Archive | Hacking Tools


28 October 2006 | 17,372 views

BobCat SQL Injection Tool based on Data Thief

BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named “Data Thief” that was published as PoC by appsecinc. BobCat can list the linked severs, database schema, and allow the retrieval of data from any table that the current application user […]

Continue Reading


22 October 2006 | 22,826 views

Odysseus Proxy for MITM Attacks Testing Security of Web Applications.

Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Odysseus will intercept an HTTP session’s data in either direction and give the user the ability to alter the data before transmission. For example, […]

Continue Reading


16 October 2006 | 211,443 views

Download pwdump 1.4.2 and fgdump 1.3.4 – Windows Password Dumping

New versions of the ultracool tools pwdump (1.4.2) and fgdump (1.3.4) have been released. Both versions provide some feature upgrades as well as bug fixes. Folks with really old versions of either program should definitely look at upgrading, since there are numerous performance improvements and full multithreading capabilities in both packages. If you don’t know..what […]

Continue Reading


09 October 2006 | 12,741 views

Inprotect 0.22.5 Released – Web Interface for Nessus & Nmap

A new revision of Inprotect has just been released, 0.22.5 in order to fix bugs and implement feature requests submitted by the development team and users. Existing users are recommended to upgrade. Inprotect is a web interface for Nessus and Nmap security scanners, released under GNU/GPL license. This version has the following enhancements: Improved and […]

Continue Reading


04 October 2006 | 11,996 views

Echo Mirage – A Generic Network Proxy

Echo Mirage is a generic network proxy. It uses DLL injection and function hooking to redirect network related function calls so that data transmitted and received by local applications can be observed and modified. Think of it as Odysseus (or Burp, if you prefer) that will proxy (almost) anything… Windows encryption and OpenSSL functions are […]

Continue Reading


02 October 2006 | 22,053 views

arp-sk – ARP Swiss Army Knife Tool

arp-sk is basically an ARP Traffic Generation Tool. It’s quite old but still very useful! There are 2 basics mode: – who-has: build a request ARP message. – reply: build a reply ARP message (default) Other advanced modes should come very soon – arping: send a who-has to every host on the LAN to see […]

Continue Reading


01 October 2006 | 16,232 views

BeEF – Browser Exploitation Framework

There’s been a lot of nice Web relevant testing and hacking tools coming out lately, I’ve gotten quite a collection to post about, so do try them out and let me know what you think. BeEF is the browser exploitation framework. Its purposes in life is to provide an easily integratable framework to demonstrate the […]

Continue Reading


28 September 2006 | 9,453 views

Security Compass Web Application Analysis Tool – SWAAT

Announcing a new web application source code analysis tool called the Securitycompass Web Application Analysis Tool or SWAAT. You may know it as a static analysis tool. Currently in its beta release, this .Net command-line tool searches through source code for potential vulnerabilities in the following languages: Java and JSP ASP.Net PHP Using xml-based signature […]

Continue Reading


22 September 2006 | 5,273 views

SIFT Web Method Search Tool

SIFT has just published a world-first tool for identifying rogue web methods. The Web Method Search tool is a Windows based application that uses a hybrid dictionary attack in an attempt to find unpublished administrative and other web services functions. As web services are becoming more prevalent, poor security practices from previous generations of application […]

Continue Reading


11 September 2006 | 69,449 views

LCP – A Good FREE Alternative to L0phtcrack (LC5)

Since Symantec stopped development of L0phtcrack many people have been looking for alternatives. So don’t forget.. Jack the Ripper is still king Medusa is good Ophcrack for Rainbow Tables And now one more, introducting LCP, which we have talked about before in the article Password Cracking with Rainbowcrack and Rainbow Tables. LCP is freeware! The […]

Continue Reading