Archive | Hacking Tools


29 April 2014 | 1,166 views

BlindElephant – Web Application Fingerprinter

The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable. BlindElephant can be used directly as a tool on the [...]

Continue Reading


22 April 2014 | 1,408 views

RAWR – Rapid Assessment of Web Resources

Introducing RAWR (Rapid Assessment of Web Resources). There’s a lot packed in this tool that will help you get a better grasp of the threat landscape that is your client’s web resources. It has been tested from extremely large network environments, down to 5 node networks. It has been fine-tuned to promote fast, accurate, and [...]

Continue Reading


17 March 2014 | 5,289 views

Blackhash – Audit Passwords Without Hashes

A traditional password audit typically involves extracting password hashes from systems and then sending those hashes to a third-party security auditor or an in-house security team. These security specialists have the knowledge and tools to effectively audit password hashes. They use password cracking software such as John the Ripper and Hashcat in an effort to [...]

Continue Reading


04 March 2014 | 2,304 views

EyeWitness – A Rapid Web Application Triage Tool

EyeWitness is a rapid web application triage tool designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. The author would love for EyeWitness to identify more default credentials of various web applications. So as you find devices which utilizes default credentials, please e-mail him the source code [...]

Continue Reading


24 February 2014 | 1,482 views

wig – WebApp Information Gatherer – Identify CMS

wig is a Python tool that identifies a websites CMS by searching for fingerprints of static files and extracting version numbers from known files. OS identification is done by using the value of the ‘server’ and ‘X-Powered-By’ in the response header. These values are compared to a database of which package versions are include with [...]

Continue Reading


10 January 2014 | 1,299 views

Capstone – Multi-platform, Multi-architecture Disassembly Framework

Capstone is a lightweight multi-platform, multi-architecture disassembly framework. The target of the author is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community. It is one of a very few disassembly frameworks that can support multi-architectures. So far, it can handle 4 most important architectures: ARM, ARM64 (aka [...]

Continue Reading


06 January 2014 | 2,092 views

xssless – An Automated XSS Payload Generator Written In Python

xssless is an automated XSS payload generator written in python. Usage Record request(s) with Burp proxy Select request(s) you want to generate, then right click and select “Save items” Use xssless to generate your payload: ./xssless.py burp_export_file Pwn! Features Automated XSS payload generation from imported Burp proxy requests Payloads are 100% asynchronous and won’t freeze [...]

Continue Reading


28 November 2013 | 2,022 views

ike-scan – Discover & Fingerprint IKE Hosts (IPsec VPN Servers)

ike-scan discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern. ike-scan can perform the following functions: Discovery Determine which hosts in a given IP range are running IKE. This is done by displaying those hosts which respond to the IKE requests sent by ike-scan. Fingerprinting Determine which IKE implementation the hosts [...]

Continue Reading


22 November 2013 | 2,656 views

LANs.py ARP Spoofer – Multithreaded Asynchronous Packet Parsing/Injecting

LANs.py is a multithreaded asynchronous packet parsing/injecting ARP spoofer & poisoner. Individually poisons the ARP tables of the target box, the router and the DNS server if necessary. Does not poison anyone else on the network. Displays all most the interesting bits of their traffic and can inject custom html into pages they visit. Cleans [...]

Continue Reading


13 November 2013 | 4,262 views

hashcat – Multi-Threaded Password Hash Cracking Tool

hashcat claims to be the world’s fastest CPU-based password recovery tool, while not as fast as GPU powered hash brute forcing (like CUDA-Multiforcer), it is still pretty fast. hashcat was written somewhere in the middle of 2009. Yes, there were already close-to-perfect working tools supporting rule-based attacks like “PasswordsPro”, “John The Ripper”. However for some [...]

Continue Reading