tag:blogger.com,1999:blog-59034556449887337252024-09-14T14:50:03.428-11:00Archive by The Hacker News for Hacking tools, networking tools, gmail hacking, learn ethical hacking, vulnerability assessment, penetration testing, email hacking, password hackingUnknownnoreply@blogger.comBlogger246123tag:blogger.com,1999:blog-5903455644988733725.post-5584383533661195222013-03-15T07:10:00.000-11:002013-03-15T07:11:21.090-11:00

The Social-Engineer Toolkit (SET) version 4.7 codename “Headshot” has been released. This version of SET introduces the ability to specify multi-powershell injection which allows you to specify as many ports as you want and SET will automatically inject PowerShell onto the system on all of the reverse ports outbound. What’s nice with this technique is it never touches disk and also uses

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-17787766961283060432013-03-10T06:01:00.001-11:002013-03-10T06:01:46.322-11:00

One of the biggest and very comprehensive collection of 1,493,677,782 word for Password cracking list released for download. The wordlists are intended primarily for use with password crackers such as hashcat, John the Ripper and with password recovery utilities. Defuse Security have released the wordlist of 4.2 GiB (compressed) or 15 GiB (uncompressed) used by their Crackstation

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-69040061429262498582013-03-09T19:27:00.002-11:002013-03-09T19:27:31.329-11:00

Phrozen Keylogger Lite is finally available, developed by Dark comet RAT developer. Phrozen Keylogger Lite is a powerful and user friendly keylogger especially created for Microsoft Windows systems. Phrozen Keylogger Lite is compatible with all currently supported versions of Windows, which effectively means Windows XP to the recently released Windows 8. Phrozen Keylogger Lite has

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-77527330560269298042013-03-09T19:21:00.000-11:002013-03-09T19:21:11.188-11:00

Pentoo is a security-focused live CD based on Gentoo It's basically a Gentoo install with lots of customized tools, customized kernel, and much more. Pentoo 2013.0 RC1.1 features : Changes saving CUDA/OpenCL Enhanced cracking software John the ripper Hashcat Suite of tools Kernel 3.7.5 and all needed patches for injection XFCE 4.10 All the latest tools and a responsive development team!

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-17188544758040780942013-03-04T20:46:00.001-11:002013-03-04T20:46:13.404-11:00

Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) . Snort having the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks. Snort performs protocol analysis, content searching, and content matching. The program can also be used to detect probes or attacks, including, but

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-819259739331062042013-02-17T06:12:00.002-11:002013-02-17T06:12:49.552-11:00

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-63603785230771323592013-02-15T06:39:00.000-11:002013-02-15T06:39:07.420-11:00

Unhide is a forensic tool to find processes hidden by rootkits, Linux kernel modules or by other techniques. It detects hidden processes using six techniques: Compare /proc vs /bin/ps output Compare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for Linux 2.6 version Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning). Full

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-62237096789076276582013-02-15T06:15:00.003-11:002013-02-15T06:15:37.479-11:00

WAppEx is an integrated Web Application security assessment and exploitation platform designed with the whole spectrum of security professionals to web application hobbyists in mind. It suggests a security assessment model which revolves around an extensible exploit database. Further, it complements the power with various tools required to perform all stages of a web application attack.

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-24059964234850993022013-02-15T06:02:00.000-11:002013-02-15T06:02:54.288-11:00

Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods (dictionary, bruteforce, hybrid). Hashkill has 35 plugins for different types of passwords (ranging from simple hashes like MD5 and SHA1 to passworded ZIP files and private SSL key passphrases). Multi-hash support (you may load hashlists of length up to 1 million) and very fast GPU

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-50341929149552412142013-02-15T05:48:00.001-11:002013-02-16T05:15:15.635-11:00

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. More than 30 modules to automatize administration and post exploitation tasks: Execute commands and browse remote filesystem, even with PHP security

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-22409094869798205112013-02-15T05:07:00.000-11:002013-02-15T05:07:39.601-11:00

Null Security Team writing a python script for Automated HTTP Enumeration. currently only in the initial beta stage, but includes basic checking of files including the Apache server-status as well as well IIS WebDAV and Microsoft FrontPage Extensions, many more features will be added to this tool which will make lot of the enumeration process quick and simple. Version 0.2 adds

