 |
Menu |
 |
|
|
|
|
Trythis0ne |
|
 I wonder what Jesus would do if He had to reload Windows 95 for the eighth time today?- Unknown |
|
Currently there are 34 tools in the list.
| Tool: |
|
Description: |
|
Scanners:
|
|
Nmap:
|
- |
Nmap ("Network Mapper") is a free and open source (license) utility for network
exploration or security auditing. Many systems and network administrators also
find it useful for tasks such as network inventory, managing service upgrade
schedules, and monitoring host or service uptime. Nmap uses raw IP packets in
novel ways to determine what hosts are available on the network, what services
those hosts are offering, what operating systems they are running, what type
of packet filters/firewalls are in use, and dozens of other characteristics.
It was designed to rapidly scan large networks, but works fine against single
hosts. Nmap runs on all major computer operating systems, and both console and
graphical versions are available.
|
|
p0f
|
- |
P0f is quite useful for gathering all kinds of profiling information about
your users, customers or attackers (IDS, honeypot, firewall), tech espionage,
active or passive policy enforcement (restricting access for certain systems
or otherwise handling them differently; or detecting guys with illegal network
hookups using masquerade detection), content optimization, pen-testing
(especially with SYN+ACK and RST+ACK modes), thru-firewall fingerprinting...
plus all the tasks active fingerprinting is suitable for. And, of course, it
has a high coolness factor, even if you are not a sysadmin.
|
|
Nessus Security Scanner:
|
- |
Nessus vulnerability scanner, is the world-leader in active scanners, featuring
high speed discovery, configuration auditing, asset profiling, sensitive data
discovery and vulnerability analysis of your security posture. Nessus scanners
can be distributed throughout an entire enterprise, inside DMZs, and across
physically separate networks.
|
|
Nikto:
|
- |
Nikto is an Open Source (GPL) web server scanner which performs comprehensive
tests against web servers for multiple items, including over 3500 potentially
dangerous files/CGIs, versions on over 900 servers, and version specific problems
on over 250 servers. Scan items and plugins are frequently updated and can be
automatically updated (if desired).
|
|
Nemesis:
|
- |
Nemesis is a command-line network packet injection utility for UNIX-like and
Windows systems. You might think of it as an EZ-bake packet oven or a manually
controlled IP stack. With Nemesis, it is possible to generate and transmit
packets from the command line or from within a shell script. Nemesis is
developed and maintained by Jeff Nathan.
|
|
Reverese Engineering:
|
|
Axe:
|
- |
With AXE you can type, cut, copy, paste, insert, and delete hex, ASCII, or Unicode
text. You can drag and drop from one document to another, you can product text or
HTML reports. You can open extra synchronized views of a document. You can goto,
find, replace, and jump. You can mark changed areas, mark interesting areas, mark
areas that differ from another version of the document, set bookmarks, and zoom the
view in and out to see it all clearly.
|
|
Ollydbg:
|
- |
OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows.
Emphasison binary code analysis makes it particularly useful in cases where
source is unavailable. OllyDbg is a shareware, but you can download and useit
for free.
|
|
IDAPro:
|
- |
IDA Pro is a Windows or Linux hosted multi-processor disassembler and debugger
that offers so many features it is hard to describe them all. Just grab an
evaluation version if you want a test drive. An executive summary is provided
for the non-technical user.
|
|
.NET Reflector
|
- |
.NET Reflector enables you to easily view, navigate, and search through,
the class hierarchies of .NET assemblies, even if you don't have the code
for them. With it, you can decompile and analyze .NET assemblies in C#,
Visual Basic, and IL.
|
|
PEID
|
- |
PEiD detects most common packers, cryptors and compilers for PE files.
