Archive | Hacking Tools


06 February 2013 | 2,637 views

Weevely – PHP Stealth Tiny Web Shell

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones. Weevely is currently included in Backtrack and Backbox and all the major [...]

Continue Reading


15 October 2012 | 5,084 views

Web-Sorrow v1.48 – Version Detection, CMS Identification, Enumeration & Server Scanning Tool

Web-Sorrow is a PERL based tool for misconfiguration, version detection, enumeration, and server information scanning. It’s entirely focused on enumeration and collecting information about a target server. Web-Sorrow is a “safe to run” program, meaning it is not designed to be an exploit or perform any harmful attacks. There’s a couple of other tools that [...]

Continue Reading


05 September 2012 | 3,120 views

CrowdRE – Crowdsourced Reverse Engineering Service From CrowdStrike

Reversing complex software quickly is challenging due to the lack of professional tools that support collaborative analysis. The CrowdRE project aims to fill this gap. Rather than using a live distribution of changes to all clients, which has proven to fail in the past, it leverages from the architecture that is being used with success [...]

Continue Reading


27 August 2012 | 6,380 views

XMPPloit – A Tool to Attack XMPP Connections

XMPPloit is a command-line tool to attack XMPP connections, allowing the attacker to place a gateway between the client and the server and perform different attacks on the client stream. The tool exploit implements vulnerabilities at the client & server side utilizing the XMPP protocol. The main goal is that all the process is transparently [...]

Continue Reading


08 August 2012 | 3,787 views

chapcrack – A tool for parsing and decrypting MS-CHAPv2 network handshakes.

chapcrack is a tool for parsing and decrypting MS-CHAPv2 network handshakes, it was announced recently at Defcon as we read over here – Marlinspike demos MS-CHAPv2 crack. The process is as follows: Obtain a packet capture with an MS-CHAPv2 network handshake in it (PPTP VPN or WPA2 Enterprise handshake, for instance). Use chapcrack to parse [...]

Continue Reading


23 July 2012 | 3,529 views

Hcon Security Testing Framework (HconSTF) v0.4 – Fire Base

HconSTF is an Open Source Penetration Testing Framework based on different browser technologies, Which helps any security professional to assists in the Penetration testing or vulnerability scanning assessment. It contains webtools which are capable of carrying out XSS attacks, SQL Injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. It could prove useful to anybody interested [...]

Continue Reading


28 June 2012 | 10,940 views

The Mole v0.3 Released For Download – Automatic SQL Injection Exploitation Tool

The Mole is an automatic SQL Injection exploitation tool. All you need to do is provide a vulnerable URL and a valid string on the site you are testing and The Mole will detect the injection and exploit it, either by using the union technique or a boolean query based technique. We did mention The [...]

Continue Reading


22 May 2012 | 5,834 views

Nmap 6 Released For Download – Free Network Discovery & Security Auditing Tool

It’s been a while since the last major release of Nmap, the last time we reported on it was when Nmap v5.20 was Released (February 2010). The latest major version has just been released, version 6 – and is now available for download! For the two people on the planet who don’t know – Nmap [...]

Continue Reading


08 May 2012 | 1,777 views

Basic Fuzzing Framework (BFF) From CERT – Linux & Mac OSX Fuzzer Tool

The CERT Basic Fuzzing Framework (BFF) is a software testing tool that finds defects in applications that run on the Linux and Mac OS X platforms. BFF performs mutational fuzzing on software that consumes file input. (Mutational fuzzing is the act of taking well-formed input data and corrupting it in various ways, looking for cases [...]

Continue Reading


18 April 2012 | 3,877 views

NfSpy – ID-spoofing NFS Client Tool – Mount NFS Shares Without Account

We wrote about this tool originally last year – NfSpy – ID-spoofing NFS Client – Falsify NFS Credentials – and a new version just came out! NfSpy has just been updated to support NFSv3, a more efficient and widespread protocol than the previous NFSv2. NfSpy is a FUSE filesystem written in Python that automatically changes [...]

Continue Reading