Mac OS

Apple Mac OS X


tcp-over-dns contains a special dns server and a special dns client. The client and server work in tandem to provide a TCP (and UDP!) tunnel through the standard DNS protocol.


SslStrip will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial.


Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows.

Updated/new name: Wireshark

Google Hack Honeypot

Google Hack Honeypot is the reaction to a new type of malicious web traffic: search engine hackers. GHH is a “Google Hack” honeypot. It is designed to provide reconaissance against attackers that use search engines as a hacking tool against your resources. GHH implements honeypot theory to provide additional security to your web presence.


CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
Additionally, CMS Explorer can be used to aid in security testing.
While it performs no direct security checks, the "explore" option can be used to reveal hidden/library files which are not typically accessed by web clients but are nonetheless accessible.
This is done by retrieving the module's current source tree and then requesting those file names from the target system.
These requests can be sent through a distinct proxy to help "bootstrap" security testing tools like Burp, Paros, Webinspect, etc.
CMS Explorer can also search OSVDB for vulnerabilities with the installed components.

CMS Explorer currently supports module/theme discovery with the following products:
* Drupal
* Wordpress
* Joomla!
* Mambo

And exploration of the following products:
* Drupal
* Wordpress

backbox@backbox:~$ cms-explorer
WARNING: No API key defined, searches will be disabled.

ERROR: Missing -url

backbox@backbox:~$ cms-explorer -url url -type type [options]

-bsproxy+       Proxy to route findings through (fmt: host:port)
-explore Look for files in the theme/plugin dir
-help           This screen
-osvdb   Do OSVDB check for finds
-plugins Look for plugins (default: on)
-pluginfile+    Plugin file list
-proxy+  Proxy for requests (fmt: host:port)
-themes  Look for themes (default: on)
-themefile+     Theme file list (default: themes.txt)
-type+*  CMS type: Drupal, Wordpress, Joomla, Mambo
-update  Update lists from Wordpress/Drupal (over-writes text files)
-url+*   Full url to app's base directory
-verbosity+     1-3

*Requires value
* Required option



Peach is a SmartFuzzer that is capable of performing both generation and mutation based fuzzing


JAD is a java decompiler that was developed many years ago, the creators site is no longer accessible but I found a mirror Wink.


Flasm is a dissasembler for action script applications.

Cisco Auditing Tool

Cisco Auditing Tool - Perl script which scans cisco routers for common vulnerabilities. Checks for default passwords, easily guessable community names, and the IOS history bug. Includes support for plugins and scanning multiple hosts.

Cisco Global Exploiter

Cisco Global Exploiter (CGE), is an advanced, simple and fast security testing tool/ exploit engine, that is able to exploit 14 vulnerabilities in disparate Cisco switches and routers. CGE is command-line driven perl script which has a simple and easy to use front-end.

Syndicate content