Showing posts with label security. Show all posts

Friday, April 28, 2017

ESET Internet Security 10 Key Plus Crack Download Free Full Version

Go to link download

Netsparker v3 5 5 Web Application Security Scanner

Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) and security issues on all web applications and websites regardless of the platform and the technology they are built on.

Netsparker is very easy to use and its unique detection and safe exploitation techniques allow it to be dead accurate in reporting hence it is the first and only False Positive Free web vulnerability scanner, therefore users can focus on remediating reported vulnerabilities and security issues without wasting time on learning how to use the web vulnerability scanner or verify its findings.

NEW FEATURES
* New option available to specify the type of parameter when configuring URL rewrite rules, e.g. numeric, date, alphanumeric

IMPROVEMENTS
* Improved the performance of the DOM Parser
* Improved the performance of the DOM cross-site scripting scanner
* Optimized DOM XSS Scanner to avoid scanning pages with same source code
* Changed the default HTTP User agent string of built-in policies to Chrome web browser User agent string
* Improved selected element simulation for select HTML elements
* Added new patterns for Open Redirect engine

FIXES
* Fixed a bug in WSDL parser which prevents web service detection if XML comments are present before the definitions tag
* Fixed a bug in WSDL parser which prevents web service detection if an external schema request gets a 404 not found response
* Fixed a bug that occurs when custom URL rewrite rules do not match the URL with injected attack pattern and request is not performed
* Fixed a configure form authentication wizard problem where the web browser does not load the page if the target site uses client certificates
* Fixed a crash in configure form authentication wizard that occurs when HTML source code contains an object element with data: URL scheme is requested
* Fixed a bug in DOM Parser where events are not simulated for elements inside frames
* Fixed a cookie parsing bug where a malformed cookie was causing an empty HTTP response

Download Netsparker v3.5.5

Go to link download

Nmap 6 47 Free Security Scanner For Network Exploration Security Audits

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Nmap is ...

Flexible: Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. This includes many port scanning mechanisms (both TCP & UDP), OS detection, version detection, ping sweeps, and more. See the documentation page.
Powerful: Nmap has been used to scan huge networks of literally hundreds of thousands of machines.
Portable: Most operating systems are supported, including Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, Amiga, and more.
Easy: While Nmap offers a rich set of advanced features for power users, you can start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available to suit your preference. Binaries are available for those who do not wish to compile Nmap from source.
Free: The primary goals of the Nmap Project is to help make the Internet a little more secure and to provide administrators/auditors/hackers with an advanced tool for exploring their networks. Nmap is available for free download, and also comes with full source code that you may modify and redistribute under the terms of the license.
Well Documented: Significant effort has been put into comprehensive and up-to-date man pages, whitepapers, tutorials, and even a whole book! Find them in multiple languages here.
Supported: While Nmap comes with no warranty, it is well supported by a vibrant community of developers and users. Most of this interaction occurs on the Nmap mailing lists. Most bug reports and questions should be sent to the nmap-dev list, but only after you read the guidelines. We recommend that all users subscribe to the low-traffic nmap-hackers announcement list. You can also find Nmap on Facebook and Twitter. For real-time chat, join the #nmap channel on Freenode or EFNet.
Acclaimed: Nmap has won numerous awards, including "Information Security Product of the Year" by Linux Journal, Info World and Codetalker Digest. It has been featured in hundreds of magazine articles, several movies, dozens of books, and one comic book series. Visit the press pagefor further details.
Popular: Thousands of people download Nmap every day, and it is included with many operating systems (Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc). It is among the top ten (out of 30,000) programs at the Freshmeat.Net repository. This is important because it lends Nmap its vibrant development and user support communities.

Changelog Nmap 6.47:

o Integrated all of your IPv4 OS fingerprint submissions since June 2013
 (2700+ of them). Added 366 fingerprints, bringing the new total to 4485.
 Additions include Linux 3.10 - 3.14, iOS 7, OpenBSD 5.4 - 5.5, FreeBSD 9.2,
 OS X 10.9, Android 4.3, and more. Many existing fingerprints were improved.
 Highlights: http://seclists.org/nmap-dev/2014/q3/325 [Daniel Miller]

o (Windows, RPMs) Upgraded the included OpenSSL to version 1.0.1i. [Daniel Miller]

o (Windows) Upgraded the included Python to version 2.7.8. [Daniel Miller]

o Removed the External Entity Declaration from the DOCTYPE in Nmaps XML. This
 was added in 6.45, and resulted in trouble for Nmap XML parsers without
 network access, as well as increased traffic to Nmaps servers. The doctype
 is now:
 

o [Ndiff] Fixed the installation process on Windows, which was missing the
 actual Ndiff Python module since we separated it from the driver script.
 [Daniel Miller]

o [Ndiff] Fixed the ndiff.bat wrapper in the zipfile Windows distribution,
 which was giving the error, "Microsoft was unexpected at this time." See
 https://support.microsoft.com/kb/2524009 [Daniel Miller]

o [Zenmap] Fixed the Zenmap .dmg installer for OS X. Zenmap failed to launch,
 producing this error:
 Could not import the zenmapGUI.App module:
 dlopen(/Applications/Zenmap.app/Contents/Resources/lib/python2.6/lib-dynload/glib/_glib.so, 2):
 Library not loaded: /Users/david/macports-10.5/lib/libffi.5.dylib 
 Referenced from:
 /Applications/Zenmap.app/Contents/Resources/lib/python2.6/lib-dynload/glib/_glib.so 
 Reason: image not found.

o [Ncat] Fixed SOCKS5 username/password authentication. The password length was
 being written in the wrong place, so authentication could not succeed.
 Reported with patch by Pierluigi Vittori.

o Avoid formatting NULL as "%s" when running nmap --iflist. GNU libc converts
 this to the string "(null)", but it caused segfault on Solaris. [Daniel Miller]

o [Zenmap][Ndiff] Avoid crashing when users have the antiquated PyXML package
 installed. Python tries to be nice and loads it when we import xml, but it
 isnt compatible. Instead, we force Python to use the standard library xml
 module. [Daniel Miller]

o Handle ICMP admin-prohibited messages when doing service version detection.
 Crash reported by Nathan Stocks was: Unexpected error in NSE_TYPE_READ
 callback. Error code: 101 (Network is unreachable) [David Fifield]

o [NSE] Fix a bug causing http.head to not honor redirects. [Patrik Karlsson]

o [Zenmap] Fix a bug in DiffViewer causing this crash:
 TypeError: GtkTextBuffer.set_text() argument 1 must be string or read-only
 buffer, not NmapParserSAX
 Crash happened when trying to compare two scans within Zenmap. [Daniel Miller]

Download Nmap 6.47

Go to link download

Lynis 1 6 4 Security auditing tool for Unix Linux systems

Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system (including Mac). Even the installation of the software itself is optional!

How it works

Lynis will perform hundreds of individual tests to determine the security state of the system. Many of these tests are also part of common security guidelines and standards. Examples include searching for installed software and determine possible configuration flaws. Lynis goes further and does also test individual software components, checks related configuration files and measures performance. After these tests, a scan report will be displayed with all discovered findings.

