Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.

This week the latest version was released, Acunetix Vulnerability Scanner 9.5.

Features

• AcuSensor Technology
• Industry’s most advanced and in-depth SQL injection and Cross site scripting testing
• Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
• Visual macro recorder makes testing web forms and password protected areas easy
• Support for pages with CAPTCHA, single sign-on and Two Factor authentication mechanisms
• Extensive reporting facilities including PCI compliance reports
• Multi-threaded and lightning fast scanner – processes thousands of pages with ease
• Intelligent crawler detects web server type, application language and smartphone-optimized sites.
• Acunetix crawls and analyzes different types of websites including HTML5, SOAP and AJAX
• Port scans a web server and runs security checks against network services running on the server

This new release adds the ability to run security scans on applications built with Google Web Toolkit (GWT). It can also automatically test JSON and XML data objects for vulnerabilities. In addition, vulnerabilities are now also classified using CVE, CWE and CVSS, and AcuSensor has been updated for .NET 4.5 web applications.

Download Acunetix Vulnerability Scanner 9.5

READ MORE

• A checker (site and tool) for CVE-2014-0160: https://github.com/FiloSottile/Heartbleed
• ssltest.py: Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford http://pastebin.com/WmxzjkXJ
• SSL Server Test https://www.ssllabs.com/ssltest/index.html
• Metasploit Module: https://github.com/rapid7/metasploit-framework/pull/3206/files
• Nmap NSE script: Detects whether a server is vulnerable to the OpenSSL Heartbleed: https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
• Nmap NSE script: Quick'n'Dirty OpenVAS nasl wrapper for ssl_heartbleed based on ssl_cert_expiry.nas https://gist.github.com/RealRancor/10140249
• Heartbleeder: Tests your servers for OpenSSL: https://github.com/titanous/heartbleeder?files=1
• Heartbleed Attack POC and Mass Scanner: https://bitbucket.org/fb1h2s/cve-2014-0160
• Heartbleed Honeypot Script: http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt

Credit: http://hack-tools.blackploit.com/2014/04/collection-of-heartbleed-tools-openssl.html

READ MORE

VirusTotal Scanner is the desktop tool to quickly perform Anti-virus scan using VirusTotal.com

VirusTotal.com is a free online scan service that analyzes suspicious files using 40+ Anti-virus applications. It facilitates the quick detection of viruses, worms, trojans, all kinds of malware and provides reliable results preventing any False Positive cases.

'VirusTotal Scanner' is the desktop tool which helps you to quickly scan your file using VirusTotal without actually uploading the file. It performs direct Hash based scan on VirusTotal thus reducing the time taken to upload the file.

It comes with attractive & user friendly interface making the VirusTotal scanning process simpler and quicker. You can simply right click on your file and start the scan.

It is fully portable tool but also comes with Installer for local installation & un-installation. It works on wide range of platforms starting from Windows XP to Windows 8.

[Download]

READ MORE

Pompem is an open source tool, which is designed to automate the search for exploits in major databases. Developed in Python, has a system of advanced search, thus facilitating the work of pentesters and ethical hackers. In its current version, performs searches in databases: Exploit-db, 1337day, Packetstorm Security...

Usage
To get the list of basic options and information about the project:

python pompem.py -h

Examples of use:

python pompem.py -s Wordpress
python pompem.py -s Joomla --html
python pompem.py -s "Internet Explorer,joomla,wordpress" --html
python pompem.py -s FortiGate --txt
python pompem.py -s ssh,ftp,mysql
python pompem.py --update

[Download]

READ MORE

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

[Download] [Mirror]

Password: Download

READ MORE

Features :

Steals :
-all browsers
-trillian
-internet download manager
-cd keys
-VPn and dialup
-filezilla
-messenger
-yahoo
-opera
-safari
-firefox
-IE 4/5/6/7/8/9/10
-chrome
-ICQ
-AIM
-google talk
-trillian astra
-miranda
-gaim / pidgin
-myspace
-patalk
-digsby
-JDowloader

Works with :
-windows XP
-Vista
-windows 7
-windows 8

Antis :
-anti-sandboxie
-anti VMware
-alternative VMware 2
-anti anubis
-anti sunbelt

How to set it up:

-As all others PHP Stealers , you will need a PHP/MySQL hosting , check for free ones , there is a lot in google )

-create a database in that hosting and edite the config.php file in the PHPPanel folder with the database credentials provided by the hosting ( host/username/password/database name) then replace the default username and password of the login panel by yours )

