METASPLOIT FRAMEWORK :-  

Saturday, October 24, 2009

Hack the Planet

Metasploit took the security world by storm when it was released in 2004. No other new tool even broke into the top 15 of this list, yet Metasploit comes in at #5, ahead of many well-loved tools that have been developed for more than a decade. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their online exploit building demo. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. Similar professional exploitation tools, such as Core Impact and Canvas already existed for wealthy users on all sides of the ethical spectrum. Metasploit simply brought this capability to the masses.

DOWNLOAD

CLICK Here:-METASPLOIT FRAMEWORK

AddThis Social Bookmark Button


RUSSIA BLAMED WITH CYBERATTACK ON POLAND  

Leaked details by the Polish newspaper Rzeczpospolita indicate a large but unsuccessful attack on Polish Government systems which originated in Russia last month.The details indicate that the attack coincided with the 70th anniversary of the outbreak of World War Two and was coordinated at the same time when Russian President Vladimir Putin visited Poland.
The attack might have been referenced to the anniversary of infamous invasion of Poland by Nazi Germany and the Soviet Union on September 1939 under the secret terms of the Molotov–Ribbentrop non-aggression pact,however its still unclear as actual reason have not surfaced..yet.
Russia has been in news as the disputes between Russia and its neighbors have made their way over the Internet in recent years. and For example, Russian Hackers have been quite nefarious over cyberattacks at Georgia last year and security researchers subsequently blamed the attacks on civilians and Russian cyber-crime gangs.
The Internet infrastructure of Estonia was ripped apart in April 2007, following a dispute over the relocation of Soviet-era war memorials and graves.

AddThis Social Bookmark Button


SECURITY TOOL  

Tuesday, June 9, 2009

RPCScan v2.03

RPCScan v2.03 is a Windows based detection and analysis utility that can quickly and accurately identify Microsoft operating systems that are vulnerable to the multiple buffer overflow vulnerabilities released in the MS03-026 and MS03-039 bulletins.
RPCScan v2.03 is intended for use by enterprise system and network administrators as a fast and reliable utility for identifying at risk Microsoft systems in a passive manner. This tool is non-abrasive in nature and may be run in production environments during production hours.

DIRE v1.0

The ability to register applications that can then be automatically initiated by Windows is a powerful feature today that enhances the end user’s experience and furthermore enables system administrators to exert complete control over the machines in their environment. However, attackers can target these same systems by exploiting ‘insecurely registered applications’ on target systems. Foundstone has released a free tool called Foundstone DIRE, which allows users/system administrators to identify “insecurely registered applications” on their systems.

CIScan v1.0

CIScan is intended for use by system and network administrators as a fast and reliable utility for identifying potentially at risk Cisco devices in a passive manner. This tool may be run in production environments during production hours.

AddThis Social Bookmark Button


SECURITY LINUX  

Lynis 1.2.6

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems. It can [...]




BackTrack

The Remote Exploit Development Team is happy to announce the release of BackTrack 4 Beta. In this latest version of BackTrack 4 there have been some conceptual changed and some new and exciting features. The most significant of these changes is the expansion from the realm of a Pentesting LiveCD towards a full blown “Distribution”.Now [...]




Lynis - Security

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
This is a tool that might be useful for both penetration testers performing white box tests and system admins trying to secure their own systems.






AddThis Social Bookmark Button


SECURITY FORENSICS  

Monday, June 8, 2009

ScreenStamp

ScreenStamp! is basically a screen grabbing application for pen-testing and people working in forensics. The app will ask you for a location to save your screen shots to, along with a name that the program will number, allowing the user to concentrate on the job at hand as opposed to saving screen shots.




DShield Web Honeypot Project

For those of you who are not familiar with DShield (where have you been? under a rock?) it’s a Cooperative Network Security Community. Basically what that means is they collect firewall logs and map out the trends.Like when there was a worm going around that bruteforced SSH2 you could see a spike in port 22 [...]





Maltego

Maltego is an open source intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way.Coupled with its graphing libraries, Maltego, allows you to identify key relationships between information and identify previously unknown relationships between them. It is a must-have tool [...]


AddThis Social Bookmark Button


WEB HACKING TOOL  

Web Hacking

WWWhack is a brute force utility that will try to crack web sites guarded by an web access password. This utility can use a word file or try all possible combinations, and by trial-and-error, will attempt to find a combination of username/password that is accepted by the web server.





