hacking tools repository.pdf
TRANSCRIPT
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 1/26
Hacking Tools Repository Here is a list of security tools that have been collected from the internet. Thesetools are specifically aimed toward security professionals andenthusiasts/hobbyists for testing and demonstrating security weaknesses.
These tools are created for the sole purpose of security awareness andeducation, they should not be used against systems that you do not havepermission to test/attack. You could end up in jail.
Most of the tools are open source/free with a couple of exceptions, beforeusing any tools, I recommend that you read the instructions/documentationavailable on each of the individual tool's websites. Although some of the toolscould be listed in more than one category, they only appear in the list onlyonce, under its primary category.
If you have suggestions or links to tools/scripts to submit, please do, you canfork, edit, send a pull request or you can leave a comment on the wiki pagehere , your name or github page will be credited.https://github.com/Gexos/hacking-tools-repository/wiki »Passwords »Scanning »Sniffer »Enumeration »Networking Tools »Wireless
»Bluetooth »Web Scanners »Database »Vuln Scanners »Vuln Apps »Live CD
Passwords
Cain & Abel
Cain & Abel is a password recovery toolfor Microsoft Operating Systems. Itallows easy recovery of various kind ofpasswords by sniffing the network.
CacheDump
CacheDump, licensed under the GPL,demonstrates how to recover cacheentry information: username andMSCASH.
John the Ripper
John the Ripper is a fast password
cracker, currently available for manyflavors of Unix (11 are officiallysupported, not counting differentarchitectures), Windows, DOS, BeOS,and OpenVMS.
FSCrack
GUI for John the Ripper. FSCrack is afront end for John the Ripper (JtR) thatprovides a graphical user interface(GUI) for access to most of JtR’s
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 2/26
functions.
Hydra
A very fast network logon cracker whichsupport many different services.Numberone of the biggest security holes arepasswords, as every password securitystudy shows.
keimpx
keimpx is an open source tool, releasedunder a modified version of ApacheLicense 1.1. It can be used to quicklycheck for the usefulness of credentialsacross a network over SMB.
Medusa
Medusa is intended to be a speedy,massively parallel, modular, login brute-forcer. The goal is to support as manyservices which allow remoteauthentication as possible.
Ncrack
Ncrack is a high-speed networkauthentication cracking tool. It was builtto help companies secure their networksby proactively testing all their hosts andnetworking devices for poor passwords.
Ophcrack
Ophcrack is a Windows passwordcracker based on rainbow tables. It is avery efficient implementation of rainbowtables done by the inventors of the
method.
RainbowCrack
RainbowCrack is a general proposeimplementation of Philippe Oechslin'sfaster time-memory trade-off technique.
phrasen|drescher
phrasen|drescher (p|d) is a modularand multi processing pass phrasecracking tool. It comes with a number ofplugins but a simple plugin API allowsan easy development of new plugins.
LCP
Main purpose of LCP program is useraccount passwords auditing andrecovery in WindowsNT/2000/XP/2003.
Crunch
Crunch is a wordlist generator whereyou can specify a standard character setor a character set you specify. crunchcan generate all possible combinationsand permutations.
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 3/26
Fcrackzip
Naturally, programs are born out of anactual need. The situation with fcrackzipwas no different... I'm not using zip verymuch, but recently I needed a passwordcracker.
Enumiax
EnumIAX is an Inter Asterisk Exchangeversion 2 (IAX2) protocol usernamebrute-force enumerator. enumIAX mayoperate in two distinct modes;Sequential Username Guessing orDictionary Attack.
Wyd
wyd.pl was born out of those two ofsituations: 1. A penetration test shouldbe performed and the default wordlistdoes not contain a valid password. 2.During a forensic crime investigation apassword protected file must be openedwithout knowing the the password.
Bruter
Bruter is a parallel network login brute-forcer on Win32. This tool is intended todemonstrate the importance of choosingstrong passwords. The goal of Bruter isto support a variety of services thatallow remote authentication.
The sshbruteforcer
Is a tool to perform dictionary attacks tothe SSH servers, it's a simple tool, youset the target server, target account,wordlist, port and wait..
Lodowep
Lodowep is a tool for analyzingpassword strength of accounts on aLotus Domino webserver system. Thetool supports both session- and basic-authentication.
