[ByteScanner] Check your file that dangerous or not

This website is web service for checking file that you're uploaded is the malicious file or not. It's similar Virustotal.com, try it by yourself.

ByteScanner

[Syhunt Sandcat Browser v4.1] A Penetration-oriented browser (extented to Web Application Assessment)

Sandcat Browser 4 brings unique features that are useful for pen-testers and web developers. Sandcat is built on top of Chromium, the same engine that powers the Google Chrome browser, and uses the Lua programming language to provide extensions and scripting support.

Features

• Live HTTP Headers — built-in live headers with a dedicated cache per tab and support for preview extensions
• Sandcat Console — an extensible command line console; Allows you to easily run custom commands and scripts in a loaded page
• Resources tab — allows you to view the page resources, such as JavaScript files and other web files.
• Page Menu extensions — allows you to view details about a page and more.
• Pen-Tester Tools — Sandcat comes with a multitude of pen-test oriented extensions. This includes a Fuzzer, a Script Runner, HTTP & XHR Editors, Request Loader, Request Replay capabilities and more.

Pentesting tools

• Cookies and Cache Viewers
• JavaScript Executor extension — allows you to load and run external JavaScript files
• Lua Executor extension — allows you to load and run external Lua scripts
• Page Menu extensions — allows you to view the page headers, cookies, whois information and more
• Request Editor extension with request loading capabilities
• Request Editor (Low-Level version)
• Request Viewer — allows you to view details about a request or replay a request.
• Ruby Console extension
• Sandcat Tasks (Extensions that run as isolated processes):
  • Fuzzer extensions with multiple modes and support for filters
  • CGI Scanner extension
  • HTTP Brute Force
• Script Runner extension — can execute scripts in a variety of languages
• Tor Button extension — Anonymity for standard browsing
• XHR Editor
• Various Encoders/Decoders, new Sandcat Console commands, security related search engine options, and more

Web application hacking is based on QuickInject

QuickInject is an extensive toolkit for manual web application security assessment. QuickInject allows to tailor injection requests that you can send or load using Sandcat, and can be used for performing a number of different operations, such as URL and POST Data Manipulation, Filter Evasion, as well as Referer and User-Agent Spoofing, and HTTP Header Manipulation. In addition to the capability to build requests, QuickInject can also be used to execute JavaScript in a loaded page. The first release of QuickInject is focused on File Inclusion, XSS and SQL Injection and comes with the following options:

• SQL Injection functions
  • Filter Evasion – Database-Specific String Escape (CHAR & CHR). Conversion of strings to quoted strings, conversion of spaces to comment tags or new lines
  • Filter Evasion (MySQL-Specific) – String Concatenation, Percent Obfuscation & Integer Representation (eg: ’26′ becomes ‘ceil(pi()*pi())*(!!!pi()+true)+ceil(@@version)’, a technique presented by Johannes Dahse).
  • UNION Statement Maker
  • Quick insertion of common injections covering DB2, Informix, Ingres, MySQL, MSSQL, Oracle & PostgreSQL
• File Inclusion functions
  • One-Click Log Poisoning
  • Quick Shell Upload code generator
  • PHP String Escape (chr)
• Cross-Site Scripting (XSS) functions
  • Filter Evasion – JavaScript String Escape (String.fromCharCode), CSS Escape
  • Various handy alert statements for testing for XSS vulnerabilities.
• Hash functions
  • MD5 Hash Crackers – Built-in (offline) and online MD5 hash crackers
  • Hash Generators – MD5, SHA-1, SHA-2 (224, 256, 384 & 512), GOST, HAVAL (various), MD2, MD4, RIPEMD (128, 160, 256 & 320), Salsa10, Salsa20, Snefru (128 & 256), Tiger (various) & WHIRLPOOL
• Encoders/Decoders
  • URL Encoder/Decoder
  • Hex Encoder/Decoder – Converts a string or integer to hexadecimal or vice-versa (multiple output formats supported).
  • Base64 Encoder/Decoder
  • CharCode Converter – Converts a string to charcodes (eg: ‘abc’ becomes ’97,98,99′) or vice-versa.
  • IP Obfuscator – Converts an IP to dword, hex or octal.
  • JavaScript Encoders – Such as JJEncode by Yosuke HASEGAWA
• HTML functions
  • HTML Escape/Unescape
  • HTML Entity Encoder/Decoder – Decimal and hexadecimal HTML entity encoders & decoders
  • JavaScript String Escape
• Text Manipulation functions – Uppercase, Lowercase, Swap Case, Title Case, Reverse, Shuffle, Strip Slashes, Strip Spaces, Add Slashes, Char Separator
• Time-Based Blind Injection code – Covering MySQL, MSSQL, Oracle, PostgreSQL, Server-Side JavaScript & MongoDB
• CRC Calculators – CRC16, CRC32, CRC32b, and more.
• Classical Ciphers – ROT13 & ROT[N]
• Checksum Calculators – Adler-32 & Fletcher
• Buffer Overflow String Creator
• Random String & Number Generation functions
• URL Splitter
• Useful Strings – Math, character sets and more.

