw network access. A database application designed for administering and auditing multiple database servers simultaneously from a centralized location. This tool can perform man-in-the-middle and switch flooding attacks. It has 4 major functions, 3 of which attempt to man-in-the-middle one or more computers on a network with a passive method or flood type method.
A general-use fuzzer that can be configured to use known-good input and delimiters in order to fuzz specific locations. A high-interaction Honey Pot solution designed to log all SSH communications between a client and server.
A hook tool which can be potentially helpful in reversing applications and analyzing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
A python script which tests http methods for configuration issues leaking information or just to see if they are enabled. Hotspotter passively monitors the network for probe request frames to identify the preferred networks of Windows XP clients, and will compare it to a supplied list of common hotspot network names. A Python script that exploits a weakness in the way that. A slow HTTP denial-of-service tool that works similarly to other attacks, but rather than leveraging request headers or POST data Bog consumes sockets by slowly reading responses.
A set of shell tools that let you manipulate, send, receive, and analyze HTTP messages. These tools can be used to test, discover, and assert the security of Web servers, apps, and sites. An accompanying Python library is available for extensions.
An AppleID password bruteforce tool. Search for information related to a domain: A tool for bruteforcing encoded strings within a boundary defined by a regular expression. It will bruteforce the key value range of 0x1 through 0x It's a tool that launchs an online dictionary attack to test for weak or simple passwords against protected areas on an IIS Web server.
Tool crafting IKE initiator packets and allowing many options to be manually set. Useful to find overflows, error conditions and identifiyng vendors. A software suite for simulating common internet services in a lab environment, e. Tool for gathering e-mail accounts information from different public sources search engines, pgp key servers.
A free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler. A next generation sniffer including a lot of features: A proof-of-concept tool for identification of cryptographic keys in binary material regardless of target operating system , first and foremost for memory dump analysis and forensic usage.
An ids evasion tool, used to anonymously inundate intrusion detection logs with false positives in order to obfuscate a real attack. Interactive sip toolkit for packet manipulations, sniffing, man in the middle attacks, fuzzing, simulating of dos attacks. Simple html parsing tool that extracts all form related information and generates reports of the data.
Allows for quick analyzing of data. Penetration testing tool that would take as input a list of domain names, scan them, determine if wordpress or joomla platform was used and finally check them automatically, for web vulnerabilities using two well-known open source tools, WPScan and Joomscan. A tool that lets you intercept methods, alter data and otherwise hack Java applications running on your computer. A utility to create dictionary files that will crack the default passwords of select wireless gateways.
You can draw a graphical representation of your network, and jNetMap will periodically check if the devices are still up or a service is still running. You can also set up E-mail notifications or let jNetMap execute a script when a device goes down or comes up again. This php script fingerprints a given Joomla system and then uses Packet Storm's archive to check for bugs related to the installed components.
Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. A framework that seeks to unite general auditing tools, which are general pentesting tools Network,Web,Desktop and others.
A medium interaction SSH honeypot designed to log brute force attacks and most importantly, the entire shell interaction by the attacker. A Windows post-exploitation rootkit similar to other penetration testing tools such as Meterpreter and Powershell Empire. A web application fingerprinting engine written in Perl that combines cryptography with IDS evasion. A collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments.
A mass audit toolkit which has wide range service discovery, brute force, SQL injection detection and running custom exploit capabilities. A simple tool to help in the fuzzing for, finding, and exploiting of local file inclusion vulnerabilities in Linux-based PHP applications.
This is a simple perl script that enumerates local file inclusion attempts when given a specific target.
Post discovery, simply pass the affected URL and vulnerable parameter to this tool. This script is used to take the highest beneficts of the local file include vulnerability in a webserver. Remotely dump RAM of a Linux client and create a volatility profile for later analysis on your local host.
It is a stable OS for security professional. With the "Anonymous Mode" , you can browse the internet or send packets anonymously. There are lots of inbuilt tools like netool ,websploit , burpsuite , web analysis tools , social engineering tools and other pentesting tools. Penetration testing tool, search in a collection of thousands of private SSL keys extracted from various embedded devices.
Lodowep is a tool for analyzing password strength of accounts on a Lotus Domino webserver system. A penetration tester productivity tool designed to allow easy and straightforward data consolidation, querying, external command execution and report generation. An open source penetration testing tool written in python, that serves Metasploit payloads.
It's written in python, and uses inotify pyinotify to monitor file system activity. An open source intelligence and forensics application, enabling to easily gather information about DNS, domains, IP addresses, websites, persons, etc. Originated as a fork of mwcrawler. It retrieves malware directly from the sources as listed at a number of sites. Python script that detects malicious files via checking md5 hashes from an offline set or via the virustotal site. It has http proxy support and an update feature.