SSHatter
SSHatter uses a brute force technique todetermine how to log into an SSH
server. It rigorously tries eachcombination in a list of usernames andpasswords to determine which onessuccessfully log in.
Top
Scanning
Amap
Amap is a next-generation scanning tool,which identifies applications and services
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 4/26
even if they are not listening on thedefault port by creating a bogus-communication and analyzing theresponses.
Dr.Morena
Dr.Morena is a tool to confirm the ruleconfiguration of a Firewall. Theconfiguration of a Firewall is done bycombining more than one rule.
Firewalk
Firewalk is an active reconnaissancenetwork security tool that attempts todetermine what layer 4 protocols a givenIP forwarding device will pass. Firewalkworks by sending out TCP or UDP packetswith a TTL one greater than the targetedgateway.
Netcat
Netcat is a featured networking utility
which reads and writes data acrossnetwork connections, using the TCP/IPprotocol. It is designed to be a reliable"back-end" tool that can be used directlyor easily driven by other programs andscripts.
Ike Scan
Ike-scan is a command-line tool that usesthe IKE protocol to discover, fingerprintand test IPSec VPN servers. It is availablefor Linux, Unix, MacOS and Windowsunder the GPL license.
Nmap
Nmap ('Network Mapper') is a free opensource utility for network exploration orsecurity auditing. It was designed torapidly scan large networks, although itworks fine against single hosts.
Zenmap
Zenmap is the official Nmap SecurityScanner GUI. It is a multi-platform (Linux,Windows, Mac OS X, BSD, etc.
Onesixtyone
onesixtyone is an SNMP scanner whichutilizes a sweep technique to achieve veryhigh performance. It can scan an entireclass B network in under 13 minutes.
SuperScan 4
Powerful TCP port scanner, pinger,resolver. SuperScan 4 is an update of thehighly popular Windows port scanningtool, SuperScan
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 5/26
Autoscan
AutoScan-Network is a network scanner(discovering and managing application).No configuration is required to scan yournetwork. The main goal is to print the listof connected equipments in your network.
Knocker
Knocker is a simple and easy to use TCPsecurity port scanner written in C toanalyze hosts and all of the differentservices started on them.
Nsat
NSAT is a robust scanner which isdesigned for: Different kinds of wide-ranging scans, keeping stable for days.Scanning on multi-user boxes (localstealth and non-priority scanningoptions).
OutputPBNJ
PBNJ is a suite of tools to monitor changes
on a network over time. It does this bychecking for changes on the targetmachine(s), which includes the detailsabout the services running on them aswell as the service state.
ScanPBNJ
ScanPBNJ performs an Nmap scan andthen stores the results in a database. TheScanPBNJ stores information about themachine that has been scanned. ScanPBNJstores the IP Address, Operating System,Hostname and a localhost bit.
glypeahead
By default the Glype proxy script has fewrestrictions on what hosts/ports can beaccessed through it. In addition, the proxyscript normally displays all cURL-relatederror messages.
Unicornscan
Unicornscan is a new informationgathering and correlation engine built forand by members of the security research
and testing communities.
TCP Fast ScanA very very fast tcp port scanner for linux.Runs very quickly. Can scan a lot of hosts/ ports + ranges at a time.
Multi ThreadedTCP PortScanner 3.0
This tool could be used to scan ports ofcertain IP. It also could describe each portwith standard name (well-known andregistered ports).
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 6/26
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 7/26
single machine and a well provisionednetwork uplink, ZMap is capable ofperforming a complete scan of the IPv4address space in under 45 minutes,approaching the theoretical limit of gigabitEthernet.
subdomain-bruteforcer
Subdomain-bruteforcer is a multi-threaded python tool for enumeratingsubdomains from a dictionary file.Particularily useful for finding adminpanels or other dodgy web practices.
ircsnapshot
Ircsnapshot is a python tool that connectsa bot to a server in order to fetch users'hostmasks, names, and channelaffiliations; also supports the creation of aworld map using the scraped data. Usefulfor reconnaissance on a IRC server full ofsuspected bots. Supports SOCKS and TOR.
Top
Sniffer
Wireshark
Wireshark is used by network professionalsaround the world for troubleshooting,analysis, software and protocoldevelopment, and education.
