TOP 15 HACKING, CRACKING & PENTESTING TOOLS!
- BY J2 HACKER
1.PWN STAR:
A bash script to launch the AP, can be configured with a variety of attack options. Including a php script and server index.html, for phishing. Can act as a multi-client captive portal using php and iptables. Exploitation classics such as crime-PDF, De-auth with aireplay, etc.
GENERAL FEATURES!
1.Managing Interfaces and MAC Spoofing
2.Set sniffing
3.Phishing Web
4.Karmetasploit
4.WPA handshake
5.De-auth client
6.Managing Iptables
DOWNLOAD LINK OF PWN STAR => https://code.google.com/p/pwn-star/downloads/list
2.ZED ATTACK PROXY (ZAP):
(ZAP) is an integrated penetration testing tool for finding vulnerabilities in web applications. This tool is designed for use by people with a variety of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to the toolbox tester.
KEY FEATURES!
1.Intercepting Proxy
2.Active scanners
3.Passive scanners
4.Brute Force scanner
5.Spider
6.Fuzzer
7.Port Scanner
8.Dynamic SSL certificates
9.API
10.Beanshell integration
DOWNLOAD LINK OF ZAP => https://code.google.com/p/zaproxy/downloads/detail?name=README.txt&can=2&q=
3.SET (SOCIAL ENGINEERING TOOLKIT):
Tools that focus on attacking the human element of weakness and inadvertence. This tool is widely used today and is one of the most successful tools demonstrated at Defcon
KEY FEATURES!
1.Spear-Phishing Attack Vector
2.Java Applet Attack Vector
3.Metasploit Browser Exploit Method
4.Credential Harvester Attack Method
5.Tabnabbing Attack Method
6.Man Left in the Middle Attack Method
7.Web Jacking Attack Method
8.Multi-Attack Web Vector
9.Infectious Media Generator
10.Teensy USB HID Attack Vector
DOWNLOAD LINK OF SOCIAL ENG TOOLKIT => https://www.trustedsec.com/social-engineer-toolkit/
4.BURP SUITE:
Burp Suite is a very nice tool for web application security testing. This tool is great for pentester and security researchers. It contains a variety of tools with many interfaces between them designed to facilitate and accelerate the process of web application attacks.
GENERAL FUNCTIONS!
1.Interception proxies
2.Radar and spiders crawling
3.Webapps scanner
4.Tool assault
5.Repeater and sequencer tools
DOWNLOAD BURP SUITE HERE => http://portswigger.net/burp/download.html
5.ETTERCAP:
Ettercap is a multipurpose sniffer / interceptor / logger for Local Area Network . It supports active and passive dissection of many protocols (even in code) and includes many feature for network and host analysis.
GENERAL FUNCTIONS!
1.To capture traffic and data
2.To do logging network
3.Etc.
DOWNLOAD ETTERCAP HERE => http://sourceforge.net/projects/ettercap/files/latest/download
6.SANS INVESTIGATIVE FORENSIC TOOLKIT:
The SANS Investigative Forensic Toolkit (SIFT) Workstation is a VMware Appliance that can be configured with all the requirements to perform a detailed digital forensic. Compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The new version has been completely rebuilt on the Ubuntu base with many additional tools and capabilities that are used in modern forensic technology.
GENERAL FUNCTIONS SIFT!
1.iPhone, Blackberry, and Android Forensic Capabilities
2.Registry Viewer (YARU)
3.Compatibility with F-Response Tactical, Standard, and Enterprise
4.PTK 2.0 (Special Release – Not Available for Download)
5.Automated Generation Timeline via log2timeline
6.Many Firefox Investigative Tools
7.Windows Journal Parser and Shellbags Parser (jp and sbag)
8.Many Windows Analysis Utilities (prefetch, usbstor, event logs, and more)
9.Complete Overhaul of Regripper Plugins (added over 80 additional plugins)
Download the SANS Investigative Forensic Toolkit (SIFT) here:
http://digital-forensics.sans.org/community/downloads
7.WIRESHARK:
Wireshark is the most widely used and most popular in the world the protocol analyzer, and is the de facto standard across many industries and educational institutions to analyze the network in different protocol.