Tool to scan Web application and networks and easily and complete the information gathering process. A free fast traffic generator written in C which allows you to send nearly every possible and impossible packet. A small, non-interactive utility that scans mail folders for messages matching regular expressions. It does matching against basic and extended POSIX regular expressions, and reads and writes a variety of mailbox formats.
An ELF fuzzer that mutates the existing data in an ELF sample given to create orcs malformed ELFs , however, it does not change values randomly dumb fuzzing , instead, it fuzzes certain metadata with semi-valid values through the use of fuzzing rules knowledge base. A way to take shellcode, inject it into memory then tunnel whatever port you want to over SSH to mask any type of communications as a normal SSH connection.
Tool for scanning the HTTP methods supported by a webserver. It works by testing a URL and checking the responses for the different requests. A network reconnaissance tool designed to facilitate large address space,high speed node discovery and identification. A command-line program which decodes or generates audio modem tones at any specified baud rate, using various framing protocols. A multi-platform application used to audit web sites in order to discover and exploit SQL injection vulnerabilities.
Shell Script for launching a Fake AP with karma functionality and launches ettercap for packet capture and traffic manipulation. A man-in-the-middle and phishing attack tool that steals the victim's credentials of some web services like Facebook. A local network host discovery tool.
In passive mode, it will listen for ARP request and reply packets. A password cracking tool written in perl to perform a dictionary-based attack on a specific Facebook user through HTTPS.
A cracking tool written in Perl to perform a dictionary-based attack on various hashing algorithm and CMS salted-passwords. A tool aimed at analyzing and capturing data that is hidden between frames in an MP3 file or stream, otherwise noted as "out of band" data. This project aims to be a wordlist mutator with hormones, which means that some mutations will be applied to the result of the ones that have been already done, resulting in something like: This tool could be used to check windows workstations and servers if they have accessible shared resources.
Small and handful utility design to alter the contents of packets forwarded thru network in real time. An open source tool for reverse engineering, traffic generation and fuzzing of communication protocols. A tool for extracting files from the network in real-time or post-capture from an offline tcpdump pcap savefile. A netgear switch discovery tool.
It contains some extra features like bruteoforce and setting a new password. A website scanner that monitors websites in realtime in order to detect defacements, compliance violations, exploits, sensitive information disclosure and other issues. An active fingerprinting utility specifically designed to identify the OS the NTP server is running on. Script to pull addresses from a NTP server using the monlist command. Can also output Maltego resultset. Tool that can be used to enumerate OS information, domain information, shares, directories, and users through SMB null sessions.
These files contain streams of data. This tool allows you to analyze these streams. Hash files, strings, input streams and network resources in various common algorithms simultaneously. A tool implemented in Java for generic steganography, with support for password-based encryption of the data. A security tool implementing "attacks" to be able to the resistance of firewall to protocol level attack. Framework based on fingerprint action, this tool is used for get information on a website or a enterprise target with multiple modules Viadeo search,Linkedin search, Reverse email whois, Reverse ip whois, SQL file forensics This tool can crack passwords which are encrypted using Oracle's latest SHA1 based password protection algorithm.
It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark. The existing version can be updated on these platforms. With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software.
A real time packet processor. Reads the packet from an input module, match the packet using rules and connection tracking information and then send it to a target module. A network auditing tool. Its value is derived from its ability to customize, inject, monitor, and manipulate IP traffic. A demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.
A tool that automates the process of search and retrieval of content for common log and config files through LFI vulnerability. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own softwares or protect your privacy with anonymity and crypto tools.
The target memory is scanned to lookup specific OpenSSL patterns. Checks for PATH substitution vulnerabilities and logs the commands executed by the vulnerable executables.
A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction. A security suite that packs security and stability testing oriented tools for networks and systems. A forensics tool that can extract all files from an executable file created by a joiner or similar. A python open source phishing email tool that automates the process of sending phishing emails as part of a social engineering test.
An whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applications. It can generates indented pseudo-code with colored syntax.
This is a tool written in Python that will scan for PLC devices over s7comm or modbus protocols. Passively discover, scan, and fingerprint link-local peers by the background noise they generate i. Automated exploitation of invalid memory writes being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption.
A tool that lets you dump the memory contents of a process to a file without stopping the process. Automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised. An experimental unix driver IOCTL security tool that is useful for fuzzing and discovering device driver attack surface.
A jar file that will send POST requests to servers in order to test for the hash collision vulnerability discussed at the Chaos Communication Congress in Berlin. Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available incl. A Professional PE file Explorer for reversers, malware researchers and those who want to statically inspect PE files in more details.
