Study Porpose Tool For Ethical Hacking

-: Hacking Tools :-

Port Scanners :-

Nmap :- This tool developed by Fyodor is one of the best unix and windows based port scanners. This advanced port scanner has a number of useful arguments that gives user a lot of control over the process. Home:- http://www.mukeshjoon.blogspot.in Latest Release:- Nmap 5.50 Download:- http://nmap.org/download.html

Superscan :- A Windows-only port scanner, pinger, and resolver SuperScan is a free Windows-only closed-source TCP/UDP port scanner by Foundstone. It includes a variety of additional networking tools such as ping, traceroute, http head, and whois. Home:- http://www.foundstone.com Latest Release:- SuperScan v4.0 Download:- http://www.foundstone.com/us/resources/proddesc/superscan4.htm

Angry IP Scanner :- A fast windows IP scanner and port scanner. Angry IP Scanner can perform basic host discovery and port scans on Windows. Its binary file size is very small compared to other scanners and other pieces of information about the target hosts can be extended with a few plugins. Home:- http://www.angryziber.com [sourceforge.net] Latest Release:- IPScan 3.0-beta3 Download:- http://www.angryziber.com/w/Download

Unicornscan :- Unicornscan is an attempt at a User-land Distributed TCP/IP stack for information gathering and correlation. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network. Some of its features include asynchronous stateless TCP scanning with all variations of TCP flags, asynchronous stateless TCP banner grabbing, and active/passive remote OS, application, and component identification by analyzing responses. Home:- http://www.unicornscan.org Latest Release:- Unicornscan 0.4.7-2 Download:- http://www.unicornscan.org

OS Fingerprinting Tools :-

Nmap :- This tool developed by Fyodor is one of the best unix and windows based active os fingerprinting tool. Home:- http://www.insecure.org Latest Release:- Nmap 5.50 Download:- http://nmap.org/download.html

P0f :- A passive OS fingerprinting tool. P0f is able to identify the operating system of a target host simply by examining captured packets even when the device in question is behind an overzealous packet firewall.P0f can detect firewall presence, NAT use, existence of load balancers, and more! Home:- http://lcamtuf.coredump.cx/p0f.shtml Latest Release:- p0f v2 (2.0.8) Download:- http://lcamtuf.coredump.cx/p0f.shtml

Xprobe2 :- Active OS fingerprinting tool. XProbe is a tool for determining the operating system of a remote host. They do this using some of the same techniques as Nmap as well as some of their own ideas. Xprobe has always emphasized the ICMP protocol in its fingerprinting approach. Home:- http://www.sys-security.com [sourceforge.net] Latest Release:- Xprobe2 0.3 Download:- http://sourceforge.net/projects/xprobe

Password Crackers :-

Cain and Abel :- The top password recovery tool for Windows. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. Home:- http://www.oxid.it Latest Release:- cain & abel v4.9.40 Download:- http://www.oxid.it/cain.html

John the Ripper :- A powerful, flexible, and fast multi-platform password hash cracker. John the Ripper is a fast password cracker, currently available for many flavors of Unix, DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types which are most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes. Several other hash types are added with contributed patches. Home:- http://www.openwall.com Latest Release:- John the Ripper 1.7 Download:- http://www.openwall.com/john/

THC Hydra :- A Fast network authentication cracker which support many different services. When you need to brute force crack a remote authentication service, Hydra is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more. Home:- http://www.thc.org Latest Release:- THC-Hydra v5.4 Download:- http://freeworld.thc.org/thc-hydra/

L0phtcrack :- Windows password auditing and recovery application L0phtCrack, also known as LC5, attempts to crack Windows passwords from hashes which it can obtain (given proper access) from stand-alone Windows NT/2000 workstations, networked servers, primary domain controllers, or Active Directory. In some cases it can sniff the hashes off the wire. It also has numerous methods of generating password guesses (dictionary, brute force, etc). Home:- Not Available Latest Release:- L0phtcrack v5.04 Download:- http://download.insecure.org/stf/lc5-setup.exe                   http://download.insecure.org/stf/lc5-crack.zip (keygen)

