Archive | January, 2011

Happy New Year Geohot – Court Orders Seizure Of PS3 Hacker’s Computers

Outsmart Malicious Hackers


We published the story about the Playstation 3 (PS3) Finally Hacked & Exploit Released back in January 2010. The exploit of course developed by the very prolific hacker and jailbreaker extraordinaire Geohot.

He became notorious way back in 2007 by fulling unlocking the iPhone and then again in 2008 by jailbreaking the iPhone running 1.12 and 1.13 firmware.

At some point he also turned his attention to rooting the Playstation 3 and broke through the OtherOS leading Sony to disable it. The latest news is Sony is going all out against him for breaking the DMCA, for copyright infringement and a string of other accusations.

A federal judge ordered prolific hacker Geohot to turn over his computers and hard drives and to stop publishing the tools used to root Sony’s PlayStation 3 after finding his hack was likely a violation of US copyright law.

The temporary restraining order was issued on Thursday by US District Judge Susan Illston of San Francisco. It’s a major victory for Sony and a setback for hacker hobbyists who believe they should be permitted to modify hardware they legally own. It comes in a lawsuit Sony filed two weeks ago against New Jersey-based Geohot shortly after he deduced the security key Sony used to lock down the PS3.
Click here to find out more!

The ruling also comes as a defeat to 21-year-old Hotz, who two weeks ago, argued he wasn’t subject to the suit because he doesn’t have sufficient ties to Northern California, where the action was brought. Shortly after release of the order, his attorney vowed to fight on.

“Needless to say, we’re disappointed about the issuance of the TRO, but this doesn’t end the question of personal personal jurisdiction of Mr. Hotz, and we still intend to go forward with that motion,” San Francisco-based lawyer Stewart Kellar told The Register. “Suffice it to say it is burdensome to my client for him to give up his computers and hard drives for the order.”

It’s a tricky area as people assume once they’ve bought the hardware (the PS3 in this case) they own it and it’s their to do as they please with. Whilst that stands correct for the hardware, it does not for the software or bootloader on the machine – that is merely licensed to the user and still belongs to Sony.

So what Sony are claiming is George does not have the authority to reverse engineer the software or release the cryptographic key used to sign games to the public and by doing this he has damaged their business and therefore revenue.

They are also bringing the the DMCA into the the mix (Digital Millennium Copyright Act), which never ends well.


Sony’s complaint claimed that by publishing the means to bypass the protection measures built into the console, Hotz violated provisions of the Digital Millennium Copyright Act. Illston said Sony had “submitted substantial evidence” showing the hack constituted a DMCA violation and that Sony was likely to “suffer irreparable harm” if it wasn’t curtailed.

Sony’s suit names some 100 other people from a hacking collective known as fail0verflow, who in late December revealed the key used to sign PS3 games and demonstrated how to use it to run homebrew apps on the console. A few weeks later, Hotz independently deduced the “metldr” key, which allowed him to root the PS3. Sony’s complaint also alleges the hackers violated the Computer Fraud and Abuse Act.

The PS3’s use of IBM’s Cell processor makes the console ideal for tackling brute-force cryptography attacks and other parallel computing operations. Once upon a time, Sony included a modified version of Linux with the PS3. Sony eventually disabled the so-called OtherOS after Hotz devised a way to use it to gain full memory access to the console.

Hotz was among the first to jailbreak Apple’s iPhone so it would work on carrier networks other than AT&T’s. Last year, the US Copyright Office exempted iPhone jailbreaking from the DMCA so that they can run apps not officially sanctioned by Apple.

The PS3 is a very powerful piece of hardware locked down by a proprietary OS so that it can’t be ‘misused’ according to the definitions enforced on the users by Sony. As is normal with consoles, the console itself is actually sold at a loss (especially in the early days) and the companies make money from selling games. Now if somehow comes along and cracks the copy protection on the games and the console and allows everyone to play pirated games – their business model is screwed isn’t it?

