by Friday, January 24, 2014 1 comments


A bash script to launch the AP, can be configured with a variety of attack options. Including a php script and server index.html, for phishing. Can act as a multi-client captive portal using php and iptables. Exploitation classics such as crime-PDF, De-auth with aireplay, etc..

[Image: PwnSTARscreenshot.png]

General Features:
Managing Interfaces and MAC Spoofing
Set sniffing
Phishing Web
WPA handshake
De-auth client
Managing Iptables


(ZAP) is an integrated penetration testing tool for finding vulnerabilities in web applications. This tool is designed for use by people with a variety of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to the toolbox tester.

[Image: zap1-3historyfilter.jpg]

Key Features:
Intercepting Proxy
Active scanners
Passive scanners
Brute Force scanner
Port Scanner
Dynamic SSL certificates
Beanshell integration


Tools that focus on attacking the human element of weakness and inadvertence. This tool is widely used today and is one of the most successful tools demonstrated at Defcon.

[Image: Set-Box_2.png]

Key Features:
Spear-Phishing Attack Vector
Java Applet Attack Vector
Metasploit Browser Exploit Method
Credential Harvester Attack Method
Tabnabbing Attack Method
Man Left in the Middle Attack Method
Web Jacking Attack Method
Multi-Attack Web Vector
Infectious Media Generator
Teensy USB HID Attack Vector


Burp Suite is a very nice tool for web application security testing. This tool is great for pentester and security researchers. It contains a variety of tools with many interfaces between them designed to facilitate and accelerate the process of web application attacks.

[Image: scanner.png]

General Function:
Interception proxies
Radar and spiders crawling
Webapps scanner
Tool assault
Repeater and sequencer tools


Ettercap is a multipurpose sniffer / interceptor / logger for Local Area Network . It supports active and passive dissection of many protocols (even in code) and includes many feature for network and host analysis.

[Image: Ettercap_2.jpg]

General Function:
To capture traffic and data
To do logging network


The SANS Investigative Forensic Toolkit (SIFT) Workstation is a VMware Appliance that can be configured with all the requirements to perform a detailed digital forensic. Compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The new version has been completely rebuilt on the Ubuntu base with many additional tools and capabilities that are used in modern forensic technology.

[Image: SANS+Investigative+Forensic+Toolkit+2.14+Released.jpg]

General Function :
iPhone, Blackberry, and Android Forensic Capabilities
Registry Viewer (YARU)
Compatibility with F-Response Tactical, Standard, and Enterprise
PTK 2.0 (Special Release - Not Available for Download)
Automated Generation Timeline via log2timeline
Many Firefox Investigative Tools
Windows Journal Parser and Shellbags Parser (jp and sbag)
Many Windows Analysis Utilities (prefetch, usbstor, event logs, and more)
Complete Overhaul of Regripper Plugins (added over 80 additional plugins)


Wireshark is the most widely used and most popular in the world the protocol analyzer, and is the de facto standard across many industries and educational institutions to analyze the network in different protocol.

Image has been scaled down 18% (700x518). Click this bar to view original image (845x625). Click image to open in new window.
[Image: ws-main.png]

General Function:
Live capture and offline analysis
Standard three-pane packet browser
Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
Captured data network can be browsed via a GUI, or via the TTY-mode tshark utility
The most powerful display filters in the industry
Rich VoIP analysis
Read / write many different capture file formats


WebSploit is an Open Source Project for Remote Scan and Analysis System of the weaknesses in web applications.

[Image: WebSploit+Framework+2.0.3+with+Wifi+Jammer.jpg]

Key Features: 
[>] Social Engineering Works
[>] Scan, Web Crawler & Analysis
[>] Automatic Exploiter
[>] Support Network Attacks
[+] Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+] WMAP - Scan, Target Used Crawler From Metasploit WMAP plugin
[+] format infector - inject the payload into reverse and bind file format
[+] phpmyadmin Scanner
[+] LFI Bypasser
[+] Apache Users Scanner
[+] Dir Bruter
[+] admin finder
[ +] MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+] MITM - Man In The Middle Attack
[+] Java Applet Attack
[+] MFOD Attack Vector
[+] USB Infection Attack
[+] Dos ARP Attack
[+ ]'s Killer Attack
[+] Attack Fake Update
[+] Fake Access Point Attack


WinAutoPWN is a tool that is used to exploit the Windows Framework directly, so that we are automatically going to be an administrator on the windows. 

Image has been scaled down 30% (700x505). Click this bar to view original image (999x720). Click image to open in new window.
[Image: winAUTOPWN+v3.2+Released.jpg]


Hashcat are a variety of tools to crack passwords in encrypted, it is very powerful for password recovery.

Image has been scaled down 3% (700x510). Click this bar to view original image (720x524). Click image to open in new window.
[Image: hashcat.png]

General Function:
Multi-Hash (up to 24 million hashes)
Multi-OS (Linux, Windows and OSX native binaries)
Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, ...)
SSE2 accelerated
All Attack-Modes except Brute-Force and Permutation can be extended by rules
Very fast Rule-engine
Rules compatible with JTR and PasswordsPro
Possible to resume or limit session
Automatically recognizes recovered hashes from outfile at startup
Can automatically generate random rules
Load saltlist from an external file and then use them in a Brute-Force Attack variant
Able to work in an distributed environment
Specify multiple wordlists or multiple directories of wordlists
Number of threads can be configured
Lowest priority threads run on
30 + Algorithms is implemented with performance in mind
... and much more

Raja Aakash


Cras justo odio, dapibus ac facilisis in, egestas eget quam. Curabitur blandit tempus porttitor. Vivamus sagittis lacus vel augue laoreet rutrum faucibus dolor auctor.