Typical use cases for Lynis:

Security auditing
Vulnerability scanning
System hardening

Requirements:

Privileged or non-privileged

Changelog:
New:
- Boot loader detection for AIX [BOOT-5102]
- Detection of getcap and lsvg binary
- Added filesystem_ext to report
- Detect rootsh
Changes:
- Hide errors when RPM database is faulty and show suggestion instead [PKGS-7308]
- Allow OpenBSD to gather information on listening network ports [NETW-3012]
- Dont trigger warning for Shellshock when doing segfault test [SHLL-6290]
- Do not run Apache test on OpenBSD and strip control chars [HTTP-6624]
- Extended AIDE test with configuration validation test [FIND-4314]
- Improved Shellshock test regarding non-Linux support [SHLL-6290]
- Added support for gathering volume groups on AIX [FILE-6311]
- Properly parse PAM lines and add them to report [AUTH-9264]
- Support for boot loader detection on OpenBSD [BOOT-5159]
- Added uptime detection for OpenBSD systems [BOOT-5202]
- Support for volume groups on AIX [FILE-6312]
- Redirect errors when searching for readlink binary

Download Lynis 1.6.4

Go to link download

Norton Mobile Security Premium v3 17 0 3205 APK

Norton Mobile Security

The world trusts Norton for award-winning anti-malware protection. But in the mobile world, you need more: innovative privacy protection, unsecure Wi-Fi detection, enhanced anti-theft features, critical web protection, and the most advanced Android app screener in the world.

How to Activate?

Download & install the apk file given below
That’s All, Enjoy

Screenshots

Downloads

Norton Mobile Security Premium v3.17.0.3205 Apk (20.5 MB) / Mirror

Go to link download

WPHardening WPHardening fortification is a security tool for WordPress

WPHardening is a security tool for WordPress. Different tools to hardening WordPress.

Usage

$ python wphardening.py -h 
Options:
 --version show programs version number and exit
 -h, --help show this help message and exit
 -v, --verbose Active verbose mode output results
 --update Check for WPHardening latest stable version

 Target:
 This option must be specified to modify the package WordPress.

 -d DIRECTORY, --dir=DIRECTORY
 **REQUIRED** - Working Directory.

 Hardening:
 Different tools to hardening WordPress.

 -c, --chmod Chmod 755 in directory and 644 in files.
 -r, --remove Remove files and directory.
 -b, --robots Create file robots.txt
 -f, --fingerprinting
 Deleted fingerprinting WordPress.
 -t, --timthumb Find the library TimThumb.
 --wp-config Wizard generated wp-config.php
 --delete-version Deleted version WordPress.
 --plugins Download Plugins Security.
 --proxy=PROXY Use a HTTP proxy to connect to the target url for
 --plugins and --wp-config.
 --indexes It allows you to display the contents of directories.

 Miscellaneous:
 -o FILE, --output=FILE
 Write log report to FILE.log

Examples

Check a WordPress Project

$ python wphardening.py -d /home/path/wordpress -v

Change permissions

$ python wphardening.py -d /home/path/wordpress --chmod -v

Remove files that are not used

$ python wphardening.py -d /home/path/wordpress --remove -v

Create your robots.txt file

$ python wphardening.py -d /home/path/wordpress --robots -v

Remove all fingerprinting

$ python wphardening.py -d /home/path/wordpress --fingerprinting -v

Check a TimThumb library

$ python wphardening.py -d /home/path/wordpress --timthumb -v

Create Index file

$ python wphardening.py -d /home/path/wordpress --indexes -v

Download Plugins security

$ python wphardening.py -d /home/path/wordpress --plugins

Wizard generated wp-config.php

$ python wphardening.py -d /home/path/wordpress --wp-config

Deleted version WordPress

$ python wphardening.py -d /home/path/wordpress --delete-version -v

WPHardening update

$ python wphardening.py --update

Use all options

$ python wphardening.py -d /home/user/wordpress -c -r -f -t --wp-config --delete-version --indexes --plugins -o /home/user/wphardening.log

Download WPHardening

Go to link download

Lynis 1 6 0 Security auditing tool for Unix Linux systems

How it works

Typical use cases for Lynis:

Security auditing
Vulnerability scanning
System hardening

Why open source?

Open source software provides trust by having people look into the code. Adjustments are easily made, providing you with a flexible solution for your business. But can you trust systems and software with your data? Lynis provides you this confidence. It does so with extensive auditing of your systems. This way you can verify and stay in control of your security needs.

Download Lynis 1.6.0

Go to link download

Kaspersky Internet Security 2016 Crack Plus Key Download Full Version

Go to link download

BurpSentintel GUI Burp Plugin to ease discovering of security holes in web applications

A plugin for Burp Intercepting Proxy, to aid and ease the identification of vulnerabilities in web applications.

Searching for vulnerabilities in web applications can be a tedious task. Most of the time consists of inserting magic chars into parameters, and looking for suspicious output. Sentinel tries to automate parts of this laborous task. Its purpose is not to automatically scan for vulnerabilities (even if it can do it in certain cases), as there are better tools out there to do that (BURP scanner for example). So its the only tool which sits in between manual hacking with BURP repeater, and automated scanning with BURP scanner.

To use it, just send a suspicious HTTP request from BURP proxy to Sentinel. Then the user is able to select certain attack patterns for selected parameters (say, XSS attacks for parameter "id"). Sentinel will issue several requests, with the attack patterns inserted. It will also help find suspicious behaviour and pattern in the accompaining HTTP responses (for example, identify decoded HTML magic chars).

Features

Big Features:

AutomatedDetection Automated XSS/SQL Detection
AttackLists Self-Defined Attack Lists
Sessions Session Definition
Categorizer Categorizer
Reporter Generate Report
FirefoxAddon Firefox Addon

UI Features:

Beautify
UI-Diff Diff
UI-Link Link

Download BurpSentintel

Go to link download

Netsparker v3 5 Web Application Security Scanner

Changelog - 3.5.3

NEW FEATURES

* DOM based cross-site scripting vulnerability scanning
* Chrome based web browser engine for DOM parsing
* URL rewrite rules configuration wizard (to scan parameters in URLs)
* "Ignore Vulnerability from Scan" option to exclude vulnerabilities from reports

NEW SECURITY TESTS

* Nginx web server Out-of-date version check
* Perl possible source code disclosure
* Python possible source code disclosure
* Ruby possible source code disclosure
* Java possible source code disclosure
* Nginx Web Server identification
* Apache Web Server identification
* Java stack trace disclosure

