[Argus] Real Time Flow Monitor

Argus is a fixed-model Real Time Flow Monitor designed to track and report on the status and performance of all network transactions seen in a data network traffic stream. Argus provides a common data format for reporting flow metrics such as connectivity, capacity, demand, loss, delay, and jitter on a per transaction basis. The record format that Argus uses is flexible and extensible, supporting generic flow identifiers and metrics, as well as application/protocol specific information.

Argus is composed of an advanced comprehensive network flow data generator, the Argus sensor, which processes packets (either capture files or live packet data) and generates detailed network flow status reports of all the flows in the packet stream. Argus captures much of the packet dynamics and semantics of each flow, with a great deal of data reduction, so you can store, process, inspect and analyze large amounts of network data efficiently. Argus provides reachability, availability, connectivity, duration, rate, load, good-put, loss, jitter, retransmission, and delay metrics for all network flows, and captures most attributes that are available from the packet contents, such as L2 addresses, tunnel identifiers (MPLS, GRE, ESP, etc...), protocol ids, SAP's, hop-count, options, L4 transport identification (RTP, RTCP detection), host flow control indications, etc...

Argus is used by many sites to generate network activity reports for every network transaction on their networks. The network audit data that Argus generates is great for security, operations and performance management. The data is used for network forensics, non-repudiation, network asset and service inventory, behavioral baselining of server and client relationships, detecting covert channels, and analyzing Zero day events.

Argus is an Open Source project, currently running on Mac OS X, Linux, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, IRIX, Windows (under Cygwin) and OpenWrt, and has been ported to many hardware accelerated platforms, such as Bivio, Pluribus, Arista, and Tilera. The software should be portable to many other environments with littleor no modifications. Performance is such that auditing an entire enterprise's Internet activity can be accomplished using modest computing resources.

Download Argus

[SearchMyFiles] Alternative to 'Search For Files And Folders' module of Windows + Duplicates Search

SearchMyFiles is an alternative to the standard "Search For Files And Folders" module of Windows. It allows you to easily search files in your system by wildcard, by last modified/created/last accessed time, by file attributes, by file content (text or binary search), and by the file size. SearchMyFiles allows you to make a very accurate search that cannot be done with Windows search. For Example: You can search all files created in the last 10 minutes with size between 500 and 700 bytes.

After you made a search, you can select one or more files, and save the list into text/html/csv/xml file, or copy the list to the clipboard.

SearchMyFiles is portable, and you can use it from a USB flash drive without leaving traces in the Registry of the scanned computer.

Download SearchMyFiles

[Peepdf] PDF Analysis and Creation/Modification Tool

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it's possible to see all the objects in the document showing the suspicious elements, supports all the most used filters and encodings, it can parse different versions of a file, object streams and encrypted files. With the installation of PyV8 and Pylibemu it provides Javascript and shellcode analysis wrappers too. Apart of this it's able to create new PDF files and to modify/obfuscate existent ones.

The main functionalities of peepdf are the following:

Analysis:

• Decodings: hexadecimal, octal, name objects
• More used filters
• References in objects and where an object is referenced
• Strings search (including streams)
• Physical structure (offsets)
• Logical tree structure
• Metadata
• Modifications between versions (changelog)
• Compressed objects (object streams)
• Analysis and modification of Javascript (PyV8): unescape, replace, join
• Shellcode analysis (Libemu python wrapper, pylibemu)
• Variables (set command)
• Extraction of old versions of the document
• Easy extraction of objects, Javascript code, shellcodes (>, >>, $>, $>>)
• Checking hashes on VirusTotal

Creation/Modification:

• Basic PDF creation
• Creation of PDF with Javascript executed wen the document is opened
• Creation of object streams to compress objects
• Embedded PDFs
• Strings and names obfuscation
• Malformed PDF output: without endobj, garbage in the header, bad header...
• Filters modification
• Objects modification

Execution modes:

• Simple command line execution
• Powerful interactive console (colorized or not)
• Batch mode

TODO:

• Embedded PDFs analysis
• Improving automatic Javascript analysis
• GUI 

Download Peepdf

[PingInfoView] Ping monitor utility

PingInfoView is a small utility that allows you to easily ping multiple host names and IP addresses, and watch the result in one table. It automatically ping to all hosts every number of seconds that you specify, and displays the number of succeed and failed pings, as well as the average ping time. You can also save the ping result into text/html/xml file, or copy it to the clipboard.

Download PingInfoView

[ODA] Online Web Based Disassembler

ODA stands for Online DisAssembler. ODA is a general purpose machine code disassembler that supports a myriad of machine architectures. Built on the shoulders of libbfd and libopcodes (part of binutils), ODA allows you to explore an executable by dissecting its sections, strings, symbols, raw hex, and machine level instructions.

ODA is an online Web Based Disassembler for when you don’t have time or space for a thick client.

You can use it for a variety of purposes such as:

• Malware analysis
• Vulnerability research
• Visualizing the control flow of a group of instructions
• Disassembling a few bytes of an exception handler that is going off into the weeds
• Reversing the first few bytes of a Master Boot Record (MBR) that may be corrupt
• Debugging an embedded systems device driver

Online DisAssembler

[NetBScanner] NetBIOS Scanner

NetBScanner is a network scanner tool that scans all computers in the IP addresses range you choose, using NetBIOS protocol. For every computer located by this NetBIOS scanner, the following information is displayed: IP Address, Computer Name, Workgroup or Domain, MAC Address, and the company that manufactured the network adapter (determined according to the MAC address). NetBScanner also shows whether a computer is a Master Browser. You can easily select one or more computers found by NetBScanner, and then export the list into csv/tab-delimited/xml/html file.

Download NetBScanner

[Nsdtool] Toolset of scripts used to detect netgear switches in local networks

Nsdtool is a toolset of scripts used to detect netgear switches in local networks. The tool contains some extra features like bruteforce and setting a new password.

