A tool which allows one to hijack HTTP connections to steal cookies - even ones on HTTPS sites! Works on both Wifi (monitor mode) and Ethernet.
Features:
Does Wireless injection when the NIC is in monitor mode
Supports Ethernet
Support for WEP (when the NIC is in monitor mode)
Known issues:
Sometimes the victim is not redirected correctly (particularly seen when [...]
Pantera is actually using an improved version of SPIKE Proxy and is a project under the umbrella of OWASP.
It’s aiming to be a more automated method for testing Web Application Security.
Features
User-friendly custom web GUI. (CSS): Pantera itself is a web application that runs inside the browser and can be customized using CSS by the user. [...]
SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It currently consists of four tools:
svmap - this is a sip scanner. Lists SIP devices found on an IP range
svwar - identifies active extensions on a PBX
svcrack - an online password cracker for SIP PBX
svreport - manages sessions [...]
For those that don’t know, Inguma is an open source penetration testing and vulnerability research toolkit written completely in Python. The environment is mainly oriented to attack Oracle related systems but, anyway, it can be used against any other kind of systems.
It’s becoming a mature and useful package! I’m glad to see continued developing and [...]
sqlmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.
Features
Full support for [...]
As you all seem to pretty interested in Inguma, there’s something else similar called w3af - the fifth BETA was released a while back and the team are now working on the sixth.
w3af is a Web application attack and Audit Framework. The project goal is to create a framework to find and exploit web application [...]
Pcapy is a Python extension module that interfaces with the libpcap packet capture library. Pcapy enables python scripts to capture packets on the network. Pcapy is highly effective when used in conjunction with a packet-handling package such as Impacket, which is a collection of Python classes for constructing and dissecting network packets.
Advantages of Pcapy
Works with [...]
Seen as though untidy was mentioned again fairly recent, it sparked my memory that I have a fairly old draft regarding untidy the XML Fuzzer.
Fuzzing is definitely becoming an important part of Pen Testing and especially application security - we’ve published about quite a few and I’m sure there are more in development.
Anyway, back [...]
WSBang is designed to be a lightweight, open source fuzzer for web services. It takes as input the URL or file system location of a WSDL for the web service to be tested. Upon completion, a simple HTML view of the test results will be displayed.
Method parameters are fuzzed based on their type [...]
A pretty cool tool was released a while back called w3af ( Web Application Attack and Audit Framework ), a fully automated auditing and exploiting framework for the web. This framework has been in development for almost a year and has the following features:
Audit
SQL injection detection
XSS detection
SSI detection
Local file include detection
Remote file include detection
Buffer Overflow [...]
