Hostscan - PHP tool for scanning specific range of hosts

Hostscan is a php tool which allows you to scan specific range of hosts, mostly for information gathering and testing for weak passwords. I guess it's a pentest tool, i'd created it to automate some tests that i often do. Since it's PHP, it works quite slowly compared to client-side soft.

How it works?

• You need to provide range of ip's (e.g. 127.0.0.1 - 127.0.0.10); program will perform operations on each address separately, basing on selected options, then it will print out the response.
• By default, program will only check open ports, print http response headers, test for HTTP methods and check FTP for anonymous login.
• If 'SSH/IMAP/DB's' are checked, program will try to bruteforce SSH,IMAP,MySQL,PostgreSQL & MsSQL using array of passwords and users defined on the beggining of script. Notice, that it will try to login as user with grand permissions (e.g. root, postgres), although you're able to edit it.
• If 'FTP User' is set, program will also try to bruteforce FTP with specific user using mentioned passwords array. By default it's not, and it will only test for anonymous login.
• If 'Deep Scan' is set, program will perform all aforementioned operations. Further, it will use nmap with specific parameters you're able to edit, also, the traceroute scan will be performed and displayed - just like nmap. Deep Scan also gather some useful informations about a website (if it's running), such as interesting files/folders and www title.
• ?url=website.com for quick IP address of specific website....so - what it does it do? Nmap, traceroute, port scan, ftp anonymous login, ftp/ssh/imap/mysql/pgsql/mssql bruteforce, http (website) info gathering, Crawler accepts as a parameter array of files and folders that you can manually edit, just like others options.

Download Hostscan

Read more

OWASP ZAP v2.3.1 - An easy to use integrated penetration testing tool for finding vulnerabilities in web applications

OWASP Zed Attack Proxy (ZAP) An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

Changelog v2.3.1

The following changes were made in this release:

• ZAP changes request data (while switching views) ( Issue 81 )
• Unfulfilled dependencies hang the active scan ( Issue 377 )
• Cant remove scripts marked as ‘load on start’ ( Issue 1073 )
• core.newSession doesn’t clear Sites ( Issue 1114 )
• Historical Request Tab Doesn’t allow formatting changes ( Issue 1155 )
• Proxy gzip decoder doesn’t update content length in response headers ( Issue 1156 )
• Unable to set a home directory with a space on the command line ( Issue 1163 )
• Redundant indexes in zapdb.script ( Issue 1166 )
• Add proxy support for “deflate” content encoding ( Issue 1168 )
• Spider Context/User pop up menus no longer shown ( Issue 1170 )
• Unable to select 2 requests in fuzz results (Ctrl + click) ( Issue 1179 )
• Vulnerable pages active scanned only once ( Issue 1181 )
• Alerts of same type for different parameters of same vulnerable page shown only once in “Alerts” tree ( Issue 1182 )
• NullPointerException while selecting a node in the “Alerts” tab after deleting a message ( Issue 1183 )
• Cmdline session params have no effect ( Issue 1191 )
• Scan URL path elements – turn off by default ( Issue 1193 )
• Command line arguments are not passed to extensions when starting ZAP in daemon mode ( Issue 1194 )
• AbstractPlugin.bingo incorrectly sets evidence to attack ( Issue 1196 )
• Issue with loading addons that did not initialize correctly ( Issue 1202 )
• WordPress Authentication Script ( Issue 1203 )
• ‘History’ tab is not cleared when a new session is created through the API with ZAP in GUI mode ( Issue 1206 )

Download OWASP ZAP v2.3.1

Read more

w3af - Open Source Web Application Security Scanner

w3af, is a Web Application Attack and Audit Framework. The w3af core and it’s plugins are fully written in python, it identifies more than 200 vulnerabilities and reduce your site’s overall risk exposure. Identify vulnerabilities like SQL Injection, Cross-Site Scripting, Guessable credentials, Unhandled application errors and PHP misconfigurations.

