Joomla, Mambo, PHP-Nuke, and XOOPS CMS SQL injection vulnerability scanning tool written in Python.
a41f8044b60180a66a0dcaad4b63e48e9323a4faf732e5f20993458571fc225f
FTP_AnoScan is a FTP scanner that can scan a range of IPs looking for servers that allow anonymous logins. Written for Linux.
770a6f10efe40f8336141be7d9de8569932428bbf02310b5e72fa553f17baba3
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
918dfe42d7a552e44b74c2bf3ba49f7a160d0c31f093cfbdc4efdf4bd73fc1f8
Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.
8ca227a5185935eb4e9d9d9589b2b5a530796988f05cb346e009c89cdf86cd5d
dnsenum is a perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results. It has been completely revamped.
f8636376e43c759a0d0628986a8bd7bd7030180cdc08f6e862adb14954b7570b
Pixy is an open source vulnerability scanner that audits PHP applications for SQL injection and cross site scripting vulnerabilities. It is written in Java and also performs automatic resolution of file inclusions.
1efbf5349ce56b1930fd159abf9a3d580eadd4627972551442bb1397a4c8ef46
Joomla SQL injection Scanner version 1.0. With the constant SQL injection vulnerabilities being discovered in relation to Joomla, it was only a matter of time.
7813dfb29e8d821329e907039666b94df576197d3b9b3a2d6a2a8f70e3749ef6
Goolag Scanner version 1.0. This tool has been released by the Cult of the Dead Cow to automate Google hacking using 1,500 predefined search queries.
052f30701a3f98d4097362ef486c4e09cecdf65778832bd34781b2d744896d38
ndisc consists or two small command line tools (ndisc and rdisc) that perform ICMPv6 Neighbor Discovery and ICMPv6 Router Discovery respectively. It is primarily meant for IPv6 networking diagnostics or to detect rogue IPv6 nodes or routers on an Ethernet segment.
72a75674e179fc52e370a4dd672fdca8b540291d34e593cfe2e032fd4ca35a13
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
9c097761644f7cbf79a72b6aadd95384ab2965187bb8d9f8346c7de9905db08d
sqlninja is a small tool to exploit SQL injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable database server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a database Server when a SQL injection vulnerability has been discovered. It is written in perl and runs on Unix-like boxes.
7c30080e8050ed7d3ed1826455aabcf4ab87b6721f47fdf13eecd99f5a4e65b7
SQL injection digger is a command line program that looks for SQL injections and common errors in websites.
b76ba9f76bdaeffbdf068c3668af79e1c700692ab288ce7f8cdb25c51dbb034d
PortBunny is a Linux-kernel-based port-scanner created by Recurity Labs. Its aim is to provide a reliable and fast TCP-SYN-port-scanner which performs sophisticated timing based on the use of so called "trigger"-packets. The port-scan is performed in 2 steps: First the scanner tries to find packets, to which the target responds ("triggers"). Second, the actual port-scan is performed. During the scan, the triggers, which were found in the first scanning-phase, are used to determine the optimal speed at which the target may be scanned.
cfe1e5b84b66577299d920dd6f1a1637e948dd4fb2a75ab5265de273ffb6287c
This code searches for Google Calendar accounts which exist and are not password protected.
3151bb236822f342ed070d2d4b6ddae739cbb33cf4ba0c9777a56abb9f7bb51b
SynScan is a fast half-open port scanner. This tool will send TCP packets with the SYN flag to any block of destination addresses at very high speed. SynScan endeavors to send traffic as fast as the host network interface can support.
9bdddf9e48546043929eba3971edc11896b208e153617cd8f66f0af0cd74afa9
SSLScan queries SSL services, such as HTTPS, in order to determine the ciphers that are supported. SSLScan is designed to be easy, lean and fast. The output includes preferred ciphers of the SSL service, the certificate and is in Text and XML formats.
37d90fe847bc0e7dd4ac661c9f868006d3b26eb524342bd5642889ac61308ec2
SEAT (Search Engine Assessment Tool) is the next generation information digging application geared toward the needs of security professionals. SEAT uses information stored in search engine databases, cache repositories, and other public resources to scan a site for potential vulnerabilities. It's multi-threaded, multi-database, and multi-search-engine capabilities permit easy navigation through vast amounts of information with a goal of system security assessment. Furthermore, SEAT's ability to easily process additional search engine signatures as well as custom made vulnerability databases allows security professionals to adapt SEAT to their specific needs.
1dca56a6f60d703faf1e555a7c458656e20afac2c3cc327143a474f79f5a3b53
ndisc consists or two small command line tools (ndisc and rdisc) that perform ICMPv6 Neighbor Discovery and ICMPv6 Router Discovery respectively. It is primarily meant for IPv6 networking diagnostics or to detect rogue IPv6 nodes or routers on an Ethernet segment.
3aadf5d1f3b4620833527511ee700a2f0365a10d62219ece882ca6424e8ffe0c
Hellsing is a utility designed for attacking web applications. It supports multiple vulnerabilities through the use of a configuration file.
fa12112c421352c6709b3bd8f058ca8e74db0f717e92ecfe0d1a694c9a5ff494
This Joomla scanner scans for known vulnerable remote file inclusion paths and files. Written in Python.
45604294ef244a79ebe8850f4cab7ce49371c432e2c1496f411076ba40665cd3
gwcheck is a simple program that checks if a host in an ethernet network is a gateway to Internet.
bbd330c1df80d2586e3ecb1e5671a1a0b3aef4ffd54dd4ef27c45ffaaa50491c
NMB Scanner scans the shares of a SMB network, using the NMB and SMB protocols. It is useful for acquiring information on a local area network for such purposes as security auditing. It can obtain such information as NMB/SMB/Windows hostname, IP address, IP hostname, ethernet MAC address, Windows username, NMB/SMB/Windows domain name, and master browser. It can discover all the NMB/SMB/Windows hosts on a local area network by using the hosts lists maintained by master browsers.
e5f55548e256ded0dd8fc9067ac5c4a5df3d4d7489e871e2bd9b84ce04c7efeb
Unicornscan is a new information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL license. Unicornscan is an attempt at a User-land Distributed TCP/IP stack. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network.
06c1e7f7471bcf6d34f0094b8fe4fa117dd945f91e0a0c1c2575e12465f0e2ec
This is a simple proxy tool that checks for the HTTP CONNECT method and grabs verbose output from a webserver. It is primarily useful when verifying false positives from automated vulnerability assessment tools.
203ad5690055cb97040a956a45aea7128a31b0d77823f608d16c161a7e50eecc
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
a5049331fd404514f4b723536db88d3b79b8b21537ecdf2d617a888b84101b37