exploit the possibilities
Showing 101 - 125 of 250 RSS Feed

Files

httprecon-1.3.zip
Posted Dec 12, 2007
Authored by Marc Ruef | Site computec.ch

httprecon is an advanced web server fingerprinting tool that makes use of nine test cases when mapping the target service. Win32 binary release.

tags | web
systems | windows
SHA-256 | 9cd458eff1ac5c4bfc1d2f1bc04c68bfa192fbc60705474af3aa7bbb0acd7305
cookietools-0.3.tgz
Posted Dec 12, 2007
Authored by Michele Dallachiesa | Site xenion.antifork.org

cookietools is comprised of three pieces. First, the cookiesniffer, which is a simple and powerful cookie sniffer that recognizes (through heuristics) and reconstructs (through libnids) new and existing HTTP connections, parsing any valid or partially valid HTTP message. The output is a set of files containing the gathered information with time-stamps in a format that can be trivially searched and parsed with standard UNIX tools such as grep, awk, cut and sed. It supports wireless (AP_DLT_IEEE802_11) networks. Second, there is a set of bash scripts that are used to quickly analyze the logs of cookiesniffer. In addition to this, there is the cookieserver that allows you to impersonate the cookies of someone else in your browser using the logs of cookiesniffer. This attack is also called "side-jacking", "cookie replay attack" and "HTTP session hijacking".

tags | web, bash
systems | unix
SHA-256 | 57cd19528911100ce510569166711f4c2c78f9296973227eebf715cfa948c68b
sqlime_source.zip
Posted Dec 11, 2007
Site securitycompass.com

SQL-Me is a Firefox Add-on tool that was designed to help test for SQL injection vulnerabilities in a given system.

tags | web, vulnerability, sql injection
SHA-256 | 6ce4a02bbb85a9c6c406b35e8f83efda006409c70e3a0585b9b57e72bfa25027
xssme_source-0.2.1.zip
Posted Dec 11, 2007
Site securitycompass.com

XSS-Me is a Firefox Add-on tool that was designed to help test for cross site scripting vulnerabilities in a given system.

tags | web, vulnerability, xss
SHA-256 | 6b9eae1b5cc54430f5eba46d847367a742d51ef3f9b20e6c935d8f20998d0138
swfintruder-0.9.tgz
Posted Dec 6, 2007
Authored by Stefano Di Paola | Site mindedsecurity.com

SWFIntruder (pronounced Swiff Intruder) is the first tool specifically developed for analyzing and testing security of Flash applications at runtime. Some features include predefined attack patterns, highly customizable attacks, semi-automated cross site scripting checks, and more.

tags | web, xss
SHA-256 | ed7bcff3fefd34be99edafb8554813713aebb26330bb5743201776c9eff34d1e
stproxy-0.9.1.tar.gz
Posted Nov 16, 2007
Authored by Adam Hurkala

stproxy is small and simple single-threaded HTTP/SSL proxy server released under the GNU General Public License (GPL). stproxy uses as little resources as possible, while still being very fast and efficient.

Changes: Added support for HEAD method.
tags | web
SHA-256 | 502c1cf67367a493af1d9d9ddce76442a9f3bb04215820ed5f86d54ddded2a1b
susanoo-0.1.tar.gz
Posted Nov 9, 2007
Authored by rugginello | Site rugginello.altervista.org

Susanoo is a simple editor written for Konqueror browser that allows for manipulation of cookies.

tags | web
SHA-256 | 97526b4b62ddc620bc9c854a2a10d2537201c7f9b4b7210b9616072b62cd1c7b
w3af-beta5.tar.bz2
Posted Oct 22, 2007
Authored by Andres Riancho | Site w3af.sourceforge.net

w3af, is a Web Application Attack and Audit Framework. The framework and the plugins are fully written in python. Each plugin will add a functionality like cross site scripting detection or SQL injection exploitation.

Changes: This version implements some really interesting features like virtual daemons and w3afAgents.
tags | web, xss, sql injection, python
SHA-256 | 67d891aa6500e7df47db2f09f38d9e2c51954964e0f2cf5cf740433665379e95
stproxy-0.9.tar.gz
Posted Oct 15, 2007
Authored by Adam Hurkala

stproxy is small and simple single-threaded HTTP/SSL proxy server released under the GNU General Public License (GPL). stproxy uses as little resources as possible, while still being very fast and efficient.

tags | web
SHA-256 | fe85a1ca11d02b59fb84092f78c148eca26f2675472f09b9aa513321a4b0e469
fscan-both.tgz
Posted Jul 25, 2007
Authored by Andres Tarasco | Site 514.es