Netgear has its own protocol called NSDP (Netgear Switch Discovery Protocol), which is implemented to support security tests on the commandline. It is not being bound to the delivered tools by Netgear.

Usage

Define your interface and possible delay in the config.ini.

# cat config.ini
[NSDP]
SourcePort = 63323 <--- nsdp source
DestPort = 63324 <--- nsdp dest
Interface = eth0 <--- your network interface
DestIP = 255.255.255.255
Delay = 0.01 <--- interval delay

Download Nsdtool

[MultiMonitorTool] Enable/disable/configure multiple monitors on Windows

MultiMonitorTool is a small tool that allows you to do some actions related to working with multiple monitors. With MultiMonitorTool, you can disable/enable monitors, set the primary monitor, save and load the configuration of all monitors, and move windows from one monitor to another. You can do these actions from the user interface or from command-line, without displaying user interface. MultiMonitorTool also provides a preview window, which allows you to watch a preview of every monitor on your system.

Download MultiMonitorTool

[Ipdecap] Decapsulate traffic encapsulated within GRE, IPIP, 6in4, ESP (ipsec) protocols

 Ipdecap can decapsulate traffic encapsulated within GRE, IPIP, 6in4, ESP (ipsec) protocols, and can also remove IEEE 802.1Q (virtual lan) header.

It reads packets from an pcap file, removes the encapsulation protocol, and writes them to another pcap file.

Goals are:

• Extract encapsulated tcp flow to analyze them with conventional tcp tools (tcptrace, tcpflow, …)
• Reduce pcap files size by removing encapsulation protocol

Ipdecap was first written to analyze a strange tcp behavior encapsulated by ESP, without intervention on vpn endpoints.

Download  Ipdecap

[SSLsplit] Transparent and scalable SSL/TLS interception

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted.

SSLsplit is intended to be useful for network forensics and penetration testing.

SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. SSLsplit can also use existing certificates of which the private key is available, instead of generating forged ones. SSLsplit supports NULL-prefix CN certificates and can deny OCSP requests in a generic way.

SSLsplit removes HPKP response headers in order to prevent public key pinning.

Requirements

• SSLsplit depends on the OpenSSL and libevent 2.x libraries.
• The build depends on GNU make and a POSIX.2 environment in `PATH`.
• The optional unit tests depend on the check library.

SSLsplit currently supports the following operating systems and NAT mechanisms:

• FreeBSD: pf rdr and divert-to, ipfw fwd, ipfilter rdr
• OpenBSD: pf rdr-to and divert-to
• Linux: netfilter REDIRECT and TPROXY
• Mac OS X: ipfw fwd and pf rdr (experimental)

Download SSLsplit

[OpenedFilesView] View opened/locked files in your system (sharing violation issues)

OpenedFilesView displays the list of all opened files on your system. For each opened file, additional information is displayed: handle value, read/write/delete access, file position, the process that opened the file, and more... 

Optionally, you can also close one or more opened files, or close the process that opened these files.

This utility is especially useful if you try to delete/move/open a file and you get one of the following error messages:

• Cannot delete [filename]: There has been a sharing violation. The source or destination file may be in use.
• Cannot delete [filename]: It is being used by another person or program. Close any programs that might be using the file and try again.

When you get one of these error messages, OpenedFilesView will show you which process lock your file. Closing the right process will solve this problem. optionally, you can also release the file by closing the handle from OpenedFilesView utility. However, be aware that after closing a file in this way, the program that opened the file may become unstable, and even crash.

Download OpenedFilesView

[DNmap] Distributed Nmap Framwork

DNmap is a distributed nmap framwork using a client/server architecture. The server reads the commands from a file and send them to each client. The client execute the nmap command and send the results back.

Download DNmap

[WiFi Password Remover v2.0] Free Wireless (WEP/WPA/WPA2) Password/Profile Removal Software

WiFi Password Remover is the Free software to quickly recover and remove Wireless account passwords stored on your system.

For each recovered Wi-Fi account, it displays following details,

• WiFi Name (SSID)
• Security Settings (WEP-64/WEP-128/WPA2/AES/TKIP)
• Password Type
• Password in Hex format
• Password in clear text

Once recovered, you can either remove single or all of them with just a click. Before proceeding with deletion, you can also take a backup of recovered Wi-Fi password list to HTML/XML/TEXT/CSV file.

One of the unique feature of this tool is that it can recover all type of Wi-Fi passwords including the ones which are not shown by 'Windows Wireless Manager', thus allowing you to remove all the hidden wireless passwords/profiles also.

Download WiFi Password Remover v2.0 

[0verCheck] Script para comprobar si una dirección e-mail existe o no

Script para comprobar si una dirección de e-mail existe o es falsa. Admite listas de correo.

Mi idea es extraer el dominio a partir del correo  y comprobar a través de los DNS cual es el servidor SMTP (mirando los registros MX). Una vez que sabemos el servidor SMTP procedemos a lanzar unos sockets para conectarnos a él y proceder a intentar mandarle un e-mail a la cuenta que queremos comprobar si es válida. Mirando los códigos de respuesta, vemos que si el correo es válido nos devolverá un 250, y si no (en teoría) nos devuelve un 550.

Descargar 0verCheck

[CountryTraceRoute] Fast Traceroute with IP country information

CountryTraceRoute is a Traceroute utility, similar to the tracert tool of Windows, but with graphical user interface, and it's also much faster than tracert of Windows. CountryTraceRoute also displays the country of the owner of every IP address found in the Traceroute. 

After the Traceroute is completed, you can select all items (Ctrl+A) and then save them into csv/tab-delimited/html/xml file with 'Save Selected Items' option (Ctrl+S) or copy them to the clipboard (Ctrl+C) and then paste the result into Excel or other spreadsheet application.

