SecTools

Web Proxy, written in Java. Supports http and https

Info: http://www.parosproxy.org/

These icons link to social bookmarking sites where readers can share and discover new web pages.

OpenSSL vulnerability scanner scans for a remote exploit for the KEY_ARG overflow in OpenSSL 0.9.6d and older. Tested against most major Linux distributions. Gives a remote nobody shell on Apache and remote root on other servers. Includes an OpenSSL vulnerability scanner and a detailed vulnerability analysis. Only Linux/x86 targets are supported.

Exploit Details (CVE-2002-0656): http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656

OpenSSL Exploit […]

an efficient SNMP scanner

Info: http://www.phreedom.org/solar/onesixtyone/

These icons link to social bookmarking sites where readers can share and discover new web pages.

OAT (Oracle Auditing Tools) - is a set of tools which can be used to audit Oracle databases running on the Microsoft Windows platform. The Tools are Java based and were tested on both Windows and Linux. They should hopefully also run on any other Java platform. http://www.cqure.net/wp/?page_id=2

These icons link to social bookmarking sites where […]

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

Info: http://www.cirt.net/code/nikto.shtml

These icons link […]

Mistress in an ‘Application Sadism Environment’ and can also be called a fuzzer. It is written in Python and was created for probing file formats on the fly and protocols with malformed data, based on pre-defined patterns. It is recommended that the project site be visited for further documentation and use cases.

These icons link to […]

Mibble is an open-source SNMP MIB parser (or SMI parser) written in Java. It can be used to read SNMP MIB files as well as simple ASN.1 files.

Info: http://www.mibble.org/

These icons link to social bookmarking sites where readers can share and discover new web pages.

Mezcal is an HTTP/HTTPS bruteforcing tool allowing the crafting of requests and insertion of dynamic variables on-the-fly.

Info:http://0×90.org/releases/mezcal/

These icons link to social bookmarking sites where readers can share and discover new web pages.

Metoscan is a tiny tool for scanning the HTTP methods supported by a web server. It works testing a URL and checking the responses for the different probes.

Info: http://www.securiteam.com/tools/5CP0O20IAK.html

These icons link to social bookmarking sites where readers can share and discover new web pages.

MetaCoretex security scanner is an extremely modular plugin based security scanner written entirely in JAVA to allow the use of JDBC Type IV drivers when scanning databases. Initially, most plugins will likely be for DBs.

These icons link to social bookmarking sites where readers can share and discover new web pages.

Lynx is the text web browser.

Info: http://lynx.isc.org/

These icons link to social bookmarking sites where readers can share and discover new web pages.

Extracts Urls from a webpage

These icons link to social bookmarking sites where readers can share and discover new web pages.

JBroFuzz is a stateless network protocol fuzzer that emerged from the needs of penetration testing. Written in Java, it allows for the identification of certain classess of security vulnerabilities, by means of creating malformed data and having the network protocol in question consume the data.

Info: http://www.owasp.org/index.php/Category:OWASP_JBroFuzz

These icons link to social bookmarking sites where readers […]

Gets the form data from a webpage

Info: http://www.infobyte.com.ar/

These icons link to social bookmarking sites where readers can share and discover new web pages.

httprint is a web server fingerprinting tool.

Info: http://net-square.com/httprint

These icons link to social bookmarking sites where readers can share and discover new web pages.

httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers. Normally by changing server signatures and banner strings or enabling specific plug-ins, various web fingerprinting tools may be confused and provide false positive results. This is not the case with httprint. httprint can also be used […]

Halberd discovers HTTP load balancers. It is useful for web application security auditing and for load balancer configuration testing.

Info: http://halberd.superadditive.com/

These icons link to social bookmarking sites where readers can share and discover new web pages.

Usage: /pentest/web/put.pl -h <host> -l <file>
-h <host> = host you want to attack
-r <remote> = remote file name
-f <local> […]

Getsids tries to enumerate Oracle Sids by sending the services command to the Oracle TNS listener. Like doing ‘lsnrctl service’.

These icons link to social bookmarking sites where readers can share and discover new web pages.

GFI LANguard Network Security Scanner (N.S.S.) checks your network for all potential methods that a hacker might use to attack it. By analyzing the operating system and the applications running on your network, GFI LANguard N.S.S. identifies possible security holes. In other words, it plays the devil’s advocate and alerts you to weaknesses before a […]

What this tool does: “Fuzzing” is an automated software testing technique that generates and submits random or sequential data to various areas of an application in an attempt to uncover security vulnerabilities. For example, when searching for buffer overflows, a tester can simply generate data of various sizes and send it to one of the […]

curl is a command line tool for transferring files with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, FILE and LDAP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos…), file transfer resume, proxy tunneling and a […]

Cisco Torch mass scanning, application layer fingerprinting, and exploitation tool to discover and attack remote Cisco hosts running Telnet, SSH, Web, TFTP, NTP and SNMP services. Useful in auditing large networks for misconfigured/un-updated Ciscos.

Cisco Torch Homepage: http://www.arhont.com/ViewPage7422.html?siteNodeId=3&languageId=1&contentId=-1

These icons link to social bookmarking sites where readers can share and discover new web pages.

Output stored in cisco.txt
Usage: ciscos [option]
Class A scan: ciscos 127 1
Class B scan: ciscos 127.0 2
Class C scan: ciscos 127.0.0 3
[-C ] maximum threads
[-t ] seconds before connection timeout

These icons link to social bookmarking sites where readers […]

Cisco Scanning Tool

usage:

./ocs xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy

xxx.xxx.xxx.xxx = range start IP

yyy.yyy.yyy.yyy = range end IP

Cisco OCS Mass Scanner Homepage: http://www.hacklab.tk

These icons link to social bookmarking sites where readers can share and discover new web pages.