[sniffMyPackets v1.0] A Maltego Set of Transforms for pcap analysis

sniffMyPackets is a set of Maltego transforms written using the Canari framework that allow for the analysis of pcap files.

Currently there are over 60 transforms that cover things such as:

• extracting TCP/UDP streams
• rewriting IP src/dst addresses for pcap replay
• SHA1 & MD5 hashing
• Rebuilding of files from pcap files
• Capturing packets from specified interfaces

You can still watch some Videos showing features and how to run sniffMyPackets

Download sniffMyPackets v1.0

[Umap] The USB host security assessment tool

umap is a tool which allows you to test the security of USB host implementations i.e. something you plug a USB device into, like a PC or a tablet. Its primary function at the moment is a fuzzer with test cases based on a combination of data from standards documentation and the author's experience of where USB bugs are commonly found. However, it also has additional functionality that will be expanded further in future versions, for example:

• Operating system identification
• Installed application identification
• Vendor-specific driver enumeration
• Endpoint Protection System assessment

Download Umap

[JBrute] Open Source Security tool to audit hashed passwords

JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-auditing scenarios.

Java Runtime version 1.7 or higher is required for running JBrute.

Supported algorithms:

• MD5
• MD4
• SHA-256
• SHA-512
• MD5CRYPT
• SHA1
• ORACLE-10G
• ORACLE-11G
• NTLM
• LM
• MSSQL-2000
• MSSQL-2005
• MSSQL-2012
• MYSQL-322
• MYSQL-411
• POSTGRESQL
• SYBASE-ASE1502
• INFORMIX-1170

Dowload JBrute

[Retire.js] Command line Scanner and Chrome plugin

Retire.js is a command line scanner that helps you identify dependencies with known vulnerabilites in your application. Using the provided Grunt plugin you can easily include Retire.js into your build process. Retire.js also provides a chrome extension allowing you to detect libraries while surfing your website.

To detect a given version of a given component, Retire.js uses filename or URL. If that fails, it will download/open the file and look for specific comments within the file. If that also fails, there is the possibility to use hashes for minified files. And if that fails as well, the Chrome plugin will run code in a sandbox to try to detect the component and version. This last detection mechanims is not available in the command line scanner, as running arbitrary JavaScript-files in the node-process could have unwanted consequences. If anybody knows of a good way to sandbox the code on node, feel free to register and issue or contribute.

It's important to note that even though your site is using a vulnerable library, that does not necessarily mean your site is vulnerable. It depends on whether and how your site exercises the vulnerable code. That said, it's better to be safe than sorry.

Download Retire.js

[Instant PDF Password Remover] Free PDF Password & Restrictions Removal Tool

Instant PDF Password Remover is the FREE tool to instantly remove Password of protected PDF document. It can remove both User & Owner password along with all PDF file restrictions such as Copy, Printing, Screen Reader etc.

Often we receive password protected PDF documents in the form of mobile bills, bank statements or other financial reports. It is highly inconvenient to remember or type these complex and long passwords.

'Instant PDF Password Remover' helps you to quickly remove the Password from these PDF documents. Thus preventing the need to type these complex/long password every time you open such protected PDF documents.

Note that it cannot help you to remove the unknown password. It will only help you to remove the KNOWN password so that you don't have to enter the password everytime while opening the PDF file.

It makes it even easier with the 'Right Click Context Menu' integration. This allows you to simply right click on the PDF file and launch the tool. Also you can Drag & Drop PDF file directly onto the GUI window to start the password removal operation instantly.

It can unlock PDF document protected with all versions of Adobe Acrobat Reader using different (RC4, AES) encryption methods. 

Download Instant PDF Password Remover v3.0 

[FoxOne] Free OSINT Tool - Server Reconnaissance Scanner

FoxOne is a free OSINT tool, described by the author (th3j35t3r) as a Non-Invasive and Non-Detectable Server Reconnaissance Scanner.

Bypassing API limitations and currently detecting 6500+ vulnerable server paths/files – without ever touching the target server. Very good for getting hold of intel on a given domain (example.com). The intel gained serves both as actionable in the sense that it could be directly used to help root a box, while at the same time giving a good overview of stuff thats present on the box and where it is within the directory structure.

FoxOne Scanner creates a report and dumps it on your Desktop.

Features

• Anti False-Positive Measures
• Bot Stealth Measures
• Modular Framework for easy importing of new modules.

Requirements

• MySQL Server
• PHP5
• PHP-GD Library
• PHP-MySQL
• Festival (text to speech)

Installation

1). Create a MySQL database anywhere (localhost is fine).

2). Import ‘foxone.sql’ into the database you just created.

3). Edit ‘foxone’ adding the details of the database you just setup.

You can download FoxOne Scanner here:

Download FoxOne

[Laudanum] Collection of injectable files

Laudanum is a collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments.They provide functionality such as shell, DNS query, LDAP retrieval and others.

Download Laudanum