Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels

Channel Catalog

Channel Description:

KitPloit Provide You Security Tools, New Updated, Released Apps, Ethical Hacking, Computer Security, Vulnerability Scanning, Forensics...

older | 1 | .... | 31 | 32 | (Page 33) | 34 | 35 | .... | 114 | newer

    0 0

    BlackArch Linux ISOs including more than 1000 tools and lot's of improvements. Also, armv6h and armv7h repositories are filled with more than 1050 tools.

    A short ChangeLog:
    • - tool fix: beef
    • - fixed pam issues
    • - added services and login.defs file
    • - removed kde/openbox and i3-debug menu items from lxdm
    • - fixed blackarch keyring issue
    • - disabled dhcpcd service
    • - upgraded menu entries for awesome, openbox and fluxbox
    • - upgraded tools
    • - added a bunch of new tools (contains now more than 1050 tools)
    • - upgraded archiso profile
    • - and more ...

    Tool count: 1067

    Name Version Description Homepage
    0trace 1.5 A hop enumeration tool
    3proxy Tiny free proxy server.
    3proxy-win32 Tiny free proxy server.
    42zip 42 Recursive Zip archive bomb.
    acccheck 0.2.1 A password dictionary attack tool that targets windows authentication via the SMB protocol.
    ace 1.10 Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface
    admid-pack 0.1 ADM DNS spoofing tools - Uses a variety of active and passive methods to spoof DNS packets. Very powerful.
    adminpagefinder 0.1 This python script looks for a large amount of possible administrative interfaces on a given site.
    admsnmp 0.1 ADM SNMP audit scanner.
    aesfix 1.0.1 A tool to find AES key in RAM
    aeskeyfind 1.0 A tool to find AES key in RAM
    aespipe 2.4c Reads data from stdin and outputs encrypted or decrypted results to stdout.
    afflib 3.7.1 An extensible open format for the storage of disk images and related forensic information
    afpfs-ng 0.8.1 A client for the Apple Filing Protocol (AFP)
    against 0.2 A very fast ssh attacking script which includes a multithreaded port scanning module (tcp connect) for discovering possible targets and a multithreaded brute-forcing module which attacks parallel all discovered hosts or given ip addresses from a list.
    aiengine 315.7d1c555 A packet inspection engine with capabilities of learning without any human intervention.
    aimage 3.2.5 A program to create aff-images.
    air 2.0.0 A GUI front-end to dd/dc3dd designed for easily creating forensic images.
    airflood 0.1 A modification of aireplay that allows for a DOS in in the AP. This program fills the table of clients of the AP with random MACs doing impossible new connections.
    airgraph-ng 2371 Graphing tool for the aircrack suite
    airoscript 45.0a122ee A script to simplify the use of aircrack-ng tools.
    airpwn 1.4 A tool for generic packet injection on an 802.11 network.
    allthevhosts 1.0 A vhost discovery tool that scrapes various web applications
    androguard 1.9 Reverse engineering, Malware and goodware analysis of Android applications and more.
    android-apktool 1.5.2 A tool for reengineering Android apk files.
    android-ndk r9c Android C/C++ developer kit.
    android-sdk-platform-tools r19 Platform-Tools for Google Android SDK (adb and fastboot)
    android-sdk r22.3 Google Android SDK
    android-udev-rules 8181.da07974 Android udev rules.
    androidsniffer 0.1 A perl script that lets you search for 3rd party passwords, dump the call log, dump contacts, dump wireless configuration, and more.
    anontwi 1.0 A free software python client designed to navigate anonymously on social networks. It supports and
    aphopper 0.3 AP Hopper is a program that automatically hops between access points of different wireless networks.
    apnbf 0.1 A small python script designed for enumerating valid APNs (Access Point Name) on a GTP-C speaking device.
    arachni 1.0.2 A feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.
    arduino 1.0.5 Arduino SDK (includes patched avrdude and librxtx)
    argus Network monitoring tool with flow control.
    argus-clients Network monitoring client for Argus.
    armitage 140715 A graphical cyber attack management tool for Metasploit.
    arp-scan 1.9 A tool that uses ARP to discover and fingerprint IP hosts on the local network
    arpalert 2.0.12 Monitor ARP changes in ethernet networks
    arpantispoofer A utility to detect and resist BIDIRECTIONAL ARP spoofing. It can anti-spoof for not only the local host, but also other hosts in the same subnet. It is also a handy helper for gateways which don't work well with ARP.
    arpoison 0.6 The UNIX arp cache update utility
    arpon 2.7 A portable handler daemon that make ARP protocol secure in order to avoid the Man In The Middle (MITM) attack through ARP Spoofing, ARP Cache Poisoning or ARP Poison Routing (APR) attacks.
    arpwner 26.f300fdf GUI-based python tool for arp posioning and dns poisoning attacks.
    artillery 1.0.2 A combination of a honeypot, file-system monitoring, system hardening, and overall health of a server to create a comprehensive way to secure a system
    asleap 2.2 Actively recover LEAP/PPTP passwords.
    asp-audit 2BETA An ASP fingerprinting tool and vulnerability scanner.
    athena-ssl-scanner 0.5.2 a SSL cipher scanner that checks all cipher codes. It can identify about 150 different ciphers.
    atstaketools 0.1 This is an archive of various @Stake tools that help perform vulnerability scanning and analysis, information gathering, password auditing, and forensics.
    auto-xor-decryptor 3.6a1f8f7 Automatic XOR decryptor tool.
    autopsy 2.24 A GUI for The Sleuth Kit.
    azazel 10.401e3aa A userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit.
    b2sum 20140114 BLAKE2 file hash sum check. Computes the BLAKE2 (BLAKE2b or -s, -bp, -sp) cryptographic hash of a given file.
    backcookie 34.66b0a27 Small backdoor using cookie.
    backdoor-factory 91.20fe713 Patch win32/64 binaries with shellcode.
    backfuzz 36.8e54ed6 A network protocol fuzzing toolkit.
    balbuzard 65.546c5dcf629c A package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc).
    bamf-framework 35.30d2b4b A modular framework designed to be a platform to launch attacks against botnets.
    basedomainname 0.1 Tool that can extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names.
    batman-adv 2013.4.0 batman kernel module, (included upstream since .38)
    bbqsql 1.2 SQL injection exploitation tool.
    bdfproxy 37.7b6221b Patch Binaries via MITM: BackdoorFactory + mitmProxy
    bed 0.5 Collection of scripts to test for buffer overflows, format string vulnerabilities.
    beef The Browser Exploitation Framework that focuses on the web browser
    beholder 0.8.9 A wireless intrusion detection tool that looks for anomalies in a wifi environment.
    beleth 36.0963699 A Multi-threaded Dictionary based SSH cracker.
    bfbtester 2.0.1 Performs checks of single and multiple argument command line overflows and environment variable overflows
    bgp-md5crack 0.1 RFC2385 password cracker
    bing-ip2hosts 0.4 Enumerates all hostnames which Bing has indexed for a specific IP address.
    bing-lfi-rfi 0.1 This is a python script for searching Bing for sites that may have local and remote file inclusion vulnerabilities.
    binwalk 2.0.1 A tool for searching a given binary image for embedded files.
    binwally 3.ca092a7 Binary and Directory tree comparison tool using the Fuzzy Hashing concept (ssdeep).
    bios_memimage 1.2 A tool to dump RAM contents to disk (aka cold boot attack).
    birp 60.1d7c49f A tool that will assist in the security assessment of mainframe applications served over TN3270.
    bittwist 2.0 A simple yet powerful libpcap-based Ethernet packet generator. It is designed to complement tcpdump, which by itself has done a great job at capturing network traffic.
    bkhive 1.1.1 Program for dumping the syskey bootkey from a Windows NT/2K/XP system hive.
    blackarch-menus 0.2 BlackArch specific XDG-compliant menu
    blackhash 0.2 Creates a filter from system hashes
    bletchley 0.0.1 A collection of practical application cryptanalysis tools.
    blindelephant 7 A web application fingerprinter. Attempts to discover the version of a (known) web application by comparing static files at known locations
    blindsql 1.0 Set of bash scripts for blind SQL injection attacks
    bluebox-ng 65.33a19a8 A GPL VoIP/UC vulnerability scanner.
    bluebugger 0.1 An implementation of the bluebug technique which was discovered by Martin Herfurt.
    bluelog 1.1.1 A Bluetooth scanner and sniffer written to do a single task, log devices that are in discoverable mode.
    bluepot 0.1 A Bluetooth Honeypot written in Java, it runs on Linux
    blueprint 0.1_3 A perl tool to identify Bluetooth devices.
    blueranger 1.0 A simple Bash script which uses Link Quality to locate Bluetooth device radios.
    bluesnarfer 0.1 A bluetooth attacking tool
    bmap-tools 3.2 Tool for copying largely sparse files using information from a block map file.
    bob-the-butcher 0.7.1 A distributed password cracker package.
    bokken-hg 370.b180f39d107f GUI for radare2 and pyew.
    bowcaster 0.1 This framework, implemented in Python, is intended to aid those developing exploits by providing useful set of tools and modules, such as payloads, encoders, connect-back servers, etc. Currently the framework is focused on the MIPS CPU architecture, but the design is intended to be modular enough to support arbitrary architectures.
    braa 0.82 A mass snmp scanner
    braces 0.4 A Bluetooth Tracking Utility.
    browser-fuzzer 3 Browser Fuzzer 3
    brutessh 0.5 A simple sshd password bruteforcer using a wordlist, it's very fast for internal networks. It's multithreads.
    brutus 2 One of the fastest, most flexible remote password crackers you can get your hands on.
    bsdiff 4.3 bsdiff and bspatch are tools for building and applying patches to binary files.
    bsqlbf 2.6 Blind SQL Injection Brute Forcer.
    bss 0.8 Bluetooth stack smasher / fuzzer
    bt_audit 0.1.1 Bluetooth audit
    btcrack 1.1 The world's first Bluetooth Pass phrase (PIN) bruteforce tool. Bruteforces the Passkey and the Link key from captured Pairing exchanges.
    btscanner 2.1 Bluetooth device scanner.
    bulk-extractor 1.3.1 Bulk Email and URL extraction tool
    bully 23.1fef73a A wifi-protected-setup (WPS) brute force attack tool.
    bunny 0.93 A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs.
    burpsuite 1.6 An integrated platform for attacking web applications (free edition).
    buttinsky 138.1a2a1b2 Provide an open source framework for automated botnet monitoring.
    bvi 1.4.0beta A display-oriented editor for binary files operate like "vi" editor.
    cadaver 0.23.3 Command-line WebDAV client for Unix
    canari 1.1 A transform framework for maltego
    cansina 93.abc6577 A python-based Web Content Discovery Tool.
    capstone 2.1.2 A lightweight multi-platform, multi-architecture disassembly framework.
    carwhisperer 0.2 Intends to sensibilise manufacturers of carkits and other Bluetooth appliances without display and keyboard for the possible security threat evolving from the use of standard passkeys.
    casefile 1.0.1 The little brother to Maltego without transforms, but combines graph and link analysis to examine links between manually added data to mind map your information
    cdpsnarf 0.1.6 Cisco discovery protocol sniffer.
    cecster 5.15544cb A tool to perform security testing against the HDMI CEC (Consumer Electronics Control) and HEC (HDMI Ethernet Channel) protocols
    centry 72.6de2868 Cold boot & DMA protection
    cewl 4.3 A custom word list generator
    cflow 1.4 A C program flow analyzer.
    chaosmap 1.3 An information gathering tool and dns / whois / web server scanner
    chaosreader 0.94 A freeware tool to trace tcp, udp etc. sessions and fetch application data from snoop or tcpdump logs.
    chapcrack 17.ae2827f A tool for parsing and decrypting MS-CHAPv2 network handshakes.
    check-weak-dh-ssh 0.1 Debian OpenSSL weak client Diffie-Hellman Exchange checker.
    checkiban 0.2 Checks the validity of an International Bank Account Number (IBAN).
    checkpwd 1.23 Oracle Password Checker (Cracker)
    checksec 1.5 The script is designed to test what standard Linux OS and PaX security features are being used.
    chiron 0.1 An all-in-one IPv6 Penetration Testing Framework.
    chkrootkit 0.50 Checks for rootkits on a system
    chntpw 140201 Offline NT Password Editor - reset passwords in a Windows NT SAM user database file
    chownat 0.08b Allows two peers behind two separate NATs with no port forwarding and no DMZ setup on their routers to directly communicate with each other
    chrome-decode 0.1 Chrome web browser decoder tool that demonstrates recovering passwords.
    chromefreak 22.336e323 A Cross-Platform Forensic Framework for Google Chrome
    cidr2range 0.9 Script for listing the IP addresses contained in a CIDR netblock
    cintruder 0.2.0 An automatic pentesting tool to bypass captchas.
    ciphertest 4.5780d36 A better SSL cipher checker using gnutls.
    cirt-fuzzer 1.0 A simple TCP/UDP protocol fuzzer.
    cisco-auditing-tool 1 Perl script which scans cisco routers for common vulnerabilities. Checks for default passwords, easily guessable community names, and the IOS history bug. Includes support for plugins and scanning multiple hosts.
    cisco-global-exploiter 1.3 A perl script that targets multiple vulnerabilities in the Cisco Internetwork Operating System (IOS) and Catalyst products.
    cisco-ocs 0.2 Cisco Router Default Password Scanner.
    cisco-router-config 1.1 copy-router-config and merge-router-config to copy and merge Cisco Routers Configuration
    cisco-scanner 0.2 Multithreaded Cisco HTTP vulnerability scanner. Tested on Linux, OpenBSD and Solaris.
    cisco-torch 0.4b Cisco Torch mass scanning, fingerprinting, and exploitation tool.
    cisco5crack 2.c4b228c Crypt and decrypt the cisco enable 5 passwords.
    cisco7crack 2.f1c21dd Crypt and decrypt the cisco enable 7 passwords.
    ciscos 1.3 Scans class A, B, and C networks for cisco routers which have telnet open and have not changed the default password from cisco.
    climber 23.f614304 Check UNIX/Linux systems for privilege escalation.
    clusterd 129.0f04a49 Automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack.
    cmospwd 5.0 Decrypts password stored in CMOS used to access BIOS setup.
    cms-explorer 1.0 Designed to reveal the specific modules, plugins, components and themes that various cms driven websites are running
    cms-few 0.1 Joomla, Mambo, PHP-Nuke, and XOOPS CMS SQL injection vulnerability scanning tool written in Python.
    codetective 37.f94d9e8 A tool to determine the crypto/encoding algorithm used according to traces of its representation.
    complemento 0.7.6 A collection of tools for pentester: LetDown is a powerful tcp flooder ReverseRaider is a domain scanner that use wordlist scanning or reverse resolution scanning Httsquash is an http server scanner, banner grabber and data retriever
    conscan 1.1 A blackbox vulnerability scanner for the Concre5 CMS.
    cookie-cadger 1.07 An auditing tool for Wi-Fi or wired Ethernet connections.
    cowpatty 4.6 Wireless WPA/WPA2 PSK handshake cracking utility
    cpfinder 0.1 This is a simple script that looks for administrative web interfaces.
    cppcheck 1.66 A tool for static C/C++ code analysis
    cpptest 1.1.2 A portable and powerful, yet simple, unit testing framework for handling automated tests in C++.
    crackhor 2.ae7d83f A Password cracking utility.
    crackle 39.3e93196 Crack and decrypt BLE encryption
    crackserver 31.c268a80 An XMLRPC server for password cracking.
    create-ap 103.9d78068 This script creates a NATed or Bridged WiFi Access Point.
    creddump 0.3 A python tool to extract various credentials and secrets from Windows registry hives.
    creds 8181.da07974 Harvest FTP/POP/IMAP/HTTP/IRC credentials along with interesting data from each of the protocols.
    creepy 137.9f60449 A geolocation information gatherer. Offers geolocation information gathering through social networking platforms.
    crunch 3.6 A wordlist generator for all combinations/permutations of a given character set.
    cryptcat 1.2.1 A lightweight version of netcat with integrated transport encryption capabilities.
    crypthook 16.bceeb0b TCP/UDP symmetric encryption tunnel wrapper.
    cryptonark 0.4.9 SSL security checker.
    csrftester 1.0 The OWASP CSRFTester Project attempts to give developers the ability to test their applications for CSRF flaws.
    ctunnel 0.6 Tunnel and/or proxy TCP or UDP connections via a cryptographic tunnel.
    cuckoo 1.1.1 A malware analysis system.
    cupp 3.0 Common User Password Profiler
    cutycapt 10 A Qt and WebKit based command-line utility that captures WebKit's rendering of a web page.
    cvechecker 3.5 The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning the installed software and matching the results with the CVE database.
    cymothoa 1 A stealth backdooring tool, that inject backdoor's shellcode into an existing process.
    darkbing 0.1 A tool written in python that leverages bing for mining data on systems that may be susceptible to SQL injection.
    darkd0rk3r 1.0 Python script that performs dork searching and searches for local file inclusion and SQL injection errors.
    darkjumper 5.8 This tool will try to find every website that host at the same server at your target
    darkmysqli 1.6 Multi-Purpose MySQL Injection Tool
    darkstat 3.0.718 Network statistics gatherer (packet sniffer)
    davoset 1.2 A tool for using Abuse of Functionality and XML External Entities vulnerabilities on some websites to attack other websites.
    davtest 1.0 Tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which allow for command execution or other actions directly on the target
    dbd 1.50 A Netcat-clone, designed to be portable and offer strong encryption. It runs on Unix-like operating systems and on Microsoft Win32.
    dbpwaudit 0.8 A Java tool that allows you to perform online audits of password quality for several database engines
    dc3dd 7.1.614 A patched version of dd that includes a number of features useful for computer forensics
    dcfldd DCFL (DoD Computer Forensics Lab) dd replacement with hashing
    ddrescue 1.18.1 GNU data recovery tool
    deblaze 0.3 A remote method enumeration tool for flex servers
    delldrac 0.1a DellDRAC and Dell Chassis Discovery and Brute Forcer.
    depant 0.3a Check network for services with default passwords.
    device-pharmer 31.2297642 Opens 1K+ IPs or Shodan search results and attempts to login.
    dex2jar A tool for converting Android's .dex format to Java's .class format
    dff-scanner 1.1 Tool for finding path of predictable resource locations.
    dhcdrop 0.5 Remove illegal dhcp servers with IP-pool underflow. Stable version
    dhcpig 69.cc4109a Enumerates hosts, subdomains, and emails from a given domain using google
    dinouml 0.9.5 A network simulation tool, based on UML (User Mode Linux) that can simulate big Linux networks on a single PC
    dirb 2.04 A web content scanner, brute forceing for hidden files
    dirbuster 1.0_RC1 An application designed to brute force directories and files names on web/application servers
    directorytraversalscan Detect directory traversal vulnerabilities in HTTP servers and web applications.
    dirs3arch 109.c174cda HTTP(S) directory/file brute forcer.
    dirscanner 0.1 This is a python script that scans webservers looking for administrative directories, php shells, and more.
    dislocker 0.3 A tool to exploit the hash length extension attack in various hashing algorithms. With FUSE capabilities built in.
    dissector 1 This code dissects the internal data structures in ELF files. It supports x86 and x86_64 archs and runs under Linux.
    dissy 10 A graphical frontend to the objdump disassembler for compiler-generated code.
    dizzy 0.8.2 A Python based fuzzing framework with many features.
    dmitry 1.3a Deepmagic Information Gathering Tool. Gathers information about hosts. It is able to gather possible subdomains, email addresses, and uptime information and run tcp port scans, whois lookups, and more.
    dnmap 0.6 The distributed nmap framework
    dns-spoof 12.3918a10 Yet another DNS spoof utility.
    dns2geoip 0.1 A simple python script that brute forces DNS and subsequently geolocates the found subdomains.
    dns2tcp 0.5.2 A tool for relaying TCP connections over DNS.
    dnsa 0.5 DNSA is a dns security swiss army knife
    dnsbf 0.2 search for available domain names in an IP range
    dnsbrute 2.b1dc84a Multi-theaded DNS bruteforcing, average speed 80 lookups/second with 40 threads.
    dnschef 0.2.1 A highly configurable DNS proxy for pentesters
    dnsdrdos 0.1 Proof of concept code for distributed DNS reflection DoS
    dnsenum Script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
    dnsgoblin 0.1 Nasty creature constantly searching for DNS servers. It uses standard dns querys and waits for the replies
    dnsmap 0.30 Passive DNS network mapper
    dnspredict 0.0.2 DNS prediction
    dnsrecon 0.8.8 Python script for enumeration of hosts, subdomains and emails from a given domain using google.
    dnsspider 0.5 A very fast multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.
    dnstracer 1.9 Determines where a given DNS server gets its information from, and follows the chain of DNS servers
    dnsutils 9.9.2.P2 DNS utilities: dig host nslookup
    dnswalk 2.0.2 A DNS debugger
    domain-analyzer 0.8.1 Finds all the security information for a given domain name.
    doona 118.ff1e17b A fork of the Bruteforce Exploit Detector Tool (BED).
    dotdotpwn 3.0 The Transversal Directory Fuzzer
    dpeparser beta002 Default password enumeration project
    dpscan 0.1 Drupal Vulnerabilty Scanner.
    dradis 2.9.0 An open source framework to enable effective information sharing.
    driftnet 0.1.6 Listens to network traffic and picks out images from TCP streams it observes.
    dripper v1.r1.gc9bb0c9 A fast, asynchronous DNS scanner; it can be used for enumerating subdomains and enumerating boxes via reverse DNS.
    dscanner 593.a942dd1 Swiss-army knife for D source code.
    dsd 82.cc1fb3b Digital Speech Decoder
    dsniff 2.4b1 Collection of tools for network auditing and penetration testing
    dumb0 19.1493e74 A simple tool to dump users in popular forums and CMS.
    dump1090 309.a17e5b0 A simple Mode S decoder for RTLSDR devices.
    dumpacl 0.0 Dumps NTs ACLs and audit settings.
    dumpzilla 03152013 A forensic tool for firefox.
    eapmd5pass 1.4 An implementation of an offline dictionary attack against the EAP-MD5 protocol
    easyfuzzer 3.6 A flexible fuzzer, not only for web, has a CSV output for efficient output analysis (platform independant).
    eazy 0.1 This is a small python tool that scans websites to look for PHP shells, backups, admin panels, and more.
    edb 0.9.20 A QT4-based binary mode debugger with the goal of having usability on par with OllyDbg.
    eindeutig 20050628_1 Examine the contents of Outlook Express DBX email repository files (forensic purposes)
    elettra 1.0 Encryption utility by Julia Identity
    elettra-gui 1.0 Gui for the elettra crypto application.
    elite-proxy-finder 41.ce57afa Finds public elite anonymity proxies and concurrently tests them.
    enabler 1 attempts to find the enable password on a cisco system via brute force.
    encodeshellcode 0.1b This is an encoding tool for 32-bit x86 shellcode that assists a researcher when dealing with character filter or byte restrictions in a buffer overflow vulnerability or some kind of IDS/IPS/AV blocking your code.
    ent 1.0 Pseudorandom number sequence test.
    enum-shares 7.97cba5a Tool that enumerates shared folders across the network and under a custom user account.
    enum4linux 0.8.9 A tool for enumerating information from Windows and Samba systems.
    enumiax 1.0 IAX enumerator
    enyelkm 1.2 Rootkit for Linux x86 kernels v2.6.
    epicwebhoneypot 2.0a Tool which aims to lure attackers using various types of web vulnerability scanners by tricking them into believing that they have found a vulnerability on a host.
    erase-registrations 1.0 IAX flooder
    etherape 0.9.13 A graphical network monitor for various OSI layers and protocols
    ettercap 0.8.1 A network sniffer/interceptor/logger for ethernet LANs - console
    evilgrade 2.0.0 Modular framework that takes advantage of poor upgrade implementations by injecting fake updates
    evilmaid 1.01 TrueCrypt loader backdoor to sniff volume password
    exiv2 0.24 Exif and Iptc metadata manipulation library and tools
    exploit-db 1.6 The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software - A collection of hacks
    extracthosts 14.ec8b89c Extracts hosts (IP/Hostnames) from files.
    extundelete 0.2.4 Utility for recovering deleted files from ext2, ext3 or ext4 partitions by parsing the journal
    eyepwn 1.0 Exploit for Eye-Fi Helper directory traversal vulnerability
    eyewitness 249.3884021 Designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
    facebrute 7.ece355b This script tries to guess passwords for a given facebook account using a list of passwords (dictionary).
    fakeap 0.3.2 Black Alchemy's Fake AP generates thousands of counterfeit 802.11b access points. Hide in plain sight amongst Fake AP's cacophony of beacon frames.
    fakedns 17.87d4216 A regular-expression based python MITM DNS server with correct DNS request passthrough and "Not Found" responses.
    fakemail 1.0 Fake mail server that captures e-mails as files for acceptance testing.
    fakenetbios 7.b83701e A family of tools designed to simulate Windows hosts (NetBIOS) on a LAN.
    fang 1.2 A multi service threaded MD5 cracker.
    fbht r12.a284878 A Facebook Hacking Tool
    fcrackzip 1.0 Zip file password cracker
    fern-wifi-cracker 219 WEP, WPA wifi cracker for wireless penetration testing
    fernmelder 6.c6d4ebe Asynchronous mass DNS scanner.
    fgscanner 11.893372c An advanced, opensource URL scanner.
    fhttp 1.3 This is a framework for HTTP related attacks. It is written in Perl with a GTK interface, has a proxy for debugging and manipulation, proxy chaining, evasion rules, and more.
    fierce 0.9.9 A DNS scanner
    fiked 0.0.5 Fake IDE daemon
    filibuster 161.37b7f9c A Egress filter mapping application with additional functionality.
    fimap 1.00 A little tool for local and remote file inclusion auditing and exploitation
    findmyhash 1.1.2 Crack different types of hashes using free online services
    firewalk 5.0 An active reconnaissance network security tool
    firmware-mod-kit 099 Modify firmware images without recompiling!
    firstexecution 6.a275793 A Collection of different ways to execute code outside of the expected entry points.
    fl0p 0.1 A passive L7 flow fingerprinter that examines TCP/UDP/ICMP packet sequences, can peek into cryptographic tunnels, can tell human beings and robots apart, and performs a couple of other infosec-related tricks.
    flare 0.6 Flare processes an SWF and extracts all scripts from it.
    flasm 1.62 Disassembler tool for SWF bytecode
    flawfinder 1.31 Searches through source code for potential security flaws.
    flowinspect 94.01c8921 A network traffic inspection tool.
    flunym0us 2.0 A Vulnerability Scanner for Wordpress and Moodle.
    foremost 1.5.7 A console program to recover files based on their headers, footers, and internal data structures
    fpdns 0.9.3 Program that remotely determines DNS server versions
    fping 3.9 A utility to ping multiple hosts at once
    fport 2.0 Identify unknown open ports and their associated applications.
    fraud-bridge 10.775c563 ICMP and DNS tunneling via IPv4 and IPv6.
    freeipmi 1.4.5 Sensor monitoring, system event monitoring, power control, and serial-over-LAN (SOL).
    freeradius 3.0.4 The premier open source RADIUS server
    frisbeelite 1.2 A GUI-based USB device fuzzer.
    fs-nyarl 1.0 A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit.
    fsnoop 3.3 A tool to monitor file operations on GNU/Linux systems by using the Inotify mechanism. Its primary purpose is to help detecting file race condition vulnerabilities and since version 3, to exploit them with loadable DSO modules (also called "payload modules" or "paymods").
    fstealer 0.1 Automates file system mirroring through remote file disclosur vulnerabilities on Linux machines.
    ftester 1.0 A tool designed for testing firewall filtering policies and Intrusion Detection System (IDS) capabilities.
    ftp-fuzz 1337 The master of all master fuzzing scripts specifically targeted towards FTP server sofware
    ftp-scanner 0.2.5 Multithreaded ftp scanner/brute forcer. Tested on Linux, OpenBSD and Solaris.
    ftp-spider 1.0 FTP investigation tool - Scans ftp server for the following: reveal entire directory tree structures, detect anonymous access, detect directories with write permissions, find user specified data within repository.
    ftpmap 0.4 scans remote FTP servers to identify what software and what versions they are running.
    fusil 1.4 Fusil the fuzzer is a Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files
    fuzzap 14.f13932c A python script for obfuscating wireless networks.
    fuzzball2 0.7 A little fuzzer for TCP and IP options. It sends a bunch of more or less bogus packets to the host of your choice.
    fuzzdb 1.09 Attack and Discovery Pattern Database for Application Fuzz Testing
    fuzzdiff 1.0 A simple tool designed to help out with crash analysis during fuzz testing. It selectively 'un-fuzzes' portions of a fuzzed file that is known to cause a crash, re-launches the targeted application, and sees if it still crashes.
    fuzztalk An XML driven fuzz testing framework that emphasizes easy extensibility and reusability.
    g72x++ 1 Decoder for the g72x++ codec.
    galleta 20040505_1 Examine the contents of the IE's cookie files for forensic purposes
    gdb 7.8 The GNU Debugger
    genlist 0.1 Generates lists of IP addresses.
    geoedge 0.2 This little tools is designed to get geolocalization information of a host, it get the information from two sources (maxmind and geoiptool).
    geoip 1.6.2 Non-DNS IP-to-country resolver C library & utils
    geoipgen 0.4 GeoIPgen is a country to IP addresses generator.
    getsids 0.0.1 Getsids tries to enumerate Oracle Sids by sending the services command to the Oracle TNS listener. Like doing ‘lsnrctl service’.
    gggooglescan 0.4 A Google scraper which performs automated searches and returns results of search queries in the form of URLs or hostnames.
    ghettotooth 1.0 Ghettodriving for bluetooth
    ghost-phisher 1.62 GUI suite for phishing and penetration attacks
    ghost-py 0.1b3 Webkit based webclient (relies on PyQT).
    giskismet 20110805 A program to visually represent the Kismet data in a flexible manner.
    gnuradio 3.7.5 General purpose DSP and SDR toolkit. With drivers for usrp and fcd.
    gnutls2 2.12.23 A library which provides a secure layer over a reliable transport layer (Version 2)
    goldeneye 16.7a38fe9 A HTTP DoS test tool. Attack Vector exploited: HTTP Keep Alive + NoCache.
    golismero 2.0 Opensource web security testing framework.
    goodork 2.2 A python script designed to allow you to leverage the power of google dorking straight from the comfort of your command line.
    goofile 1.5 Command line filetype search
    goog-mail 1.0 Enumerate domain emails from google.
    googlesub 1.2 A python script to find domains by using google dorks.
    gooscan 1.0.9 A tool that automates queries against Google search appliances, but with a twist.,doc_details&Itemid=/gid,28/
    gqrx 2.3.1 Interactive SDR receiver waterfall for many devices.
    grabber 0.1 A web application scanner. Basically it detects some kind of vulnerabilities in your website.
    grepforrfi 0.1 Simple script for parsing web logs for RFIs and Webshells v1.2
    grokevt 0.5.0 A collection of scripts built for reading Windows® NT/2K/XP/2K eventlog files.
    gtalk-decode 0.1 Google Talk decoder tool that demonstrates recovering passwords from accounts.
    gtp-scan 0.7 A small python script that scans for GTP (GPRS tunneling protocol) speaking hosts.
    guymager 0.7.3 A forensic imager for media acquisition.
    gwcheck 0.1 A simple program that checks if a host in an ethernet network is a gateway to Internet.
    gwtenum 7.f27a5aa Enumeration of GWT-RCP method calls.
    hackersh 0.2.0 A shell for with Pythonect-like syntax, including wrappers for commonly used security tools
    halberd 0.2.4 Halberd discovers HTTP load balancers. It is useful for web application security auditing and for load balancer configuration testing.
    halcyon 0.1 A repository crawler that runs checksums for static files found within a given git repository.
    hamster 2.0.0 Tool for HTTP session sidejacking.
    handle 0.0 An small application designed to analyze your system searching for global objects related to running proccess and display information for every found object, like tokens, semaphores, ports, files,..
    hasere 1.0 Discover the vhosts using google and bing.
    hash-identifier 1.1 Identifies the different types of hashes used to encrypt data, especially passwords
    hashcat 0.47 A multithreaded cross platform hash cracker.
    hashcat-utils 1.0 Utilites for Hashcat
    hasher 32.e9d1394 A tool that allows you to quickly hash plaintext strings, or compare hashed values with a plaintext locally.
    hashid 2.6.0 Software to identify the different types of hashes used to encrypt data
    hashpump 31.2819f23 A tool to exploit the hash length extension attack in various hashing algorithms.
    hashtag 0.41 A python script written to parse and identify password hashes.
    haystack 1035.ac2ffa4 A Python framework for finding C structures from process memory - heap analysis - Memory structures forensics.
    hbad 1.0 This tool allows you to test clients on the heartbleed bug.
    hcraft 1.0.0 HTTP Vuln Request Crafter
    hdcp-genkey 18.e8d342d Generate HDCP source and sink keys from the leaked master key.
    hdmi-sniff 5.f7fbc0e HDMI DDC (I2C) inspection tool. It is designed to demonstrate just how easy it is to recover HDCP crypto keys from HDMI devices.
    heartbleed-honeypot 0.1 Script that listens on TCP port 443 and responds with completely bogus SSL heartbeat responses, unless it detects the start of a byte pattern similar to that used in Jared Stafford's
    hex2bin 1.0.7 Converts Motorola and Intel hex files to binary.
    hexinject 1.5 A very versatile packet injector and sniffer that provides a command-line framework for raw network access.
    hexorbase 6 A database application designed for administering and auditing multiple database servers simultaneously from a centralized location. It is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL).
    hharp 1beta This tool can perform man-in-the-middle and switch flooding attacks. It has 4 major functions, 3 of which attempt to man-in-the-middle one or more computers on a network with a passive method or flood type method.
    hidattack 0.1 HID Attack (attacking HID host implementations)
    honeyd 1.6.7 A small daemon that creates virtual hosts on a network.
    honssh 43.46d8a98 A high-interaction Honey Pot solution designed to log all SSH communications between a client and server.
    hookanalyser 3.0 A hook tool which can be potentially helpful in reversing applications and analyzing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer.
    host-extract 9 Ruby script tries to extract all IP/Host patterns in page response of a given URL and JavaScript/CSS files of that URL.
    hostbox-ssh 0.1.1 A ssh password/account scanner.
    hotpatch 0.2 Hot patches executables on Linux using .so file injection
    hotspotter 0.4 Hotspotter passively monitors the network for probe request frames to identify the preferred networks of Windows XP clients, and will compare it to a supplied list of common hotspot network names.
    hpfeeds 138.249b2f7 Honeynet Project generic authenticated datafeed protocol.
    hping 3.0.0 A command-line oriented TCP/IP packet assembler/analyzer.
    hqlmap 35.081395e A tool to exploit HQL Injections.
    htexploit 0.77 A Python script that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process
    htrosbif 134.9dc3f86 Active HTTP server fingerprinting and recon tool.
    htshells 760b5e9 Self contained web shells and other attacks via .htaccess files.
    http-enum 0.3 A tool to enumerate the enabled HTTP methods supported on a webserver.
    http-fuzz 0.1 A simple http fuzzer. none
    http-put 1.0 Simple http put perl script
    http-traceroute 0.5 This is a python script that uses the Max-Forwards header in HTTP and SIP to perform a traceroute-like scanning functionality.
    httpbog A slow HTTP denial-of-service tool that works similarly to other attacks, but rather than leveraging request headers or POST data Bog consumes sockets by slowly reading responses.
    httpforge 11.02.01 A set of shell tools that let you manipulate, send, receive, and analyze HTTP messages. These tools can be used to test, discover, and assert the security of Web servers, apps, and sites. An accompanying Python library is available for extensions.
    httping 2.3.4 A 'ping'-like tool for http-requests.
    httprint 301 A web server fingerprinting tool.
    httprint-win32 301 A web server fingerprinting tool (Windows binaries).
    httpry 0.1.8 A specialized packet sniffer designed for displaying and logging HTTP traffic.
    httpsniff 0.4 Tool to sniff HTTP responses from TCP/IP based networks and save contained files locally for later review.
    httpsscanner 1.2 A tool to test the strength of a SSL web server.
    httptunnel 3.3 Creates a bidirectional virtual data connection tunnelled in HTTP requests
    hulk 11.a9b9ad4 A webserver DoS tool (Http Unbearable Load King) ported to Go with some additional features.
    hwk 0.4 Collection of packet crafting and wireless network flooding tools
    hydra 8.0 A very fast network logon cracker which support many different services.
    hyenae 0.36_1 flexible platform independent packet generator
    hyperion 1.1 A runtime encrypter for 32-bit portable executables.
    iaxflood 0.1 IAX flooder.
    iaxscan 0.02 A Python based scanner for detecting live IAX/2 hosts and then enumerating (by bruteforce) users on those hosts.
    ibrute 12.3a6a11e An AppleID password bruteforce tool. It uses Find My Iphone service API, where bruteforce protection was not implemented.
    icmpquery 1.0 Send and receive ICMP queries for address mask and current time.
    icmptx 0.01 IP over ICMP
    iheartxor 0.01 iheartxor is a tool for bruteforcing encoded strings within a boundary defined by a regular expression. It will bruteforce the key value range of 0x1 through 0x255.
    ike-scan 1.9 A tool that uses IKE protocol to discover, fingerprint and test IPSec VPN servers
    ikecrack 1.00 An IKE/IPSec crack tool designed to perform Pre-Shared-Key analysis of RFC compliant aggressive mode authentication
    ikeprobe 0.1 Determine vulnerabilities in the PSK implementation of the VPN server.
    ikeprober 1.12 Tool crafting IKE initiator packets and allowing many options to be manually set. Useful to find overflows, error conditions and identifiyng vendors
    ilty 1.0 An interception phone system for VoIP network.
    inception 415.7f32b49 A FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP DMA.
    indxparse 145.ac5f59b A Tool suite for inspecting NTFS artifacts.
    inetsim 1.2.5 A software suite for simulating common internet services in a lab environment, e.g. for analyzing the network behaviour of unknown malware samples.
    infip 0.1 A python script that checks output from netstat against RBLs from Spamhaus.
    inguma 0.1.1 A free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.
    intercepter-ng 0.9.8 A next generation sniffer including a lot of features: capturing passwords/hashes, sniffing chat messages, performing man-in-the-middle attacks, etc.
    interrogate 0.0.4 A proof-of-concept tool for identification of cryptographic keys in binary material (regardless of target operating system), first and foremost for memory dump analysis and forensic usage.
    intersect 2.5 Post-exploitation framework
    intrace 1.5 Traceroute-like application piggybacking on existing TCP connections
    inundator 0.5 An ids evasion tool, used to anonymously inundate intrusion detection logs with false positives in order to obfuscate a real attack.
    inviteflood 2.0 Flood a device with INVITE requests
    iodine 0.7.0 Tunnel IPv4 data through a DNS server
    iosforensic 1.0 iOS forensic tool
    ip-https-tools 5.b22e2b3 Tools for the IP over HTTPS (IP-HTTPS) Tunneling Protocol.
    ipaudit 1.0BETA2 IPAudit monitors network activity on a network.
    ipba2 032013 IOS Backup Analyzer
    ipdecap 68.d13705d Can decapsulate traffic encapsulated within GRE, IPIP, 6in4, ESP (ipsec) protocols, and can also remove IEEE 802.1Q (virtual lan) header.
    iphoneanalyzer 2.1.0 Allows you to forensically examine or recover date from in iOS device.
    ipmitool 1.8.14 Provides a simple command-line interface to IPMI-enabled devices through an IPMIv1.5 or IPMIv2.0 LAN interface or Linux/Solaris kernel driver.
    ipscan 3.2.1 Angry IP scanner is a very fast IP address and port scanner.
    iputils 20121221 Network monitoring tools, including ping
    ipv6toolkit 2.0beta SI6 Networks' IPv6 Toolkit
    ircsnapshot 93.9ba3c6c Tool to gather information from IRC servers.
    irpas 0.10 Internetwork Routing Protocol Attack Suite.
    isr-form 1.0 Simple html parsing tool that extracts all form related information and generates reports of the data. Allows for quick analyzing of data.
    jad 1.5.8e Java decompiler
    javasnoop 1.1 A tool that lets you intercept methods, alter data and otherwise hack Java applications running on your computer
    jboss-autopwn 1.3bc2d29 A JBoss script for obtaining remote shell access.
    jbrofuzz 2.5 Web application protocol fuzzer that emerged from the needs of penetration testing.
    jbrute 0.99 Open Source Security tool to audit hashed passwords.
    jd-gui 0.3.5 A standalone graphical utility that displays Java source codes of .class files
    jhead 2.97 EXIF JPEG info parser and thumbnail remover
    jigsaw 1.3 A simple ruby script for enumerating information about a company's employees. It is useful for Social Engineering or Email Phishing.
    jnetmap 0.5.3 A network monitor of sorts
    john 1.7.9 John The Ripper - A fast password cracker (jumbo included)
    johnny 20120424 GUI for John the Ripper.
    jomplug 0.1 This php script fingerprints a given Joomla system and then uses Packet Storm's archive to check for bugs related to the installed components.
    joomlascan 1.2 Joomla scanner scans for known vulnerable remote file inclusion paths and files.
    joomscan 2012.03.10 Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site.
    js-beautify 1.4.2 This little beautifier will reformat and reindent bookmarklets, ugly JavaScript, unpack scripts packed by Dean Edward?s popular packer, as well as deobfuscate scripts processed by
    jsql 0.5 A lightweight application used to find database information from a distant server.
    junkie 1174.6c188a9 A modular packet sniffer and analyzer.
    jynx2 2.0 An expansion of the original Jynx LD_PRELOAD rootkit
    katsnoop 0.1 Utility that sniffs HTTP Basic Authentication information and prints the base64 decoded form.
    kautilya 0.5.0 Pwnage with Human Interface Devices using Teensy++2.0 and Teensy 3.0 devices
    keimpx 0.2 Tool to verify the usefulness of credentials across a network over SMB.
    khc 0.2 A small tool designed to recover hashed known_hosts fiels back to their plain-text equivalents.
    killerbee 85 Framework and tools for exploiting ZigBee and IEEE 802.15.4 networks.
    kippo 0.8 A medium interaction SSH honeypot designed to log brute force attacks and most importantly, the entire shell interaction by the attacker.
    kismet 2013_03_R1b 802.11 layer2 wireless network detector, sniffer, and intrusion detection system
    kismet-earth 0.1 Various scripts to convert kismet logs to kml file to be used in Google Earth. http://
    kismet2earth 1.0 A set of utilities that convert from Kismet logs to Google Earth .kml format
    klogger 1.0 A keystroke logger for the NT-series of Windows.
    kolkata 3.0 A web application fingerprinting engine written in Perl that combines cryptography with IDS evasion.
    kraken 32.368a837 A project to encrypt A5/1 GSM signaling using a Time/Memory Tradeoff Attack.
    laf 12.7a456b3 Login Area Finder: scans host/s for login panels.
    lanmap2 124.4f8afed Passive network mapping tool
    lans 1.0 A Multithreaded asynchronous packet parsing/injecting arp spoofer.
    latd 1.31 A LAT terminal daemon for Linux and BSD.
    laudanum 1.0 A collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments.
    lbd 20130719 Load Balancing detector
    lbmap 145.93e6b71 Proof of concept scripts for advanced web application fingerprinting, presented at OWASP AppSecAsia 2012.
    ldapenum 0.1 Enumerate domain controllers using LDAP.
    leo 4.11 Literate programmer's editor, outliner, and project manager
    leroy-jenkins 0.r3.bdc3965 A python tool that will allow remote execution of commands on a Jenkins server and its nodes.
    levye 85.419e817 A brute force tool which is support sshkey, vnckey, rdp, openvpn.
    lfi-autopwn 3.0 A Perl script to try to gain code execution on a remote server via LFI
    lfi-exploiter 1.1 This perl script leverages /proc/self/environ to attempt getting code execution out of a local file inclusion vulnerability..
    lfi-fuzzploit 1.1 A simple tool to help in the fuzzing for, finding, and exploiting of local file inclusion vulnerabilities in Linux-based PHP applications.
    lfi-scanner 4.0 This is a simple perl script that enumerates local file inclusion attempts when given a specific target.
    lfi-sploiter 1.0 This tool helps you exploit LFI (Local File Inclusion) vulnerabilities. Post discovery, simply pass the affected URL and vulnerable parameter to this tool. You can also use this tool to scan a URL for LFI vulnerabilities.
    lfimap 1.4.8 This script is used to take the highest beneficts of the local file include vulnerability in a webserver.
    lft 3.72 A layer four traceroute implementing numerous other features.
    libdisasm 0.23 A disassembler library.
    libpst 0.6.63 Outlook .pst file converter
    liffy 63.238ce6d A Local File Inclusion Exploitation tool.
    linenum 18.b4c2541 Scripted Local Linux Enumeration & Privilege Escalation Checks
    linux-exploit-suggester 0.r32.9db2f5a A Perl script that tries to suggest exploits based OS version number
    list-urls 0.1 Extracts links from webpage
    littleblackbox 0.1.3 Penetration testing tool, search in a collection of thousands of private SSL keys extracted from various embedded devices.
    lodowep 1.2.1 Lodowep is a tool for analyzing password strength of accounts on a Lotus Domino webserver system.
    logkeys 0.1.1a Simple keylogger supporting also USB keyboards.
    loki 0.2.7 Python based framework implementing many packet generation and attack modules for Layer 2 and 3 protocols
    lorcon Generic library for injecting 802.11 frames
    lotophagi 0.1 a relatively compact Perl script designed to scan remote hosts for default (or common) Lotus NSF and BOX databases.
    lsrtunnel 0.2 lsrtunnel spoofs connections using source routed packets.
    luksipc 0.01 A tool to convert unencrypted block devices to encrypted LUKS devices in-place.
    lynis 1.6.2 An auditing tool for Unix (specialists).
    mac-robber 1.02 A digital investigation tool that collects data from allocated files in a mounted file system.
    macchanger 1.6.0 A small utility to change your NIC's MAC address
    maclookup 0.3 Lookup MAC addresses in the IEEE MA-L/OUI public listing.
    magicrescue 1.1.9 Find and recover deleted files on block devices
    magictree 1.3 A penetration tester productivity tool designed to allow easy and straightforward data consolidation, querying, external command execution and report generation
    make-pdf 0.1.4 This tool will embed javascript inside a PDF document
    makepasswd 1.10_9 Generates true random passwords with the emphasis on security over pronounceability (Debian version)
    malheur 0.5.4 A tool for the automatic analyze of malware behavior.
    maligno 1.2 An open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS.
    malmon 0.3 Hosting exploit/backdoor detection daemon. It's written in python, and uses inotify (pyinotify) to monitor file system activity. It checks files smaller then some size, compares their md5sum and hex signatures against DBs with known exploits/backdoor.
    maltego An open source intelligence and forensics application, enabling to easily gather information about DNS, domains, IP addresses, websites, persons, etc.
    maltrieve 127.b177b25 Originated as a fork of mwcrawler. It retrieves malware directly from the sources as listed at a number of sites.
    malware-check-tool 1.2 Python script that detects malicious files via checking md5 hashes from an offline set or via the virustotal site. It has http proxy support and an update feature.
    malwareanalyser 3.3 A freeware tool to perform static and dynamic analysis on malware.
    malwaredetect 0.1 Submits a file's SHA1 sum to VirusTotal to determine whether it is a known piece of malware
    malwasm 0.2 Offline debugger for malware's reverse engineering.
    marc4dasm 6.f11860f This python-based tool is a disassembler for the Atmel MARC4 (a 4 bit Harvard micro).
    maskprocessor 0.69 A High-Performance word generator with a per-position configurable charset
    masscan 381.06d72ed TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
    mat 0.5 Metadata Anonymisation Toolkit composed of a GUI application, a CLI application and a library.
    matahari 0.1.30 A reverse HTTP shell to execute commands on remote machines behind firewalls.
    mausezahn 0.40 A free fast traffic generator written in C which allows you to send nearly every possible and impossible packet.
    mbenum 1.5.0 Queries the master browser for whatever information it has registered.
    mboxgrep 0.7.9 Mboxgrep is a small, non-interactive utility that scans mail folders for messages matching regular expressions. It does matching against basic and extended POSIX regular expressions, and reads and writes a variety of mailbox formats.
    md5deep 4.3 Advanced checksum hashing tool
    mdbtools 0.7.1 Utilities for viewing data and exporting schema from Microsoft Access Database files
    mdcrack 1.2 MD4/MD5/NTLM1 hash cracker
    mdk3 6 WLAN penetration tool
    mdns-scan 0.5 Scan mDNS/DNS-SD published services on the local network.
    medusa 2.1.1 A speedy, massively parallel, modular, login brute-forcer for network.
    melkor 1.0 An ELF fuzzer that mutates the existing data in an ELF sample given to create orcs (malformed ELFs), however, it does not change values randomly (dumb fuzzing), instead, it fuzzes certain metadata with semi-valid values through the use of fuzzing rules (knowledge base).
