Download Hacking Tools at 'Tools Yard'

The Social-Engineer Toolkit (SET) v4.7 released

2013-03-15T07:10:00.000-11:00

The Social-Engineer Toolkit (SET) version 4.7 codename “Headshot” has been released. This version of SET introduces the ability to specify multi-powershell injection which allows you to specify as many ports as you want and SET will automatically inject PowerShell onto the system on all of the reverse ports outbound. What’s nice with this technique is it never touches disk and also uses

Biggest password cracking wordlist with millions of words

2013-03-10T06:01:00.001-11:00

One of the biggest and very comprehensive collection of 1,493,677,782 word for Password cracking list released for download. The wordlists are intended primarily for use with password crackers such as hashcat, John the Ripper and with password recovery utilities. Defuse Security have released the wordlist of 4.2 GiB (compressed) or 15 GiB (uncompressed) used by their Crackstation project.

Phrozen Keylogger Lite v1.0 download

2013-03-09T19:27:00.002-11:00

Phrozen Keylogger Lite is finally available, developed by Dark comet RAT developer. Phrozen Keylogger Lite is a powerful and user friendly keylogger especially created for Microsoft Windows systems. Phrozen Keylogger Lite is compatible with all currently supported versions of Windows, which effectively means Windows XP to the recently released Windows 8. Phrozen Keylogger Lite has been

Pentoo 2013.0 RC1.1 Released

2013-03-09T19:21:00.000-11:00

Pentoo is a security-focused live CD based on Gentoo It's basically a Gentoo install with lots of customized tools, customized kernel, and much more. Pentoo 2013.0 RC1.1 features : Changes saving CUDA/OpenCL Enhanced cracking software John the ripper Hashcat Suite of tools Kernel 3.7.5 and all needed patches for injection XFCE 4.10 All the latest tools and a responsive development team!

Snort 2.9.4.1 - Network intrusion detection system

2013-03-04T20:46:00.001-11:00

Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS) . Snort having the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks. Snort performs protocol analysis, content searching, and content matching. The program can also be used to detect probes or attacks, including, but

Recon-ng : Web Reconnaisance framework for Penetration testers

2013-02-17T06:12:00.002-11:00

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source

Unhide Forensic Tool, Find hidden processes and ports

2013-02-15T06:39:00.000-11:00

Unhide is a forensic tool to find processes hidden by rootkits, Linux kernel modules or by other techniques. It detects hidden processes using six techniques: Compare /proc vs /bin/ps output Compare info gathered from /bin/ps with info gathered by walking thru the procfs. ONLY for Linux 2.6 version Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning). Full

WAppEx v2.0 : Web Application exploitation Tool

2013-02-15T06:15:00.003-11:00

WAppEx is an integrated Web Application security assessment and exploitation platform designed with the whole spectrum of security professionals to web application hobbyists in mind. It suggests a security assessment model which revolves around an extensible exploit database. Further, it complements the power with various tools required to perform all stages of a web application attack.

Password Cracker Tool Hashkill version 0.3.1 released

2013-02-15T06:02:00.000-11:00

Hashkill is an opensource hash cracker for Linux that uses OpenSSL. Currently it supports 4 attack methods (dictionary, bruteforce, hybrid). Hashkill has 35 plugins for different types of passwords (ranging from simple hashes like MD5 and SHA1 to passworded ZIP files and private SSL key passphrases). Multi-hash support (you may load hashlists of length up to 1 million) and very fast GPU

Weevely : Stealth PHP web shell with telnet style console

2013-02-15T05:48:00.001-11:00

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. More than 30 modules to automatize administration and post exploitation tasks: Execute commands and browse remote filesystem, even with PHP security

Automated HTTP Enumeration Tool

2013-02-15T05:07:00.000-11:00

Null Security Team writing a python script for Automated HTTP Enumeration. currently only in the initial beta stage, but includes basic checking of files including the Apache server-status as well as well IIS WebDAV and Microsoft FrontPage Extensions, many more features will be added to this tool which will make lot of the enumeration process quick and simple. Version 0.2 adds scanning