Fierce Domain Scanner

Fierce domain scan was born out of personal frustration after performing a web application security audit. It is traditionally very difficult to discover large swaths of a corporate network that is non-contiguous. It’s terribly easy to run a scanner against an IP range, but if the IP ranges are nowhere near one another you can [...]




AddThis Social Bookmark Button


DATABASE HACKING  

Pangolin

Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.





sqlmap 0.6.3

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more..

AddThis Social Bookmark Button


SECURITY PORT SCANNER  

Unicornscan

Not your mother's port scannerUnicornscan is an attempt at a User-land Distributed TCP/IP stack for information gathering and correlation. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Some of its features include asynchronous stateless TCP scanning with all variations of TCP flags, asynchronous stateless TCP banner grabbing, and active/passive remote OS, application, and component identification by analyzing responses. Like Scanrand, it isn't for the faint of heart.





Scanrand

An unusually fast stateless network service and topology discovery systemScanrand is a stateless host-discovery and port-scanner similar in design to Unicornscan. It trades off reliability for amazingly fast speeds and uses cryptographic techniques to prevent attackers from manipulating scan results. This utility is a part of a software package called Paketto Keiretsu, which was written by Dan Kaminsky. Scanrand and Paketto are no longer actively maintained, but the latest released version can still be found at DoxPara.Com.












AddThis Social Bookmark Button


SECURITY WIRELESS TOOLS  

Friday, June 5, 2009

NetStumbler


Free Windows 802.11 Sniffer
Netstumbler is the best known Windows tool for finding open wireless access points ("wardriving"). They also distribute a WinCE version for PDAs and such named Ministumbler. The tool is currently free but Windows-only and no source code is provided. It uses a more active approach to finding WAPs than passive sniffers such as Kismet or KisMAC.






Aircrack




The fastest available WEP/WPA cracking tool
Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files).






Airsnort




WEP Encryption Cracking Tool
AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. It was developed by the Shmoo Group and operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. You may also be interested in the similar Aircrack.





Wep0ff

Wep0ff is new tool to crack WEP-key without access to AP by mount fake access point attack against WEP-based wireless clients.
It uses combination of fragmentation and evil twin attacks to generatetraffic which can be used for KoreK-style WEP-key recovery.
This tool can be used to mount fake access point attack against WEP-based wireless clients





WEPBuster

The main part of this is the autonomous nature of the toolkit, it can crack all access points within the range in one go. Other than the the features would be those found in aircrack-ng.

AddThis Social Bookmark Button


FIREWALLS SECURITY  

Netfilter


The current Linux kernel packet filter/firewall
Netfilter is a powerful packet filter implemented in the standard Linux kernel. The userspace iptables tool is used for configuration. It now supports packet filtering (stateless or stateful), all kinds of network address and port translation (NAT/NAPT), and multiple API layers for 3rd party extensions. It includes many different modules for handling unruly protocols such as FTP. For other UNIX platforms, see Openbsd PF (OpenBSD specific), or IP Filter. Many personal firewalls are available for Windows (Tiny,Zone Alarm, Norton, Kerio, ...), though none made this list. Microsoft included a very basic firewall in Windows XP SP2, and will nag you incessantly until you install it.





Openbsd PF


The OpenBSD Packet Filter
Like Netfilter and IP Filter on other platforms, OpenBSD users love PF, their firewall tool. It handles network address translation, normalizing TCP/IP traffic, providing bandwidth control, and packet prioritization. It also offers some eccentric features, such as passive OS detection. Coming from the same guys who created OpenBSD, you can trust that it has been well audited and coded to avoid the sort of security holes we have seen in other packet filters.






IP Filter


ortable UNIX Packet Filter
IP Filter is a software package that can be used to provide network address translation (NAT) or firewall services. It can either be used as a loadable kernel module or incorporated into your UNIX kernel; use as a loadable kernel module where possible is highly recommended. Scripts are provided to install and patch system files, as required. IP Filter is distributed with FreeBSD, NetBSD, and Solaris. OpenBSD users should see Openbsd PF and Linux users Netfilter.



AddThis Social Bookmark Button


INTRUSION DETECTION/PREVENTION  

Sunday, May 31, 2009

Snort

Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plugin architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba’s smbclient.
Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion prevention system.