It can currently detect more than 600 different signatures in PE files.
|
|
HexWorkshop:
|
- |
Hex Workshop Hex Editor is a set of hexadecimal development tools for Microsoft
Windows, combining advanced binary editing with the ease and flexibility of a
word processor. With Hex Workshop you can edit, cut, copy, paste, insert, and
delete hex, print customizable hex dumps, and export to RTF or HTML for
publishing. Additionally you can goto, find, replace, compare, calculate
checksums, add smart bookmarks, color map, and generate character distributions
within a sector or file.
|
|
Steganography:
|
|
Mp3stegz
|
- |
mp3stegz is an application that apply steganographic algorithm in mp3 files.
mp3stegz will maintain original mp3 file's size and sound quality. The
hidden message is compressed(zlib) and encrypted(Rijndael).
|
|
Max File Encryption
|
- |
Max File Encryption is a powerful yet easy-to-use encryption/steganography
software that will help you protect your confidential information. With
Max File Encryption, you can encrypt files of any type (including Microsoft
Word, Excel and PowerPoint documents), hide files and also create self
decrypting packages. The program uses the strong and ultra-secure Blowfish
encryption algorithm that ensures your data safety.
|
|
Snow
|
- |
The program snow is used to conceal messages in ASCII text by appending
whitespace to the end of lines. Because spaces and tabs are generally
not visible in text viewers, the message is effectively hidden from
casual observers. And if the built-in encryption is used, the message
cannot be read even if it is detected.
|
|
TROJAN
|
- |
TROJAN is a steganography software developed for the purpose of
hiding data inside images. The source of the data can be various: text
messages or binary files. In both cases you are free to select the
password to additionaly protect your data. There are number of different
input image file formats supported:
*.bmp, *.jpg, *.gif, *.mng, *.png, *.pcx, *.tga, *.tif.
There are also three output image file formats
supported: *.bmp, *.png, *.tif.
TROJAN is released under a freeware licence, so it can be used by
unlimited number of users and installed on unlimited number of machines
|
|
StegSpy
|
- |
StegSpy is a program always in progress. The latest version includes
allows identification of a “steganized” file. StegSpy will detect
steganography and the program used to hide the message. The lastest
version also identifies the location of the hidden content as well.
StegSpy currently identifies the following programs:
-Hiderman.
-JPHideandSeek.
Masker.
JPegX.
Invisible Secrets.
|
|
Anonymous:
|
|
Tor:
|
- |
Tor is a software project that helps you defend against traffic analysis, a
form of network surveillance that threatens personal freedom and privacy,
confidential business activities and relationships, and state security. Tor
protects you by bouncing your communications around a distributed network of
relays run by volunteers all around the world: it prevents somebody watching
your Internet connection from learning what sites you visit, and it prevents
the sites you visit from learning your physical location. Tor works with many
of your existing applications, including web browsers, instant messaging clients,
remote login, and other applications based on the TCP protocol.
|
|
Eraser
|
- |
Eraser is an advanced security tool (for Windows), which allows you to
completely remove sensitive data from your hard drive by overwriting it
several times with carefully selected patterns. Works with Windows 95, 98,
ME, NT, 2000, XP and DOS. Eraser is Free software and its source code is
released under GNU General Public License.
|
|
PuTTY:
|
- |
PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms,
along with an xterm terminal emulator. It is written and maintained primarily
by Simon Tatham.
|
|
Hacking:
|
|
Metasploit
|
- |
Metasploit is an open-source exploit framework written for unix with mainly
windows exploits. Nice tool to write and test your own + exploit into any
pc/site with existing payloads. Also comes with online ROR version.
|
|
Cookie Editor:
|
- |
Cookie Editor is an application that helps you manage cookies set by Internet
Browsers. Cookie Editor allows you to maintain the level of your privacy by
allowing you to see, edit or delete any unwanted cookies. It searches your
drives for all IE cookies then displays them is easy grid-like format. You
can examine content of any cookie or delete it. For advanced users, you can
also edit the contents of cookies. So, for example, if you want to change your
zip code for 'movies.yahoo.com', or move up the expiration date of a given
cookie, you could do so without even opening your browser!
|
|
Goolag
|
- |
cDc (Cult of the Dead Cow) recently released a GUI driven tool for Google Hacking
called Goolag. Google Dorks have been around for several years and have been
researched most assiduously by Johnny I Hack Stuff.
|
|
Password Crackers:
|
|
John the Ripper:
|
- |
John the Ripper is a fast password cracker, currently available for many flavors
of Unix (11 are officially supported, not counting different architectures),
Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix
passwords. Besides several crypt(3) password hash types most commonly found
on various Unix flavors, supported out of the box are Kerberos AFS and Windows
NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
|
|
Cain and Abel:
|
- |
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It
allows easy recovery of various kind of passwords by sniffing the network,
cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis
attacks, recording VoIP conversations, decoding scrambled passwords, recovering
wireless network keys, revealing password boxes, uncovering cached passwords
and analyzing routing protocols.