Provides a command line interface and a C library to manipulate the address space of a running program on Linux. Checks if your network adapter s is running in promiscuous mode, which may be a sign that you have a sniffer running on your computer. A password hashing tool that use the crypt function to generate the hash of a string given on standard input.
A python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing. Password cracker based on the faster time-memory trade-off. A tool to support security professionals to access and interact with remote Microsoft Windows based systems. A small program which lists the information for all of the entries in any phonebook file.
Androguard 12 Reverse engineering, Malware and goodware analysis of Android applications and more. Armitage A graphical cyber attack management tool for Metasploit. It can identify about different ciphers. Advanced control and management tool batman-adv Much better and faster than ftrace. It is designed to complement tcpdump, which by itself has done a great job at capturing network traffic. Blindelephant 7 A web application fingerprinter. Attempts to discover the version of a known web application by comparing static files at known locations blindsql 1.
Browser-fuzzer 3 Browser Fuzzer 3 brut3k1t Brutus 2 One of the fastest, most flexible remote password crackers you can get your hands on.
Bruteforces the Passkey and the Link key from captured Pairing exchanges. Cfr Another Java decompiler. Sessions and fetch application data from snoop or tcpdump logs. Cisco-auditing-tool 1 Perl script which scans cisco routers for common vulnerabilities. Checks for default passwords, easily guessable community names, and the IOS history bug. Includes support for plugins and scanning multiple hosts. Clamscanlogparser 1 This is a utility to parse a Clam Anti Virus log file, in order to sort them into a malware archive for easier maintanence of your malware collection.
Built upon cfscrape module. LetDown is a powerful tcp flooder ReverseRaider is a domain scanner that use wordlist scanning or reverse resolution scanning Httsquash is an http server scanner, banner grabber and data retriever configpush 0. Offers geolocation information gathering through social networking platforms. It is developed to support protocols that are not currently supported by thc-hydra and other popular brute forcing tools.
It runs on Unix-like operating systems and on Microsoft Win With FUSE capabilities built in. Dissector 1 This code dissects the internal data structures in ELF files. Gathers information about hosts. It is able to gather possible subdomains, email addresses, and uptime information and run tcp port scans, whois lookups, and more. It uses standard dns querys and waits for the replies.
Domain-stats A web API to deliver domain information from whois and alexa. Dracnmap Tool to exploit the network and gathering information with nmap help. Dumpzilla A forensic tool for firefox. Indirect wireless pivots using hostile portal attacks. Enabler 1 Attempts to find the enable password on a cisco system via brute force. Digihome Pvr Manual Arts here. Exitmap 3 A fast and modular scanner for Tor exit relays. Facebot A facebook profile and reconnaissance system.
Hide in plain sight amongst Fake AP's cacophony of beacon frames. Designed for distribution, indexation and analyze of the generated data during the process of a security audit.
It is written in Perl with a GTK interface, has a proxy for debugging and manipulation, proxy chaining, evasion rules, and more. Fileintel A modular Python application to pull intelligence about malicious files.
Firmware-mod-kit Modify firmware images without recompiling. Forkingportscanner 1 Simple and fast forking port scanner written in perl. Can only scan on host at a time, the forking is done on the specified port range. Or on the default range of 1. Fpdns Program that remotely determines DNS server versions. Fprotlogparser 1 This is a utility to parse a F-Prot Anti Virus log file, in order to sort them into a malware archive for easier maintanence of your collection.
Its primary purpose is to help detecting file race condition vulnerabilities and since version 3, to exploit them with loadable DSO modules also called 'payload modules' or 'paymods'. Ftp-fuzz The master of all master fuzzing scripts specifically targeted towards FTP server sofware. It sends a bunch of more or less bogus packets to the host of your choice.
It selectively 'un-fuzzes' portions of a fuzzed file that is known to cause a crash, re-launches the targeted application, and sees if it still crashes.
Giskismet A program to visually represent the Kismet data in a flexible manner. Gittools A repository with 3 tools for pwn'ing websites with. With drivers for usrp and fcd. Basically it detects some kind of vulnerabilities in your website. It is useful for web application security auditing and for load balancer configuration testing. Hexorbase 6 A database application designed for administering and auditing multiple database servers simultaneously from a centralized location.
Hharp 1beta This tool can perform man-in-the-middle and switch flooding attacks. It has 4 major functions, 3 of which attempt to man-in-the-middle one or more computers on a network with a passive method or flood type method.
It can hook to an API in a process and search for a pattern in memory or dump the buffer. These tools can be used to test, discover, and assert the security of Web servers, apps, and sites.