    memdump 1.01 Dumps system memory to stdout, skipping over holes in memory maps.
    memfetch 0.05b dumps any userspace process memory without affecting its execution
    metacoretex 0.8.0 MetaCoretex is an entirely JAVA vulnerability scanning framework for databases.
    metagoofil 1.4b An information gathering tool designed for extracting metadata of public documents
    metasploit 27656.a65ee6c An open source platform that supports vulnerability research, exploit development and the creation of custom security tools representing the largest collection of quality-assured exploits.
    metoscan 05 Tool for scanning the HTTP methods supported by a webserver. It works by testing a URL and checking the responses for the different requests.
    mfcuk 0.3.8 MIFARE Classic Universal toolKit
    mfoc 0.10.7 Mifare Classic Offline Cracker
    mfsniffer 0.1 A python script for capturing unencrypted TSO login credentials.
    mibble 2.9.3 Mibble is an open-source SNMP MIB parser (or SMI parser) written in Java. It can be used to read SNMP MIB files as well as simple ASN.1 files.
    middler 1.0 A Man in the Middle tool to demonstrate protocol middling attacks.
    minimysqlator 0.5 A multi-platform application used to audit web sites in order to discover and exploit SQL injection vulnerabilities.
    miranda-upnp 1.3 A Python-based Universal Plug-N-Play client application designed to discover, query and interact with UPNP devices
    miredo 1.2.6 Teredo client and server.
    missidentify 1.0 A program to find Win32 applications
    missionplanner 1.2.55 A GroundControl Station for Ardupilot.
    mitmap 0.1 Shell Script for launching a Fake AP with karma functionality and launches ettercap for packet capture and traffic manipulation.
    mitmer 22.b01c7fe A man-in-the-middle and phishing attack tool that steals the victim's credentials of some web services like Facebook.
    mitmf 112.65c8059 A Framework for Man-In-The-Middle attacks written in Python.
    mitmproxy 0.10.1 SSL-capable man-in-the-middle HTTP proxy
    mkbrutus 1.0.2 Password bruteforcer for MikroTik devices or boxes running RouterOS.
    mobiusft 0.5.20 An open-source forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions.
    modscan 0.1 A new tool designed to map a SCADA MODBUS TCP based network.
    moloch 0.9.2 An open source large scale IPv4 full PCAP capturing, indexing and database system.
    monocle 1.0 A local network host discovery tool. In passive mode, it will listen for ARP request and reply packets. In active mode, it will send ARP requests to the specific IP range. The results are a list of IP and MAC addresses present on the local network.
    morxbrute 1.01 A customizable HTTP dictionary-based password cracking tool written in Perl
    morxcrack 1.2 A cracking tool written in Perl to perform a dictionary-based attack on various hashing algorithm and CMS salted-passwords.
    mp3nema 0.4 A tool aimed at analyzing and capturing data that is hidden between frames in an MP3 file or stream, otherwise noted as "out of band" data.
    mptcp 1.9.0 A tool for manipulation of raw packets that allows a large number of options.
    ms-sys 2.3.0 A tool to write Win9x-.. master boot records (mbr) under linux - RTM!
    mssqlscan 0.8.4 A small multi-threaded tool that scans for Microsoft SQL Servers.
    msvpwn 0.1.r23.g328921b Bypass Windows' authentication via binary patching.
    mtr 0.85 Combines the functionality of traceroute and ping into one tool (CLI version)
    multiinjector 0.3 Automatic SQL injection utility using a lsit of URI addresses to test parameter manipulation.
    multimac 1.0.3 Multiple MACs on an adapter
    mutator 51.164132d This project aims to be a wordlist mutator with hormones, which means that some mutations will be applied to the result of the ones that have been already done, resulting in something like: corporation -> C0rp0r4t10n_2012
    mysql2sqlite 1.dd87f4 Converts a mysqldump file into a Sqlite 3 compatible file
    nacker 23.b67bb39 A tool to circumvent 802.1x Network Access Control on a wired LAN.
    nbnspoof 1.0 NBNSpoof - NetBIOS Name Service Spoofer
    nbtenum 3.3 A utility for Windows that can be used to enumerate NetBIOS information from one host or a range of hosts.
    nbtool 2.bf90c76 Some tools for NetBIOS and DNS investigation, attacks, and communication.
    nbtscan 1.5.1 NBTscan is a program for scanning IP networks for NetBIOS name information.
    ncpfs 2.2.6 Allows you to mount volumes of NetWare servers under Linux.
    ncrack 0.4a A high-speed network authentication cracking tool
    ndpi-xplico-svn 6937 Open and Extensible GPLv3 Deep Packet Inspection Library.
    nemesis 1.4 command-line network packet crafting and injection utility
    netactview 0.6.2 A graphical network connections viewer for Linux similar in functionality with Netstat
    netbios-share-scanner 1.0 This tool could be used to check windows workstations and servers if they have accessible shared resources.
    netcommander 1.3 An easy-to-use arp spoofing tool.
    netcon 0.1 A network connection establishment and management script.
    netdiscover 0.3 An active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks.
    netmap 0.1.3 Can be used to make a graphical representation of the surounding network.
    netmask 2.3.12 Helps determine network masks
    netreconn 1.76 A collection of network scan/recon tools that are relatively small compared to their larger cousins.
    netscan 1.0 Tcp/Udp/Tor port scanner with: synpacket, connect TCP/UDP and socks5 (tor connection).
    netsed 1.2 Small and handful utility design to alter the contents of packets forwarded thru network in real time.
    netsniff-ng 0.5.8 A high performance Linux network sniffer for packet inspection.
    netzob 0.4.1 An open source tool for reverse engineering, traffic generation and fuzzing of communication protocols.
    nfcutils 0.3.2 Provides a simple 'lsnfc' command that list tags which are in your NFC device field
    nfex 2.5 A tool for extracting files from the network in real-time or post-capture from an offline tcpdump pcap savefile. It is based off of the code-base from the apparently defunct project tcpxtract.
    nfspy 1.0 A Python library for automating the falsification of NFS credentials when mounting an NFS share.
    nfsshell 19980519 Userland NFS command tool.
    ngrep 1.45 A grep-like utility that allows you to search for network packets on an interface.
    nield 0.5.1 A tool to receive notifications from kernel through netlink socket, and generate logs related to interfaces, neighbor cache(ARP,NDP), IP address(IPv4,IPv6), routing, FIB rules, traffic control.
    nikto 2.1.5 A web server scanner which performs comprehensive tests against web servers for multiple items
    nimbostratus 54.c7c206f Tools for fingerprintinging and exploiting Amazon cloud infrastructures.
    nipper 0.11.7 Network Infrastructure Parser
    nishang 0.3.5 Using PowerShell for Penetration Testing.
    nkiller2 2.0 A TCP exhaustion/stressing tool.
    nmap 6.47 Utility for network discovery and security auditing
    nmbscan 1.2.6 Tool to scan the shares of a SMB/NetBIOS network, using the NMB/SMB/NetBIOS protocols.
    nomorexor 0.1 Tool to help guess a files 256 byte XOR key by using frequency analysis
    notspikefile 0.1 A Linux based file format fuzzing tool
    nsdtool 0.1 A netgear switch discovery tool. It contains some extra features like bruteoforce and setting a new password.
    nsec3walker 20101223 Enumerates domain names using DNSSEC
    ntds-decode 0.1 This application dumps LM and NTLM hashes from active accounts stored in an Active Directory database.
    o-saft 398.bedb49d A tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations.
    oat 1.3.1 A toolkit that could be used to audit security within Oracle database servers.
    obexstress 0.1 Script for testing remote OBEX service for some potential vulnerabilities.
    obfsproxy 0.2.12 A pluggable transport proxy written in Python.
    oclhashcat 1.30 Worlds fastest WPA cracker with dictionary mutation engine.
    ocs 0.2 Compact mass scanner for Cisco routers with default telnet/enable passwords.
    ohrwurm 0.1 A small and simple RTP fuzzer.
    ollydbg 201g A 32-bit assembler-level analysing debugger
    onesixtyone 0.7 An SNMP scanner that sends multiple SNMP requests to multiple IP addresses
    onionshare 415.381d046 Securely and anonymously share a file of any size.
    openstego 0.6.1 A tool implemented in Java for generic steganography, with support for password-based encryption of the data.
    opensvp 64.56b2b8f A security tool implementing "attacks" to be able to the resistance of firewall to protocol level attack.
    openvas-cli 1.3.0 The OpenVAS Command-Line Interface
    openvas-libraries 7.0.4 The OpenVAS libraries
    openvas-manager 5.0.4 A layer between the OpenVAS Scanner and various client applications
    openvas-scanner 4.0.3 The OpenVAS scanning Daemon
    ophcrack 3.6.0 A free Windows password cracker based on rainbow tables
    orakelcrackert 1.00 This tool can crack passwords which are encrypted using Oracle's latest SHA1 based password protection algorithm.
    origami 1.0.0_beta1b A ruby framework designed to parse, analyze, and forge PDF documents.
    oscanner 1.0.6 An Oracle assessment framework developed in Java.
    ostinato 0.5.1 An open-source, cross-platform packet/traffic generator and analyzer with a friendly GUI. It aims to be "Wireshark in Reverse" and thus become complementary to Wireshark.
    osueta 65.90323e2 A simple Python script to exploit the OpenSSH User Enumeration Timing Attack.
    owabf 1.3 Outlook Web Access bruteforcer tool.
    owtf 547.f9bbe14 The Offensive (Web) Testing Framework.
    p0f 3.07b Purely passive TCP/IP traffic fingerprinting tool.
    pack 0.0.4 Password Analysis and Cracking Kit
    packerid 1.4 Script which uses a PEiD database to identify which packer (if any) is being used by a binary.
    packet-o-matic 351 A real time packet processor. Reads the packet from an input module, match the packet using rules and connection tracking information and then send it to a target module.
    packeth 1.7.2 A Linux GUI packet generator tool for ethernet.
    packit 1.0 A network auditing tool. Its value is derived from its ability to customize, inject, monitor, and manipulate IP traffic.
    pacumen 1.92a0884 Packet Acumen - Analyse encrypted network traffic and more (side-channel attacks).
    padbuster 0.3.3 Automated script for performing Padding Oracle attacks.
    paketto 1.10 Advanced TCP/IP Toolkit.
    panoptic 170.b1bed35 A tool that automates the process of search and retrieval of content for common log and config files through LFI vulnerability.
    paros 3.2.13 Java-based HTTP/HTTPS proxy for assessing web app vulnerabilities. Supports editing/viewing HTTP messages on-the-fly, spiders, client certificates, proxy-chaining, intelligent scanning for XSS and SQLi, etc.
    parsero 56.fc5f7ec A robots.txt audit tool.
    pasco 20040505_1 Examines the contents of Internet Explorer's cache files for forensic purposes
    passcracking 20131214 A little python script for sending hashes to and milw0rm
    passe-partout 0.1 Tool to extract RSA and DSA private keys from any process linked with OpenSSL. The target memory is scanned to lookup specific OpenSSL patterns.
    passivedns 1.1.3 A network sniffer that logs all DNS server replies for use in a passive DNS setup.
    pastenum 0.4.1 Search Pastebins for content, fork from nullthreat corelan pastenum2
    patator 80.5a140c1 A multi-purpose bruteforcer.
    pathod 0.9.2 Crafted malice for tormenting HTTP clients and servers
    pblind 1.0 Little utility to help exploiting blind sql injection vulnerabilities.
    pcapsipdump 0.1.4 pcapsipdump is a tool for dumping SIP sessions (+RTP traffic, if available) to disk in a fashion similar to 'tcpdump -w' (format is exactly the same), but one file per sip session (even if there is thousands of concurrect SIP sessions).
    pcredz 0.9 A tool that extracts credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, and more from a pcap file or from a live interface.
    pdf-parser 0.4.2 Parses a PDF document to identify the fundamental elements used in the analyzed file
    pdfbook-analyzer 2 Utility for facebook memory forensics.
    pdfcrack 0.12 Password recovery tool for PDF-files.
    pdfid 0.1.2 scan a file to look for certain PDF keywords
    pdfresurrect 0.12 A tool aimed at analyzing PDF documents.
    pdgmail 1.0 A password dictionary attack tool that targets windows authentication via the SMB protocol
    peach 3.0.202 A SmartFuzzer that is capable of performing both generation and mutation based fuzzing
    peda 51.327db44 Python Exploit Development Assistance for GDB.
    peepdf 0.3 A Python tool to explore PDF files in order to find out if the file can be harmful or not
    pentbox 1.8 A security suite that packs security and stability testing oriented tools for networks and systems.
    perl-image-exiftool 9.70 Reader and rewriter of EXIF informations that supports raw files
    perl-tftp 1.0b3 TFTP - TFTP Client class for perl
    pev 0.60 Command line based tool for PE32/PE32+ file analysis
    pextractor 0.18b A forensics tool that can extract all files from an executable file created by a joiner or similar.
    pgdbf 94.baa1d95 Convert XBase / FoxPro databases to PostgreSQL
    phoss 0.1.13 Sniffer designed to find HTTP, FTP, LDAP, Telnet, IMAP4, VNC and POP3 logins.
    php-mt-seed 3.2 PHP mt_rand() seed cracker
    php-rfi-payload-decoder 30.bd42caa Decode and analyze RFI payloads developed in PHP.
    php-vulnerability-hunter An whitebox fuzz testing tool capable of detected several classes of vulnerabilities in PHP web applications.
    phpstress 5.f987a7e A PHP denial of service / stress test for Web Servers running PHP-FPM or PHP-CGI.
    phrasendrescher 1.2.2 A modular and multi processing pass phrase cracking tool
    pipal 1.1 A password analyser
    pirana 0.3.1 Exploitation framework that tests the security of a email content filter.
    plcscan 0.1 This is a tool written in Python that will scan for PLC devices over s7comm or modbus protocols.
    plecost 2 Wordpress finger printer tool search and retrieve information about the plugins versions installed in Wordpress systems.
    plown 13.ccf998c A security scanner for Plone CMS.
    pnscan 1.11 A parallel network scanner that can be used to survey TCP network services.
    pompem 69.b2569c4 A python exploit tool finder.
    portspoof 100.70b6bf2 This program's primary goal is to enhance OS security through a set of new techniques.
    posttester 0.1 A jar file that will send POST requests to servers in order to test for the hash collision vulnerability discussed at the Chaos Communication Congress in Berlin.
    powerfuzzer 1_beta Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (incl. cfuzzer, fuzzled,, jbrofuzz, webscarab, wapiti, Socket Fuzzer). It can detect XSS, Injections (SQL, LDAP, commands, code, XPATH) and others.
    powersploit 237.9703400 A PowerShell Post-Exploitation Framework.
    praeda 37.093d1c0 An automated data/information harvesting tool designed to gather critical information from various embedded devices.
    prometheus 175.497b2ce A Firewall analyzer written in ruby
    propecia 2 A fast class scanner that scans for a specified open port with banner grabbing
    protos-sip 2 SIP test suite.
    proxychains-ng 4.8.1 A hook preloader that allows to redirect TCP traffic of existing dynamically linked programs through one or more SOCKS or HTTP proxies
    proxycheck 0.1 This is a simple proxy tool that checks for the HTTP CONNECT method and grabs verbose output from a webserver.
    proxyp 2013 Small multithreaded Perl script written to enumerate latency, port numbers, server names, & geolocations of proxy IP addresses.
    proxyscan 0.3 A security penetration testing tool to scan for hosts and ports through a Web proxy server.
    proxytunnel 1.9.0 a program that connects stdin and stdout to a server somewhere on the network, through a standard HTTPS proxy
    pscan 1.3 A limited problem scanner for C source files
    pstoreview 1.0 Lists the contents of the Protected Storage.
    ptunnel 0.72 A tool for reliably tunneling TCP connections over ICMP echo request and reply packets
    pwd-hash 2.0 A password hashing tool that use the crypt function to generate the hash of a string given on standard input.
    pwdump 7.1 Extracts the binary SAM and SYSTEM file from the filesystem and then the hashes.
    pwnat 0.3 A tool that allows any number of clients behind NATs to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other
    pwntools 2.1.3 The CTF framework used by #Gallopsled in every CTF.
    pyew 2.3.0 A python tool to analyse malware.
    pyfiscan 930.0326ac3 Free web-application vulnerability and version scanner.
    pyinstaller 2.1 A program that converts (packages) Python programs into stand-alone executables, under Windows, Linux, Mac OS X, Solaris and AIX.
    pyminifakedns 0.1 Minimal DNS server written in Python; it always replies with a A-record
    pyrasite 2.0 Code injection and introspection of running Python processes.
    pyrit 0.4.0 WPA/WPA2-PSK attacking with gpu and cluster
    pytacle alpha2 Automates the task of sniffing GSM frames
    pytbull 2.0 A python based flexible IDS/IPS testing framework shipped with more than 300 tests
    python-utidylib 0.2 Python bindings for Tidy HTML parser/cleaner.
    python2-yara 3.0.0 A malware identification and classification tool.
    quickrecon 0.3.2 A python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
    radamsa 0.3 General purpose data fuzzer.
    radare2 0.9.7 Open-source tools to disasm, debug, analyze and manipulate binary files.
    radiography 2 A forensic tool which grabs as much information as possible from a Windows system.
    rainbowcrack 1.2 Password cracker based on the faster time-memory trade-off. With MySQL and Cisco PIX Algorithm patches.
    rarcrack 0.2 This program uses bruteforce algorithm to find correct password (rar, 7z, zip).
    ratproxy 1.58 A passive web application security assessment tool
    rawr 39.aac6a99 Rapid Assessment of Web Resources. A web enumerator.
    rcracki-mt 0.7.0 A tool to perform rainbow table attacks on password hashes. It is intended for indexed/perfected rainbow tables, mainly generated by the distributed project
    rdesktop-brute 1.5.0 It connects to windows terminal servers - Bruteforce patch included.
    reaver 1.4 Implements a brute force attack against wifi protected setup WPS registrar PINs in order to recover WPA/WPA2 passphrases
    rebind 0.3.4 DNS Rebinding Tool
    recon-ng 881.39549f3 A full-featured Web Reconnaissance framework written in Python.
    recoverjpeg 2.2.2 Recover jpegs from damaged devices.
    recstudio 4.0_20130717 Cross platform interactive decompiler
    redfang 2.5 Finds non-discoverable Bluetooth devices by brute-forcing the last six bytes of the devices' Bluetooth addresses and calling read_remote_name().
    redirectpoison 1.1 A tool to poison a targeted issuer of SIP INVITE requests with 301 (i.e. Moved Permanently) redirection responses.
    regeorg 23.7a38dd6 The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.
    reglookup 1.0.1 Command line utility for reading and querying Windows NT registries
    relay-scanner 1.7 An SMTP relay scanner.
    replayproxy 1.1 Forensic tool to replay web-based attacks (and also general HTTP traffic) that were captured in a pcap file.
    responder 114.c05bdfc A LLMNR and NBT-NS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
    rfcat 130515 RF ChipCon-based Attack Toolset
    rfdump 1.6 A back-end GPL tool to directly inter-operate with any RFID ISO-Reader to make the contents stored on RFID tags accessible
    rfidiot e302bb7 An open source python library for exploring RFID devices.
    rfidtool 0.01 A opensource tool to read / write rfid tags
    ridenum 39.ebbfaca A null session RID cycle attack for brute forcing domain controllers.
    rifiuti2 0.5.1 A rewrite of rifiuti, a great tool from Foundstone folks for analyzing Windows Recycle Bin INFO2 file.
    rinetd 0.62 internet redirection server
    ripdc 0.2 A script which maps domains related to an given ip address or domainname.
    rkhunter 1.4.2 Checks machines for the presence of rootkits and other unwanted tools.
    rlogin-scanner 0.2 Multithreaded rlogin scanner. Tested on Linux, OpenBSD and Solaris.
    rootbrute 0.1 Local root account bruteforcer.
    ropeadope 1.1 A linux log cleaner.
    ropeme 1.0 ROPME is a set of python scripts to generate ROP gadgets and payload.
    ropgadget 5.1 Lets you search your gadgets on your binaries (ELF format) to facilitate your ROP exploitation.
    ropper 50.b7cbc7b It can show information about files in different file formats and you can find gadgets to build rop chains for different architectures. For disassembly ropper uses the awesome Capstone Framework.
    rpdscan 2.a71b0f3 Remmina Password Decoder and scanner.
    rrs 1.70 A reverse (connecting) remote shell. Instead of listening for incoming connections it will connect out to a listener (rrs in listen mode). With tty support and more.
    rsakeyfind 1.0 A tool to find RSA key in RAM.
    rsmangler 1.4 rsmangler takes a wordlist and mangle it
    rtlsdr-scanner 847.f9aada5 A cross platform Python frequency scanning GUI for the OsmoSDR rtl-sdr library.
    rtp-flood 1.0 RTP flooder
    rtpbreak 1.3a Detects, reconstructs and analyzes any RTP session
    rubilyn 0.0.1 64bit Mac OS-X kernel rootkit that uses no hardcoded address to hook the BSD subsystem in all OS-X Lion & below. It uses a combination of syscall hooking and DKOM to hide activity on a host.
    ruby-msgpack 0.5.8 MessagePack, a binary-based efficient data interchange format.
    ruby-ronin 1.5.0 A Ruby platform for exploit development and security research.
    ruby-ronin-support 0.5.1 A support library for Ronin.
    ruby-uri-query_params 0.7.0 Access the query parameters of a URI, just like in PHP.
    rww-attack 0.9.2 The Remote Web Workplace Attack tool will perform a dictionary attack against a live Microsoft Windows Small Business Server's 'Remote Web Workplace' portal. It currently supports both SBS 2003 and SBS 2008 and includes features to avoid account lock out.
    safecopy 1.7 A disk data recovery tool to extract data from damaged media
    sakis3g 0.2.0e An all-in-one script for connecting with 3G
    sambascan 0.5.0 Allows you to search an entire network or a number of hosts for SMB shares. It will also list the contents of all public shares that it finds.
    samdump2 3.0.0 Dump password hashes from a Windows NT/2k/XP installation
    samydeluxe 2.2ed1bac Automatic samdump creation script.
    sandy 6.531ab16 An open-source Samsung phone encryption assessment framework
    sasm 3.1.0 A simple crossplatform IDE for NASM, MASM, GAS and FASM assembly languages.
    sb0x 19.04f40fe A simple and Lightweight framework for Penetration testing.
    sbd 1.36 Netcat-clone, portable, offers strong encryption - features AES-CBC + HMAC-SHA1 encryption, program execution (-e), choosing source port, continuous reconnection with delay + more
    scalpel 2.0 A frugal, high performance file carver
    scanmem 0.13 A utility used to locate the address of a variable in an executing process.
    scanssh 2.1 Fast SSH server and open proxy scanner.
    scapy 2.2.0 A powerful interactive packet manipulation program written in Python
    schnappi-dhcp 0.1 schnappi can fuck network with no DHCP
    scout2 168.fecb983 Security auditing tool for AWS environments.
    scrounge-ntfs 0.9 Data recovery program for NTFS file systems
    sctpscan 1.0 A network scanner for discovery and security
    seat 0.3 Next generation information digging application geared toward the needs of security professionals. It uses information stored in search engine databases, cache repositories, and other public resources to scan web sites for potential vulnerabilities.
    secscan 1.5 Web Apps Scanner and Much more utilities.
    secure-delete 3.1 Secure file, disk, swap, memory erasure utilities.
    sees 38.523387d Increase the success rate of phishing attacks by sending emails to company users as if they are coming from the very same company's domain.
    sergio-proxy 0.2.1 A multi-threaded transparent HTTP proxy for manipulating web traffic
    sessionlist 1.0 Sniffer that intents to sniff HTTP packets and attempts to reconstruct interesting authentication data from websites that do not employ proper secure cookie auth.
    set 6.0.4 Social-engineer toolkit. Aimed at penetration testing around Social-Engineering
    sfuzz 0.7.0 A simple fuzzer.
    shellcodecs 0.1 A collection of shellcode, loaders, sources, and generators provided with documentation designed to ease the exploitation and shellcode programming process.
    shellme 3.8c7919d Because sometimes you just need shellcode and opcodes quickly. This essentially just wraps some nasm/objdump calls into a neat script.
    shellnoob 2.1 A toolkit that eases the writing and debugging of shellcode
    shortfuzzy 0.1 A web fuzzing script written in perl.
    sidguesser 1.0.5 Guesses sids/instances against an Oracle database according to a predefined dictionary file.
    siege 3.0.8 An http regression testing and benchmarking utility
    simple-ducky 1.1.1 A payload generator.
    simple-lan-scan 1.0 A simple python script that leverages scapy for discovering live hosts on a network.
    sinfp 1.21 A full operating system stack fingerprinting suite.
    siparmyknife 11232011 A small command line tool for developers and administrators of Session Initiation Protocol (SIP) applications.
