Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.
It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system.

SMB Shell

SMBShell is a cross platform java based multi threaded application with minimal smb client shell pentesting tool. This application uses dictionary attack method against remote samba daemon with the capability of spawning an smb client shell with every credential found if the check box ‘spawn shell’ is checked. This will help network/system administrator test the password integrity with the very basic common password attack in your Linux, BSD or Windows box with samba installed.


Wapiti allows you to audit the security of your web applications.
It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.
Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.

Immunity Debugger

Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility

Web Exploitation Framework

The basic principle behind wXf is to collect and place into a framework, all of the various scripts that web security testers create on a per-engagement scenario. This tool is like metasploit for webapps.


A Firefox extension that demonstrates HTTP session hijacking attacks.


Bluesnarfer to download / erase / write to the directory, last calls, send AT command to all mobile phones vulnerable to bluesnarfing.


EliteWrap is a binder that is used to bind a file inside of another. This tool is a bit older, but it works well. There are many options, and I would suggest using them so the files don't get deleted upon opening by av software.

Cisco Global Exploiter

Cisco Global Exploiter (CGE), is an advanced, simple and fast security testing tool/ exploit engine, that is able to exploit 14 vulnerabilities in disparate Cisco switches and routers. CGE is command-line driven perl script which has a simple and easy to use front-end.


Armitage is an easy to use front end extension for the metasploit framework.

Syndicate content