SOLDIERX.COM Nobody Can Stop Information Insemination

ProxyStrike v2.1 is an active Web Application Proxy. It's a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so we came with this proxy.

Subdomainer is an information gathering tool designed for obtaining subdomain names from public sources, like Google, Msn search, Yahoo, PgP servers, etc.

After obtaining potential subdomain names, it will check if the subdomain really exists.

It was a long time ago, but after the presentation of Cesar Cerrudo and Esteban Martinez, we spent some time playing with the materials provided. One of the most interesting was the SQL Server Backdoor. It provides basic backdoor functionality through opening a conection against a specified server and port and waiting for any order to execute in the trojanized database.

However, there is no client provided for this, so we spent some more time coding a little client that awaits for incoming connections from the backdoor and allows to interact with the database showing the results. It is available here, and you can find the backdoor into the additional materials from the black hat presentation here: https://www.blackhat.com/presentations/bh-europe-07/Cerrudo/bh-eu-07-Cer...

A simple sshd password bruteforcer using a wordlist, it's very fast for internal networks & multithreaded.

A program to download and parse a list of open proxys, from 2 websites (samair and multiproxys), and then check if the proxies are working. Can test for GET and CONNECT method. You could restrict the search for a specific number of working proxies.

This little program is for auditing a DNS, it will brute force a domain asking for hostnames taken from a predefined list. The list has the most common names used for hosts. It supports hybrid querys to find a broader range of hosts

Current forces are putting pressure on organizations to secure their applications fast. The Veracode product suite facilitates that for you and we make implementation a breeze with our private cloud delivery platform. There's no hardware to buy; no software to install; no disruption to current systems; no intensive developer training; and you can be up and running in minutes.

SqlCake is an Automatic SQL injection and database information gathering tool.

Hackbar is another firefox add on that acts as a simple security audit / Penetration test tool

Tamper data is a firefox add on that is used to view and modify HTTP/HTTPS headers and post parameters