SecTools

httprint is a web server fingerprinting tool.

Info: http://net-square.com/httprint

These icons link to social bookmarking sites where readers can share and discover new web pages.

httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers. Normally by changing server signatures and banner strings or enabling specific plug-ins, various web fingerprinting tools may be confused and provide false positive results. This is not the case with httprint. httprint can also be used […]

Halberd discovers HTTP load balancers. It is useful for web application security auditing and for load balancer configuration testing.

Info: http://halberd.superadditive.com/

These icons link to social bookmarking sites where readers can share and discover new web pages.

Usage: /pentest/web/put.pl -h <host> -l <file>
-h <host> = host you want to attack
-r <remote> = remote file name
-f <local> […]

Getsids tries to enumerate Oracle Sids by sending the services command to the Oracle TNS listener. Like doing ‘lsnrctl service’.

These icons link to social bookmarking sites where readers can share and discover new web pages.

GFI LANguard Network Security Scanner (N.S.S.) checks your network for all potential methods that a hacker might use to attack it. By analyzing the operating system and the applications running on your network, GFI LANguard N.S.S. identifies possible security holes. In other words, it plays the devil’s advocate and alerts you to weaknesses before a […]

What this tool does: “Fuzzing” is an automated software testing technique that generates and submits random or sequential data to various areas of an application in an attempt to uncover security vulnerabilities. For example, when searching for buffer overflows, a tester can simply generate data of various sizes and send it to one of the […]

Cisco Torch mass scanning, application layer fingerprinting, and exploitation tool to discover and attack remote Cisco hosts running Telnet, SSH, Web, TFTP, NTP and SNMP services. Useful in auditing large networks for misconfigured/un-updated Ciscos.

Cisco Torch Homepage: http://www.arhont.com/ViewPage7422.html?siteNodeId=3&languageId=1&contentId=-1

These icons link to social bookmarking sites where readers can share and discover new web pages.

Output stored in cisco.txt
Usage: ciscos [option]
Class A scan: ciscos 127 1
Class B scan: ciscos 127.0 2
Class C scan: ciscos 127.0.0 3
[-C ] maximum threads
[-t ] seconds before connection timeout

These icons link to social bookmarking sites where readers […]

Cisco Scanning Tool

usage:

./ocs xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy

xxx.xxx.xxx.xxx = range start IP

yyy.yyy.yyy.yyy = range end IP

Cisco OCS Mass Scanner Homepage: http://www.hacklab.tk

These icons link to social bookmarking sites where readers can share and discover new web pages.

Cisco Global Exploiter is a script that targets vulnerabilities in the Cisco Internetwork Operating System (IOS) and Catalyst products. Cisco is ugently advising users to upgrade the networks software to close the holes that this script is exploiting. When the script is run against the host it gives menu choices for the user to perform.
Vulnerabilities […]

g0ne [null0]

Usage:

-h hostname (for scanning single hosts)
-f hostfile (for scanning multiple hosts)
-p port # (default port is 23)
-w wordlist (wordlist for community name guessing)
-a passlist (wordlist for password […]

Checkpwd is a fast dictionary based password checker for Oracle databases. Checkpwd reads the password hashes from the table sys.user$ and compares the hashkeys with the hashkeys calculated from a dictionary file.

Info: http://www.red-database-security.com/software/checkpwd.html

These icons link to social bookmarking sites where readers can share and discover new web pages.

A simple TCP/UDP protocol Fuzzer Version 1.0

Info: https://www.buslab.org/index.php/content/view/45743/2/

These icons link to social bookmarking sites where readers can share and discover new web pages.

Bruteforce Exploit Detector is a collection of scripts to automatically test implementations of different protocols for buffer overflows and / or format string vulnerabilities, by sending a lot of long strings to a server. It tries a kind of bruteforce, an attack without any plan. Some ppl would call it a fuzzer

Bed Homepage: http://snake-basket.de/bed.html

These icons […]

Absinthe is a GUI based tool designed to automate the process of blind sql injection. It works by profiling response pages as true or false from known cases, then moves on to identify unknowns as true or false.

Absinthe does not aid in the discovery of SQL Injection holes. This tool will only speed up the […]

Canvas : A Comprehensive Exploitation Framework
Canvas is a commercial vulnerability exploitation tool from Dave Aitel’s ImmunitySec. It includes more than 150 exploits and is less expensive than Core Impact, though it still costs thousands of dollars. You can also buy the optional VisualSploit Plugin for drag and drop GUI exploit creation. Zero-day […]

Core Impact : An automated, comprehensive penetration testing product
Core Impact isn’t cheap (be prepared to spend tens of thousands of dollars), but it is widely considered to be the most powerful exploitation tool available. It sports a large, regularly updated database of professional exploits, and can do neat tricks like exploiting one machine and then […]

Metasploit Framework : Hack the Planet
Metasploit took the security world by storm when it was released in 2004. No other new tool even broke into the top 15 of this list, yet Metasploit comes in at #5, ahead of many well-loved tools that have been developed for more than a decade. It is an advanced […]