Archive | Hacking Tools


16 May 2015 | 1,888 views

Plecost – WordPress Fingerprinting Tool

Plecost is a WordPress fingerprinting tool, it can search and retrieve information about the plug-in versions installed in a WordPress installation. It can be used to analyse a single URL or perform an analysis based on the results indexed by Google. Additionally it also displays the CVE code associated with each plug-in vulnerability, if any […]

Continue Reading

12 May 2015 | 2,080 views

InstaRecon – Automated Subdomain Discovery Tool

InstaRecon is an automated basic digital reconnaissance tool which is great for getting an initial footprint of your targets and discovering additional subdomains. In basic terms, it’s an automated subdomain discovery tool for the information gathering phase of penetration tests. There are other tools which cover some parts of the InstaRecon functionality such as: – […]

Continue Reading

09 May 2015 | 3,136 views

Wapiti – Web Application Vulnerability Scanner v2.3.0

Wapiti is a web application vulnerability scanner, it allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the web pages of the deployed web application, looking for scripts and forms where it can inject data. Once […]

Continue Reading

28 April 2015 | 3,396 views

CeWL v5.1 – Password Cracking Custom Word List Generator

CeWL is a Custom Word List generator which spiders a given site to create a word list of all words it finds on that site. It can also grab email addresses and usernames found in the HTML and in some document types including Office and PDF. Useful for targeted penetration testing which involves brute force […]

Continue Reading

25 April 2015 | 697 views

OAT – Microsoft OCS Assessment Tool (Office Communication Server)

OAT is an Open Source Microsoft OCS Assessment Tool designed to check the password strength of Lync and Microsoft Office Communication Server users. After a password is compromised, OAT demonstrates potential UC attacks that can be performed by legitimate users if proper security controls are not in place. We first wrote about OAT when it […]

Continue Reading

14 April 2015 | 1,673 views

SamuraiWTF 3.x And Onwards – Web Testing Framework Linux LiveCD

The Samurai Web Testing Framework (AKA SamuraiWTF) is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, the authors have based the tool selection on the […]

Continue Reading

07 April 2015 | 3,467 views

Watcher – Passive Web Application Vulnerability Scanner

Ever find yourself looking for that show-stopper exploit in a Web-app, and forgetting to check out all the low-hanging fruit? That’s initially why the authors created Watcher – a passive web application vulnerability scanner. For one thing, you don’t want to manually inspect a Web-app for many of these issues (cookie settings, SSL configuration, information […]

Continue Reading

31 March 2015 | 2,193 views

Pentoo – Gentoo Based Penetration Testing Linux LiveCD

Pentoo is a Gentoo based penetrating testing linux LiveCD. It’s basically a Gentoo install with lots of customized tools, customized kernel, and much more. Here is a non-exhaustive list of the features currently included: Hardened Kernel with aufs patches Backported Wifi stack from latest stable kernel release Module loading support ala slax Changes saving on […]

Continue Reading

28 March 2015 | 2,165 views

Onapsis Bizploit v1.50 – SAP Penetration Testing Framework

Onapsis Bizploit is an SAP penetration testing framework to assist security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized SAP security assessment. The framework currently ships with many plugins to assess the security of SAP Business Platforms. Additional plugins are available for broader platform support including Oracle. Nowadays, most organizations which […]

Continue Reading

21 March 2015 | 1,720 views

XSSYA v2.0 Released – XSS Vulnerability Confirmation Tool

We first published about XSSYA back in 2014, and it seemed to be pretty popular, there’s not a whole lot of tools in the XSS (Cross Site Scripting) space. For those who are unfamiliar, XSSYA used to be Cross Site Scripting aka XSS Vulnerability Scanner & Confirmation tool – the scanning portion has been removed […]

Continue Reading