BlindElephant – Web Application Fingerprinting

2013-02-15T03:47:00.001-11:00

During Black Hat USA 2010, Patrick Thomas presented a new web application fingerprinting tool called Blind Elephant. The BlindElephant Web Application Finger-printer attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast,

PwnStar latest version with new Exploits released

2012-11-10T04:53:00.001-11:00

A bash script to launch a Soft AP, configurable with a wide variety of attack options. Includes a number of index.html and server php scripts, for sniffing/phishing. Can act as multi-client captive portal using php and iptables. Launches classic exploits such as evil-PDF. De-auth with aireplay, airdrop-ng or MDK3. Changes and New Features “hotspot_3″ is a simple phishing web page, used

PwnPi v2.0 - A Pen Test Drop Box distro for the Raspberry Pi

2012-11-10T04:42:00.001-11:00

PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 114 network security tools pre-installed to aid the penetration tester. It is built on the debian squeeze image from the raspberry pi foundation’s website and uses Xfce as the window manager Login username and password is root:root Tools List: Download Here

SSLsplit v 0.4.5 - Man-in-the-middle attacks against SSL/TLS

2012-11-10T04:30:00.000-11:00

SLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network

NetSleuth : Open source Network Forensics And Analysis Tools

2012-11-10T04:21:00.001-11:00

NetSleuth identifies and fingerprints network devices by silent network monitoring or by processing data from PCAP files. NetSleuth is an opensource network forensics and analysis tool, designed for triage in incident response situations. It can identify and fingerprint network hosts and devices from pcap files captured from Ethernet or WiFi data (from tools like Kismet). It also

TXDNS v 2.2.1 - Aggressive multithreaded DNS digger

2012-11-10T04:13:00.000-11:00

TXDNS is a Win32 aggressive multithreaded DNS digger. Capable of placing, on the wire, thousands of DNS queries per minute. TXDNS main goal is to expose a domain namespace trough a number of techniques: -- Typos: Mised, doouble and transposde keystrokes; -- TLD/ccSLD rotation; -- Dictionary attack; -- Full Brute-force attack: alpha, numeric or alphanumeric charsets. New features:

PySQLi - Python SQL injection framework

2012-11-04T07:03:00.000-11:00

PySQLi is a python framework designed to exploit complex SQL injection vulnerabilities. It provides dedicated bricks that can be used to build advanced exploits or easily extended/improved to fit the case. PySQLi is thought to be easily modified and extended through derivated classes and to be able to inject into various ways such as command line, custom network protocols and even in

ExploitShield Browser Edition - Forget about browser vulnerabilities

2012-11-04T01:32:00.000-11:00

ExploitShield Browser Edition protects against all known and unknown 0-day day vulnerability exploits, protecting users where traditional antivirus and security products fail. It consists of an innovative patent-pending vulnerability-agnostic application shielding technology that prevents malicious vulnerability exploits from compromising computers. Includes "shields" for all major

Joomscan updated - now can identify 673 joomla vulnerabilities

2012-11-03T10:45:00.000-11:00

Security Team Web-Center just released an updated for Joomscan Security Scanner. The new database Have 673 joomla vulnerabilities Joomla! is probably the most widely-used CMS out there due to its flexibility, user friendlinesss, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help web

BeEF 0.4.3.8 - Browser Exploitation Framework

2012-11-03T10:37:00.000-11:00

The Browser Exploitation Framework (BeEF) is a powerful professional security tool. It is a penetration testing tool that focuses on the web browser. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a

Spooftooph 0.5.2 - Automated spoofing or cloning Bluetooth device

2012-11-03T10:21:00.001-11:00

Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specificaly the same Address).

Wifi Honey - Creates fake APs using all encryption

2012-11-03T10:13:00.000-11:00

This is a script, attack can use to creates fake APs using all encryption and monitors with Airodump. It automate the setup process, it creates five monitor mode interfaces, four are used as APs and the fifth is used for airdump-ng. To make things easier, rather than having five windows all this is done in a screen session which allows you to switch between screens to see what is going on. All