Linux

Linux

FusionDebug

FusionDebug an interactive step debugger for CFML, compatible with Adobe ColdFusion, Railo and Lucee. It enables developers to step through code line-by-line, step into, over or out of code to better understand how code is running.

Features
No code changes.
Can debug Flex, Ajax, Web Service and Flash Remoting requests.
Change variables on the fly.
Debug requests from any user.
Debug complex applications.
View stack traces.

License:Proprietary

Allinea DDT

Allinea's world-leading Linux C, C++ and F90 debugger is the route to being a more effective developer. Its unrivalled support for debugging multi-process and multi-threaded applications means complex interacting components can be debugged easily.

Cross-platform to keep you productive
Moving to a new architecture or system is challenging enough without learning a new toolchain at the same time. Allinea DDT runs everywhere - on your own laptop, the latest supercomputer and tomorrow's upcoming architectures. It supports ARM, Intel Xeon, Intel Xeon Phi , NVIDIA CUDA, IBM BlueGene/Q and OpenPOWER.

Licence:Proprietary commercial software

Suricata

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.

Kismet

WHAT IS KISMET?
Kismet is a wireless network detector, sniffer, and intrusion detection system. Kismet works predominately with Wi-Fi (IEEE 802.11) networks, but can be expanded via plug-ins to handle other network types.

FEATURES
802.11 sniffing
Standard PCAP logging (compatible with Wireshark, TCPDump, etc)
Client/Server modular architecture
Plug-in architecture to expand core features
Multiple capture source support
Live export of packets to other tools via tun/tap virtual interfaces
Distributed remote sniffing via light-weight remote capture
XML output for integration with other tools

Samurai Web Testing Framework

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.

Bees with Machine Guns

utility for arming (creating) many bees (micro EC2 instances) to attack (load test) targets (web applications).

Dependencies:
Python 2.6
boto
paramiko

Radamsa

Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestingly different outputs from them. The main selling points of radamsa are that it has already found a slew of bugs in programs that actually matter, it is easily scriptable and easy to get up and running.

Requirements
Supported operating systems:
GNU/Linux
OpenBSD
FreeBSD
Mac OS X
Windows (using Cygwin)

Software requirements for building from sources:
gcc / clang
make
git

wifiphisher

Wifiphisher is a security tool that mounts automated phishing attacks against WiFi networks in order to obtain secret passphrases or other credentials. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages or WPA/WPA2 secret passphrases.Wifiphisher works on Kali Linux and is licensed under the GPL license.

Requirements:
Kali Linux.
Two wireless network adapters; one capable of injection.

CrowBar

Crowbar (formally known as Levye) is a brute forcing tool that can be used during penetration tests. It was developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example, while most brute forcing tools use username and password for SSH brute force, Crowbar uses SSH key(s). This allows for any private keys that have been obtained during penetration tests, to be used to attack other SSH servers.

Currently Crowbar supports:
OpenVPN (-b openvpn)
Remote Desktop Protocol (RDP) with NLA support (-b rdp)
SSH private key authentication (-b sshkey)
VNC key authentication (-b vpn)

WebSeekurity

INTRODUCTION

WebSeekurity is a multi-platform tool that can be used to assess the security of Web applications that interact with a server via AMF/SOAP over HTTP. In particular, Adobe Flex applications can be audited thanks to this software.The tool acts as a client that can be used to communicate with the backend server to test. It enables to send requests to this server and to receive the corresponding responses. WebSeekurity attempts to discover and identify potential server-side vulnerabilities: weak authentication and authorization mechanisms, information leakage, vulnerability to SQL injections, etc.Several modes are proposed: Manual, Automatic and Fuzzing. The Manual mode enables to create a request from scratch. The Automatic mode is used to discover the services and methods made available by the application in an automated manner. Finally, fuzzing can be performed thanks to the last mode.WebSeekurity is released under the GNU GPLv2 license.

REQUIREMENTS:
Python 2.7 (not compatible with Python 3.0 or greater)
PyAMF
SOAPpy
pyparsing
Tcl-Tk

Syndicate content