Web

Anything related to websites

Evil foca

Evil Foca is a tool for security pen testers and auditors whose purpose it is to test security in IPv4 and IPv6 data networks.
The tool is capable of carrying out various attacks such as:

MITM over IPv4 networks with ARP Spoofing and DHCP ACK Injection.
MITM on IPv6 networks with Neighbor Advertisement Spoofing, SLAAC attack, fake DHCPv6.
DoS (Denial of Service) on IPv4 networks with ARP Spoofing.
DoS (Denial of Service) on IPv6 networks with SLAAC DoS.
DNS Hijacking.
The software automatically scans the networks and identifies all devices and their respective network interfaces, specifying their IPv4 and IPv6 addresses as well as the physical addresses through a convenient and intuitive interface.

Spiderfoot

SpiderFoot
SpiderFoot is an open source intelligence automation tool. Its goal is to automate the process of gathering intelligence about a given target.

Purpose
There are three main areas where SpiderFoot can be useful:

If you are a pen-tester, SpiderFoot will automate the reconnaissance stage of the test, giving you a rich set of data to help you pin-point areas of focus for the test.

Understand what your network/organization is openly exposing to the outside world. Such information in the wrong hands could be a significant risk.

SpiderFoot can also be used to gather threat intelligence about suspected malicious IPs you might be seeing in your logs or have obtained via threat intelligence data feeds.

webpwdchk

Nice tool for checking all the URLs in an input text file and scanning them sequentially. Its primary purpose is to verify if the username and password for a website are valid but can also check if pages exist or not.

ICMPInfo 0.2

A tool that uses ICMP type 13 (timestamp RFC792) and 17 (netmask RFC950) for retrieving the current time and the net-mask of a remote host.

hosts file/list DNS checker 0.1

tool which checks if the host names listed in a file or contained in a hosts file can be resolved or not. Supports multi-threading, logging, delay between each query and allows to choose the type of primary query (A record by default) and a backup one in case the first fails (for example A and then NS)

Kismet

WHAT IS KISMET?
Kismet is a wireless network detector, sniffer, and intrusion detection system. Kismet works predominately with Wi-Fi (IEEE 802.11) networks, but can be expanded via plug-ins to handle other network types.

FEATURES
802.11 sniffing
Standard PCAP logging (compatible with Wireshark, TCPDump, etc)
Client/Server modular architecture
Plug-in architecture to expand core features
Multiple capture source support
Live export of packets to other tools via tun/tap virtual interfaces
Distributed remote sniffing via light-weight remote capture
XML output for integration with other tools

Samurai Web Testing Framework

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.

Bees with Machine Guns

utility for arming (creating) many bees (micro EC2 instances) to attack (load test) targets (web applications).

Dependencies:
Python 2.6
boto
paramiko

wifiphisher

Wifiphisher is a security tool that mounts automated phishing attacks against WiFi networks in order to obtain secret passphrases or other credentials. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages or WPA/WPA2 secret passphrases.Wifiphisher works on Kali Linux and is licensed under the GPL license.

Requirements:
Kali Linux.
Two wireless network adapters; one capable of injection.

WebSeekurity

INTRODUCTION

WebSeekurity is a multi-platform tool that can be used to assess the security of Web applications that interact with a server via AMF/SOAP over HTTP. In particular, Adobe Flex applications can be audited thanks to this software.The tool acts as a client that can be used to communicate with the backend server to test. It enables to send requests to this server and to receive the corresponding responses. WebSeekurity attempts to discover and identify potential server-side vulnerabilities: weak authentication and authorization mechanisms, information leakage, vulnerability to SQL injections, etc.Several modes are proposed: Manual, Automatic and Fuzzing. The Manual mode enables to create a request from scratch. The Automatic mode is used to discover the services and methods made available by the application in an automated manner. Finally, fuzzing can be performed thanks to the last mode.WebSeekurity is released under the GNU GPLv2 license.

REQUIREMENTS:
Python 2.7 (not compatible with Python 3.0 or greater)
PyAMF
SOAPpy
pyparsing
Tcl-Tk

Syndicate content