    sipcrack 0.2 A SIP protocol login cracker.
    sipp 3.3 A free Open Source test tool / traffic generator for the SIP protocol.
    sipsak 0.9.6 A small command line tool for developers and administrators of Session Initiation Protocol (SIP) applications.
    sipscan 0.1 A sip scanner.
    sipvicious 0.2.8 Tools for auditing SIP devices
    skipfish 2.10b A fully automated, active web application security reconnaissance tool
    skyjack 7.5f7a25e Takes over Parrot drones, deauthenticating their true owner and taking over control, turning them into zombie drones under your own control.
    skype-dump 0.1 This is a tool that demonstrates dumping MD5 password hashes from the configuration file in Skype.
    skypefreak 30.14a81cb A Cross Platform Forensic Framework for Skype.
    sleuthkit 4.1.3 File system and media management forensic analysis tools
    slowhttptest 1.5 A highly configurable tool that simulates application layer denial of service attacks
    slowloris 0.7 A tool which is written in perl to test http-server vulnerabilites for connection exhaustion denial of service (DoS) attacks so you can enhance the security of your webserver.
    smali 1.4.1 An assembler/disassembler for Android's dex format
    smartphone-pentest-framework 95.20918b2 Repository for the Smartphone Pentest Framework (SPF).
    smbbf 0.9.1 SMB password bruteforcer.
    smbexec 128.4430c5f A rapid psexec style attack with samba tools.
    smbrelay 3 SMB / HTTP to SMB replay attack toolkit.
    smtp-fuzz 1.0 Simple smtp fuzzer none
    smtp-user-enum 1.2 Username guessing tool primarily for use against the default Solaris SMTP service. Can use either EXPN, VRFY or RCPT TO.
    smtp-vrfy 1.0 An SMTP Protocol Hacker.
    smtpmap 0.8.234_BETA Tool to identify the running smtp software on a given host.
    smtpscan 0.5 An SMTP scanner
    sn00p 0.8 A modular tool written in bourne shell and designed to chain and automate security tools and tests.
    sniffjoke 0.4.1 Injects packets in the transmission flow that are able to seriously disturb passive analysis like sniffing, interception and low level information theft.
    snmp-fuzzer 0.1.1 SNMP fuzzer uses Protos test cases with an entirely new engine written in Perl.
    snmpattack 1.8 SNMP scanner and attacking tool.
    snmpcheck 1.8 A free open source utility to get information via SNMP protocols.
    snmpenum 1.7 snmp enumerator
    snmpscan 0.1 A free, multi-processes SNMP scanner
    snoopy-ng 93.e305420 A distributed, sensor, data collection, interception, analysis, and visualization framework.
    snort A lightweight network intrusion detection system.
    snow 20130616 Steganography program for concealing messages in text files.
    snscan 1.05 A Windows based SNMP detection utility that can quickly and accurately identify SNMP enabled devices on a network.
    socat Multipurpose relay
    soot 2.5.0 A Java Bytecode Analysis and Transformation Framework.
    spade 114 A general-purpose Internet utility package, with some extra features to help in tracing the source of spam and other forms of Internet harassment.
    sparty 0.1 An open source tool written in python to audit web applications using sharepoint and frontpage architecture.
    spectools 2010_04_R1 Spectrum-Tools is a set of utilities for using the Wi-Spy USB spectrum analyzer hardware. Stable version.
    speedpwn 8.3dd2793 An active WPA/2 Bruteforcer, original created to prove weak standard key generation in different ISP labeled routers without a client is connected.
    spiderfoot 2.1.5 The Open Source Footprinting Tool
    spiderpig-pdffuzzer 0.1 A javascript pdf fuzzer
    spiga 7240.3a804ac Configurable web resource scanner
    spike 2.9 IMMUNITYsec's fuzzer creation kit in C
    spike-proxy 148 A Proxy for detecting vulnerabilities in web applications
    spiped 1.4.1 A utility for creating symmetrically encrypted and authenticated pipes between socket addresses.
    spipscan 8181.da07974 SPIP (CMS) scanner for penetration testing purpose written in Python.
    splint 3.1.2 A tool for statically checking C programs for security vulnerabilities and coding mistakes
    sploitctl 1.1 Fetch, install and search exploit archives from exploit sites like exploit-db and packetstorm.
    sploitego 153.d9568dc Maltego Penetration Testing Transforms.
    spooftooph 0.5.2 Designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain sight
    sps 4.2 A Linux packet crafting tool. Supports IPv4, IPv6 including extension headers, and tunneling IPv6 over IPv4.
    sqid 0.3 A SQL injection digger.
    sqlbrute 1.0 Brute forces data out of databases using blind SQL injection.
    sqlmap 1.0dev An automatic SQL injection tool developed in Python
    sqlninja 0.2.6_r1 A tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end
    sqlpat 1.0.1 This tool should be used to audit the strength of Microsoft SQL Server passwords offline.
    sqlping 4 SQL Server scanning tool that also checks for weak passwords using wordlists.
    sqlsus 0.7.2 An open source MySQL injection and takeover tool, written in perl
    ssh-privkey-crack 0.3 A SSH private key cracker
    sshatter 1.2 Password bruteforcer for SSH
    sshscan 7401.3bfd4ae A horizontal SSH scanner that scans large swaths of IPv4 space for a single SSH user and pass.
    sshtrix 0.0.2 A very fast multithreaded SSH login cracker
    sshuttle 198.9ce2fa0 Transparent proxy server that works as a poor man's VPN. Forwards all TCP packets over ssh (and even DNS requests when using --dns option). Doesn't require admin privileges on the server side.
    ssl-hostname-resolver 1 CN (Common Name) grabber on X.509 Certificates over HTTPS.
    ssl-phuck3r 2.0 All in one script for Man-In-The-Middle attacks.
    sslcat 1.0 SSLCat is a simple Unix utility that reads and writes data across an SSL enable network connection.
    sslcaudit 519.6967cc6 Utility to perform security audits of SSL/TLS clients.
    ssldump 0.9b3 an SSLv3/TLS network protocol analyzer
    sslh 1.16 SSL/SSH/OpenVPN/XMPP/tinc port multiplexer
    sslmap 0.2.0 A lightweight TLS/SSL cipher suite scanner.
    sslnuke 5.c5faeaa Transparent proxy that decrypts SSL traffic and prints out IRC messages.
    sslscan 239.1328b49 Tests SSL/TLS enabled services to discover supported cipher suites.
    sslsniff 0.8 A tool to MITM all SSL connections on a LAN and dynamically generate certs for the domains that are being accessed on the fly
    sslsplit 0.4.8 A tool for man-in-the-middle attacks against SSL/TLS encrypted network connections
    sslstrip 0.9 Transparently hijack http traffic on a network, watch for https links and redirects, then map those links.
    sslyze 0.10 Python tool for analyzing the configuration of SSL servers and for identifying misconfigurations.
    stackflow 2.2af525d Universal stack-based buffer overfow exploitation tool.
    starttls-mitm 7.b257756 A mitm proxy that will transparently proxy and dump both plaintext and TLS traffic.
    statsprocessor 0.082 A high-performance word-generator based on per-position Markov-attack
    steghide 0.5.1 Embeds a message in a file by replacing some of the least significant bits
    stompy 0.0.4 an advanced utility to test the quality of WWW session identifiers and other tokens that are meant to be unpredictable.
    storm-ring 0.1 This simple tool is useful to test a PABX with "allow guest" parameter set to "yes" (in this scenario an anonymous caller could place a call).
    stunnel 5.03 A program that allows you to encrypt arbitrary TCP connections inside SSL
    subdomainer 1.2 A tool designed for obtaining subdomain names from public sources.
    subterfuge 5.0 Automated Man-in-the-Middle Attack Framework
    sucrack 1.2.3 A multi-threaded Linux/UNIX tool for brute-force cracking local user accounts via su
    sulley 1.0.afcd647 A pure-python fully automated and unattended fuzzing framework
    superscan 4 Powerful TCP port scanner, pinger, resolver.
    suricata 2.0.3 An Open Source Next Generation Intrusion Detection and Prevention Engine.
    svn-extractor 28.3af00fb A simple script to extract all web resources by means of .SVN folder exposed over network.
    swaks 20130209.0 Swiss Army Knife SMTP; Command line SMTP testing, including TLS and AUTH
    swfintruder 0.9.1 First tool for testing security in Flash movies. A runtime analyzer for SWF external movies. It helps to find flaws in Flash.
    synflood 0.1 A very simply script to illustrate DoS SYN Flooding attack.
    synner 1.1 A custom eth->ip->tcp packet generator (spoofer) for testing firewalls and dos attacks.
    synscan 5.02 fast asynchronous half-open TCP portscanner
    sysdig 1127.b936707 Open source system-level exploration and troubleshooting tool.
    sysinternals-suite 1.1 Sysinternals tools suite.
    t50 5.4.1 Experimental Multi-protocol Packet Injector Tool
    taof 0.3.2 Taof is a GUI cross-platform Python generic network protocol fuzzer.
    tbear 1.5 Transient Bluetooth Environment Auditor includes an ncurses-based Bluetooth scanner (a bit similar to kismet), a Bluetooth DoS tool, and a Bluetooth hidden device locator.
    tcgetkey 0.1 A set of tools that deal with acquiring physical memory dumps via FireWire and then scan the memory dump to locate TrueCrypt keys and finally decrypt the encrypted TrueCrypt container using the keys.
    tcpcontrol-fuzzer 0.1 2^6 TCP control bit fuzzer (no ECN or CWR).
    tcpdump 4.6.2 A tool for network monitoring and data acquisition
    tcpextract 1.1 Extracts files from captured TCP sessions. Support live streams and pcap files.
    tcpflow 1.4.4 Captures data transmitted as part of TCP connections then stores the data conveniently
    tcpick 0.2.1 TCP stream sniffer and connection tracker
    tcpjunk 2.9.03 A general tcp protocols testing and hacking utility
    tcpreplay 3.4.4 Gives the ability to replay previously captured traffic in a libpcap format
    tcptraceroute 1.5beta7 A traceroute implementation using TCP packets.
    tcpwatch 1.3.1 A utility written in Python that lets you monitor forwarded TCP connections or HTTP proxy connections.
    tcpxtract 1.0.1 A tool for extracting files from network traffic.
    teardown 1.0 Command line tool to send a BYE request to tear down a call.
    tekdefense-automater 52.6d0bd5a IP URL and MD5 OSINT Analysis
    termineter 0.1.0 Smart meter testing framework
    tftp-bruteforce 0.1 TFTP-bruteforcer is a fast TFTP filename bruteforcer written in perl.
    tftp-fuzz 1337 Master TFTP fuzzing script as part of the ftools series of fuzzers
    tftp-proxy 0.1 This tool accepts connection on tftp and reloads requested content from an upstream tftp server. Meanwhile modifications to the content can be done by pluggable modules. So this one's nice if your mitm with some embedded devices.
    thc-ipv6 2.5 A complete tool set to attack the inherent protocol weaknesses of IPv6 and ICMP6, and includes an easy to use packet factory library.
    thc-keyfinder 1.0 Finds crypto keys, encrypted data and compressed data in files by analyzing the entropy of parts of the file.
    thc-pptp-bruter 0.1.4 A brute force program that works against pptp vpn endpoints (tcp port 1723).
    thc-smartbrute 1.0 This tool finds undocumented and secret commands implemented in a smartcard.
    thc-ssl-dos 1.4 A tool to verify the performance of SSL. To be used in your authorized and legitimate area ONLY. You need to accept this to make use of it, no use for bad intentions, you have been warned!
    theharvester 2.2a Python tool for gathering e-mail accounts and subdomain names from different public sources (search engines, pgp key servers)
    themole 0.3 Automatic SQL injection exploitation tool.
    tiger 3.2.3 A security scanner, that checks computer for known problems. Can also use tripwire, aide and chkrootkit.
    tilt 90.2bc2ef2 An easy and simple tool implemented in Python for ip reconnaissance, with reverse ip lookup.
    timegen 0.4 This program generates a *.wav file to "send" an own time signal to DCF77 compatible devices.
    tinc 1.0.24 VPN (Virtual Private Network) daemon
    tinyproxy 1.8.3 A light-weight HTTP proxy daemon for POSIX operating systems.
    tlsenum 70.c1eb5c2 A command line tool to enumerate TLS cipher-suites supported by a server.
    tlssled 1.3 A Linux shell script whose purpose is to evaluate the security of a target SSL/TLS (HTTPS) web server implementation.
    tnscmd 1.3 a lame tool to prod the oracle tnslsnr process (1521/tcp)
    topera 19.3e230fd An IPv6 security analysis toolkit, with the particularity that their attacks can't be detected by Snort.
    tor Anonymizing overlay network.
    tor-autocircuit 0.2 Tor Autocircuit was developed to give users a finer control over Tor circuit creation. The tool exposes the functionality of TorCtl library which allows its users to control circuit length, speed, geolocation, and other parameters.
    tor-browser-en 3.6.6 Tor Browser Bundle: Anonymous browsing using firefox and tor
    torshammer 1.0 A slow POST Denial of Service testing tool written in Python.
    torsocks 2.0.0 Wrapper to safely torify applications
    tpcat latest TPCAT is based upon pcapdiff by the EFF. TPCAT will analyze two packet captures (taken on each side of the firewall as an example) and report any packets that were seen on the source capture but didn’t make it to the dest.
    traceroute 2.0.20 Tracks the route taken by packets over an IP network
    trid 2.11 An utility designed to identify file types from their binary signatures
    trinity 3590.1280b98 A Linux System call fuzzer.
    trixd00r 0.0.1 An advanced and invisible userland backdoor based on TCP/IP for UNIX systems
    truecrack 35 Password cracking for truecrypt(c) volumes.
    truecrypt 7.1a Free open-source cross-platform disk encryption software
    tsh 0.6 An open-source UNIX backdoor that compiles on all variants, has full pty support, and uses strong crypto for communication.
    tsh-sctp 2.850a2da An open-source UNIX backdoor.
    tuxcut 5.0 Netcut-like program for Linux written in PyQt
    twofi 2.0 Twitter Words of Interest.
    u3-pwn 2.0 A tool designed to automate injecting executables to Sandisk smart usb devices with default U3 software install
    uatester 1.06 User Agent String Tester
    ubertooth 2012.10.R1 A 2.4 GHz wireless development board suitable for Bluetooth experimentation. Open source hardware and software. Tools only
    ubitack 0.3 Tool, which automates some of the tasks you might need on a (wireless) penetration test or while you are on the go.
    udis86 1.7.2 A minimalistic disassembler library
    udptunnel 19 Tunnels TCP over UDP packets.
    uefi-firmware-parser 101.be34a60 Parse BIOS/Intel ME/UEFI firmware related structures: Volumes, FileSystems, Files, etc
    ufo-wardriving 4 Allows you to test the security of wireless networks by detecting their passwords based on the router model
    ufonet 9.5484a90 A tool designed to launch DDoS attacks against a target, using 'Open Redirect' vectors on third party web applications, like botnet.
    umap 25.3ad8121 The USB host security assessment tool.
    umit 1.0 A powerful nmap frontend.
    unhide 20130526 A forensic tool to find processes hidden by rootkits, LKMs or by other techniques.
    unicorn 9.a18cb5d A simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.
    unicornscan 0.4.7 A new information gathering and correlation engine.
    uniofuzz 1337 The universal fuzzing tool for browsers, web services, files, programs and network services/ports
    uniscan 6.2 A simple Remote File Include, Local File Include and Remote Command Execution vulnerability scanner.
    unix-privesc-check 1.4 Tries to find misconfigurations that could allow local unprivilged users to escalate privileges to other users or to access local apps (e.g. databases)
    unsecure 1.2 Bruteforces network login masks.
    upnpscan 0.4 Scans the LAN or a given address range for UPnP capable devices.
    upx 3.91 Ultimate executable compressor.
    urlcrazy 0.5 Generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage.
    urldigger 02c A python tool to extract URL addresses from different HOT sources and/or detect SPAM and malicious code
    username-anarchy 0.2 Tools for generating usernames when penetration testing
    usernamer 7.813139d Pentest Tool to generate usernames/logins based on supplied names.
    uw-loveimap 0.1 Multi threaded imap bounce scanner.
    uw-offish 0.1 Clear-text protocol simulator.
    uw-udpscan 0.1 Multi threaded udp scanner.
    uw-zone 0.1 Multi threaded, randomized IP zoner.
    v3n0m 77.cdaf14e Popular linux version of Balthazar/NovaCygni's 'v3n0m' scanner. Searches 18k+ dorks over 13 search engines.
    vanguard 0.1 A comprehensive web penetration testing tool written in Perl thatidentifies vulnerabilities in web applications.
    vbrute 1.11dda8b Virtual hosts brute forcer.
    vega 1.0 An open source platform to test the security of web applications
    veil 257.a9b6491 A tool designed to generate metasploit payloads that bypass common anti-virus solutions.
    vfeed 0.1 Open Source Cross Linked and Aggregated Local Vulnerability Database main repository
    vidalia 0.2.21 Controller GUI for Tor
    videosnarf 0.63 A new security assessment tool for pcap analysis
    vinetto 0.07beta A forensics tool to examine Thumbs.db files
    viper 444.4aecf37 A Binary analysis framework.
    vivisect 20130901 Vivisect is a Python based static analysis and reverse engineering framework, Vdb is a Python based research/reversing focused debugger and programatic debugging API by invisigoth of kenshoto
    vnak 1.cf0fda7 Aim is to be the one tool a user needs to attack multiple VoIP protocols.
    vnc-bypauth 0.0.1 Multi-threaded bypass authentication scanner for VNC servers <= 4.1.1.
    vncrack 1.21 What it looks like: crack VNC.
    voiper 0.07 A VoIP security testing toolkit incorporating several VoIP fuzzers and auxilliary tools to assist the auditor.
    voiphopper 2.04 A security validation tool that tests to see if a PC can mimic the behavior of an IP Phone. It rapidly automates a VLAN Hop into the Voice VLAN.
    voipong 2.0 A utility which detects all Voice Over IP calls on a pipeline, and for those which are G711 encoded, dumps actual conversation to seperate wave files.
    volatility 2.4 A memory forensics toolkit
    vstt 0.5.0 VSTT is a multi-protocol tunneling tool. It accepts input by TCP stream sockets and FIFOs, and can send data via TCP, POP3, and ICMP tunneling.
    vulscan 2.0 A collection of NSE scripts to turn Nmap into a vuln scanner
    w3af 1.6 Web Application Attack and Audit Framework.
    waffit 30 A set of security tools to identify and fingerprint Web Application Firewall/WAF products protecting a website
    wafp 0.01_26c3 An easy to use Web Application Finger Printing tool written in ruby using sqlite3 databases for storing the fingerprints.
    wapiti 2.3.0 A vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, LDAP injections, CRLF injections...
    wavemon 0.7.6 Ncurses-based monitoring application for wireless network devices
    web-soul 2 A plugin based scanner for attacking and data mining web sites written in Perl.
    webacoo 0.2.3 Web Backdoor Cookie Script-Kit.
    webenum 0.1 Tool to enumerate http responses using dynamically generated queries and more. Useful for penetration tests against web servers.
    webhandler 0.8.5 A handler for PHP system functions & also an alternative 'netcat' handler.
    webpwn3r 35.3fb27bb A python based Web Applications Security Scanner.
    webrute 3.3 Web server directory brute forcer.
    webscarab 20120422.001828 Framework for analysing applications that communicate using the HTTP and HTTPS protocols
    webshag 1.10 A multi-threaded, multi-platform web server audit tool.
    webshells 6.690ebd9 Web Backdoors.
    webslayer 5 A tool designed for brute forcing Web Applications
    webspa 0.7 A web knocking tool, sending a single HTTP/S to run O/S commands.
    websploit 2.0.5 An Open Source Project For, Social Engineering Works, Scan, Crawler & Analysis Web, Automatic Exploiter, Support Network Attacks
    weevely 1.1 Stealth tiny web shell
    wepbuster 1.0_beta_0.7 script for automating aircrack-ng
    wfuzz 2.0 Utility to bruteforce web applications to find their not linked resources
    whatweb 0.4.7 Next generation web scanner that identifies what websites are running.
    wi-feye 1.0 An automated wireless penetration testing tool written in python, its designed to simplify common attacks that can be performed on wifi networks so that they can be executed quickly and easily.
    wifi-honey 1.0 A management tool for wifi honeypots
    wifi-monitor 0.r22.71340a3 Prints the IPs on your local network that're sending the most packets
    wificurse 0.3.9 WiFi jamming tool.
    wifijammer 43.4a0fe56 A python script to continuosly jam all wifi clients within range.
    wifiphisher 12.73f24a7 Fast automated phishing attacks against WPA networks.
    wifitap 2b16088 WiFi injection tool through tun/tap device.
    wifite 2.28fc5cd A tool to attack multiple WEP and WPA encrypted networks at the same time.
    wig 211.8c9285f WebApp Information Gatherer.
    winexe 1.00 Remotely execute commands on Windows NT/2000/XP/2003 systems.
    winfo 2.0 Uses null sessions to remotely try to retrieve lists of and information about user accounts, workstation/interdomain/server trust accounts, shares (also hidden), sessions, logged in users, and password/lockout policy, from Windows NT/2000/XP.
    wireless-ids 24.b132071 Ability to detect suspicious activity such as (WEP/WPA/WPS) attack by sniffing the air for wireless packets.
    wireshark-cli 1.12.1 a free network protocol analyzer for Unix/Linux and Windows - CLI version
    wireshark-gtk 1.12.1 a free network protocol analyzer for Unix/Linux and Windows - GTK frontend
    wirouter-keyrec 1.1.2 A powerful and platform independent software to recover the default WPA passphrases of the supported router models (Telecom Italia Alice AGPF, Fastweb Pirelli, Fastweb Tesley, Eircom Netopia, Pirelli TeleTu/Tele 2).
    witchxtool 1.1 A perl script that consists of a port scanner, LFI scanner, MD5 bruteforcer, dork SQL injection scanner, fresh proxy scanner, and a dork LFI scanner.
    wlan2eth 1.3 re-writes 802.11 captures into standard Ethernet frames.
    wmat 0.1 Automatic tool for testing webmail accounts
    wnmap 0.1 A shell script written with the purpose to automate and chain scans via nmap. You can run nmap with a custom mode written by user and create directories for every mode with the xml/nmap files inside.
    wol-e 2.0 A suite of tools for the Wake on LAN feature of network attached computers
    wordpot 37.e42eeda A Wordpress Honeypot.
    wpbf 7.11b6ac1 Multithreaded WordPress brute forcer.
    wpscan 1773.4ba9bdf A vulnerability scanner which checks the security of WordPress installations using a black box approach.
    ws-attacker 1.3 A modular framework for web services penetration testing.
    wsfuzzer 1.9.5 A Python tool written to automate SOAP pentesting of web services.
    wyd 0.2 Gets keywords from personal files. IT security/forensic tool.
    x-scan 3.3 A general network vulnerabilities scanner for scanning network vulnerabilities for specific IP address scope or stand-alone computer by multi-threading method, plug-ins are supportable.
    xcavator 5.bd9e2d8 Man-In-The-Middle and phishing attack tool that steals the victim's credentials of some web services like Facebook.
    xf86-video-qxl-git r541.cbe70e9 Xorg X11 qxl video driver.
    xorbruteforcer 0.1 Script that implements a XOR bruteforcing of a given file, although a specific key can be used too.
    xorsearch 1.9.2 Program to search for a given string in an XOR, ROL or ROT encoded binary file.
    xortool 0.93 A tool to analyze multi-byte xor cipher.
    xprobe2 0.3 An active OS fingerprinting tool.
    xspy 1.0c A utility for monitoring keypresses on remote X servers
    xsser 1.6 A penetration testing tool for detecting and exploiting XSS vulnerabilites.
    xssless 35.9eee648 An automated XSS payload generator written in python.
    xsss 0.40b A brute force cross site scripting scanner.
    xssscan 8181.da07974 Command line tool for detection of XSS attacks in URLs. Based on ModSecurity rules from OWASP CRS.
    xsssniper 0.9 An automatic XSS discovery tool
    xssya 13.15ebdfe A Cross Site Scripting Scanner & Vulnerability Confirmation.
    yara 3.1.0 A malware identification and classification tool.
    ycrawler 0.1 A web crawler that is useful for grabbing all user supplied input related to a given website and will save the output. It has proxy and log file support.
    yersinia 0.7.1 A network tool designed to take advantage of some weakness in different network protocols
    yinjector 0.1 A MySQL injection penetration tool. It has multiple features, proxy support, and multiple exploitation methods.
    zackattack 5.1f96c14 A new tool set to do NTLM Authentication relaying unlike any other tool currently out there.
    zaproxy 2.3.1 A local intercepting proxy with integrated penetration testing tool for finding vulnerabilities in web applications.
    zarp 0.1.5 A network attack tool centered around the exploitation of local networks.
    zerowine 0.0.2 Malware Analysis Tool - research project to dynamically analyze the behavior of malware
    zmap 1.2.1 Fast network scanner designed for Internet-wide network surveys.
    zulu 0.1 A light weight 802.11 wireless frame generation tool to enable fast and easy debugging and probing of 802.11 networks.
    zykeys 0.1 Demonstrates how default wireless settings are derived on some models of ZyXEL routers.
    zzuf 0.13 Transparent application input fuzzer.

