Windows

Microsoft Windows

Dominator

DOMinator is a Firefox based software for analysis and identification of DOM Based Cross Site Scripting issues (DomXss). It is the first runtime tool which can help security testers to identify DomXss.

Dominator is available in two different editions: Free and Professional. Free is open to the community, Pro has additional features like better support, intuitive GUI, more extensive rulebase and knowledge base.

Openpuff

OpenPuff is a professional steganography tool: •HW seeded random number generator (CSPRNG)
•Deniable steganography
•Carrier chains (up to 256Mb of hidden data)
•Carrier bits selection level
•Modern multi-cryptography (16 algorithms)
•Multi-layered data obfuscation (3 passwords)
•X-squared steganalysis resistance

Unique layers of security and obfuscation: •256bit+256bit symmetric-key cryptography with KDF4 password extension
•256bit symmetric-key data scrambling (CSPRNG-based shuffling)
•Data whitening (CSPRNG-based noise mixing)
•Adaptive non-linear carrier bit encoding

escanner Escalation Pentesting Tool

escanner is a small tool that helps you thread scan file(s)/directories recursively for possible vulnerability of insecure file permissions that could result on local privilege escalation due to some misconfiguration of operating systen, software vendors or by users. One example, a local attacker can replace/overwrite the original file to a malicious binary that could perform unauthorized actions so when the machine restart the malicious binary will be executed with SYSTEM privileges also it can cause DoS(Denial of Service) for some daemon if the configuration file is deleted or changed.

Phantom JS

PhantomJS is a headless WebKit with JavaScript API. It has fast and native support for various web standards: DOM handling, CSS selector, JSON, Canvas, and SVG. It works like a web proxy that allows you to view and edit DOM, CSS, JSON and other code.

Passw3rd

Store passwords in encrypted files with an easy to use command line interface, and utilities to use the passwords in code. In its simplest form, the keys are generated per environment with OS access controls while the password files are stored in SCM

Joomscan

Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla!

SQLol

SQLol is a configurable SQL injection testbed. SQLol allows you to exploit SQL injection flaws, but furthermore allows a large amount of control over the manifestation of the flaw.

XMLmao

XMLmao is a configurable XML/XPath injection testbed. XMLmao allows
you to exploit XML/XPath injection flaws, but furthermore allows
a large amount of control over the manifestation of the flaws.

XMLmao is based on the idea of SQLol, an earlier release which
allows for SQL injection exploitation.

Fragroute

fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998.
It features a simple ruleset language to:
delay
duplicate
drop
fragment
overlap
print
reorder
segment
source-route
or otherwise monkey with
all outbound packets destined for a target host, with minimal support for randomized or probabilistic behavior.

Surf Jack

Session Hijacking tool

A tool which allows one to hijack HTTP connections to steal cookies - even ones on HTTPS sites! Works on both Wifi (monitor mode) and Ethernet.

Syndicate content