Download CountryTraceRoute

[Blackhash] Audit Passwords Without Hashes

A traditional password audit typically involves extracting password hashes from systems and then sending those hashes to a third-party security auditor or an in-house security team. These security specialists have the knowledge and tools to effectively audit password hashes. They use password cracking software such as John the Ripper and Hashcat in an effort to uncover weak passwords.

However, there are many risks associated with traditional password audits. The password hashes may be lost or stolen from the security team. A rogue security team member may secretly make copies of the password hashes. How would anyone know? Basically, once the password hashes are given to the security team, the system manager must simply trust that the password hashes are handled and disposed of securely and that access to the hashes is not abused.

Blackhash works by building a bloom filter from the system password hashes. The system manager extracts the password hashes and then uses Blackhash to build the filter. The filter is saved to a file, then compressed and given to the security team. The filter is just a bitset that contains ones and zeros. It does not contain the password hashes or any other information about the users or the accounts from the system. It’s just a string of ones and zeros. You may

view a Blackhash filter with a simple text editor. It will look similar to this:

00000100000001000100001

When the security team receives the filter, they use Blackhash to test it for known weak password hashes. If weak passwords are found, the security team creates a weak filter and sends that back to the system manager. Finally, the system manager tests the weak filter to identify individual users so that they can be contacted and asked to change passwords.

This enables you to audit passwords without actually giving out the hashes.

Pros

• Password hashes never leave the system team.
• Works with any simple, un-salted hash. LM, NT, MD5, SHA1, etc.
• Security auditors do not have to transmit, handle or safe-guard the password hashes.
• Anonymizes the users. The filter contains no data about the users at all.

Cons

• Slower than traditional password cracking methods.
• More complex than traditional password cracking methods.
• Bloom Filters may produce a few false positives (very few in this case).

Download Blackhash: Windows - Linux

[Lynis 1.4.6] Security and System Auditing Tool to Harden Linux Systems

Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information, installed packages and possible configuration errors.

This software aims in assisting automated auditing, hardening, software patch management, vulnerability and malware scanning of Unix/Linux based systems. It can be run without prior installation, so inclusion on read only storage is possible (USB stick, cd/dvd).

Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOx (Sarbanes-Oxley) compliance audits.

Intended audience:Security specialists, penetration testers, system auditors, system/network managers.

Examples of audit tests:

• Available authentication methods
• Expired SSL certificates
• Outdated software
• User accounts without password
• Incorrect file permissions
• Configuration errors
• Firewall auditing

Download Lynis 1.4.6

[ProcessThreadsView] View process threads information

ProcessThreadsView is a small utility that displays extensive information about all threads of the process that you choose. The threads information includes the ThreadID, Context Switches Count, Priority, Created Time, User/Kernel Time, Number of Windows, Window Title, Start Address, and more. 

When selecting a thread in the upper pane, the lower pane displays the following information: Strings found in the stack, stack modules addresses, call stack, and processor registers. 

ProcessThreadsView also allows you to suspend and resume one or more threads.

Download ProcessThreadsView

[Skipfish] Web Application Security Scanner

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Key features:

• High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.

• Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.

• Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments. 

Download Skipfish

[DeviceIOView] View data transfer between a software and device driver

DeviceIOView allows you to watch the data transfer between a software or service and a device driver (DeviceIoControl calls). For each call to a device driver, the following information is displayed: Handle, Control Code, number of input bytes, number of output bytes, the name of the device handle, and all the input/output bytes, displayed as Hex dump.

System Requirements

This utility works on Windows 2000, Windows XP, Windows Server 2003, and Windows 7/Vista/2008 (32-bit only). Older versions of Windows are not supported.

Using DeviceIOView

DeviceIOView doesn't require any installation process or additional dll files. In order to start using it, simply run the executable file - DeviceIOView.exe After running it, select the process that you want to inspect, and click Ok. After clicking Ok, DeviceIOView will start to display the information about all calls to device drivers.

The upper pane displays the list of all device drivers calls. When you select an item in the upper pane, the lower pane displays the input/output bytes, as Hex dump.

Download DeviceIOView

[SkypeLogView] Skype Log Viewer (.dbb and main.db files)

SkypeLogView reads the log files created by Skype application, and displays the details of incoming/outgoing calls, chat messages, and file transfers made by the specified Skype account. You can select one or more items from the logs list, and then copy them to the clipboard, or export them into text/html/csv/xml file.

System Requirements

This utility works on any version of Windows starting from Windows 2000 and up to Windows 8. You don't have to install Skype in order to use this utility. You only need the original log files created by skype, even if they are on an external drive.

Download SkypeLogView

[wig] WebApp Information Gatherer (Identify CMS)

wig is a Python tool that identifies a websites CMS by searching for fingerprints of static files and extracting version numbers from known files.

OS identification is done by using the value of the ‘server’ and ‘X-Powered-By’ in the response header. These values are compared to a database of which package versions are include with different operating systems.

The version detection is based on md5 checksums of statics files, regex and string matching. OS detection is based on headers and packages listed in the ‘server’ header. There’s a quite large database of package versions included in common linux distros.

The author uses scripts to automatically update the md5 checksums for new versions of open source CMS the the tool is capable to detecting. This one of the main advantages over BlindElephant and WhatWeb.

There are currently three profiles for wig:

1. Only send one request: wig only sends a request for ‘/’. All fingerprints matching this url are tested.
2. Only send one request per plugin: The url used in most fingerprints is used
3. All fingerprints: All fingerprints are tested

Help screen:

# wig.py --help
usage: wig.py [-h] [-v] [-p {1,2,4}] host

WebApp Information Gatherer

positional arguments:
  host        the host name of the target

optional arguments:
  -h, --help  show this help message and exit
  -v          list all the urls where matches have been found
  -p {1,2,4}  select a profile: 1) Make only one request - 2) Make one request
              per plugin - 4) All

Example of run:

# python3 wig.py www.example.com

CMS                  Drupal CMS: [7.25, 7.24, 7.26, 7.23, 7.22]
Operating System     Microsoft Windows Server: [2008 R2]
Server Info          Microsoft-IIS: [7.5, 6.0]
______________________________________________________________
Time: 18.0 sec | Plugins: 65 | Urls: 324 | Fingerprints: 14178

Download wig

[WakeMeOnLan] Turn on computers on your network with Wake-on-LAN packet

This utility allows you to easily turn on one or more computers remotely by sending Wake-on-LAN (WOL) packet to the remote computers.

