SOLDIERX.COM Nobody Can Stop Information Insemination

Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.

The Browser Exploitation Framework (BeEF) is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.
BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.

Fancy going from a SQL Injection on Microsoft SQL Server to a full GUI access on the DB? Take a few new SQL Injection tricks, add a couple of remote shots in the registry to disable Data Execution Prevention, mix with a little Perl that automatically generates a debug script, put all this in a shaker with a Metasploit wrapper, shake well and you have just one of the attack modules of sqlninja!
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.
Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).

DosHttp is an easy to use http flooding tool for denial of service attacks.

Session Thief is a session hijacking tool.

Dump Firefox AutoComplete files into XML
GPL Version 2

This application will search for the default Firefox profile of the user who runs the tool and dump the AutoComplete cache in XML format to standard output. Alternatively, autocomplete files can be passed to the application and they will be parsed as well. This application understands mork based autocomplete files (Firefox 1.x) as well as SQLite based formhistory and webappsstore files (Firefox 2.x).

The download package contains a standalone windows application. The MSVCR71.dll maybe needed on systems that do not already have this file. The full Python source code is also included and can be run on Windows, Mac OS X, Linux, or any other system with Python installed (the additional "pysqlite2" modulal is required for SQLite based file parsing).

Usage:
dumpAutoComplete [formhistory[.dat|.sqlite]]

Example Usage:
C:\Bin\> dumpAutoComplete > mydata.xml

In the wake of the recent compromise of the ProFTPd distribution
server and the subsequent root-level backdoor that was placed into
the source[0], we are proud to announce a cutting edge source code
scanner that will help you detect backdoors in your code. This code
is free to use for 30 days, after which time you must pay for it.

- ------------- el8 Vuln Scan v.0.1 -------------

#!/bin/bash

###################################################################
#
# Place this script inside the top level directory of your
# source code repo.
#
# Please delete this after 30 days, or purchase a copy from our
# online store.
#
# 50% of all proceeds will go to the victims that have been
# owned by ACIDBITCHES within the past 6 years.
#
###################################################################

# main

export PATH=/bin

grep -r ACIDBITCHES *

- ------------- el8 Vuln Scan v.0.1 -------------

Thank you for helping us to help you make the Internet a safer
place.

[0] http://permalink.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/7965

w3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

The project uses a number of disparate plugins to carry out an audit against a target website, the main ones being:

* Discovery plugins have only one responsibility, finding new URLs, forms, and other “injection points”. A classic example of a discovery plugin is a web spider. This plugin takes a URL as input and returns one or more injection points. When a user enables more than one plugin of this type, they work recursively: If plugin A finds a new URL in the first run, the w3af core will send that URL to plugin B. If plugin B then finds a new URL, it will be sent to plugin A. This will go on until all plugins are run and no more knowledge about the application can be found using the enabled discovery plugins.

* Audit plugins take the injection points found by discovery plugins and send specially crafted data to all of them in order to find vulnerabilities. A classic example of an audit plugin is one that searches for SQL injection.

* Attack plugins objective is to exploit vulnerabilities found by audit plugins. They usually return a shell on the remote server, or a dump of remote databases in case of SQL injections.

The plugins find the URLs, discover the bugs and exploit them. The complete list of plugins types is:

* audit
* bruteforce
* discovery
* evasion
* exploit
* grep
* mangle
* output

SQLIer takes an SQL Injection vulnerable URL and attempts to determine all the necessary information to build and exploit an SQL Injection hole by itself, requiring no user interaction at all (unless it can't guess the table/field names correctly). By doing so, SQLIer can build a UNION SELECT query designed to brute force passwords out of the database. This script also does not use quotes in the exploit to operate, meaning it will work for a wider range of sites.

An 8 character password (containing any character from decimal ASCII code 1-127) takes approximately 1 minute to crack.

Execution:
sqlier [OPTIONS] [url]

-c [host] Clear all exploit information stored for [host].
-o [file] Output cracked passwords to [file].
-s [seconds] Wait [seconds] between page requests.
-u [usernames] Usernames that will be brute forced from the database,
comma separated (Username1,Username2,Username3).
-w [options] Pass [options] to wget.

Passing Field Names:
--table-names [table_names] Comma separated list of table names to guess.
--user-fields [user_fields] Comma separated list of username fields to guess.
--pass-fields [pass_fields] Comma separated list of password fields to guess.