Archive | Hacking Tools


03 October 2014 | 2,509 views

iSniff-GPS – Passive Wifi Sniffing Tool With Location Data

iSniff GPS is a passive wifi sniffing tool which sniffs for SSID probes, ARPs and MDNS (Bonjour) packets broadcast by nearby iPhones, iPads and other wireless devices. The aim is to collect data which can be used to identify each device and determine previous geographical locations, based solely on information each device discloses about previously [...]

Continue Reading


29 September 2014 | 3,597 views

masscan – The Fastest TCP Port Scanner

masscan is the fastest TCP port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second. It produces results similar to nmap, the most famous port scanner. Internally, it operates more like scanrand, unicornscan, and ZMap, using asynchronous transmission. The major difference is that it’s faster than these [...]

Continue Reading


24 September 2014 | 1,323 views

drozer – The Leading Security Testing Framework For Android

drozer (formerly Mercury) is the leading security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying OS. drozer provides tools to help you use, share and understand public [...]

Continue Reading


20 September 2014 | 3,776 views

tinfoleak – Get Detailed Info About Any Twitter User

tinfoleak is basically an OSINT tool for Twitter, there’s not a lot of stuff like this around – the only one that comes to mind in fact is creepy – Geolocation Information Aggregator. tinfoleak is a simple Python script that allow to obtain: basic information about a Twitter user (name, picture, location, followers, etc.) devices [...]

Continue Reading


03 September 2014 | 2,987 views

BurpSentintel – Vulnerability Scanning Plugin For Burp Proxy

BurpSentintel is a plugin for Burp Intercepting Proxy, to aid and ease the identification of vulnerabilities in web applications. Searching for vulnerabilities in web applications can be a tedious task. Most of the time consists of inserting magic chars into parameters, and looking for suspicious output. Sentinel tries to automate parts of this laborous task. [...]

Continue Reading


23 August 2014 | 2,319 views

Garmr – Automate Web Application Security Tests

Garmr is a tool to inspect the responses from websites for basic security requirements. It includes a set of core test cases implemented in corechecks that are derived from the Mozilla Secure Coding Guidelines which can be found here: https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines The purpose of this page is to establish a concise and consistent approach to secure [...]

Continue Reading


13 August 2014 | 4,022 views

ParanoiDF – PDF Analysis & Password Cracking Tool

ParanoiDF is a PDF Analysis Suite based on PeePDF by Jose Miguel Esparza. The tools/features that have been added are – Password cracking, redaction recovery, DRM removal, malicious JavaScript extraction, and more. We have posted about a few PDF related tools before, including the one this tool is based on: – peepdf – Analyze & [...]

Continue Reading


30 July 2014 | 3,334 views

XSSYA – Cross Site Scripting (XSS) Scanner Tool

XSSYA is a Cross Site Scripting Scanner & Vulnerability Confirmation Tool, it’s written in Python and works by executing an encoded payload to bypass Web Application Firewalls (WAF) which is the first method request and response. If the website/app responds 200 it attempts to use “Method 2″ which searches for the payload decoded in the [...]

Continue Reading


21 July 2014 | 2,106 views

clipcaptcha – CAPTCHA Service Impersonation Tool

clipcaptcha is an extensible and signature based CAPTCHA Provider impersonation tool based off Moxie Marlinspike’s sslstrip codebase, which we mentioned back in 2009 – SSLstrip – HTTPS Stripping Attack Tool. Depending on its mode of operation it may approve, reject or forward the CAPTCHA verification requests. It maintains an easy to edit XML configuration file [...]

Continue Reading


09 July 2014 | 3,096 views

dirs3arch – HTTP File & Directory Brute Forcing Tool

dirs3arch is a simple command line tool designed to brute force directories and files in websites. It’s a HTTP File & Directory Brute Forcing Tool similar to DirBuster. Features Keep alive connections Multithreaded Detect not found web pages when 404 not found errors are masked (.htaccess, web.config, etc). Recursive brute forcing Getting Started

You [...]

Continue Reading