Category Penetration testing & Ethical Hacking

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.
Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

sharK is an advanced reverse connecting, firewall bypassing remote administration tool written in VB6. With sharK you will be able to administrate every PC (using Windows OS) remotely.

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.

sharK is an advanced reverse connecting, firewall bypassing remote administration tool written in VB6. With sharK you will be able to administrate every PC (using Windows OS) remotely.

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

The Metasploit Framework ("Metasploit") is a development platform for creating security tools and exploits. Version 3.0 contains 177 exploits, 104 payloads, 17 encoders, and 3 nop modules. Additionally, 30 auxiliary modules are included that perform a wide range of tasks, including host discovery, protocol fuzzing, and denial of service testing

The Metasploit Framework ("Metasploit") is a development platform for creating security tools and exploits. Version 3.0 contains 177 exploits, 104 payloads, 17 encoders, and 3 nop modules. Additionally, 30 auxiliary modules are included that perform a wide range of tasks, including host discovery, protocol fuzzing, and denial of service testing

CORE IMPACT is the first automated, comprehensive penetration testing product for assessing specific information security threats to an organization. By safely exploiting vulnerabilities in your network infrastructure, the product identifies real, tangible risks to information assets while testing the effectiveness of your existing security investments

ATK stands for Attack Tool Kit. It was first developed to provide a very small and handy tool for Windows to realize fast checks for dedicated vulnerabilities. In the meanwhile it is a combination of security scanner (e.g. Nessus) and exploiting framework (e.g. MetaSploit)

SAINT, or the Security Administrator’s Integrated Network Tool, uncovers areas of weakness and recommends fixes. With SAINT® vulnerability assessment tool, you can:

• Detect and fix possible weaknesses in your network’s security before they can be exploited by intruders.
• Anticipate and prevent common system vulnerabilities.
• Demonstrate compliance with current government regulations such as FISMA, Sarbanes Oxley, GLBA, HIPAA, and COPP

Wicrawl is a simple wi-fi (802.11x) Access Point auditor with a simple and flexible plugin architecture. The plugins allow us to find out useful information about an AP so we don’t have to manually check each access point. Plugins are implemented for existing common tools, and new plugins can be written in any language. Wicrawl is able to use multiple cards, and eventually will be able to use multiple computers.

CORE IMPACT is the first automated, comprehensive penetration testing product for assessing specific information security threats to an organization. By safely exploiting vulnerabilities in your network infrastructure, the product identifies real, tangible risks to information assets while testing the effectiveness of your existing security investments

The Metasploit Framework ("Metasploit") is a development platform for
creating security tools and exploits. Version 3.0 contains 177
exploits, 104 payloads, 17 encoders, and 3 nop modules. Additionally,
30 auxiliary modules are included that perform a wide range of tasks,
including host discovery, protocol fuzzing, and denial of service testing.

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide

Airoscript is a shell script designed to ease the use of aircrack-ng. It allows you to: scan, select and attack any detected access point. This is done by detecting encryption type and proposing attacks accordingly.

CORE IMPACT is the first automated, comprehensive penetration testing product for assessing specific information security threats to an organization. By safely exploiting vulnerabilities in your network infrastructure, the product identifies real, tangible risks to information assets while testing the effectiveness of your existing security investments.

Metasploit 3.0 is the next generation of the Metasploit Framework. It is written in the Ruby programming language and is a complete rewrite of the 2.0 branch. The Metasploit 2.0 branch drastically reduced exploit development time and promoted code re-use between similar exploit modules. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research.