changelog v-1.4.9 : ADDED: -reject and -die ENHANCED: host specification. fixed one bug
Web-Sorrow is a perl based tool for misconfiguration, version detection, enumeration, and server information scanning. It’s entirely focused on Enumeration and collecting Info on the target server. Web-Sorrow is a “safe to run” program, meaning it is not designed to be an exploit or perform any harmful attacks.
Current functionality:
HOST OPTIONS:

-host [host] — Defines host to scan, a list separated by semicolons, 1.1.1.30-100 type ranges, and 1.1.1.* type ranges. You can also use the 1.1.1.30-100 type ranges for domains like www1-10.site.com

-port [port num] — Defines port number to use (Default is 80)

-proxy [ip:port] — Use an HTTP, HTTPS, or gopher proxy server

SCANS:

-S — Standard set of scans including: agresive directory indexing,

Banner grabbing, Language detection, robots.txt,

HTTP 200 response testing, Apache user enum, SSL cert,

Mobile page testing, sensitive items scanning,

thumbs.db scanning, content negotiation, and non port 80

server scanning

-auth — Scan for login pages, admin consoles, and email webapps

-Cp [dp | jm | wp | all] scan for cms plugins.

dp = drupal, jm = joomla, wp = wordpress

-Fd — Scan for common interesting files and dirs (Bruteforce)

-Sfd — Very small files and dirs enum (for the sake of time)

-Sd — BruteForce Subdomains (host given must be a domain. Not an IP)

-Ws — Scan for Web Services on host such as: cms version info,

blogging services, favicon fingerprints, and hosting provider

-Db — BruteForce Directories with the big dirbuster Database

-Df [option] Scan for default files. platfroms/options: Apache,

Frontpage, IIS, Oracle9i, Weblogic, Websphere,

MicrosoftCGI, all (enables all)

-ninja — A light weight and undetectable scan that uses bits and

peices from other scans (it is not recomended to use with any

other scans if you want to be stealthy. See readme.txt)

-fuzzsd — Fuzz every found file for Source Disclosure

-e — Everything. run all scans

-intense — like -e but no bruteforce

-I — Passively scan interesting strings in responses such as:

emails, wordpress dirs, cgi dirs, SSI, facebook fbids,

and much more (results may Contain partial html)

-dp — Do passive tests on requests: banner grabbing, Dir indexing,

Non 200 http status, strings in error pages,

Passive Web services

SCAN SETTINGS:

-ua [ua] — Useragent to use. put it in quotes. (default is firefox linux)

-Rua — Generate a new random UserAgent per request

-R — Only request HTTP headers via ranges requests.

This is much faster but some features and capabilitises

May not work with this option. But it’s perfect when

You only want to know if something exists or not.

Like in -auth or -Fd

-gzip — Compresses http responces from host for speed. Some Banner

Grabbing will not work

-d dir — Only scan within this directory

-https — Use https (ssl) instead of http

-nr — Don’t do responce analisis IE. False positive testing,

Iteresting headers (other than banner grabbing) if

you want your scan to be less verbose use -nr

-Shadow — Request pages from Google cache instead of from the Host.

(mostly for just -I otherwise it’s unreliable)

-die — Stop scanning host if it appears to be offline

-reject — Treat this http status code as a 404 error

web-sorrow also has false positives checking on most of it’s requests (it pretty accurate but not perfect)

Examples:

basic: perl Wsorrow.pl -host scanme.nmap.org -S
stealthy: perl Wsorrow.pl -host scanme.nmap.org -ninja -proxy 190.145.74.10:3128
scan for login pages: perl Wsorrow.pl -host 192.168.1.1 -auth
CMS intense scan: perl Wsorrow.pl -host 192.168.1.1 -Ws -Cp all -I
most intense scan possible: perl Wsorrow.pl -host 192.168.1.1 -e
dump http headers: perl headerDump.pl
Check if host is alive: perl hdt.pl -host 192.168.1.1
sample output

using option -Ws
[*] _______WEB SERVICES_______ [*]

[+] Found service or widget: google analytics

[+] Found service or widget: disqus.com commenting system

[+] Found service or widget: quantserve.com

[+] Found service or widget: twitter widget

using option -S

[+] Server Info in Header: “Via: varnish ph7″

[+] HTTP Date: Mon, 22 Oct 2012 01:36:11 GMT

[+] HTTP Title: [cen0red]

[+] robots.txt found! This could be interesting!

[?] would you like me to display it? (y/n) ? Y

[+] robots.txt Contents:

User-agent: *

Disallow:

Sitemap: http://[cen0red]/sitemap.xml

[+] Directory indexing found in “/icons/”

[+] xmlrpc: /xmlrpc.php

HTTP CODE: 403 -> [+] Apache information: /server-status/

[+] Domain policies: /crossdomain.xml

[+] OPEN HTTP server on port: 81
Download : Web-Sorrow_v1.4.9.zip (7.1 MB)
Find Other Version |
Read more in here : http://code.google.com/p/web-sorrow/ or contact at twitter :@flyinpoptartcat
Our post before : http://seclist.us/2012/09/update-web-sorrow-v1-4-7b-a-versatile-security-scanner-for-the-information-disclosure-phase-of-pentesting.html

change TrueCrack Version 2.0 :

• New support for Cuda toolkit 5.0
• New supports for Compute capability version 2.0/2.0/3.5 (GTX 5/6 series)
• Extra password generating optimization.