Chaosreader
A freeware tool to trace TCP/UDP/...sessions and fetch application data fromsnoop or tcpdump logs. This is a type of"any-snarf" program, as it will fetch telnetsessions, FTP files, HTTP transfers (HTML,GIF, JPEG, ...), SMTP emails, ... from thecaptured data inside network traffic logs.
dsniff
dsniff is a collection of tools for networkauditing and penetration testing. dsniff,filesnarf, mailsnarf, msgsnarf, urlsnarf, and
webspy passively monitor a network forinteresting data.
Ettercap
Ettercap is a suite for man in the middleattacks on LAN. It features sniffing of liveconnections, content filtering on the fly andmany other interesting tricks.
NetworkMiner
NetworkMiner is a Network ForensicAnalysis Tool (NFAT) for Windows.NetworkMiner can be used as a passive
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 8/26
network sniffer/packet capturing tool inorder to detect operating systems, sessions,hostnames, open ports etc.
RawCap
RawCap is a free command line networksniffer for Windows that uses raw sockets.
Spike proxy
Not all web applications are built in the
same ways, and hence, many must beanalyzed individually. SPIKE Proxy is aprofessional-grade tool for looking forapplication-level vulnerabilities in webapplications.
Tcpdump
Tcpdump prints out the headers of packetson a network interface that match theboolean expression.
Tcpreplay
Tcpreplay is a suite of BSD licensed tools
written by Aaron Turner for UNIX (andWin32 under Cygwin) operating systemswhich gives you the ability to use previouslycaptured traffic in libpcap format to test avariety of network devices
Pirni Sniffer
Pirni is the worlds first native networksniffer for iPhone. The iPhone's wifi hassome major drawbacks in it's hardwaredesign, thus we can not properly set thedevice in promiscious mode.
Ufasoft Snif
Ufasoft Snif is a network sniffer, designedfor capturing and analysis of the packetsgoing through the network. Using thepacket driver, it requests all the packetsfrom the network card driver (even thepackets not addressed to this computer).
Top
Enumeration
dnsenum The purpose of Dnsenum is to gather as muchinformation as possible about a domain.
DumpSec SomarSoft's DumpSec is a security auditingprogram for Microsoft Windows NT/XP/200x.
LDAPBrowser
LDAP Browser is a premier WindowsExplorer-like LDAP Directory client availablefor Win32 platforms.
NBTEnum NetBIOS Enumeration Utility (NBTEnum) is a
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 9/26
utility for Windows that can be used toenumerate NetBIOS information from onehost or a range of hosts.
nbtscan
This tool that scans for open NETBIOSnameservers on a local or remote TCP/IPnetwork, and this is a first step in finding ofopen shares.
wmi client
This DCOM/WMI client implementation isbased on Samba4 sources. It uses RPC/DCOMmechanisms to interact with WMI services onWindows 2000/XP/2003 machines.
Dnsmap
Dnsmap is mainly meant to be used bypentesters during the informationgathering/enumeration phase ofinfrastructure security assessments.
Dnsrecon
I wrote this tool back in late 2006 and it hasbeen my favorite tool for enumeration thruDNS, in great part because I wrote it and itgives the output in a way that I canmanipulate it in my own style. One of thefeatures that I used the most and gave meexcellent results is the SRV recordenumeration.
Dnstracer
Dnstracer determines where a given DomainName Server (DNS) gets its information
from, and follows the chain of DNS serversback to the servers which know the data.
Top
NetworkingTools
fragroute
fragroute intercepts, modifies, and rewritesegress traffic destined for a specified host.
hping hping is a command-line oriented TCP/IP
packet assembler/analyzer.
Scapy
Scapy is a powerful interactive packetmanipulation program. It is able to forge ordecode packets of a wide number ofprotocols, send them on the wire, capturethem, match requests and replies, and muchmore.
Stunnel The stunnel program is designed to work asan SSL encryption wrapper between remote
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 10/26
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 11/26
network configurations.
AirGrab WiFiRadar
AirGrab WiFi Radar is a tool to displayinformation about Apple Airport basestations and other WiFi (802.11b/g/n)wireless access points.
AirMobile agent
Client application is downloaded in to your
PDA or Windows cellular Phone where itwill run in quite mode in the background.If the application finds a rouge accesspoint it will investigate the AP and see if itposed a direct threat to your network.
