Sunday, October 6, 2013

TOP 15 HACKING/CRACKING TOOLS 2013

1. PWN STAR

A bash script to launch the AP, can be configured with a variety of attack options. Including a php script and server index.html, for phishing. Can act as a multi-client captive portal using php and iptables. Exploitation classics such as crime-PDF, De-auth with aireplay, etc..

[Image: PwnSTARscreenshot.png]

General Features:
Managing Interfaces and MAC Spoofing
Set sniffing
Phishing Web
Karmetasploit
WPA handshake
De-auth client
Managing Iptables


Download Pwn-Star Here

2. ZED ATTACK PROXY (ZAP)

(ZAP) is an integrated penetration testing tool for finding vulnerabilities in web applications. This tool is designed for use by people with a variety of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to the toolbox tester.

[Image: zap1-3historyfilter.jpg]

Key Features:
Intercepting Proxy
Active scanners
Passive scanners
Brute Force scanner
Spider
Fuzzer
Port Scanner
Dynamic SSL certificates
API
Beanshell integration


Download ZAP Here

3. SET (SOCIAL ENGINEERING TOOLKIT)

Tools that focus on attacking the human element of weakness and inadvertence. This tool is widely used today and is one of the most successful tools demonstrated at Defcon.

[Image: Set-Box_2.png]

Key Features:
Spear-Phishing Attack Vector
Java Applet Attack Vector
Metasploit Browser Exploit Method
Credential Harvester Attack Method
Tabnabbing Attack Method
Man Left in the Middle Attack Method
Web Jacking Attack Method
Multi-Attack Web Vector
Infectious Media Generator
Teensy USB HID Attack Vector


Download SET Here


4. BURP SUITE

Burp Suite is a very nice tool for web application security testing. This tool is great for pentester and security researchers. It contains a variety of tools with many interfaces between them designed to facilitate and accelerate the process of web application attacks.

[Image: scanner.png]

General Function:
Interception proxies
Radar and spiders crawling
Webapps scanner
Tool assault
Repeater and sequencer tools


Download Burp Suit Here

5. ETTERCAP


Ettercap is a multipurpose sniffer / interceptor / logger for Local Area Network . It supports active and passive dissection of many protocols (even in code) and includes many feature for network and host analysis.

[Image: Ettercap_2.jpg]

General Function:
To capture traffic and data
To do logging network
Etc.


Download Ettercap Here

6. SANS INVESTIGATIVE FORENSIC TOOLKIT (SIFT)

The SANS Investigative Forensic Toolkit (SIFT) Workstation is a VMware Appliance that can be configured with all the requirements to perform a detailed digital forensic. Compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The new version has been completely rebuilt on the Ubuntu base with many additional tools and capabilities that are used in modern forensic technology.

[Image: SANS+Investigative+Forensic+Toolkit+2.14+Released.jpg]

General Function :
iPhone, Blackberry, and Android Forensic Capabilities
Registry Viewer (YARU)
Compatibility with F-Response Tactical, Standard, and Enterprise
PTK 2.0 (Special Release - Not Available for Download)
Automated Generation Timeline via log2timeline
Many Firefox Investigative Tools
Windows Journal Parser and Shellbags Parser (jp and sbag)
Many Windows Analysis Utilities (prefetch, usbstor, event logs, and more)
Complete Overhaul of Regripper Plugins (added over 80 additional plugins)


Download SIFT Here


7. WIRESHARK


Wireshark is the most widely used and most popular in the world the protocol analyzer, and is the de facto standard across many industries and educational institutions to analyze the network in different protocol.

Image has been scaled down 18% (700x518). Click this bar to view original image (845x625). Click image to open in new window.
[Image: ws-main.png]


General Function:
Live capture and offline analysis
Standard three-pane packet browser
Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
Captured data network can be browsed via a GUI, or via the TTY-mode tshark utility
The most powerful display filters in the industry
Rich VoIP analysis
Read / write many different capture file formats
Etc.


Download wireshark Here


8. WEBSPLOIT


WebSploit is an Open Source Project for Remote Scan and Analysis System of the weaknesses in web applications.

[Image: WebSploit+Framework+2.0.3+with+Wifi+Jammer.jpg]


Key Features: 
[>] Social Engineering Works
[>] Scan, Web Crawler & Analysis
[>] Automatic Exploiter
[>] Support Network Attacks
-
[+] Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+] WMAP - Scan, Target Used Crawler From Metasploit WMAP plugin
[+] format infector - inject the payload into reverse and bind file format
[+] phpmyadmin Scanner
[+] LFI Bypasser
[+] Apache Users Scanner
[+] Dir Bruter
[+] admin finder
[ +] MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+] MITM - Man In The Middle Attack
[+] Java Applet Attack
[+] MFOD Attack Vector
[+] USB Infection Attack
[+] Dos ARP Attack
[+ ]'s Killer Attack
[+] Attack Fake Update
[+] Fake Access Point Attack



Download Websploit Framework Here

9. WINAUTOPWN

WinAutoPWN is a tool that is used to exploit the Windows Framework directly, so that we are automatically going to be an administrator on the windows. 

Image has been scaled down 30% (700x505). Click this bar to view original image (999x720). Click image to open in new window.
[Image: winAUTOPWN+v3.2+Released.jpg]


Download WinAutoPWN Here


10. HASHCAT

Hashcat are a variety of tools to crack passwords in encrypted, it is very powerful for password recovery.