WHAT TrueCrack IS?

TrueCrack is a brute-force password cracker for TrueCrypt (Copyrigth) volume files. It works on Linux and it is optimized with Nvidia Cuda technology.
It works with cripted volumes with the following algorithms:

PBKDF2 (defined in PKCS5 v2.0) based on RIPEMD160 Key derivation function.
XTS block cipher mode of operation used for hard disk encryption based on AES.
TrueCrack can work in two different modes of use:
Dictionary attack: read the passwords from a file of words (one password for line).
Charset attack: generate the passwords from a charset of symbols defined by the user (for example: all possible strings of n characters from the charset “abc” ).
HOW TO RUN?
Dictionary attack from a wordlist file:
./truecrack -t TRUECRYPT_VOLUME -w WORDLIST_FILE
Charset attack from an alphabet (ex. abc) with the maximum length(32) for single word:
./truecrack -t TRUECRYPT_VOLUME -c abcdefghijklmnopqrstuvwxyz -m 5
NOTE: TrueCrack requires a lots of gpu resources. We suggest to disable Xserver, unplug your monitor ( to disable the framebuffer ) and lunch the command in a remote session.

EXECUTION OPTIONS
Note: the blocksize argument is directly proportional to the number of parallel cuda grid blocks and the number of password computed. A value 10 to blocksize parameter means that there are 10 cuda blocks running in parallel; each block checks and verifies one single password. So 10 blocks mean 10 password computed in parallel. This value is set by default to the number of cores of the current nvidia board (the maximum is 65536 for 1.x and 2.x cuda architectures); if the GPU is disable, blocksize is set to 1024 by default.
-h –help Display the usage information.
-t –truecrypt FILE Truecrypt volume file.
-w –wordlist FILE Wordlist mode, read words from FILE.
-m –maxlength INT Charset mode, max length of words generated.
-c –charset STRING Charset mode, create words from charset STRING.
-b –blocksize INT Block size of words parallel computed.
-v –verbose Show cracked passwords.
HOW TO COMPILE?
TrueCrack can work on CPU or GPU modes.
The configure procedure recognizes the Cuda installation and generates the code for GPU mode. Otherwise it enables the CPU mode. If you want the Cuda optimization, you set the GPU variable on true:
./configure
make
sudo make install
CONFIGURE OPTIONS
–enable-debug : enable nVidia CUDA debug mode [default=no]
–enable-cpu : disable cuda nvidia GPU and use CPU [default=no]
–with-cuda=PATH : prefix where cuda is installed [default=auto]
PERFORMANCE
Total execution time for a dictionary attack of 10,000 words with average length of word: 10 characters.
CPU mode

System: Intel Core-i7 920, 2,67GHz – Total time: 11m 01,1s
GPU mode
Board: nVidia GeForce GTX460 – Total time: 0m 30,42s
Board: nVidia GeForce GTX650 – Total time: 0m 15,67s

Download : truecrack_v20.tar.gz (3.0 MB)
Find Other Version |
Resources : http://code.google.com/p/truecrack/

TrueCrack Version 2.5 :

• New support for Cuda toolkit 5.0
• New supports for Compute capability version 2.0/2.0/3.5 (GTX 5/6 series)
• Extra optimization for password generation

WHAT TrueCrack IS?

TrueCrack is a brute-force password cracker for TrueCrypt (Copyrigth) volume files. It works on Linux and it is optimized with Nvidia Cuda technology.
It works with cripted volumes with the following algorithms:

PBKDF2 (defined in PKCS5 v2.0) based on RIPEMD160 Key derivation function.
XTS block cipher mode of operation used for hard disk encryption based on AES.
TrueCrack can work in two different modes of use:
Dictionary attack: read the passwords from a file of words (one password for line).
Charset attack: generate the passwords from a charset of symbols defined by the user (for example: all possible strings of n characters from the charset “abc” ).
HOW TO RUN?
Dictionary attack from a wordlist file:
./truecrack -t TRUECRYPT_VOLUME -w WORDLIST_FILE
Charset attack from an alphabet (ex. abc) with the maximum length(32) for single word:
./truecrack -t TRUECRYPT_VOLUME -c abcdefghijklmnopqrstuvwxyz -m 5
NOTE: TrueCrack requires a lots of gpu resources. We suggest to disable Xserver, unplug your monitor ( to disable the framebuffer ) and lunch the command in a remote session.

EXECUTION OPTIONS
Note: the blocksize argument is directly proportional to the number of parallel cuda grid blocks and the number of password computed. A value 10 to blocksize parameter means that there are 10 cuda blocks running in parallel; each block checks and verifies one single password. So 10 blocks mean 10 password computed in parallel. This value is set by default to the number of cores of the current nvidia board (the maximum is 65536 for 1.x and 2.x cuda architectures); if the GPU is disable, blocksize is set to 1024 by default.
-h –help Display the usage information.
-t –truecrypt FILE Truecrypt volume file.
-w –wordlist FILE Wordlist mode, read words from FILE.
-m –maxlength INT Charset mode, max length of words generated.
-c –charset STRING Charset mode, create words from charset STRING.
-b –blocksize INT Block size of words parallel computed.
-v –verbose Show cracked passwords.
HOW TO COMPILE?
TrueCrack can work on CPU or GPU modes.
The configure procedure recognizes the Cuda installation and generates the code for GPU mode. Otherwise it enables the CPU mode. If you want the Cuda optimization, you set the GPU variable on true:
./configure
make
sudo make install
CONFIGURE OPTIONS
–enable-debug : enable nVidia CUDA debug mode [default=no]
–enable-cpu : disable cuda nvidia GPU and use CPU [default=no]
–with-cuda=PATH : prefix where cuda is installed [default=auto]
PERFORMANCE
Total execution time for a dictionary attack of 10,000 words with average length of word: 10 characters.
CPU mode