AirRadar 2
AirRadar allows you to scan for opennetworks and tag them as favourites orfilter them out. View detailed networkinformation, graph network signalstrength, and automatically join the best
open network in range.
iStumbler
iStumbler is the leading wireless discoverytool for Mac OS X, providing plugins forfinding AirPort networks, Bluetoothdevices, Bonjour services and Locationinformation with your Mac.
KisMAC
KisMAC is an open-source and freesniffer/scanner application for Mac OS X.It has an advantage over MacStumbler /
iStumbler / NetStumbler in that it usesmonitor mode and passive scanning.
WirelessMon
WirelessMon is a software tool that allowsusers to monitor the status of wirelessWiFi adapter(s) and gather informationabout nearby wireless access points andhot spots in real time.
Vistumbler
Vistumbler is a wireless network scannerwritten in AutoIT for Vista, Windows 7,and Windows 8. WiFiDB is a databasewritten in php to store Vistumbler VS1files. Keeps track of total access pointsw/gps, maps to kml, signal graphs,statistics, and more.
WaveStumbler
WaveStumbler is console based 802.11network mapper for Linux. It reports thebasic AP stuff like channel, WEP, ESSID,MAC etc.
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 12/26
Xirrus Wi-FiInspector
Xirrus Wi-Fi Inspector is a powerful toolfor managing and troubleshooting the Wi-Fi on a Windows XP SP2 or later, Vista, or7 laptop. Built in tests enable you tocharacterize the integrity and performanceof your Wi-Fi connection.
AirMagnet VoFiAnalyzer
AirMagnet VoFi Analyzer is the industry’sonly solution for troubleshooting voice-over-WLAN problems in the field. VoFiAnalyzer provides full analysis ofencrypted WLAN traffic, scoring all calls interms of call quality and proactivelyidentifying all types of problems includingphone issues, roaming issues, QoS issues,and RF.
Airpwn
Airpwn is a framework for 802.11(wireless) packet injection. Airpwn listensto incoming wireless packets, and if thedata matches a pattern specified in theconfig files, custom content is injected"spoofed" from the wireless access point.From the perspective of the wirelessclient, airpwn becomes the server.
WifiScanner
WifiScanner is a tool that has beendesigned to discover wireless node (i.eaccess point and wireless clients). It is
distributed under the GPL License. It workwith CISCO® card and prism card withhostap driver or wlan-ng driver, prism54g,Hermes/Orinoco, Atheros, Centrino, ... AnIDS system is integrated to detectanomaly like MAC usurpation.
Top
Bluetooth
Haraldscan
A Bluetooth Scanner for Linux and Mac OS X.Harald Scan is able to determine Major andMinor device class of device, as well asattempt to resolve the device's MAC addressto the largest known Bluetooth MAC addressVendor list.
FTS4BT
Frontline FTS4BT Bluetooth Protocol Analyzer.Developers and test engineers rely on FTS4BTto get them through the design, debug, test,verify, and qualification cycle.
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 13/26
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 14/26
Top
WebScanners
Arachni
Arachni is a fully automated system whichtries to enforce the fire and forget principle.As soon as a scan is started it will notbother you for anything nor require furtheruser interaction.
Burp SuiteBurp Suite is an integrated platform forperforming security testing of webapplications.
CAL9000
CAL9000 is a collection of web applicationsecurity testing tools that complement thefeature set of current web proxies andautomated scanners. CAL9000 gives you the
flexibility and functionality you need formore effective manual testing efforts.
CAT
CAT is designed to facilitate manual webapplication penetration testing for morecomplex, demanding application testingtasks.
CookieDigger
CookieDigger helps identify weak cookiegeneration and insecure implementations ofsession management by web applications.
The tool works by collecting and analyzingcookies issued by a web application formultiple users.
DIRB
DIRB is a Web Content Scanner. It looks forexisting (and/or hidden) Web Objects. Itbasically works by launching a dictionarybased attack against a web server andanalizing the response.
Fiddler
Fiddler is a Web Debugging Proxy whichlogs all HTTP(S) traffic between yourcomputer and the Internet. Fiddler allowsyou to inspect all HTTP(S) traffic, setbreakpoints, and 'fiddle' with incoming oroutgoing data.
Gamja
Gamja will find XSS(Cross site scripting) &SQL Injection weak point also URLparameter validation error. Who knows thatwhich parameter is weak parameter? Gamjawill be helpful for finding vulnerability[ XSS
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 15/26
, Validation Error , SQL Injection].