Burp intruder

Burp intruder is a tool to facilitate automated attacks against web-enabled applications. It is not a point-and-click tool: using burp intruder effectively requires a detailed knowledge of the target application, and an understanding of the HTTP protocol.

Burp intruder is highly configurable and can be used to automate a wide range of attacks against applications, including testing for common web application vulnerabilities such as SQL injection, cross-site scripting, buffer overflows and directory traversal; brute force attacks against authentication schemes; enumeration; parameter manipulation; trawling for hidden content and functionality; session token sequencing and session hijacking; data mining; concurrency attacks; and application-layer denial-of-service attacks.

AddThis Social Bookmark Button


SECURITY-SCANNER  

Cerberus Internet Scanner

Cerberus is one of the most popular Windows NT and 2000 security scanners. The automatically-generated reports, which provide the user with information on which settings are potentially dangerous and how they can be changed, are extremely valuable. Cerberus is user-friendly and carries out about 300 scans.



LANguard Network Scanner
LANguard Network Scanner is a Freeware security scanner for networks. It searches the network for hosts, shares and user names. Amongst many other functions it recognizes operating systems, as well as registry problems and tests password security. The scanner also provides comprehensive reports in HTML format on request.

AddThis Social Bookmark Button


ENCRYPTION TOOLS  

Saturday, May 30, 2009

GnuPG / PGP

Secure your files and communication w/advanced encryptionPGP is the famous encryption program by Phil Zimmerman which helps secure your data from eavesdroppers and other risks. GnuPG is a very well-regarded open source implementation of the PGP standard (the actual executable is named gpg). While GnuPG is always free, PGP costs money for some uses.





A general-purpose SSL cryptographic wrapperThe stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries.



The premier SSL/TLS encryption libraryThe OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.






AddThis Social Bookmark Button


SECURITY-ORIENTES OPERATING SYSTEMS  

Sunday, May 17, 2009

BACK TRACK

An Innovative Penetration Testing live Linux distribution
This excellent boot able live-CD Linux distribution comes from the merger of Whax and Auditor. It boasts a huge variety of Security and Forensics tools and provides a rich development environment. User modularity is emphasized so the distribution can be easily customized by the user to include personal scripts, additional tools, customized kernels, etc.



KNOPPIX

A general-purpose boot able live system on CD or DVD
Knoppix consists of a representative collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux system for the desktop, educational CD, rescue system, or as many nmap survey takers attest, a portable security tool. For a security-specific Linux distribution see Back Track .
Please Download this File Only Open in Utorrent Software
Download Torrent Software

OPENBSD

The Proactively Secure Operating System
OpenBSD is one of the only operating systems to treat security as their very highest priority. Even higher than usability in some cases. But their enviable security record speaks for itself. They also focus on stability and fight to obtain documentation for the hardware they wish to support. Perhaps their greatest achievement was creating OpenSSH. OpenBSD users also love [pf], their firewall tool.



HELIX

A Linux Distribution with Computer Forensics in Mind
Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized Linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics. Helix has been designed very carefully to NOT touch the host computer in any way and it is forensically sound. Helix will not auto mount swap space, or auto mount any attached devices. Helix also has a special Windows autorun side for Incident Response and Forensics
Please Download this File Only Open in Utorrent Software
Download Torrent Software

BASTILLE

Security hardening script for Linux, Mac OS X, and HP-UX
The Bastille Hardening program "locks down" an operating system, proactively configuring the system for increased security and decreasing its susceptibility to compromise. Bastille can also assess a system's current state of hardening, granularly reporting on each of the security settings with which it works. Bastille currently supports the Red Hat (Fedora Core, Enterprise, and Numbered/Classic), SUSE, Debian, Gentoo, and Mandrake distributions, along with HP-UX and Mac OS X. Bastille's focuses on letting the system's user/administrator choose exactly how to harden the operating system. In its default hardening mode, it interactively asks the user questions, explains the topics of those questions, and builds a policy based on the user's answers. It then applies the policy to the system. In its assessment mode, it builds a report intended to teach the user about available security settings as well as inform the user as to which settings have been tightened.

AddThis Social Bookmark Button


 

Design by Amanda @ Blogger Buster