[IronWASP v0.9.7.5] Open Source Advanced Web Security Testing Platform

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners. 

IronWASP has a plugin system that supports Python and Ruby. The version of Python and Ruby used in IronWASP is IronPython and IronRuby which is syntactically similar to CPython and CRuby. However some of the standard libraries might not be available, instead plugin authors can make use of the powerful IronWASP API. 

One of the design goals of IronWASP is to be usable without reading a documentation. So whether you want to use the UI or do awesome things in the scripting shell, you can dive right in.

The UI has a clean design with helpful wizards for complex tasks, small snippets of text descriptions in different sections and 'Help' sections all over the tool that provide contextual documentation when required.

If you want to do scripting then make use of the 'Script Creation Assistant' that can take you requirement and create the script automatically for you. You could be someone who is trying to learn scripting or an experienced scripting ninja, you will find this feature to be extremly useful.

If you want to create a new vulnerabilty check or write your own security tool in the shortest possible time using the powerful API of IronWASP then use the 'Coding Assistants' available in the 'Dev Tools' menu.

Download IronWASP v0.9.7.5

Read more

[IPNetInfo v1.53] Retrieves IP Address Information

IPNetInfo is a small utility that allows you to easily find all available information about an IP address: The owner of the IP address, the country/state name, IP addresses range, contact information (address, phone, fax, and email), and more.

This utility can be very useful for finding the origin of unsolicited mail. You can simply copy the message headers from your email software and paste them into IPNetInfo utility. IPNetInfo automatically extracts all IP addresses from the message headers, and displays the information about these IP addresses. 

Download IPNetInfo v1.53

Read more

[pMap v1.10] Passive Discovery, Scanning, and Fingerprinting

Discovery, Scanning, and Fingerprinting via Broadcast and Multicast Traffic

Features

• Reveals open TCP and UDP ports
• Uses UDP, mDNS, and SSDP to identify PCs, NAS, Printers, Phones, Tablets, CCTV, DVR, and Others
• Device Type, Make, and Model
• Operating Systems and Version
• Service Versions and Configuration
• Stand-Alone (Nmap-like output) or Agent Mode (SYSLOG)
• Metasploit Script Included

Download pMap v1.10

Read more

[Rootkit Hunter] Scanning tool to ensure you for about 99.9%* you're clean of nasty tools

Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

- MD5 hash compare

- Look for default files used by rootkits

- Wrong file permissions for binaries

- Look for suspected strings in LKM and KLD modules

- Look for hidden files

- Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use.

* No, not really 99.9%.. It's just another security layer 

System requirements:

- Compatible operating system (see 'Supported operating systems')

- Bourne Again Shell (BASH)

Dowload Rootkit Hunter

Read more

[Fing] Tool for Network Scan and Analysis for iPhone

Highlight of features: 

+ Discovers all devices connected to a Wi-Fi network. No limitation! 

+ Displays the MAC Address and up-to-date Vendor names. 

+ Customize names, icons and notes. 

+ Wake On LAN. Switch on your cable-connected devices.

+ History of all discovered networks. You can review and edit your past scans at any time, also offline. 

+ Checks the availability of Internet connection, reporting the geographic location of the ISP (Internet Service Provider). 

+ Share a detailed report of any scan via email

+ Search devices by IP, MAC, Name, Vendor and Notes

+ In-app settings

+ Scans the open ports to find available services. It uses a fast engine that supports hundreds of well-known ports, that you can customize with your own

+ Translates IP addresses to its Domain Names, and reverse 

+ Works also with hosts outside your local network

+ Tracks when a device has gone UP or DOWN, keeping disconnected devices in the list.

+ Discovers NetBIOS names.

+ Supports identification by IP address. Allows to customize nodes hidden behind a network switch.

+ Can sort devices by IP, MAC, Name, Vendor, State, Last Change.

+ Free of charge, Free of Ads 

+ Integrates with Fingbox to sync and backup your customizations, merge networks with multiple access points, monitor remote networks via Fingbox Sentinels, get notifications of changes, and much more.

Fing is born from the ashes of the famous Look@LAN, with a brand-new engine that makes it even faster and smarter! Available also for Windows, Mac OS X, Linux and more platforms!

Download Fing

Read more

[Vega v1.0 Build 108] Web Security Scanner

Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows. 

Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web: Javascript.

 Features

• Automated Crawler and Vulnerability Scanner
• Consistent UI
• Website Crawler
• Intercepting Proxy
• SSL MITM
• Content Analysis
• Extensibility through a Powerful Javascript Module API
• Customizable alerts
• Database and Shared Data Model

Some of the features in the 1.0 release include:

• Active proxy scanner
• Greatly improved detections
• Greatly improved support for authenticated scanning
• API enhancements
• HTTP message viewer enhancements

Modules

• Cross Site Scripting (XSS)
• SQL Injection
• Directory Traversal
• URL Injection
• Error Detection
• File Uploads
• Sensitive Data Discovery

Download Vega v1.0 Build 108

Read more

[flunym0us] Vulnerability Scanner for Wordpress and Moodle

Flunym0us is a Vulnerability Scanner for Wordpress and Moodle designed by Flu Project Team.

Flunym0us has been developed in Python. Flunym0us performs dictionary attacks against Web sites. By default, Flunym0us includes a dictionary for Wordpress and other for Moodle.

Operation

Flunym0us requires python.

Arguments allowed:

-h, --help: Show this help message and exit

-wp, --wordpress: Scan WordPress site

-mo, --moodle: Scan Moodle site

-H HOST, --host HOST: Website to be scanned

-w WORDLIST, --wordlist WORDLIST: Path to the wordlist to use

-t TIMEOUT, --timeout TIMEOUT: Connection timeout

-r RETRIES, --retries RETRIES: Connection retries

-p PROCESS, --process PROCESS: Number of process to use

-T THREADS, --threads THREADS: Number of threads (per process) to use

Versions

Flunym0us is distributed under the terms of GPLv3 license

ChangeLog 1.0:

[+] Search Wordpress Plugins

[+] Search Moodle Extensions

ChangeLog 2.0:

[+] http user-agent hijacking

[+] http referer hijacking

[+] Search Wordpress Version

[+] Search Wordpress Latest Version

[+] Search Version of Wordpress Plugins

[+] Search Latest Version of Wordpress Plugins

[+] Search Path Disclosure Vulnerabilities

[+] Search Wordpress Authors  

Download flunym0us

Read more