And the US courts have already ruled that jailbreaking your iPhone is legal, so why not the PS3 as well?

I hope Geohot gets his computers and hard-drives back soon as having your stuff hauled away is one of the worst things that can happen.

Source: The Register

Posted in: Cryptography, Exploits/Vulnerabilities, Hardware Hacking

Topic: Cryptography, Exploits/Vulnerabilities, Hardware Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Mausezahn – Fast Traffic Generator/Packet Crafting Tool

Keep on Guard!


Mausezahn is a free fast traffic generator written in C which allows you to send nearly every possible and impossible packet. It is mainly used to test VoIP or multicast networks but also for security audits to check whether your systems are hardened enough for specific attacks.

Mausezahn can be used for example:

  • As traffic generator (e. g. to stress multicast networks)
  • To precisely measure jitter (delay variations) between two hosts (e. g. for VoIP-SLA verification)
  • As didactical tool during a datacom lecture or for lab exercises
  • For penetration testing of firewalls and IDS
  • For DoS attacks on networks (for audit purposes of course)
  • To find bugs in network software or appliances
  • For reconnaissance attacks using ping sweeps and port scans
  • To test network behaviour under strange circumstances (stress test, malformed packets)

Mausezahn is basically a versatile packet creation tool on the command line with a simple syntax and context help. It could also be used within (bash-) scripts to perform combination of tests. By the way, Mausezahn is quite fast; when started on my old PIII-Laptop (1.4 GHz, Gigabit Ethernet) I measured 755 Mbit/s using the interface packet counters of an HP ProCurve 5400 switch.

Currently Mausezahn is only available for Linux platforms. Please do NOT PORT Mausezahn to Windows! (Here is a nice explanation why; I really share Felix von Leitner’s point of view.)

Yoiu can download Mausezahn here:

mz-0.40.tar.gz

Or read more here.

Posted in: Hacking Tools, Networking Hacking

Topic: Hacking Tools, Networking Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Digital Underground Offering Cheap Botnets For Hire

Outsmart Malicious Hackers


Perhaps even the cyber-criminals are effected by the recent recession – botnets for hire are hitting rock-bottom rates starting at just $2. We reported back in April 2010 about the Texas Man Who Pleaded Guilty To Bot Network For Hire.

They are becoming more multi-talented as well rather than just offering bot networks for DDoS attacks or Spam you can also hire them to get stolen credit card info, PayPal accounts, bank accounts for credit references, to set up a secure VPN and much more.

As always the bad guys are ahead of the game and adapting their ‘business model’ to suit consumer demands. It still not easy to get hold of these kind of services, but they are out there and as reported they are cheap.

Botnets for hire to launch your own spam campaign and stolen credit card information sold at the rock bottom price of $2 are just two of the commodities easily found on the cyber-crime black market today, according to a report released this month by Panda Security. The report, which was conducted by PandaLabs researchers who posed as cyber criminals, details a vast criminal network selling stolen bank account information in forums and dedicated online stores.

“This is a rapidly growing industry and cyber-criminals are aiding and abetting each other’s efforts to steal personal information for financial profit,” Panda Security officials note in a release on the findings. “The cyber-crime black market, which has traditionally centered on distributing bank and credit card details stolen from users around the world, diversified its business model in 2010, and now sells a much broader range of hacked confidential information including bank credentials, log-ins, passwords, fake credit cards and more.”

The report also delves into a detailed pricing system and the digital black market prices for various types of stolen information. However, PandaLabs discovered that while the information may be available, it can only be accessed by personally contacting the hackers who are promoting their information for sale on forums and in chat rooms.

It seems like $2 will get you a legitimate but unverified bank account or credit card number. It won’t however get you the verification number or the available account balance.

The bad guys are almost operating on a freemium model, offering basic card/bank details at close to nothing ($2) and then raising the price for additional information or in some cases larger credit lines/bank balances.