    0 0

    Acrylic WiFi Professional is the best WiFi analyzer software to identify access points and wifi channels, and to analyze and resolve incidences on 802.11a/b/g/n/ac wireless networks in real time.

    It is a perfect tool for advanced users and professional WiFi network analysts and administrators to control their office wireless network performance and who is connected to it, identify access point data transmission speeds, andD optimize their company’s WiFi network channels.

    Access WiFi network detailed information, including hidden wireless networks, and make the most of unique features such as monitor mode to capture and analyze all wireless device traffic, device viewer, equipment inventory, and WiFi speed analysis.

    WiFi analyzer software features

    Resolve incidences and verify the good performance of your wireless networks with a unique set of functionalities not available in any other software today.
    • 802.11 Version: Detect WiFi access points and clients type
    • (802.11a/b/g/n/ac) and update obsolete devices that lower your WiFi speed.
    • Supported Speeds: Information on maximum data transmission rate supported
    • by access points and WiFi clients, and a complete list of supported data transmission rates through deep network packet inspection to ensure a fast and efficient data transmission.
    • Packet Retry Rate: Statistics on packets retried
    • by access points and WiFi devices to help identify data transmission and network coverage issues.
    • Device Information: Performance and behavior details
    • on all WiFi devices in range.
    • Inventory: Assign WiFi device names
    • by replacing the MAC field with a description for easier network analysis.
    • Hardware: Acrylic WiFi analyzer software works with any WiFi device thanks to its Windows API, and supports monitor mode
    • to visualize all devices and packages with Airpcap cards and with compatible WiFi hardware.
    • Detailed View: Get device model information and capabilities on device detailed view.
    • WiFi reports: Export WiFi data and create WiFi reports
    • for nearby access points and work with pcap files 

    0 0

    OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient.OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient. 

    OWTF aims to make pen testing:
    • Aligned with OWASP Testing Guide + PTES + NIST
    • More efficient
    • More comprehensive
    • More creative and fun (minimise un-creative work)
    so that pentesters will have more time to
    • See the big picture and think out of the box
    • More efficiently find, verify and combine vulnerabilities
    • Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions
    • Perform more tactical/targeted fuzzing on seemingly risky areas
    • Demonstrate true impact despite the short timeframes we are typically given to test.
    The tool is highly configurable and anybody can trivially create simple plugins or add new tests in the configuration files without having any development experience.


    OWTF uses "Scumbag spidering", ie. instead of implementing yet another spider (a hard job), OWTF will scrub the output of all tools/plugins run to gather as many URLs as possible.
    This is somewhat "cheating" but tremendously effective since it combines the results of different tools, including several tools that perform brute forcing of files and directories.
    If one tool crashes OWTF, will move on to the next tool/test, saving the partial output of the tool until it crashed. OWTF also allow you to monitor worker processes and estimated plugin runtimes.

    If your internet connectivity or the target host goes down during an assessment, you can pause the relevant worker processes and resume them later avoiding losing data to little as possible.

    0 0

    TorBirdy is Torbutton for Thunderbird, Icedove and related Mozilla mail clients. It may also work with other non-web browser Mozilla programs such as Sunbird. This extension configures Thunderbird to make connections over the Tor anonymity network.

    Notable changes in this release include:
    0.1.3, 23 Oct 2014
    * The default keyserver (hidden service) has been updated:
    * Show the Sender header in message pane (closes #10226)
    * Draft messages on IMAP accounts are now saved locally (closes #10309)
    * Restore preferences to the user's own defaults instead of Thunderbird's
    (closes #10588)
    * network.proxy.no_proxies_on is no longer set to "localhost,"
    (thanks to Carsten N.)
    * Disable automatic downloading of new messages for POP3 accounts
    (closes #11188)
    * Update the reply_header author behaviour (closes #13480)
    * TorBirdy is now available in 31 languages:
    - Arabic
    - Catalan
    - Czech
    - Danish
    - German
    - Greek
    - English (US)
    - English (Great Britain)
    - Spanish
    - Basque
    - French
    - Hebrew
    - Hungarian
    - Indonesian
    - Italian
    - Korean
    - Latvian
    - Norwegian Bokmål
    - Norwegian Nynorsk
    - Punjabi
    - Polish
    - Portuguese
    - Portuguese (Brazil)
    - Romanian
    - Russian
    - Slovak
    - Slovenian
    - Serbian
    - Swedish
    - Turkish
    - Ukrainian

    0 0

    WirelessNetView is a small utility that runs in the background, and monitor the activity of wireless networks around you. For each detected network, it displays the following information: SSID, Last Signal Quality, Average Signal Quality, Detection Counter, Authentication Algorithm, Cipher Algorithm, MAC Address, RSSI, Channel Frequency, Channel Number, and more.

    Command-Line Options
    /stext <Filename> Save the list of wireless networks into a regular text file.
    /stab <Filename> Save the list of wireless networks into a tab-delimited text file.
    /scomma <Filename> Save the list of wireless networks into a comma-delimited text file (csv).
    /stabular <Filename> Save the list of wireless networks into a tabular text file.
    /shtml <Filename> Save the list of wireless networks into HTML file (Horizontal).
    /sverhtml <Filename> Save the list of wireless networks into HTML file (Vertical).
    /sxml <Filename> Save the list of wireless networks into XML file.
    /sort <column> This command-line option can be used with other save options for sorting by the desired column. If you don't specify this option, the list is sorted according to the last sort that you made from the user interface. The <column> parameter can specify the column index (0 for the first column, 1 for the second column, and so on) or the name of the column, like "SSID" and "Last Signal". You can specify the '~' prefix character (e.g: "~SSID") if you want to sort in descending order. You can put multiple /sort in the command-line if you want to sort by multiple columns. Examples:
    WirelessNetView.exe /shtml "f:\temp\wireless.html" /sort 2 /sort ~1
    WirelessNetView.exe /shtml "f:\temp\wireless.html" /sort "~Security Enabled" /sort "SSID"
    /nosort When you specify this command-line option, the list will be saved without any sorting. 

