1. PWN STAR
A bash script to launch the AP, can be configured with a variety of attack options. Including a php script and server index.html, for phishing. Can act as a multi-client captive portal using php and iptables. Exploitation classics such as crime-PDF, De-auth with aireplay, etc..
![[Image: PwnSTARscreenshot.png]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7hxjJWz3ZeScwsEMbDXOsIp6KpUviswNNmxoB06NOYfSlYwwnPw_9DRmHjWN7Q0UPGmptofvXyb7M1SVH7hyphenhyphenwVODrf6mWxV4-pfG-ldP-ovWg6d5PfzUvuiMjw1M_QgIDj7f8ONPrSqm8/s640/PwnSTARscreenshot.png)
General Features:
Managing Interfaces and MAC Spoofing
Set sniffing
Phishing Web
Karmetasploit
WPA handshake
De-auth client
Managing Iptables
2. ZED ATTACK PROXY (ZAP)
(ZAP) is an integrated penetration testing tool for finding vulnerabilities in web applications. This tool is designed for use by people with a variety of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to the toolbox tester.
![[Image: zap1-3historyfilter.jpg]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIiygNYf1__WzGkjqlYGgf3thtOXl1pZwZOOAfiQND7FzdNwVl_wCnVYCUhDo6A1cAydSgyO7-5IHHV4lOESjElV7BmyySaqA7QNvwrJWxqooiLKFJaAqvk7rgGg2yzXguoeSUTC7JSpug/s640/zap1-3historyfilter.jpg)
Key Features:
Intercepting Proxy
Active scanners
Passive scanners
Brute Force scanner
Spider
Fuzzer
Port Scanner
Dynamic SSL certificates
API
Beanshell integration
3. SET (SOCIAL ENGINEERING TOOLKIT)
Tools that focus on attacking the human element of weakness and inadvertence. This tool is widely used today and is one of the most successful tools demonstrated at Defcon.
![[Image: Set-Box_2.png]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjayf59aZcWzvYQQgfRklH3ja6FESaB8YTYGXdZ0DwQdMPtoTFS8zKobHUr4wEBr6qt-itcZj-sF7dTJ6qPTrOf4ahQXDp1y9MddIFK5a_kkSaLCldGVdU7wJS3Afby-NfEh59C1WS3vEoW/s320/Set-Box_2.png)
Key Features:
Spear-Phishing Attack Vector
Java Applet Attack Vector
Metasploit Browser Exploit Method
Credential Harvester Attack Method
Tabnabbing Attack Method
Man Left in the Middle Attack Method
Web Jacking Attack Method
Multi-Attack Web Vector
Infectious Media Generator
Teensy USB HID Attack Vector
4. BURP SUITE
Burp Suite is a very nice tool for web application security testing. This tool is great for pentester and security researchers. It contains a variety of tools with many interfaces between them designed to facilitate and accelerate the process of web application attacks.
![[Image: scanner.png]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGDfeM590X8B7pkWdMLlldP9mOpVYi-zmmINiHYv9edjj6pZRtvyOxNAVvFHWfbm1ZrLZ1YVoVqEsyvMZNfKfDP6zBhF9uUjkpZb3NUoQf8CuntRS21xWXASewCGBOryu5pUjozFarGiMe/s640/scanner.png)
General Function:
Interception proxies
Radar and spiders crawling
Webapps scanner
Tool assault
Repeater and sequencer tools
5. ETTERCAP
Ettercap is a multipurpose sniffer / interceptor / logger for Local Area Network . It supports active and passive dissection of many protocols (even in code) and includes many feature for network and host analysis.
![[Image: Ettercap_2.jpg]](http://i1-linux.softpedia-static.com/screenshots/Ettercap_2.jpg)
General Function:
To capture traffic and data
To do logging network
Etc.
6. SANS INVESTIGATIVE FORENSIC TOOLKIT (SIFT)
The SANS Investigative Forensic Toolkit (SIFT) Workstation is a VMware Appliance that can be configured with all the requirements to perform a detailed digital forensic. Compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The new version has been completely rebuilt on the Ubuntu base with many additional tools and capabilities that are used in modern forensic technology.
![[Image: SANS+Investigative+Forensic+Toolkit+2.14+Released.jpg]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl4LrLY9tr6XohWVnDS6udkcdYIpXp3PTOStpI6z1NPVZA3CgYiE77IhDkTXEBGfgDtSWfdg-iGw7aI6Os56TI82LKUrGmVHz7ZssiTX2i5wCw2fKCRqS9VAH3FKOs4mUyS56gI0aoLgOQ/s1600/SANS+Investigative+Forensic+Toolkit+2.14+Released.jpg)
General Function :
iPhone, Blackberry, and Android Forensic Capabilities
Registry Viewer (YARU)
Compatibility with F-Response Tactical, Standard, and Enterprise
PTK 2.0 (Special Release - Not Available for Download)
Automated Generation Timeline via log2timeline
Many Firefox Investigative Tools
Windows Journal Parser and Shellbags Parser (jp and sbag)
Many Windows Analysis Utilities (prefetch, usbstor, event logs, and more)
Complete Overhaul of Regripper Plugins (added over 80 additional plugins)
7. WIRESHARK
Wireshark is the most widely used and most popular in the world the protocol analyzer, and is the de facto standard across many industries and educational institutions to analyze the network in different protocol.
