Open Source Tools by Joshua "Jabra" Abraham. BlackHat + Defcon 2011 / Dont Drop the SOAP: Real World Web Service Testing for Web Hackers Abstract: Over the years web services have become an integral part of web and mobile applications.
From critical business applications like SAP to mobile applications used by millions, web services are becoming more of an attack vector than ever before. Unfortunately, penetration testers haven't kept up with the popularity of web services, recent advancements in web service technology, testing methodologies and tools.
In fact, most of the methodologies and tools currently available either don't work properly, are poorly designed or don't fully test for real world web service vulnerabilities. PenQ - The Security Testing Browser Bundle. The OSWA-Assistant(tm) - a free standalone wireless auditing toolkit for both IT-professionals and End-Users alike. MoocherHunter™ is a free mobile tracking software tool for the real-time on-the-fly geo-location of wireless moochers, hackers and users of wireless networks for objectionable purposes (e.g. paedophile activity, illegal file downloading, illegal music/video sharing, etc).
(for MoocherHunter™ Law Enforcement Edition, please see below) Free software downloads. Mubix/q. Samurai Web Testing Framework. AppSec Labs iNalyzer – iOS penetration testing framework. Tools Published on September 28th, 2012 | by NJ Ouchn AppSec Labs iNalyzer is a framework for manipulating iOS applications, tampering with parameters and methods; no sources needed!
AppSec Labs iNalyzer targets closed applications, turning a painful Black Box into an automatic Gray-Box effort. AppSec Labs iNalyzer Automates your testing effort as it exposes the internal logic of your target iOS application and the correlation between hidden functionalities. The Hackers Arsenal Tools. Research Labs - Free Solutions. Free Solutions In this section you will find different solutions developed by the Onapsis Research Labs that are provided free-of-charge to the general community.
Onapsis BizploitBizploit is the first Opensource ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests.Currently, Bizploit is shipped with many plugins to assess the security of SAP business platforms. Plugins for other popular ERPs will be included in the short term.
Katana v2.0 Release. Katana v2.0 Release Updated: 11/10/2010 Katana is a portable multi-boot security suite which brings together many of today's best security distributions and portable applications to run off a single Flash Drive. It includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, and Malware Removal. Katana also comes with over 100 portable Windows applications; such as Wireshark, Metasploit, NMAP, Cain & Abel, and many more. Hack From A Cave. FireCAT: Firefox Catalog of Auditing exTensions. OWASP Mantra - Free and Open Source Browser based Security Framework. SecurityTube Tools. Penetration Testing & Security Tools Download.
Fuzzing | IT Security. Forensic FOCA. ERPScan Security Scanner for SAP - Invest in security to secure investments. OpenRCE/paimei. Pwnieexpress/Raspberry-Pwn. Codenomicon FuzzoMatic. "The Codenomicon tools are amazing.
Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools. If you're serious about implementing protocols correctly, you need the Codenomicon tools. " -- Jeremy Allison, Co Creator of Samba "Codenomicon has found a critical focus area which expands beyond web testing, where the XML industry has an opportunity to proactively assess the security holes contained in everyday services used by the general public. Prof. DarkComet RAT - Official. Armitage - Cyber Attack Management for Metasploit. BFF Downloads. CERT Basic Fuzzing Framework Downloads Requirements UbuFuzz is provided in a format compatible with VMware Workstation 7.
The OS X installer for BFF 2.5 requires Mac OS X Leopard or later. BFF 2.6 and 2.7 require Mac OS X Snow Leopard or later. Note: We strongly recommend fuzzing in a virtual machine. Quick Start for running UbuFuzz under Windows host operating system. OclHashcat-plus - advanced password recovery. Free software downloads. OWASP Joomla! Security Scanner. Free software downloads. Johnny - GUI for John the Ripper [Openwall Community Wiki] Description Release 1.1 After small fixes actual version is 1.1.3.