GENERAL FUNCTION!
1.Live capture and offline analysis
2.Standard three-pane packet browser
3.Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, 4.NetBSD, and many others
5.Captured data network can be browsed via a GUI, or via the TTY-6.mode tshark utility
7.The most powerful display filters in the industry
8.Rich VoIP analysis
9.Read / write many different capture file formats
Etc.
Download the WIRESHARK: http://www.wireshark.org/download.html
8.WEBSPLOIT:
WebSploit is an Open Source Project for Remote Scan and Analysis System of the weaknesses in web applications.
KEY FEATURES!
1.Social Engineering Works
2.Scan, Web Crawler & Analysis
3.Automatic Exploiter
4.Support Network Attacks
5.Autopwn – Used From Metasploit For Scan and Exploit Target Service
6.WMAP – Scan, Target Used Crawler From Metasploit WMAP plugin
7.format infector – inject the payload into reverse and bind file format
8.phpmyadmin Scanner
9.LFI Bypasser
10.Apache Users Scanner
11.Dir Bruter
12.admin finder
13.MLITM Attack – Man Left In The Middle, XSS Phishing Attacks
14.MITM – Man In The Middle Attack
15.Java Applet Attack
16.MFOD Attack Vector
17.USB Infection Attack
18.Dos ARP Attack
19.‘s Killer Attack
20.Attack Fake Update
21.Fake Access Point Attack
Download WebSploit Framework here=>
http://sourceforge.net/projects/websploit/files/latest/download
9.WINAUTOPWN:
WinAutoPWN is a tool that is used to exploit the Windows Framework directly, so that we are automatically going to be an administrator on the windows. Widely used by “Defacer” Indonesia to deface the Windows Server
Download WinAutoPWN Here: http://winautopwn.co.nr/
10.HASHCAT:
Hashcat are a variety of tools to crack passwords in encrypted, it is very powerful for password recovery.
GENERAL FUNCTIONS!
1.Multi-Threaded
2.Free
3.Multi-Hash (up to 24 million hashes)
4.Multi-OS (Linux, Windows and OSX native binaries)
5.Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, …)
6.SSE2 accelerated
7.All Attack-Modes except Brute-Force and Permutation can be 8.extended by rules
9.Very fast Rule-engine
10.Rules compatible with JTR and PasswordsPro
11.Possible to resume or limit session
12.Automatically recognizes recovered hashes from outfile at startup
13.Can automatically generate random rules
14.Load setlist from an external file and then use them in a Brute-15.Force Attack variant
16.Able to work in an distributed environment
17.Specify multiple wordlists or multiple directories of wordlists
18.Number of threads can be configured
19.Lowest priority threads run on
20.30 + Algorithms is implemented with performance in mind… and much more
DOWNLOAD HASCAT HERE => http://hashcat.net/hashcat/
11.UNISCAN:
Uniscan is a scanner for web applications, written in perl for Linux. Currently Uniscan version is 6.2.
GENERAL FUNCTIONS!
1.Identification of system pages through a Web Crawler.
2.Use of threads in the crawler.
3.Control the maximum number of requests the crawler.
4.Control of variation of system pages identified by Web Crawler.
5.Control of file extensions that are ignored.
6.Test of pages found via the GET method.
7.Test the forms found via the POST method
8.Support for SSL requests ( HTTPS ).
9.Proxy support.
10.Generate site list using Google.
11.Generate site list using Bing.
12.Plug-in support for Crawler.
13.Plug-in support for dynamic tests.
14.Plug-in support for static tests.
15.Plug-in support for stress tests.
16.Multi-language support.
17.Web client.
