Flamingo is an open-source utility that spawns a number of network daemons, waits for inbound credentials, and reports them through a variety of means.
Flamingo is written in Go and captures inbound credentials for SSH, HTTP, LDAP, FTP, and SNMP, as well as log inbound DNS (and mDNS) queries. On the output side, Flamingo can log to a file, standard output, deliver to a webhook, write to a remote syslog server, or all of those at once. As a Go binary, everything is baked into a single executable, and it cross-compiles to almost every supported Go platform and architecture.
Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery.
A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit - but use it at your own risk!
Features:
Interactive Console
Real Time Passwords Found
Real Time Hosts Enumeration
Tuned Injections & Client Side Attacks
ARP Poisoning & SSL Hijacking
Automated HTTP Report Generator
ATTACKS IMPLEMENTED:
MITM (Arp Poisoning)
Sniffing (With & Without Arp Poisoning)
SSL Hijacking (Full SSL/TLS Control)
HTTP Session Hijaking (Take & Use Session Cookies)
Client Browser Takeover (with Filter Injection in data stream)
Browser AutoPwn (with Filter Injection in data steam)
Evil Java Applet (with Filter Injection in data stream)
DNS Spoofing
Port Scanning
POST ATTACKS DATA OBTAINED:
Passwords extracted from data stream
Pcap file with whole data stream for deep analysis
Session flows extracted from data stream (Xplico & Chaosreader)
Files extracted from data stream
Hosts enumeration (IP,MAC,OS)
URLs extracted from data stream
Cookies extracted from data stream
Images extracted from data stream
List of HTTP files downloaded extracted from URLs
DEPENDENCIES (aka USED TOOLS):
Chaosreader (already in bin folder)
Xplico
Ettercap
Arpspoof
Arp-scan
Mitmproxy
Nmap
Tcpdump
Beef
SET
Metasploit
Dsniff
Macchanger
Hamster
Ferret
P0f
Foremost
SSLStrip
SSLSplit
From the creators of BackTrack comes Kali Linux, the most advanced and versatile penetration testing distribution ever created. BackTrack has grown far beyond its humble roots as a live CD and has now become a full-fledged operating system. With all this buzz, you might be asking yourself.
Pwnie Express is happy to announce the initial release of Raspberry Pwn! Security enthusiasts can now easily turn their Raspberry Pi into a full-featured security penetration testing and auditing platform! This fully open-source release includes the following testing tools:
SET Fasttrack kismet aircrack-ng nmap dsniff netcat nikto xprobe scapy wireshark tcpdump ettercap hping3 medusa macchanger nbtscan john ptunnel p0f ngrep tcpflow openvpn iodine httptunnel cryptcat sipsak yersinia smbclient sslsniff tcptraceroute pbnj netdiscover netmask udptunnel dnstracer sslscan medusa ipcalc dnswalk socat onesixtyone tinyproxy dmitry fcrackzip ssldump fping ike-scan gpsd darkstat swaks arping tcpreplay sipcrack proxychains proxytunnel siege sqlmap wapiti skipfish w3af
The BackTrack Linux 5r2-PenTesting Edition lab is an all-in-one penetration testing lab environment that includes all of the hosts, network infrastructure, tools, and targets necessary to practice penetration testing. It includes:
- A master (base) host utilizing BackTrack Linux 5r2
- A DMZ network with two hosts (targets)
- An “internal” network with one host (target)
- A pre-configured firewall
Microsoft Diagnostics and Recovery Toolset (MSDaRT) 6.5 helps diagnose and repair a system that has trouble starting or has other issues. When you start the system using the Emergency Repair Disk (ERD), also referred to as Boot CD for MSDaRT, a System Recovery Options dialog box appears. A graphical environment and a command-line console are available. The command-line console can be opened by clicking the Command Prompt option in the System Recovery Options menu. You can access any Windows® 7 or Windows Server® 2008 R2 file system, which includes FAT, FAT32, and NTFS. Microsoft Diagnostics and Recovery Toolset is available on the System Recovery Options menu. Clicking MSDaRT opens a detailed MSDaRT Tools menu which presents various recovery tools.
This is the project for the owasp live cd which is a web pentesting distro that contains many of the owasp tools and a few tutorils.
This distro will serve as a dojo for everyone who are just starting to explore the world of web application security or who just want to practice their fu in a legal environment. This maybe the distro that your looking for. Project Playground or “PiPi” is packed with different web apps intended to have vulnerabilities that is made by security experts and enthusiast all around the world. This includes DVWA, mutillidae, gruyere and infamous webgoat and many more. The distro is also packed with different tools such as paros,w3af, sqlmap and many more for penetration testing on the web apps.
Matriux Krypton final was released last 2011.08.15 and is another open source security distribution for ethical hackers and penetration testers. Compiled with a cool set of tools which they call arsenals, this distro can be used for penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, exploiting, cracking, data recovery and many more.