    0 0

    Zarp is a network attack tool centered around the exploitation of local networks. This does not include system exploitation, but rather abusing networking protocols and stacks to take over, infiltrate, and knock out. Sessions can be managed to quickly poison and sniff multiple systems at once, dumping sensitive information automatically or to the attacker directly. Various sniffers are included to automatically parse usernames and passwords from various protocols, as well as view HTTP traffic and more. DoS attacks are included to knock out various systems and applications. These tools open up the possibility for very complex attack scenarios on live networks quickly, cleanly, and quietly.

    The long-term goal of zarp is to become the master command center of a network; to provide a modular, well-defined framework that provides a powerful overview and in-depth analysis of an entire network. This will come to light with the future inclusion of a web application front-end, which acts as the television screen, whereas the CLI interface will be the remote. This will provide network topology reports, host relationships, and more. zarp aims to be your window into the potential exploitability of a network and its hosts, not an exploitation platform itself; it is the manipulation of relationships and trust felt within local intranets. Look for zeb, the web-app frontend to zarp, sometime in the future.

    Tool Overview 
    Broad categories are (see wiki for more information on these):
    • Poisoners
    • Denial of Service
    • Sniffers
    • Scanners
    • Services
    • Parameter
    • Attacks

    List of modules accessible from the command line:
    bryan@debdev:~/tools/zarp$ sudo ./ --help
    [!] Loaded 34 modules.
    ____ __ ____ ____
    (__ ) / _\ ( _ \( _ '
    / _/ / \ ) / ) __/
    (____)\_/\_/(__\_)(__) [Version: 0.1.5]

    usage: [-h] [-q FILTER] [--update] [--wap] [--ftp] [--http] [--smb]
    [--ssh] [--telnet] [-w] [-s] [--service-scan]

    optional arguments:
    -h, --help show this help message and exit
    -q FILTER Generic network sniff
    --update Update Zarp

    --wap Wireless access point
    --ftp FTP server
    --http HTTP Server
    --smb SMB Service
    --ssh SSH Server
    --telnet Telnet server

    -w Wireless AP Scan
    -s Network scanner
    --service-scan Service scanner

    0 0

    Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. 

    It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify (or avoid) false-positives.

    Unlike other scanners, it takes into account the dynamic nature of web applications, can detect changes caused while travelling through the paths of a web application’s cyclomatic complexity and is able to adjust itself accordingly. This way, attack/input vectors that would otherwise be undetectable by non-humans can be handled seamlessly. 

    Moreover, due to its integrated browser environment, it can also audit and inspect client-side code, as well as support highly complicated web applications which make heavy use of technologies such as JavaScript, HTML5, DOM manipulation and AJAX. 

    Finally, it is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.

    0 0

    Tor is the first stable release in the 0.2.5 series.

    It adds several new security features, including improved denial-of-service resistance for relays, new compiler hardening options, and a system-call sandbox for hardened installations on Linux (requires seccomp2). The controller protocol has several new features, resolving IPv6 addresses should work better than before, and relays should be a little more CPU-efficient. We've added support for more OpenBSD and FreeBSD transparent proxy types. We've improved the build system and testing infrastructure to allow unit testing of more parts of the Tor codebase. Finally, we've addressed several nagging pluggable transport usability issues, and included numerous other small bugfixes and features mentioned below.

    This release marks end-of-life for Tor 0.2.3.x; those Tor versions have accumulated many known flaws; everyone should upgrade.

    Below we list all changes in since the 0.2.4.x series; for a list of changes in individual alpha releases, see the ChangeLog.