Image has been scaled down 3% (700x510). Click this bar to view original image (720x524). Click image to open in new window.
[Image: hashcat.png]



General Function:
Multi-Threaded
Free
Multi-Hash (up to 24 million hashes)
Multi-OS (Linux, Windows and OSX native binaries)
Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, ...)
SSE2 accelerated
All Attack-Modes except Brute-Force and Permutation can be extended by rules
Very fast Rule-engine
Rules compatible with JTR and PasswordsPro
Possible to resume or limit session
Automatically recognizes recovered hashes from outfile at startup
Can automatically generate random rules
Load saltlist from an external file and then use them in a Brute-Force Attack variant
Able to work in an distributed environment
Specify multiple wordlists or multiple directories of wordlists
Number of threads can be configured
Lowest priority threads run on
30 + Algorithms is implemented with performance in mind
... and much more


Download HashCat Here

11. UNISCAN

Uniscan is a scanner for web applications, written in perl for Linux. Currently Uniscan version is 6.2.

[Image: uniscan.png]

General Function:Identification of system pages through a Web Crawler.
Use of threads in the crawler.
Control the maximum number of requests the crawler.
Control of variation of system pages identified by Web Crawler.
Control of file extensions that are ignored.
Test of pages found via the GET method.
Test the forms found via the POST method.
Support for SSL requests ( HTTPS ).
Proxy support.
Generate site list using Google.
Generate site list using Bing.
Plug-in support for Crawler.
Plug-in support for dynamic tests.
Plug-in support for static tests.
Plug-in support for stress tests.
Multi-language support.
Web client.General Function:
Identification of system pages through a Web Crawler.
Use of threads in the crawler.
Control the maximum number of requests the crawler.
Control of variation of system pages identified by Web Crawler.
Control of file extensions that are ignored.
Test of pages found via the GET method.
Test the forms found via the POST method.
Support for SSL requests ( HTTPS ).
Proxy support.
Generate site list using Google.
Generate site list using Bing.
Plug-in support for Crawler.
Plug-in support for dynamic tests.
Plug-in support for static tests.
Plug-in support for stress tests.
Multi-language support.
Web client.


Download Uniscan Here


12. OLYYDBG

OllyDbg is a 32-bit assembler debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source code is not available.

[Image: cracking-dengan-ollydbg.jpg?d8e507]


General Function:
Intuitive user interface, no cryptical commands
Code analysis - traces registers, recognizes procedures, loops, API calls, switches, tables, constants and strings
Directly loads and debugs DLLs
Object file scanning - locates routines from object files and libraries
Allows for user-defined labels, comments and function descriptions
Understands debugging information in Borland ® format
Saves patches between sessions, writes them back to executable file and updates fixups
Open architecture - many third-party plugins are available
No installation - no trash in registry or system directories
Debugs multithreaded applications
Attaches to running programs
Configurable disassembler, supports both MASM and IDEAL formats
MMX, 3DNow! and SSE instructions and the data types, Including Athlon extensions
Full UNICODE support
Dynamically recognizes ASCII and UNICODE strings - also in Delphi format!
Recognizes complex code constructs, like call to jump to procedure
Decodes calls to more than 1900 standard API and 400 C functions
Gives context-sensitive help on API functions from external help file
Sets conditional, logging, memory and hardware breakpoints
Traces program execution, logs arguments of known functions
Shows fixups
Dynamically traces stack frames
Searches for imprecise commands and masked binary sequences
Searches whole allocated memory
Finds references to constant or address range
Examines and modifies memory , sets breakpoints and Pauses program on-the-fly
Assembles commands into the shortest binary form
Starts from the floppy disk



Download OllyDbj Here


13. BBQSQL

BBQSQL an Opensource SQL injection tools with the framework specifically designed to carry out the process in hyper fast, database agnostic, easy to setup, and easy to modify. This is another amazing release from Arsenal Blackhat USA 2012. When conducting security assessments of applications, we often find that it is difficult to SQL vulnerabilities exploitable, with this tool will be extremely easy.
BBQSQL written in the Python programming language. This is very useful when complex SQL injection attack vulnerabilities. BBQSQL also a semi-automated tool, which allows little customization for those who are finding it difficult to trigger a SQL injection. The tool is built to be database agnostic and very versatile. It also has an intuitive UI for setting up the attack much easier.



[Image: BBQSQL.jpg]


General Function:
SQL Injection Tools
URL
HTTP Method
Headers
Cookies
Encoding methods
Redirect behavior
Files
HTTP Auth
Proxies


Download BBQSQL Here


14. CRYPTOHAZE


Tools to crack password / hash where cryptohaze supports CUDA, OpenCL , and the CPU code (SSE, AVX, etc.). Can run on OS that support CUDA. These are intended to make it easier to pentester did crack the hash.



[Image: Hacker+going+to+demonstrate+open+source+...er+sec.png]


General Function:
Crack various kinds of hash
Showing results from crackhash
Cracking on various OS platforms



Download Cryptohaze Here


15. SAMURAI WEB TESTING FRAMEWORK (SWTF)

SWTF is used to do testing / pentest against web application, is used to find a weakness and exploited to perform web. 

[Image: The+Samurai+Web+Testing+Framework+v+2.0RC5.jpg]

General Function:
Web Scanner
Web Mapping
Web Exploitation



Download SWTF Here


SO Thats It .enjoy 

No comments:

Post a Comment

Follow Me