Archive | Hacking Tools


30 March 2007 | 12,277 views

Metasploit Exploit Framework Version 3.0 Released

Finally it’s out of BETA, Metasploit Framework Version 3.0 has been released and it’s a lot more Windows friendly. The Metasploit Framework (“Metasploit”) is a development platform for creating security tools and exploits. Version 3.0 contains 177 exploits, 104 payloads, 17 encoders, and 3 nop modules. Additionally, 30 auxiliary modules are included that perform a […]

Continue Reading

27 March 2007 | 11,196 views

FireCAT – Firefox Catalog of Auditing Tools

After the web 2.0 hacking with firefox and its plugins article I wrote some months ago, recently I found a new way to transform firefox in the ultimate pen-testing tool… actually it has been lying in my inbox for days… …new Firefox Framework Map collection of the most useful security oriented extensions. We called the […]

Continue Reading

27 March 2007 | 4,800 views

JBroFuzz 0.5 from OWASP – Stateless Network Protocol Fuzzer

OWASP JBroFuzz is a stateless network protocol fuzzer that emerged from the needs of penetration testing. Written in Java, it allows for the identification of certain classess of security vulnerabilities, by means of creating malformed data and having the network protocol in question consume the data. The purpose of this application is to provide a […]

Continue Reading

23 March 2007 | 14,906 views

ObiWaN – Web Server Brute Forcing from Phenoelit

This Phenoelit tool called ObiWaN is written to carry out brute force security testing on Webservers. The idea behind this is webservers with simple challenge-response authentication mechanism mostly have no switches to set up intruder lockout or delay timings for wrong passwords. In fact this is the point to start from. Every user with a […]

Continue Reading

21 March 2007 | 5,839 views

Technika – Automate Common Exploit Tasks

Technika was developed for the computer security professionals to automate common exploitative task from the browser. It acts like a standard OS shell scripting environment. You can script everything from the currently viewed page just like Greasemonkey (spawn processes, unrestricted XMLHttpRequest connections and sockets). You can autorun bookmarklets and perform safe operations on the currently […]

Continue Reading

19 March 2007 | 8,516 views

ADN – Win32 Active Directory Navigator

ADN – Active Directory Navigator is a little tool to visually explore an Active Directory and perform a simple dictionary attack against users’ password. You can download the tool here: ADN – Active Directory Navigator MD5 4a1e3bb33a25d91d7d7a70877f8374ef SHA1 a0bf80e9426835b88cc6604784d2d949efe5645f Notes: It requires .NET framework and PCSoft framework

Continue Reading

15 March 2007 | 7,903 views

Stompy – The Web Application Session Analyzer Tool

A new tool dealing with web sessions was recently announced, it’s called stompy, a free tool to perform a fairly detailed black-box assessment of WWW session identifier generation algorithms. Session IDs are commonly used to track authenticated users, and as such, whenever they’re predictable or simply vulnerable to brute-force attacks, we do have a problem. […]

Continue Reading

08 March 2007 | 43,932 views

PReplay – A pcap Network Traffic Replay Tool for Windows

There are not many good tools for replaying traffic, most people use WireShark (formely known as Ethereal) for capturing the traffic, but what happens if you want to take that capture and reply it over the wire? Someone has this problem so they decided to code their own solution, thankfully for us! There are quite […]

Continue Reading

01 March 2007 | 27,825 views

A Collection of Web Backdoors & Shells – cmdasp cmdjsp jsp-reverse php-backdoor

Michael Daw has collected some WEB backdoors to exploit vulnerable file upload facilities and others. It’s a pretty useful library for a variety of situations, especially for those doing web application security audits and web app security. Understanding how these backdoors work can also help security administrators implement firewalling and security policies to mitigate obvious […]

Continue Reading

26 February 2007 | 19,020 views

ADTool – Active Directory Domain Listing Tool

ADtool is a neat tool to help you list all the machines that are part of an Active Directory driven domain or network. It is intended to help pentesters and admins in their day to day work, there are some other tools that can accomplish the work for listing domain servers, but unfortunately all other […]

Continue Reading