System: Intel Core-i7 920, 2,67GHz – Total time: 11m 01,1s
GPU mode
Board: nVidia GeForce GTX460 – Total time: 0m 30,42s
Board: nVidia GeForce GTX650 – Total time: 0m 15,67s

Download : truecrack_v25.tar.gz (965 KB)
Find Other Version |
Resources : http://code.google.com/p/truecrack/
Our post Before : http://seclist.us/2013/01/truecrack-version-2-0-released-a-brute-force-password-cracker.html

Resolver is a windows based tool which designed to preform a reverse DNS Lookup for a given IP address or for a range of IP’s in order to find its PTR.

This tools for windows only

Change Version 1.0.4 added stop button

Features

• Resolve a single IP address
• Resolve a C class IP range
• Resolve from a list of IP’s
• Export results to a text file
• Copy Results to Clipboard
• DNS Records Brute force

Download : Resolver 1.0.4.zip (292.2 kB)
Find Other version |
resources : http://exploit.co.il

What new :
There is a shiny new data extraction method in the alpha of the new release. It uses WAITFOR-based injection (slow) and DNS tunnels (fast!!). It is still extremely experimental, so don’t expect it to be very stable yet. However, it might be already stable enough to help you in your next penetration test.

Sqlninja is an exploitation tool to be used against web apps based on MS SQL Server that are vulnerable to SQL Injection attacks, in order to get a shell or extract data also in very hostile conditions.

Features

• The full documentation can be found in the tarball and also here, but here’s a list of what the Ninja does:
• Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)
• Bruteforce of ‘sa’ password (in 2 flavors: dictionary-based and incremental)
• Privilege escalation to sysadmin group if ‘sa’ password has been found
• Creation of a custom xp_cmdshell if the original one has been removed
• Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed)
• TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell
• Direct and reverse bindshell, both TCP and UDP
• ICMP-tunneled shell, when no TCP/UDP ports are available for a direct/reverse shell but the DB can ping your box
• DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames (check the documentation for details about how this works)
• Evasion techniques to confuse a few IDS/IPS/WAF
• Integration with Metasploit3, to obtain a graphical access to the remote DB server through a VNC server injection
• Integration with churrasco.exe, to escalate privileges to SYSTEM on w2k3 via token kidnapping
• Support for CVE-2010-0232, to escalate the privileges of sqlservr.exe to SYSTEM

Platforms supported
Sqlninja is written in Perl and should run on any UNIX based platform with a Perl interpreter, as long as all needed modules have been installed. So far it has been successfully tested on:
Linux
FreeBSD
Mac OS X

Download : sqlninja-0.2.999-alpha1.tgz (613.3 kB)
Find Other version |
Resources : http://sqlninja.sourceforge.net
Our post before : http://seclist.us/2012/05/sqlninja-v-0-2-6-bunga-bunga-edition-released.html

New version v1.2.4:
* Tenda KeyGen v2.0
* Keygen Kozumi v2.0
* Keygen v2.0 Edimax
Nisuta v2.0 * Keygen
* Belkin Keygen v2.0
* Added Installer Reaver-MOD.
* Added Multi-Option Attack (Reaver | Reaver-MOD)
* Fixed errors WPSVerificator.
* Fixed screen resolution errors.
* Updated Pines sending to Online Database (WPSDB)
* Added the option to Search Online WPSDB.

A Graphical interface to the network cracking WPS Reaver.

features :

•     Graphic User Interface (GUI) WPS encryption cracking.
•     Advanced Attack with Generic Dictionary.
•     Advanced Dictionary Attack with Enhanced.
•     Updated Assisted Reaver-WPS.
•     Database with PINs.
•     Change MAC Address.
•     Supported in Gt and Gtk.
•     Scan networks.

Download version :
WPSCrackGUI v1.2.4 -BETA- (1.6 MB)
Debian :  wpscrackgui_1.2.4-1_debian_Gambas3.deb (1.2 MB)
opensuse :  wpscrackgui-1.2.4-1_opensuse.rpm (1.2 MB)
MANDRIVA : wpscrackgui-1.2.4_mandriva.rpm (1.2 MB)
Fedora :  wpscrackgui-1.2.4-1_fedora.rpm (1.2 MB)
Find Other Version |
Resources : http://www.arg-wireless.com.ar/
Ourpost Before : http://seclist.us/2013/01/update-wpscrackgui-v-1-2-1.html

TrueCrack Version 2.5 :

• New support for Cuda toolkit 5.0
• New supports for Compute capability version 2.0/2.0/3.5 (GTX 5/6 series)
• Extra optimization for password generation

WHAT TrueCrack IS?

