SQLSentinel
SQLSentinel is an opensource tool that automates the process of finding the sql injection on a website. SQLSentinel includes a spider web and sql errors finder. You give in input a site and SQLSentinel crawls and try to exploit parameters validation error for you. When job is finished, it can generate a pdf report which contains the url vuln found and the url crawled.
Please remember that SQLSentinel is not an exploiting tool. It can only finds url Vulnerabilities.
TOR [Virtual Network Tunneling Tool]
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
Changes: This release reduces directory overhead, provides enormous crypto performance improvements for fast relays on recent hardware, a new v3 TLS handshake protocol that can better resist fingerprinting, support for protocol obfuscation plugins, better scalability for hidden services, IPv6 support for bridges, performance improvements like allowing clients to skip the first round-trip on the circuit ("optimistic data") and refilling token buckets more often, a new "stream isolation" design to isolate different applications on different circuits, and many stability, security, and privacy fixes.
OSForensics
OSForensics updated to version 2.0. OSForensics allows you to identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data. It lets you extract forensic evidence from computers quickly with advanced file searching and indexing and enables this data to be managed effectively. New version having ability to capture pages from web sites and add them to a case and Support for multiple drives & folders when indexing, searching multiple set of index files in a single search, Faster search times of indexes (up to 500% faster) ,Much improved E-mail browser, Dozens of other improvements and bug fixes.
[Download OSForensics]
Weevely [PHP Stealth Tiny Web Shell]
Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.
Weevely is currently included in Backtrack and Backbox and all the major Linux distributions oriented for penetration testing.
- More than 30 modules to automatize administration and post exploitation tasks:
- Execute commands and browse remote filesystem, even with PHP security restriction
- Audit common server misconfigurations
- Run SQL console pivoting on target machine
- Proxy your HTTP traffic through target
- Mount target filesystem to local mount point
- Simple file transfer from and to target
- Spawn reverse and direct TCP shells
- Bruteforce SQL accounts through target system
- Run port scans from target machine
- And so on..
- Backdoor communications are hidden in HTTP Cookies
- Communications are obfuscated to bypass NIDS signature detection
- Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection
You can download Weevely v1.0 here:
Or read more here.
PenQ [The Security Testing Browser Bundle]
PenQ is an open source Linux based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more.
PenQ is configured to run on Debian based distributions including Ubuntu and its derivative distros, and penetration testing operating systems such as BackTrack and Kali.With all its integrations, PenQ is a powerful tool. Be mindful of what use you put it to. Responsible use of PenQ can help secure web apps in a zap.
Features
- OWASP ZAP
- OWASP WebScarab
- OWASP WebSlayer
- Nikto Web Server Scanner
- Wfuzz Web Application Fuzzer
- Mozilla Add-ons Collection
- Integrated Tor
- OWASP Penetration Testing Checklist
- PenTesting Report Generator
- Vulnerability Databases Search
- Access to Shell and System Utilities
- Collection of Useful Links
[Download]
Patator v0.5
Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
Currently it supports the following modules:
* ftp_login : Brute-force FTP
* ssh_login : Brute-force SSH
* telnet_login : Brute-force Telnet
* smtp_login : Brute-force SMTP
* smtp_vrfy : Enumerate valid users using the SMTP VRFY command
* smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command
* finger_lookup : Enumerate valid users using Finger
* http_fuzz : Brute-force HTTP/HTTPS
* pop_login : Brute-force POP
* pop_passd : Brute-force poppassd (not POP3)
* imap_login : Brute-force IMAP
* ldap_login : Brute-force LDAP
* smb_login : Brute-force SMB
* smb_lookupsid : Brute-force SMB SID-lookup
* vmauthd_login : Brute-force VMware Authentication Daemon
* mssql_login : Brute-force MSSQL
* oracle_login : Brute-force Oracle
* mysql_login : Brute-force MySQL
* mysql_query : Brute-force MySQL queries
* pgsql_login : Brute-force PostgreSQL
* vnc_login : Brute-force VNC
* dns_forward : Brute-force DNS
* dns_reverse : Brute-force DNS (reverse lookup subnets)
* snmp_login : Brute-force SNMPv1/2 and SNMPv3
* unzip_pass : Brute-force the password of encrypted ZIP files
* keystore_pass : Brute-force the password of Java keystore files
[Download]
The WhiteHat Aviator™ Web Browser
With every website you visit, you’re vulnerable to malicious hackers out to steal your surfing history, passwords, email access, bank account numbers, medical info, and more. And the “big browsers” don’t do enough to stop it. But now you can protect yourself before you go on the Web – with WhiteHat Aviator, the Web’s most secure and private browser. With WhiteHat Aviator, you get the industry’s best and tightest security and privacy safeguards – all built-in, all activated, all ready-to-go.
FruityWifi v1.6
FruityWifi is a wireless network auditing tool based in the Wifi Pineapple idea. The application can be installed in any Debian based system. Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi), Pwnpi (Raspberry Pi).
With the new version, it is possible to install external modules. This functionality gives the user more flexibility and the FruityWifi can be customized. The modules can be added or removed anytime using the on-line repository.
Available modules:
- Hostapd Karma
- URLsnarf
- DNSspoof
- Kismet
- Squid (code injection capabilities)
- SSLstrip (code injection capabilities)
- nmap
- mdk3
- ngrep
- Captive Portal
New modules are being developed continuously and can be installed from the modules page.
Using the installation script all the required dependencies, scripts and setup can be installed, or if you prefer you can download a SD image of Pwnpi 3.0 with FruityWifi v1.6 from the wiki page:
https://github.com/xtr4nge/FruityWifi/wiki/Install
Subscribe to:
Posts (Atom)
0 comments:
Never Forget To Say Thanks :D