Download Syhunt Sandcat Browser v4.1

[iodine] Tunnel application to forward IPv4 traffic through DNS servers (IP over DNS)

iodine lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed.

It runs on Linux, Mac OS X, FreeBSD, NetBSD, OpenBSD and Windows and needs a TUN/TAP device. The bandwidth is asymmetrical with limited upstream and up to 1 Mbit/s downstream.

Compared to other DNS tunnel implementations, iodine offers:

Higher performance

iodine uses the NULL type that allows the downstream data to be sent without encoding. Each DNS reply can contain over a kilobyte of compressed payload data.

Portability

iodine runs on many different UNIX-like systems as well as on Win32. Tunnels can be set up between two hosts no matter their endianness or operating system.

Security

iodine uses challenge-response login secured by MD5 hash. It also filters out any packets not coming from the IP used when logging in.

Less setup

iodine handles setting IP number on interfaces automatically, and up to 16 users can share one server at the same time. Packet size is automatically probed for maximum downstream throughput.

See the README, the CHANGELOGand the man page

Download iodine

[WhatWeb v0.4.7] The Content Management Systems (CMS) Technology Scanner

WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.

WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to control the trade off between speed and reliability. When you visit a website in your browser, the transaction includes many hints of what web technologies are powering that website. Sometimes a single webpage visit contains enough information to identify a website but when it does not, WhatWeb can interrogate the website further. The default level of aggression, called ‘passive’, is the fastest and requires only one HTTP request of a website. This is suitable for scanning public websites. More aggressive modes were developed for in penetration tests.

Most WhatWeb plugins are thorough and recognise a range of cues from subtle to obvious. For example, most WordPress websites can be identified by the meta HTML tag, e.g. ‘‘, but a minority of WordPress websites remove this identifying tag but this does not thwart WhatWeb. The WordPress WhatWeb plugin has over 15 tests, which include checking the favicon, default installation files, login pages, and checking for “/wp-content/” within relative links.

Features:

* Over 900 plugins

* Control the trade off between speed/stealth and reliability

* Plugins include example URLs

* Performance tuning. Control how many websites to scan concurrently.

* Multiple log formats: Brief (greppable), Verbose (human readable), XML, JSON, MagicTree, RubyObject, MongoDB.

* Recursive web spidering

* Proxy support including TOR

* Custom HTTP headers

* Basic HTTP authentication

* Control over webpage redirection

* Nmap-style IP ranges

* Fuzzy matching

* Result certainty awareness

* Custom plugins defined on the command line

Example Usage

Using WhatWeb on a couple of websites:

Using a higher aggression level to identify the version of Joomla in use.

Download WhatWeb v0.4.7

[ThreatFactor NSIA v1.0.6] Network System Integrity Analysis

ThreatFactor NSIA is a website scanner that monitors websites in real-time in order to detect defacements, compliance violations, exploits, sensitive information disclosure and other issues. ThreatFactor detects issues remotely and therefore requires no software to install, does not introduce any latency and will not interrupt business operations. At it’s core, ThreatFactor uses an advanced analysis engine that is capable of detecting a wide variety of issues and can be modified with custom signatures.

NSIA can be configured perform almost any action once an issue is identified, such as sending a text message (IM, email, SMS) or executing a script.

Type of Issues Detected

The ThreatFactor solution was designed specifically to help organizations quickly identify issues on your websites that may tarnish your organization’s image or adversely affect your customers, partners and employees such as:

Website Defacements

Malicious users are trolling the Internet specifically for websites to deface. Oftentimes, these websites contain offensive language or images and likely result in tarnished image.

Compliance and Privacy Issues

ThreatFactor can detect issues that may adversely affect compliance or user privacy such as: forms that submit passwords unencrypted, pages that accept user information but don’t include a privacy policy, etc.

Web Exploits

Oftentimes, attackers compromise a website and install exploits to attack the website visitors. These are often classified as silent defacements since the site does not look like it was visually changed. Sophos noted that the vast majority of websites hosting malware (around 80%) are legitimate sites that have been compromised . Furthermore, ThreatFactor can detect websites that have been modified in such a way to send private customer information (such as login information) to a third party.

