SET 3.6
svn co http://svn.trustedsec.com/social_engineering_toolkit set/
Bro v2.1 BETA
Network Analysis Framework
Virus Factory 1.0.0 [By LittleSpy]
FUD Drive-By Generator
Icon Changer & File Pumper
TnX Little Spy
Download
Xplico v0.7.0
The goal of Xplico is extract from an internet traffic capture the
applications data contained. For example, from a pcap file Xplico
extracts each email (POP, IMAP, and
SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP,
and so on. Xplico isn’t a network protocol analyzer. Xplico is an open
source Network Forensic Analysis Tool (NFAT).
Xplico is released under the GNU General Public License and with
some scripts under Creative Commons Attribution-NonCommercial-ShareAlike
3.0 Unported (CC BY-NC-SA 3.0) License
slowhttptest 1.1
Slow
HTTP DoS attacks rely on the fact that the HTTP protocol, by design,
requires requests to be completely received by the server before they
are processed. If an HTTP request is not complete, or if the transfer
rate is very low, the server keeps its resources busy waiting for the
rest of the data. If the server keeps too many resources busy, this
creates a denial of service. This tool is sending partial HTTP requests,
trying to get denial of service from target HTTP server.
This tool actively tests if it's
possible to acquire enough resources on HTTP server by slowing down
requests to get denial of service at application layer.
the Interceptor
The Interceptor is a wireless wired network tap. Basically, a network
tap is a way to listen in to network traffic as it flows past. I haven't
done extensive research but all the ones I found when looking passed
the copy of the traffic onto a specified wired interface which was then
plugged into a machine to allow a user to monitor the traffic. The
problem with this is that you have to be able to route the data from
that wired port to your monitoring machine either through a direct cable
or through an existing network. The direct cable method means your
monitor has to be near by the location you want to tap, the network
routing means you have to somehow encapsulate the data to get it across
the network without it being affected on route.
The Interceptor does away with the
wired monitor port and instead spits out the traffic over wireless
meaning the listener can be anywhere they can make a wireless connection
to the device. As the data is encrypted (actually, double encrypted,
see how it works) the person placing the tap doesn't have to worry about
unauthorized users seeing the traffic.
Read More & Download
Arachni 0.4
Arachni is a feature-full, modular,
high-performance Ruby framework aimed towards helping penetration
testers and administrators evaluate the security of web
applications. The application trains itself by learning from the HTTP
responses it receives during the audit process, and is able to perform
meta-analysis to assess the trustworthiness of results and identify
false-positives.
Matriux "Ec-Centric" v2.49 beta c0c0n
The Matriux is a fully featured security distribution consisting of a
bunch of powerful, open source and free tools that can be used for
various purposes including, but not limited to, penetration testing,
ethical hacking, system and network administration, cyber forensics
investigations, security testing, vulnerability analysis, and much more.
It is a distribution designed for security enthusiasts and
professionals, although it can be used normally as your default desktop
system.
WAppEx
WAppEx
is an integrated platform for performing penetration testing and
exploiting of web applications on Windows or Linux. It can automatically
check for all type of security vulnerabilities in the given target and
then let you to run various payloads to exploit and take advantages of
the vulnerability. WAppEx is a multi platform application and it is
executable in Linux and Windows.WAppEx‘s database which includes
hundreds of exploits provides an automated, comprehensive and reliable
exploit for penetration testers and security professionals worldwide.
Uniscan v5.2
Uniscan is a
open source vulnerability scanner for Web applications.
BeEF v0.4.3.7
The Browser Exploitation Framework
BBQSQL v1.0.0
Blind SQL Injection
PHP-Shell-Detector
Web Shell Detector – is a php script that helps you find and identify
php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells”
signature database that helps to identify “web shell” up to 99%. By
using the latest javascript and css technologies, web shell detector has
a light weight and friendly interface.
Fuente:http://www.n0where.net/
Entradas
No hay comentarios:
Publicar un comentario