Fast HTTP Auth Scanner is a new web security scanner for Windows that allows brute-force attacks against web based devices that require HTTP authentication. Source and binary included.

tags | web
systems | windows
SHA-256 | 6fdc2f841cacc72e9f514e6f59a51e63dafb283ee4928442ee10a184d4887dfb
w3af-10Jun2007.tar.bz2
Posted Jun 13, 2007
Authored by Andres Riancho | Site w3af.sourceforge.net

w3af, is a Web Application Attack and Audit Framework. The framework and the plugins are fully written in python. Each plugin will add a functionality like cross site scripting detection or SQL injection exploitation.

tags | web, xss, sql injection, python
SHA-256 | 4ae9586fc7aee75177c4c2701c8d94098691362cb60cee45a98b6e8a184d7ce1
FG-Injector-0.9a.tar.bz2
Posted Apr 21, 2007
Site flowgate.net

FG-Injector is a tool that leverages the pentester's work by facilitating the exploitation of SQL Injection vulnerabilities. It includes a a powerful proxy feature for intercepting and modifying HTTP requests, a network spy module to allow the analyst view HTTP requests and their corresponding responses and an inference engine for automating SQL injection exploitation. The Inference Engine Module of the FG-Injector Framework automates the generation and injection of SQL statements needed for exploitation of a Blind SQL Injection. This module will work also for regular injections using the same method. It can produce blind injections on web/app servers using MS SQL Server, MySQL, and PostgresSql DBMSs.

tags | web, vulnerability, sql injection
SHA-256 | 74b3c38d6f2099312260d15315e3efffa0931c01dbf652273a76ad062166cd72
Pound-2.3.tgz
Posted Apr 12, 2007
Authored by roseg | Site apsis.ch

Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.

Changes: Added display of configuration switches. Added grace period for shutdown.
tags | web
SHA-256 | 2aec3da07856ca2b53b834bdba8a820a130854e02426de41d8eabcf6c4c11606
FireCat.tgz
Posted Mar 20, 2007
Authored by Security Database Team | Site security-database.com

FireCat is a new Firefox Framework Map collection of the most useful security oriented extensions. It stands for FireFox Catalog of Auditing Toolbox. Included is a zip file of the extensions and a pdf that provides a diagram of everything included.

tags | web
SHA-256 | aca465934c0da88a77a3ac6cae3d2b74a86b5147c81b1dbe7dbef16a00a55f00
modsecurity-apache_2.1.0.tar.gz
Posted Mar 4, 2007
Site modsecurity.org

Mod Security is an intrusion detection and prevention engine for Web applications which operates as an Apache module or Java Servlet filter. Its purpose is to increase Web application security, protecting Web applications from known and unknown attacks. It is flexible and easy to configure, monitors HTTP traffic (including POST payload), enhances logging, performs automatic built-in checks, and simultaneously allows administrators to create custom rules for their individual needs.

Changes: Improved performance and reduced memory consumption (200% improvement). Includes the generic Web application security rules from the Core Rules project. The manual has been extensively improved.
tags | java, web
SHA-256 | fd37d64f7ffe193101da20f6e6e2016105de62948f3976aceaa96f636606fe74
mod_evasive_1.10.1.tar.gz
Posted Feb 5, 2007
Authored by Jonathan A. Zdziarski | Site zdziarski.com

Mod_evasive is a module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive reports abuses via email and syslog facilities. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from requesting the same page more than a few times per second or making more than 50 requests with the same child per second.

tags | web
SHA-256 | 07c45139aa313899484a900f0fc162b3e17eb4f60fe474d7f3dd6c9941e95667
stompy.tgz
Posted Jan 29, 2007
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

Stompy is a free tool to perform a fairly detailed black-box assessment of WWW session identifier generation algorithms. Session IDs are commonly used to track authenticated users, and as such, whenever they're predictable or simply vulnerable to brute-force attacks, we do have a problem.

tags | web
SHA-256 | dcd57db394e72ee795957f83e0d04d93a1be556851e9863fb99cda714b1c58de
Pound-2.2.tgz
Posted Dec 22, 2006
Authored by roseg | Site apsis.ch

Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.