Grendel-ScanA tool for automated security scanning ofweb applications. Many features are alsopresent for manual penetration testing.
HTTrack
HTTrack is a free and easy-to-use offlinebrowser utility. It allows you to download a
World Wide Web site from the Internet to alocal directory, building recursively alldirectories, getting HTML, images, and otherfiles from the server to your computer.
LiLith
LiLith is a tool written in Perl to audit webapplications. This tool analyses webpagesand looks for html <form> tags, which oftenrefer to dynamic pages that might besubject to SQL injection or other flaws.
Nikto2
Nikto is an Open Source (GPL) web serverscanner which performs comprehensivetests against web servers for multiple items,including over 6500 potentially dangerousfiles/CGIs.
Paros
A program called 'Paros' for people whoneed to evaluate the security of their webapplications. It is free of charge andcompletely written in Java.
Powerfuzzer
Powerfuzzer is a highly automated and fullycustomizable web fuzzer (HTTP protocolbased application fuzzer) based on manyother Open Source fuzzers available andinformation gathered from numeroussecurity resources and websites.
ProxyScan.pl
proxyScan.pl is a security penetrationtesting tool to scan for hosts and portsthrough a Web proxy server. Featuresinclude various HTTP methods such as GET,CONNECT, HEAD as well as host and portranges.
Ratproxy
A semi-automated, largely passive webapplication security audit tool, optimized foran accurate and sensitive detection, andautomatic annotation, of potential problemsand security-relevant design patterns basedon the observation of existing, user-initiatedtraffic in complex web 2.0 environments.
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 16/26
ScanEx
This is a simple utility which runs againsttarget site and look for external referencesand cross domain malicious injections.There are several vulnerable sites which getmanipulated with these types of injectionsand compromised.
Scrawlr
Scrawlr, developed by the HP Web SecurityResearch Group in coordination with theMSRC, is short for SQL Injector and Crawler.Scrawlr will crawl a website whilesimultaneously analyzing the parameters ofeach individual web page for SQL Injectionvulnerabilities.
Springenwerk Springenwerk is a free Cross Site Scripting(XSS) security scanner written in Python.
Sqlmap
sqlmap is an open source penetration
testing tool that automates the process ofdetecting and exploiting SQL injection flawsand taking over of database servers.
Sqlsus sqlsus is an open source MySQL injectionand takeover tool, written in perl.
THCSSLCheck Windows tool that checks the remote sslstack for supported ciphers and version.
w3af
w3af is a Web Application Attack and AuditFramework. The project’s goal is to create aframework to help you secure your webapplications by finding and exploiting allweb application vulnerabilities.
Wapiti
Wapiti allows you to audit the security ofyour web applications. It performs "black-box" scans, i.e. it does not study the sourcecode of the application but will scans thewebpages of the deployed webapp, lookingfor scripts and forms where it can injectdata.
Webfuzzer
Webfuzzer is a tool that can be useful forboth pen testers and web masters, it's apoor man web vulnerability scanner.
WebGoat
WebGoat is a deliberately insecure J2EE webapplication maintained by OWASP designedto teach web application security lessons.
Websecurify
The Websecurify Suite is a web applicationsecurity solution designed to run entirely
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 17/26
from your web browser.
WebSlayer
WebSlayer is a tool designed forbruteforcing Web Applications, it can beused for finding not linked resources(directories, servlets, scripts, etc),bruteforce GET and POST parameters,bruteforce Forms parameters(User/Password), Fuzzing, etc. The toolshas a payload generator and a easy andpowerful results analyzer.
WhatWeb
WhatWeb identifies websites. Its goal is toanswer the question, “What is thatWebsite?”. WhatWeb recognises webtechnologies including content managementsystems (CMS), blogging platforms,statistic/analytics packages, JavaScriptlibraries, web servers, and embeddeddevices.
Wikto
Wikto is Nikto for Windows - but with acouple of fancy extra features includingFuzzy logic error code checking, a back-endminer, Google assisted directory mining andreal time HTTP request/responsemonitoring.
WSDigger
WSDigger is a free open source tooldesigned by McAfee Foundstone toautomate black-box web services securitytesting (also known as penetration testing).WSDigger is more than a tool, it is a webservices testing framework.