When your computers are turned on, WakeMeOnLan allows you to scan your network, and collect the MAC addresses of all your computers, and save the computers list into a file. Later, when your computers are turned off or in standby mode, you can use the stored computers list to easily choose the computer you want to turn on, and then turn on all these computers with a single click.

WakeMeOnLan also allows you to turn on a computer from command-line, by specifying the computer name, IP address, or the MAC address of the remote network card.

System Requirements And Limitations

• On the computer that you run WakeMeOnLan: WakeMeOnLan works on any version of Windows, starting from Windows 2000 and up to Windows 8, including x64 versions of Windows.
• On the remote computer: WakeMeOnLan can turn on the remote computer only if this feature is supported and enabled on the remote computer. Be aware that Wake-on-LAN feature only works on wired network. Wireless networks are not supported. 
  In order to enable the Wake-on-LAN feature on the remote computer:
  • On some computers, you may need to enable this feature on the BIOS setup.
  • In the network card properties, you should go to the 'Power Management' and/or 'Advanced' tabs of the network adapter, and turn on the Wake-on-LAN feature.  

Download WakeMeOnLan

[WiFiSlax v4.8] Distribución GNU/Linux LiveCD y LiveUSB diseñada para la auditoría wireless

Hoy en día es siempre necesario andar con un Linux live cd por cualquier tipo de inconveniente, y si necesitas hacer una auditoría wireless rápida nada mejor que tener a mano Wifislax.

Wifislax es un live CD que, basado en el sistema operativo Linux, puede ser ejecutado sin necesidad de instalación directamente desde el CDROM o también desde el disco duro como LiveHD, además de poderse instalar en memorias USB o en disco duro. Wifislax es un linux live cd diseñado por www.seguridadwireless.net y esta adaptado para el wireless.

El kernel es el 3.13 , parcheado para la auditoria wireless y evitar los dichosos "channel -1"

Se han actualizado un montón de aplicaciones y se han añadido un buen puñado de nuevas.

Kde 4.10.5 y xfce 4.10 con paquetería oficial de slackware.

Changelog 4.8

Todo el sistema a sido reordenado , las librerias
y programas que no son parte oficial del sistema
slackware han sido todas recompiladas y la mayoria 
actualizadas.

01 - ACtualizada suite aircrack a revision 2345
02 - Actualizado kernel a 3.12.1 nueva config vmware
03 - Actualizado WpsPinGenerator a version 1.29
04 - Modificado script aircrack-ng updater
05 - Incluida variable en rc.local para metasploit
06 - Recompilado y actualizado ffmpeg a su version mas nueva 2.1.1
07 - Recompilado dreamdesktop para usar ffmpeg 2
08 - Incluida otra vez libreria boost
09 - ACtualizado firmware broadcom a 6.30.163.46
10 - Actualizada libreria zenity a la mas nueva 3.8.0
11 - Mas funciones para cleandir ( elimina cosas de sistema como idiomas extras )
12 - Suprimido kernel pae 
13 - Incluido paquete mkinitrd del repositorio slackware
14 - Incluida libreria libconfig
15 - Incluidos services menu progressbar de geminis_demon para KDE
16 - Cambio a kernel 3.10.20
17 - libxklavier movida a modulo desktop-depends
18 - recompilado paquete xfce4-xkb-plugin-0.5.4.3
19 - suprimido paquete gkrell
20 - actualizado kismet a version kismet-2013-03-R1b
21 - actualizada libpcap a 1.5.1 STABLE
22 - actualizado tcpdump a version 4.5.1
23 - Incluida wps-qi beta
24 - Actualizado aircarck-ng a version aircrack-ng-1.1_r2354
25 - Actualizado bully a version 1.0-22
26 - Acxtualizado iw a version 3.13
27 - Cambio a kernel 3.9.11
28 - Cambio de wallpaper KDE
29 - Actualizado aircrack a version 2358
30 - Ajustes en la secuencia de arranque
31 - Ajustes en cleandir
32 - kernel 3.10.22
33 - Incluido stop mode monitor , desmonta todas las interfaces monX
34 - Actualizado aircrack a version 2359
35 - Actualizado flash-plugin a version 11.2.202.332
36 - Actualizado aircrack a version svn r2362
37 - Actualizado gparted a 0.17.0
38 - Actualizado firefox a version 26.0
39 - Actualizado kernel a 3.12.5
40 - Actualizado wpsqui a version 1.0rc2
41 - Actualizado ferm wifi cracker a version 1.90
42 - Actualizado aircrack r2363
43 - Actualizado wpspingenerator a version 1.31
44 - Adaptados script a xfce+kde
45 - Mejora en salvar sesion reaver ahora salva las sesiones reavermod
46 - Actualizados firmwares 15122013
47 - Incluido linset 0.7
48 - Incluido slackyd
49 - Actualizado gambas runtime a version 3.5.1
50 - Implementado zram ( memoria intercambio 512 megas sin crear particiones )
51 - Incluida libreria anthy
52 - Incluida libreria hunspell
53 - Incluida libreria guile
54 - Incluida sane
55 - Incluida ruby
56 - Incluida chmlib
57 - Incluida gc
58 - Incluida libcddb
59 - Incluida libmnl
60 - Incluida libmtp
61 - Incluida libnetfilter_conntrack
62 - Incluida libunistring
63 - Incluida libnetfilter_log
64 - Incluida libnetfilter_queue
65 - Incluida libnfnetlink
65 - Incluida libspectre
66 - Actualizado wpspingenerator a version 1.32 añade 2 nuevas macs
67 - ACtualizado aircrack revision 2364
68 - Actualizado wireshark a version 1.10.4
69 - Reparados todos los log/packages para cumplir standard
70 - Incluido medusa + gui java
71 - Reparado stkeys
72 - Firefox updaters ahora ponen version y arquitectura para cumplir standard de log/packages

