Most Popular
WhatWeb just updated to v0.4.2
WhatWeb is a next generation web scanner that identifies what websites are running. Flexible plugin architecture with over 80 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver
WhatWeb v0.4.1 - released
Identifying content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. Licensed under GPLv3.
(update) Foca v2.0.1: in the wild
FOCA 2 has a new algorithm which tries to discover as much info related to network infrastructure as possible. In this alpha version FOCA will add to the figured out network-map, all servers than can be found using a recursive algorithm searching in Google, BING, Reverse IP in BING, Well-known servers and DNS records, using an internal PTR-Scaning, et
Skipfish v1.33b released
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks.
Process Monitor v2.9 released
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon.
bing-ip2hosts v0.2 released - Enumerate hostnames from Bing
Bing.com is a search engine owned by Microsoft formerly known as MSN Search and Live Search. It has a unique feature to search for websites hosted on a specific IP address. This feature is can be used with the IP: parameter in the search query as shown in the image above.
(update) Skipfish Active web application scanner v1.29b released
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks.
plecost v0.2.2-8 Beta released
Wordpress finger printer tool search and retrieve information about the plugins versions installed in Wordpress systems.
(Update) Skipfish Active web application scanner v1.08 beta just released
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks.
WhatWeb v0.4 - released
Identifying content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. Licensed under GPLv3.
plecost v0.2.2-7 Beta (Update!)
Wordpress finger printer tool search and retrieve information about the plugins versions installed in Wordpress systems.
Eclipse HTTP Client (HTTP4e) v3.0 available
Eclipse HTTP Client (HTTP4e) is an Eclipse plugin formaking HTTP and RESTful calls. Build with user experience in mind, it simplifies the developer/QA job of testing Web Services, REST, JSON and HTTP. It is a useful tool for your daily job of HTTP header tampering and hacking.
GeoIPgen v0.4 – Country-to-IPs generator
GeoIPgen is a country-to-IPs generator. It’s a geographic IP generator for IPv4 networks that uses the MaxMind GeoLite Country database. Geoipgen is the first published use of a geographic ip database in reverse to translate from country-to-IPs instead of the usual use of IP-to-country.
plecost v0.1.6 RT Beta - WP finger printer tool
Wordpress finger printer tool search and retrieve information about the plugins versions installed in Wordpress systems.
mssqlfp (ENGR SQL FingerprintT) v1.00.0006 released
This is a tool that performs version fingerprinting on Microsoft SQL Server 2000, 2005 and 2008, using well known techniques based on several public tools that identifies the SQL Version.
dnsmap v0.30 - Passive DNS network mapper
dnsmap (a.k.a. subdomains bruteforcer) was originally released back in 2006 and was inspired by the fictional story "The Thief No One Saw" by Paul Craig, which can be found in the book "Stealing the Network - How to 0wn the Box".
theHarvester v1.5 released
theHarvester is a tool for gathering e-mail accounts from different public sources (search engines, pgp key servers). Is a really simple tool, but very effective.
Haraldscan v0.41 released
The scanner will be able to determine Major and Minor device class of device, as well as attempt to resolve the device’s MAC address to the largest known Bluetooth MAC address Vendor list.
The goal of this project is to obtain as many MAC addresses mapped to device vendors as possible.
mssqlfp (Microsoft SQL Server Fingerprint Tool) Beta 4 released
This is a tool that performs version fingerprinting on Microsoft SQL Server 2000, 2005 and 2008, using well known techniques based on several public tools that identifies the SQL Version.
Process Hacker v1.10 released
Process Hacker is a free and open source process viewer and memory editor with unique features such as powerful process termination and a Regex memory searcher. It can show services, processes and their threads, modules, handles and memory regions.