Changelog v1.6

• Improved performance: your scans will run faster
• Improved quality: 1300+ unittests are run after each change to make sure we don’t add any regressions
• Now you’ll be able to easily integrate w3af into other projects with a simple import w3af
• Better documentation

Download w3af

Read more

WPScan - WordPress Security Scanner

WPScan is a black box WordPress vulnerability scanner.
Features

• Username enumeration (from author querystring and location header)
• Weak password cracking (multithreaded)
• Version enumeration (from generator meta tag and from client side files)
• Vulnerability enumeration (based on version)
• Plugin enumeration (2220 most popular by default)
• Plugin vulnerability enumeration (based on plugin name)
• Plugin enumeration list generation
• Other misc WordPress checks (theme name, dir listing, …)

Prerequisites:

• Windows not supported
• Ruby >= 1.9.2 – Recommended: 1.9.3
• Curl >= 7.21 – Recommended: latest – FYI the 7.29 has a segfault
• RubyGems – Recommended: latest
• Git

Changelog v2.4

New

• ‘–batch’ switch option added – Fix #454
• Add random-agent
• Added more CLI options
• Switch over to nist – Fix #301
• New choice added when a redirection is detected – Fix #438

Removed

• Removed ‘Total WordPress Sites in the World’ counter from stats
• Old wpscan repo links removed – Fix #440
• Fingerprinting Dev script removed
• Useless code removed

General core

• Rspecs update
• Forcing Travis notify the team
• Ruby 2.1.1 added to Travis
• Equal output layout for interaction questions
• Only output error trace if verbose if enabled
• Memory improvements during wp-items enumerations
• Fixed broken link checker, fixed some broken links
• Couple more 404s fixed
• Themes & Plugins list updated

WordPress Fingerprints

• WP 3.8.2 & 3.7.2 Fingerprints added – Fix #448
• WP 3.8.3 & 3.7.3 fingerprints
• WP 3.9 fingerprints

Fixed issues

• Fix #380 – Redirects in WP 3.6-3.0
• Fix #413 – Check the version of the Timthumbs files found
• Fix #429 – Error WpScan Cache Browser
• Fix #431 – Version number comparison between ’2.3.3′ and ’0.42b’
• Fix #439 – Detect if the target goes down during the scan
• Fix #451 – Do not rely only on files in wp-content for fingerprinting
• Fix #453 – Documentation or inplemention of option parameters
• Fix #455 – Fails with a message if the target returns a 403 during the wordpress check

Vulnerabilities

• Update WordPress Vulnerabilities
• Fixed some duplicate vulnerabilities
• WPScan Database Statistics:
• Total vulnerable versions: 79; 1 is new
• Total vulnerable plugins: 748; 55 are new
• Total vulnerable themes: 292; 41 are new
• Total version vulnerabilities: 617; 326 are new
• Total plugin vulnerabilities: 1162; 146 are new
• Total theme vulnerabilities: 330; 47 are new

Download WPScan

Read more

WVS v9.5 - Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.

This week the latest version was released, Acunetix Vulnerability Scanner 9.5.

Features

• AcuSensor Technology
• Industry’s most advanced and in-depth SQL injection and Cross site scripting testing
• Advanced penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer
• Visual macro recorder makes testing web forms and password protected areas easy
• Support for pages with CAPTCHA, single sign-on and Two Factor authentication mechanisms
• Extensive reporting facilities including PCI compliance reports
• Multi-threaded and lightning fast scanner – processes thousands of pages with ease
• Intelligent crawler detects web server type, application language and smartphone-optimized sites.
• Acunetix crawls and analyzes different types of websites including HTML5, SOAP and AJAX
• Port scans a web server and runs security checks against network services running on the server

This new release adds the ability to run security scans on applications built with Google Web Toolkit (GWT). It can also automatically test JSON and XML data objects for vulnerabilities. In addition, vulnerabilities are now also classified using CVE, CWE and CVSS, and AcuSensor has been updated for .NET 4.5 web applications.

Download Acunetix Vulnerability Scanner 9.5

Read more

Acunetix Web Vulnerability Scanner Version 9 - Web Application Security Testing Tool

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.

Changelog v9.20140206

New Functionality in Acunetix Web Vulnerability Scanner v9

• Added a test for Joomla! JomSocial component < 3.1.0.1 – Remote code execution
• Added a test for a MediaWiki Remote Code Execution vulnerability affecting versions older than 1.22.2,1.21.5 and 1.19.11
• Added a test for Minify arbitrary file disclosure 
• Added a test for Ektron CMS admin account takeover
• Added a test for Zabbix SQL injection vulnerability
• Added a test for IBM Web Content Manager XPath Injection
• Added a test for YUI library uploader.swf cross site scripting vulnerability. This library is included in many web applications, including vBulletin v4 and v5
• Added a test for Horde Remote Code Execution
• Added a test for Joomla! JCE Arbitrary File Upload
• Added a test for Oracle Reports vulnerabilities. These vulnerabilities allow an attacker to gain remote shell on the affected server
• Added a test for XXE vulnerabilities in OpenID implementations, which is able to detect XXE vulnerabilities similar to the one found on Facebook recently
• A knowledge base item is added each time a known web application is detected (e.g. WordPress web application was detected in directory /blog/)

