Herramientas

Algunas de las siguientes herramientas son conocidas para muchos asi que sera a manera de recorderis.

 

Pentoo 2012.0 Beta3

Pentoo is a security-focused livecd based on Gentoo

 

 

moscrack v0.2 Beta

Multifarious On-demand Systems Cracker

   Moscrack is a perl application designed to facilitate cracking WPA keys in parallel on a group of computers. This is accomplished by use of either Mosix clustering software, SSH or RSH access to a number of nodes. With Moscrack's new plugin framework, hash cracking has become possible. SHA256/512, DES, MD5 and *Blowfish Unix password hashes can all be processed with the Dehasher Moscrack plugin.

Source && Download

 

Retina

Retina Community is a free vulnerability scanner for up to 32 IPs, powered by the renowned Retina Network Security Scanner technology. Retina Community identifies vulnerabilities, configuration issues, and missing patches across operating systems, applications, devices, and virtual environments.

Much more than a stripped down “free trial” product, Retina Community gives you powerful vulnerability assessment across your environment to strengthen security and compliance. The free Retina Community product includes these capabilities:

Vulnerability assessment across operating systems, applications, devices, and virtual environments (32 IPs)
Zero-day vulnerability identification
SCAP configuration scanning
Integrated vulnerability updates and alerting
Detailed vulnerability and executive-level reporting
Report export to XML, CSV, and PDF
Online support and resources from eEye’s research team

Source && Download 

 

Smartd0rk3r Scanner 0.1

 

 

Dojo v1.2

  The Web Security Dojo is for learning and practicing web app security testing techniques. It is ideal for self-teaching and skill assessment, as well as training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started – tools, targets, and documentation.

  Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v10.04.2, which is patched with the appropriate updates and VM additions for easy use.

A free open-source self-contained training environment for Web Application Security penetration testing.

Source && Download

 

Orion Browser Dumper v1.0

  

PasswordsPro

PasswordsPro is a professional program to enable Password recovery, using many and powerful methods.

This program is designated for the recovery of passwords for different types of hashes. The program currently supports about 30 types of hashes, and new ones can be easily added by creating a custom external hashing DLL-module. The actual list of available modules can be found on the software-related forum. The peak number of hashes the application is capable of working with simultaneously is 256.

Program Features:
• Passwords recovery using the following methods:
o Preliminary attack
o Brute force attack (including distributed attack)
o Mask attack
o Simple dictionary attack
o Combined dictionary attack
o Hybrid dictionary attack
o Rainbow attack
• Recovery of passwords of up to 127-character length
• Recovery of passwords for incomplete hashes of any type
• User hash editor
• Searching data on the list of imported users
• Quick-add hash using a dialog box
• Quick-add hashes from Clipboard
• Quick-check current password for all imported users
• Support of character replacement tables for hybrid dictionary attack
• Unlimited number of dictionaries available for dictionary attack
• Unlimited number of tables available for Rainbow attack
• Unlimited number of servable users with hashes

Source
Download

 

oclHashcat-plus

---> Worlds fastest md5crypt, phpass, mscash2 and WPA/WPA2 cracker
---> Worlds first and only GPGPU based rule engine
---> Free
---> Multi-GPU (up to 16 gpus)
---> Multi-Hash (up to 24 million hashes)
---> Multi-OS (Linux & Windows native binaries)
---> Multi-Platform (OpenCL & CUDA support)
---> Multi-Algo (see below)
---> Low resource utilization, you can still watch movies or play games while cracking
---> Focuses highly iterated modern hashes
---> Focuses single dictionary based attacks
---> Supports pause / resume while cracking
---> Supports reading words from file
---> Supports reading words from stdin
---> Integrated thermal watchdog
---> 20+ Algorithms implemented with performance in mind
---> ... and much more

Source && Download 

 

WeBaCoo 0.2.3

  

TOR: Virtual Network Tunneling Tool 0.2.2.32

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Download

 

PenTBox v1.5

PenTBox is a Security Suite that packs a lot of security and stability testing oriented programs for networks and systems. For example, the Suite has Honeypot, TCP Flood Denial of Service testing tools, Secure Instant Messaging, Port Scanner, Fuzzer, Secure passwords generator and more.

 All programs are being developed by PenTBox Team and the contributors of the Free Software community to the project.

 Programmed in Ruby, and oriented to GNU/Linux systems (but compatible with Windows, MacOS and more).

 It is free, licensed under GNU/GPLv3

Source && Download

 

RainbowCrack

RainbowCrack software now support GPU of Fermi architecture. Imporoved RainbowCrack software to support nVidia's new CUDA architecture. 

RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. It cracks hashes with rainbow tables.

 

Features:
Full time-memory tradeoff tool suites, including rainbow table generation, sort, conversion and lookup
Support rainbow table of any hash algorithm
Support rainbow table of any charset
Support rainbow table in raw file format (.rt) and compact file format (.rtc)
Computation on multi-core processor support
Computation on GPU (via NVIDIA CUDA technology) support
Computation on multi-GPU (via NVIDIA CUDA technology) support
Runs on Windows XP 32-bit, Windows Vista 32-bit and Windows 7 32-bit
Command line and graphics user interface
A brute force hash cracker generate all possible plaintexts and compute the corresponding hashes on the fly, and then compare the hashes with the target hash. The plaintext is found if one of them match, otherwise the intermediate computation results are discarded.

A time-memory tradeoff hash cracker need a precomputation stage, at the time all plaintext/hash pair within the selected hash algorithm, charset, plaintext length range are computed and the results are stored in files called rainbow table. It is time consuming to do this kind of computation. Once the one time precomputation is finished, hashes within the table can be cracked with much better performance than a brute force cracker

Download & TuTz 

 

Crypo: Source Code

 

 

 

Shakawkaw

The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the http://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal. SET was written by David Kennedy (ReL1K) and with a lot of help from the community it has incorporated attacks never before seen in an exploitation toolset. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.

The new release “Shakawkaw”

This version of SET does not include any new attack vectors however does incorporate two new exploits from Metasploit, has some bug fixes, but most importantly introduces a significant step in allowing individuals build and automate additions onto the toolkit. I’ve also updated the User_Manual.pdf which is located under the readme/ directory and the Metasploit Unleashed course should be updated with the latest content. This new version centralized a lot of the code in a “core” functionality that will allow you to build whatever you want to into SET now. In this version it introduced the core library modules and the ability to add third party modules into SET. Essentially, the folder located in the SET root “modules” can add additions or enhancements to SET and add additional contributions to the toolkit. The first thing to note is that when you add a new “.py” file to the modules directory, it will automatically be imported into SET under “Third Party Modules”.

Source && Download

 

NetworkMiner v1.3

   NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files

Source && Download

 

Amon

   Amon is a self-hosted, lightweight web application and server monitoring toolkit. It provides you with straightfrorward visualisation of essential server data. It helps you manage the errors that occur in your web applications and makes logging complex datastructures and searching in your log data easy.

Source && Download

  

iKAT Update

iKAT for Windows was designed to aid security consultants with the task of auditing the security of a Windows based internet Kiosk terminal. iKAT is designed to provide access to the underlying operating system of a Kiosk terminal by invoking native OS functionality. This tool should be (and is) used by Kiosk vendors/developers/suppliers to test the security of their own Kiosk products.

Source

 

Intercepter-NG v0.9.5

 

 Fuente: http://www.n0where.net