MD5: 17d2405fae1c2a42c56b48cfa2a9de6c

LINK FTP OFICIAL
http://www.downloadwireless.net/isos/wifislax-4-8-final.iso

LINKS DE APOYO POR SI NO VA EL FTP
http://www.multiupload.nl/88MWQV2AM8

TORRENT
https://kickass.to/wifislax-4-8-final-iso-t8821793.html

Fuente

[Jspy RAT v0.08] Java Multiplatform Remote Administration Tool

jSpy is a RAT developed in Java. Need to monitor your childrens internet use? Check that your workers are doing what you paid them for? Help a friend out with a problem on his computer? No worries, whether it be Windows or Mac OSX that you need to manage, or manage from - jSpy is the answer.

Stable

jSpy uses a library called Kryonet developed by Esoterics Software. By using this library for networking, jSpy creates an environment where you can be rest assured you won't lose your clients.

Powerful

jSpy has an abundance of features, and is actively developed by a 17 year old java programmer from London. If you have any suggestions please email me at: javastealth@gmail.com

Multiple OS Support

jSpy will run on Windows, Mac OSX and Linux. jSpy was developed on a Mac ensuring that all features work on both UNIX and DOS Systems.

Download Jspy RAT v0.08 

[Cisco Torch] Mass Scanning, Fingerprinting, and Exploitation Tool

Cisco Torch mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the "Hacking Exposed Cisco Networks", since the tools availalbe on the market could not meet our needs.

The main feature that makes Cisco-torch different from similar tools is the extensive use of forking to launch multiple scanning processes on the background for maximum scanning efficiency. Also, it uses several methods of application layer fingerprinting simultaneously, if needed. We wanted something fast to discover remote Cisco hosts running Telnet, SSH, Web, NTP and SNMP services and launch dictionary attacks against the services discovered.

Download Cisco Torch

[QuickSetDNS] Quickly change DNS servers of your Internet connection

QuickSetDNS is a simple tool that allows you to easily change the DNS servers that are used for your Internet connection. You can set the desired DNS servers from the user interface, by choosing from a list of DNS servers that you defined, or from command-line, without displaying any user interface.

System Requirements

This utility works on any version of Windows, starting from Windows 2000 and up to Windows 8. Both 32-bit and 64-bit systems are supported.

Versions History

• Version 1.01:
  • Added 'Router DNS' item, which allows you to choose the internal DNS server of your router.
• Version 1.00 - First release.

Start Using QuickSetDNS

QuickSetDNS doesn't require any installation process or additional dll files. In order to start using it, simply run the executable file - QuickSetDNS.exe

After running QuickSetDNS, the main window allows you to easily choose the desired DNS servers to use on your Internet connection, by using the 'Set Active DNS' option (F2). By default, QuickSetDNS provides only one alternative: the public DNS servers of Google - 8.8.8.8 and 8.8.4.4 

You can easily add more DNS servers to the list by using the 'New DNS Server' option (Ctrl+N).

If the 'Automatic DNS' option is selected, then the DNS server information is received from your router automatically, using DHCP.

If you have multiple network adapters, you may need to choose the correct network adapter from the combo-box located just below the toolbar of QuickSetDNS. 

Download QuickSetDNS

[Nield v0.5.0] Network Interface Events Logging Daemon

nield (Network Interface Events Logging Daemon) is a tool that receives notifications from the kernel through the netlink socket, and generates logs related to interfaces, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), routing, FIB rules, traffic control.It can be configured using command-line options.

Options

the following options are supported.

Standard options:

-v
    Displays the version and exit.
-h
    Displays the usage and exit.
-p lock_file
    Specifies the log file to use. Default is "/var/run/nield.log", if not specified.
-s buffer_size
    Specifies the maximum socket receive buffer in bytes.

Logging options:
It uses the log file "/var/log/nield.log", if neither "-l" nor "-L" specified.

-l log_file
    Specifies the log file to use.
L syslog_facility
    Specifies the facility to use logging events via syslog.

    The standard syslog facilities are as follows:
        auth, authpriv, cron, daemon, ftp, kern, lpr, mail, mark, news, security, syslog,
        user, uucp, local0, local1, local2, local3, local4, local5, local6, local7
-d debug_file
    Specifies the debug file to use.

Download Nield v0.5.0

[Email Password Dump] Command-line Tool to Recover Lost Email Password from Outlook, Windows Live Mail, FoxMail, Thunderbird, MSN Messenger

Email Password Dump is the free command-line based all-in-one tool to instantly recover all your Email passwords from popular email clients and other desktop applications.

Currently it can recover your lost email passwords from following applications,

• Microsoft Outlook Express
• Microsoft Outlook 2002/XP/2003/2007/2010/2013
• Mozilla Thunderbird
• Windows Live Mail 2012
• IncrediMail
• Foxmail v6.x - v7.x
• Windows Live Messenger
• MSN Messenger
• Google Talk
• GMail Notifier
• PaltalkScene IM
• Pidgin (Formerly Gaim) Messenger
• Miranda Messenger
• Windows Credential Manager
  

It automatically discovers installed applications on your system and recovers all the stored passwords for email accounts like Gmail, Yahoo Mail, Hotmail, Windows Live Mail etc.

By default it dumps all the recovered passwords to console. It also allows you to save the email passwords to TEXT file.

Email Password Dump works on both 32-bit & 64-bit platforms starting from Windows XP to Windows 8.