Improvements

• Scanning of WordPress sites has been made more efficient
• Improved coverage of ASP.NET based websites
• Improved XSS testing script

Bug Fixes

• Fixed bug in the pagination of the Scheduler Web Interface
• The Login Sequence Recorder was ignoring the maximum size HTTP option
• Fixed an issue causing the crawler to create multiple entries of the same custom cookie.
• Fixed a bug causing the HTTP sniffer to always listen on localhost
• Fixed a bug in the console application preventing scanning from older saved crawl results.
• Fixed a crash caused at start-up caused by the DeepScan agent not starting.

Download Acunetix Scanner 9

Read more

OWASP ZAP v2.3.0 - An easy to use integrated penetration testing tool for finding vulnerabilities in web applications

OWASP Zed Attack Proxy (ZAP) An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

Changelog v2.3.0, highlights

• A ZAP ‘lite’ version in addition to the existing ‘full’ version
• View, intercept, manipulate, resend and fuzz client-side (browser) events
• Enhanced authentication support
• Support for non standard apps
• Input Vector scripts
• Scan policy – fine grained control
• Advanced Scan dialog
• Extended command line options
• More API support
• Internationalized help file
• Keyboard shortcuts
• New UI options
• More functionality moved to add-ons
• New and improved active and passive scanning rules

Download OWASP ZAP v2.3.0

Read more

IronWASP 2014 - One of the world's best web security scannners

Find security issues on your website automatically using IronWASP, one of the world's best web security scannners.

Here's what is new:

1) Login recording

Now you can easily just record a login sequence and use it in vulnerability scans and other automated tests. See video tutorial.

2) Automatically testing for CSRF, Broken Authentication, Privilege Escalation and Hidden Parameters

Now IronWASP has a new section called Interactive Testing tools that let you automatically discover vulnerabilities that could only be discovered by manual testing.

See video tutorials for CSRF Tester, Broken Authentication Tester, Hidden Parameter Tester and Privilege Escalation Tester

3) Browser pre-configured for Manual Crawling

The most common problem with intercepting proxies is that you have to change your browser's proxy settings and import the tool's certificate as a trusted CA for SSL traffic. Even after doing this there is change that traffic from your regular browsing will get mixed with your test traffic. IronWASP solves all of these problems, it comes with a browser pre-configured to use IronWASP as proxy, it handles SSL certificate errors automatically (no need to import as CA) and since this is a separate browser it does not affect the regular browsing that you are doing in your other browser. See video.

4) DOM XSS Analyzer

If you understand what DOM XSS sources and sinks are and have the ability to understand and analyse JavaScript code then you will find this new utility really useful. It makes the process of discovering DOM XSS really easy for manual testers. See video tutorial.

5) XmlChor - XPATH Injection Exploitation tool

This version comes with a new Module called XmlChor written by Harshal Jamdade. This module can be used to automatically exploit XPATH Injection vulnerabilities and extract the backend XML file from the server. See video tutorial.

6) WiHawk - WiFi Router Vulnerability Scanner

There version has one more awesome module called WiHawk written by Anamika Singh. This module can be used to scan a range of IP addresses for WiFi routers that have default password and authentication bypass vulnerabilities. It also supports Shodan API to scan large number of devices on the internet. See video tutorial.

Download IronWASP 2014

Read more

NetworkLatencyView - Calculates the network latency (in milliseconds)

NetworkLatencyView is a simple tool for Windows that listens to the TCP connections on your system and calculates the network latency (in milliseconds) for every new TCP connection detected on your system. For every IP address, NetworkLatencyView displays up to 10 network latency values, and their average. The latency value calculated by NetworkLatencyView is very similar to the result you get from pinging to the same IP address.

NetworkLatencyView also allows you to easily export the latency information to text/csv/tab-delimited/html/xml file, or copy the information to the clipboard and then paste it to Excel or other application.