![[Image: ws-main.png]](http://www.wireshark.org/docs/wsug_html_chunked/wsug_graphics/ws-main.png)
General Function:
Live capture and offline analysis
Standard three-pane packet browser
Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
Captured data network can be browsed via a GUI, or via the TTY-mode tshark utility
The most powerful display filters in the industry
Rich VoIP analysis
Read / write many different capture file formats
Etc.
8. WEBSPLOIT
WebSploit is an Open Source Project for Remote Scan and Analysis System of the weaknesses in web applications.
![[Image: WebSploit+Framework+2.0.3+with+Wifi+Jammer.jpg]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitZl4cAf0MV5X-Gf89dff4OwtIMNZjSKYOk7XBO8UCOQoM7uiA4xwfPF5wsyCTWPW3DomnbbHM6uwqZV7mfyTZHRx9o4s81PB2rl8tkdU1dpR-xFl1OQMZeZTooS1E5dOUQOUP5sn04PZH/s640/WebSploit+Framework+2.0.3+with+Wifi+Jammer.jpg)
Key Features:
[>] Social Engineering Works
[>] Scan, Web Crawler & Analysis
[>] Automatic Exploiter
[>] Support Network Attacks
-
[+] Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+] WMAP - Scan, Target Used Crawler From Metasploit WMAP plugin
[+] format infector - inject the payload into reverse and bind file format
[+] phpmyadmin Scanner
[+] LFI Bypasser
[+] Apache Users Scanner
[+] Dir Bruter
[+] admin finder
[ +] MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+] MITM - Man In The Middle Attack
[+] Java Applet Attack
[+] MFOD Attack Vector
[+] USB Infection Attack
[+] Dos ARP Attack
[+ ]'s Killer Attack
[+] Attack Fake Update
[+] Fake Access Point Attack
9. WINAUTOPWN
WinAutoPWN is a tool that is used to exploit the Windows Framework directly, so that we are automatically going to be an administrator on the windows.
![[Image: winAUTOPWN+v3.2+Released.jpg]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOAhWZnP7khoxcaqyRZWN27g016TLL5GicNyvNoVLF5M0sx1yzPSQ2oZ1YyNQi5AaDh__c_YJjKrbOgEuSyHKQzmEUdmrh5xEX1ESPF5NQ2tLOAXGPDPqIsSsevHLD19FVkuFQLr6SAP8K/s640/winAUTOPWN+v3.2+Released.jpg)
10. HASHCAT
Hashcat are a variety of tools to crack passwords in encrypted, it is very powerful for password recovery.
![[Image: hashcat.png]](http://hashcat.net/hashcat/hashcat.png)
General Function:
Multi-Threaded
Free
Multi-Hash (up to 24 million hashes)
Multi-OS (Linux, Windows and OSX native binaries)
Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, ...)
SSE2 accelerated
All Attack-Modes except Brute-Force and Permutation can be extended by rules
Very fast Rule-engine
Rules compatible with JTR and PasswordsPro
Possible to resume or limit session
Automatically recognizes recovered hashes from outfile at startup
Can automatically generate random rules
Load saltlist from an external file and then use them in a Brute-Force Attack variant
Able to work in an distributed environment
Specify multiple wordlists or multiple directories of wordlists
Number of threads can be configured
Lowest priority threads run on
30 + Algorithms is implemented with performance in mind
... and much more
A bash script to launch the AP, can be configured with a variety of attack options. Including a php script and server index.html, for phishing. Can act as a multi-client captive portal using php and iptables. Exploitation classics such as crime-PDF, De-auth with aireplay, etc..
General Features:
Managing Interfaces and MAC Spoofing
Set sniffing
Phishing Web
Karmetasploit
WPA handshake
De-auth client
Managing Iptables
2. ZED ATTACK PROXY (ZAP)
(ZAP) is an integrated penetration testing tool for finding vulnerabilities in web applications. This tool is designed for use by people with a variety of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to the toolbox tester.
Key Features:
Intercepting Proxy
Active scanners
Passive scanners
Brute Force scanner
Spider
Fuzzer
Port Scanner
Dynamic SSL certificates
API
Beanshell integration
3. SET (SOCIAL ENGINEERING TOOLKIT)
Tools that focus on attacking the human element of weakness and inadvertence. This tool is widely used today and is one of the most successful tools demonstrated at Defcon.
Key Features:
Spear-Phishing Attack Vector
Java Applet Attack Vector
Metasploit Browser Exploit Method
Credential Harvester Attack Method
Tabnabbing Attack Method
Man Left in the Middle Attack Method
Web Jacking Attack Method
Multi-Attack Web Vector
Infectious Media Generator
Teensy USB HID Attack Vector
4. BURP SUITE
Burp Suite is a very nice tool for web application security testing. This tool is great for pentester and security researchers. It contains a variety of tools with many interfaces between them designed to facilitate and accelerate the process of web application attacks.
