Scan & analysing tools

Facebook Twitter

Reverse IP Lookup - Find Other Web Sites Hosted on a Web Server. Find other sites hosted on a web server by entering a domain or IP address above.

Reverse IP Lookup - Find Other Web Sites Hosted on a Web Server

Note: For those of you interested, as of May 2014, my database has grown to over 100 million domain names. I am now offering this domain list for purchase. A reverse IP domain check takes a domain name or IP address pointing to a web server and searches for other sites known to be hosted on that same web server. Data is gathered from search engine results, which are not guaranteed to be complete. Yara-project - A malware identification and classification tool. RIPS - free PHP security scanner using static code analysis.

Code search ⋅ search. Protect Your Interwebs. BFT a Browser forensic tool. Labs Research: Solving a Little Mystery. Firmware analysis is a fascinating area within the vast world of reverse engineering, although not very extended.

Labs Research: Solving a Little Mystery

Sometimes you end up in an impasse until noticing a minor (or major) detail you initially overlooked. That's why sharing methods and findings is a great way to advance into this field. Maltego 3 > Maltego Client. Code Exploration Blog. Jsunpack-n - A generic JavaScript unpacker. Jsunpack-n emulates browser functionality when visiting a URL.

jsunpack-n - A generic JavaScript unpacker

It's purpose is to detect exploits that target browser and browser plug-in vulnerabilities. It accepts many different types of input: PDF files - samples/sample-pdf.file Packet Captures - samples/sample-http-exploit.pcap HTML files JavaScript files SWF files. TheHarvester – Gather E-mail Accounts, Subdomains, Hosts, Employee Names – Information Gathering Tool. TheHarvester is a tool to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.

theHarvester – Gather E-mail Accounts, Subdomains, Hosts, Employee Names – Information Gathering Tool

This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective. The sources supported are: Google – emails,subdomains/hostnames Google profiles – Employee names Bing search – emails, subdomains/hostnames,virtual hosts Pgp servers – emails, subdomains/hostnames Linkedin – Employee names Exalead – emails,subdomain/hostnames New Features Time delays between requests XML and HTML results export Search a domain in all sources Virtual host verifier Shodan computer database integration Active enumeration (DNS enumeration,DNS reverse lookups, DNS TLD expansion) Basic graph with stats. — блог о web-безопасности. Antepedia. Open Search - Home. FAQ - - Java Source Code Search 2.0. How do I perform a stack trace search ?

FAQ - - Java Source Code Search 2.0

Clicking the checkbox labeled "Stack Trace Search" on the GrepCode home page provides a text area where you can paste your Java stack trace. Doing a search after that will take you to a page with the results of your stack trace search. Alternatively, if you are not on the main page, you can click on the link in the header labeled "Stack Trace Search", and perform the same search. DEFT Linux 7 RC1. List of tools for static code analysis. This is a list of tools for static code analysis.

List of tools for static code analysis

By language[edit] Multi-language[edit] Cppcheck - A tool for static C/C++ code analysis. FindBugs v.2.0 - Find Bugs in Java Programs. Javasnoop - A tool that lets you intercept methods, alter data and otherwise hack Java applications running on your computer. Normally, without access to the original source code, testing the security of a Java client is unpredictable at best and unrealistic at worst.

javasnoop - A tool that lets you intercept methods, alter data and otherwise hack Java applications running on your computer.

With access the original source, you can run a simple Java program and attach a debugger to it remotely, stepping through code and changing variables where needed. Doing the same with an applet is a little bit more difficult. Unfortunately, real-life scenarios don't offer you this option, anyway. Compilation and decompilation of Java are not really as deterministic as you might imagine.

Therefore, you can't just decompile a Java application, run it locally and attach a debugger to it. - Free Multi-Engine Online Virus Scanner v1.02, Supports 36 AntiVirus Engines! Arachni Web scanner (CLI & WEB GUI) ~ Sudhir @ Pentester. Download the CDE package from: Linux users enjoy the privilege of a CDE package which is a compressed archive and contains a full preconfigured Linux environment in the form of a sandbox.

Arachni Web scanner (CLI & WEB GUI) ~ Sudhir @ Pentester

Quick Basic Usage of Arachni: To see help type : p0f v3. Copyright (C) 2012 by Michal Zalewski <> Yeah, it's back!

p0f v3

1. What's this? Loadbalancer-finder - Load Balancer Finder. Program to detect domains that use load balancers and/or multiple hosts by Alejandro Nolla Blanco (z0mbiehunt3r).

loadbalancer-finder - Load Balancer Finder

Tries to find load balancers using several methods: - Check multiple DNS "A" entries - IPID Analysis - IP TTL value analysis - Server banner analysis - Well-known load balancer cookies checking - HTTP Date header timestamp analysis - ICMP timestamp analysis - TCP timestamp analysis - Multiple DNS queries with different geolocated DNS servers (round-robin, anycast) Thanks to: - Rubén Garrote García (boken) - Daniel García García (cr0hn) - Raúl Siles from Taddong - Buguroo and Écija ethical hacking team - John Matherly (achillean) for Shodan and his help - Adam Maxwell for Citrix Net Scaler cookie decoder. Wavsep - Web Application Vulnerability Scanner Evaluation Project. A vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This evaluation platform contains a collection of unique vulnerable web pages that can be used to test the various properties of web application scanners.

AS OF 2014/01/01, The Project File Hosting was migrated to Sourceforge. New downloads (WAVSEP 1.5+) can be obtained from the project sourceforge repository Quickstart: The easiest way to get started with wavsep evaluations is to use a pre-installed instance in one of the following training VMs (note that some of the path traversal test cases only work under windows): Web Security Dojo v2.0+ OWASP Broken Web Apps null's GAMEOVER VM Extras: pico-wavsep (w3af) - a minimalistic way to run wavsep wavsep cookbook (rapid7) - recipes to install and run wavsep on tomcat. Особенности поведения нового TCP/IP стека Windows / Блог компании Positive Technologies. Online JavaScript beautifier. Metagoofil - Metadata Information Gathering. Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company.

The tool will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information gathering phase. This new version supports local directory scanning The application has been tested in Linux and OSX.