Simple IPv4 and IPv6 banner grabbing scripts.
57db79dc569f940f827eb9c541e6be8c77ec7cfd6f76c6ae864e6b3ed60a4cee
Sambascan2 allows you to search an entire network or a number of hosts for SMB shares. It will also list the contents of all public shares that it finds. The difference between sambascan2 and other SMB viewers and scanners is that it will search everything using TCP/IP, and it will not send a lot of broadcast messages, so it can be used over LAN boundaries. It only uses SMB to list the shares and their contents.
f080548939c756b572d90221a984e026776f38496e613223baa587ce31fd4150
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
366dbb0c9ae38973cee960408eb1a76ed6ff544f15855affaed93331face9491
Freewvs is a tool to search web roots for known vulnerable versions of web applications.
2e9c27f6e626fef7aa38d3e7b98a01a05a47689c85c5f26e63d231fdc715a024
PKMap is a functional packet manipulator/injector. It currently supports ETH/IP/TCP/UDP/ICMP/(R)ARP.
766b8918be4c6c569ead7cdfcca4cf9d11dad30b18816b81fc5ab9f016622d9e
Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.
43a552e512b8861681b69844961c7428f2bac3f6ad0e5fec9cf4a463e848fbb6
This Joomla scanner scans for known vulnerable remote file inclusion paths and files. Written in Python.
abb0310e8c6d9b179363d94f5398019494016c60f02f1dcfde8b84aa865c5a72
sqlninja is a small tool to exploit SQL injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable database server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a database Server when a SQL injection vulnerability has been discovered. It is written in perl and runs on Unix-like boxes.
e1f2978750e3d86dc04e6d185157d4936156bc2761f67fb73ff822ccd721f704
p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to the remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Note that this version is the win32 compiled version. Original code by Michal Zalewski, compiling by David Coomber.
dd38a277cf5f75bd141c92c52d4a943be4377fb60f3ec5a8fd8b6e6d380f4122
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
ac87bac78e9396f01d93b9abe1dab1d480a5be4898c824ca464ce1c82fca89a7
Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.
523cb75e2904a5baaab11420acd5d4ebab73e8744c2ba5ea5d3e5c18c17dcde8
sqlninja is a small tool to exploit SQL injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable database server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a database Server when a SQL injection vulnerability has been discovered. It is written in perl and runs on Unix-like boxes.
578cde4354497e37327dc9367a4441735803548cf1e9a405959cf506846daf48
SynScan is a fast half-open port scanner. This tool will send TCP packets with the SYN flag to any block of destination addresses at very high speed. SynScan endeavors to send traffic as fast as the host network interface can support.
3924cdfbf8c1a779b860432690b7cdfb61b87f7a8674b3c78b9a7593e21c3ed8
XSSscan is a cross site scripting scanner that can take output from google or can search one site. It is written in Python.
cbda61486e9490d7855d5c62130ff47ae78f5be4998bd44d5fec4cd851a1f840
squeeza is a tool helps exploits SQL injection vulnerabilities in broken web applications. Its functionality is split into creating data on the database (by executing commands, copying in files, issuing new SQL queries) and extracting that data through various channels (dns, timing, http error messages).
ed5de3ae05d77b7285523cc1c34484c73029565ace873988605f4b640b76d635
ndisc consists or two small command line tools (ndisc and rdisc) that perform ICMPv6 Neighbor Discovery and ICMPv6 Router Discovery respectively. It is primarily meant for IPv6 networking diagnostics or to detect rogue IPv6 nodes or routers on an Ethernet segment.
13f238cc03e43dd05020755b3a5ec57d3cfa1eecfba71dc00157d26351afe718
SQL Power Injector is a graphical application created in C# .Net 1.1 that helps the penetration tester to inject SQL commands on a web page. Its main strength is its capacity to automate tedious blind SQL injection with several threads. Released under the Clarified Artistic License.
8aedf196b1476d7ea434cf3da9360cb5515f5099e85f117ec149f034fa863bb6
proxyScan.pl is a security penetration testing tool to scan for hosts and ports through a Web proxy server. Features include various HTTP methods such as GET, CONNECT, HEAD as well as host and port ranges.
225317c491c73020a70f12fc88eb850b91684e2c7440b063846fe4562d4fab69
proxyScan.pl is a security penetration testing tool to scan for hosts and ports through a Web proxy server. Features include various HTTP methods such as GET, CONNECT, HEAD as well as host and port ranges.
1c2fa744beb99f46844eb518721c9c32d048bf7b15541d6acbef6457faedf066
ISR-sqlget is a blind SQL injection tool developed in Perl. It supports 20 databases, has various evasions features, SSL and proxy support, and more.
4ac98124e44160901dbd4f0fd6e7b92ffa530dcbfcbc73d2f2122fe5549a1093
sqlninja is a small tool to exploit SQL injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable database server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a database Server when a SQL injection vulnerability has been discovered. It is written in perl and runs on Unix-like boxes.
d018a3c450f2814616d6e10df371981fd19d86b0ea6ec4a05bb5734096679281
Pixy is an open source vulnerability scanner that audits PHP applications for SQL injection and cross site scripting vulnerabilities. It is written in Java and also performs automatic resolution of file inclusions.
50824432cbbb0d2d08b83b3f850b36829dbcd2cb0e67f5b30bea566423e3c709
p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to the remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Note that this version is the win32 compiled version. Original code by Michal Zalewski, compiling by David Coomber.
e5665aaef9dea1dbdd6c08e7f76453874a605f513f2c431e34a940104a886c8e
Port scanner that can perform SYN, FIN, NULL, and XMAS scans with options to perform them very slowly and in decoy mode.
2bcf0d84a7c42318177d48b119992c9c9bd61b342e62e2177213a4f763875e11
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
3d63f585dc5fcdbe56fc900d442168c00d79d149b4596cd0f514d17c8a2f28c3