Download NetworkLatencyView

Read more

WebPwn3r - Web Applications Security Scanner

WebPwn3r is a Web Applications Security Scanner coded in Python to help Security Researchers to scan Multiple links in the same time against Remote Code/Command Execution & XSS Vulnerabilities.

You can extract the URL’s from Burp Suite and save it in list.txt then pass it to WebPwn3r.

You can also use your own crowler to gather URL’s for a certain domain or a random domains, and save it in list.txt then pass it to WebPwn3r.

WebPwn3r got below Features:

1- Scan a URL or List of URL’s

2- Detect and Exploit Remote Code  Injection Vulnerabilities.

3- ~ ~ ~ Remote Command  Execution Vulnerabilities.

4- ~ ~ ~ Typical XSS Vulnerabilities.

5- Detect WebKnight WAF.

6- Improved Payloads to bypass Security Filters/WAF’s.

7- Finger-Print the backend Technologies.

Download WebPwn3r

Read more

KisMAC - Free Sniffer/Scanner application for Mac OS X

KisMAC is an open-source and free sniffer/scanner application for Mac OS X. It has an advantage over MacStumbler / iStumbler / NetStumbler in that it uses monitor mode and passive scanning.

KisMAC supports many third party USB devices: Intersil Prism2, Ralink rt2570, rt73, and Realtek rtl8187 chipsets. All of the internal AirPort hardware is supported for scanning.

The rest of this wiki assumes you are prepared for advanced topics and know what you are doing with your system.

Features

• Reveals hidden / cloaked / closed SSIDs
• Shows logged in clients (with MAC Addresses, IP addresses and signal strengths)
• Mapping and GPS support
• Can draw area maps of network coverage
• PCAP import and export
• Support for 802.11b/g
• Different attacks against encrypted networks
• Deauthentication attacks
• AppleScript-able
• Kismet drone support (capture from a Kismet drone)

Supported hardware chipsets

• Apple AirPort and AirPort Extreme (dependent upon Apple's drivers)
• Intersil Prism 2, 2.5, 3 USB devices
• Ralink rt2570 and rt73 USB devices
• Realtek RTL8187L USB (such as the Alfa AWUS036H, which does not work on Mac OS 10.6.7 or later)

Crypto support

• Bruteforce attacks against LEAP, WPA and WEP
• Weak scheduling attack against WEP
• Newsham 21-bit attack against WEP 

Download KisMAC

Read more

Ninja PingU - High performance network scanner tool for large scale analyses

NINJA-PingU Is Not Just a Ping Utility is a free open-source high performance network scanner tool for large scale analyses. It has been designed with performance as its primary goal and developed as a framework to allow easy plugin creation.

NINJA PingU comes out of the box with a set of plugins for services analysis and embedded devices identification. More information about those can be found in its home page at http://owasp.github.io/NINJA-PingU

Usage:

# sudo ./bin/npingu [OPTIONS] targets

  -t    Number of sender threads.
  -p    Port scan range. For instance, 80 or 20-80.
  -d    Delay between packages sent (in usecs).
  -s    No service identification (less bandwith load, more hosts/time).
  -m    Module to run. For instance, Service.
  -h    Show this help.
  [targets] Ip address seed. For instance, 192.168.1. or 1.1.1.1-255.0.0.0

Examples:
Example to scan some OVH servers:

   # ./bin/npingu -t 3 -p 20-80 188.1.1.1-188.255.1.1 -d 1 -m Service

  -Targeted Hosts [188.165.83.148-188.255.83.148]
  -Targeted Port Range [20-80]
  -Threads [3]
  -Delay 1 usec
  -Use the Service identification Module

Example to scan several google web servers:

  # ./bin/npingu -t 5 -p 80 -s 74.125.0.0-74.125.255.255

  -Targeted Hosts [74.125.0.0-74.125.255.255]
  -Targeted Port [80]
  -Threads [5]
  -s synOnly scan

Example for scanning the 32764/TCP Backdoor

  # ./bin/npingu -t 2 1.1.1.1-255.1.1.1 -m Backdoor32764 -p 32764

  -Targeted Hosts [1.1.1.1-255.1.1.1]
  -Targeted Port [32764]
  -Threads [2]
  -Use the 32764/TCP Backdoor Module

Download Ninja PingU

Read more

Nmap 6.45 - Free Security Scanner For Network Exploration & Security Audits

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Changes: Added ssl-heartbleed script to detect the Heartbleed bug in OpenSSL. Various other additions and updates.