Version 3.0 stable version:
- case sensitive character attack
-”Try “-1025″ words”
- unable to compile on cygwin

TrueCrack is a brute-force password cracker for TrueCrypt (Copyrigth) volume files. It works on Linux and it is optimized with Nvidia Cuda technology.
It works with cripted volumes with the following algorithms:

PBKDF2 (defined in PKCS5 v2.0) based on RIPEMD160 Key derivation function.
XTS block cipher mode of operation used for hard disk encryption based on AES.
TrueCrack can work in two different modes of use:
Dictionary attack: read the passwords from a file of words (one password for line).
Charset attack: generate the passwords from a charset of symbols defined by the user (for example: all possible strings of n characters from the charset “abc” ).
HOW TO RUN?
Dictionary attack from a wordlist file:
./truecrack -t TRUECRYPT_VOLUME -w WORDLIST_FILE
Charset attack from an alphabet (ex. abc) with the maximum length(32) for single word:
./truecrack -t TRUECRYPT_VOLUME -c abcdefghijklmnopqrstuvwxyz -m 5
NOTE: TrueCrack requires a lots of gpu resources. We suggest to disable Xserver, unplug your monitor ( to disable the framebuffer ) and lunch the command in a remote session.

EXECUTION OPTIONS
Note: the blocksize argument is directly proportional to the number of parallel cuda grid blocks and the number of password computed. A value 10 to blocksize parameter means that there are 10 cuda blocks running in parallel; each block checks and verifies one single password. So 10 blocks mean 10 password computed in parallel. This value is set by default to the number of cores of the current nvidia board (the maximum is 65536 for 1.x and 2.x cuda architectures); if the GPU is disable, blocksize is set to 1024 by default.
-h –help Display the usage information.
-t –truecrypt FILE Truecrypt volume file.
-w –wordlist FILE Wordlist mode, read words from FILE.
-m –maxlength INT Charset mode, max length of words generated.
-c –charset STRING Charset mode, create words from charset STRING.
-b –blocksize INT Block size of words parallel computed.
-v –verbose Show cracked passwords.
HOW TO COMPILE?
TrueCrack can work on CPU or GPU modes.
The configure procedure recognizes the Cuda installation and generates the code for GPU mode. Otherwise it enables the CPU mode. If you want the Cuda optimization, you set the GPU variable on true:
./configure
make
sudo make install
CONFIGURE OPTIONS
–enable-debug : enable nVidia CUDA debug mode [default=no]
–enable-cpu : disable cuda nvidia GPU and use CPU [default=no]
–with-cuda=PATH : prefix where cuda is installed [default=auto]
PERFORMANCE
Total execution time for a dictionary attack of 10,000 words with average length of word: 10 characters.
CPU mode

System: Intel Core-i7 920, 2,67GHz – Total time: 11m 01,1s
GPU mode
Board: nVidia GeForce GTX460 – Total time: 0m 30,42s
Board: nVidia GeForce GTX650 – Total time: 0m 15,67s

Download : truecrack_v3.0.tar.gz (1.1 MB)
Find Other Version |
Resources : http://code.google.com/p/truecrack/
Our post Before : http://seclist.us/2013/01/update-truecrack-v-2-5-a-brute-force-password-cracker.html

Version 0.4 features:

• GET, POST, header, cookie methods
• Normal, error based, blind, time based algorithms
• Automatic best algorithm selection
• Multi-thread control (start/pause/resume/stop)
• Progression bars
• Shows URL calls
• Simple evasion
• Proxy setting
• Distant file reading
• Webshell deposit
• Terminal for webshell commands
• Configuration backup
• Update checker
• Admin page checker
• Brute forcer (md5 mysql…)
• Coder (encode decode base64 hex md5…)
• Supports MySQL

jSQL Injection is a lightweight application used to find database information from a distant server.
jSQL is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris).

Next work:
+ distant table writing [sqli]
+ distant file writing [sqli]
+ reverse tcp shell deposit [sqli]
+ right elevation [sqli]
+ speed increase (non encoding pass): 50% faster [sqli]
+ control all running tasks in a tab [gui]
# speed test comparison with other injection tools [dev]
# automatic code testing (JUnit) [dev]
# wiki pages [site]

Download : jsql-injection-v0.4.jar (1.2 MB) 
Find Other Version |
Sources : https://code.google.com/p/jsql-injection/
Our Post before : http://seclist.us/2013/03/update-jsql-injection-v-0-3-a-java-tool-for-automatic-database-injection.html

Changelog v-2.5 : general bug Fix

#########################################

# netool.sh V2.5 # # develop by: r00t-3xp10it #

#########################################

all report files its going to be saved in: # “/home/USERNAME/opensource/logs” Folder # if you wish to improve the diccionary files look at: # “/home/USERNAME/opensource/files

netool.sh is a script in bash to automate frameworks like Nmap,Driftnet,SSLstrip and ettercap MITM attacks
this script makes it easy tasks such as SNIFFING, MITM, SSLsniff, retrieve metadata, and DoS attacks inside the local network can also perform TCP/UDP packets manipulation using etter.filters also as the hability of capture pictures of web-browser surfing on the target machine uneder MITM attack and preforms a vuln scan to target web-site using websecurify addon…

Features

• ping target
• Show Local Connections
• Show my Ip address
• Scan Local network
• Scan remote host
• execute Nmap command
• Open router config
• Ip tracer whois
• WebCrawler
• DDoS java Script
• Retrieve metadata
• Config ettercap
• Launch MITM
• show URLs visited
• Sniff remote pics
• Sniff SSL passwords
• Dns-Spoofing
• DoS attack {local}
• Compile etter.filters
• execute ettercap filter

d. delete lock folders
q. quit

INSTALL ON LINUX
1.extract “opensource.tar.gz” to home folder
2.execute privs:
sudo chmod +x opensource/netool.sh
sudo chmod +x opensource/sslstrip-0.9/sslstrip.py
sudo chmod +x opensource/sslstrip-0.9/setup.py
3.you need to install the follow dependencies:
sudo apt-get install nmap
sudo apt-get install zenmap
sudo apt-get install ettercap
sudo apt-get install ettercap-gtk
sudo apt-get install driftnet
{or execute the script with sudo to auto-install of dependencies}
example: sudo opensource/netool.sh
run netool.sh
sudo opensource/netool.sh

