In this section we will see the most powerful and used tools.
Web And Mobile Application Security Training Platform OWASP Security Shepherd The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices Read more…
Nozes Nozes is a Pentest cmd manager. You can automate your pentest attacks in one click and get results… Read the docs: https://github.com/CoolerVoid/nozes/blob/master/doc/nozes_apresentation1.pdf How to Install Need: * httpd server with TLS/SSL * SQLite3 * php5 and php5-sqlite and PDO driver of sqlite I test at nginx + php + Read more…
Analysing and Responding to Cyber Attacks Cyberprobe is a distributed software architecture for monitoring of networks against attack. It consists of two components: cyberprobe, which collects data packets and forwards them over a network in standard streaming protocols; and cybermon which decodes protocols, and invokes user-defined logic on the decoded Read more…
The Port Scan Attack Detector (PSAD) is a lightweight system daemon that is designed to work with Linux iptables/firewall code to discover suspicious traffic such as port scans, backdoors, botnet command and control communications, and more. It includes a set of vastly configurable danger thresholds, long-winded alert messages that comprise Read more…
A Tool To Bypass CloudFlare For Identify Real IP Address HatCloud build in Ruby. It makes bypass in CloudFlare for discover real IP. This can be useful if you need test your server and website. Testing your protection against Ddos (Denial of Service) or Dos. CloudFlare is services and distributed domain Read more…
Angry IP Scanner is a cross-platform lightweight program that can scan IP addresses and their ports. It can determine the IP status, hostname, MAC address, NetBIOS information, MAC vendor, HTTP sender, and the TTL (Time-to-live). You can also extend the program’s functionality by using plugins (anyone who can write java code can create Read more…
Find SQL Injection What is python_gdork_sqli? python_gdork_sqli is a python script is developed to show, how many vulnerables websites, which are laying around on the web. The main focus of the script is to generate a list of vuln urls. Please use the script with causing and alert the webadmins Read more…
Finding open shares is useful to a penetration tester because there may be private files shared, or, if it’s writable, it could be a good place to drop a Trojan or to infect a file that’s already there. Knowing where the share is could make those kinds of tests more Read more…
What is BeEF? BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment Read more…
This tutorial assumes that you already know your way around the basics of metasploit, bettercap and beef. Versions used: – Bettercap v1.5.8 – Metasploit msfconsole 4.12.41-dev – BeeF 0.4.7.0-alpha Objective: The objective is to create a hook.js address in beef and inject it in any machine inside your LAN without the Read more…