background preloader

Hack Tools

Facebook Twitter

Hackalone: A new kind of hackathon for introverts.


Metasploit Project. A collaboration of the open source community and Rapid7, Metasploit Pro increases penetration tester's productivity by 45%, prioritizes and demonstrates risk through closed-loop vulnerability validation, and measures security awareness through simulated phishing emails.

Metasploit Project

Metasploit Pro is the best way to assess risk through a controlled simulation of a real attack. Metasploit Pro Fully Functional 14-Day Trial Get the fully featured trial of the commercial edition for penetration testers and other security professionals. With Metasploit Pro you can: For Penetration Testing Complete engagements 45% faster through higher productivity Leverage the Metasploit open source project and its leading exploit library Manage data in large assessments Evade leading defensive solutions Control compromised machines and take over the network Automatically generate reports containing key findings For Vulnerability Validation For Phishing Awareness Management.

Tor Browser Bundle. Download the file above, and save it somewhere, then double click on it. (1) Click "Run" then choose the installer's language and click OK (2).

Tor Browser Bundle

Make sure you have at least 80MB of free disk space in the location you select. If you want to leave the bundle on the computer, saving it to the Desktop is a good choice. If you want to move it to a different computer or limit the traces you leave behind, save it to a USB disk. Wireshark Portable. Introduction You can now install Wireshark onto a PortableApps enabled device that will allow you to run Wireshark on any Windows XP & 2000 machine that you plug the device into.

Wireshark Portable

There is no need to run the normal Wireshark installation package, Wireshark will be ready to run as soon as the machine recognises the device. PortableApps provides a USB flash drive with a mechanism for launching applications directly from the drive. There is no need to run a specific installation program. When you remove the drive, not trace of the applications are left on the machine.

As well as the Wireshark application, all of your Wireshark preferences will be stored on the USB flash drive. PortableApps Package You can build an experimental version of WiresharkPortable from the latest version of the Wireshark sources. The packaging uses the same "Nullsoft Install System" (NSIS) that is used by the standards Wireshark windows installer. Smartsniff Password Sniffer.

Related Links Windows Password Recovery ToolsSmartSniff - Monitoring TCP/IP packets on your network adapter Mail PassView - Recover POP3/IMAP/SMTP email passwords.

Smartsniff Password Sniffer

Dialupass - Recover VPN/RAS/Dialup passwords Search for other utilities in NirSoft Description SniffPass is small password monitoring software that listens to your network, capture the passwords that pass through your network adapter, and display them on the screen instantly. Versions History. SQL Injection Cheat Sheet. Find and exploit SQL Injections with free Netsparker SQL Injection Scanner SQL Injection Cheat Sheet, Document Version 1.4 About SQL Injection Cheat Sheet Currently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL.

SQL Injection Cheat Sheet

Most of samples are not correct for every single situation. Most of the real world environments may change because of parenthesis, different code bases and unexpected, strange SQL sentences. Samples are provided to allow reader to get basic idea of a potential attack and almost every section includes a brief information about itself. Examples; (MS) means : MySQL and SQL Server etc. Table Of Contents Syntax Reference, Sample Attacks and Dirty SQL Injection Tricks Ending / Commenting Out / Line Comments Line Comments Comments out rest of the query. -- (SM) DROP sampletable;-- # (M) DROP sampletable;# Line Comments Sample SQL Injection Attacks Inline Comments Classical Inline Comment SQL Injection Attack Samples MySQL Version Detection Sample Attacks. Mantra on Chromium. OWASP Mantra Lexicon.


Operation Olympic Games. Operation Olympic Games was a covert and still unacknowledged campaign of sabotage by means of cyber disruption, directed at Iranian nuclear facilities by the United States and likely Israel.

Operation Olympic Games

As reported, it is one of the first known uses of offensive cyber weapons.[1] Started under the George W. Bush administration in 2006, Olympic Games was accelerated under President Obama, who heeded Bush’s advice to continue cyber attacks on Iranian nuclear facility at Natanz.[1] Bush believed that the strategy was the only way to prevent an Israeli conventional strike on Iranian nuclear facilities.[1] History[edit] During Bush’s second term, General James Cartwright along with other intelligence officials presented Bush with a sophisticated code that would act as an offensive cyber weapon. A programming error in "the bug" caused it to spread to computers outside of Natanz. Significance[edit] Stuxnet.

Stuxnet is a computer worm[1] that was discovered in June 2010.


It was designed to attack industrial programmable logic controllers (PLCs). PLCs allow the automation of electromechanical processes such as those used to control machinery on factory assembly lines, amusement rides, or centrifuges for separating nuclear material. Exploiting four zero-day flaws,[2] Stuxnet functions by targeting machines using the Microsoft Windows operating system and networks, then seeking out Siemens Step7 software.

Stuxnet reportedly compromised Iranian PLCs, collecting information on industrial systems and causing the fast-spinning centrifuges to tear themselves apart.[3] Stuxnet’s design and architecture are not domain-specific and it could be tailored as a platform for attacking modern SCADA and PLC systems (e.g. in the automobile or power plants), the majority of which reside in Europe, Japan and the US.[4]