XSSploit
XSSploit is a multi-platform Cross-SiteScripting scanner and exploiter written inPython. It has been developed to helpdiscovery and exploitation of XSSvulnerabilities in penetration testingmissions.
Fireforce
Fireforce is a Firefox extension designed toperform brute-force attacks on GET andPOST forms. Fireforce can use dictionariesor generate passwords based on severalcharacter types.
Netsparker
Netsparker is a web application securityscanner, with support for both detection andexploitation of vulnerabilities. It aims to be
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 18/26
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 19/26
releases practical tools to sniff andcrack the password of an oracledatabase within seconds.
thc-orakelcrackert11g
OrakelCrackert is an Oracle 11gdatabase password hash cracker usinga weakness in the Oracle passwordstorage strategy. With Oracle 11g, casesensitive SHA1 based hashing isintroduced.
DBPwAudit
DBPwAudit is a Java tool that allowsyou to perform online audits ofpassword quality for several databaseengines. The application design allowsfor easy adding of additional databasedrivers by simply copying new JDBCdrivers to the jdbc directory.
MYSQLAuditPython Script for basic auditing ofcommon security misconfigurations inMySQL.
sqlininja
sqlininja exploits web applications thatuse Microsoft SQL Server as a databasebackend. Its focus is on getting arunning shell on the remote host.sqlninja doesn't find an SQL injection inthe first place, but automates theexploitation process once one has beendiscovered.
GreenSql
GreenSQL is an Open Source databasefirewall used to protect databases fromSQL injection attacks. GreenSQL worksas a proxy and has built in support forMySQL and PostgreSQL.
Top
Vuln Scanners
MetasploitFramework
The Metasploit Framework is an advancedopen-source platform for developing,testing, and using exploit code.
OpenVAS
OpenVAS is a framework of severalservices and tools offering acomprehensive and powerful vulnerabilityscanning and vulnerability managementsolution.
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 20/26
Nessus
Nessus detects, scans, and profilesnumerous devices and resources toincrease security and compliance acrossyour network.
Porkbind
Porkbind is a multi-threaded nameserverscanner that can recursively querynameservers of subdomains for versionstrings. (i.e. sub.host.dom's nameserversthen host.dom's nameservers)
Canvas
Immunity's CANVAS makes availablehundreds of exploits, an automatedexploitation system, and a comprehensive,reliable exploit development framework topenetration testers and securityprofessionals worldwide.
Social-EngineerToolkit (SET)
The Social-Engineer Toolkit (SET) is
specifically designed to perform advancedattacks against the human element. SETwas designed to be released with thehttp://www.social-engineer.org launchand has quickly became a standard tool in apenetration testers arsenal.
Acunetix
Acunetix web vulnerability scanner is a tooldesigned to discover security holes in yourweb applications that an at-tacker wouldlikely abuse to gain illicit access to yoursystems and data. It looks for multiplevulnerabilities includingSQL injection, crosssite scripting, and weak passwords.
RIPS
RIPS is a tool written in PHP to findvulnerabilities in PHP applications usingstatic code analysis.
Rapid7NeXpose
Rapid7 NeXpose is a vulnerability scannerwhich aims to support the entirevulnerability management lifecycle,
including discovery, detection, verification,risk classification, impact analysis,reporting and mitigation. It integrates withRapid7's Metasploit for vulnerabilityexploitation
VulnDetector
VulnDetector is a project aimed to scan awebsite and detect various web basedsecurity vulnerabilities in the website.Currently, VulnDetector can detect Cross
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 21/26
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 22/26
(DVWA) aid for security professionals to test theirskills and tools in a legal environment,help web developers better understandthe processes of securing webapplications and aid teachers/students toteach/learn web application security in aclass room environment.
DamnVulnerable Linux
Damn Vulnerable Linux (DVL) iseverything a good Linux distributionisn’t. Its developers have spent hoursstuffing it with broken, ill-configured,outdated, and exploitable software thatmakes it vulnerable to attacks. DVL isn’tbuilt to run on your desktop – it’s alearning tool for security students
Metasploitable
Metasploitable is an intentionallyvulnerable Linux virtual machine. ThisVM can be used to conduct securitytraining, test security tools, and practicecommon penetration testing techniques.
Kioptrix
This Kioptrix VM Image are easychallenges. The object of the game is toacquire root access via any meanspossible (except actually hacking the VMserver or player). The purpose of thesegames are to learn the basic tools and
techniques in vulnerability assessmentand exploitation.
HoneyDrive
HoneyDrive is a virtual appliance (OVA)with Xubuntu Desktop 12.04 32-bitedition installed. It contains varioushoneypot software packages such asKippo SSH honeypot, Dionaea malwarehoneypot, Honeyd low-interactionhoneypot, Glastopf web honeypot alongwith Wordpot, Thug honeyclient and
more.
Badstore
Badstore.net is dedicated to helping youunderstand how hackers prey on Webapplication vulnerabilities, and toshowing you how to reduce yourexposure.
OWASP InsecureWeb App Project
InsecureWebApp is a web applicationthat includes common web applicationvulnerabilities. It is a target for
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 23/26
automated and manual penetrationtesting, source code analysis,vulnerability assessments and threatmodeling.
VulnApp
VulnApp, is a BSD licensed ASP.netapplication implementing some of themost common applications we comeacross on our penetration testingengagements.
OWASP Vicnum
Vicnum is an OWASP project consistingof vulnerable web applications based ongames commonly used to kill time. Theseapplications demonstrate common websecurity problems such as cross sitescripting, sql injections, and sessionmanagement issues.
OWASP BrokenWebApplicationsProject
The Broken Web Applications (BWA)Project produces a Virtual Machinerunning a variety of applications withknown vulnerabilities
LAMPSecurity
LAMPSecurity training is designed to be aseries of vulnerable virtual machineimages along with complementarydocumentation designed to teachlinux,apache,php,mysql security.
Virtual HackingLab
A mirror of deliberately insecureapplications and old softwares withknown vulnerabilities. Used for proof-of-concept /security training/learningpurposes. Available in either virtualimages or live iso or standalone formats.
WAVSEP
The Web Application VulnerabilityScanner Evaluation Project, is avulnerable web application designed tohelp assessing the features, quality and
accuracy of web application vulnerabilityscanners. This evaluation platformcontains a collection of unique vulnerableweb pages that can be used to test thevarious properties of web applicationscanners.
Moth
Moth is a VMware image with a set ofvulnerable Web Applications and scripts,that you may use for, testing Web
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 24/26
Application Security Scanners, testingStatic Code Analysis tools (SCA), givingan introductory course to WebApplication Security
SecuriBench
Stanford SecuriBench is a set of opensource real-life programs to be used as atesting ground for static and dynamicsecurity tools. Release .91a focuses onWeb-based applications written in Java.
NETinVM
NETinVM is a single VMware orVirtualBox virtual machine image thatcontains, ready to run, a series of User-mode Linux (UML) virtual machineswhich, when started, conform a wholecomputer network inside the VMware orVirtualBox virtual machine.
Top
Live CD
BackTrack
BackTrack is a Linux-based penetrationtesting arsenal that aids securityprofessionals in the ability to performassessments in a purely native environmentdedicated to hacking.
Kali Linux
Kali Linux (formerly known as BackTrack) is
a Debian-based distribution with a collectionof security and forensics tools. It featurestimely security updates, support for the ARMarchitecture, a choice of four populardesktop environments, and seamlessupgrades to newer versions.
BackBox
BackBox is a Linux distribution based onUbuntu. It has been developed to performpenetration tests and security assessments.Designed to be fast, easy to use and provide
a minimal yet complete desktopenvironment, thanks to its own softwarerepositories, always being updated to thelatest stable version of the most used andbest known ethical hacking tools.
Samurai
The Samurai Web Testing Framework is alive linux environment that has been pre-configured to function as a web pen-testingenvironment. The CD contains the best of
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 25/26
8/9/2019 Hacking Tools Repository.pdf
http://slidepdf.com/reader/full/hacking-tools-repositorypdf 26/26
repository is compatible with existing Archinstalls.
Tophttp://gexos.github.io/Hacking-Tools-Repository/
Pastebin Alternatives
http://gist.github.com/
http://dpaste.org/
http://fpaste.org/
http://codepad.org/
http://pastie.org/
http://jsfiddle.net/
http://rafb.me/
http://ideone.com/
http://tinypaste.com/
http://i2p2.de
http://paste.pocoo.org/