|
|
Rainbowcrack:
|
- |
RainbowCrack is a general propose implementation of Philippe Oechslin's faster
time-memory trade-off technique. In short, the RainbowCrack tool is a hash
cracker. A traditional brute force cracker try all possible plaintexts one by
one in cracking time. It is time consuming to break complex password in this
way. The idea of time-memory trade-off is to do all cracking time computation
in advance and store the result in files so called "rainbow table".
|
|
Ophcrack:
|
- |
Ophcrack is a free Windows password cracker based on rainbow tables. It is a
very efficient implementation of rainbow tables done by the inventors of the
method. It comes with a Graphical User Interface and runs on multiple
platforms.
|
|
Sniffers:
|
|
Wireshark:
|
- |
Wireshark is a powerful network protocol analyzer developed by an international
team of networking experts. It runs on UNIX, OS X and Windows.
|
|
Kismet:
|
- |
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion
detection system. Kismet will work with any wireless card which supports raw
monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.
Kismet identifies networks by passively collecting packets and detecting
standard named networks, detecting (and given time, decloaking) hidden networks,
and infering the presence of nonbeaconing networks via data traffic.
|
|
EtherDetect:
|
- |
EffeTech HTTP Sniffer is a HTTP packet sniffer, protocol analyzer and file
reassembly software based on windows platform. Unlike most other sniffers,
it is dedicated to capture IP packets containing HTTP protocol, rebuild the
HTTP sessions, and reassemble files sent through HTTP protocol. Its smart
real-time analyzer enables on-the-fly content viewing while capture, analyze,
parse and decode HTTP protocol.
|
|
AirCrack:
|
- |
aircrack is an 802.11 WEP and WPA-PSK keys cracking program that can recover
keys once enough data packets have been captured. It implements the standard
FMS attack along with some optimizations like KoreK attacks, thus making the
attack much faster compared to other WEP cracking tools. In fact, aircrack is
a set of tools for auditing wireless networks.
|
|
Burp Suite:
|
- |
Burp Suite is an integrated platform for attacking web applications. It contains
all of the Burp tools with numerous interfaces between them designed to facilitate
and speed up the process of attacking an application. All tools share the same
robust framework for handling HTTP requests, persistence, authentication, downstream
proxies, logging, alerting and extensibility.
Burp Suite allows you to combine manual and automated techniques to enumerate,
analyse, scan, attack and exploit web applications. The various Burp tools work
together effectively to share information and allow findings identified within
one tool to form the basis of an attack using another.
|
|
Scapy:
|
- |
Scapy is a powerful interactive packet manipulation program. It is able to forge
or decode packets of a wide number of protocols, send them on the wire, capture
them, match requests and replies, and much more. It can easily handle most
classical tasks like scanning, tracerouting, probing, unit tests, attacks or
network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping,
tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other
specific tasks that most other tools can't handle, like sending invalid frames,
injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache
poisoning, VOIP decoding on WEP encrypted channel, ...), etc'
|
|
Echo Mirage
|
- |
Echo Mirage is a generic network proxy. It uses DLL injection and function
hooking techniques to redirect network related function calls so that data
transmitted and received by local applications can be observed and modified.
Windows encryption and OpenSSL functions are also hooked so that plain text
of data being sent and received over an encrypted session is also available.
Traffic can be intercepted in real-time, or manipulated with regular
expressions and action scripts
|
|
FTester
|
- |
The tool consists of two perl scripts, a packet injector (ftest) and the
listening sniffer (ftestd). The first script injects custom packets, defined
in ftest.conf, with a signature in the data part while the sniffer listens
for such marked packets. The scripts both write a log file which is in the
same form for both scripts. A diff of the two produced files (ftest.log and
ftestd.log) shows the packets that were unable to reach the sniffer due to
filtering rules if these two scripts are ran on hosts placed on two different
sides of a firewall. Stateful inspection firewalls are handled with the
‘connection spoofing’ option. A script called freport is also available
for automatically parse the log files.
|
| Do you know a nice tool? |
If you know a nice tool that not appear in this list- please, send to us an E-mail with the details.
|
TryThis0ne - Hacking Challenges.
|
 |
|
|
|