IMPROVEMENTS

* Improved the correctness and coverage of Remote Code Execution via Local File Inclusion vulnerabilities
* Improved cross-site scripting vulnerability confirmation patterns
* Added support for viewing JSON arrays in document roots in request/response viewers
* Added support for Microsoft Office ACCDB database file detection
* Improved DOM parser to exclude non-HTML files
* Improved PHP Source Code Disclosure vulnerability detection
* Improved Nginx Version Disclosure vulnerability template
* Improved IIS 8 Default Page detection
* Improved Email List knowledgebase report to include generic email addresses
* Improved Configure Form Authentication wizard by replacing embedded record browser with a Chrome based browser
* Improved the form authentication configuration wizard to handle cases where Basic/NTLM/Digest is used in conjunction with Form Authentication
* Added a cross-site scripting attack pattern which constructs a valid XHTML in order to trigger the XSS
* Added double encoded attack groups in order to reduce local file inclusion vulnerability confirmation requests
* Added status bar label which displays current VDB version and VDB version update notifications
* Added login activity indicator to Scan Summary Dashboard
* Added a new knowledgebase out-of-scope reason for links which exceed maximum depth
* Updated external references in cross-site scripting vulnerability templates
* Improved DOM parser by providing current cookies and referer to DOM/JavaScript context
* Added several new DOM events to simulate including keyboard events
* Improved the parsing of "Anti-CSRF token field names" setting by trimming each individual token name pattern
* Added support for simulating DOM events inside HTML frames/iframes
* Consolidated XSS exploitation function name (netsparker()) throughout all the areas reported
* Removed redundant semicolon followed by waitfor delay statements from time based SQLi attack patterns to bypass more blacklistings
* Changed default user-agent string to mimic a Chrome based browser
* Improved LFI extraction file list to extract files from target system according to detected OS
* Removed outdated PCI 1.2 classifications

FIXES

* Fixed indentation problem of bullets in knowledgebase reports
* Fixed path disclosure reports in MooTools JavaScript file
* Fixed KeyNotFoundException occurs when a node from Sitemap tree is clicked
* Fixed NullReferenceException thrown from Boolean SQL Injection Engine
* Fixed an issue in WebDav Engine where an extra parameter is added when requesting with Options method
* Fixed a bug where LFI exploitation does not work for double encoded paths
* Fixed a bug in Export file dialog where .nss extension isnt appended if file name ends with a known file extension
* Fixed a bug in Configure Form Authentication wizard where the number of scripts loaded shows incorrectly
* Fixed a bug which occurs while retesting with CSRF engine
* Fixed a bug where retest does not work after loading a saved scan session
* Fixed a bug where Netsparker reports out of date PHP even though PHP is up to date
* Fixed a UI hang where Netsparker tries to display a binary response in Browser View tab
* Fixed an ArgumentNullException thrown when clicking Heartbleed vulnerability
* Fixed a bug where Netsparker makes requests to DTD URIs in XML documents
* Fixed a bug in Scan Policy settings dialog where list of user agents are duplicated
* Fixed a typo in ViewState MAC Not Enabled vulnerability template
* Fixed a bug in auto updater where the updater doesnt honour the AutoPilot and Silent command line switches
* Fixed XSS exploit generation code to handle cases where input name is "submit"
* Fixed a bug that prevents Netsparker.exe process from closing if you try to close Netsparker immediately after starting a new scan
* Fixed a UI hang happens when the highlighted text is huge in response source code
* Fixed issues with decoded HTML attribute values in text parser
* Fixed session cookie path issues according to how they are implemented in modern browsers
* Fixed scan stuck at re-crawling issue for imported scan sessions
* Fixed highlighting issues for possible XSS vulnerabilities
* Fixed a crash due to empty/missing URL value for form authentication macro requests
* Fixed a NullReferenceException in Open Redirect Engine which occurs if redirect response is missing Location header
* Fixed an error in authentication macro sequence player happens when the request URI is wrong or missing

Download Netsparker v3.5

Go to link download

Password Security Scanner Check the security strength of your passwords on Windows

This utility scans the passwords stored by popular Windows applications (Microsoft Outlook, Internet Explorer, Mozilla Firefox, and more...) and displays security information about all these passwords. The security information of every stored password includes the total number of characters, number of numeric characters, number of lowercase/uppercase characters, number of repeating characters, and password strength. You can use this tool to determine whether the passwords used by other users are secured enough, without watching the passwords themselves.

Start Using Password Security Scanner

Password Security Scanner doesnt require any installation process or additional dll files. In order to start using it, simply run the executable file - PasswordScan.exe

After you run PasswordScan.exe, Password Security Scanner scans the passwords stored on your system, and then displays the security information of all found passwords inside the main window.

You can also go to the Advanced Options window (F9) and choose to displays only insecure passwords with low number of characters or with low password strength value.

Columns Description

Item Name:The name of the item. For Web site passwords, the address of the Web site is displayed. For email passwords, the email address is displayed.
Password Type:The type of the password: Web Browser, Messenger, Email, or Dialup/VPN.
Application:The application that stores the specified password item: Microsoft Outlook, Firefox, Internet Explorer, and so on...
User Name:The user name that is used with the specified password item.
Password Length:The total number of characters in the password.
Numeric:The total number of numeric characters (0 - 9) in the password.
Lowercase:The total number of lowercase characters (a - z) in the password.
Uppercase:The total number of uppercase characters (A - Z) in the password.
Other Ascii:The total number of non-alphanumeric characters in the password.
Non-English:The total number of non-English characters in the password.
Repeating:The total number of repeating characters in the password. For example, if the password is abcdab, then the Repeating value will be 2, because both a and b characters appears more than once.
Password Strength:The strength of the password, calculated according to number of parameters, including the total number of characters, number of repeating characters, type of characters used in the passwords, and more...
The numeric value displayed in this column represents the strength of the password, according to the following list:
- 1 - 7: Very Weak
- 8 - 14: Weak
- 15 - 25: Medium
- 26 - 45: Strong
- 46 and above: Very Strong
Windows User:The Windows user that owns the password. For most passwords, this column will display the current logged-on user. However, for Dialup passwords of Windows, you might also see the passwords of other Windows users, and in those cases, this column will display the Windows users that created the dialup password.

Download Password Security Scanner

Go to link download

Parrot Security OS Friendly OS designed for Pentesting Computer Forensic Reverse engineering Hacking Cloud pentesting Privacy Anonimity and Cryptography

Parrot Security OS is a cloud friendly operating system designed for Pentesting, Computer Forensic, Reverse engineering, Hacking, Cloud pentesting, privacy/anonimity and cryptography. Based on Debian and developed by Frozenbox network.

Who can use it

Parrot is designed for everyone, from the Pro pentester to the newbie, because it provides the most professional tools combined in a easy to use, fast and lightweight pentesting environment, and it can be used also for an everyday use.