Download Email Password Dump v1.0

[ImageCacheViewer] View images in the cache of your Web browser

ImageCacheViewer is a simple tool that scans the cache of your Web browser (Internet Explorer, Firefox, or Chrome), and lists the images displayed in the Web sites that you recently visited. 

For every cached image file, the following information is displayed: URL of the image, Web browser that was used to visit the page, image type, date/time of the image, browsing time, and file size. 

When selecting a cache item in the upper pane of ImageCacheViewer, the image is displayed in the lower pane, and you can copy the image to the clipboard by pressing Ctrl+M.

System Requirements And Limitations

• This utility works in any version of Windows, starting from Windows XP and up to Windows 8. Both 32-bit and 64-bit systems are supported.
• The following Web browsers are supported: Internet Explorer, Mozilla Firefox, SeaMonkey, and Google Chrome.
• ImageCacheViewer won't work if you configure your Web browser to clear the cache after closing it.
• It's recommended to close all windows of your Web browser before using ImageCacheViewer, to ensure that all cache files are saved to the disk.

Start Using ImageCacheViewer

ImageCacheViewer doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file - ImageCacheViewer.exe

After running ImageCacheViewer, it begins to scan the cache of your Web browser, and displays all cached images from Web sites you visited in the last day. If you want to get images from other days, you can remove or change the last 1-day filter from the 'Advanced Options' window (F9).

After the scanning process is finished, you can also watch the image in the lower pane of ImageCacheViewer, by selecting the desired item in the upper pane.

If from some reason ImageCacheViewer fails to detect the cache of your Web browser properly, you can go to 'Advanced Options' window (F9), and choose the desired cache folders to scan for each Web browser.

Download ImageCacheViewer

[WifiInfoView] WiFi Scanner for Windows 7/8/Vista

WifiInfoView scans the wireless networks in your area and displays extensive information about them, including: Network Name (SSID), MAC Address, PHY Type (802.11g or 802.11n), RSSI, Signal Quality, Frequency, Channel Number, Maximum Speed, Company Name, Router Model and Router Name (Only for routers that provides this information), and more... 

When you select a wireless network in the upper pane of this tool, the lower pane displays the Wi-Fi information elements received from this device, in hexadecimal format. 

WifiInfoView also has a summary mode, which displays a summary of all detected wireless networks, grouped by channel number, company that manufactured the router, PHY type, or the maximum speed.

Download WifiInfoView

[BlindElephant] Web Application Fingerprinter

The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. 

The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable.

Getting Started

BlindElephant can be used directly as a tool on the command line, or as a library to provide fingerprinting functionality to another program.

Pre-requisites:

• Python 2.6.x (prefer 2.6.5); users of earlier versions may have difficulty installing or running BlindElephant. 

Download BlindElephant

[EyeWitness] A Rapid Web Application Triage Tool

EyeWitness is a rapid web application triage tool designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

The author would love for EyeWitness to identify more default credentials of various web applications. So as you find devices which utilizes default credentials, please e-mail him the source code of the index page and the default credentials so he can add it in to EyeWitness. You can e-mail to EyeWitness [@] christophertruncer [dot] com.

Inspiration came from Tim Tomes’s PeepingTom Script. The author just wanted to change some things, and then it became a thought exercise to write it again himself.

EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap xml output, or nessus xml output. The -t (timeout) flag is completely optional, and lets you provice the max time to wait when trying to render and screenshot a web page. The –open flag, which is optional, will open the URL in a new tab within iceweasel.

Setup
Navigate into the setup directory and run the setup.sh script.

Usage

./EyeWitness.py -f filename -t optionaltimeout --open (Optional)

Examples

./EyeWitness -f urls.txt
./EyeWitness -f urls.xml -t 8 --open

Download  EyeWitness

[MobiSec] Mobile Security Testing Live Environment

The MobiSec Live Environment Mobile Testing open source project is a live environment for testing mobile environments, including devices, applications, and supporting infrastructure. The purpose is to provide attackers and defenders the ability to test their mobile environments to identify design weaknesses and vulnerabilities.

MobiSec provides a single environment for testers to leverage the best of all available open source mobile testing tools, as well as the ability to install additional tools and platforms, that will aid the penetration tester through the testing process as the environment is structured and organized based on an industry-proven testing framework. Using a live environment provides penetration testers the ability to boot the MobiSec Live Environment on any Intel-based system from a DVD or USB flash drive, or run the test environment within a virtual machine.

The MobiSec Live Environment is maintained as an open source project on Source Forge, and can be downloaded as an ISO by clicking on the Download link above.

Download MobiSec

[GoldenEye v2.1] DoS Tool

GoldenEye is a HTTP/S Layer 7 Denial-of-Service Testing Tool. It uses KeepAlive (and Connection: keep-alive) paired with Cache-Control options to persist socket connection busting through caching (when possible) until it consumes all available sockets on the HTTP/S server.

Changelog v2.1

• 2014-02-20 Added randomly created user agents (still RFC compliant).
• 2014-02-19 Removed silly referers and user agents. Improved randomness of referers. Added external user-agent list support.

Usage

USAGE: ./goldeneye.py <url> [OPTIONS]

OPTIONS:
 Flag Description Default
 -u, --useragents File with user-agents to use (default: randomly generated)
 -w, --workers Number of concurrent workers (default: 50)
 -s, --sockets Number of concurrent sockets (default: 30)
 -m, --method HTTP Method to use 'get' or 'post' or 'random' (default: get)
 -d, --debug Enable Debug Mode [more verbose output] (default: False)
 -h, --help Shows this help

Download GoldenEye v2.1

[USBDeview] View all installed/connected USB devices on your system

USBDeview is a small utility that lists all USB devices that currently connected to your computer, as well as all USB devices that you previously used.

For each USB device, extended information is displayed: Device name/description, device type, serial number (for mass storage devices), the date/time that device was added, VendorID, ProductID, and more...

USBDeview also allows you to uninstall USB devices that you previously used, disconnect USB devices that are currently connected to your computer, as well as to disable and enable USB devices. 