Download Nmap 6.45

Read more

Burp Suite Professional v1.6 - The leading toolkit for web application security testing

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Changelog v1.6

Burp Suite Free Edition contains significant new features added since v1.5, including:

• Support for WebSockets messages.
• Support for PKCS#11 client SSL certificates contained in smart cards and physical tokens.
• A new Extender tool, allowing dynamic loading and unloading of multiple extensions.
• A new powerful extensibility API, enabling extensions to customize Burp’s behavior in much more powerful ways.
• Support for extensions written in Python and Ruby.
• A new BApp Store feature, allowing quick and easy installation of extensions written by other Burp users.
• An option to resolve DNS queries over a configured SOCKS proxy, allowing access to TOR hidden services.
• Generation of CSRF PoC attacks using a new cross-domain XHR technique.
• New options for SSL configuration, to help work around common problems.
• Optional unpacking of compressed request bodies in the Proxy.
• Support for .NET DeflateStream compression.
• New and improved types of Intruder payloads.
• New Proxy interception rules.
• New Proxy match/replace rules.
• Improved layout options in the Repeater UI.
• An SSL pass-through feature, to prevent Burp from breaking the SSL tunnel for specified domains.
• Support for the Firefox Plug-n-hack extension.
• An option to copy a selected request as a curl command.

Burp Suite Professional contains a number of bugfixes and tweaks, added since the last beta version, including:

• An occasional bug causing misplaced highlights on payloads in Scanner issues has been fixed.
• A bug in which restoring default settings for the Extender tool didn’t unload any currently running extensions has been fixed.
• A display bug affecting the rendering of binary content (such as images) in the raw view of the HTTP message editor has been fixed.
• A bug which prevented the automatic backup on exit feature from functioning in headless mode has been fixed.
• In previous versions, Burp stored its preferences in separate locations for each major version. This caused persisted settings to be lost on upgrading to a new major version. This behavior has been modified, and from v1.6 onwards major versions will store their preferences in the same location. As a workaround to preserve settings from earlier releases, Pro users can launch the earlier release, save a state file containing their preferences, then launch the new release and load the state file.

Download Burp Suite Professional v1.6

Read more

OWASP ZAP 2.3.0.1 - An easy to use integrated penetration testing tool for finding vulnerabilities in web applications

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. 

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

Some of ZAP's functionality: 

• Intercepting Proxy
• Traditional and AJAX spiders
• Automated scanner
• Passive scanner
• Forced browsing
• Fuzzer
• Dynamic SSL certificates
• Smartcard and Client Digital Certificates support
• Web sockets support
• Authentication and session support
• Powerful REST based API
• Support for a wide range of scripting languages
• Automatic updating option
• Integrated and growing marketplace of add-ons

Some of ZAP's features: 

• Open source
• Cross platform
• Easy to install (just requires java 1.7)
• Completely free (no paid for 'Pro' version)
• Ease of use a priority
• Comprehensive help pages
• Fully internationalized
• Translated into a dozen languages
• Community based, with involvement actively encouraged
• Under active development by an international team of volunteers

It supports the following languages: 

• English
• Arabic
• Albanian
• Brazilian Portuguese
• Chinese
• Danish
• Filipino
• French
• German
• Greek
• Indonesian
• Italian
• Japanese
• Korean
• Persian
• Polish
• Russian
• Spanish 

Download OWASP ZAP 2.3.0.1

Read more

nbtscan - NETBIOS nameserver scanner

This is a command-line tool that scans for open NETBIOS nameservers on a local or remote TCP/IP network, and this is a first step in finding of open shares. It is based on the functionality of the standard Windows tool nbtstat, but it operates on a range of addresses instead of just one. I wrote this tool because the existing tools either didn't do what I wanted or ran only on the Windows platforms: mine runs on just about everything.

NETBIOS is commonly known as the Windows "Network Neighborhood" protocol, and (among other things), it provides a nameservice that listens on UDP port 137. When it receives a query on this port, it responds with a list of all services it offers. Windows ships with a standard tool nbtstatwhich queries a single IP address when given the -A parameter. When run against a machine on the local network (a development box), it shows:

C:\> nbtstat -A 192.168.1.99
       NetBIOS Remote Machine Name Table

   Name               Type         Status
---------------------------------------------
XPDEV          <00>  UNIQUE      Registered
UNIXWIX        <00>  GROUP       Registered
XPDEV          <03>  UNIQUE      Registered
XPDEV          <20>  UNIQUE      Registered
UNIXWIX        <1E>  GROUP       Registered

MAC Address = 00-50-04-6D-50-37

The numeric code (in hexadecimal) and the type serve to identify the service being offered, and (for instance) a UNIQUE code of <20> indicates that the machine is running the file-sharing service. Unfortunately, nbtstat only reports the codes, and it requires looking up the meanings elsewhere. The References section at the end of this document lists some resources to learn what all the codes mean.

