Archive | Hacking Tools


15 March 2007 | 7,886 views

Stompy – The Web Application Session Analyzer Tool

A new tool dealing with web sessions was recently announced, it’s called stompy, a free tool to perform a fairly detailed black-box assessment of WWW session identifier generation algorithms. Session IDs are commonly used to track authenticated users, and as such, whenever they’re predictable or simply vulnerable to brute-force attacks, we do have a problem. […]

Continue Reading

08 March 2007 | 43,682 views

PReplay – A pcap Network Traffic Replay Tool for Windows

There are not many good tools for replaying traffic, most people use WireShark (formely known as Ethereal) for capturing the traffic, but what happens if you want to take that capture and reply it over the wire? Someone has this problem so they decided to code their own solution, thankfully for us! There are quite […]

Continue Reading

01 March 2007 | 27,710 views

A Collection of Web Backdoors & Shells – cmdasp cmdjsp jsp-reverse php-backdoor

Michael Daw has collected some WEB backdoors to exploit vulnerable file upload facilities and others. It’s a pretty useful library for a variety of situations, especially for those doing web application security audits and web app security. Understanding how these backdoors work can also help security administrators implement firewalling and security policies to mitigate obvious […]

Continue Reading

26 February 2007 | 18,990 views

ADTool – Active Directory Domain Listing Tool

ADtool is a neat tool to help you list all the machines that are part of an Active Directory driven domain or network. It is intended to help pentesters and admins in their day to day work, there are some other tools that can accomplish the work for listing domain servers, but unfortunately all other […]

Continue Reading

23 February 2007 | 7,953 views

LFT – Layer Four Traceroute and WhoB

LFT LFT, short for Layer Four Traceroute, is a sort of ‘traceroute’ that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filters (firewalls). More importantly, LFT implements numerous other features including AS number lookups through several reliable sources, loose source routing, netblock name lookups, et al. What […]

Continue Reading

20 February 2007 | 11,935 views

Fierce Domain Scanner Released – Domain Reconnaissance Tool

Fierce domain scan was born out of personal frustration after performing a web application security audit. It is traditionally very difficult to discover large swaths of a corporate network that is non-contiguous. It’s terribly easy to run a scanner against an IP range, but if the IP ranges are nowhere near one another you can […]

Continue Reading

17 February 2007 | 15,027 views

sqlmap – Automated Blind SQL Injection Tool

sqlmap is an automatic blind SQL injection tool, developed in python, capable of enumerating an entire remote database, performing an active database fingerprint and much more. The aim of this project is to implement a fully functional database mapper tool which takes advantages of web application programming security flaws which lead to SQL injection vulnerabilities. […]

Continue Reading

14 February 2007 | 324,243 views

THC-Hydra – The Fast and Flexible Network Login Hacking Tool

THC-Hydra rocks, it’s pretty much the most up to date and currently developed password brute forcing tool around at the moment. It supports a LOT of services and protocols too. Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallelized login cracker which supports numerous protocols […]

Continue Reading

12 February 2007 | 17,229 views

AccessDiver – Web Site Security Testing Tool

AccessDiver is a security tester for WEB sites. It incorporates a set of powerful features which help you find and organize failures and weaknesses from your web site. AccessDiver can detect security failures on your web pages. It has multiple efficient tools which will verify the robustness of your accounts and directories accurately. So, you […]

Continue Reading

05 February 2007 | 17,516 views

Caecus – Web Brute Forcing Tool with OCR Support

Caecus is a unique tool which can bruteforce some OCR form based protections. As far as we know at Darknet, this is the only publicly available OCR brute forcing tool. These scripts generates a digital image as an extra layer of security called OCR. Some versions of this script also use session id’s to keep […]

Continue Reading