-Upload all the PHPPanel folder on your FTP with filezilla

-Your panel is now uploaded : go to http://yourhost.com/PHPPanel/index.php and then login with the username and passwords you choose :)

-Now run the builder in sandboxie or Virtual machine...
in PHP url type your panel url : http://yourhost.com/PHPPanel/index.php

-Bind : is the binder function then choose an icon ( it is better to add it with your crypter) then enable or not the antis the hit the "build" button

you are now done , you have your web panel and your server , you only have too crypt it and spread it to get tons of passwords.

note : as i always recommand , always use builders in safe environnment like sandboxie or VMware or use it at your OWN risks.

[Download]

All Credit and responsibility may go to: http://www.hackforums.net/member.php?action=profile&uid=2009256

READ MORE

The Best Hacking Tools Resources Everyone Have To Have with. This Resource Pack Is Ultimate and Latest Version -2014 and for Those Newbie Hackers Who Don't want to waste their time to searching Forums and other resource sites for your hacking related needs.

BEST HACKING FORUMS

• http://hackforums.net
• http://ubers.org
• http://www.madleets.com
• http://www.4sectors.com
• http://www.alboraaq.com/forum/
• http://hackcommunity.com
• http://xmarks.com
• http://forum.xda-developers.com

BEST HACKING TUTORIAL RESOURCES

• http://best-hacker-tools.blogspot.com
• http://securitytube.net
• http://netsecurity.about.com/
• http://irongeek.com
• http://enigmagroup.org
• http://insecure.org
• http://defcon.org
• http://tripwire.com

BEST BLACKHAT FORUMS

• http://blackhatworld.com
• http://best-blackhatforum.com
• http://seoblackhat.com
• http://blackhatseo.com
• http://blackhat.com

BEST SECURITY TOOLBOX

• http://sourceforge.net
• http://securityxploded.com/
• http://sectools.org/
• http://insecure.org/
• http://scanwith.com/
• http://github.com/

BEST VULNERABLITY EXPOSURE & EXPLOITS

• http://cve.mitre.org
• http://securityfocus.com
• http://1337day.com
• http://vulnerability-lab.com
• http://osvdb.org
• http://xssed.com
• http://cvedetails.com

BEST BUG BOUNTY PROGRAMS

• AT & T
• Apple
• Ebay
• Facebook
• Google
• Mozilla
• Microsoft
• Paypal
• Rediff
• Reddit
• Twitter
• Yahoo
• Zyanga

READ MORE

I just share it form ubers.com i hope you guys enjoy to download it. It's just a small tool to crack password.

[Download]

READ MORE

Netsparker Community Edition is a SQL Injection Scanner. It's a free edition of our web vulnerability scanner for the community so you can start securing your website now. It's user friendly, fast, smart and as always False-Positive-Free. It shares many features with professional edition. It can detect SQL Injection vulnerabilities better than many other scanners (if not all), and it's completely FREE.
[Screenshot proof] 

[Download]
[Mirror]
Virustotal

READ MORE

Description

Originally designed as a word list creation tool, thad0ctor's BT5 Toolkit has become an all purpose security script to help simplify many Backtrack 5 functions to help Pentesters strengthen their systems.

The backbone of thad0ctor's Backtrack 5 Toolkit is the Wordlist Toolkit that contains a plethora of tools to create, modify, and manipulate word lists in order for end users to strengthen their systems by testing their passwords against a variety of tools designed to expose their pass phrases. In short it is the ultimate tool for those looking to make a wide variety of word lists for dictionary based and other brute force attacks.

The toolkit is designed with usability in mind for the Backtrack 5R2 linux distro but will also work on BT5 R1 and other Ubuntu based distros if configured properly. The script is constantly updated with multiple revisions to include new cutting edge features and improvements in order to provide full spectrum wordlist creation capabilities.

[Download]

READ MORE

Include:
Shells
Sql Injection Tools
Local Root Exploits
Symlinks\Bypass
Vulnerabily Scanners
Script/Windows Tools
Trojans
Windows Scanners
Encryptation
Crypters
Tutoriais
Sistemas

[Download]
Virustotal:  https://www.virustotal.com/en/file/7647302da5e5064bac9e337d2dbdf5d4ec54b974859f3e283e220aaaa078f0ae/analysis/

READ MORE

Rob Dixon [ @304geek ] from AccuvantLABS published small but simple tool writen in bash called Scrape-DNS which can be used for quering cached DNS entries in search for malware and other "bad" sites. Short exerpt from 304geeks blog post:
"Back at my old job, we used cache snooping techniques (Scraping) to check for evidence of client systems that were attempting to resolve known malware sites.