You can also use USBDeview on a remote computer, as long as you login to that computer with admin user.

Download USBDeview

[USBLogView] Records the details of any USB device that is plugged or unplugged into your system

USBLogView is a small utility that runs in the background and records the details of any USB device that is plugged or unplugged into your system. For every log line created by USBLogView, the following information is displayed: Event Type (Plug/Unplug), Event Time, Device Name, Description, Device Type, Drive Letter (For storage devices), Serial Number (Only for some types of devices), Vendor ID, Product ID, Vendor Name, Product Name, and more...

You can easily select one or more log records and then export them into csv/tab-delimited/xml/html file.

System Requirements

• This utility works on any version of Windows, starting from Windows 2000 and up to Windows 7. Both 32-bit and 64-bit systems are supported. Be aware that at this moment USBLogView doesn't work on Windows 8. 

Download USBLogView

[Parsero] Robots.txt audit tool

Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries. The Disallow entries are the URL path of directories or files hosted on a web server which the administrators don't want to be indexed by the crawlers. For example, "Disallow: /portal/login" don't allow to www.example.com/portal/login be indexed by the search engines like Google, Bing, Yahoo... so nobody can locate it when searching on them.

Sometimes these paths typed in the Disallows entries are directly accessible by the users (without using a search engine) just visiting the URL and the Path and sometimes they are not available to be visited by anybody... Because it is really common that the administrators write a lot of Disallows and some of them are available and some of them are not, you can use Parsero in order to check the HTTP status code of each Disallow entry in order to check automatically if these directories are available or not.

When you execute Parsero, you can see the HTTP status codes. For example, the codes bellow:

200 OK          The request has succeeded.
403 Forbidden   The server understood the request, but is refusing to fulfill it.
404 Not Found   The server hasn't found anything matching the Request-URI.
302 Found       The requested resource resides temporarily under a different URI.
...

Also, that the administrator write a robots.txt, it doesn't mean that the files or direcotories typed in this file will not be indexed by Bing, Google, Yahoo... For this reason, Parsero is capable of searching in Bing to locate content indexed whithout the web administrator authorization.

Download Parsero

[WiFi Network Monitor] Tool to Watch/Monitor your Wireless network from hackers/rogue/unauthorised users

WiFi Network Monitor is the free tool to remotely scan and discover all the systems connected to your Wireless network.

It helps you to keep a watch on your Wi-Fi network and safe guard it from Hackers as well as other unauthorised users.

Its swift scan powered by 'ARP based Multi-threading' technique enables you to scan the entire network in just few seconds. It can detect all the systems connected to your Wi-Fi network including desktops, laptops, mobiles, home systems and other portable devices.

By default, it automatically finds IP address range of your network. However you can also perform 'Manual Scan' of only certain portion of the network.

For each system, it displays IP address, Host name, MAC address and current status during the scan operation. It also identifies the Router as well as your local computer among the discovered devices.

Being GUI based tool makes it very easy to use with just a click of button.

Wi-Fi Network Monitor is fully portable and works on all platforms starting from Windows XP to Windows 8.

Download WiFi Network Monitor v1.0

[WirelessKeyView] Recover lost wireless network key

WirelessKeyView recovers all wireless network security keys/passwords (WEP/WPA) stored in your computer by the 'Wireless Zero Configuration' service of Windows XP or by the 'WLAN AutoConfig' service of Windows Vista, Windows 7, Windows 8, and Windows Server 2008. It allows you to easily save all keys to text/html/xml file, or copy a single key to the clipboard. You can also export your wireless keys into a file and import these keys into another computer.

Download WirelessKeyView

[Microsoft Network Monitor 3.4] Tool to allow capturing and protocol analysis of network traffic

Microsoft's Network Monitor is a tools that allow capturing and protocol analysis of network traffic. Network Monitor 3 is a protocol analyzer. It enables you to capture, to view, and to analyze network data. You can use it to help troubleshoot problems with applications on the network. This article contains download and support information, installation notes, and general usage information about Network Monitor 3. Network Monitor 3.4 is the latest version.

Network Monitor 3 is a complete overhaul of the earlier Network Monitor 2.x version. Some key features of Network Monitor 3 include the following:

• Script-based parser model with frequent updates
• Concurrent live capture sessions
• Support for Windows 7
• Support for 32-bit platforms and for 64-bit platforms
• Support for network conversations and process tracking
• API to access capture and parsing engine
• Wireless Monitor Mode Capturing

Supported Operating System

Windows 7, Windows 8, Windows Server 2003 Service Pack 2, Windows Server 2003 Service Pack 2 x64 Edition, Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 R2 for Itanium-based Systems, Windows Server 2012, Windows Vista 64-bit Editions Service Pack 1, Windows Vista Service Pack 1, Windows XP 64-bit, Windows XP Service Pack 3

Hardware

• 1 GHz or greater CPU
• 1 GB or greater memory
• 60 MB free hard disk space plus extra room for capture files

Download Microsoft Network Monitor 3.4

[bWAPP] an extremely buggy web application!

bWAPP, or a buggy web application, is a deliberately insecure web application.

bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares to conduct successful penetration testing and ethical hacking projects.

What makes bWAPP so unique? Well, it has over 60 web bugs! It covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project.

bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux and Windows using Apache/IIS and MySQL. It can be installed with WAMP or XAMPP.

Another possibility is to download bee-box, a custom VM pre-installed with bWAPP.

This project is part of the ITSEC GAMES project. ITSEC GAMES are a fun approach to IT security education. IT security, ethical hacking, training and fun... all mixed together.

You can find more about the ITSEC GAMES and bWAPP projects on our blog.

Download bWAPP

[VNC Password Recovery v2.0] All-in-one VNC Password Decoder Tool

VNC Password Recovery is the FREE software to instantly recover VNC password stored by popular VNC Servers.

