MagicTree - Penetration Tester Productivity Tool

in java, Linux, Mac, MagicTree, Productivity Tool, Windows - on 1:49 PM - No comments

Have you ever spent ages trying to find the results of a particular portscan you were sure you did? Or grepping through a bunch of files looking for data for a particular host or service? Or copy-pasting bits of output from a bunch of typescripts into a report? We certainly did, and that's why we wrote MagicTree - so that it does such mind-numbing stuff for us, while we spend our time hacking.

MagicTree is a penetration tester productivity tool. It is designed to allow easy and straightforward data consolidation, querying, external command execution and (yeah!) report generation. In case you wonder, "Tree" is because all the data is stored in a tree structure, and "Magic" is because it is designed to magically do the most cumbersome and boring part of penetration testing - data management and reporting.

Installation
No installation is required for MagicTree. The application is distrubuted as a single JAR file which has to be executed with JRE. Just save the file on your desktop. Double-click on it to execute it or, for less user-friendly OSes, issue “java -jar MagicTree.jar’ command.

Download MagicTree

Burp Suite Professional v1.6 - The leading toolkit for web application security testing

in Burp, Burp Suite, Burp Suite Professional, EN, java, Linux, Mac, Scanner, Windows - on 2:18 PM - No comments

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.

Changelog v1.6

Burp Suite Free Edition contains significant new features added since v1.5, including:

Support for WebSockets messages.
Support for PKCS#11 client SSL certificates contained in smart cards and physical tokens.
A new Extender tool, allowing dynamic loading and unloading of multiple extensions.
A new powerful extensibility API, enabling extensions to customize Burp’s behavior in much more powerful ways.
Support for extensions written in Python and Ruby.
A new BApp Store feature, allowing quick and easy installation of extensions written by other Burp users.
An option to resolve DNS queries over a configured SOCKS proxy, allowing access to TOR hidden services.
Generation of CSRF PoC attacks using a new cross-domain XHR technique.
New options for SSL configuration, to help work around common problems.
Optional unpacking of compressed request bodies in the Proxy.
Support for .NET DeflateStream compression.
New and improved types of Intruder payloads.
New Proxy interception rules.
New Proxy match/replace rules.
Improved layout options in the Repeater UI.
An SSL pass-through feature, to prevent Burp from breaking the SSL tunnel for specified domains.
Support for the Firefox Plug-n-hack extension.
An option to copy a selected request as a curl command.

Burp Suite Professional contains a number of bugfixes and tweaks, added since the last beta version, including:

An occasional bug causing misplaced highlights on payloads in Scanner issues has been fixed.
A bug in which restoring default settings for the Extender tool didn’t unload any currently running extensions has been fixed.
A display bug affecting the rendering of binary content (such as images) in the raw view of the HTTP message editor has been fixed.
A bug which prevented the automatic backup on exit feature from functioning in headless mode has been fixed.
In previous versions, Burp stored its preferences in separate locations for each major version. This caused persisted settings to be lost on upgrading to a new major version. This behavior has been modified, and from v1.6 onwards major versions will store their preferences in the same location. As a workaround to preserve settings from earlier releases, Pro users can launch the earlier release, save a state file containing their preferences, then launch the new release and load the state file.

Download Burp Suite Professional v1.6

[Jspy RAT v0.08] Java Multiplatform Remote Administration Tool

in java, Linux, Mac, RAT, Windows - on 5:11 PM - No comments

jSpy is a RAT developed in Java. Need to monitor your childrens internet use? Check that your workers are doing what you paid them for? Help a friend out with a problem on his computer? No worries, whether it be Windows or Mac OSX that you need to manage, or manage from - jSpy is the answer.

Stable

jSpy uses a library called Kryonet developed by Esoterics Software. By using this library for networking, jSpy creates an environment where you can be rest assured you won't lose your clients.

Powerful

jSpy has an abundance of features, and is actively developed by a 17 year old java programmer from London. If you have any suggestions please email me at: javastealth@gmail.com

Multiple OS Support

jSpy will run on Windows, Mac OSX and Linux. jSpy was developed on a Mac ensuring that all features work on both UNIX and DOS Systems.

Download Jspy RAT v0.08

Adzok - Administrador Remoto hecho en Java

in Administrador Remoto, Adzok, java, RAT, Windows - on 6:44 PM - No comments

Adzok Free esta basado en Adzok Open, es la edición que continuará el desarrollo de Adzok Open. Adzok Free será de codigo cerrado pero gratís.

Caracteristicas del Cliente

- Remote Desktop.

- Remote Shell.

- Upload and Download Files.

- Keylogger Online.

- Send Messages.

- Load and Run Script.

- Information System.

- Send Keys.

- Clipboard.

- Fun (Restart, Shutdown, Visit WebSite, Execute Command Shell, etc).

- Play in 3 ports.

- The sending of information and data transfer is done only for 1 port.
- No installation but the machine needs to have Java installed.
- Reverse Connection System.
- Download folder for each user.
- Separate the OS can theoretically run on any OS that has Java installed.
- Generator server.
- Uninstaller server.

Server Features

Best For: Windows XP, Windows Vista, Windows 7.
Keylogger is only available in all versions of Windows (32 and 64 bits).
- Single server for all operating systems.
- No installation but the machine needs to have Java installed.
- Mutex (Evita run 2 times the server), but continue to show the image of your company server Staying invisible to the user.
- Server Size: 54 KB (uncompressed).

Download Adzok

[IPhone Analyzer] IPhone Forensics Tool

in Analyzer, EN, Forensics Tool, iPhone, IPhone Analyzer, java, Linux, Mac, Windows - on 3:19 PM - No comments

iPhone Analzyer allows you to forensically examine or recover date from in iOS device. It principally works by importing backups produced by iTunes or third party software, and providing you with a rich interface to explore, analyse and recover data in human readable formats. Because it works from the backup files everything is forensically safe, and no changes are made to the original data.

Features

Supports iOS 2, iOS 3, iOS 4 and iOS 5 devices
Multi-platform (Java based) product, supported on Linux, Windows and Mac
Fast, powerful search across device including regular expressions
Integrated mapping supports visualisation of geo-tagged information, including google maps searches, photos, and cell-sites and wifi locations observed by the device (the infamous "locationd" data)
Integrated support for text messages, voicemail, address book entries, photos (including metadata), call records and many many others
Recovery of "deleted" sqlite records (records that have been tagged as deleted, but have not yet been purged by the device can often be recovered),/li>
Integrated visualisation of plist and sqlite files
Includes support for off-line mapping, supporting mapping on computers not connected to the Internet
Support for KML export and direct export to Google Earth
Browse the device file structure, navigate directly to key files or explore the device using concepts such as "who", "when", "what" and "where".
Analyse jail broken device directly over SSH without need for backup (experimental)

Download IPhone Analyzer

[Xelenium] Security Testing with Selenium

in java, Linux, Mac, OWASP, OWASP Xelenium Project, Security Testing, Selenium, Windows, Xelenium - on 9:23 PM - No comments

Xelenium is a security testing tool that can be used to identify the security vulnerabilities present in the web application. Xelenium uses the open source functional test automation tool 'Selenium' as its engine and has been built using Java swing.

Xelenium has been designed considering that it should obtain very few inputs from users in the process of discovering the bugs.

Selenium – Webdriver is an open source functional testing tool and is very powerful and flexible. More details on Selenium can be found here: http://seleniumhq.org/

Download Xelenium

[DirBuster] Brute Force Directories and Files Names on Web/Application Servers

in Brute Force Directories, Brute-force, DirBuster, EN, java, Linux, Mac, OWASP, OWASP DirBuster Project, Windows - on 4:25 PM - No comments

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these.

However tools of this nature are often as only good as the directory and file list they come with. A different approach was taken to generating this. The list was generated from scratch, by crawling the Internet and collecting the directory and files that are actually used by developers! DirBuster comes a total of 9 different lists (Further information can be found below), this makes DirBuster extremely effective at finding those hidden files and directories. And if that was not enough DirBuster also has the option to perform a pure brute force, which leaves the hidden directories and files nowhere to hide! If you have the time ;)

Download DirBuster

[OWASP CSRFTester] Facilitates Ability to Test Applications for CSRF

in CSRF, CSRFTester, EN, java, Linux, Mac, OWASP, OWASP CSRFTester, Windows - on 9:58 AM - No comments

OWASP CSRFTester is a tool for testing CSRF vulnerability in websites. Just when developers are starting to run in circles over Cross Site Scripting, the 'sleeping giant' awakes for yet another web-catastrophe. Cross-Site Request Forgery (CSRF) is an attack whereby the victim is tricked into loading information from or submitting information to a web application for which they are currently authenticated. The problem is that the web application has no means of verifying the integrity of the request. The OWASP CSRFTester Project attempts to give developers the ability to test their applications for CSRF flaws.

Download OWASP CSRFTester

The Exploiting Tools