Category Attack

DAVTest v1.0 - WebDAV Application

DAVTest tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which allow for command execution or other actions directly on the target. It is meant for penetration testers to quickly and easily determine if enabled DAV services are exploitable.

Read More

Fuzzdb v1.07 released

A comprehensive set of fuzzing patterns for discovery and attack during highly targeted brute force testing of web applications.

Read More

Bruter v1.0 - parallel network login brute-forcer

Bruter is a parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.

Read More

Fuzzdb updated to v1.06

A comprehensive set of fuzzing patterns for discovery and attack during highly targeted brute force testing of web applications.

Read More

fuzzdb v1.05 - Attack and Discovery Pattern Database

A comprehensive set of fuzzing patterns for discovery and attack during highly targeted brute force testing of web applications.

Read More

Windows Autopwn (winAUTOPWN) v2.2 released

winAUTOPWN is an auto (hacking) shell gaining tool. It can also be used to test IDS, IPS and other monitoring sensors/softwares.

Read More

PyLoris Denial of Service Web Testing v3.0 in the wild

PyLoris is a tool for testing a web server’s vulnerability to a particular class of Denial of Service (DoS) attacks. It uses the Slowloris method; by using all available connections, web servers cannot complete valid requests.

Read More

Vicnum v1.4 released

A lightweight flexible vulnerable web application written in PERL and PHP. It demonstrates common web application vulnerabilities such as cross site scripting and session management issues.

Read More

Social-Engineering Ninja v0.1 Beta - PHP scripts

S-E Ninja is a Social Engineering tool, with 20-25 popular sites fake pages and anonymous mailer via mail() function in PHP.

Read More

SpiderLabs Toolset for Pentesting

SpiderLabs has developed dozens of tools over the years. Most of them end up as internal-only tools since they eventually make their way into one of Trustwave’s product offerings. Recently, we have decided to showcase some of these tools and provide them as Open Source to the information security community. The tools have been made available without warranty and are available under the GNU General Public License as published by the Free Software Foundation.

Read More

WebRaider v0.2.3.8 - One Click Ownage

WebRaider is a plugin based automated web application exploitation tool which focuses to get a shell from multiple targets or injection point.

Read More

Windows Autopwn (winAUTOPWN) v2.1 released

winAUTOPWN is an auto (hacking) shell gaining tool. It can also be used to test IDS, IPS and other monitoring sensors/softwares.

Read More

No More and 1=1 v0.3 - repository of SQLi/XSS

In order to minimize the time required to type malicious syntax and have a handy repository of it M, this small tool that we hence call No more and 1=1.

Read More

Damn Vulnerable Web App (Live CD) v1.0.6 - released

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

Read More

Nsploit - Popping boxes with Nmap

Nsploit it allows to pass through nmap to Metasploit and then execute some exploit.

Read More

NetReconn v1.76 released

A small set of tools based on previous reference programs and scripts. Currently consists of: tiny network strobe, sniffer and payload decoder.

Read More

NetReconn v1.75 released

A small set of tools based on previous reference programs and scripts. Currently consists of: tiny network strobe, sniffer and payload decoder.

Read More

SSHatter v1.0 - Password brute forcer for SSH

Password brute forcer for SSH.

Read More

Eclipse HTTP Client (HTTP4e) v2.0 available

Eclipse HTTP Client (HTTP4e) is an Eclipse plugin formaking HTTP and RESTful calls. Build with user experience in mind, it simplifies the developer/QA job of testing Web Services, REST, JSON and HTTP. It is a useful tool for your daily job of HTTP header tampering and hacking.

Read More

Web Security Dojo v0.2 released

An open source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo. For learning and practicing web app security testing techniques. It does
not need a network connection since it contains tools, targets, and
documentation. Thus making it ideal for training classes and conferences.

Read More