It automatically detects the encrypted VNC password stored in the file system or registry by various VNC server applications. Then it quickly decrypts it and display the original VNC password.

Currently it supports password recovery from following popular VNC servers.

• UltraVNC
• RealVNC
• TightVNC
• TigerVNC

In addition to this, it can also recover passwords stored by most of the old variants of VNC servers.

It supports both automatic & manual mode of VNC password recovery. If the password is not found automatically or the password is from different system, then you can easily switch to 'Manual Mode' and enter the encrypted password to recover it.


Now with version v1.5 onwards, it supports command-line mode making it useful for penetration testers and forensic investigators.

It works on both 32 bit & 64 bit platforms starting from Windows XP to latest operating system, Windows 8.

Download VNC Password Recovery v2.0

[Responder] a LLMNR and NBT-NS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server

Responder is a LLMNR and NBT-NS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

This tool is first an LLMNR and NBT-NS responder, it will answer to specific NBT-NS (NetBIOS Name Service) queries based on their name suffix (see: http://support.microsoft.com/kb/163409). By default, the tool will only answers to File Server Service request, which is for SMB. The concept behind this, is to target our answers, and be stealthier on the network. This also helps to ensure that we don't break legitimate NBT-NS behavior. You can set the -r option to "On" via command line if you want this tool to answer to the Workstation Service request name suffix.

FEATURES

• Built-in SMB Auth server. Supports NTLMv1, NTLMv2 hashes with Extended Security NTLMSSP by default. Successfully tested from Windows 95 to Server 2012 RC, Samba and Mac OSX Lion. Clear text password is supported for NT4, and LM hashing downgrade when the --lm option is set to On. This functionality is enabled by default when the tool is launched.
• Built-in MSSQL Auth server. In order to redirect SQL Authentication to this tool, you will need to set the option -r to On(NBT-NS queries for SQL Server lookup are using the Workstation Service name suffix) for systems older than windows Vista (LLMNR will be used for Vista and higher). This server supports NTLMv1, LMv2 hashes. This functionality was successfully tested on Windows SQL Server 2005 & 2008.
• Built-in HTTP Auth server. In order to redirect HTTP Authentication to this tool, you will need to set the option -r to On for Windows version older than Vista (NBT-NS queries for HTTP server lookup are sent using the Workstation Service name suffix). For Vista and higher, LLMNR will be used. This server supports NTLMv1, NTLMv2 hashes and Basic Authentication. This server was successfully tested on IE 6 to IE 10, Firefox, Chrome, Safari. Note: This module also works for WebDav NTLM authentication issued from Windows WebDav clients (WebClient). You can now send your custom files to a victim.
• Built-in HTTPS Auth server. In order to redirect HTTPS Authentication to this tool, you will need  to set the -r option to On for Windows versions older than Vista (NBT-NS  queries for HTTP server lookups are sent using the Workstation Service  name suffix). For Vista and higher, LLMNR will be used. This server  supports NTLMv1, NTLMv2, and Basic Authentication. This server  was successfully tested on IE 6 to IE 10, Firefox, Chrome, and Safari.  The folder Cert/ was added and contain 2 default keys, including a dummy  private key. This is intentional, the purpose is to have Responder  working out of the box. A script was added in case you need to generate  your own self signed key pair.
• Built-in LDAP Auth server. In order to redirect LDAP Authentication to this tool, you will need to set the option -r to On for Windows version older than Vista (NBT-NS queries for HTTP server lookup are sent using the Workstation Service name suffix). For Vista and higher, LLMNR will be used. This server supports NTLMSSP hashes and Simple Authentication (clear text authentication). This server was successfully tested on Windows Support tool "ldp" and LdapAdmin.
• Built-in FTP Auth server. This module will collect FTP clear text credentials.
• Built-in small DNS server. This server will answer type A queries. This is really handy when it's combined with ARP spoofing.
• All hashes are printed to stdout and dumped in an unique file John Jumbo compliant, using this format: (SMB or MSSQL or HTTP)-(ntlm-v1 or v2 or clear-text)-Client_IP.txt The file will be located in the current folder.
• Responder will logs all its activity to a file Responder-Session.log.
• When the option -f is set to "On", Responder will fingerprint every host who issued an LLMNR/NBT-NS query. All capture modules still work while in fingerprint mode.
• Browser Listener finds the PDC in stealth mode.
• Icmp Redirect for MITM on Windows XP/2003 and earlier Domain members. This attack combined with the DNS module is pretty effective.
• WPAD rogue transparent proxy server. This module will capture all HTTP requests from anyone launching Internet Explorer on the network. This module is higly effective. You can now send your custom Pac script to a victim and inject HTML into the server's responses. See Responder.conf. This module is now enabled by default.
• Analyze mode: This module allows you to see NBT-NS, BROWSER, LLMNR requests from which workstation to which workstation without poisoning any requests. Also, you can map domains, MSSQL servers, workstations passively, see if ICMP Redirects attacks are plausible on your subnet.
• Responder is now using a configuration file. See Responder.conf.
• Built-in POP3 auth server. This module will collect POP3 plaintext credentials
• Built-in SMTP auth server. This module will collect PLAIN/LOGIN clear text credentials.
  
  

CONSIDERATIONS

• This tool listen on several port: UDP 137, UDP 138, UDP 53, UDP/TCP 389,TCP 1433, TCP 80, TCP 139, TCP 445, TCP 21, TCP 3141,TCP 25, TCP 110, TCP 587 and Multicast UDP 5553. If you run Samba on your system, stop smbd and nmbd and all other services listening on these ports. For Ubuntu users: Edit this file /etc/NetworkManager/NetworkManager.conf and comment the line : "dns=dnsmasq". Then kill dnsmasq with this command (as root): killall dnsmasq -9
• Any rogue server can be turn off in Responder.conf.
• You can set a network interface via command line switch -I. Default is all.
• This tool is not meant to work on Windows.

Download Responder