Changes: Added the host to LogLevel 2. Added support for tcmalloc. Fixed problem with the initialisation of host_mut.
tags | web
SHA-256 | 316545c126f11be95deab5fb60d6a26e1aa644f9a8b5972219062ce6521e1491
refspoof.c
Posted Dec 8, 2006
Authored by softxor | Site bunnies.phpnet.us

Refspoof acts like a proxy server and is able to spoof your HTTP referrer and user-agent. This comes in handy to bypass certain authentication mechanisms or user-agent limitations for some download managers.

tags | web, spoof
SHA-256 | 462eb0a9eca7d32154fd32846ca63fb75e1f3e01df8a7c208d4a14265c2e4f38
googlegath.txt
Posted Dec 8, 2006
Authored by Matteo Cantoni | Site nothink.org

googlegath is a free open source utility to obtain informations through Google searches. It could be useful for penetration testing, security scanning, etc. googlegath has been tested on GNU/Linux, *BSD systems.

tags | web
systems | linux, bsd
SHA-256 | e754e380fcd9e0ba64eeb22cf691c7a8ed0da8b395cb718921623b3649666ab1
Pantera_Release_0.1.2.zip
Posted Nov 30, 2006
Authored by Pantera Proxy | Site owasp.org

OWASP Pantera Web Assessment Studio (WAS) is a mix between a pentest proxy, an application scanner and an intelligence analysis framework. Pantera leaves the analysis and automatic (repetitive) stuff to the engine, leaving only the important decisions to the security expert. It has been designed by professionals with many years of experience in the application security industry to offer users the necessary features required for them to create secure code. Pantera uses an improved version of SpikeProxy to provide a powerful web application analysis engine.

Changes: Tons of changes - See changelog.
tags | web
SHA-256 | 6b6f0f945f6969baff990576f81c26d86854929c43d50efce784a2d9273952a8
modsecurity-apache_2.0.4.tar.gz
Posted Nov 30, 2006
Site modsecurity.org

Mod Security is an intrusion detection and prevention engine for Web applications which operates as an Apache module or Java Servlet filter. Its purpose is to increase Web application security, protecting Web applications from known and unknown attacks. It is flexible and easy to configure, monitors HTTP traffic (including POST payload), enhances logging, performs automatic built-in checks, and simultaneously allows administrators to create custom rules for their individual needs.

Changes: Fixed some bugs.
tags | java, web
SHA-256 | 622c3478515c951189334aa9a60ae7e71dfbbc671d983bf2f4b732a5fdd230a1
proxychecker.txt
Posted Nov 27, 2006
Authored by b1ma | Site iko94.blogspot.com

HTTP proxy checking utility.

tags | web
SHA-256 | eec08c60dfe292551451ec91226d1e4a99c355b1e7cef9e6bfac347439032c2f
GSI.zip
Posted Nov 27, 2006
Authored by Jeffball55

Google Site Indexer (GSI) is a program designed to create a directory listing when a site has turned directory listing off. It sends requests to google using the site operator. Also it gets the sites robots.txt file.

tags | web
SHA-256 | ff1c4129776bb482f9d57c28d911fdf7853b9b621596cdea8bd543ec3b16845d
mod_securid-2.0.3.tar.gz
Posted Nov 27, 2006
Authored by Erwan Legrand | Site deny-all.com

The mod_securid Apache module implements RSA SecurID authentication for the Apache Web server. It allows administrators to restrict access to Web sites (or parts of Web sites) to users authenticated using a SecurID token and an ACE server.

Changes: Added configure script. Added process maintenance. Fixed a few bugs.
tags | web
SHA-256 | 87c2643540d71c6fdf5c119067c34b61e9d37872340eca467bdb8ec2afb42713
Page 5 of 10
Back34567Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Putin Promises To Bolster Russia's IT Security In Face Of Cyber Attacks
Posted May 20, 2022

tags | headline, hacker, russia, cyberwar
Homeland Security Pushes Pause On New Disinformation Board
Posted May 19, 2022

tags | headline, government, usa, censorship
This Russian Botnet Does Far More Than DDoS Attacks - And On A Massive Scale
Posted May 19, 2022

tags | headline, hacker, malware, russia, denial of service, botnet, fraud, spyware
Iran, China-Linked Gangs Join Putin's Disinformation War Online
Posted May 19, 2022

tags | headline, government, russia, china, fraud, cyberwar, iran
Two Military Satellites Just Communicated Using Space Lasers
Posted May 19, 2022

tags | headline, space, science
Hot Glare Of The Spotlight Doesn't Slow BlackByte Ransomware Gang
Posted May 19, 2022

tags | headline, hacker, malware, cybercrime, fraud, cryptography
2 Vulnerabilities With 9.8 Severity Rating Are Under Exploit. A 3rd Looms
Posted May 19, 2022

tags | headline, hacker, flaw
FBI And NSA Say: Stop Doing These 10 Things That Let Hackers In
Posted May 18, 2022

tags | headline, hacker, government, usa, fbi, nsa
Your Data Is Auctioned Off Up To 987 Times A Day, NGO Reports
Posted May 18, 2022

tags | headline, privacy, data loss
Hackers Compromise A String Of Discord Channels
Posted May 18, 2022

tags | headline, hacker, data loss, fraud
View More News →
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close