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-46887480530172200362013-02-15T03:47:00.001-11:002013-02-15T03:47:28.749-11:00

During Black Hat USA 2010, Patrick Thomas presented a new web application fingerprinting tool called Blind Elephant. The BlindElephant Web Application Finger-printer attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast,

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-54034189932075318792012-11-10T04:53:00.001-11:002012-11-10T04:53:10.713-11:00

A bash script to launch a Soft AP, configurable with a wide variety of attack options. Includes a number of index.html and server php scripts, for sniffing/phishing. Can act as multi-client captive portal using php and iptables.  Launches classic exploits such as evil-PDF. De-auth with aireplay, airdrop-ng or MDK3. Changes and New Features “hotspot_3″ is a simple phishing web page,

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-90473657113374224052012-11-10T04:42:00.001-11:002012-11-10T04:42:38.303-11:00

PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 114 network security tools pre-installed to aid the penetration tester. It is built on the debian squeeze image from the raspberry pi foundation’s website and uses Xfce as the window manager Login username and password is root:root Tools List: Download Here

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-30594468827009114072012-11-10T04:30:00.000-11:002012-11-10T04:30:31.206-11:00

SLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-39794076970370503612012-11-10T04:21:00.001-11:002012-11-10T04:21:55.163-11:00

NetSleuth identifies and fingerprints network devices by silent network monitoring or by processing data from PCAP files. NetSleuth is an opensource network forensics and analysis tool, designed for triage in incident response situations. It can identify and fingerprint network hosts and devices from pcap files captured from Ethernet or WiFi data (from tools like Kismet). It also

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-55348854440547373012012-11-10T04:13:00.000-11:002012-11-10T04:13:09.241-11:00

TXDNS is a Win32 aggressive multithreaded DNS digger. Capable of placing, on the wire, thousands of DNS queries per minute. TXDNS main goal is to expose a domain namespace trough a number of techniques: -- Typos: Mised, doouble and transposde keystrokes; -- TLD/ccSLD rotation; -- Dictionary attack; -- Full Brute-force attack: alpha, numeric or alphanumeric charsets. New features:

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-75494332127608340382012-11-04T07:03:00.000-11:002012-11-04T07:03:29.776-11:00

PySQLi is a python framework designed to exploit complex SQL injection vulnerabilities. It provides dedicated bricks that can be used to build advanced exploits or easily extended/improved to fit the case. PySQLi is thought to be easily modified and extended through derivated classes and to be able to inject into various ways such as command line, custom network protocols and even in

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-46442529009047431122012-11-04T01:32:00.000-11:002012-11-04T01:32:44.524-11:00

ExploitShield Browser Edition protects against all known and unknown 0-day day vulnerability exploits, protecting users where traditional antivirus and security products fail. It consists of an innovative patent-pending vulnerability-agnostic application shielding technology that prevents malicious vulnerability exploits from compromising computers. Includes "shields" for all major

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-2658163588821702352012-11-03T10:45:00.000-11:002012-11-03T10:45:17.729-11:00

Security Team Web-Center just released an updated for Joomscan Security Scanner. The new database Have 673 joomla vulnerabilities Joomla! is probably the most widely-used CMS out there due to its flexibility, user friendlinesss, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-2170682001658571112012-11-03T10:37:00.000-11:002012-11-03T10:37:23.307-11:00

The Browser Exploitation Framework (BeEF) is a powerful professional security tool. It is a penetration testing tool that focuses on the web browser. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors.  Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-78631801727054113732012-11-03T10:21:00.001-11:002012-11-03T10:21:30.996-11:00

Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specificaly the same Address).

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-5903455644988733725.post-72009999634607811252012-11-03T10:13:00.000-11:002012-11-03T10:24:59.202-11:00

This is a script, attack can use to creates fake APs using all encryption and monitors with Airodump. It automate the setup process, it creates five monitor mode interfaces, four are used as APs and the fifth is used for airdump-ng. To make things easier, rather than having five windows all this is done in a screen session which allows you to switch between screens to see what is going on

Unknownnoreply@blogger.com