Archive | Hacking Tools


08 May 2012 | 1,781 views

Basic Fuzzing Framework (BFF) From CERT – Linux & Mac OSX Fuzzer Tool

The CERT Basic Fuzzing Framework (BFF) is a software testing tool that finds defects in applications that run on the Linux and Mac OS X platforms. BFF performs mutational fuzzing on software that consumes file input. (Mutational fuzzing is the act of taking well-formed input data and corrupting it in various ways, looking for cases […]

Continue Reading


18 April 2012 | 3,895 views

NfSpy – ID-spoofing NFS Client Tool – Mount NFS Shares Without Account

We wrote about this tool originally last year – NfSpy – ID-spoofing NFS Client – Falsify NFS Credentials – and a new version just came out! NfSpy has just been updated to support NFSv3, a more efficient and widespread protocol than the previous NFSv2. NfSpy is a FUSE filesystem written in Python that automatically changes […]

Continue Reading


12 April 2012 | 2,764 views

web-sorrow – Remote Web Security Scanner (Enumeration/Version Detection etc)

web-sorrow is a PERL based tool used for checking a Web server for misconfiguration, version detection, enumeration, and server information. It is NOT a vulnerability scanner, inspection proxy, DDoS tool or an exploitation framework. Current Functionality -S – stands for standard. a set of Standard tests and includes: indexing of directories testing, banner grabbing, language […]

Continue Reading


09 April 2012 | 2,708 views

Carbylamine – A PHP Script Encoder to ‘Obfuscate/Encode’ PHP Files

Carbylamine is a PHP Encoder project, which can bypass all leading anti-virus detection against PHP Shells (C99, R57 etc) easily. It can be a very efficient tool for pen-testers when carrying out a black box test which involves inserting malicious code via PHP. Usage

You can download Carbylamine here: carbylamine.php Or read more here.

Continue Reading


02 April 2012 | 7,552 views

GooDork – Command Line Google Dorking/Hacking Tool

GooDork is a simple python script designed to allow you to leverage the power of Google Dorking straight from the comfort of your command line. There was a GUI tool we discussed a while back similar to this – Goolag – GUI Tool for Google Hacking. GooDork offers powerful use of Google’s search directives, by […]

Continue Reading


07 March 2012 | 7,966 views

Goofile v1.5 – Search For A Specific File Type In A Given Domain.

Use this tool to search for a specific file type in a given domain – inspired by TheHarvester. Usage

-d: domain to search -f: filetype (ex. pdf) Written in Python and tested on 2.5 and 2.7. Please submit any bug reports or requests to the author. You can download Goofile v1.5 here: goofilev1.5.zip Or […]

Continue Reading


15 February 2012 | 22,052 views

xSQLScanner – Database Password Cracker & Security Audit Tool For MS-SQL & MySQL

xSQL Scanner is a advanced SQL audit tool that allows users to find weak passwords and vulnerabilities on MS-SQL and MySQL database servers. The objective of xSQLScanner is to assist the Security Analyst or Penetration Tester in auditing the security of MS-SQL and MySQL database servers. Features Test for weak password fast; Test for wear/user […]

Continue Reading


31 January 2012 | 20,399 views

theHarvester – Gather E-mail Accounts, Subdomains, Hosts, Employee Names – Information Gathering Tool

theHarvester is a tool to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective. The sources supported […]

Continue Reading


09 January 2012 | 14,075 views

Arachni v0.4 Released – High-Performance (Open Source) Web Application Security Scanner Framework

Arachni is a high-performance (Open Source) Web Application Security Scanner Framework written in Ruby. This version includes lots of goodies, including: A new light-weight RPC implementation (No more XMLRPC) High Performance Grid (HPG) — Combines the resources of multiple nodes for lightning-fast scans Updated WebUI to provide access to HPG features and context-sensitive help Accuracy […]

Continue Reading


29 December 2011 | 28,895 views

Patator – Multi Purpose Brute Forcing Tool

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Basically the author got tired of using Medusa, Hydra, ncrack, metasploit auxiliary modules, nmap NSE scripts and the like because: They either do not work or are not reliable (false negatives several times in the past) They are slow (not multi-threaded or […]

Continue Reading