INSTALL ON BACKTRACK
1.extract “opensource.tar.gz” to home folder
2.execute privs:
chmod +x opensource/netool.sh
chmod +x opensource/sslstrip-0.9/sslstrip.py
chmod +x opensource/sslstrip-0.9/setup.py
config netool.sh
edit netool.sh script and look for the rigth path were frameworks
are installed then replace the paths for the rigth ones…
(open terminal and write “locate zenmap” copy path and replace in script)
Path to instalations
(you are going to replace the paths for the rigth ones)
find=”/usr/share/zenmap”
find2=”/usr/share/ettercap”
confE=”/etc/etter.conf”
confD=”/usr/share/ettercap/etter.dns”
confP=”/usr/share/ettercap/etter.services”
confW=”/usr/share/doc/driftnet”
run netool.sh
opensource/netool.sh

Download : opensource.tar.gz (1.8 MB)
Backtrack : opensource (backtrack).tar.gz (1.8MB) 

Find Other Version |
Read more in here :  http://sourceforge.net/p/netoolsh/wiki/netool.sh%20script%20project/
Our post before : http://seclist.us/2013/05/update-script-bash-netool-sh-v-2-4.html

Version 1.2-beta1 (changes from aircrack-ng 1.1) :

• Airmon-ng: Added chipset information for ar9170usb, wl, rt2800usb, ar9271, wl12xx, RT3070STA, ath9k_htc, r871x_usb_drv, ath5k, carl9170 and various Intel drivers.
• Airmon-ng: Fixed chipset information ipw2200.
• Airmon-ng: Fixed output for r8187 driver.
• Airmon-ng: Improved chipset information for a few drivers.
• Airmon-ng: Support for displaying information about ath9k.
• Airmon-ng: Added ‘check kill’ to automatically kill services that could interfere.
• Airmon-ng: Fixed issues with Intel chipsets detection.
• Airmon-ng: Updated iw download link.
• Airmon-ng: Better mac80211 handling
• Airmon-ng: Added detection for WiLink TI driver, rtl819xU, iwlwifi.
• Airmon-zc: Improved version of Airmon-ng with more detailled information.
• Airdecap-ng: Fixed decoding QoS frames (Closes: #667 and #858).
• Airgraph-ng: Use Aircrack-ng Makefile instead of its own.
• Airbase-ng: Fixed bug using clients list.
• Airbase-ng: Fixed issue with QoS (ticket #760).
• Airbase-ng: Fixed sending beacons with null SSID.
• Airbase-ng: Allow non ASCII ESSID
• Airodump-ng: Fixed buffer overflow (ticket #728).
• Airodump-ng: Fixed channel parsing.
• Airodump-ng: Fixed FreeBSD battery reading.
• Airodump-ng: Renamed “Packets” column to “Frames” (“Packets” was not correct).
• Airodump-ng: Fixed XML bugs when outputting NetXML: ESSID containing ‘&’ or chinese characters, when multiple encryption are used.
• Airodump-ng: Add alternative paths for Airodump-ng OUI file.
• Airodump-ng: Added GPSd 2.92+ support (JSON).
• Airodump-ng: Add option –manufacturer to display manufacturer column on airodump-ng.
• Airodump-ng: Add feature to show APs uptime (–uptime) based on the timestamp.
• Airodump-ng-OUI-update: Fixed OUI URL and allow CURL redirect (ticket #829).
• Airdrop-ng: removed .py from file names.
• Airdrop-ng: Fixed bug in installer.
• Airdrop-ng: Fixed OUI lookup.
• Airdrop-ng: Fixed bug when several BSSID have the same ESSID.
• Airdrop-ng: Doesn’t constantly parse anymore, wait 5 seconds each time it parses.
• Airdrop-ng: Fixed crash when failing to get channel or when rules file didn’t exist.
• Airdrop-ng: Fixed to use lorcon.py/lorcon2 libs.
• Airdrop-ng: Updated README.
• Airdrop-ng: Fixed error preventing update to work.
• Versuck-ng: New script to do the same thing as the kismet autowep plugin from the CLI.
• Aircrack-ng: Fixed counter display error when cracking WPA.
• Aircrack-ng: Added output of the WPA handshake to EWSA project file.
• Aircrack-ng: Added output of the WPA handshake to oclhashcat+ project file.
• Aircrack-ng: Added benchmark option, -S.
• Aircrack-ng: Fixed -u option.
• Aircrack-ng: PIC fix for hardened systems from Francisco Blas Izquierdo Riera (klondike)
• Aircrack-ng: Allow dictionaries larger than 2Gb.
• Aircrack-ng: Give a better message when there’s an error with the dictionary.
• Aircrack-ng: Prevent a buffer overflow from happening (Wojciech Waga).
• Aireplay-ng: Added migration mode attack from Leandro Meiners and Diego Sor from Core Security (BlackHat Las Vegas 2010)
• Aireplay-ng, Airodump-ng: Added option to ignore issue with -1 channel.
• Airserv-ng: Fixed crash when clients disconnect.
• Besside-ng-crawler: Added EAPOL Crawler.
• Airdecloak-ng: Fixed bug when using pcap files with PPI headers.
• dcrack: Distributed cracking server/client
• wifi-detect.sh: reference script for testing wifi card detection using iwconfig vs ls /sys/class/net
• WPA Clean: Tool to merge and clean WPA capture files.
• Wireless Panda: C# Library to parse Airodump-ng output files (and added example project).
• OSdep (Linux): Setting fixed bitrates on mac80211 2.6.31 and up.
• OSdep (Linux): Added support for nl80211 thanks to impulse32. Use ‘make libnl=true’ to add netlink support (Ticket #1004).
• Manpages: Improvement and fixes for Airgraph-ng, Airodump-ng, packetforge-ng, Aircrack-ng
• Manpages: Fixed various spelling issues and single quote issues.
• Makefiles: Added tests for the different tools.
• Makefiles: Various fixes and improvements.
• Makefiles: Added support for libgrypt instead of OpenSSL via parameter.
• Patches: Added a few patches.
• Removed useless script: patchchk.
• Finally fixed licensing issues.
• Fixed endianness issues in most of the tools.
• Fixed cppcheck errors (Ticket #957).
• Fixed various compilation issues on Linux and Cygwin, GNU/Hurd, Darwin (OSX) and Sparc.
• Fixed compilation on recent gcc versions on Linux, Cygwin.
• Added instructions for Travis CI: Free Hosted Continuous Integration Platform for the Open Source Community.
• Added Readme.Md for GitHub. Aircrack-ng subversion repository is synced on GitHub: http://github.com/aircrack-ng/aircrack-ng
• Various other small bug fixes.