Features:

System Specs

Debian-based system
Custom hardened linux 3.16 kernel
Rolling release upgrade line
MATE desktop environment
Lightdm Dislpay Manager
Custom themes, icons and wallpapers

System Requirements

CPU: x86 compatible processor with at least 800Mhz – non-pae processors require a custom kernel (available via repositories)
ARCH: i386 (x86-32bit) and amd64 (x86-64bit) supported – armel and armhf coming soon
RAM: At least 256Mb (i386) / 320Mb (amd64) – 512Mb suggested
GPU: No graphic acceleration required – propertary drivers installable via repositories
HDD: 8Gb required – 3.8Gb used
BOOT: Legacy bios (preferred) or UEFI (experimental)

Pentesting

Fresh & lightweight pentesting environment
Easy to use automation tools for beginners
Must-have professional tools for Pro Pentesters
Custom tools developed by our team
External tools developed by our community
Only a selected set of tools is preinstalled out of the box
Thousands of other tools are available in our repositories

Cloud

Parrot Server Edition
Parrot Cloud Controller
Custom installation script for Debian VPS
Cloud Pentesting concept for file hosting and remote distributed computing

Digital Forensic

“Stealth” option at boot for no partitions or swap mounting
Most famous Digital Forensic tools and frameworks out of the box

Cryptography

Custom Anti Forensic tools
Custom interfaces for GPG
Custom interfaces for cryptsetup
NUKE slots for cryptsetup LUKS disks
Encrypted system installation

Anonymity

AnonSurf
Whole-system anonymization
DNS requests anonymization
“Change Identity” function for AnonSurf
BleachBit system cleaner
NoScript plugin
UserAgentOverrider plugin

Programming

FALCON Programming Language (1.0)
System editor tuned for programming
Lots of preinstalled compilers/interpreters/debuggers
Reverse Engineering Tools
Programming Template Files
Preinstalled most-used libs

Cryptocurrency

Cryptocurrency-friendly environment
Custom compiled wallets available in our software center
MultiBit
Bitcoin-qt
Litecoin-qt
Feathercoin-qt
BitLira-qt
Dogecoin-qt
Zetacoin-qt
Other wallets will be available as soon as possible

Download Parrot Security OS

Go to link download

BlackArch Linux v2014 10 07 Lightweight expansion to Arch Linux for pentesters and security researchers

BlackArch Linux ISOs including more than 1000 tools and lots of improvements. Also, armv6h and armv7h repositories are filled with more than 1050 tools.

A short ChangeLog:

- tool fix: beef
- fixed pam issues
- added services and login.defs file
- removed kde/openbox and i3-debug menu items from lxdm
- fixed blackarch keyring issue
- disabled dhcpcd service
- upgraded menu entries for awesome, openbox and fluxbox
- upgraded tools
- added a bunch of new tools (contains now more than 1050 tools)
- upgraded archiso profile
- and more ...

Tool count: 1067

Name

Version

Description

Homepage

0trace

1.5

A hop enumeration tool

http://jon.oberheide.org/0trace/

3proxy

0.7.1.1

Tiny free proxy server.

http://3proxy.ru/

3proxy-win32

0.7.1.1

Tiny free proxy server.

http://3proxy.ru/

42zip

Recursive Zip archive bomb.

http://blog.fefe.de/?ts=b6cea88d

acccheck

0.2.1

A password dictionary attack tool that targets windows authentication via the SMB protocol.

http://labs.portcullis.co.uk/tools/acccheck/

ace

1.10

Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface

http://ucsniff.sourceforge.net/ace.html

admid-pack

0.1

ADM DNS spoofing tools - Uses a variety of active and passive methods to spoof DNS packets. Very powerful.

http://packetstormsecurity.com/files/10080/ADMid-pkg.tgz.html

adminpagefinder

0.1

This python script looks for a large amount of possible administrative interfaces on a given site.

http://packetstormsecurity.com/files/112855/Admin-Page-Finder-Script.html

admsnmp

0.1

ADM SNMP audit scanner.

aesfix

1.0.1

A tool to find AES key in RAM

http://citp.princeton.edu/memory/code/

aeskeyfind

1.0

A tool to find AES key in RAM

http://citp.princeton.edu/memory/code/

aespipe

2.4c

Reads data from stdin and outputs encrypted or decrypted results to stdout.

http://loop-aes.sourceforge.net/aespipe/

afflib

3.7.1

An extensible open format for the storage of disk images and related forensic information

http://www.afflib.org

afpfs-ng

0.8.1

A client for the Apple Filing Protocol (AFP)

http://alexthepuffin.googlepages.com/

against

0.2

A very fast ssh attacking script which includes a multithreaded port scanning module (tcp connect) for discovering possible targets and a multithreaded brute-forcing module which attacks parallel all discovered hosts or given ip addresses from a list.

http://nullsecurity.net/tools/cracker.html

aiengine

315.7d1c555

A packet inspection engine with capabilities of learning without any human intervention.

https://bitbucket.org/camp0/aiengine/

aimage

3.2.5

A program to create aff-images.

http://www.afflib.org

air

2.0.0

A GUI front-end to dd/dc3dd designed for easily creating forensic images.

http://air-imager.sourceforge.net/

airflood

0.1

A modification of aireplay that allows for a DOS in in the AP. This program fills the table of clients of the AP with random MACs doing impossible new connections.

http://packetstormsecurity.com/files/51127/airflood.1.tar.gz.html

airgraph-ng

2371

Graphing tool for the aircrack suite

http://www.aircrack-ng.org

airoscript

45.0a122ee

A script to simplify the use of aircrack-ng tools.

http://midnightresearch.com/projects/wicrawl/

airpwn

1.4

A tool for generic packet injection on an 802.11 network.

http://airpwn.sourceforge.net

allthevhosts

1.0

A vhost discovery tool that scrapes various web applications

http://labs.portcullis.co.uk/tools/finding-all-the-vhosts/

androguard

1.9

Reverse engineering, Malware and goodware analysis of Android applications and more.

https://code.google.com/p/androguard/

android-apktool

1.5.2

A tool for reengineering Android apk files.

http://forum.xda-developers.com/showthread.php?t=1755243

android-ndk

r9c

Android C/C++ developer kit.

http://developer.android.com/sdk/ndk/index.html

android-sdk-platform-tools

r19

Platform-Tools for Google Android SDK (adb and fastboot)

http://developer.android.com/sdk/index.html

android-sdk

r22.3

Google Android SDK

http://developer.android.com/sdk/index.html

android-udev-rules

8181.da07974

Android udev rules.

https://github.com/bbqlinux/android-udev-rules

androidsniffer

0.1

A perl script that lets you search for 3rd party passwords, dump the call log, dump contacts, dump wireless configuration, and more.

http://packetstormsecurity.com/files/97464/Andr01d-Magic-Dumper.1.html

anontwi

1.0

A free software python client designed to navigate anonymously on social networks. It supports Identi.ca and Twitter.com.

http://anontwi.sourceforge.net/

aphopper

0.3

AP Hopper is a program that automatically hops between access points of different wireless networks.

http://aphopper.sourceforge.net/

apnbf

0.1

A small python script designed for enumerating valid APNs (Access Point Name) on a GTP-C speaking device.

http://www.c0decafe.de/

arachni

1.0.2

A feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

https://www.arachni-scanner.com

arduino

1.0.5

Arduino SDK (includes patched avrdude and librxtx)

http://arduino.cc/en/Main/Software

argus

3.0.6.1

Network monitoring tool with flow control.

http://qosient.com/argus/

argus-clients

3.0.6.2

Network monitoring client for Argus.

http://qosient.com/argus/

armitage

140715

A graphical cyber attack management tool for Metasploit.

http://www.fastandeasyhacking.com/

arp-scan

1.9

A tool that uses ARP to discover and fingerprint IP hosts on the local network

http://www.nta-monitor.com/tools/arp-scan/

arpalert

2.0.12

Monitor ARP changes in ethernet networks

http://www.arpalert.org/

arpantispoofer

1.0.1.32

A utility to detect and resist BIDIRECTIONAL ARP spoofing. It can anti-spoof for not only the local host, but also other hosts in the same subnet. It is also a handy helper for gateways which dont work well with ARP.