    Changes in version - 2014-10-24

    • Major features (security):
      • The ntor handshake is now on-by-default, no matter what the directory authorities recommend. Implements ticket 8561.
      • Make the "tor-gencert" tool used by directory authority operators create 2048-bit signing keys by default (rather than 1024-bit, since 1024-bit is uncomfortably small these days). Addresses ticket 10324.
      • Warn about attempts to run hidden services and relays in the same process: that's probably not a good idea. Closes ticket 12908.
      • Disable support for SSLv3. All versions of OpenSSL in use with Tor today support TLS 1.0 or later, so we can safely turn off support for this old (and insecure) protocol. Fixes bug 13426.
    • Major features (relay security, DoS-resistance):
      • When deciding whether we have run out of memory and we need to close circuits, also consider memory allocated in buffers for streams attached to each circuit.
        This change, which extends an anti-DoS feature introduced in and improved in, lets Tor exit relays better resist more memory-based DoS attacks than before. Since the MaxMemInCellQueues option now applies to all queues, it is renamed to MaxMemInQueues. This feature fixes bug 10169.
      • Avoid hash-flooding denial-of-service attacks by using the secure SipHash-2-4 hash function for our hashtables. Without this feature, an attacker could degrade performance of a targeted client or server by flooding their data structures with a large number of entries to be stored at the same hash table position, thereby slowing down the Tor instance. With this feature, hash table positions are derived from a randomized cryptographic key, and an attacker cannot predict which entries will collide. Closes ticket 4900.
      • If you don't specify MaxMemInQueues yourself, Tor now tries to pick a good value based on your total system memory. Previously, the default was always 8 GB. You can still override the default by setting MaxMemInQueues yourself. Resolves ticket 11396.
    • Major features (bridges and pluggable transports):
      • Add support for passing arguments to managed pluggable transport proxies. Implements ticket 3594.
      • Bridges now track GeoIP information and the number of their users even when pluggable transports are in use, and report usage statistics in their extra-info descriptors. Resolves tickets 4773 and 5040.
      • Don't launch pluggable transport proxies if we don't have any bridges configured that would use them. Now we can list many pluggable transports, and Tor will dynamically start one when it hears a bridge address that needs it. Resolves ticket 5018.
      • The bridge directory authority now assigns status flags (Stable, Guard, etc) to bridges based on thresholds calculated over all Running bridges. Now bridgedb can finally make use of its features to e.g. include at least one Stable bridge in its answers. Fixes bug 9859.
    • Major features (controller):
      • Extend ORCONN controller event to include an "ID" parameter, and add four new controller event types CONN_BW, CIRC_BW, CELL_STATS, and TB_EMPTY that show connection and circuit usage. The new events are emitted in private Tor networks only, with the goal of being able to better track performance and load during full-network simulations. Implements proposal 218 and ticket 7359.
    • Major features (relay performance):
      • Speed up server-side lookups of rendezvous and introduction point circuits by using hashtables instead of linear searches. These functions previously accounted between 3 and 7% of CPU usage on some busy relays. Resolves ticket 9841.
      • Avoid wasting CPU when extending a circuit over a channel that is nearly out of circuit IDs. Previously, we would do a linear scan over possible circuit IDs before finding one or deciding that we had exhausted our possibilities. Now, we try at most 64 random circuit IDs before deciding that we probably won't succeed. Fixes a possible root cause of ticket 11553.
    • Major features (seccomp2 sandbox, Linux only):
      • Use the seccomp2 syscall filtering facility on Linux to limit which system calls Tor can invoke. This is an experimental, Linux-only feature to provide defense-in-depth against unknown attacks. To try turning it on, set "Sandbox 1" in your torrc file. Please be ready to report bugs. We hope to add support for better sandboxing in the future, including more fine-grained filters, better division of responsibility, and support for more platforms. This work has been done by Cristian-Matei Toader for Google Summer of Code. Resolves tickets 11351 and 11465.
    • Major features (testing networks):
      • Make testing Tor networks bootstrap better: lower directory fetch retry schedules and maximum interval without directory requests, and raise maximum download tries. Implements ticket 6752.
      • Add make target 'test-network' to run tests on a Chutney network. Implements ticket 8530.
    • Major features (other):
      • On some platforms (currently: recent OSX versions, glibc-based platforms that support the ELF format, and a few other Unix-like operating systems), Tor can now dump stack traces when a crash occurs or an assertion fails. By default, traces are dumped to stderr (if possible) and to any logs that are reporting errors. Implements ticket 9299.
    • Deprecated versions:
      • Tor 0.2.3.x has reached end-of-life; it has received no patches or attention for some while.
    • Major bugfixes (security, directory authorities):
      • Directory authorities now include a digest of each relay's identity key as a part of its microdescriptor.
        This is a workaround for bug 11743 (reported by "cypherpunks"), where Tor clients do not support receiving multiple microdescriptors with the same SHA256 digest in the same consensus. When clients receive a consensus like this, they only use one of the relays. Without this fix, a hostile relay could selectively disable some client use of target relays by constructing a router descriptor with a different identity and the same microdescriptor parameters and getting the authorities to list it in a microdescriptor consensus. This fix prevents an attacker from causing a microdescriptor collision, because the router's identity is not forgeable.
    • Major bugfixes (openssl bug workaround):
      • Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or 1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug 13471. This is a workaround for an OpenSSL bug.
    • Major bugfixes (client):
      • Perform circuit cleanup operations even when circuit construction operations are disabled (because the network is disabled, or because there isn't enough directory information). Previously, when we were not building predictive circuits, we were not closing expired circuits either. Fixes bug 8387; bugfix on This bug became visible in when we became more strict about when we have "enough directory information to build circuits".
    • Major bugfixes (client, pluggable transports):
      • When managing pluggable transports, use OS notification facilities to learn if they have crashed, and don't attempt to kill any process that has already exited. Fixes bug 8746; bugfix on
    • Major bugfixes (relay denial of service):
      • Instead of writing destroy cells directly to outgoing connection buffers, queue them and intersperse them with other outgoing cells. This can prevent a set of resource starvation conditions where too many pending destroy cells prevent data cells from actually getting delivered. Reported by "oftc_must_be_destroyed". Fixes bug 7912; bugfix on
    • Major bugfixes (relay):
      • Avoid queuing or sending destroy cells for circuit ID zero when we fail to send a CREATE cell. Fixes bug 12848; bugfix on 0.0.8pre1. Found and fixed by "cypherpunks".
      • Fix ORPort reachability detection on relays running behind a proxy, by correctly updating the "local" mark on the controlling channel when changing the address of an or_connection_t after the handshake. Fixes bug 12160; bugfix on
      • Use a direct dirport connection when uploading non-anonymous descriptors to the directory authorities. Previously, relays would incorrectly use tunnel connections under a fairly wide variety of circumstances. Fixes bug 11469; bugfix on
      • When a circuit accidentally has the same circuit ID for its forward and reverse direction, correctly detect the direction of cells using that circuit. Previously, this bug made roughly one circuit in a million non-functional. Fixes bug 12195; this is a bugfix on every version of Tor.
    • Minor features (security):
      • New --enable-expensive-hardening option to enable security hardening options that consume nontrivial amounts of CPU and memory. Right now, this includes AddressSanitizer and UbSan, which are supported in newer versions of GCC and Clang. Closes ticket 11477.
      • Authorities now assign the Guard flag to the fastest 25% of the network (it used to be the fastest 50%). Also raise the consensus weight that guarantees the Guard flag from 250 to 2000. For the current network, this results in about 1100 guards, down from 2500. This step paves the way for moving the number of entry guards down to 1 (proposal 236) while still providing reasonable expected performance for most users. Implements ticket 12690.
    • Minor features (security, memory management):
      • Memory allocation tricks (mempools and buffer freelists) are now disabled by default. You can turn them back on with --enable-mempools and --enable-buf-freelists respectively. We're disabling these features because malloc performance is good enough on most platforms, and a similar feature in OpenSSL exacerbated exploitation of the Heartbleed attack. Resolves ticket 11476.
    • Minor features (bridge client):
      • Report a more useful failure message when we can't connect to a bridge because we don't have the right pluggable transport configured. Resolves ticket 9665. Patch from Fábio J. Bertinatto.
    • Minor features (bridge):
      • Add an ExtORPortCookieAuthFileGroupReadable option to make the cookie file for the ExtORPort g+r by default.
    • Minor features (bridges, pluggable transports):
      • Bridges now write the SHA1 digest of their identity key fingerprint (that is, a hash of a hash of their public key) to notice-level logs, and to a new hashed-fingerprint file. This information will help bridge operators look up their bridge in Globe and similar tools. Resolves ticket 10884.
      • Improve the message that Tor displays when running as a bridge using pluggable transports without an Extended ORPort listener. Also, log the message in the log file too. Resolves ticket 11043.
      • Add threshold cutoffs to the networkstatus document created by the Bridge Authority. Fixes bug 1117.
      • On Windows, spawn background processes using the CREATE_NO_WINDOW flag. Now Tor Browser Bundle 3.5 with pluggable transports enabled doesn't pop up a blank console window. (In Tor Browser Bundle 2.x, Vidalia set this option for us.) Implements ticket 10297.
    • Minor features (build):
      • The configure script has a --disable-seccomp option to turn off support for libseccomp on systems that have it, in case it (or Tor's use of it) is broken. Resolves ticket 11628.
      • Assume that a user using ./configure --host wants to cross-compile, and give an error if we cannot find a properly named tool-chain. Add a --disable-tool-name-check option to proceed nevertheless. Addresses ticket 9869. Patch by Benedikt Gollatz.
      • If we run ./configure and the compiler recognizes -fstack-protector but the linker rejects it, warn the user about a potentially missing libssp package. Addresses ticket 9948. Patch from Benedikt Gollatz.
      • Add support for `--library-versions` flag. Implements ticket 6384.
      • Return the "unexpected sendme" warnings to a warn severity, but make them rate limited, to help diagnose ticket 8093.
      • Detect a missing asciidoc, and warn the user about it, during configure rather than at build time. Fixes issue 6506. Patch from Arlo Breault.
    • Minor features (client):
      • Add a new option, PredictedPortsRelevanceTime, to control how long after having received a request to connect to a given port Tor will try to keep circuits ready in anticipation of future requests for that port. Patch from "unixninja92"; implements ticket 9176.
    • Minor features (config options and command line):
      • Add an --allow-missing-torrc commandline option that tells Tor to run even if the configuration file specified by -f is not available. Implements ticket 10060.
      • Add support for the TPROXY transparent proxying facility on Linux. See documentation for the new TransProxyType option for more details. Implementation by "thomo". Closes ticket 10582.
    • Minor features (config options):
      • Config (torrc) lines now handle fingerprints which are missing their initial '$'. Resolves ticket 4341; improvement over 0.0.9pre5.
      • Support a --dump-config option to print some or all of the configured options. Mainly useful for debugging the command-line option parsing code. Helps resolve ticket 4647.
      • Raise awareness of safer logging: notify user of potentially unsafe config options, like logging more verbosely than severity "notice" or setting SafeLogging to 0. Resolves ticket 5584.
      • Add a new configuration option TestingV3AuthVotingStartOffset that bootstraps a network faster by changing the timing for consensus votes. Addresses ticket 8532.
      • Add a new torrc option "ServerTransportOptions" that allows bridge operators to pass configuration parameters to their pluggable transports. Resolves ticket 8929.
      • The config (torrc) file now accepts bandwidth and space limits in bits as well as bytes. (Anywhere that you can say "2 Kilobytes", you can now say "16 kilobits", and so on.) Resolves ticket 9214. Patch by CharlieB.
    • Minor features (controller):
      • Make the entire exit policy available from the control port via GETINFO exit-policy/*. Implements enhancement 7952. Patch from "rl1987".
      • Because of the fix for ticket 11396, the real limit for memory usage may no longer match the configured MaxMemInQueues value. The real limit is now exposed via GETINFO limits/max-mem-in-queues.
      • Add a new "HS_DESC" controller event that reports activities related to hidden service descriptors. Resolves ticket 8510.
      • New "DROPGUARDS" controller command to forget all current entry guards. Not recommended for ordinary use, since replacing guards too frequently makes several attacks easier. Resolves ticket 9934; patch from "ra".
      • Implement the TRANSPORT_LAUNCHED control port event that notifies controllers about new launched pluggable transports. Resolves ticket 5609.
    • Minor features (diagnostic):
      • When logging a warning because of bug 7164, additionally check the hash table for consistency (as proposed on ticket 11737). This may help diagnose bug 7164.
      • When we log a heartbeat, log how many one-hop circuits we have that are at least 30 minutes old, and log status information about a few of them. This is an attempt to track down bug 8387.
      • When encountering an unexpected CR while writing text to a file on Windows, log the name of the file. Should help diagnosing bug 11233.
      • Give more specific warnings when a client notices that an onion handshake has failed. Fixes ticket 9635.
      • Add significant new logging code to attempt to diagnose bug 12184, where relays seem to run out of available circuit IDs.
      • Improve the diagnostic log message for bug 8387 even further to try to improve our odds of figuring out why one-hop directory circuits sometimes do not get closed.
      • Add more log messages to diagnose bug 7164, which causes intermittent "microdesc_free() called but md was still referenced" warnings. We now include more information, to figure out why we might be cleaning a microdescriptor for being too old if it's still referenced by a live node_t object.
      • Log current accounting state (bytes sent and received + remaining time for the current accounting period) in the relay's heartbeat message. Implements ticket 5526; patch from Peter Retzlaff.
    • Minor features (geoip):
      • Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2 Country database.
    • Minor features (interface):
      • Generate a warning if any ports are listed in the SocksPolicy, DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or AuthDirBadExit options. (These options only support address ranges.) Fixes part of ticket 11108.
    • Minor features (kernel API usage):
      • Use the SOCK_NONBLOCK socket type, if supported, to open nonblocking sockets in a single system call. Implements ticket 5129.
    • Minor features (log messages):
      • When ServerTransportPlugin is set on a bridge, Tor can write more useful statistics about bridge use in its extrainfo descriptors, but only if the Extended ORPort ("ExtORPort") is set too. Add a log message to inform the user in this case. Resolves ticket 9651.
      • When receiving a new controller connection, log the origin address. Resolves ticket 9698; patch from "sigpipe".
      • When logging OpenSSL engine status at startup, log the status of more engines. Fixes ticket 10043; patch from Joshua Datko.
    • Minor features (log verbosity):
      • Demote the message that we give when a flushing connection times out for too long from NOTICE to INFO. It was usually meaningless. Resolves ticket 5286.
      • Don't log so many notice-level bootstrapping messages at startup about downloading descriptors. Previously, we'd log a notice whenever we learned about more routers. Now, we only log a notice at every 5% of progress. Fixes bug 9963.
      • Warn less verbosely when receiving a malformed ESTABLISH_RENDEZVOUS cell. Fixes ticket 11279.
    • Minor features (performance):
      • If we're using the pure-C 32-bit curve25519_donna implementation of curve25519, build it with the -fomit-frame-pointer option to make it go faster on register-starved hosts. This improves our handshake performance by about 6% on i386 hosts without nacl. Closes ticket 8109.
    • Minor features (relay):
      • If a circuit timed out for at least 3 minutes, check if we have a new external IP address, and publish a new descriptor with the new IP address if it changed. Resolves ticket 2454.
    • Minor features (testing):
      • If Python is installed, "make check" now runs extra tests beyond the unit test scripts.
      • When bootstrapping a test network, sometimes very few relays get the Guard flag. Now a new option "TestingDirAuthVoteGuard" can specify a set of relays which should be voted Guard regardless of their uptime or bandwidth. Addresses ticket 9206.
    • Minor features (transparent proxy, *BSD):
      • Support FreeBSD's ipfw firewall interface for TransPort ports on FreeBSD. To enable it, set "TransProxyType ipfw". Resolves ticket 10267; patch from "yurivict".
      • Support OpenBSD's divert-to rules with the pf firewall for transparent proxy ports. To enable it, set "TransProxyType pf-divert". This allows Tor to run a TransPort transparent proxy port on OpenBSD 4.4 or later without root privileges. See the pf.conf(5) manual page for information on configuring pf to use divert-to rules. Closes ticket 10896; patch from Dana Koch.
    • Minor bugfixes (bridge client):
      • Stop accepting bridge lines containing hostnames. Doing so would cause clients to perform DNS requests on the hostnames, which was not sensible behavior. Fixes bug 10801; bugfix on
    • Minor bugfixes (bridges):
      • Avoid potential crashes or bad behavior when launching a server-side managed proxy with ORPort or ExtORPort temporarily disabled. Fixes bug 9650; bugfix on
      • Fix a bug where the first connection works to a bridge that uses a pluggable transport with client-side parameters, but we don't send the client-side parameters on subsequent connections. (We don't use any pluggable transports with client-side parameters yet, but ScrambleSuit will soon become the first one.) Fixes bug 9162; bugfix on Based on a patch from "rl1987".
    • Minor bugfixes (build, auxiliary programs):
      • Stop preprocessing the "torify" script with autoconf, since it no longer refers to LOCALSTATEDIR. Fixes bug 5505; patch from Guilhem.
      • The tor-fw-helper program now follows the standard convention and exits with status code "0" on success. Fixes bug 9030; bugfix on Patch by Arlo Breault.
      • Corrected ./configure advice for what openssl dev package you should install on Debian. Fixes bug 9207; bugfix on
    • Minor bugfixes (client):
      • Avoid "Tried to open a socket with DisableNetwork set" warnings when starting a client with bridges configured and DisableNetwork set. (Tor launcher starts Tor with DisableNetwork set the first time it runs.) Fixes bug 10405; bugfix on
      • Improve the log message when we can't connect to a hidden service because all of the hidden service directory nodes hosting its descriptor are excluded. Improves on our fix for bug 10722, which was a bugfix on
      • Raise a control port warning when we fail to connect to all of our bridges. Previously, we didn't inform the controller, and the bootstrap process would stall. Fixes bug 11069; bugfix on
      • Exit immediately when a process-owning controller exits. Previously, tor relays would wait for a little while after their controller exited, as if they had gotten an INT signal -- but this was problematic, since there was no feedback for the user. To do a clean shutdown, controllers should send an INT signal and give Tor a chance to clean up. Fixes bug 10449; bugfix on
      • Stop attempting to connect to bridges before our pluggable transports are configured (harmless but resulted in some erroneous log messages). Fixes bug 11156; bugfix on
      • Fix connections to IPv6 addresses over SOCKS5. Previously, we were generating incorrect SOCKS5 responses, and confusing client applications. Fixes bug 10987; bugfix on
    • Minor bugfixes (client, DNSPort):
      • When using DNSPort, try to respond to AAAA requests with AAAA answers. Previously, we hadn't looked at the request type when deciding which answer type to prefer. Fixes bug 10468; bugfix on
      • When receiving a DNS query for an unsupported record type, reply with no answer rather than with a NOTIMPL error. This behavior isn't correct either, but it will break fewer client programs, we hope. Fixes bug 10268; bugfix on Original patch from "epoch".
    • Minor bugfixes (client, logging during bootstrap):
      • Only report the first fatal bootstrap error on a given OR connection. This stops us from telling the controller bogus error messages like "DONE". Fixes bug 10431; bugfix on
      • Avoid generating spurious warnings when starting with DisableNetwork enabled. Fixes bug 11200 and bug 10405; bugfix on
    • Minor bugfixes (closing OR connections):
      • If write_to_buf() in connection_write_to_buf_impl_() ever fails, check if it's an or_connection_t and correctly call connection_or_close_for_error() rather than connection_mark_for_close() directly. Fixes bug 11304; bugfix on
      • When closing all connections on setting DisableNetwork to 1, use connection_or_close_normally() rather than closing OR connections out from under the channel layer. Fixes bug 11306; bugfix on
    • Minor bugfixes (code correctness):
      • Previously we used two temporary files when writing descriptors to disk; now we only use one. Fixes bug 1376.
      • Remove an erroneous (but impossible and thus harmless) pointer comparison that would have allowed compilers to skip a bounds check in channeltls.c. Fixes bugs 10313 and 9980; bugfix on Noticed by Jared L Wong and David Fifield.
      • Fix an always-true assertion in pluggable transports code so it actually checks what it was trying to check. Fixes bug 10046; bugfix on Found by "dcb".
    • Minor bugfixes (command line):
      • Use a single command-line parser for parsing torrc options on the command line and for finding special command-line options to avoid inconsistent behavior for torrc option arguments that have the same names as command-line options. Fixes bugs 4647 and 9578; bugfix on 0.0.9pre5.
      • No longer allow 'tor --hash-password' with no arguments. Fixes bug 9573; bugfix on 0.0.9pre5.
    • Minor bugfixes (compilation):
      • Compile correctly with builds and forks of OpenSSL (such as LibreSSL) that disable compression. Fixes bug 12602; bugfix on Patch from "dhill".
      • Restore the ability to compile Tor with V2_HANDSHAKE_SERVER turned off (that is, without support for v2 link handshakes). Fixes bug 4677; bugfix on Patch from "piet".
      • In routerlist_assert_ok(), don't take the address of a routerinfo's cache_info member unless that routerinfo is non-NULL. Fixes bug 13096; bugfix on Patch by "teor".
      • Fix a large number of false positive warnings from the clang analyzer static analysis tool. This should make real warnings easier for clang analyzer to find. Patch from "teor". Closes ticket 13036.
      • Resolve GCC complaints on OpenBSD about discarding constness in TO_{ORIGIN,OR}_CIRCUIT functions. Fixes part of bug 11633; bugfix on Patch from Dana Koch.
      • Resolve clang complaints on OpenBSD with -Wshorten-64-to-32 due to treatment of long and time_t as comparable types. Fixes part of bug 11633. Patch from Dana Koch.
      • When deciding whether to build the 64-bit curve25519 implementation, detect platforms where we can compile 128-bit arithmetic but cannot link it. Fixes bug 11729; bugfix on Patch from "conradev".
      • Fix compilation when DNS_CACHE_DEBUG is enabled. Fixes bug 11761; bugfix on Found by "cypherpunks".
      • Fix compilation with dmalloc. Fixes bug 11605; bugfix on
      • Build and run correctly on systems like OpenBSD-current that have patched OpenSSL to remove get_cipher_by_char and/or its implementations. Fixes issue 13325.
    • Minor bugfixes (controller and command-line):
      • If changing a config option via "setconf" fails in a recoverable way, we used to nonetheless write our new control ports to the file described by the "ControlPortWriteToFile" option. Now we only write out that file if we successfully switch to the new config option. Fixes bug 5605; bugfix on Patch from "Ryman".
    • Minor bugfixes (directory server):
      • No longer accept malformed http headers when parsing urls from headers. Now we reply with Bad Request ("400"). Fixes bug 2767; bugfix on 0.0.6pre1.
      • When sending a compressed set of descriptors or microdescriptors, make sure to finalize the zlib stream. Previously, we would write all the compressed data, but if the last descriptor we wanted to send was missing or too old, we would not mark the stream as finished. This caused problems for decompression tools. Fixes bug 11648; bugfix on
    • Minor bugfixes (hidden service):
      • Only retry attempts to connect to a chosen rendezvous point 8 times, not 30. Fixes bug 4241; bugfix on
    • Minor bugfixes (interface):
      • Reject relative control socket paths and emit a warning. Previously, single-component control socket paths would be rejected, but Tor would not log why it could not validate the config. Fixes bug 9258; bugfix on
    • Minor bugfixes (log messages):
      • Fix a bug where clients using bridges would report themselves as 50% bootstrapped even without a live consensus document. Fixes bug 9922; bugfix on
      • Suppress a warning where, if there's only one directory authority in the network, we would complain that votes and signatures cannot be uploaded to other directory authorities. Fixes bug 10842; bugfix on
      • Report bootstrapping progress correctly when we're downloading microdescriptors. We had updated our "do we have enough microdescs to begin building circuits?" logic most recently in (see bug 5956), but we left the bootstrap status event logic at "how far through getting 1/4 of them are we?" Fixes bug 9958; bugfix on, which is where they diverged (see bug 5343).
    • Minor bugfixes (logging):
      • Downgrade "Unexpected onionskin length after decryption" warning to a protocol-warn, since there's nothing relay operators can do about a client that sends them a malformed create cell. Resolves bug 12996; bugfix on 0.0.6rc1.
      • Log more specific warnings when we get an ESTABLISH_RENDEZVOUS cell on a cannibalized or non-OR circuit. Resolves ticket 12997.
      • When logging information about an EXTEND2 or EXTENDED2 cell, log their names correctly. Fixes part of bug 12700; bugfix on
      • When logging information about a relay cell whose command we don't recognize, log its command as an integer. Fixes part of bug 12700; bugfix on
      • Escape all strings from the directory connection before logging them. Fixes bug 13071; bugfix on Patch from "teor".
      • Squelch a spurious LD_BUG message "No origin circuit for successful SOCKS stream" in certain hidden service failure cases; fixes bug 10616.
      • Downgrade the severity of the 'unexpected sendme cell from client' from 'warn' to 'protocol warning'. Closes ticket 8093.
    • Minor bugfixes (misc code correctness):
      • In munge_extrainfo_into_routerinfo(), check the return value of memchr(). This would have been a serious issue if we ever passed it a non-extrainfo. Fixes bug 8791; bugfix on Patch from Arlo Breault.
      • On the chance that somebody manages to build Tor on a platform where time_t is unsigned, correct the way that microdesc_add_to_cache() handles negative time arguments. Fixes bug 8042; bugfix on
      • Fix various instances of undefined behavior in channeltls.c, tor_memmem(), and eventdns.c that would cause us to construct pointers to memory outside an allocated object. (These invalid pointers were not accessed, but C does not even allow them to exist.) Fixes bug 10363; bugfixes on,,, and Reported by "bobnomnom".
      • Use the AddressSanitizer and Ubsan sanitizers (in clang-3.4) to fix some miscellaneous errors in our tests and codebase. Fixes bug 11232. Bugfixes on versions back as far as
      • Always check return values for unlink, munmap, UnmapViewOfFile; check strftime return values more often. In some cases all we can do is report a warning, but this may help prevent deeper bugs from going unnoticed. Closes ticket 8787; bugfixes on many, many tor versions.
      • Fix numerous warnings from the clang "scan-build" static analyzer. Some of these are programming style issues; some of them are false positives that indicated awkward code; some are undefined behavior cases related to constructing (but not using) invalid pointers; some are assumptions about API behavior; some are (harmlessly) logging sizeof(ptr) bytes from a token when sizeof(*ptr) would be correct; and one or two are genuine bugs that weren't reachable from the rest of the program. Fixes bug 8793; bugfixes on many, many tor versions.
    • Minor bugfixes (node selection):
      • If ExcludeNodes is set, consider non-excluded hidden service directory servers before excluded ones. Do not consider excluded hidden service directory servers at all if StrictNodes is set. (Previously, we would sometimes decide to connect to those servers, and then realize before we initiated a connection that we had excluded them.) Fixes bug 10722; bugfix on Reported by "mr-4".
      • If we set the ExitNodes option but it doesn't include any nodes that have the Exit flag, we would choose not to bootstrap. Now we bootstrap so long as ExitNodes includes nodes which can exit to some port. Fixes bug 10543; bugfix on
    • Minor bugfixes (performance):
      • Avoid a bug where every successful connection made us recompute the flag telling us whether we have sufficient information to build circuits. Previously, we would forget our cached value whenever we successfully opened a channel (or marked a router as running or not running for any other reason), regardless of whether we had previously believed the router to be running. This forced us to run an expensive update operation far too often. Fixes bug 12170; bugfix on
      • Avoid using tor_memeq() for checking relay cell integrity. This removes a possible performance bottleneck. Fixes part of bug 12169; bugfix on
    • Minor bugfixes (platform-specific):
      • When dumping a malformed directory object to disk, save it in binary mode on Windows, not text mode. Fixes bug 11342; bugfix on
      • Don't report failures from make_socket_reuseable() on incoming sockets on OSX: this can happen when incoming connections close early. Fixes bug 10081.
    • Minor bugfixes (pluggable transports):
      • Avoid another 60-second delay when starting Tor in a pluggable- transport-using configuration when we already have cached descriptors for our bridges. Fixes bug 11965; bugfix on
    • Minor bugfixes (protocol correctness):
      • When receiving a VERSIONS cell with an odd number of bytes, close the connection immediately since the cell is malformed. Fixes bug 10365; bugfix on Spotted by "bobnomnom"; fix by "rl1987".
    • Minor bugfixes (relay, other):
      • We now drop CREATE cells for already-existent circuit IDs and for zero-valued circuit IDs, regardless of other factors that might otherwise have called for DESTROY cells. Fixes bug 12191; bugfix on 0.0.8pre1.
      • When rejecting DATA cells for stream_id zero, still count them against the circuit's deliver window so that we don't fail to send a SENDME. Fixes bug 11246; bugfix on
    • Minor bugfixes (relay, threading):
      • Check return code on spawn_func() in cpuworker code, so that we don't think we've spawned a nonworking cpuworker and write junk to it forever. Fix related to bug 4345; bugfix on all released Tor versions. Found by "skruffy".
      • Use a pthread_attr to make sure that spawn_func() cannot return an error while at the same time launching a thread. Fix related to bug 4345; bugfix on all released Tor versions. Reported by "cypherpunks".
    • Minor bugfixes (relays and bridges):
      • Avoid crashing on a malformed resolv.conf file when running a relay using Libevent 1. Fixes bug 8788; bugfix on
      • Non-exit relays no longer launch mock DNS requests to check for DNS hijacking. This has been unnecessary since, when non-exit relays stopped servicing DNS requests. Fixes bug 965; bugfix on Patch from Matt Pagan.
      • Bridges now report complete directory request statistics. Related to bug 5824; bugfix on
      • Bridges now never collect statistics that were designed for relays. Fixes bug 5824; bugfix on
    • Minor bugfixes (testing):
      • Fix all valgrind warnings produced by the unit tests. There were over a thousand memory leak warnings previously, mostly produced by forgetting to free things in the unit test code. Fixes bug 11618, bugfixes on many versions of Tor.
    • Minor bugfixes (tor-fw-helper):
      • Give a correct log message when tor-fw-helper fails to launch. (Previously, we would say something like "tor-fw-helper sent us a string we could not parse".) Fixes bug 9781; bugfix on
    • Minor bugfixes (trivial memory leaks):
      • Fix a small memory leak when signing a directory object. Fixes bug 11275; bugfix on
      • Resolve some memory leaks found by coverity in the unit tests, on exit in tor-gencert, and on a failure to compute digests for our own keys when generating a v3 networkstatus vote. These leaks should never have affected anyone in practice.
    • Code simplification and refactoring:
      • Remove some old fallback code designed to keep Tor clients working in a network with only two working relays. Elsewhere in the code we have long since stopped supporting such networks, so there wasn't much point in keeping it around. Addresses ticket 9926.
      • Reject 0-length EXTEND2 cells more explicitly. Fixes bug 10536; bugfix on Reported by "cypherpunks".
      • Extract the common duplicated code for creating a subdirectory of the data directory and writing to a file in it. Fixes ticket 4282; patch from Peter Retzlaff.
      • Since OpenSSL 0.9.7, the i2d_*() functions support allocating output buffer. Avoid calling twice: i2d_RSAPublicKey(), i2d_DHparams(), i2d_X509(), and i2d_PublicKey(). Resolves ticket 5170.
      • Add a set of accessor functions for the circuit timeout data structure. Fixes ticket 6153; patch from "piet".
      • Clean up exit paths from connection_listener_new(). Closes ticket 8789. Patch from Arlo Breault.
      • Since we rely on OpenSSL 0.9.8 now, we can use EVP_PKEY_cmp() and drop our own custom pkey_eq() implementation. Fixes bug 9043.
      • Use a doubly-linked list to implement the global circuit list. Resolves ticket 9108. Patch from Marek Majkowski.
      • Remove contrib/id_to_fp.c since it wasn't used anywhere.
      • Remove constants and tests for PKCS1 padding; it's insecure and shouldn't be used for anything new. Fixes bug 8792; patch from Arlo Breault.
      • Remove instances of strcpy() from the unit tests. They weren't hurting anything, since they were only in the unit tests, but it's embarassing to have strcpy() in the code at all, and some analysis tools don't like it. Fixes bug 8790; bugfix on and Patch from Arlo Breault.
      • Remove is_internal_IP() function. Resolves ticket 4645.
      • Remove unused function circuit_dump_by_chan from circuitlist.c. Closes issue 9107; patch from "marek".
      • Change our use of the ENUM_BF macro to avoid declarations that confuse Doxygen.
      • Get rid of router->address, since in all cases it was just the string representation of router->addr. Resolves ticket 5528.
    • Documentation:
      • Adjust the URLs in the README to refer to the new locations of several documents on the website. Fixes bug 12830. Patch from Matt Pagan.
      • Document 'reject6' and 'accept6' ExitPolicy entries. Resolves ticket 12878.
      • Update manpage to describe some of the files you can expect to find in Tor's DataDirectory. Addresses ticket 9839.
      • Clean up several option names in the manpage to match their real names, add the missing documentation for a couple of testing and directory authority options, remove the documentation for a V2-directory fetching option that no longer exists. Resolves ticket 11634.
      • Correct the documenation so that it lists the correct directory for the stats files. (They are in a subdirectory called "stats", not "status".)
      • In the manpage, move more authority-only options into the directory authority section so that operators of regular directory caches don't get confused.
      • Fix the layout of the SOCKSPort flags in the manpage. Fixes bug 11061; bugfix on
      • Resolve warnings from Doxygen.
      • Document in the manpage that "KBytes" may also be written as "kilobytes" or "KB", that "Kbits" may also be written as "kilobits", and so forth. Closes ticket 9222.
      • Document that the ClientOnly config option overrides ORPort. Our old explanation made ClientOnly sound as though it did nothing at all. Resolves bug 9059.
      • Explain that SocksPolicy, DirPolicy, and similar options don't take port arguments. Fixes the other part of ticket 11108.
      • Fix a comment about the rend_server_descriptor_t.protocols field to more accurately describe its range. Also, make that field unsigned, to more accurately reflect its usage. Fixes bug 9099; bugfix on
      • Fix the manpage's description of HiddenServiceAuthorizeClient: the maximum client name length is 16, not 19. Fixes bug 11118; bugfix on
    • Package cleanup:
      • The contrib directory has been sorted and tidied. Before, it was an unsorted dumping ground for useful and not-so-useful things. Now, it is divided based on functionality, and the items which seemed to be nonfunctional or useless have been removed. Resolves ticket 8966; based on patches from "rl1987".
    • Removed code and features:
      • Clients now reject any directory authority certificates lacking a dir-key-crosscert element. These have been included since, so there's no real reason for them to be optional any longer. Completes proposal 157. Resolves ticket 10162.
      • Remove all code that existed to support the v2 directory system, since there are no longer any v2 directory authorities. Resolves ticket 10758.
      • Remove the HSAuthoritativeDir and AlternateHSAuthority torrc options, which were used for designating authorities as "Hidden service authorities". There has been no use of hidden service authorities since, when we stopped uploading or downloading v0 hidden service descriptors. Fixes bug 10881; also part of a fix for bug 10841.
      • Remove /tor/dbg-stability.txt URL that was meant to help debug WFU and MTBF calculations, but that nobody was using. Fixes bug 11742.
      • The TunnelDirConns and PreferTunnelledDirConns options no longer exist; tunneled directory connections have been available since, and turning them off is not a good idea. This is a brute-force fix for 10849, where "TunnelDirConns 0" would break hidden services.
      • Remove all code for the long unused v1 directory protocol. Resolves ticket 11070.
      • Remove all remaining code related to version-0 hidden service descriptors: they have not been in use since Fixes the rest of bug 10841.
      • Remove migration code from when we renamed the "cached-routers" file to "cached-descriptors" back in This incidentally resolves ticket 6502 by cleaning up the related code a bit. Patch from Akshay Hebbar.
    • Test infrastructure:
      • Tor now builds each source file in two modes: a mode that avoids exposing identifiers needlessly, and another mode that exposes more identifiers for testing. This lets the compiler do better at optimizing the production code, while enabling us to take more radical measures to let the unit tests test things.
      • The production builds no longer include functions used only in the unit tests; all functions exposed from a module only for unit-testing are now static in production builds.
      • Add an --enable-coverage configuration option to make the unit tests (and a new src/or/tor-cov target) to build with gcov test coverage support.
      • Update to the latest version of tinytest.
      • Improve the tinytest implementation of string operation tests so that comparisons with NULL strings no longer crash the tests; they now just fail, normally. Fixes bug 9004; bugfix on
      • New macros in test.h to simplify writing mock-functions for unit tests. Part of ticket 11507. Patch from Dana Koch.
      • We now have rudimentary function mocking support that our unit tests can use to test functions in isolation. Function mocking lets the tests temporarily replace a function's dependencies with stub functions, so that the tests can check the function without invoking the other functions it calls.
    • Testing:
      • Complete tests for the status.c module. Resolves ticket 11507. Patch from Dana Koch.
      • Add more unit tests for the <circid,channel>->circuit map, and the destroy-cell-tracking code to fix bug 7912.
      • Unit tests for failing cases of the TAP onion handshake.
      • More unit tests for address-manipulation functions.
    • Distribution (systemd):
      • Include a tor.service file in contrib/dist for use with systemd. Some distributions will be able to use this file unmodified; others will need to tweak it, or write their own. Patch from Jamie Nguyen; resolves ticket 8368.
      • Verify configuration file via ExecStartPre in the systemd unit file. Patch from intrigeri; resolves ticket 12730.
      • Explicitly disable RunAsDaemon in the systemd unit file. Our current systemd unit uses "Type = simple", so systemd does not expect tor to fork. If the user has "RunAsDaemon 1" in their torrc, then things won't work as expected. This is e.g. the case on Debian (and derivatives), since there we pass "--defaults-torrc /usr/share/tor/tor-service-defaults-torrc" (that contains "RunAsDaemon 1") by default. Patch by intrigeri; resolves ticket 12731.   

    0 0

    tinfoleak is a simple Python script that allow to obtain:
    • basic information about a Twitter user (name, picture, location, followers, etc.)
    • devices and operating systems used by the Twitter user
    • applications and social networks used by the Twitter user
    • place and geolocation coordinates to generate a tracking map of locations visited
    • show user tweets in Google Earth!
    • download all pics from a Twitter user
    • hashtags used by the Twitter user and when are used (date and time)
    • user mentions by the the Twitter user and when are occurred (date and time)
    • topics used by the Twitter user
    You can filter all the information by:
    • start date / time
    • end date / time
    • keywords

    0 0

    MLDonkey is a multi-platform and freely distributed eDonkey client, a P2P (Peer-to-Peer) file-sharing application. It provides users with both a server (daemon) and graphical user interface (GUI).

    It seems to be the first ever open source application that could access the eDonkey peer-to-peer file sharing network, as a eDonkey2000 clone. It officially supports the Linux, BSD, Solaris, Mac OS X, MorphOS, and Microsoft Windows operating systems.