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.

In fact, Aircrack-ng is a set of tools for auditing wireless networks.

Download : aircrack-ng-1.2-beta1-win.zip (7.90 MB) (windows) Unix : aircrack-ng-1.2-beta1.tar.gz (3.29 MB)
Sources : http://www.aircrack-ng.org/

Change log : Ophcrack 3.6.0 released June 5, 2013 :
Ophcrack 3.6.0 and the corresponding LiveCD including the new probabilistic tables have been released. Ophcrack preloading has been rewritten to fix issues found in the version 3.5.0. Support of the probabilistic tables was improved as well.

Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman’s original trade-off, with better performance. It recovers 99.9% of alphanumeric passwords in seconds

Features

• Cracks LM and NTLM Windows hashes
• Free tables available for Windows XP, Vista and 7
• Brute-force module for simple passwords
• Audit mode and CSV export
• Real-time graphs to analyze the passwords
• LiveCD available to simplify the cracking
• Loads hashes from encrypted SAM recovered from a Windows partition

Download :
Windows Vista : ophcrack-vista-livecd-3.6.0.iso (680.5 MB)
Windows XP : ophcrack-xp-livecd-3.6.0.iso (445.6 MB)
Find Other version |
sources : http://ophcrack.sourceforge.net/

#################### Update 3/6/2013 Version 0.0.3 #####################

#
# ADDED
# Slowloris
# Argus
# Arping
# Ntop
# Tor Browser
# Fragroute
# Snort
# Nikto –
# There is no menu link for replay.pl due to missing
# #!/usr/bin/perl. cd to /nikto-2.1.5 and exec perl replay.pl
# Ophcrack
# callerpy
# Spike
#
# Note:
# Tor Borwser from menu
########################################################################

Penbang is a collection of tools aimed at the openbox environment. It includes Network Exploits, Vulnerability Assessment/Exploits, Network Analysis, Social Engineering tools, I.G.C, dsniff suite, and irpas. As well as a simple way of launching them.

############################## Pack List ###############################

Network Exploits:

• aircrack-ng
• airmon-ng
• airodump-ng
• sslstrip
• sslsniff
• reaver
• ettercap
• subterfuge
• yamas
• SMITM
• Slowloris —–0.0.3 Update

Vulnerability Assessment/Exploits

• Metasploit/Armitage
• sqlninja
• sqlsus
• wfuzz
• hydra
• hydra-gtk
• Ntop —–0.0.3 Update
• Fragroute —–0.0.3 Update
• Snort —–0.0.3 Update

Network Analysis:

• scapy
• kismet
• nmap
• zenmap
• tcpdump
• tshark
• wireshark
• etherape
• Argus —–0.0.3 Update
• Spike —–0.0.3 Update
• Nikto —–0.0.3 Update

Social Engineering:

Maltego
callerpy —–0.0.3 Update

I.G.C: BTW, it stands for Identifiers, Generators, and Crackers

• crunch
• john
• Hash-ID
• findmyhash
• log_ex
• ParseLog
• Arping —–0.0.3 Update
• Ophcrack —–0.0.3 Update

dsniff suite:

• dsniff
• filesnarf
• mailsnarf
• msgsnarf
• urlsnarf
• webspy
• arpspoof
• dnsspoof
• macof
• sshmitm
• webmitm

irpas: #Not all tools from irpas are used

• dfkaa
• protos
• netenum
• tctrace
• itrace
• irdpresponder
• irdp
• ass
• igrp
• file2cable
• cdp

########################################################################

################# Downloading install_tool.sh Manually #################
#
# Change the path after -P in wget to your required path
#
# Example:
# wget -P /home/$(whoami)/penbang/netkit/slowloris/
# TO
# wget -P /tmp
#
########################################################################

