SOLDIERX.COM Nobody Can Stop Information Insemination

Social-Engineer Toolkit, or SET, was designed by David Kennedy (ReL1K) with the intent of automating the social engineering aspect of penetration testing. With a very easy to use menu driven interface, SET will assist you in establishing remote command execution shells with those who fall victim to your phishing campaigns. Those familiar with Fast-Track, another project that David Kennedy (ReL1K) is a primary contributor to, will notice a very similar feel between the two programs. This was intentional as SET is now included as a module within Fast-Track. Those with Fast-Track already installed need only use the "Update Everything" menu option in order to automatically obtain a copy of SET.

Considerably more information pertaining to the Social-Engineer Toolkit (SET) can be obtained at the following address:
http://www.offensive-security.com/metasploit-unleashed/Social-Engineering-Toolkit

Current Version (at time of writing): Version 0.3

To download & obtain a copy of SET:
#svn co http://svn.thepentest.com/social_engineering_toolkit

*Note: If you installed via Fast-Track's "Update Everything" menu option and you are wondering where it copied the files..
#cd /pentest/exploits/set
#./set

"Hack the Gibson..."

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, downstream proxies, logging, alerting and extensibility.
Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, scan, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.

The Security Auditor's Research Assistant (SARA) is a third generation network security analysis tool

YAPH is a proxy hunter for the Unix platform. It allows to find public access proxy servers on the Internet and to validate proxy lists. YAPH reveals SOCK4, SOCKS5, and HTTP (CONNECT method) proxies. HTTP proxies are tested for CONNECT method only, since only this method provides ability to tunnel TCP through HTTP proxy. YAPH utilizes the power of Nmap, a network mapper written by Fyodor. Nmap provides to YAPH the capability to find new undiscovered public proxy servers on the Internet.

CmosPwd decrypts password stored in cmos used to access BIOS SETUP. With CmosPwd, you can also backup, restore and erase/kill cmos.

Works with the following BIOSes:
* ACER/IBM BIOS
* AMI BIOS
* AMI WinBIOS 2.5
* Award 4.5x/4.6x/6.0
* Compaq (1992)
* Compaq (New version)
* IBM (PS/2, Activa, Thinkpad)
* Packard Bell
* Phoenix 1.00.09.AC0 (1994), a486 1.03, 1.04, 1.10 A03, 4.05 rev 1.02.943, 4.06 rev 1.13.1107
* Phoenix 4 release 6 (User)
* Gateway Solo - Phoenix 4.0 release 6
* Toshiba
* Zenith AMI

While not directly related to hacking in any fasion, this is just a cool utility, anyone and everyone should make use of.

http://www.par2.net/

Par2 makes parity files for various archives, primary used on newsgroups, par/par2 can greatly increase redundancy on compressed archives.

This app has many uses, some not so obvious. Particularly, when I make optical media backups I prefer to compress them, password protect, par2 the file, then burn. This has a few advantages as cd's and dvd's are prone to scratches, the par files can recover a bad rar, while still maintaining your password over the archive. This adds security and redundancy to the backup.

Excerpt from site:

"The most common use of the Olive platform is for creative and UNIX-competent hackers to learn the JUNOS CLI on a low-cost platform. It is capable of forwarding a small amount of traffic, but does not support many of the features found on real Juniper routers. Essentially the forwarding on an Olive is the same as routing traffic via your fxp0 or em0 management interface on a real Routing Engine."

-----------------
While not a Juniper FW, the above pretty much sums it up, there are some prebuilt VM's existing for folks interested in JUNOS CLI without additional hardware somewhere on the internet

There is no support. Juniper says it doesn't exist. See page for more info.

--Said all OS's since you can vm it.

Gerix Wifi Cracker NG is a pretty nice GUI for the Aircrack Suite.

#-- There is litterally a Grandma holding a pistol grip cantenna cracking wifi on thier main page!.

Site Exceprt:

0×01 - Introduction

Here we are to present the new version of Gerix Wifi Cracker NG (New Generation), a really complete GUI for Aircrack-NG which includes useful extras.
Completely re-written in Python + QT, automates all the different techniques to attack Access Points and Wireless Routers (but not only ..)
[...]
Who has never wanted to say something like: “This software is so simple to use, that even my grandmother can use it for cracking wireless networks!”… So, we have really tried this test.

Driftnet: One of the funnest ways to watch your userland web traffic with no text!

Excerpt from the page:

"Inspired by EtherPEG [...], Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.

In an experimental enhancement, driftnet now picks out MPEG audio streams from network traffic and tries to play them. You can also now use driftnet with Jamie Zawinski's webcollage, so that it can run as a screen saver."

THC is an acronym for "The Hackers Choice"; a group of security experts based out of Germany.
Hydra is their application written for launching brute force password cracking attempts on different protocols.
Commonly used against web and ssh logins, but available for use with other types.
If you run servers and check your /var/log/auth.log text file and see a bunch of wrong connection attempts from the same location to your ssh server, they're probably using this to try and get in.

Currently this tool supports:
TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC,