background preloader

ToolsWatch.org – The Hackers Arsenal Tools Portal

ToolsWatch.org – The Hackers Arsenal Tools Portal

Dirk Loss | Personal Homepage Top Links of Tools Compilation for Pentesting, Forensics, Security, and Hacking Are you still looking for a suite of tools that may complete your day-to-day activities, or are you just looking for new tools that you can try or play with? No need to worry, because today is your lucky day! Today, I will be mentioning links, resources, and websites that have compilations of various tools that can be used for penetration testing, computer forensics, security, and hacking. ToolsWatch.org ToolsWatch.org is maintained by NJ OUCHN (@toolswatch) and Maxi Soler (@maxisoler). ToolsWatch.org is also the home of the projects made by NJ OUCHN (@toolswatch) and Maxi Soler (@maxisoler), including vFeed® (an open source correlated and cross-linked vulnerability XML database), DPE (the Default Password Enumeration Project), FireCAT (Firefox Catalog of Auditing exTension), AS/400 Security Assessment Mindmap, KromCAT (Google Chrome Catalog of Auditing exTensions), and SSA (Security System Analyzer 2.0). SOLDIERX Tools and Labs Dirk Loss: Python Tools for Penetration Testers SecTools.Org

Mantra Browser Walkthrough Part 1 In previous posts, I discussed a few browser extensions for Firefox and Chrome that turn the browser into a penetration testing tool. But what if you could get a browser with all those security extensions built in? Yes, it is true. OWASP Mantra is a web browser that comes with all security add-ons preinstalled and configured. You only need to download this web browser and then start testing web applications. OWASP Mantra Browser Mantra is a nice web browser developed by OWASP (Open Web Application Security Project). If you use BackTrack or Matriux, you have already seen it, because they come pre-installed. Mantra was started by Abhi M. Features of Mantra These are many features of the Mantra browser. Tools of Mantra As I mentioned above, Mantra comes with most of the available security extensions. Information gatheringEditorsNetwork utilitiesMiscApplication auditingProxy Every category contains many tools. Download OWASP Mantra OWASP Mantra is available for free. Getting Started with Mantra

100+ Free Hacking Tools To Become Powerful Hacker Wondering which software is used for hacking? What is the best software for hacking password? We have created a list of useful hacking tools and software that will help you do you job much easier. Ethical hacking and online security involve a lot of efforts. A hacking tool is a computer program or software which helps a hacker to hack a computer system or a computer program. Password Cracker Software A password cracker software, which is often referred to as a password recovery tool, can be used to crack or recover the password either by removing the original password, after bypassing the data encryption or by an outright discovery of the password. In the next section you would be getting familiar with some of the popular Password Cracker tools which are used by hackers for password cracking. Ophcrack It is a free password cracker software which is based on the effective implementation of the rainbow tables. Medusa RainbowCrack Wfuzz Brutus L0phtCrack Fgdump Fgdump is a powerful cracking tool.

Top 15 Android Hacking Apps 2014 Android hacking apps adnroid hacking application top 15 top 10 android hacking applications top ten android hacking apps turn faceniff wifikill apk download android hacking apps Their are Many Hacking Apps for Android over the internet. Peoples are using Android Phones as a portable Hacking machine. This is the main reason that Android Phones are BAN in some companies so no one can take them inside the company. which may cause damage to the companies. I am going to share some list of those Hacking APPS but you must have your Android Phone ROOTED which will allow you to use those Hacking Apps. 1. Faceniff Faceniff is Android Hacking App Which is normally used to Sniff the Facebook ID over the same network. 2. DroidSheep is also one of the Best Application for sniffing the sessions over the network. 3. dSploit dSploit is a nice Android network penetration testing suit. 4. Network Spoofer is another nice app that lets you change the website on other people’s computer from your Android phone.

Online tools - WOT Wiki Useful freeware and other online tools.A more detailed list of freeware may be found at: gizmo's freeware such as this article, Probably the Best Free Security List in the World Free online single file scanning (max file size 32 MB, 53 different antiviruses) (max file size 20 MB, 39 different antiviruses) (max file size 20 MB, 24 different antiviruses) (max file size 20 MB, 24 different antiviruses) (max file size 5 MB, 23 different antiviruses) (max file size 10 MB, 20 different antiviruses) (10 different antiviruses) (9 different antiviruses) Free online folder/computer scanning Anti-Virus / Anti-Malware products free and fully functional Anti-virus Anti-Malware Anti-spyware products Intrusion prevention Rootkit removal TDSSKiller : Windows start-up manager Spam Spam