General Function:
Interception proxies
Radar and spiders crawling
Webapps scanner
Tool assault
Repeater and sequencer tools
5. ETTERCAP
Ettercap is a multipurpose sniffer / interceptor / logger for Local Area Network . It supports active and passive dissection of many protocols (even in code) and includes many feature for network and host analysis.
General Function:
To capture traffic and data
To do logging network
Etc.
6. SANS INVESTIGATIVE FORENSIC TOOLKIT (SIFT)
The SANS Investigative Forensic Toolkit (SIFT) Workstation is a VMware Appliance that can be configured with all the requirements to perform a detailed digital forensic. Compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The new version has been completely rebuilt on the Ubuntu base with many additional tools and capabilities that are used in modern forensic technology.
General Function :
iPhone, Blackberry, and Android Forensic Capabilities
Registry Viewer (YARU)
Compatibility with F-Response Tactical, Standard, and Enterprise
PTK 2.0 (Special Release - Not Available for Download)
Automated Generation Timeline via log2timeline
Many Firefox Investigative Tools
Windows Journal Parser and Shellbags Parser (jp and sbag)
Many Windows Analysis Utilities (prefetch, usbstor, event logs, and more)
Complete Overhaul of Regripper Plugins (added over 80 additional plugins)
7. WIRESHARK
Wireshark is the most widely used and most popular in the world the protocol analyzer, and is the de facto standard across many industries and educational institutions to analyze the network in different protocol.
Image has been scaled down 18% (700x518). Click this bar to view original image (845x625). Click image to open in new window.
General Function:
Live capture and offline analysis
Standard three-pane packet browser
Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
Captured data network can be browsed via a GUI, or via the TTY-mode tshark utility
The most powerful display filters in the industry
Rich VoIP analysis
Read / write many different capture file formats
Etc.
8. WEBSPLOIT
WebSploit is an Open Source Project for Remote Scan and Analysis System of the weaknesses in web applications.
Key Features:
[>] Social Engineering Works
[>] Scan, Web Crawler & Analysis
[>] Automatic Exploiter
[>] Support Network Attacks
-
[+] Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+] WMAP - Scan, Target Used Crawler From Metasploit WMAP plugin
[+] format infector - inject the payload into reverse and bind file format
[+] phpmyadmin Scanner
[+] LFI Bypasser
[+] Apache Users Scanner
[+] Dir Bruter
[+] admin finder
[ +] MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+] MITM - Man In The Middle Attack
[+] Java Applet Attack
[+] MFOD Attack Vector
[+] USB Infection Attack
[+] Dos ARP Attack
[+ ]'s Killer Attack
[+] Attack Fake Update
[+] Fake Access Point Attack
9. WINAUTOPWN
WinAutoPWN is a tool that is used to exploit the Windows Framework directly, so that we are automatically going to be an administrator on the windows.
Image has been scaled down 30% (700x505). Click this bar to view original image (999x720). Click image to open in new window.
10. HASHCAT
Hashcat are a variety of tools to crack passwords in encrypted, it is very powerful for password recovery.
Image has been scaled down 3% (700x510). Click this bar to view original image (720x524). Click image to open in new window.
General Function:
Multi-Threaded
Free
Multi-Hash (up to 24 million hashes)
Multi-OS (Linux, Windows and OSX native binaries)
Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, ...)
SSE2 accelerated
All Attack-Modes except Brute-Force and Permutation can be extended by rules
Very fast Rule-engine
Rules compatible with JTR and PasswordsPro
Possible to resume or limit session
Automatically recognizes recovered hashes from outfile at startup
Can automatically generate random rules
Load saltlist from an external file and then use them in a Brute-Force Attack variant
Able to work in an distributed environment
Specify multiple wordlists or multiple directories of wordlists
Number of threads can be configured
Lowest priority threads run on
30 + Algorithms is implemented with performance in mind
... and much more
bhai pls give me the fb account password and username of my sister ,,,I have completed all the surveys but I am still unable to download her accounts information,,,Its very necessary bhai,,,everyone in my family is concerned about her ,,plzz contact me ,,my email id is ---yogeshrai74@gmail.com and my contact number is 7836863794
ReplyDeletePLEASE READ!!!Hello Guys!!! I am Ruth I live in Ohio USA I’m 32 Years old, am so happy I got my blank ATM card from Adriano. My blank ATM card can withdraw $4,500 daily. I got it from Him last week and now I have withdrawn about $10,000 for free. The blank ATM withdraws money from any ATM machines and there is no name on it because it is blank just your PIN will be on it, it is not traceable and now I have money for business, shopping and enough money for me and my family to live on.I am really glad and happy i met Adriano because I met Five persons before him and they could not help me. But am happy now Adriano sent the card through DHL and I got it in two days. Get your own card from him right now, he is giving it out for small fee to help people even if it is illegal but it helps a lot and no one ever gets caught or traced. I’m happy and grateful to Adriano because he changed my story all of a sudden. The card works in all countries that is the good news Adriano's email address is adrianohackers01@gmail.com
ReplyDelete