Scapy Xdebug - Debugger and Profiler Tool for PHP SQID - SQL Injection digger SQID sql injection digger. about SQL injection digger is a command line program that looks for SQL injections and common errors in web sites. Current version can perform the following operations: Look for SQL injections and common errors in web site URLs found by performing a google search. sqid is extensible by adding more signatures to its database (sqid.db). Usage Usage: sqid.rb [options] options: -m, --mode MODE Operate in mode MODE. download sqid is licensed under GPL v2. svn checkout next Next release will be additionally able to look for SQL injections in a web page by submitting forms. Please send suggestions, bugs, patches and flames at contact@metaeye.org. Copyright © Metaeye Security
Software >> sslstrip This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. Requirements Python >= 2.5 (apt-get install python) The python "twisted-web" module (apt-get install python-twisted-web) Setup tar zxvf sslstrip-0.9.tar.gz cd sslstrip-0.9 (optional) sudo python . Running sslstrip That should do it. How does this work? First, arpspoof convinces a host that our MAC address is the router’s MAC address, and the target begins to send us all its network traffic. At this point, sslstrip receives the traffic and does its magic. Development The current development branch can be found on github.
troelskn/php-tracer-weaver - GitHub The Social-Engineer Toolkit (SET) The Social-Engineer Toolkit (SET) was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. The Social-Engineer Toolkit has over 2 million downloads and is aimed at leveraging advanced technological attacks in a social-engineering type environment. SET is included in the latest version of the most popular Linux distribution focused on security, Back|Track. git clone set/ Below are some videos on SET: Defcon 20 – Owning One to Rule Them All – Dave Kennedy and Dave DeSimone DerbyCon 1 – Adaptive Penetration Testing ft. Defcon 19 – Pentesting over Powerlines The Social-Engineer Toolkit v3.3 release. The Social-Engineer Toolkit v3.0 release. The Social-Engineer Toolkit on the history channel. The Social-Engineer Toolkit v2.1 release.
Track your dependencies with PHP_Depend - Manuel Pichler To provide a flexible and extendable software, it is a good OO practice to reduce the dependencies between implementing classes. This could be achieved by developing against abstractions which means both, abstract classes and interfaces. By using abstractions instead of real implementation in the application you provide some sort of contract, that could be used by others to hook into the application with their own classes that fulfill the contract. Except the extensibility of an application a good abstraction reduces the risk of breaks in multiple subsystems when something was changed in a single package. But how to get rid of all these dependencies, doing this by hand will become an impossible job, at least for larger projects. PHP_Depend is an adaption of the established Java development tool JDepend. PHP_Depend calculates the following metrics by counting classes, interfaces and dependencies. Ca - Afferent Couplings: Ce - Efferent Couplings: I - Instability: A - Abstractness:
Tortilla – Un outil capable de router tout le trafic TCP/IP et DNS d’une machine Windows via TOR Tor est une invention formidable (Et Jacob Appelbaum mériterait bien un prix Nobel tiens...) et qui pourtant, sous Windows est mal exploité. En effet, à part le Tor Bundle (Tor + Firefox), qui permet de surfer de manière anonymisée, il n'existe rien d'autre. Dès qu'on sort d'un navigateur ou d'un logiciel qui supporte nativement les proxys Socks ou HTTP, il n'est plus possible d'utiliser Tor. Il n'est pas possible non plus d'utiliser Flash par exemple puisque ce dernier est un plugin étranger au navigateur... Autre exemple, les chercheurs qui analysent les malwares sous Windows se retrouvent vite dépourvus et leur IP peut rapidement se retrouver aux mains des pirates. Il est bien sûr possible de rerouter tout le trafic d'une machine pour le passer via Tor mais uniquement si on est sous GNU/Linux. C'est pourquoi, Jason Geffner a mis au point un outil qui va permettre de faire transiter par TOR, de manière sécurisée, anonyme et transparente, tout le trafic TCP/IP et DNS d'une machine.