Written and maintained by Fyodor Yarochkin, Meder Kydyraliev and Ofir Arkin, Xprobe (I & II) is an active OS fingerprinting tools based on Ofir Arkin’s ICMP Usage In Scanning Research project.Xprobe is an alternative to some tools which are heavily dependent upon the usage of the TCP protocol for remote active operating system fingerprinting.


P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on:
- machines that connect to your box (SYN mode),
- machines you connect to (SYN+ACK mode),
- machine you cannot connect to (RST+ mode),
- machines whose communications you can observe.
P0f can also do many other tricks, and can detect or measure the following:
- firewall presence, NAT use (useful for policy enforcement),
- existence of a load balancer setup,
- the distance to the remote system and its uptime,
- other guy's network hookup (DSL, OC3, avian carriers) and his ISP.

THC Amap

Amap is a next-generation tool for assisting network penetration testing.
It performs fast and reliable application protocol detection, independent
on the TCP/UDP port they are being bound to.


Manage data on CDMA phones from LG, Samsung, Sanyo and others

BitPim is a program that allows you to view and manipulate data on many CDMA phones from LG, Samsung, Sanyo and other manufacturers. This includes the PhoneBook, Calendar, WallPapers, RingTones (functionality varies by phone) and the Filesystem for most Qualcomm CDMA chipset based phones.

Versions are for:
Windows (up to Windows 7)
Mac OS 10.3+


Wellenreiter is a GTK/Perl program that makes the discovery, penetration and auditing of 802.11b wireless networks as easy as possible. All three major wireless cards (Prism2 , Lucent, and Cisco) are supported. Usability is one of the main goal.

Net Tools

This suite of utilities covers the gamut from port scanners to DOS (denial of service) Utilities. it has encryption programs, port listening programs, calculators for various network activities, several implementations of Netstat, ping utilities, anonymous mailers, file splitters and mergers, etc.
Needless to say, too many to list all here. visit the link to get full details on the set and to download.


Tiger is a security tool that can be use both as a security audit and intrusion detection system. It supports multiple UNIX platforms and it is free and provided under a GPL license. Unlike other tools, Tiger needs only of POSIX tools and is written entirely in shell language.

Tiger has some interesting features that merit its resurrection, including a modular design that is easy to expand, and its double edge, it can be used as an audit tool and a host intrusion detection system tool. Free Software intrusion detection is currently going many ways, from network IDS (with Snort), to the kernel (LIDS, or SNARE for Linux and Systrace for OpenBSD, for example), not mentioning file integrity checkers (many of these: aide, integrit samhain, tripwire...) and logcheckers (even more of these, check the Log Analysis pages). But few of them focus on the host-side of intrusion detection fully. Tiger complements this tools and also provides a framework in which all of them can work together. Tiger it is not a logchecker, nor it focused in integrity analysis. It does "the other stuff", it checks the system configuration and status. Read the manpage for a full description of checks implemented in Tiger. A good example of what Tiger can do is, for example, check_findelete, a module that can determine which network servers running in a system are using deleted files (because libraries were patched during an upgrade but the server's services not restarted).

Free software Linux/*BSD distributions have a myriad of security tools to do local security checks: Debian's checksecurity, Mandrake's msec, OpenBSD's /etc/security, SUSE's Seccheck... but, even if they do similar checks they have suffered from fragmentation. Tiger is being developed in the hopes that it could substitute them at some point in the future. For a list of system security checks that Tiger provides that others do not you can read this (short) comparison.

Find more information in the project page at Savannah.

Mini MySqlat0r

Mini Mysqlat0r provides a graphical user interface for enumerating MySQL databases through SQL injection.

Mini Mysqlat0r is basically composed of 3 parts: Crawler, Injection Finder, Exploiter.


AutoScan-Network is a fast graphical network scanner. Useful for detecting unauthorized network access as well mapping known network devices. AutoScan has been ported to run on OSX, Linux, and Windows among other operating systems.

• Fast network scanner
• Automatic network discovery
• TCP/IP scanner
• Wake on lan functionality
• Multi-threaded Scanner
• Port scanner
• Low surcharge on the network
• VNC Client
• Telnet Client
• SNMP scanner
• Simultaneous subnetworks scans without human intervention
• Realtime detection of any connected equipment
• Supervision of any equipment (router, server, firewall...)
• Supervision of any network service (smtp, http, pop, ...)
• Automatic detection of known operatic system (brand and version), you can also add any unknown equipment to the database
• The graphical interface can connect one or more scanner agents (local or remote)
• Scanner agents could be deployed all over the network to scan through any type of equipment (router, NAT, etc)
• Network Intruders detection (in intruders detection mode, all new equipments blacklisted)
• Complete network tree can be saved in a XML file.
• Privileged account is not required


HP WebInspect performs web application security testing and assessment for today's complex web applications, built on emerging Web 2.0 technologies. HP WebInspect delivers fast scanning capabilities, broad security assessment coverage and accurate web application security scanning results.

HP WebInspect identifies security vulnerabilities that are undetectable by traditional scanners. With innovative assessment technology, such as simultaneous crawl and audit (SCA) and concurrent application scanning, you get fast and accurate automated web application security testing and web services security testing.

Syndicate content