Machines participating in NETBIOS listen on UDP port 137 for these queries and respond accordingly. Simple configurations might only have a few resource records (as above), but an NT server supporting a large enterprise could easily have more than a dozen. Though it's sometimes useful to examine the full set of resource records for a given machine, in practice it's more useful to summarize them into the key "interesting" services.

Our tool has taken this approach. Not only does it scan ranges of addresses -- instead of just one machine -- but it can fully decode most of the resource record types and can summarize the interesting data on a one-line display.

On our network we have quite a few machines, but it appears that only three respond to our queries:

C:\> nbtscan 192.168.1.0/24
192.168.1.3     MTNDEW\WINDEV               SHARING DC
192.168.1.5     MTNDEW\TESTING
192.168.1.9     MTNDEW\WIZ                  SHARING U=STEVE
192.168.1.99    MTNDEW\XPDEV                SHARING

Download nbtscan

Read more

VirusTotal Scanner - Desktop Tool to Perform Quick Anti-virus Scan using VirusTotal

VirusTotal Scanner is the desktop tool to quickly perform Anti-virus scan using VirusTotal.com

VirusTotal.com is a free online scan service that analyzes suspicious files using 40+ Anti-virus applications. It facilitates the quick detection of viruses, worms, trojans, all kinds of malware and provides reliable results preventing any False Positive cases.

'VirusTotal Scanner' is the desktop tool which helps you to quickly scan your file using VirusTotal without actually uploading the file. It performs direct Hash based scan on VirusTotal thus reducing the time taken to upload the file.

It comes with attractive & user friendly interface making the VirusTotal scanning process simpler and quicker. You can simply right click on your file and start the scan.

It is fully portable tool but also comes with Installer for local installation & un-installation. It works on wide range of platforms starting from Windows XP to Windows 8.

Download VirusTotalScanner v3.5

Read more

[NetBScanner] NetBIOS Scanner

NetBScanner is a network scanner tool that scans all computers in the IP addresses range you choose, using NetBIOS protocol. For every computer located by this NetBIOS scanner, the following information is displayed: IP Address, Computer Name, Workgroup or Domain, MAC Address, and the company that manufactured the network adapter (determined according to the MAC address). NetBScanner also shows whether a computer is a Master Browser. You can easily select one or more computers found by NetBScanner, and then export the list into csv/tab-delimited/xml/html file.

Download NetBScanner

Read more

[Skipfish] Web Application Security Scanner

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Key features:

• High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.

• Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.

• Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments. 

Download Skipfish

Read more

[WakeMeOnLan] Turn on computers on your network with Wake-on-LAN packet

This utility allows you to easily turn on one or more computers remotely by sending Wake-on-LAN (WOL) packet to the remote computers.

When your computers are turned on, WakeMeOnLan allows you to scan your network, and collect the MAC addresses of all your computers, and save the computers list into a file. Later, when your computers are turned off or in standby mode, you can use the stored computers list to easily choose the computer you want to turn on, and then turn on all these computers with a single click.

WakeMeOnLan also allows you to turn on a computer from command-line, by specifying the computer name, IP address, or the MAC address of the remote network card.

System Requirements And Limitations

• On the computer that you run WakeMeOnLan: WakeMeOnLan works on any version of Windows, starting from Windows 2000 and up to Windows 8, including x64 versions of Windows.
• On the remote computer: WakeMeOnLan can turn on the remote computer only if this feature is supported and enabled on the remote computer. Be aware that Wake-on-LAN feature only works on wired network. Wireless networks are not supported. 
  In order to enable the Wake-on-LAN feature on the remote computer:
  • On some computers, you may need to enable this feature on the BIOS setup.
  • In the network card properties, you should go to the 'Power Management' and/or 'Advanced' tabs of the network adapter, and turn on the Wake-on-LAN feature.  

Download WakeMeOnLan

Read more