This program can trace any email back to it's true geographic location. Along with many other features.


Maltego is an open source intelligence and forensics application. It will offer you timous mining and gathering of information as well as the representation of this information in a easy to understand format.

One Sixty One

Onesixtyone is an SNMP scanner that sends multiple SNMP requests to multiple IP addresses, trying different community strings and waiting for replies. This version fixes a number of bugs in other publically available versions of the software, such as allowing for very large dictionary files and reading target IP addresses from a file.


Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

A fully automated, active web application security reconnaissance tool. Key features:

•High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.
•Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
•Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

Web Data Extractor

Web data extractor is a tool that lets you :

Extract targeted company contact data (email, phone, fax) from web for responsible b2b communication. Extract url, meta tag (title, desc, keyword) for website promotion, search directory creation, web research.

Basically it is a website scraping tool


SpiderFoot is a free, open-source, domain footprinting tool. Given one or multiple domain names (and when I say domains, I'm referring to the DNS kind, not Windows domains), it will scrape the websites on that domain, as well as search Google, Netcraft, Whois and DNS to build up information


httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database.


McAfee Foundstone CredDigger™ is a tool that attempts to gather data to assist with penetration testing on a corporate network by determining every host on which a given set of user credentials is valid, while also building a database of all user ID’s through various means and protocols.

The intended audience for McAfee Foundstone CredDigger is a penetration tester or network administrator wanting to test his/her security.

Some of the common use cases for the tool are:
System Requirements
Penetration testing a client environment
Network administrator performing a security test on his/her own environments
Microsoft .NET Framework v1.1 or higher
Microsoft Internet Explorer 5.5 or higher
CredDigger has been tested on Windows XP workstation running .NET v2.0, and Windows 2000 server running .NET v1.1.


NetBIOS Enumeration Utility (NBTEnum) is a utility for Windows that can be used to enumerate NetBIOS information from one host or a range of hosts. The enumerated information includes the network transports, NetBIOS name, account lockout threshold, logged on users, local groups and users, global groups and users, and shares.

If run under the context of a valid user account additional information is enumerated including operating system information, services, installed programs, Auto Admin Logon information and encrypted WinVNC/RealVNC passwords. This utility will also perform password checking with the use of a dictionary file. Runs on Windows NT 4.0/2000/XP/2003. PERL source included.

Examples :

* nbtenum -q - Enumerates NetBIOS information on host as the null user.
* nbtenum -q johndoe "" - Enumerates NetBIOS information on host as user "johndoe" with a blank password.
* nbtenum -a iprange.txt - Enumerates NetBIOS information on all hosts specified in the iprange.txt input file as the null user and checks each user account for blank passwords and passwords the same as the username in lower case.
* nbtenum -s iprange.txt dict.txt - Enumerates NetBIOS information on all hosts specified in the iprange.txt
input file as the null user and checks each user account for blank passwords and passwords the same as the username in lower case and all passwords specified in dict.txt if the account lockout threshold is 0.


creddump is a python tool to extract various credentials and secrets from Windows registry hives. It currently extracts:

* LM and NT hashes (SYSKEY protected)
* Cached domain passwords
* LSA secrets

It essentially performs all the functions that bkhive/samdump2, cachedump, and lsadump2 do, but in a platform-independent way.

It is also the first tool that does all of these things in an offline way (actually, Cain & Abel does, but is not open source and is only available on Windows).

Syndicate content