Scanners to test security


ftp-like client to access SMB/CIFS resources on servers. This tool is part of the linux samba suite.

Hping 3

hping is a free packet generator and analyzer for the TCP/IP protocol. Hping is one of the de-facto tools for security auditing and testing of firewalls and networks, and was used to exploit the Idle Scan scanning technique now implemented in the Nmap port scanner. The new version of hping, hping3, is scriptable using the Tcl language and implements an engine for string based, human readable description of TCP/IP packets, so that the programmer can write scripts related to low level TCP/IP packet manipulation and analysis in a very short time.

escanner Escalation Pentesting Tool

escanner is a small tool that helps you thread scan file(s)/directories recursively for possible vulnerability of insecure file permissions that could result on local privilege escalation due to some misconfiguration of operating systen, software vendors or by users. One example, a local attacker can replace/overwrite the original file to a malicious binary that could perform unauthorized actions so when the machine restart the malicious binary will be executed with SYSTEM privileges also it can cause DoS(Denial of Service) for some daemon if the configuration file is deleted or changed.


Jasager is an implementation of Karma designed to run on OpenWrt on the Fon. It will probably run on most APs with Atheros wifi cards but it was designed with the Fon in mind as it is a nice small AP which gives it a lot of scope for use in penetration tests and other related fun.

A quick highlight of features:
•Web interface showing currently connected clients with their MAC address, IP address (if assigned) and the SSID they associated with
•The web interface allows control of all Karma features and can either run fully featured through AJAX enabled browsers or just as well through lynx
•Auto-run scripts on both association and IP assignment
•Full logging for later review
•Pluggable module system for easy extensibility
•Basic command line interface so you don't have to remember the different iwpriv commands


Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla!


MSFMap provides a port scanner for Meterpreter using a NMap-like syntax. It's primary benefits are speed and ease of use while not writing anything to disk. MSFMap allows penetration testers to rapidly utilize a compromised host to scan internal networks.

Security Now

SecurityNOW! Professional allows you to perform an objective assessment of your security and risk management profile using verified and validated data. SecurityNOW! has the Institute for Security and Open Methodology (ISECOM) seal of approval, guaranteeing that your self-assessment can be combined with professional audit results. It was also created leveraging the Open Source Security Testing Methodology (OSSTMM). Using the software, you will be able integrate the report with a security audit and directly enter verified audit results. You will also be able to generate a Risk Assessment Value that quantifies your risk management using a standardized, consistent framework.


Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice.


Current forces are putting pressure on organizations to secure their applications fast. The Veracode product suite facilitates that for you and we make implementation a breeze with our private cloud delivery platform. There's no hardware to buy; no software to install; no disruption to current systems; no intensive developer training; and you can be up and running in minutes.

HTTP Post Tool

A tool for the purpose of performing web application security assessment around the availability concerns. Web Denial of Service Attack tool.

Syndicate content