Pwdump :- Windows password recovery tool. Pwdump is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is enabled. It is also capable of displaying password histories if they are available. It outputs the data in L0phtcrack-compatible form, and can write to an output file. Home:- http://www.foofus.net/fizzgig/pwdump Latest Release:- pwdump6 version 1.7.2 Download:- http://swamp.foofus.net/fizzgig/pwdump/downloads.htm

RainbowCrack :- An Innovative Password Hash Cracker. The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called "rainbow tables". It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished. Home:- http://www.antsight.com Latest Release:- rainbowcrack v1.2 Download:- http://www.antsight.com/zsl/rainbowcrack/

Brutus :- A network brute-force authentication cracker This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more. Home:- http://www.hoobie.net Latest Release:- brutus-aet2 Download:- http://www.hoobie.net/brutus/brutus-download.html

Vulnerability Scanners :-

Nessus :- Premier UNIX vulnerability assessment tool Nessus is the best free network vulnerability scanner available, and the best to run on UNIX at any price. It is constantly updated, with more than 11,000 plugins for the free (but registration and EULA-acceptance required) feed. Key features include remote and local (authenticated) security checks, a client/server architecture with a GTK graphical interface, and an embedded scripting language for writing your own plugins or understanding the existing ones. Home:- http://www.nessus.org Latest Release:- Nessus 4 Download:- http://www.nessus.org/download/

GFI LANguard :- A commercial network security scanner for Windows GFI LANguard scans IP networks to detect what machines are running. Then it tries to discern the host OS and what applications are running. I also tries to collect Windows machine's service pack level, missing security patches, wireless access points, USB devices, open shares, open ports, services/applications active on the computer, key registry entries, weak passwords, users and groups, and more. Scan results are saved to an HTML report, which can be customized/queried. It also includes a patch manager which detects and installs missing patches. Home:- http://www.gfi.com Latest Release:- GFI LANguard Network Security Scanner 8 Download:- http://www.gfi.com/lannetscan/

Retina :- Commercial vulnerability assessment scanner by eEye Like Nessus, Retina's function is to scan all the hosts on a network and report on any vulnerabilities found. It was written by eEye, who are well known for their security research. Home:- http://www.eeye.com Latest Release:- Retina Network Security Scanner v5.15.7 Download:- http://www.eeye.com/html/Products/Retina/index.html

Core Impact :- An automated, comprehensive penetration testing product. it is widely considered to be the most powerful exploitation tool available. It sports a large, regularly updated database of professional exploits, and can do neat tricks like exploiting one machine and then establishing an encrypted tunnel through that machine to reach and exploit other boxes. Home:- http://www.coresecurity.com Latest Release:- Core Impact 4.0 Download:- http://www.coresecurity.com/

ISS Internet Scanner :- Application-level vulnerability assessment Internet Scanner started off in '92 as a tiny open source scanner by Christopher Klaus. Now he has grown ISS into a billion-dollar company with a myriad of security products. http://www.iss.net/products_services/enterprise_protection /vulnerability_assessment/scanner_internet.php

SARA :- Security Auditor\92s Research Assistant SARA is a third generation network security analysis tool that Operates under Unix, Linux, MAC OS/X or Windows. The first generation assistant, the Security Administrator's Tool for Analyzing Networks (SATAN) was developed in early 1995. It became the benchmark for network security analysis for several years. However, few updates were provided and the tool slowly became obsolete in the growing threat environment. Home:- http://www-arc.com Download:- http://www-arc.com/sara

Packet Sniffers :-

Ethereal :- This (also known as Wireshark) is a fantastic open source network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. Home:- http://www.wireshark.org Latest Release:- Wireshark 1.0.4 (Ethereal) Download:- http://www.wireshark.org/download.html

Kismet :- A powerful wireless sniffer. Kismet is a console based 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. It identifies networks by passively sniffing, and can even decloak hidden networks if they are in use. It can automatically detect network IP blocks by sniffing TCP, UDP, ARP, and DHCP packets, log traffic in Wireshark/TCPDump compatible format, and even plot detected networks and estimated ranges on downloaded maps. Home:- http://www.kismetwireless.net Latest Release:- Kismet-2008-05-R1 Download:- http://www.kismetwireless.net/download.shtml

Tcpdump :- The classic sniffer for network monitoring and data acquisition. It is great for tracking down network problems or monitoring activity. There is a separate Windows port named WinDump. TCPDump is the source of the Libpcap/WinPcap packet capture library. Home:- http://www.tcpdump.org Latest Release:- TCPDUMP 4.0.0 Download:- http://www.tcpdump.org/

