Syhunt Huntpad is a notepad application with features that are particularly useful to penetration testers and bug hunters - a collection of common injection string generators, hash generators, encoders and decoders, HTML and text manipulation functions, and so on, coupled with syntax highlighting for several programming languages.
Features:
- Syntax Highlighting - supporting HTML, JavaScript, CSS, XML, PHP, Ruby, SQL, Pascal, Perl, Python and VBScript.
- SQL Injection functions
- Filter Evasion - Database-Specific String Escape (CHAR & CHR). Conversion of strings to quoted strings, conversion of spaces to comment tags or new lines
- Filter Evasion (MySQL-Specific) - String Concatenation, Percent Obfuscation & Integer Representation (eg: '26' becomes 'ceil(pi()*pi())*(!!!pi()+true)+ceil(@@version)', a technique presented by Johannes Dahse).
- UNION Statement Maker
- Quick insertion of common injections covering DB2, Informix, Ingres, MySQL, MSSQL, Oracle & PostgreSQL
- File Inclusion functions
- Quick Shell Upload code generator
- PHP String Escape (chr)
- Cross-Site Scripting (XSS) functions
- Filter Evasion - JavaScript String Escape (String.fromCharCode), CSS Escape
- Various handy alert statements for testing for XSS vulnerabilities.
- Hash functions
- Hash Generators - MD5, SHA-1, SHA-2 (224, 256, 384 & 512), GOST, HAVAL (various), MD2, MD4, RIPEMD (128, 160, 256 & 320), Salsa10, Salsa20, Snefru (128 & 256), Tiger (various) & WHIRLPOOL
- Encoders/Decoders
- URL Encoder/Decoder
- Hex Encoder/Decoder - Converts a string or integer to hexadecimal or vice-versa (multiple output formats supported).
- Base64 Encoder/Decoder
- CharCode Converter - Converts a string to charcodes (eg: 'abc' becomes '97,98,99') or vice-versa.
- IP Obfuscator - Converts an IP to dword, hex or octal.
- JavaScript Encoders - Such as JJEncode by Yosuke HASEGAWA
- HTML functions
- HTML Escape/Unescape
- HTML Entity Encoder/Decoder - Decimal and hexadecimal HTML entity encoders & decoders
- JavaScript and CSS beautifiers
- JavaScript String Escape
- Text Manipulation functions - Uppercase, Lowercase, Swap Case, Title Case, Reverse, Shuffle, Strip Slashes, Strip Spaces, Add Slashes, Char Separator
- Time-Based Blind Injection code - Covering MySQL, MSSQL, Oracle, PostgreSQL, Server-Side JavaScript & MongoDB
- CRC Calculators - CRC16, CRC32, CRC32b, and more.
- Classical Ciphers - ROT13 & ROT[N]
- Checksum Calculators - Adler-32 & Fletcher
- Buffer Overflow String Creator
- Random String & Number Generation functions
- URL Splitter
- Useful Strings - Math, character sets and more.