Sensitive Information Leaks

Websites can leak sensitive information through detailed error messages, misinformed blogger employees, and files that were not intended to be provided to the public.

System Failures

ThreatFactor can detect many types of website system problems such as:

• Broken Links
• Error and warning messages
• Poorly configured servers or servers with default configuration
• Expired SSL certificates
• Server errors

Key Features

Automatic Content Baselining and Self-Tuning

ThreatFactor automatically creates analyzes monitored sites and establishes a baseline; the baseline is used to self-tune the system in order to reduce the rate of false alerts and to increase the sensitivity to potentially unauthorized changes.

Automatic Web-Content Discovery

ThreatFactor automatically discovers the content associated with monitored websites; oftentimes finding hidden or unexpected content.

Built-In Web Interface

ThreatFactor features an built-in web-server that makes administration easy using a web-browser.

Comprehensive Signature Set

Includes over 2000 signatures for issues ranging from exploits and privacy problems to offensive language.

Full Access Controls

The ThreatFactor servers supports rights, object-level access controls that can be applied to users and groups.

Integrated Custom Signature Editor

A syntax highlighting signature editor is provided for writing custom ThreatPattern and ThreatScript signatures.

SIEM Integration

ThreatFactor can log to a an external device such as a Security Information Event Management (SIEM) tool or log management solution.

Integrated Database

ThreatFactor features an integrated database and eliminates the need for a DBA.

Download ThreatFactor NSIA v1.0.6

[vFeed & vFeed API] The open source cross-linked local vulnerability database

vFeed is an open source naming scheme concept that provides extra structured detailed 3rd parties references for a CVE entry. While the emergence of the Open Standards helped undeniably to shape a new way to communicate about vulnerabilities1, the new vFeed is adding an intelligent structured xml feed that provides effective level of information (meta-data) related to vulnerability.

Internally, vFeedCore (not published yet) collects the basis xml feeds which are generated by reliable references and correlates it across multiple information sources. Here are examples of 3rd parties sources (just to name a few):

• Security standards
• CVE (http://cve.mitre.org)
• CWE (http://cwe.mitre.org)
• CPE (http://cpe.mitre.org)
• OVAL (http://oval.mitre.org)
• CAPEC (http://capec.mitre.org)
• CVSS (http://www.first.org/cvss)

• Vulnerability Assessment & Exploitation IDs (Metasploit, Saint Corporation, Nessus Scripts, ZDI, Exploit-DB, milw0rm)

• Vendors Security Alerts
  • Microsoft MS
  • Mandriva
  • Redhat
  • Cisco
  • Sun
  • Gentoo
  • Apple
  • ...

Key features

• Built using open source technologies
• Fully downloadable SQLite local vulnerability database
• Structured new XML format to describe vulnerabilities
• Based on major open standards CVE, CPE, CWE, CVSS..
• Support correlation with 3rd party security references (CVSS, OSVDB, OVAL…)
• Extended to support correlation with security assessment and patch vendors (Nessus, Exploit-DB, Redhat, Microsoft..)
• Simple & ready to use Python module with more than 15 methods

Target Audience

• Penetration testers who want to analyze CVEs and gather extra information to help shape avenues to exploit vulnerabilities.
• Security auditors who want to report accurate information about findings. vFeed could be the best way to describe a CVE with attributes based on standards and 3rd party references as vendors or companies involved into standarization efforts.
• Security tools vendors / security open source developers who need to implement libraries to enumerate useful information about CVEs without wasting time to correlate and to create a proprietary database. vFeed is by far the best solution. Methods can be invoked from programs or scripts with a simple call.
• Any security hacker who is conducting researches and need a very fast and accurate way to enumerate available exploits or techniques to check a vulnerability

Download vFeed & vFeed API

[JBrute v0.9.4] Open Source Security tool to audit hashed passwords

JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-auditing scenarios.

Java Runtime version 1.7 or higher is required for running JBrute.

Features

• Muli-platform support (by Java VM)
• Several hashing algorithms supported
• Flexible chained hashes decryption (like MD5(SHA1(MD5())))
• Both brute force and dictionary decryption methods supported
• Build-In rule pre-processor for dictionary decryption
• Multi-threading support for brute force decryption

Supported algorithms:

• MD5
• MD4
• SHA-256
• SHA-512
• MD5CRYPT
• SHA1
• ORACLE-10G
• ORACLE-11G
• NTLM
• LM
• MSSQL-2000
• MSSQL-2005
• MSSQL-2012
• MYSQL-322
• MYSQL-411
• POSTGRESQL
• SYBASE-ASE1502

Download JBrute v0.9.4