http://arpantispoofer.sourceforge.net/

arpoison

0.6

The UNIX arp cache update utility

http://www.arpoison.net

arpon

2.7

A portable handler daemon that make ARP protocol secure in order to avoid the Man In The Middle (MITM) attack through ARP Spoofing, ARP Cache Poisoning or ARP Poison Routing (APR) attacks.

http://arpon.sourceforge.net/

arpwner

26.f300fdf

GUI-based python tool for arp posioning and dns poisoning attacks.

https://github.com/ntrippar/ARPwner

artillery

1.0.2

A combination of a honeypot, file-system monitoring, system hardening, and overall health of a server to create a comprehensive way to secure a system

https://www.trustedsec.com/downloads/artillery/

asleap

2.2

Actively recover LEAP/PPTP passwords.

http://www.willhackforsushi.com/Asleap.html

asp-audit

2BETA

An ASP fingerprinting tool and vulnerability scanner.

http://seclists.org/basics/2006/Sep/128

athena-ssl-scanner

0.5.2

a SSL cipher scanner that checks all cipher codes. It can identify about 150 different ciphers.

http://packetstormsecurity.com/files/93062/Athena-SSL-Cipher-Scanner.html

atstaketools

0.1

This is an archive of various @Stake tools that help perform vulnerability scanning and analysis, information gathering, password auditing, and forensics.

http://packetstormsecurity.com/files/50718/AtStakeTools.zip.html

auto-xor-decryptor

3.6a1f8f7

Automatic XOR decryptor tool.

http://www.blog.mrg-effitas.com/publishing-of-mrg-effitas-automatic-xor-decryptor-tool/

autopsy

2.24

A GUI for The Sleuth Kit.

http://www.sleuthkit.org/autopsy

azazel

10.401e3aa

A userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit.

https://github.com/chokepoint/azazel

b2sum

20140114

BLAKE2 file hash sum check. Computes the BLAKE2 (BLAKE2b or -s, -bp, -sp) cryptographic hash of a given file.

https://blake2.net/

backcookie

34.66b0a27

Small backdoor using cookie.

https://github.com/mrjopino/backcookie

backdoor-factory

91.20fe713

Patch win32/64 binaries with shellcode.

https://github.com/secretsquirrel/the-backdoor-factory

backfuzz

36.8e54ed6

A network protocol fuzzing toolkit.

https://github.com/localh0t/backfuzz

balbuzard

65.546c5dcf629c

A package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc).

https://bitbucket.org/decalage/balbuzard/

bamf-framework

35.30d2b4b

A modular framework designed to be a platform to launch attacks against botnets.

https://github.com/bwall/BAMF

basedomainname

0.1

Tool that can extract TLD (Top Level Domain), domain extensions (Second Level Domain + TLD), domain name, and hostname from fully qualified domain names.

http://www.morningstarsecurity.com/research

batman-adv

2013.4.0

batman kernel module, (included upstream since .38)

http://www.open-mesh.net/

bbqsql

1.2

SQL injection exploitation tool.

https://github.com/neohapsis/bbqsql

bdfproxy

37.7b6221b

Patch Binaries via MITM: BackdoorFactory + mitmProxy

https://github.com/secretsquirrel/BDFProxy

bed

0.5

Collection of scripts to test for buffer overflows, format string vulnerabilities.

http://www.aldeid.com/wiki/Bed

beef

0.4.5.0.118.g9e43f0b

The Browser Exploitation Framework that focuses on the web browser

http://beefproject.com/

beholder

0.8.9

A wireless intrusion detection tool that looks for anomalies in a wifi environment.

http://www.beholderwireless.org/

beleth

36.0963699

A Multi-threaded Dictionary based SSH cracker.

https://github.com/chokepoint/Beleth

bfbtester

2.0.1

Performs checks of single and multiple argument command line overflows and environment variable overflows

http://sourceforge.net/projects/bfbtester/

bgp-md5crack

0.1

RFC2385 password cracker

http://www.c0decafe.de/

bing-ip2hosts

0.4

Enumerates all hostnames which Bing has indexed for a specific IP address.

http://www.morningstarsecurity.com/research/bing-ip2hosts

bing-lfi-rfi

0.1

This is a python script for searching Bing for sites that may have local and remote file inclusion vulnerabilities.

http://packetstormsecurity.com/files/121590/Bing-LFI-RFI-Scanner.html

binwalk

2.0.1

A tool for searching a given binary image for embedded files.

http://binwalk.org

binwally

3.ca092a7

Binary and Directory tree comparison tool using the Fuzzy Hashing concept (ssdeep).

https://github.com/bmaia/binwally

bios_memimage

1.2

A tool to dump RAM contents to disk (aka cold boot attack).

http://citp.princeton.edu/memory/code/

birp

60.1d7c49f

A tool that will assist in the security assessment of mainframe applications served over TN3270.

https://github.com/sensepost/birp

bittwist

2.0

A simple yet powerful libpcap-based Ethernet packet generator. It is designed to complement tcpdump, which by itself has done a great job at capturing network traffic.

http://bittwist.sourceforge.net/

bkhive

1.1.1

Program for dumping the syskey bootkey from a Windows NT/2K/XP system hive.

http://sourceforge.net/projects/ophcrack

blackarch-menus

0.2

BlackArch specific XDG-compliant menu

http://www.blackarch.org/

blackhash

0.2

Creates a filter from system hashes

http://16s.us/blackhash/

bletchley

0.0.1

A collection of practical application cryptanalysis tools.

https://code.google.com/p/bletchley/

blindelephant

A web application fingerprinter. Attempts to discover the version of a (known) web application by comparing static files at known locations

http://blindelephant.sourceforge.net/

blindsql

1.0

Set of bash scripts for blind SQL injection attacks

http://www.enye-sec.org/programas.html

bluebox-ng

65.33a19a8

A GPL VoIP/UC vulnerability scanner.

https://github.com/jesusprubio/bluebox-ng

bluebugger

0.1

An implementation of the bluebug technique which was discovered by Martin Herfurt.

http://packetstormsecurity.com/files/54024/bluebugger.1.tar.gz.html

bluelog

1.1.1

A Bluetooth scanner and sniffer written to do a single task, log devices that are in discoverable mode.

http://www.digifail.com/software/bluelog.shtml

bluepot

0.1

A Bluetooth Honeypot written in Java, it runs on Linux

https://code.google.com/p/bluepot/

blueprint

0.1_3

A perl tool to identify Bluetooth devices.

http://trifinite.org/trifinite_stuff_blueprinting.html

blueranger

1.0

A simple Bash script which uses Link Quality to locate Bluetooth device radios.

http://www.hackfromacave.com/projects/blueranger.html

bluesnarfer

0.1

A bluetooth attacking tool

http://www.alighieri.org/project.html

bmap-tools

3.2

Tool for copying largely sparse files using information from a block map file.

http://git.infradead.org/users/dedekind/bmap-tools.git

bob-the-butcher

0.7.1

A distributed password cracker package.