DOWNLOAD UNISCAN HERE => http://sourceforge.net/projects/uniscan/files/latest/download
12.OLYYDBG:
OllyDbg is a 32-bit assembler debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source code is not available.
GENERAL FUNCTIONS!
1.Intuitive user interface, no cryptical commands
2.Code analysis – traces registers, recognizes procedures, loops, API calls, switches, tables, constants and strings
3.Directly loads and debugs DLLs
4.Object file scanning – locates routines from object files and libraries
5.Allows for user-defined labels, comments and function descriptions
5.Understands debugging information in Borland ® format
6.Saves patches between sessions, writes them back to executable file and updates fixups
7.Open architecture – many third-party plugins are available
8.No installation – no trash in registry or system directories
9.Debugs multithreaded applications
10.Attaches to running programs
11.Configurable disassembler, supports both MASM and IDEAL formats
12.MMX, 3DNow! and SSE instructions and the data types, Including Athlon extensions
13.Full UNICODE support
14.Dynamically recognizes ASCII and UNICODE strings – also in Delphi format!
15.Recognizes complex code constructs, like call to jump to procedure
16.Decodes calls to more than 1900 standard API and 400 C functions
17.Gives context-sensitive help on API functions from external help file
18.Sets conditional, logging, memory and hardware breakpoints
19.Traces program execution, logs arguments of known functions
20.Shows fixups
21.Dynamically traces stack frames
22.Searches for imprecise commands and masked binary sequences
23.Searches whole allocated memory
24.Finds references to constant or address range
25.Examines and modifies memory , sets breakpoints and Pauses program on-the-fly
26.Assembles commands into the shortest binary form
27.Starts from the floppy disk
DOWNLOAD OLLYDBG HERE => http://ollydbg.de/odbg201.zip
13.BBQSQL:
BBQSQL an Opensource SQL injection tools with the framework specifically designed to carry out the process in hyper fast, database agnostic, easy to setup, and easy to modify. This is another amazing release from Arsenal Blackhat USA 2012. When conducting security assessments of applications, we often find that it is difficult to SQL vulnerabilities exploitable, with this tool will be extremely easy.
BBQSQL written in the Python programming language. This is very useful when complex SQL injection attack vulnerabilities. BBQSQL also a semi-automated tool, which allows little customization for those who are finding it difficult to trigger a SQL injection. The tool is built to be database agnostic and very versatile. It also has an intuitive UI for setting up the attack much easier
GENERAL FUNCTION!
1.SQL Injection Tools
2.URL
3.HTTP Method
4.Headers
5.Cookies
6.Encoding methods
7.Redirect behavior
8.Files
9.HTTP Auth
10.Proxies
DOWNLOAD BBQSQL FROM HERE => https://github.com/Neohapsis/bbqsql/
14.CRYPTOHAZE:
Tools to crack password / hash where cryptohaze supports CUDA, OpenCL , and the CPU code (SSE, AVX, etc.). Can run on OS that support CUDA. These are intended to make it easier to pentester did crack the hash.
GENERAL FUNCTION!
1.Web Scanner
2.Web Mapping
3.Web Exploitation
DOWNLOAD LINK => http://sourceforge.net/projects/cryptohaze/files/latest/download?source=files
15.SAMURAI WEB TESTING FRAMEWORK (SWTF):
SWTF is used to do testing / pentest against web application, is used to find a weakness and exploited to perform web. Very comprehensive and widely used in the world, including one used by staff binushacker
GENERAL FUNCTION!
1.Web Scanner
2.Web Mapping
3.Web Exploitation
DOWNLOAD FROM HERE => http://sourceforge.net/projects/samurai/files/
NOTE: IT TOOK A LOT OF MY TIME TO POST THIS USEFUL STUFF FOR YOU GUYS! I WANT 100% RESPONSE FROM YOUR SIDE FOR FURTHER POSTING!
0 Comments:
Post a Comment