WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
478a1566e4c6f7dc28d734eedcb6ba04390148a32396154c928a3e2488959054
XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
4de4d18fc0472010c5289b7c509270a9628d2883314d90de3888b92ee68106a0
This Python script is a tool that can be used to check windows workstations and servers if they have accessible shared resources.
50f0cef89cbe41efc8027f56d96fd61b7164ec2daabfe90f151d7876f0f60c47
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
44d3ec57af0dc97b14b5c020752e414feebca30aa7690beb7e3ec23e8d74fa41
YCrawler is a web crawler that is useful for grabbing all user supplied input related to a given website and will save the output. It has proxy and log file support.
602e299d0d83a27072e94350f35ff2215599c2fc81c708ab79ed31bcc7d34dc0
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
8e8204b70f419814270efe1a84e5a1a57379fb615a273913b02f39c00bcd3841
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
883ccd44f2129e5160ea8c433f5ff98e0a5fdf077fe8afbec99020d82d17bbaf
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
6f0f8372777c1f62bd302fce108bb4f73fd33a976b35720e6bf09e7b10b6dfb0
yInjector is a MySQL injection penetration tool. It has multiple features, proxy support, and multiple exploitation methods.
b52774ac099292a94a0f4f4c96f55843e963024e991196b4ce6f06d98c62454c
aidSQL SQL injection detection and exploitation tool is a modular PHP scanner that allows you to develop your own plugins for use.
e769c0ef9eb214b98a3f554a62fb6fd1b4b9c8ac94a53d3fcc19df62f382bad0
This Python script is a tool that can be used to check windows workstations and servers if they have accessible shared resources.
54537a2f3c86ad8f52de968df257b060a5829f88749fc6e25a04fdb2eccaf7be
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
dc87a58f04f0b475b53ccfc4234f13f78e8702769fabed12d980b08093c21c01
Sambascan2 allows you to search an entire network or a number of hosts for SMB shares. It will also list the contents of all public shares that it finds. The difference between sambascan2 and other SMB viewers and scanners is that it will search everything using TCP/IP, and it will not send a lot of broadcast messages, so it can be used over LAN boundaries. It only uses SMB to list the shares and their contents.
d5a0c533e34a8f2f940ca2ddca16bb43b19cbd98de73b58e83dea97d8972dd00
SimpleSPA is an application that consists of a single packet authorization mechanism designed for the purpose of hiding semi-public services like a SSH server. There is a server side (Linux only) and a client side (Windows and Linux). This application is similar to FWKnop and more of an academic/proof of concept application as opposed to a full blown commercial quality application. involves a client that creates a packet with a payload encrypted with the public half of two different RSA keys. The idea is that one key would be shared by all users and it would encrypt the user name of the individual. A second key specific to each individual user would encrypt a pre-shared key (just any old string, nothing secret about it really) and a timestamp (to counter replay attacks). The server would receive this packet and decrypt this first half of the packet, which would give us the user name of the person sending the packet. The server would then know which user specific second key to use to decrypt the pre-shared key and time stamp to evaluate them for acceptability. If all is good, then the server would open up a port for the semi-public service we were trying to conceal for a brief amount of time to allow for a connection to be made. PDF included that explains everything. Written in Java.
378f5402ded74b2de9cd170f0b9807fe64089a1ec6ed3df52cbfb01b705fce3d
QuickRecon is a python script for simple information gathering. It attempts to find subdomain names, perform zone transfers and gathers emails from Google and Bing.
2feac3fdc6a1bf696c441b1994bd43190b9ba6ec49879406f940b6bee127e42d
This Python script is a tool that can be used to check windows workstations and servers if they have accessible shared resources.
2b220cf3cdaf3f4552cfe95010736765beabf1b919c019ab371e3b431d44e6eb
GetHTTPStatus is a simple python script that scans a set of provided URLs and returns the status codes provided. It has the ability to use cookies if needed.
e2bc79b48cf3e7d09e13850c55cc2f6ce1a7c571a8ea3f55dd7677e2e33084aa
This Python script is a tool that can be used to check windows workstations and servers if they have accessible shared resources.
d2a52d5c575a937dda9b0844fef2f9aa7f4f1849fbdf2777ecaf4c2e001dccd3
T50 Sukhoi PAK FA Mixed Packet Injector (f.k.a. F22 Raptor) is a tool designed to perform "Stress Testing". It is a powerful and an unique packet injection tool. The author has added in some anti-kiddo tricks.
1a4f11b993b8a80388bd33f4cc736819517ff227be6e83f04f3403aa15bb4234
Witchxtool is a perl script that consists of a port scanner, LFI scanner, MD5 bruteforcer, dork SQL injection scanner, fresh proxy scanner, and a dork LFI scanner.
833d41e3d4cc5515b41acff39daf512f73c3e5420ec0e662d92add4c50aa6e45
aidSQL SQL injection detection and exploitation tool is a modular PHP scanner that allows you to develop your own plugins for use.
ac0d3ebd50b8ed0d5e391ccaba376170718b01af8eda840d89a24f4b5cd7a4f7
Simple LAN Scanner is a simple python script that leverages scapy for discovering live hosts on a network.
5b9a1073a20d03e4e93144a5db6e630a62b90fb9f3bbaace030de8b42c127d90
Athena is a SSL cipher scanner. Unlike most scanners, rather than scanning the few ciphers openssl supports, it checks for every possible cipher by enumerating all 65536 cipher codes.
0186d8915b61e99df20eb35b58f7468b592c94275da88e1f632ef40e39db2829
bsqlbf is a script that tests for blind SQL injection vulnerabilities.
43ce6c12a717c9a6f73e091617d1a01bc30f58d6bcacd0ff404dd72d7deab870
Witchxtool is a perl script that consists of a port scanner, LFI scanner, MD5 bruteforcer, dork SQL injection scanner, fresh proxy scanner, and a dork LFI scanner.
3b07ac2beb17d889bb29196cd4ad335e183a17bfc2253989f49fea5b942a80ef