Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.
e5c56aed374969acc0d9b93fac8849bb83482705761f98a010ffad11047b6ca6p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to the remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Note that this version is the win32 compiled version. Original code by Michal Zalewski, compiling by David Coomber.
b1b3a50167e875ae8a49b1069e893267ee5dd2ab3c6ef6b733760e63b4bdc904arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received. It allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details. These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.
f50e2f3a2ec6cfe4e4d15a6de0cfb5c707b7e703687800deb35456f914492ee4Porkbind is a robust and recursive DNS server vulnerability scanner which retrieves version.bind information for the nameservers and produces a report.
e2042cffd50725e3631e0d348b420eb2d16764850cc6974805a852d7d3ec9889fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
1e6c3e28b8679bb9a5c15fa9668268056d2e47050ed2da83b24ea5d18ccfae08Python script that cracks a 256-bit WPA-PSK hash (64 char) using wpa_passphrase and a wordlist.
64f83af457754e31a3d03e207fb755e633bab664fab632e28121f6d198cb0ca0PKtAnon performs network trace anonymization. It is highly configurable and uses anonymization profiles. Anonymization profiles allow for mapping of arbitrary anonymization primitives to protocol attributes, thus providing high flexibility and easy usability. A huge number of anonymization primitives and network protocols are supported and ready to use for online and offline anonymization.
7d45e23f5e5ba5c2813a0c9087dd4c80a009fe688cb0243269ad42a6d00b293bdnsenum is a perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. It has been completely revamped.
012840d5f521fcaf033cb67e1dbeee5f49398700d9da40ab5af751a15ceb0760Bsqlbf was originally written by A. Ramos from www.514.es and was intended to exploit blind sql injection against mysql backend database. This is a modified version of the same tool. It supports blind sql injection against the following databases: MS-SQL, MY-SQL, PostgresSQL, and Oracle.
c091db89e6b694d98f6c7efbfa64437271a49377901cfc83e7daae6a73b121f3fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
dcb1e7c56142881d9ede36c33467ced19afcf30898134c38a0ad4b49b7a7dc3cThis code utilizes the p0f derived OS signature database of disco to actively fingerprint operating systems. It is able to fingerprint hosts based on a single SYN-ACK received from a probed port, and as such can be used to identify multiple hosts NAT Masquerading behind a single IP.
865238503c148718bb001eb113497666968941a9099c1924ac39f4004ddbb782fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
38f028cd62f36b27e390174472bbd35cf86b5d227e6acfb91353c80aef0b6ca0This Ruby code will test a specified Host's SSL certificate against the Debian-based blacklist of keys (RSA 2048 and DSA 1024) generated during the period where openssl on Debian-based installs suffered from a weakness in random number generation. Note that the blacklist is embedded in the code so the file is about 23 MB.
288124a67c707a0fcf89edfbedf7c4788dd853dd55871cba94ecfe308e0ea1aeLynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
e312925c3a88adcbaf242f9a2e1d47c30c9041b15512ec09273576dc7eec87fdsqlninja is a small tool to exploit SQL injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable database server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a database Server when a SQL injection vulnerability has been discovered. It is written in perl and runs on Unix-like boxes.
48b7d75f816a3c6179dc709399e74dcd9a38412988214346216298cd265d1f0cDebian OpenSSL weak client Diffie-Hellman Exchange checker version 0.1.
f751596b32f587e79025ba709c16d9fdad9f31526709e13da3da0d3110928de6Volatile is an automatic SQL injection exploitation tool that takes advantage of applications discovered in search results and attempts to leverage xp_cmdshell.
edad62c53111bcd7fee6eb2bdddc7b3d981d4df4a09d216896a0b1023d7afaa3SQL Playground (SP) is a tool written in Perl that aims to exploit SQL injection vulnerabilities while presenting itself in a command line shell. Full paper provided to explain use.
75be991fcf358733f7aba32f37159a14403e1e0a1f2ac6105973847c1f6b3010Blind SQL injection tool for MySQL servers using a true-false method. You can obtain MySQL information and extract data from tables without the use of quotes.
6b79a23433909018cede551c9ed5088439fea762c64d36abaf2a90dab8f7a976fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
9fea0328c9bc110b187da529ec186ac3bb3ba08ef95dde78f1b50625942b5a35FTPNullSearch is a FTP scanner that can scan a range of IPs looking for servers that allow anonymous logins. Written for Linux.
a91386c0c329e353023f79d969c12450058c95171a3888661eccbe4d0319d520ProxyStrike is an active Web Application Proxy and is a tool designed to find vulnerabilities while browsing an application. It current has SQL injection and cross site scripting modules. This is the Windows version. Written in Python.
da770b4014ebd251157864ec374ad5b81d1ca7e37682b8813de1fb246c9ae242ProxyStrike is an active Web Application Proxy and is a tool designed to find vulnerabilities while browsing an application. It current has SQL injection and cross site scripting modules. This is the Linux / Mac OSX version. Written in Python.
6911c85050d2dd1521c1b8f2b5f0a8a6bbc3fe11c7e60d55551550068026cde6Simple and compact TCP port scanner.
fd6d5f859bbcc997a354b1cb06ac667dcbd4040bcf8153ee871ddfd39c502986The Goolag Scanner is a tool that has been released by the Cult of the Dead Cow to automate Google hacking using 1,500 predefined search queries.
b0e95f32dd1a7d1debe5e540a6fc6f3cf116c92fdddd1737461b586fd3b66187
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed