Archive | Hacking Tools


16 June 2014 | 2,472 views

SHODAN – Expose Online Devices (Wind Turbines, Power Plants & More!)

SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners. Web search engines, such as Google and Bing, are great for finding websites. But what if you’re interested in [...]

Continue Reading


09 June 2014 | 2,064 views

OWASP Mantra 0.92 – Browser Based Security Framework

OWASP Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. Mantra is lite, flexible, portable and user friendly with a [...]

Continue Reading


04 June 2014 | 1,703 views

OWASP NINJA-PingU – High Performance Large Scale Network Scanner

NINJA-PingU (NINJA-PingU Is Not Just A Ping Utility) is a free open-source high performance network scanner tool for large scale analysis. It has been designed with performance as its primary goal and developed as a framework to allow easy plugin integration. Essentially it’s a high performance, large scale network scanner, the likes of which we [...]

Continue Reading


26 May 2014 | 3,290 views

Moscrack – Cluster Cracking Tool For WPA Keys

Moscrack is a PERL application designed to facilitate cracking WPA keys in parallel on a group of computers. This is accomplished by use of either Mosix clustering software, SSH or RSH access to a number of nodes. With Moscrack’s new plugin framework, hash cracking has become possible. SHA256/512, DES, MD5 and *Blowfish Unix password hashes [...]

Continue Reading


02 May 2014 | 1,394 views

Host-Extract – Enumerate All IP/Host Patterns In A Web Page

host-extract is a little ruby script that tries to extract all IP/Host patterns in page response of a given URL and JavaScript/CSS files of that URL. With it, you can quickly identify internal IPs/Hostnames, development IPs/ports, cdn, load balancers, additional attack entries related to your target that are revealed in inline js, css, html comment [...]

Continue Reading


29 April 2014 | 1,188 views

BlindElephant – Web Application Fingerprinter

The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable. BlindElephant can be used directly as a tool on the [...]

Continue Reading


22 April 2014 | 1,421 views

RAWR – Rapid Assessment of Web Resources

Introducing RAWR (Rapid Assessment of Web Resources). There’s a lot packed in this tool that will help you get a better grasp of the threat landscape that is your client’s web resources. It has been tested from extremely large network environments, down to 5 node networks. It has been fine-tuned to promote fast, accurate, and [...]

Continue Reading


17 March 2014 | 5,334 views

Blackhash – Audit Passwords Without Hashes

A traditional password audit typically involves extracting password hashes from systems and then sending those hashes to a third-party security auditor or an in-house security team. These security specialists have the knowledge and tools to effectively audit password hashes. They use password cracking software such as John the Ripper and Hashcat in an effort to [...]

Continue Reading


04 March 2014 | 2,320 views

EyeWitness – A Rapid Web Application Triage Tool

EyeWitness is a rapid web application triage tool designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. The author would love for EyeWitness to identify more default credentials of various web applications. So as you find devices which utilizes default credentials, please e-mail him the source code [...]

Continue Reading


24 February 2014 | 1,513 views

wig – WebApp Information Gatherer – Identify CMS

wig is a Python tool that identifies a websites CMS by searching for fingerprints of static files and extracting version numbers from known files. OS identification is done by using the value of the ‘server’ and ‘X-Powered-By’ in the response header. These values are compared to a database of which package versions are include with [...]

Continue Reading