http://btb.banquise.net/

bokken-hg

370.b180f39d107f

GUI for radare2 and pyew.

http://inguma.eu/projects/bokken/

bowcaster

0.1

This framework, implemented in Python, is intended to aid those developing exploits by providing useful set of tools and modules, such as payloads, encoders, connect-back servers, etc. Currently the framework is focused on the MIPS CPU architecture, but the design is intended to be modular enough to support arbitrary architectures.

https://github.com/zcutlip/bowcaster

braa

0.82

A mass snmp scanner

http://s-tech.elsat.net.pl/braa/

braces

0.4

A Bluetooth Tracking Utility.

http://braces.shmoo.com/

browser-fuzzer

Browser Fuzzer 3

http://www.krakowlabs.com/dev.html

brutessh

0.5

A simple sshd password bruteforcer using a wordlist, its very fast for internal networks. Its multithreads.

http://www.edge-security.com/edge-soft.php

brutus

One of the fastest, most flexible remote password crackers you can get your hands on.

http://www.hoobie.net/brutus/

bsdiff

4.3

bsdiff and bspatch are tools for building and applying patches to binary files.

http://www.daemonology.net/bsdiff/

bsqlbf

2.6

Blind SQL Injection Brute Forcer.

http://code.google.com/p/bsqlbf-v2/

bss

0.8

Bluetooth stack smasher / fuzzer

http://www.secuobs.com/news/15022006-bss_0_8.shtml

bt_audit

0.1.1

Bluetooth audit

http://www.betaversion.net/btdsd/download/

btcrack

1.1

The worlds first Bluetooth Pass phrase (PIN) bruteforce tool. Bruteforces the Passkey and the Link key from captured Pairing exchanges.

http://www.nruns.com/_en/security_tools_btcrack.php

btscanner

2.1

Bluetooth device scanner.

http://www.pentest.co.uk

bulk-extractor

1.3.1

Bulk Email and URL extraction tool

https://github.com/simsong/bulk_extractor

bully

23.1fef73a

A wifi-protected-setup (WPS) brute force attack tool.

http://code.google.com/p/bully/

bunny

0.93

A closed loop, high-performance, general purpose protocol-blind fuzzer for C programs.

http://code.google.com/p/bunny-the-fuzzer/

burpsuite

1.6

An integrated platform for attacking web applications (free edition).

http://portswigger.net/burp/

buttinsky

138.1a2a1b2

Provide an open source framework for automated botnet monitoring.

https://github.com/buttinsky/buttinsky

bvi

1.4.0beta

A display-oriented editor for binary files operate like "vi" editor.

http://bvi.sourceforge.net/

cadaver

0.23.3

Command-line WebDAV client for Unix

http://www.webdav.org/cadaver

canari

1.1

A transform framework for maltego

http://www.canariproject.com/

cansina

93.abc6577

A python-based Web Content Discovery Tool.

https://github.com/deibit/cansina

capstone

2.1.2

A lightweight multi-platform, multi-architecture disassembly framework.

http://www.capstone-engine.org/index.html

carwhisperer

0.2

Intends to sensibilise manufacturers of carkits and other Bluetooth appliances without display and keyboard for the possible security threat evolving from the use of standard passkeys.

http://trifinite.org/trifinite_stuff_carwhisperer.html

casefile

1.0.1

The little brother to Maltego without transforms, but combines graph and link analysis to examine links between manually added data to mind map your information

http://www.paterva.com/web6/products/casefile.php

cdpsnarf

0.1.6

Cisco discovery protocol sniffer.

https://github.com/Zapotek/cdpsnarf

cecster

5.15544cb

A tool to perform security testing against the HDMI CEC (Consumer Electronics Control) and HEC (HDMI Ethernet Channel) protocols

https://github.com/nccgroup/CECster

centry

72.6de2868

Cold boot & DMA protection

https://github.com/0xPoly/Centry

cewl

4.3

A custom word list generator

http://www.digininja.org/projects/cewl.php

cflow

1.4

A C program flow analyzer.

http://www.gnu.org/software/cflow/

chaosmap

1.3

An information gathering tool and dns / whois / web server scanner

http://freecode.com/projects/chaosmap

chaosreader

0.94

A freeware tool to trace tcp, udp etc. sessions and fetch application data from snoop or tcpdump logs.

http://chaosreader.sourceforge.net/

chapcrack

17.ae2827f

A tool for parsing and decrypting MS-CHAPv2 network handshakes.

https://github.com/moxie0/chapcrack

check-weak-dh-ssh

0.1

Debian OpenSSL weak client Diffie-Hellman Exchange checker.

http://packetstormsecurity.com/files/66683/check_weak_dh_ssh.pl.bz2.html

checkiban

0.2

Checks the validity of an International Bank Account Number (IBAN).

http://kernel.embedromix.ro/us/

checkpwd

1.23

Oracle Password Checker (Cracker)

http://www.red-database-security.com/software/checkpwd.html

checksec

1.5

The checksec.sh script is designed to test what standard Linux OS and PaX security features are being used.

http://www.trapkit.de/tools/checksec.html

chiron

0.1

An all-in-one IPv6 Penetration Testing Framework.

http://www.secfu.net/tools-scripts/

chkrootkit

0.50

Checks for rootkits on a system

http://www.chkrootkit.org/

chntpw

140201

Offline NT Password Editor - reset passwords in a Windows NT SAM user database file

http://pogostick.net/~pnh/ntpasswd/

chownat

0.08b

Allows two peers behind two separate NATs with no port forwarding and no DMZ setup on their routers to directly communicate with each other

http://samy.pl/chownat/

chrome-decode

0.1

Chrome web browser decoder tool that demonstrates recovering passwords.

http://packetstormsecurity.com/files/119153/Chrome-Web-Browser-Decoder.html

chromefreak

22.336e323

A Cross-Platform Forensic Framework for Google Chrome

http://osandamalith.github.io/ChromeFreak/

cidr2range

0.9

Script for listing the IP addresses contained in a CIDR netblock

http://www.cpan.org/authors/id/R/RA/RAYNERLUC

cintruder

0.2.0

An automatic pentesting tool to bypass captchas.

http://cintruder.sourceforge.net/

ciphertest

4.5780d36

A better SSL cipher checker using gnutls.

https://github.com/OpenSecurityResearch/ciphertest

cirt-fuzzer

1.0

A simple TCP/UDP protocol fuzzer.

http://www.cirt.dk/

cisco-auditing-tool

Perl script which scans cisco routers for common vulnerabilities. Checks for default passwords, easily guessable community names, and the IOS history bug. Includes support for plugins and scanning multiple hosts.

http://www.scrypt.net

cisco-global-exploiter

1.3

A perl script that targets multiple vulnerabilities in the Cisco Internetwork Operating System (IOS) and Catalyst products.

http://www.blackangels.it

cisco-ocs

0.2

Cisco Router Default Password Scanner.

http://www.question-defense.com/2013/01/11/ocs-version-2-release-ocs-cisco-router-default-password-scanner

cisco-router-config

1.1

copy-router-config and merge-router-config to copy and merge Cisco Routers Configuration

cisco-scanner

0.2

Multithreaded Cisco HTTP vulnerability scanner. Tested on Linux, OpenBSD and Solaris.

http://wayreth.eu.org/old_page/

cisco-torch

0.4b

Cisco Torch mass scanning, fingerprinting, and exploitation tool.

http://www.arhont.com

cisco5crack

2.c4b228c

Crypt and decrypt the cisco enable 5 passwords.

https://github.com/madrisan/cisco7crack

cisco7crack

2.f1c21dd

Crypt and decrypt the cisco enable 7 passwords.

https://github.com/madrisan/cisco7crack

ciscos

1.3

Scans class A, B, and C networks for cisco routers which have telnet open and have not changed the default password from cisco.

climber

23.f614304

Check UNIX/Linux systems for privilege escalation.

https://github.com/raffaele-forte/climber

clusterd

129.0f04a49

Automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack.

https://github.com/hatRiot/clusterd

cmospwd

5.0

Decrypts password stored in CMOS used to access BIOS setup.

http://www.cgsecurity.org/wiki/CmosPwd

cms-explorer

1.0

Designed to reveal the specific modules, plugins, components and themes that various cms driven websites are running

http://code.google.com/p/cms-explorer

cms-few

0.1

Joomla, Mambo, PHP-Nuke, and XOOPS CMS SQL injection vulnerability scanning tool written in Python.

http://packetstormsecurity.com/files/64722/cms_few.py.txt.html

codetective

37.f94d9e8

A tool to determine the crypto/encoding algorithm used according to traces of its representation.

https://www.digitalloft.org/init/plugin_wiki/page/codetective

complemento

0.7.6

A collection of tools for pentester: LetDown is a powerful tcp flooder ReverseRaider is a domain scanner that use wordlist scanning or reverse resolution scanning Httsquash is an http server scanner, banner grabber and data retriever

http://complemento.sourceforge.net

conscan

1.1

A blackbox vulnerability scanner for the Concre5 CMS.

http://nullsecurity.net/tools/scanner.html

cookie-cadger

1.07

An auditing tool for Wi-Fi or wired Ethernet connections.

https://cookiecadger.com/

cowpatty

4.6

Wireless WPA/WPA2 PSK handshake cracking utility

http://www.wirelessdefence.org/Contents/Files/

cpfinder

0.1

This is a simple script that looks for administrative web interfaces.

http://packetstormsecurity.com/files/118851/Control-Panel-Finder-Script.html

cppcheck

1.66

A tool for static C/C++ code analysis

http://cppcheck.wiki.sourceforge.net/

cpptest

1.1.2

A portable and powerful, yet simple, unit testing framework for handling automated tests in C++.

http://cpptest.sourceforge.net/

crackhor

2.ae7d83f

A Password cracking utility.

https://github.com/CoalfireLabs/crackHOR

crackle

39.3e93196

Crack and decrypt BLE encryption

https://github.com/mikeryan/crackle/

crackserver

31.c268a80

An XMLRPC server for password cracking.

https://github.com/averagesecurityguy/crack

create-ap

103.9d78068

This script creates a NATed or Bridged WiFi Access Point.

https://github.com/oblique/create_ap

creddump

0.3

A python tool to extract various credentials and secrets from Windows registry hives.

https://code.google.com/p/creddump/

creds

8181.da07974

Harvest FTP/POP/IMAP/HTTP/IRC credentials along with interesting data from each of the protocols.

https://github.com/DanMcInerney/creds.py

creepy

137.9f60449

A geolocation information gatherer. Offers geolocation information gathering through social networking platforms.

http://github.com/ilektrojohn/creepy.git

crunch

3.6

A wordlist generator for all combinations/permutations of a given character set.

http://sourceforge.net/projects/crunch-wordlist/

cryptcat

1.2.1

A lightweight version of netcat with integrated transport encryption capabilities.

http://sourceforge.net/projects/cryptcat

crypthook

16.bceeb0b

TCP/UDP symmetric encryption tunnel wrapper.

https://github.com/chokepoint/CryptHook

cryptonark

0.4.9

SSL security checker.

http://blog.techstacks.com/cryptonark.html

csrftester

1.0

The OWASP CSRFTester Project attempts to give developers the ability to test their applications for CSRF flaws.

http://www.owasp.org/index.php/Category:OWASP_CSRFTester_Project

ctunnel

0.6

Tunnel and/or proxy TCP or UDP connections via a cryptographic tunnel.

http://nardcore.org/ctunnel

cuckoo

1.1.1

A malware analysis system.

http://cuckoosandbox.org/

cupp

3.0

Common User Password Profiler

http://www.remote-exploit.org/?page_id=418

cutycapt

A Qt and WebKit based command-line utility that captures WebKits rendering of a web page.

http://cutycapt.sourceforge.net/

cvechecker

3.5

The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning the installed software and matching the results with the CVE database.

http://cvechecker.sourceforge.net/

cymothoa

A stealth backdooring tool, that inject backdoors shellcode into an existing process.

http://cymothoa.sourceforge.net/

darkbing

0.1

A tool written in python that leverages bing for mining data on systems that may be susceptible to SQL injection.

http://packetstormsecurity.com/files/111510/darkBing-SQL-Scanner.1.html

darkd0rk3r

1.0

Python script that performs dork searching and searches for local file inclusion and SQL injection errors.

http://packetstormsecurity.com/files/117403/Dark-D0rk3r.0.html

darkjumper

5.8

This tool will try to find every website that host at the same server at your target

http://sourceforge.net/projects/darkjumper/

darkmysqli

1.6

Multi-Purpose MySQL Injection Tool

https://github.com/BlackArch/darkmysqli

darkstat

3.0.718

Network statistics gatherer (packet sniffer)

http://dmr.ath.cx/net/darkstat/

davoset

1.2

A tool for using Abuse of Functionality and XML External Entities vulnerabilities on some websites to at

Go to link download

PHP Secure Configuration Checker Check current PHP configuration for potential security flaws

Among the most tedious tasks of PHP security testing is the check for insecure PHP configuration. As a successor of our PHP Security Poster, we have created a script to help system administrators as well as security professionals to assess the state of php.ini and related topics as quickly and as thoroughly as possible. For later reference, the script is called "PHP Secure Configuration Checker" , or pcc.

Inspiration and previous work

phpinfo(): Just like phpinfo() the pcc is supposed to give a brief overview of security related configuration issues.
phpsecinfo: This is an alternative project that appears to have been discontinued in 2007.
SektionEins PHP Security Poster (2009-2011): Some text snippets and recommendations of our own work we put into the popular poster have been reused.

Ideas, Features and Software Design

One single file for easy distribution: In respect to an update process and access restrictions, a single file can be handled easier than a whole web application monster.
Simple tests for each security related ini entry: Testing php.ini on a live system is the main aspect of this project. Each entry is supposed to be checked or otherwise actively ignored.
A few other tests: pcc is not restricted to php.ini checks. Other ideas can be implemented as well.
Compatibility: PHP 5.4 is supposed to work. Older PHP versions are not supposed to be used in the wild anyway.
NO complicated/overengineered code, e.g. no classes/interfaces, test-frameworks, libraries, ...: In most cases, a recommendation is based on a simple boolean decision, e.g. is it 1 or is it 0. The corresponding code is supposed to reflect this simplicity. Also, simple code leads to fewer programming errors.
Novice factor: The result is supposed to help secure the PHP environment. There is no need to obfuscate, encrypt or hide the code. Even unexperienced developers or system administrators may take a glance at the code - free of charge.
NO (or very few) dependencies: pcc is supposed to run in the most simplistic (yet still realistically sane) PHP environment. Writing files and loading bloated library code should be avoided.
Safeguards: In order to prevent information disclosure, IP restrictions are implemented, as well as a lock-out mechanism based on the scripts modification time.
Suhosin: pcc checks the correct configuration of the Suhosin extension.

Download PHP Secure Configuration Checker

Go to link download

Quick Heal Total Security 2016 Serial Key With Crack Free Download

Go to link download

Avira Internet Security Suite 2016 License Key Till 2020 Latest Version

Go to link download

Lynis 1 5 9 Security auditing tool for Unix Linux systems

How it works

Typical use cases for Lynis:

Security auditing
Vulnerability scanning
System hardening

Why open source?

System Auditing

Auditing made easy

With IT departments already under pressure, the demand for securing systems is only getting higher. This is why regular system auditing is required.

Unfortunately, manual checking is too much work and most solutions only present the issues. With Lynis Enterprise auditing is quick, easy and affordable.

Extensive

Audits performed by Lynis are extensive. From the bootloader up to the last piece of software, it all gets checked. Any vulnerable package, weak configuration value or unneeded daemon will show up sooner or later.

System Hardening

Limiting the weak spots

To increase the defenses of a system, additional security measures have to be implemented. This process of fortification is named system hardening. It consists of removing unnecessary parts, limit default access and tighten up the permissions of processes and users. While Unix based systems are fairly secure by default, the need of system hardening will always exist.

Hardening systems without the right tools, can take a lot of time. Besides investigating, the changes have to be planned, implemented and tested at several stages.

Auditing and Hardening

Our solution performs an in-depth audit, to determine the applicable hardening controls. Together with these controls the right suggestions are selected for your environment. A customized plan will be part of your system hardening efforts. To simplify the process of system hardening, hardening snippets are provided. Almost as simple as a copy-paste, you can harden the system of your workstations and servers.

Technical details

The hardening snippets used are depending on the related control. Usually there is a piece of shell script available to test for a specific control, or to implement the related control. Where possible and applicable, also snippets are provided for configuration management tools like cfengine, Chef and Puppet.

Vulnerability Scanning

Weaknesses

Discovering weaknesses in IT security is named vulnerability scanning. It is the art of finding weaknesses, before malicious people do. These vulnerabilities may exist in essential parts of the operating system, software, or even configuration files.

Best of all worlds

Our solution focuses on host based scanning, combined with scanning via the network. This way more ground is covered and better insights can be provided. Solutions only using network scanning are nowadays not extensive enough.

Most of the vulnerability tests are already built-in. With the help of plugins, additional tests are performed to discover vulnerabilities. Also information is collected, which can be used to determine weaknesses in unexpected areas.

Download Lynis 1.5.9

Go to link download

Bitdefender Internet Security 2016 Key Free Download Full Version With Cracked

Go to link download

Dradis v2 9 Information Sharing For Security Assessments

Dradis is an open source framework to enable effective information sharing, specially during security assessments. It’s a tool specifically to help in the process of penetration testing. Penetration testing is about information:

Information discovery
Exploit useful information
Report the findings

But penetration testing is also about sharing the information you and your teammates gather. Not sharing the information available in an effective way will result in exploitation opportunities lost and the overlapping of efforts.

Dradis is a self-contained web application that provides a centralised repository of information to keep track of what has been done so far, and what is still ahead.

Features

Easy report generation.
Support for attachments.
Integration with existing systems and tools through server plugins.
Platform independent.

Traditional pentesting teams face different types of challenges regarding information sharing. Different tools provide output in different formats, different testers capture evidence in different ways, different companies report differently, etc.

If you do not use a tool to share the information, every tester will use their own notes file to keep track of their findings. Each will store this file locally, or on a shared resource, but the information will not arrive immediately to the rest of the team.

If you want to know what are the latest findings of your mate, you will need to look for the notes file. You also can try talking, but talking is not that effective when you need to know a specific cookie value or a sql query for an injection attack.

It seems reasonable that some effort must be put to increase the quality and efficiency of this process.

Download Dradis

Go to link download

AVG AntiVirus PRO Android Security 5 9 0 1 APK Full Cracked

Get AVG AntiVirus PRO Android™ Security now for premium, full featured protection from viruses, malware, spyware & online exploitation in real-time.

with just an easy 1-time payment and join over

100,000,000 people who already installed AVG’s antivirus mobile security apps!

Download

Android | Tablet

Go to link download

Friday, April 28, 2017

ESET Internet Security 10 Key Plus Crack Download Free Full Version

Tuesday, April 25, 2017

Netsparker v3 5 5 Web Application Security Scanner

Monday, April 24, 2017

Nmap 6 47 Free Security Scanner For Network Exploration Security Audits

Saturday, April 22, 2017

Lynis 1 6 4 Security auditing tool for Unix Linux systems

Friday, April 21, 2017

Norton Mobile Security Premium v3 17 0 3205 APK

WPHardening WPHardening fortification is a security tool for WordPress

Usage

Examples

Thursday, April 20, 2017

Lynis 1 6 0 Security auditing tool for Unix Linux systems

Saturday, April 15, 2017

Kaspersky Internet Security 2016 Crack Plus Key Download Full Version

BurpSentintel GUI Burp Plugin to ease discovering of security holes in web applications

Features

Wednesday, April 5, 2017

Netsparker v3 5 Web Application Security Scanner

NEW FEATURES

NEW SECURITY TESTS

IMPROVEMENTS

FIXES

Password Security Scanner Check the security strength of your passwords on Windows

Start Using Password Security Scanner

Columns Description

Monday, April 3, 2017

Parrot Security OS Friendly OS designed for Pentesting Computer Forensic Reverse engineering Hacking Cloud pentesting Privacy Anonimity and Cryptography

Who can use it

Sunday, April 2, 2017

BlackArch Linux v2014 10 07 Lightweight expansion to Arch Linux for pentesters and security researchers

Friday, March 31, 2017

PHP Secure Configuration Checker Check current PHP configuration for potential security flaws

Inspiration and previous work

Ideas, Features and Software Design

Quick Heal Total Security 2016 Serial Key With Crack Free Download

Friday, March 24, 2017

Avira Internet Security Suite 2016 License Key Till 2020 Latest Version

Wednesday, March 22, 2017

Lynis 1 5 9 Security auditing tool for Unix Linux systems

Tuesday, March 21, 2017

Bitdefender Internet Security 2016 Key Free Download Full Version With Cracked

Monday, March 20, 2017

Dradis v2 9 Information Sharing For Security Assessments

AVG AntiVirus PRO Android Security 5 9 0 1 APK Full Cracked