21 TOOLS AND TECHNIQUES Used on Cyber Warfare – Reconnaissance Tools, Attack Tools, Exploit Tools, Social Engineering Tools | Online Success Center. Professional Resources for Online Success. Money Management Success. Self Improvement Books. Training Book ATTACK METHODOLOGY WITH THE TOOLS AND TECHNIQUES USED on Cyber Warfare Similar to how South Korea and North Korea have built physical defensive fortifications between each other, we see the same principle and even term used by network administrators—Demilitarized Zone (DMZ). This is where one puts systems that must connect to the internet where they are in more danger. From the attacker point of view the same steps are necessary to attack a network as it is to break through the DMZ: conduct reconnaissance to determine vulnerability, marshal forces at the point of weakness, attack and penetrate the defense, then exploit the infiltration to gain control over the battlefield/network. The major difference between kinetic (real world) and non-kinetic (virtual world) warfare methodology is the weapons versus software programs they use. An attack methodology is the process or general steps used to conduct an attack of a target. Well-Known Tools to the Process 1) Reconnaissance Tools

Supportability Statement: LabTech and SSL 3.0 POODLE Vulnerability Other/Supportability Statement KB3200.60.276.4608307 Quick Facts about POODLE Heartbleed and Shellshock allowed hacks against servers (meaning websites and such). POODLE allows hacking clients (your web browser and such). If Heartbleed/Shellshock merited a 10, then this attack would only rate around a 4. It requires MitM (man-in-the-middle) to exploit. NOTE: Currently, if SSL v3 is disabled at the server, all agent communications will fail. What is POODLE On October 15, 2014, a SSL 3.0 Protocol Vulnerability and POODLE Attack alert was released. Per the US-CERT, the SSL 3.0 vulnerability stems from the way blocks of data are encrypted under a specific type of encryption algorithm within the SSL protocol. Two other conditions must be met to successfully execute the POODLE attack: The attacker must be able to control portions of the client side of the SSL connection (varying the length of the input) The attacker must have visibility of the resulting cipher-text. Impact to LabTech Web Browsers

Google Hacking Diggity Project – Bishop Fox Sometimes, the best defense is a good offense. Bishop Fox’s attack tools for Google Hacking level the playing field by allowing our clients to find information disclosures and exposed vulnerabilities before others do. Arm yourself with our arsenal of attack tools that leverage Google, Bing, and other popular search engines. SearchDiggity SearchDiggity v 3 SearchDiggity 3.1 is the primary attack tool of the Google Hacking Diggity Project. SearchDiggity – Tool List Note: To avoid Google/Bing bot detection which causes SearchDiggity to pause and display the error “Auto-resuming in 15 minutes.“, see this blog post on using the official APIs provided by Google/Bing/SHODAN. Downloads SearchDiggity - Tool Screenshot Gallery GoogleDiggity CodeSearch Diggity BingDiggity LinkFromDomain-1 LinkFromDomain-2 DLPDiggity FlashDiggity-1 FlashDiggity-2 MalwareDiggity PortScan Diggity-1 PortScan Diggity-2 NotInMyBackYard-1 NotInMyBackYard-2 NotInMyBackYard-3 SHODAN Diggity Hacking Dictionaries Bing Hacking Database - BHDB v2

Top 50 Hacking Tools That You Must Have Whether you are a Penetration tester, a hacker or an aspiring newbie trying to learn Cyber Security, you must have a nice catalogue of tools to make your life easier. While these tools do make working simpler but cannot compensate for the vast amount of knowledge required in this field. Ethical hacking and online security involves a lot efforts. Many tools are used to test and keep software secure. The same tools can also be used by hackers for exploitation. A hacking tool is a computer program or software which helps a hacker to hack a computer system or a computer program. In this post i’m going to mention 50 different tools under 9 categories that your ‘Hack Lab’ must have. Intrusion Detection Systems :- These are the tools you must have if you’re building a hack lab for penetration testing or for any security arrangement. SnortNetCop Encryption Tools :- While the above tools do identify any suspicious activity but they can’t protect your data, you need encryption tools for that.

Google Hacking :: Online Penetration Testing Tools | Ethical Hacking Tools About this tool Every penetration test should start with a passive reconnaissance phase. Since public search engines have gathered huge amounts of information about almost every website from the Internet, it is a good idea to make some queries and get this information from them. Google has a set of advanced search operators which can be used to find interesting information about a target website or domain. Note: Your browser must allow popups Parameters Target website / domain: as the name says, this is your target website or domain for which you are querying Google. How it works This tool will use your browser to make requests to Google using specific search expressions that are able to find interesting information about the target.

Certificate Decoder - Decode certificates to view their contents Use this Certificate Decoder to decode your PEM encoded SSL certificate and verify that it contains the correct information. A PEM encoded certificate is a block of encoded text that contains all of the certificate information and public key. Another simple way to view the information in a certificate on a Windows machine is to just double-click the certificate file. If you want to decode certificates on your own computer, run this OpenSSL command: openssl x509 -in certificate.crt -text -noout

Related: