SniffJoke is an application for Linux that handle transparently your TCP connection, delaying, modifying and injecting fake packets inside your transmission, make them almost impossible to be correctly read by a passive wiretapping technology (IDS or sniffer). An Internet client running SniffJoke injects in the transmission flow some packets able to seriously disturb passive analysis [...]
SIPVicious Tool Suite v0.2.6 – SIP/VoIP Security Auditing Tool
SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. Why the name? Because the tools are not exactly the nicest thing on earth next to a SIP device. And the play on the sound seems to work. As an extra bonus, it rhymes with the name of [...]
BackTrack 5 Released – The Most Advanced Linux Security Distribution & LiveCD
We have of course been following BackTrack since the very early days, way back in 2006 when it was just known as BackTrack – A merger between WHAX and Auditor. They’ve come a long way and BackTrack is now a very polished and well rounded security distro, most of the others have dropped off the [...]
peepdf – Analyze & Modify PDF Files
peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. [...]
OWASP Hatkit Proxy Project – HTTP/TCP Intercepting Proxy Tool
The primary purpose of the Hatkit Proxy is to create a minimal, lightweight proxy which stores traffic into an offline storage where further analysis can be performed, i.e. all kinds of analysis which is currently implemented by the proxies themselves (WebScarab/Burp/Paros etc). Also, since the http traffic is stored in a MongoDB, the traffic is [...]
SearchDiggity – GUI Front-End For GoogleDiggity & BingDiggity
The Google Hacking Diggity Project is a research and development initiative dedicated to investigating the latest techniques that leverage search engines, such as Google and Bing, to quickly identify vulnerable systems and sensitive data in corporate networks. SearchDiggity is a new GUI application that serves as a front-end to both GoogleDiggity and BingDiggity. GoogleDiggity With [...]
sqlmap 0.9 Released – Automatic Blind SQL Injection Tool
It’s been a while since we’ve written about sqlmap, the last time was when 0.7 was released back in July 2009 – sqlmap 0.7 Released – Automatic SQL Injection Tool. Well sqlmap 0.9 has been released and has a considerable amount of changes including an almost entirely re-written SQL Injection detection engine. For those that [...]
RawCap – Free Command Line Packet/Network Sniffer For Windows (Raw Sockets)
RawCap is a free command line network sniffer for Windows that uses raw sockets. Features Can sniff any interface that has got an IP address, including 127.0.0.1 (localhost/loopback) RawCap.exe is just 17 kB No external libraries or DLL’s needed other than .NET Framework 2.0 No installation required, just download RawCap.exe and sniff Can sniff most [...]
DRIL – Domain Reverse IP Lookup Tool
DRIL (Domain Reverse IP Lookup) Tool is a Reverse Domain Tool that will really be useful for penetration testers to find out the domain names which are listed in the the target host, DRIL is a GUI, JAVA based application which uses a Bing API key. DRIL has a simple user friendly interface which will [...]
Wappalyzer – Web Technology Identifier (Identify CMS, JavaScript etc.)
Wappalyzer is an add-on for Firefox that uncovers the technologies used on websites. It detects CMS and e-commerce systems, message boards, JavaScript frameworks, hosting panels, analytics tools and several more. The company behind Wappalyzer also collects information about web based software to create publicly available statistics, revealing their growth over time and popularity compared to [...]