sqlsus is a MySQL injection and takeover tool, written in perl. Via a command line interface that mimics a mysql console, you can retrieve the database structure / contents, inject a SQL query, download files from the web server, upload and control a backdoor, and much more.
3ac31ec61fc3009c88c24749920a68b2abfeec486f2dfcc6a9678ed802e7e157
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
47ec0734e5807709802da023edf6ec49be71018d5f9ccec8e1b2a6553baaa0fc
WhatWeb next generation web scanner identifies what websites are running. Released at the Kiwicon conference (kiwicon.org) in Wellington, New Zealand. Written in Ruby for Linux. Flexible plugin architecture with over 60 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver.
7dd4420c9c4270ff82b2508a50149b6c683487083b7e706949972666a8657295
This tool enumerates hostnames and URLs from Google. It features antibot avoidance, search within a country, custom search appliance, output either hostnames or URLs, and custom search depth. Written in Bash for Linux.
aeaa5ee7e1288ae22a7fb24145c07239602f4b84fa6f4237e6090bab65dd8be2
This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
42c7c26f81e81970bb24710b0f5fa543bad39b49979aadca7945e248f12aba7c
Sambascan2 allows you to search an entire network or a number of hosts for SMB shares. It will also list the contents of all public shares that it finds. The difference between sambascan2 and other SMB viewers and scanners is that it will search everything using TCP/IP, and it will not send a lot of broadcast messages, so it can be used over LAN boundaries. It only uses SMB to list the shares and their contents.
ea26f18aa88817ae9a6c600d317c4f4f743ee8507b769a6b2d9c56902cafd888
ppscan is yet another portscanner. However, it can scan an entire Class C subnet for a range of ports not only using tcp-syn/tcp-connect but also by tunneling through HTTP proxies (either HTTP GET or HTTP CONNECT), or using FTP servers which allow arbitrary connections via PORT bounce method. It is multi-threaded, so it can blaze through connection attempts.
662c1cf506bf0d8bb74216f8ea2f0047e7c33238eb1860284b5d9c9fbb2ccc27
htrosbif is a tool that actively probes an HTTP server. It prods the Web server in all sorts of old, new, basic, fancy, spec-compliant, and spec-breaking ways. It tries to characterize both the well-spoken educated responses and the seriously deviant babble it receives in return. Signatures contain no user data, only header names and HTTP-level quirks. As a useful side effect, this might detect reverse proxies, HTTP load balancers, intrusion prevention systems, and Web application firewalls.
9f2e98af019d3b5445bede40d649c0dc8245787e77eeaa688ee2285e7c7efeb0
MapSweeper version 1.0 ping sweeping script.
78c58f4e6a6537b3dfef8851eccfd453b7b677c8f62d6b7760cde32ccbb49583
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
dc734ad1f8bdce30d7604c3eb4176dbaf92cf0e5c54d3ea12ec6cd3128e402ac
uwss is a web security scanner and used for testing security holes in web applications. It can act as a fuzzer whose objective is to probe the application with various crafted attack strings. uwss is built upon a modular concept.
f5889f915e9116c5d6e219bc6ac51f19112545db98937dc7898dbe14386f4937
ACE (Automated Corporate Enumerator) is a simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface. In the same way that the "corporate directory" feature of VoIP hardphones enables users to easily dial by name via their VoIP handsets, ACE was developed as a research idea born from "VoIP Hopper" to automate VoIP attacks that can be targeted against names in an enterprise Directory. The concept is that in the future, attacks will be carried out against users based on their name, rather than targeting VoIP traffic against random RTP audio streams or IP addresses. ACE works by using DHCP, TFTP, and HTTP in order to download the VoIP corporate directory. It then outputs the directory to a text file, which can be used as input to other VoIP assessment tools. ACE is a standalone utility, but its functions are integrated into UCSniff.
d5b4c5ef2b4537b8f6cb4ab98d0bfd6f34392477aafb0f492fd833f4f55aca49
Scannedonly is a samba VFS module that ensures that only files that have been scanned for viruses are visible and accessible to the end user. Scannedonly was developed because of scalability problems with samba-vscan. Scannedonly comes in two parts: a Samba VFS module and (one or more) daemons. The daemon scans files and marks them when they are known to be clean. The samba module simply filters out files that aren't marked clean.
9842b07d7ecd6d2ebf5d42b180dc29e13e74b4b56dd66cf96d7cdb6a0a156b70
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
36250f88b0f0698ce2d7b3675799c4f33449f1a9b5fd3d21cb6ba7a07a716149
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
7350552cefc567f7eb5f9f877f55aca96d41599543c7f10bbf9cf512d99d19e4
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
b4fcde370773c710927230c0d84100a4aaa2060eb497cf896a97d752b2856e87
MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache, MySQL, PHP) and WAMP (Windows, Apache, MySQL, PHP) platforms. It has the ability to upload and execute Metasploit shellcodes through the MySQL SQL Injection vulnerabilities.
97e06597309a5714f14fba6fa3ea6ae49105d79129f7455ebc3be206b0cab04a
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
24e96c74ab7f179042a146f12914546dc1c7a7d95b6ffe4238ef38490d616034
This is a quick and simple TCP port scanning utility written in PHP.
c0fbd6b658908af4cb4a3272dc3c7b366d57256efceaaa57640c208b9bea5c0c
This is a quick and simple TCP port scanning utility.
ca2361f0996c2deb8b4e5664c3723449c147a40f24187fda1f254d15ad72b61e
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
2389a66440d5635d196fccc4471fe836efc0c4f571071145d2159d57cd276797
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
250217ea75c2bc9d734031a5fdbcd9407e3c3c910c95de1378b359368cb5f07f
Hyenae is a highly flexible and platform independent network packet generator. It allows you to reproduce low level Ethernet attack scenarios (such as MITM, DoS, and DDoS) to reveal potential security vulnerabilities of your network. Besides smart wildcard-based address randomization, a highly customizable packet generation control, and an interactive attack assistant, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks.
c56bfbe97e29a46bf1cb1b30c024b38b31ee81e5be5d165417e22712be8c9faf
uwss is a web security scanner and used for testing security holes in web applications. It can act as a fuzzer whose objective is to probe the application with various crafted attack strings. uwss is built upon a modular concept.
13057a6d9a4ce6617d07316cf3ac864b76984cb10985c54168293dbc49851d8a
NullSearchAccess is a scanner that attempts default logins for various services like ftp, pop3, imap, mysql, and more.
a10a9044c809fd3349b9ec60b05ed552425f65705f4c73c9f835870f23fb0bbd