![Johnny - GUI for John the Ripper [Openwall Community Wiki]](http://cdn.pearltrees.com/s/pic/th/johnny-openwall-community-26361928)
Binaries 1.1 Johnny does not have shortcuts for system menu yet. So type 'johnny' in your terminal to start Johnny. Deb packages (suitable for Debian, Linux Mint, Ubuntu and so on): Rpm packages (suitable for Fedora, Mageia, OpenSUSE): Generic tarball (manual installation or no installation): Dependencies. Download and Installation — Scapy v2.1.1-dev documentation. Mac OS X Here’s how to install Scapy on Mac OS 10.4 (Tiger) or 10.5 (Leopard).
Set up a development environment Install X11. On the Mac OS X DVD, it is located in the “Optional Installs.mpkg” package.Install SDK. On the Mac OS X DVD, it is located in the “Xcode Tools/Packages” directory.Install Python 2.5 from Python.org. Cracking kit 2012 - Reverse Engineering Team Board. This kit has everything the original Cracking Kit 2012 has, but boasts a much more expansive and better range of tools.
We have decided to include as many different versions of soft as possible (to target different digital signatures). You may have noticed the payload has increased in terms of overall size of the kit - testament to how much work we have put into it. Oh and we heard you - now we have tutorials, links, and crackmes, and a whole suite of other tools to help you out even more. Also, many folks have told us they're using the kit to study malware. Sandcat Browser 2.0 Released - Penetration Testing Oriented Browser. Sandcat Browser 2.0 Released, Penetration Testing Oriented Browser Sandcat Browser version 2.0 includes several user interface and experience improvements, an improved extension system, RudraScript support and new extensions.
MagicTree v1.1 Released For Download – Pen-Testing Productivity Tool. If you aren’t aware (yes we wrote about MagicTree v1.0) what MagicTree is.. Think of it this way, have you ever spent ages trying to find the results of a particular portscan you were sure you did? CloudShark brings your CAPTURE FILES to the cloud. Confusing Attackers with Artillery By Dave Kennedy (ReL1K) The name “Artillery” spawns from one of my favorite techno bands Infected Mushroom and enhances the overall security of whatever touches it. Artillery supports both Linux and Windows and is a purely open-source/free toolset. The concept is relatively simple; combine multiple avenues to harden an overall platform. Artillery has multiple modules, the first is the active honeypot technique which sets up a number of ports (configurable) on the given server. If a stable TCP connection is established with the remote port, the opposing IP address is blocked.
Downloads Archive - Unremote Security. BFT – Browser Forensic Tool - Unremote Security. DarkComet RAT v5 - Unremote Security. Free software downloads. Mobius Forensic Toolkit. WOL-E : Wake on LAN - Explorer. Security Advisor. Shavlik Protect Free Trial Shavlik Protect brings enterprise-level IT management to companies of all sizes. Get centralized patch management and asset inventory for Windows and third party applications for both virtual and physical machines. And, from the same console, get patch management capabilities, dozens of pre-built ITScripts, power management, and centralized antivirus.
More information The FREE trial of Shavlik Protect will give you the ability to: Reveal passwords to Facebook accounts. Reveal Facebook Passwords in a Click Instantly see Facebook passwords free of charge! Facebook Password Extractor reveals Facebook passwords stored in popular Web browsers in just a click. No matter what browser you used and how many Facebook accounts you have, Facebook Password Extractor will show them all. Features and Benefits Shows Facebook passwords cached or stored in a variety of browsers Reveals stored login and password information instantly in just a click Supports all versions of Microsoft Internet Explorer, including IE7, IE8 and IE9 Supports all versions of Mozilla Firefox including Firefox 4 Supports all versions of Opera including Opera 11 Supports all versions of Google Chrome including Chrome 11 Supports all versions of Apple Safari including Safari 5 Reveals Facebook logins and passwords for all supported browsers Beats enhanced security model of Internet Explorer 7, 8 and 9 Instant Facebook Password Recovery Facebook Password Extractor takes no guessing.
Syhunt | Tools - IT Security. Android | Tools - IT Security. Bluetooth | Tools - IT Security.