Ettercap :- Ettercap is a terminal-based network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like ssh and https). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN. Home:- http://ettercap.sourceforge.net Latest Release:- Ettercap NG-0.7.3 Download:- http://sourceforge.net/projects/ettercap/

DSniff :- A suite of powerful network auditing and penetration-testing tools. This popular and well-engineered suite by Dug Song includes many tools. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected ssh and https sessions by exploiting weak bindings in ad-hoc PKI. Overall, this is a great toolset. It handles pretty much all of your password sniffing needs. Home:- http://www.monkey.org Latest Release:- dsniff-2.3 Download:- http://www.monkey.org/~dugsong/dsniff/

Encryption Tools :-

GnuPG / PGP :- Secure your files and communication with the advanced encryption. PGP is the famous encryption program by Phil Zimmerman which helps secure your data from eavesdroppers and other risks. GnuPG is a very well-regarded open source implementation of the PGP standard (the actual executable is named gpg). While GnuPG is always free, PGP costs money for some uses. http://www.gnupg.org/ http://www.pgp.com/

OpenSSL :- The premier SSL/TLS encryption library. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation. http://www.openssl.org/

Tor :- An anonymous Internet communication system Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, irc, ssh, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features. http://tor.eff.org/

Stunnel :- A general-purpose SSL cryptographic wrapper. The stunnel program is designed to work as an SSL encryption wrapper between remote client and local or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. http://www.stunnel.org/

OpenVPN :- A full-featured SSL VPN solution. OpenVPN is an open-source SSL VPN package which can accommodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN uses OpenSSL as its primary cryptographic library. http://openvpn.net/

TrueCrypt :- Open-Source Disk Encryption Software for Windows and Linux. TrueCrypt is an excellent open source disk encryption system. Users can encrypt entire filesystems, which are then on-the-fly encrypted/decrypted as needed without user intervention beyond entering their passphrase intially. A clever hidden volume feature allows you to hide a 2nd layer of particularly sensitive content with plausible deniability about whether it exists. Then if you are forced to give up your passphrase, you give them the first-level secret. Even with that, attackers cannot prove that a second level key even exists. http://www.truecrypt.org/

 winAUTOPWN v3.0 Released - System vulnerability exploitation Framework

WINAUTOPWN ACTIVE SYSTEMS TRANSGRESSOR GUI [ C4 - WAST ] is a Systems and Network Exploitation Framework built on the famous winAUTOPWN as a backend. 
C4 - WAST gives users the freedom to select individual exploits and use them.
BSDAUTOPWN has been compiled, like always for various flavours and has been upgraded to version 1.8 alongwith all applicable exploits
WINAUTOPWN requires PERL,PHP,PYTHON,RUBY and its dependencies alongwith a few others' too for smooth working of exploits included in it.

Download

---

The Mole: Automatic SQL Injection Exploitation Tool

Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a Boolean query based technique.The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily.
Read more



Download

---

Sqlninja 0.2.6

Features:

 >> Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
>>  Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental).
>> Creation of a custom xp_cmdshell if the original one has been removed
>> Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed).
>> TCP/UDP portscan from the target SQL Server to the attacking machine, in order
to find a port that is allowed by the firewall of the target network
and use it for a reverse shell.
>> Direct and reverse bindshell, both TCP and UDP
>> ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse
shell but the DB can ping your box.
>> DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for
 a direct/reverse shell, but the DB server can resolve external hostnames
 (check the documentation for details about how this works).
>> Evasion techniques to confuse a few IDS/IPS/WAF.
>> Integration with Metasploit3, to obtain a graphical access to the remote DB
 server through a VNC server injection.

Download

---

HexorBase - The DataBase Hacker Tool

To Audit Management and Multiple Databases

HexorBase is a database application designed for management and audit multiple database servers simultaneously from a single location, is able to perform SQL queries and brute force attacks against servers common database ( MySQL, SQLite, Microsoft
SQL Server, Oracle, PostgreSQL ).
This tool is simple to use and very practical, may have to know a little SQL, but the basics.