I’d imagine operating in such a way they are making quite a profit from their botnets, rather than just renting out the compromised machines they are also benefiting from the information stolen from the home desktops they have infected with their malware.


Once the information is in a criminal’s hands they can easily defraud any bank or credit card account long before the hack is discovered, the report claims. The data can be purchased for as little as $2 per card. But $2 will not provide the buyer with additional information or verification of the account balance available.

“If the buyer wants a guarantee for the available credit line or bank balance, the price increases to $80 for smaller bank balances and upwards of $700 to access accounts with a guaranteed balance of $82,000,” said researchers.

The report also details an intricate price structure for accounts with a history of online shopping or use of payment platforms such as PayPal. If stolen credit card numbers aren’t your thing, prices are also available for botnet rental to launch a spam campaign. The price range varies depending on the number of computers used and the frequency of the spam, or the rental period, the report reveals. Prices start at $15 and rise to $20 for the rental of a SMTP server or VPN to guarantee anonymity. One can also hire cyber criminals to assist with the set up of a fake online store to use rogueware techniques for stealing user details and profiting off unsuspecting victims who pay for fake antivirus products.

“There are also teams available to deliver turnkey projects, design, develop and publish the complete store, even positioning it in search engines,” the report states. “In this case, the price depends on the project.”

It seems like the criminals have quite an extensive ‘menu’ of offerings and can provide SMTP servers for spamming or VPN services to provide anonymity. You can also hire them to help you as a kind of cyber-criminal consultant to set up a fake online store or phishing site.

They offer the whole work-flow just like a professional software development company – design, deployment and even SEO services.

Pretty interesting stuff.

Source: Network World

Posted in: Malware, Phishing, Spammers & Scammers

Topic: Malware, Phishing, Spammers & Scammers


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Mantra Security Toolkit – Free & Open Source Browser-Based Security Framework

Keep on Guard!


Mantra is a dream that came true. It is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers, security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. Mantra is a security framework which can be very helpful in performing all the five phases of attacks including reconnaissance, scanning and enumeration, gaining access, escalation of privileges, maintaining access, and covering tracks. Apart from that it also contains a set of tools targeted for web developers and code debuggers which makes it handy for both offensive security and defensive security related tasks.

Mantra is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.


The Mantra is a powerful set of tools to make the attacker’s task easier. The beta version of Mantra Security Toolkit contains following tools built onto it –

Mantra Tools List

You can also always suggest any tools/ scripts that you would like see in the next release.

Supports forums are available here.

You can download Mantra here:

Windows – MantraPortable Alpha Release 200.12.exe
Linux – mantra-portable-pre-alpha.tar.bz2

Or read more here.

Posted in: Hacking Tools, Web Hacking

Topic: Hacking Tools, Web Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Java Based Cross Platform Malware Trojan (Mac/Linux/Windows)

Keep on Guard!


It’s pretty rare to read about malware on the Linux or Mac OSX platforms and even more rare to read about cross-platform malware which targets both AND Windows by using Java.

A neat piece of coding indeed, it targets vulnerabilities in all 3 operating systems – the sad thing? The malware itself is vulnerable to a basic directory traversal exploit, which means rival gangs can actually commandeer the infected targets.

They went to lengths to keep it secure and unseen (encrypted communications etc) – but didn’t program the malware itself securely…

From the department of cosmic justice comes this gem, spotted by researchers from Symantec: a trojan that targets Windows, Mac, and Linux computers contains gaping security vulnerabilities that allow rival criminal gangs to commandeer the infected machines.

Known as Trojan.Jnanabot, or alternately as OSX/Koobface.A or trojan.osx.boonana.a, the bot made waves in October when researchers discovered its Java-based makeup allowed it to attack Mac and Linux machines, not just Windows PCs as is the case with most malware. Once installed, the trojan components are stored in an invisible folder and use strong encryption to keep communications private.

The bot can force its host to take instructions through internet relay chat, perform DDoS attacks, and post fraudulent messages to the victim’s Facebook account, among other things.

Now, Symantec researchers have uncovered weaknesses in the bot’s peer-to-peer functionality that allow rival criminals to remotely steal or plant files on the victim’s hard drive. That means the unknown gang that took the trouble to spread the infection in the first place risks having their botnet stolen from under their noses.

“Even though it’s encrypted and even though it was written in Java to make it cross-platform, it was still vulnerable to basically a directory transversal exploit,” Dean Turner, director of Symantec’s Global Intelligence Network, told The Reg. “From a technical perspective, it goes to show that even if you have all those things where you’re building in a secure platform, if you’re not building application security into your malware, other bad guys will probably take advantage of it.”

It’s somewhat of an odd decision though, in terms of numbers obviously Windows machines far outnumber Linux and OSX desktop installations. On the web-server front perhaps Linux is a valuable target – but on consumer desktops? Is it really worth the effort for malware creators to make cross-platform trojans? Personally I don’t think it is, maybe it was just an experiment.

The number of Apple machines is certainly growing, the next big market we are going to see is tablets and smartphones I believe. I’d be on the lookout for more iOS and Android worms/trojans in coming months.

A self-replicating stealthy Android trojan with a previously unpatched zero-day remote root exploit could be devastating.


Jnanabot’s P2P feature is designed to make botnets harder to take down by providing multiple channels of communication. After sending an infected machine a single GET request, a website can discover all the information needed to upload any file to any location on the host’s file system. Attackers can then install a simple backdoor on a user’s machine by, for instance, writing a malicious program to a computer’s startup directory.

Attackers can use the same vulnerability to steal files on infected machines.

Turner said the number of Jnanabot infections so far is “measured in the thousands,” rather than the hundreds of thousands for some of the better-known trojans. Still, infection statistics gathered by Symantec in December are surprising. They show that about 16 per cent of infections hit Macs. They didn’t show any infections on Linux machines. Turner said that Jnanabot attacks on the open source platform weren’t able to survive a reboot.

The bot was discovered spreading over Facebook posts that planted the following message on infected users’ Facebook pages: “As you are on my friends list I thought I would let you know I have decided to end my life.” An included link leads recipients to a cross-platform JAR, or Java Archive file that can run on Windows, Mac, or Linux. Once the recipient is infected, his Facebook page carries the same dire warning.

It seems like the trojan theoretically can attack Linux, but so far hasn’t been seen in the wild and it can’t survive a reboot. Not that it really matters as from my experience most Linux users never reboot anyway except for kernel upgrades (which isn’t that often).

Perhaps it just doesn’t work that well on Linux, or Linux users don’t believe in installing JVM – it doesn’t usually come standard with OS installs as it’s considered non-free software.

The chosen vector for replication seems to be Facebook and a rather dramatic faux-suicide note – which sadly I think will be very effective.

Source: The Register

Posted in: Apple, Linux Hacking, Malware, Windows Hacking

Topic: Apple, Linux Hacking, Malware, Windows Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


Inguma Is Back – The Penetration Testing & Vulnerability Research Toolkit

Outsmart Malicious Hackers


Inguma is back and being actively developed again. It’s been quite a long time, far too long in fact. We first reported about Inguma way back in 2007 and our latest mention of it was in March 2008.

A new version has just been released almost 3 years later with some major changes and a big GUI revamp. Inguma is a penetration testing toolkit entirely written in python. The framework includes modules to discover hosts, gather information about, fuzz targets, brute force user names and passwords and, of course, exploits. While the current exploitation capabilities in Inguma may be limited, this program provides numerous tools for information gathering and target auditing.

There are some good docs to get you up and running too:

The announcement from the developers blog is here:

We are back

You can download Inguma 0.2 here:

inguma-0.2.tar.gz

Or read more here.

Posted in: Database Hacking, Exploits/Vulnerabilities, Hacking Tools, Networking Hacking

Topic: Database Hacking, Exploits/Vulnerabilities, Hacking Tools, Networking Hacking


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.