SOLDIERX.COM Nobody Can Stop Information Insemination

Just what is stated. A HUGE dictionary file I found while surfing the interwebs.

NetBIOS Enumeration Utility (NBTEnum) is a utility for Windows that can be used to enumerate NetBIOS information from one host or a range of hosts. The enumerated information includes the network transports, NetBIOS name, account lockout threshold, logged on users, local groups and users, global groups and users, and shares.

If run under the context of a valid user account additional information is enumerated including operating system information, services, installed programs, Auto Admin Logon information and encrypted WinVNC/RealVNC passwords. This utility will also perform password checking with the use of a dictionary file. Runs on Windows NT 4.0/2000/XP/2003. PERL source included.

Examples :

* nbtenum -q 192.168.1.1 - Enumerates NetBIOS information on host 192.168.1.1 as the null user.
* nbtenum -q 192.168.1.1 johndoe "" - Enumerates NetBIOS information on host 192.168.1.1 as user "johndoe" with a blank password.
* nbtenum -a iprange.txt - Enumerates NetBIOS information on all hosts specified in the iprange.txt input file as the null user and checks each user account for blank passwords and passwords the same as the username in lower case.
* nbtenum -s iprange.txt dict.txt - Enumerates NetBIOS information on all hosts specified in the iprange.txt
input file as the null user and checks each user account for blank passwords and passwords the same as the username in lower case and all passwords specified in dict.txt if the account lockout threshold is 0.

This is a keylogger which can log all keystrokes, is case-sensitive and supports all standard keys. It has been written in vb, uses the GetAsyncKeyState API call and doesn't need any other dll or ocx file(only the standard vb6 dlls). It restarts when you start windows (modifies the registry) and can be started/stopped anytime by using key combinations.

keimpx is an open source tool, released under a modified version of Apache License 1.1.

It can be used to quickly check for the usefulness of credentials across a network over SMB. Credentials can be:

* Combination of user / plain-text password.
* Combination of user / NTLM hash.
* Combination of user / NTLM logon session token.

If any valid credentials has been discovered across the network after its attack phase, the user is asked to choose which host to connect to and which valid credentials to use, then he will be prompted with an interactive SMB shell where the user can:

* Spawn an interactive command prompt.
* Navigate through the remote SMB shares: list, upload, download files, create, remove files, etc.
* Deploy and undeploy his own service, for instance, a backdoor listening on a TCP port for incoming connections.
* List users details, domains and password policy.

Hydra is a tool that can guess/crack valid login/password pairs extremely quickly. It supports a great deal of protocols. Variant exist both for Windows and Unix.

Currently Hydra supports attack against the following services:

TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, RSH, RLOGIN, CVS,

SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP2, LDAP3, Postgres,

Teamspeak, Cisco auth, Cisco enable, LDAP2, Cisco AAA

Installation:

./configure

make

make install

Pre-requisites:

libssh2

libssh2.so may need to be linked from its installed location to /lib so Hydra detects it when trying to crack ssh.

creddump is a python tool to extract various credentials and secrets from Windows registry hives. It currently extracts:

* LM and NT hashes (SYSKEY protected)
* Cached domain passwords
* LSA secrets

It essentially performs all the functions that bkhive/samdump2, cachedump, and lsadump2 do, but in a platform-independent way.

It is also the first tool that does all of these things in an offline way (actually, Cain & Abel does, but is not open source and is only available on Windows).

What this tool does, although numerous online resources are available, is enable you to submit MD5 and other hashes to be cracked. This & other tools also exist that allow submission of hashes to multiple resources simultaneously in the hope you will obtain the requisite match to allow you to log in with the broken password.

Simple password cracker that attempts to crack password hashes ( md5, sha1, sha256, sha384, sha512) against any given wordlist.
Pre-requisites: Python

YAPS is short for "Yet Another Port Scanner", and this is exactly what it is. In fact, Yaps is a very basic but small and fast TCP/IP port scanner with little configuration options and a fairly plain interface. You can soecify the IP range as well as the port range to scan and the program will display a list of all open ports found, including details.

This is a tool for security researchers. It allows you to search for either an IP address or a DNS name and display all associated domain names known to Bing.

* If a specific IP address is searched, all domain records associated with that address are displayed
* If a DNS name is searched, all domain records associated with all addresses returned for that DNS name are displayed (this case is shown in the screenshot below)

Two separate self-contained versions of the tool are available: command-line-based and GUI-based. The GUI version can be spawned directly from the browser - no installation or additional files are required - just click on the link in Downloads and select Run.

Both versions require the .NET Framework 3.5.