Video:

HexorBase runs on Linux and presumably Windows, and requires:

python-qt4 python python-MySQLdb cx_Oracle python-psycopg2 python-python-qscintilla2 pymssql

To install it you must download and from the console:

Project website and download HexorBase:

http://code.google.com/p/hexorbase/

root @ host: ~ # dpkg-i hexorbase_1.0_all.deb

---

Net Tools 5.0 (Net Tools 5.x)

This tools is a hacker friendly. Net Tools is a comprehensive set of host monitoring, network scanning, security, administration tools and much more, all with a highly intuitive user interface. It's an ideal tool for those who work in the network security, administration, training, internet forensics or law enforcement internet crimes fields. Net Tools is mainly written in Microsoft Visual Basic 6, Visual C++, Visual C# and Visual Studio .NET.
There has a 175 tools list in one software.. Tools Content

Download

Intercepter Sniffer

Intercepter is a sniffer tool which offers various capabilities including sniffing for password hashes related to ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/HTTP/
WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/MYSQL and ORACLE. It also sniffs ICQ/
AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC and MRA protocols. It has a built-in arp poisoning module, can change MAC addresses of LAN adapters, and has various other interesting functionality.

Download

---

Havij v1.15 Advanced SQL Injection

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

Download

---

Ani-Shell

Ani-Shell is a simple PHP shell with some unique features like Mass Mailer , A simple Web-Server Fuzzer , DDoser, Back Connect , Bind Shell etc etc ! This shell has immense capabilities and have been written with some coding standards in mind for better editing and customization.

Customisation
1. Email Trace back is set to Off as default and emails will not be sent , If you are setting
this feature on make sure you change the default email address (lionaneesh@gmail.com)
 to Your email address , Please Change it before using.
2. Username and Passwords are set to lionaneesh and lionaneesh respectively , Please change them for better
security.
3. As a default Lock Mode is set to on! This should not be change unless you want your shell exposed.

Default Login
Username : lionaneesh
Password : lionaneesh

Features
    Shell
    Platform Independent
    Mass - Mailer
    Small Web-Server Fuzzer
    DDoser
    Design
    Secure Login
    Deletion of Files
    Bind Shell
    Back Connect
    Fixed Some Coding errors!
    Rename Files
    Encoded Title
    Traceback (Email Alerts)
    PHP Evaluate
    Better Command Execution (even supports older version of PHP)
    Mass Code Injector (Appender and Overwriter)
    Lock Mode Customization

Latest Version Addition
    Mail Bomber (With Less Spam detection feature)
    PHP Decoder
    Better Uploader
    Fixed some Coding errors

Download

---

SQL MAP 0.9                                       

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.Its a good tools for find Sql Vulnerability.

New Features/Changes-->

Rewritten SQL injection detection engine (Bernardo and Miroslav).
Support to directly connect to the database without passing via a SQL injection, -d switch (Bernardo and Miroslav).
Added full support for both time-based blind SQL injection and error-based SQL injection techniques (Bernardo and Miroslav).
Implemented support for SQLite 2 and 3 (Bernardo and Miroslav).
Implemented support for Firebird (Bernardo and Miroslav).
Implemented support for Microsoft Access, Sybase and SAP MaxDB (Miroslav).
Added support to tamper injection data with –tamper switch (Bernardo and Miroslav).
Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack (Miroslav).
Added support to fetch unicode data (Bernardo and Miroslav).
Added support to use persistent HTTP(s) connection for speed improvement, –keep-alive switch (Miroslav).
Implemented several optimization switches to speed up the exploitation of SQL injections (Bernardo and Miroslav).
Support to parse and test forms on target url, –forms switch (Bernardo and Miroslav).
Added switches to brute-force tables names and columns names with a dictionary attack, –common-tables and –common-columns.

Download

sqlmap 0.9 has been released and has a considerable amount of changes including an almost entirely re-written SQL Injection detection engine.

---

DRIL – Domain Reverse IP Lookup Tool:

DRIL (Domain Reverse IP Lookup) Tool is a Reverse Domain Tool that will really be useful for penetration testers to find out the domain names which are listed in the the target host, DRIL is a GUI, JAVA based application which uses a Bing API key.

DRIL has a simple user friendly interface which will be helpful for penetration tester to do their work fast without a mess, this is only tested on Linux but as it is JAVA it should work on Windows too.
There are various other tools which carry out similar tasks..

Download