We would use the list at Mayhemiclabs.com and compare it to our cached DNS entries.

So, why don't we do something badass like that, but to support the penetration test or red team mission?

Using standard cache snooping techniques you can determine what anti-virus vendors might be in use on a clients network.

HOW? Simple. By making non-recursive queries to the client's DNS servers for known AV update site domains.

Yes, it is that simple.

 

To query cached DNS entries, you need only to make a NON-recursive request a target DNS server..."

[Download]

Original post: http://304geeks.blogspot.com/

READ MORE

Description

its a Joomla Vulnerability Scanner made by .net  You need dotnet framework 4.5 for use it. made by skywalk3r for Madleets.

[Download]

READ MORE

PySQLi is a python framework designed to exploit complex SQL injection vulnerabilities. It provides dedicated bricks that can be used to build advanced exploits or easily extended/improved to fit the case.

PySQLi is thought to be easily modified and extended through derivated classes and to be able to inject into various ways such as command line, custom network protocols and even in anti-CSRF HTTP forms.

PySQLi is still in an early stage of development, whereas it has been developed since more than three years. Many features lack but the actual version but this will be improved in the next months/years.

Download PySQLi

READ MORE

Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit.
The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Design for simplicity, users should feel no difference between their own terminal application and the one included in Faraday. Developed with a specialized set of functionalities that help users improve their own work. Do you remember yourself programming without an IDE? Well, Faraday does the same an IDE does for you when programming, but from the perspective of a penetration test.

[Download]

READ MORE

Features
PHP Server Based

SQLI Websites
XSS Websites
LFI Websites
RFI Websites
Admin Panels
Upload Vulnerability

ASP Server Based

ASP SQLI Websites
ASP XSS Websites
ASP Admin Panels
ASP Upload Vulnerability

Website Related Tools

Wordpress Website Finder
Joomla Website Finder
Sub Domain Scanner
Web Terminator ( DDos Attack )
IP Resolver
NS Lookup
Joomla Website Vulnerability Scanner

[Download]

READ MORE

Virustotal: https://www.virustotal.com/en/file/17da98c633d90be74c9c85d26dac8c84271a8135f40ef6ce36c0e46b26b34df2/analysis/1387476034/

[Download]

READ MORE

Exploit Pack is an open source GPLv3 licensed bundle of scripts ( known as exploits ) with an easy to use GUI and a SID IDE. It’s built on JAVA and Python, which means it’s easy to customize and works very nicely on any device. Like every software that has an open source license you can patch, extend or add your own ideas to it. Just checkout the code and go for it. This tool was made thinking on the end-user, it's not going to replace any other security tool on the market, but it's for sure a must-have for every security enthusiast, researcher or paranoid user.

It's easy to use

Not a security savvy but wanna IDDQD?

Hello script kiddie. Don't you worry, you can always use this tool without reading any kind of documentation. But shame on you.

Multi OS support

No matter which platform you like.

It was developed thinking on multi platform support by default for x86 but it will run on Windows, Linux, FreeBSD and Mac OSX.

IDE for Exploit Dev's

Start coding your own exploits.

A must-have for effective exploit development, extend or add more features and include your own exploit codes. 

Download  Exploit Pack

READ MORE

SQLSentinel is an opensource tool that automates the process of finding the sql injection on a website. SQLSentinel includes a spider web and sql errors finder. You give in input a site and SQLSentinel crawls and try to exploit parameters validation error for you. When job is finished, it can generate a pdf report which contains the url vuln found and the url crawled. 

Please remember that SQLSentinel is not an exploiting tool. It can only finds url Vulnerabilities.

[Download SQLSentinel]

READ MORE

OSForensics updated to version 2.0. OSForensics allows you to identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data. It lets you extract forensic evidence from computers quickly with advanced file searching and indexing and enables this data to be managed effectively. New version having ability to capture pages from web sites and add them to a case and Support for multiple drives & folders when indexing, searching multiple set of index files in a single search, Faster search times of indexes (up to 500% faster) ,Much improved E-mail browser, Dozens of other improvements and bug fixes.

[Download OSForensics]

READ MORE