    Currently, the application supports several large P2P networks, including Overnet, BitTorrent, Fasttrack (Kazaa, Imesh, Grobster), Gnutella (Bearshare, Limewire, etc), Gnutella2 (Shareaza), Soulseek, Opennap, and Direct-Connect (DC++).

    Several user interfaces are available for this project, including web-based, native GUIs, Telnet based and basic Wap front-ends. The most simple and effective appears to be the Telnet interface accessible through the command-line (telnet 4000) or via the Putty application.

    While the Wap interface is extremely simple and provides users only with very basic functionality, such as current download and upload speed, current running downloads, as well as pause, resume, and cancel functions, the web-based interface can be easily accessed with any modern web browser through http://admin@

    MLdonkey comes by default with a GTK interface. However, there are many open source or commercial GUI (Graphical User Interfaces) front-ends available, including Sancho, KMLdonkey, G2Gui, CocoDonkey, xDonkey, mlMac, Nulu GUI ML, MLdonkeyWatch, phpEselGui, saman, Platero, Alemula, Zuul, JMoule, Web-GMUI, and Rmldonkey.

    All the aforementioned MLdonkey interfaces can be used both remotely and locally. Furthermore, it allows users to easily enable or disable P2P networks, perform parallel searches on all enabled peer-to-peer networks, as well as to download files concurrently from multiple clients.

    Summing up, MLdonkey is a very powerful and popular P2P client that runs on most operating systems, supports a wide range of peer-to-peer networks, and comes with a plethora of user interfaces.


    • 100% Open Source, GPL license
    • runs on Linux, Unix, Solaris, MacOSX, MorphOS and Windows
    • The p2p core can run on a resource limited headless computer, with remote GUI clients accessing it over the network.
      • The core is built to run as daemon for days, weeks, ever...
    • Several different GUIs available, some of them developed separately.
    • Multi-user support: the same core can queue and process downloads for several different users who can't see what the others are downloading.
    • Several different file-sharing networks supported:
      • ED2K (and Kademlia and Overnet)
      • BitTorrent
      • DC++
      • (FastTrack, SoulSeek, Gnutella and G2 need work)
    • The core can download the same file from several different networks simultaneously.
    • Scriptable command-line interface available. It's possible to control all aspects of mldonkey from the CLI.
    • Written in ObjectiveCaml, with some parts written in C and some in Assembly

    0 0

    Asterisk Password Spy is the FREE tool to instantly reveal the hidden password behind asterisks (*****).

    It's user friendly interface can help you to easily find the passwords from any Windows based application.You can simply drag the 'search icon' to any password box to find the real password hidden by those asterisks.

    Most applications do not display real password in the login box for security reasons and instead they show the asterisks (****). But often there is need to know the actual password especially if you have forgotten password that you have entered while ago.

    In such cases, AsteriskPasswordSpy will help you to easily find out the real password hidden behind asterisks.

    It works on wide range of platforms starting from Windows XP to latest operating system Windows 8.

    • Instantly reveal the hidden password behind asterisks.
    • Support most of the windows based applications
    • Nice user friendly GUI interface makes it easier & faster
    • Show password of any length & complexity
    • Sort feature to quickly arrange and search through discovered passwords.
    • Save the recovered password list to HTML/XML/CSV file.
    • Support for local Installation and uninstallation of the software.

    How to Use?

    AsteriskPasswordSpy is easy to use with its simple GUI interface. 

    Here are the brief usage details
    • Launch AsteriskPasswordSpy on your system
    • Now simply drag the 'search icon' to any password box to reveal the passwords.
    • When you place it over the password box, it will automatically highlight it and password is added to list as shown in the screenshot below.
    • Finally you can save all recovered password list to HTML/XML/CSV file by clicking on 'Export' button and then select the type of file from the drop down box of 'Save File Dialog'.

    0 0

    ZMap is an open-source network scanner that enables researchers to easily perform Internet-wide network studies. With a single machine and a well provisioned network uplink, ZMap is capable of performing a complete scan of the IPv4 address space in under 45 minutes, approaching the theoretical limit of gigabit Ethernet.

    ZMap can be used to study protocol adoption over time, monitor service availability, and help us better understand large systems distributed across the Internet.

    While ZMap is a powerful tool for researchers, please keep in mind that by running ZMap, you are potentially scanning the ENTIRE IPv4 address space and some users may not appreciate your scanning. 

    Command Line Arguments

    Common Options

    These options are the most common options when performing a simple scan. We note that some options are dependent on the probe module or output module used (e.g. target port is not used when performing an ICMP Echo Scan).
    -p, --target-port=port
    TCP port number to scan (e.g. 443)
    -o, --output-file=name
    Write results to this file. Use - for stdout
    -b, --blacklist-file=path
    File of subnets to exclude, in CIDR notation (e.g., one-per line. It is recommended you use this to exclude RFC 1918 addresses, multicast, IANA reserved space, and other IANA special-purpose addresses. An example blacklist file is provided in conf/blacklist.example for this purpose.

    Scan Options

    -n, --max-targets=n
    Cap the number of targets to probe. This can either be a number (e.g. -n 1000) or a percentage (e.g. -n 0.1%) of the scannable address space (after excluding blacklist)
    -N, --max-results=n
    Exit after receiving this many results
    -t, --max-runtime=secs
    Cap the length of time for sending packets
    -r, --rate=pps
    Set the send rate in packets/sec
    -B, --bandwidth=bps
    Set the send rate in bits/second (supports suffixes G, M, and K (e.g. -B 10M for 10 mbps). This overrides the --rate flag.
    -c, --cooldown-time=secs
    How long to continue receiving after sending has completed (default=8)
    -e, --seed=n
    Seed used to select address permutation. Use this if you want to scan addresses in the same order for multiple ZMap runs.
    Split the scan up into N shards/partitions among different instances of zmap (default=1). When sharding, --seed is required
    Set which shard to scan (default=0). Shards are indexed in the range [0, N), where N is the total number of shards. When sharding --seed is required.
    -T, --sender-threads=n
    Threads used to send packets (default=1)
    -P, --probes=n
    Number of probes to send to each IP (default=1)
    -d, --dryrun
    Print out each packet to stdout instead of sending it (useful for debugging)

    Network Options

    -s, --source-port=port|range
    Source port(s) to send packets from
    -S, --source-ip=ip|range
    Source address(es) to send packets from. Either single IP or range (e.g.
    -G, --gateway-mac=addr
    Gateway MAC address to send packets to (in case auto-detection does not work)
    -i, --interface=name
    Network interface to use

    Probe Options

    ZMap allows users to specify and write their own probe modules for use with ZMap. Probe modules are responsible for generating probe packets to send, and processing responses from hosts.
    List available probe modules (e.g. tcp_synscan)
    -M, --probe-module=name
    Select probe module (default=tcp_synscan)
    Arguments to pass to probe module
    List the fields the selected probe module can send to the output module

    Output Options

    ZMap allows users to specify and write their own output modules for use with ZMap. Output modules are responsible for processing the fieldsets returned by the probe module, and outputing them to the user. Users can specify output fields, and write filters over the output fields.
    List available output modules (e.g. tcp_synscan)
    -O, --output-module=name
    Select output module (default=csv)
    Arguments to pass to output module
    -f, --output-fields=fields
    Comma-separated list of fields to output
    Specify an output filter over the fields defined by the probe module

    Additional Options

    -C, --config=filename
    Read a configuration file, which can specify any other options.
    -q, --quiet
    Do not print status updates once per second
    -g, --summary
    Print configuration and summary of results at the end of the scan
    -v, --verbosity=n
    Level of log detail (0-5, default=3)
    -h, --help
    Print help and exit
    -V, --version
    Print version and exit

    0 0

    drozer is a comprehensive security audit and attack framework for Android.

    With increasing pressure to support mobile working, the ingress of Android into the enterprise is gathering momentum. Have you considered the threat posed by the Android app that supports your business function, or Android devices being used as part of your BYOD strategy?

    drozer helps to provide confidence that Android apps and devices being developed by, or deployed across, your organisation do not pose an unacceptable level of risk. By allowing you to interact with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.

    drozer provides tools to help you use and share public exploits for Android. For remote exploits, it can generate shellcode to help you to deploy the drozer Agent as a remote administrator tool, with maximum leverage on the device.

    Faster Android Security Assessments

    drozer helps to reduce the time taken for Android security assessments by automating the tedious and time-consuming.
    • Discover and interact with the attack surface exposed by Android apps.
    • Execute dynamic Java-code on a device, to avoid the need to compile and install small test scripts.

    Test against Real Android Devices

    drozer runs both in Android emulators and on real devices. It does not require USB debugging or other development features to be enabled; so you can perform assessments on devices in their production state to get better results.

    Automate and Extend

    drozer can be easily extended with additional modules to find, test and exploit other weaknesses; this, combined with scripting possibilities, helps you to automate regression testing for security issues.

    Test your Exposure to Public Exploits

    drozer provides point-and-go implementations of many public Android exploits. You can use these to identify vulnerable devices in your organisation, and to understand the risk that these pose.

    0 0

    WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer (Version 4.0 - 11.0), Mozilla Firefox (All Versions), Google Chrome, Safari, and Opera. This tool can be used to recover your lost/forgotten password of any Website, including popular Web sites, like Facebook, Yahoo, Google, and GMail, as long as the password is stored by your Web Browser.

    After retrieving your lost passwords, you can save them into text/html/csv/xml file, by using the 'Save Selected Items' option (Ctrl+S).

    Using WebBrowserPassView

    WebBrowserPassView doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file - WebBrowserPassView.exe

    After running it, the main window of WebBrowserPassView displays the list of all Web browser passwords found in your system. You can select one or more passwords and then copy the list to the clipboard (Ctrl+C) or export them into text/xml/html/csv file (Ctrl+S). 

    0 0

    DA-WIN is the end of the manual PCI wireless scan DA-WIN provides an organisation a continuous wireless scanning capability that is light touch and simple. It utilises compact and discreet sensors that can easily be deployed reducing the total cost of protection and simplifying the effort required for absolute, categoric regulatory compliance.

    BYOD - Bring Your Own Disaster

    Marketing directors everywhere need to be able to swager (see urban dictionary not a spelling mistake - aka swagger) into the office. They NEED to be able to use an I-P-PAD-POD-PONE with teeniest screen to do their job.
    DO THEY REALLY need to introduce that POX, VIRUS and MALWARE infected digital equivalent of TYPHOID Mary on to your network
    DA-WIN provides an organisation a continuous wireless scanning capability that is light touch and simple. It replaces the network surveillance that head of risk made you take out after the last gartner conference

    What is DA-WIN

    DA- WIN (pronounced DARWIN) is the evolution of wireless security scanning. Developed by a team that had a significant impact on the field of 802.11 security, it embraces the true-ism that most organisations don't like or embrace network IDS technology and so are unlikely to welcome, invest in or support an IDS implementation in a more specialised area like Wfi.
    Scanning is a costly, regulatory requirement for many - Yet it often provides little security protection because it only measures the threat on 4 or 5 days a year. How many CIOs would be happy with a firewall or anti-virus that worked for 1 week in 52?  

    How we solved the problem 

    Purpose built, designed from the ground up, Wireless IDS are expensive and require an organisation that is committed to the significant investment that is required to gain a security return. Other offering based on repurposed PC or Network equipment can only be deployed in too sparse numbers because of their size and cost to yield real benefits. Mostly these are network sniffers bundled together with adhoc scripts which often results in a significant manual overhead in interpreting the output. DA-WIN is different because:
    • The software it uses has been purposefully designed for the task, it has been designed with regulations such as PC-DSS and Government Standards (332/5) in mind � by personnel that helped set the baseline.
    • The hardware is custom assembled - it is compact, cost effective which allows for easy and trouble free volume deployment.
    • Supports Attack detection, Flood detection, brute forcing detection and a myriad of rogue access point detection techniques.
    The typical organisation will claw back its expenditure on manual wireless scanning within 18 months.

    0 0

    FBHT (Facebook Hacking Tool) is an open-source tool written in Python that exploits multiple vulnerabilities on the Facebook platform

    The tool provides:
    • 1) Create accounts
    • 2) Delete all accounts for a given user
    • 3) Send friendship requests (Test Accounts)
    • 4) Accept friendship requests (Test Accounts)
    • 5) Connect all the accounts of the database
    • 6) Link Preview hack (Simple web version)
    • 7) Link Preview hack (Youtube version)
    • 8) Youtube hijack
    • 9) Private message, Link Preview hack (Simple web version)
    • 10) Private message, Link Preview hack (Youtube version)
    • 11) NEW Like flood
    • 12) Publish a post as an App (App Message Spoof)
    • 13) Bypass friendship privacy
    • 14) Bypass friendship privacy with graph support
    • 15) Analyze an existing graph
    • 16) Link to disclosed friendships
    • 17) Print database status
    • 18) Increase logging level globally
    • 19) Set global login (Credentials stored in memory - Danger)
    • 20) Print dead attacks :\'( 
    • 21) Send friend request to disclosed friend list from your account
    • 22) Bypass friendship (only .dot without graph integration)
    • 23) Note DDoS attack
    • 24) Old Like Flood (Not working)
    • 25) NEW! SPAM any fanpage inbox
    • 26) Bypass - database support (Beta)
    • 27) Logout all your friends - FB blackout 
    • 28) Close the application

    0 0

    UFONet - is a tool designed to launch DDoS attacks against a target, using 'Open Redirect' vectors on third party web applications, like botnet.

    See this links for more info:
    - CWE-601:Open Redirect
    - OWASP:URL Redirector Abuse

    Main features:
    --version             show program's version number and exit
    -v, --verbose active verbose on requests
    --check-tor check to see if Tor is used properly
    --update check for latest stable version

    *Configure Request(s)*:
    --proxy=PROXY Use proxy server (tor: http://localhost:8118)
    --user-agent=AGENT Use another HTTP User-Agent header (default SPOOFED)
    --referer=REFERER Use another HTTP Referer header (default SPOOFED)
    --host=HOST Use another HTTP Host header (default NONE)
    --xforw Set your HTTP X-Forwarded-For with random IP values
    --xclient Set your HTTP X-Client-IP with random IP values
    --timeout=TIMEOUT Select your timeout (default 30)
    --retries=RETRIES Retries when the connection timeouts (default 1)
    --delay=DELAY Delay in seconds between each HTTP request (default 0)

    *Manage Botnet*:
    -s SEARCH Search 'zombies' on google (ex: -s 'proxy.php?url=')
    --sn=NUM_RESULTS Set max number of result to search (default 10)
    -t TEST Test list of web 'zombie' servers (ex: -t zombies.txt)

    *Configure Attack(s)*:
    -r ROUNDS Set number of 'rounds' for the attack (default: 1)
    -b PLACE Set a place to 'bit' on target (ex: -b /path/big.jpg)
    -a TARGET Start a Web DDoS attack (ex: -a http(s)://

    0 0

    WAP 2.0 is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities in web applications written in PHP (version 4.0 or higher) and with a low rate of false positives. WAP detects and corrects the following vulnerabilities:
    • SQL Injection (SQLI)
    • Cross-site scripting (XSS)
    • Remote File Inclusion (RFI)
    • Local File Inclusion (LFI)
    • Directory Traversal or Path Traversal (DT/PT)
    • Source Code Disclosure (SCD)
    • OS Command Injection (OSCI)
    • PHP Code Injection

    This tool semantically analyses the source code. More precisely, it does taint analysis (data-flow analysis) to detect the input validation vulnerabilities. The aim of the taint analysis is to track malicious inputs inserted by entry points ($_GET, $_POST arrays) and to verify if they reaches some sensitive sink (PHP functions that can be exploited by malicious input). After the detection, the tool uses data mining to confirm if the vulnerabilities are real or false positives. At the end, the real vulnerabilities are corrected with the insertion of the fixes (small pieces of code) in the source code. WAP is written in Java language and is constituted by three modules:
    • Code Analyzer: composed by tree generator and taint analyser. The tool has integrated a lexer and a parser generated by ANTLR, and based in a grammar and a tree grammar written to PHP language. The tree generator uses the lexer and the parser to build the AST (Abstract Sintatic Tree) to each PHP file. The taint analyzer performs the taint analysis navigating through the AST to detect potentials vulnerabilities.

    • False Positives Predictor: composed by a supervised trained data set with instances classified as being vulnerabilities and false positives and by the Logistic Regression machine learning algorithm. For each potential vulnerability detected by code analyser, this module collects the presence of the attributes that define a false positive. Then, the Logistic Regression algorithm receives them and classifies the instance as being a false positive or not (real vulnerability).

    • Code Corrector: Each real vulnerability is removed by correction of its source code. This module for the type of vulnerability selects the fix that removes the vulnerability and signalizes the places in the source code where the fix will be inserted. Then, the code is corrected with the insertion of the fixes and new files are created.     

    0 0

    Webfwlog is a flexible web-based firewall log analyzer and reporting tool. It supports standard system logs for linux, FreeBSD, OpenBSD, NetBSD, Solaris, Irix, OS X, etc. as well as Windows XP®. Supported log file formats are netfilter, ipfilter, ipfw, ipchains and Windows XP®. Webfwlog also supports logs saved in a database using the ULOG or NFLOG targets of the linux netfilter project, or any other database logs mapped with a view to the ulogd schema. Versions 1 and 2 of ulogd database schemas are supported.

    Webfwlog fully supports IPv6 for database logs, and netfilter and ipfilter system logs.
    With Webfwlog you can design reports to use on your logged data in whatever configuration you desire. Included are example reports as a starting point. You can sort a report with a single click, "drill-down" on the reports all the way to the packet level, and save your reports for later use. You can also create a link directly to any saved report.


    - A web server with PHP >= 4.1
    - Log files in standard netfilter, ipfilter, ipfw, ipchains or Windows XP® format
          or database logs populated with the ULOG or NFLOG target of netfilter,
          or other database logs mapped with a view to ulogd version 1 or 2 schemas
    - A MySQL or PostgreSQL database server:
          - MySQL >= 3.23.52 or any production release of 4.x or 5.x
                - MySQL >= 5 required for IPv6
          - PostgreSQL >= 7.1
                - PostgreSQL >= 7.4 required for IPv6
    - Your favorite web browser.

    Windows XP® support provided via Cygwin.

    0 0

    r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files
    This is the rewrite of radare (1.x branch) to provide a framework with a set of libraries and programs to work with binary data.

    Radare project started as a forensics tool, an scriptable commandline hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers, ..

    radare2 is portable.

    6502, 8051, arm, arc, avr, bf, tms320 (c54x, c55x, c55+), gameboy csr, dcpu16, dalvik, i8080, mips, m68k, mips, msil, snes, nios II, sh, sparc, rar, powerpc, i386, x86-64, H8/300, malbolge, T8200

    File Formats:
    bios, dex, elf, elf64, filesystem, java, fatmach0, mach0, mach0-64, MZ, PE, PE+, TE, COFF, plan9, bios, dyldcache, Gameboy and Nintendo DS ROMs

    Operating Systems:
    Android, GNU/Linux, [Net|Free|Open]BSD, iOS, OSX, QNX, w32, w64, Solaris, Haiku, FirefoxOS

    Vala/Genie, Python (2, 3), NodeJS, LUA, Go, Perl, Guile, php5, newlisp, Ruby, Java, OCAM

    • Multi-architecture and multi-platform
      • GNU/Linux, Android, *BSD, OSX, iPhoneOS, Windows{32,64} and Solaris
      • i8080, 8051, x86{16,32,64}, avr, arc{4,compact}, arm{thumb,neon,aarch64}, c55x+, dalvik, ebc, gb, java, sparc, mips, nios2, powerpc, whitespace, brainfuck, malbolge, z80, psosvm, m68k, msil, sh, snes, gb, dcpu16, csr, arc
      • pe{32,64}, te, [fat]mach0{32,64}, elf{32,64}, bios/uefi, dex and java classes
    • Highly scriptable
      • Vala, Go, Python, Guile, Ruby, Perl, Lua, Java, JavaScript, sh, ..
      • batch mode and native plugins with full internal API access
      • native scripting based in mnemonic commands and macros
    • Hexadecimal editor
      • 64bit offset support with virtual addressing and section maps
      • Assemble and disassemble from/to many architectures
      • colorizes opcodes, bytes and debug register changes
      • print data in various formats (int, float, disasm, timestamp, ..)
      • search multiple patterns or keywords with binary mask support
      • checksumming and data analysis of byte blocks
    • IO is wrapped
      • support Files, disks, processes and streams
      • virtual addressing with sections and multiple file mapping
      • handles gdb:// and rap:// remote protocols
    • Filesystems support
      • allows to mount ext2, vfat, ntfs, and many others
      • support partition types (gpt, msdos, ..)
    • Debugger support
      • gdb remote and brainfuck debugger support
      • software and hardware breakpoints
      • tracing and logging facilities
    • Diffing between two functions or binaries
    • Code analysis at opcode, basicblock, function levels
      • embedded simple virtual machine to emulate code
      • keep track of code and data references
      • function calls and syscall decompilation
      • function description, comments and library signatures

older | 1 | .... | 31 | 32 | (Page 33) | 34 | 35 | .... | 114 | newer