Menu


Trythis0ne
Do you program in Assembly? she asked. NOP, he said.- Unknown
Currently there are 34 tools in the list.
Tool:  Description:
Scanners:
Nmap: - Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services those hosts are offering, what operating systems they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and both console and graphical versions are available.
p0f - P0f is quite useful for gathering all kinds of profiling information about your users, customers or attackers (IDS, honeypot, firewall), tech espionage, active or passive policy enforcement (restricting access for certain systems or otherwise handling them differently; or detecting guys with illegal network hookups using masquerade detection), content optimization, pen-testing (especially with SYN+ACK and RST+ACK modes), thru-firewall fingerprinting... plus all the tasks active fingerprinting is suitable for. And, of course, it has a high coolness factor, even if you are not a sysadmin.
Nessus Security Scanner: - Nessus vulnerability scanner, is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks.
Nikto: - Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).
Nemesis: - Nemesis is a command-line network packet injection utility for UNIX-like and Windows systems. You might think of it as an EZ-bake packet oven or a manually controlled IP stack. With Nemesis, it is possible to generate and transmit packets from the command line or from within a shell script. Nemesis is developed and maintained by Jeff Nathan.
Reverese Engineering:
Axe: - With AXE you can type, cut, copy, paste, insert, and delete hex, ASCII, or Unicode text. You can drag and drop from one document to another, you can product text or HTML reports. You can open extra synchronized views of a document. You can goto, find, replace, and jump. You can mark changed areas, mark interesting areas, mark areas that differ from another version of the document, set bookmarks, and zoom the view in and out to see it all clearly.
Ollydbg: - OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasison binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg is a shareware, but you can download and useit for free.
IDAPro: - IDA Pro is a Windows or Linux hosted multi-processor disassembler and debugger that offers so many features it is hard to describe them all. Just grab an evaluation version if you want a test drive. An executive summary is provided for the non-technical user.
.NET Reflector - .NET Reflector enables you to easily view, navigate, and search through, the class hierarchies of .NET assemblies, even if you don't have the code for them. With it, you can decompile and analyze .NET assemblies in C#, Visual Basic, and IL.
PEID - PEiD detects most common packers, cryptors and compilers for PE files. It can currently detect more than 600 different signatures in PE files.
HexWorkshop: - Hex Workshop Hex Editor is a set of hexadecimal development tools for Microsoft Windows, combining advanced binary editing with the ease and flexibility of a word processor. With Hex Workshop you can edit, cut, copy, paste, insert, and delete hex, print customizable hex dumps, and export to RTF or HTML for publishing. Additionally you can goto, find, replace, compare, calculate checksums, add smart bookmarks, color map, and generate character distributions within a sector or file.
Steganography:
Mp3stegz - mp3stegz is an application that apply steganographic algorithm in mp3 files. mp3stegz will maintain original mp3 file's size and sound quality. The hidden message is compressed(zlib) and encrypted(Rijndael).
Max File Encryption - Max File Encryption is a powerful yet easy-to-use encryption/steganography software that will help you protect your confidential information. With Max File Encryption, you can encrypt files of any type (including Microsoft Word, Excel and PowerPoint documents), hide files and also create self decrypting packages. The program uses the strong and ultra-secure Blowfish encryption algorithm that ensures your data safety.
Snow - The program snow is used to conceal messages in ASCII text by appending whitespace to the end of lines. Because spaces and tabs are generally not visible in text viewers, the message is effectively hidden from casual observers. And if the built-in encryption is used, the message cannot be read even if it is detected.
TROJAN - TROJAN is a steganography software developed for the purpose of hiding data inside images. The source of the data can be various: text messages or binary files. In both cases you are free to select the password to additionaly protect your data. There are number of different input image file formats supported: *.bmp, *.jpg, *.gif, *.mng, *.png, *.pcx, *.tga, *.tif. There are also three output image file formats supported: *.bmp, *.png, *.tif. TROJAN is released under a freeware licence, so it can be used by unlimited number of users and installed on unlimited number of machines
StegSpy - StegSpy is a program always in progress. The latest version includes allows identification of a “steganized” file. StegSpy will detect steganography and the program used to hide the message. The lastest version also identifies the location of the hidden content as well. StegSpy currently identifies the following programs: -Hiderman. -JPHideandSeek. Masker. JPegX. Invisible Secrets.
Anonymous:
Tor: - Tor is a software project that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.
Eraser - Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is Free software and its source code is released under GNU General Public License.
PuTTY: - PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. It is written and maintained primarily by Simon Tatham.
Hacking:
Metasploit - Metasploit is an open-source exploit framework written for unix with mainly windows exploits. Nice tool to write and test your own + exploit into any pc/site with existing payloads. Also comes with online ROR version.
Cookie Editor: - Cookie Editor is an application that helps you manage cookies set by Internet Browsers. Cookie Editor allows you to maintain the level of your privacy by allowing you to see, edit or delete any unwanted cookies. It searches your drives for all IE cookies then displays them is easy grid-like format. You can examine content of any cookie or delete it. For advanced users, you can also edit the contents of cookies. So, for example, if you want to change your zip code for 'movies.yahoo.com', or move up the expiration date of a given cookie, you could do so without even opening your browser!
Goolag - cDc (Cult of the Dead Cow) recently released a GUI driven tool for Google Hacking called Goolag. Google Dorks have been around for several years and have been researched most assiduously by Johnny I Hack Stuff.
Password Crackers:
John the Ripper: - John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
Cain and Abel: - Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
Rainbowcrack: - RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table".
Ophcrack: - Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.
Sniffers:
Wireshark: - Wireshark is a powerful network protocol analyzer developed by an international team of networking experts. It runs on UNIX, OS X and Windows.
Kismet: - Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic. Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic.
EtherDetect: - EffeTech HTTP Sniffer is a HTTP packet sniffer, protocol analyzer and file reassembly software based on windows platform. Unlike most other sniffers, it is dedicated to capture IP packets containing HTTP protocol, rebuild the HTTP sessions, and reassemble files sent through HTTP protocol. Its smart real-time analyzer enables on-the-fly content viewing while capture, analyze, parse and decode HTTP protocol.
AirCrack: - aircrack is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, thus making the attack much faster compared to other WEP cracking tools. In fact, aircrack is a set of tools for auditing wireless networks.
Burp Suite: - Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, downstream proxies, logging, alerting and extensibility. Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, scan, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.
Scapy: - Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc'
Echo Mirage - Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function calls so that data transmitted and received by local applications can be observed and modified. Windows encryption and OpenSSL functions are also hooked so that plain text of data being sent and received over an encrypted session is also available. Traffic can be intercepted in real-time, or manipulated with regular expressions and action scripts
FTester - The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for such marked packets. The scripts both write a log file which is in the same form for both scripts. A diff of the two produced files (ftest.log and ftestd.log) shows the packets that were unable to reach the sniffer due to filtering rules if these two scripts are ran on hosts placed on two different sides of a firewall. Stateful inspection firewalls are handled with the ‘connection spoofing’ option. A script called freport is also available for automatically parse the log files.
Do you know a nice tool?

If you know a nice tool that not appear in this list- please, send to us an E-mail with the details.
Thanks:

barkalmi
TryThis0ne - Hacking Challenges.
TryThis0ne 2005-2014© :: Codingr :: B~HFH :: cp77fk4r :: There are 13319 accounts in this site. 90620 People has logged on to this site. Design By SBD