############################ HOW TO INSTALL ############################
#
# penbang must be in your /home/$(whomai) dir; where $(whoami) != root
#
# cd /home/USER/penbang
#
# do not run it as root
#
# python install.py
#
########################################################################

############################ HOW TO UPDATE #############################
#
# Assuming a fresh install of penbang 0.0.2
# Download penbang_0.0.3_update.py
# python penbang_0.0.3_update.py -check
# If all is well
# python penbang_0.0.3_update.py -update
#
########################################################################

Dowbload manualy : http://penbang.sysbase.org/install_tools/0.0.3/

Our Post before : http://seclist.us/2013/05/penbang-v-2-0-released-penetration-testing-collection-for-crunchbang.html

Changelog:
———-
version 0.92 (beta):
First release.

JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-audit scenarios.
Java Runtime version 1.7 or higher is required for running JBrute.

Supported algorithms:
MD5
MD4
SHA-256
SHA-512
MD5CRYPT
SHA1
ORACLE-10G
ORACLE-11G
NTLM
LM
MSSQL-2000
MSSQL-2005
MSSQL-2012
MYSQL-322
MYSQL-411
POSTGRESQL
SYSBASE-1502

Features

• Muli-platform support (by Java VM)
• Several hashing algorithms supported
• Flexible chained hashes decryption (like MD5(SHA1(MD5())))
• Both brute force and dictionary decryption methods supported
• Build-In rule pre-processor for dictionary decryption
• Multi-threading support

Installation:
————-

There is no need to install JBrute, just execute “jbrute.bat” if you are using
windows platform, or “jbrute.sh” if you are using *nix platform.

Download : Brute_v0-92.zip (110.5 kB)
Find Other Version |
sources : Jbrute 

sb0x is one box with tools for Penetration testing..

System ruquirment : to run sb0x you need to install Python 2.7.x

Features Tools:

1. WordPress brute force
2. Server Scanner
3. Web admin finder
4. FTP Server brute force
5. Perl bind shell
6. DSL router brute force
7. NETGEAR Router brute force
8. MS12-020 Windows RDP Dos exploit

youtube:  https://www.youtube.com/watch?v=N0rcbYckzS0&list=TLE1tdiLyrxk0

Download : sb0x-project-1.0.5-4-1.tar.gz (47.4 kB) 
Sources : https://github.com/levi0x0/sb0x-project

changelog v0.93:
Date: 11/09/2013
Fixes:
——
_ Error in encrypt main parameter with chained case (wrong encryption in
chained algorithms with non-default case)
_ Default character set changed to “loweralpha”.
_ Now JBrute notifies you if it is using the default character set.
_ Error when format of Oracle10g hash is incorrect.
_ Error if format of PostgreSQL hash is incorrect.
_ Error if format of MSSQL-2000 hash is incorrect.
_ Error if format of MSSQL-2005 hash is incorrect.
_ Error if format of MSSQL-2012 hash is incorrect.
_ Improve performance on MYSQL-411 algorithm (3 times faster than last
implementation).
_ Changed MYSQL-411 hash format: you must not specify the ‘*’ character at
the beginning of the hash.
_ Format of number of hashes per second in test mode changed. If number >
1000000, the last 3 digits will be replaced
with the “K” character. (so: 2500000 would be 2500K).
_ Improve performance for hashed special algorithms (by SpecialAlgorithm
class and MyMEssageDigest class).
_ Correct Sybase name algorithm (before JBrute knows it as SYSBASE-1502,
now is SYBASE-ASE1502).
_ Correct minor bug about case of username (salt) in POSTGRESQL algorithm.
_ Correct error when trying to decrypt a MD5CRYPT hash (both brute and
dictionary methods).
New Functionalities:
——————–
_ New main parameter “–expected”, that shows examples of the formats
expected for each supported algorithm.

JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-audit scenarios.
Java Runtime version 1.7 or higher is required for running JBrute.

Supported algorithms:
MD5
MD4
SHA-256
SHA-512
MD5CRYPT
SHA1
ORACLE-10G
ORACLE-11G
NTLM
LM
MSSQL-2000
MSSQL-2005
MSSQL-2012
MYSQL-322
MYSQL-411
POSTGRESQL
SYSBASE-1502

Features

• Muli-platform support (by Java VM)
• Several hashing algorithms supported
• Flexible chained hashes decryption (like MD5(SHA1(MD5())))
• Both brute force and dictionary decryption methods supported
• Build-In rule pre-processor for dictionary decryption
• Multi-threading support

Installation:
————-

There is no need to install JBrute, just execute “jbrute.bat” if you are using
windows platform, or “jbrute.sh” if you are using *nix platform.

Download : JBrute_v0-93.zip (101.5 kB) 
Find Other Version |
Sources : http://seclists.org/fulldisclosure/2013/Sep/104?utm_source=twitterfeed&utm_medium=twitter
Our Post Before : http://seclist.us/2013/09/jbrute-v-0-92-beta-first-release-open-source-security-tool-to-audit-stored-and-hashed-password.html

Change log:
———–
v0.94:
Date: 19/09/2013
—–
Fixes:
——
_ Performance improved dramatically (around 900%) for dictionary decryption method (all rules). Now I am using StringBuilders instead
Strings in the rule preprocessor (DictionaryRulePreProcessor class).
_ Performance improved for Rule Action “V”.
_ Performance improved for Rule Action “R”.
_ Performance improved for Rule Action “t”.
_ Parameter “–stdout” for dictionary decryption is working now.
_ Wrong reject result with complementary character classes in “%” reject condition.

JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-audit scenarios.
Java Runtime version 1.7 or higher is required for running JBrute.

Supported algorithms:
MD5
MD4
SHA-256
SHA-512
MD5CRYPT
SHA1
ORACLE-10G
ORACLE-11G
NTLM
LM
MSSQL-2000
MSSQL-2005
MSSQL-2012
MYSQL-322
MYSQL-411
POSTGRESQL
SYSBASE-1502

Features

• Muli-platform support (by Java VM)
• Several hashing algorithms supported
• Flexible chained hashes decryption (like MD5(SHA1(MD5())))
• Both brute force and dictionary decryption methods supported
• Build-In rule pre-processor for dictionary decryption
• Multi-threading support

Installation:
————-

There is no need to install JBrute, just execute “jbrute.bat” if you are using
windows platform, or “jbrute.sh” if you are using *nix platform.

Download : JBrute_v0-94.zip (101.4 kB) 
Find Other Version |
Sources : http://seclists.org/fulldisclosure/2013/Sep/104?utm_source=twitterfeed&utm_medium=twitter
Our Post Before :http://seclist.us/2013/09/update-jbrute-v-0-93-open-source-security-tool-to-audit-stored-and-hashed-password.htmll

Change log:  v0.95: Date: 26/09/2013

Fixes:

_ “–test –algorithm=A” working now.

_ Changes in Oracle11g.java class, using constants now (syntax issues).

_ Performance improved for NTLM algorithm (50% faster).

_ Performance improved for MSSQL-2000 algorithm (20% faster).

_ Performance improved for MSSQL-2005 algorithm (15% faster).

_ Performance improved for MSSQL-2012 algorithm (15% faster).

_ Performance improved for SYBASE-ASE1502 algorithm (5% faster).

New Functionalities:

——————–

_ Partial mask support for rule pre-processor. Available masks only on ‘$’ and ‘^’ simple commands:

a-z, A-Z, 0-9, a-z0-9, a-zA-z, A-Z0-9, a-zA-Z0-9

custom masks (ex: [arx], [789])

_ New insert/delete commands supported: ‘[', ']‘ and ‘DN’ (no need to escape from ‘[' or ']‘)

JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-audit scenarios.
Java Runtime version 1.7 or higher is required for running JBrute.

Supported algorithms:
MD5
MD4
SHA-256
SHA-512
MD5CRYPT
SHA1
ORACLE-10G
ORACLE-11G
NTLM
LM
MSSQL-2000
MSSQL-2005
MSSQL-2012
MYSQL-322
MYSQL-411
POSTGRESQL
SYSBASE-1502

Features

• Muli-platform support (by Java VM)
• Several hashing algorithms supported
• Flexible chained hashes decryption (like MD5(SHA1(MD5())))
• Both brute force and dictionary decryption methods supported
• Build-In rule pre-processor for dictionary decryption
• Multi-threading support

Installation:
————-

There is no need to install JBrute, just execute “jbrute.bat” if you are using
windows platform, or “jbrute.sh” if you are using *nix platform.

Download : JBrute_v0-95.zip (105.8 kB) 
Find Other Version |
Sources : http://seclists.org/fulldisclosure/2013/Sep/104?utm_source=twitterfeed&utm_medium=twitter
Our Post Before :http://seclist.us/2013/09/update-jbrute-v-0-94-open-source-security-tool-to-audit-stored-and-hashed-password.html

Change log:  v-0.96:Date: 08/10/2013-

Fixes:

——

- Bug on “–test –threads=X” with any algorithm.

- More syntax details of available parameters in “–help” main parameter.

- Bug on “–hashfile” optional parameter for “–decrypt” main parameter.

- “–hashfile” optional parameter for “–decrypt” main parameter now is called “–hash_file”

  to mantain a standarization on file related parameters.

JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-audit scenarios.
Java Runtime version 1.7 or higher is required for running JBrute.

Supported algorithms:
MD5
MD4
SHA-256
SHA-512
MD5CRYPT
SHA1
ORACLE-10G
ORACLE-11G
NTLM
LM
MSSQL-2000
MSSQL-2005
MSSQL-2012
MYSQL-322
MYSQL-411
POSTGRESQL
SYSBASE-1502

Features

• Muli-platform support (by Java VM)
• Several hashing algorithms supported
• Flexible chained hashes decryption (like MD5(SHA1(MD5())))
• Both brute force and dictionary decryption methods supported
• Build-In rule pre-processor for dictionary decryption
• Multi-threading support

Installation:
————-

There is no need to install JBrute, just execute “jbrute.bat” if you are using
windows platform, or “jbrute.sh” if you are using *nix platform.

Download : JBrute_v0-96.zip (108.6 kB) 
Find Other Version |
Sources : http://seclists.org/fulldisclosure/2013/Sep/104?utm_source=twitterfeed&utm_medium=twitter
Our Post Before :http://seclist.us/2013/09/update-jbrute-v-0-95-open-source-security-tool-to-audit-stored-and-hashed-password.html

changelog : Version 1.3 (Beta) Fixes:

• Could not get Database() error
• Dumping data (Couldn’t get data)
• Parsing error.
• File not found error (when load_file)
• Load_File output (made it selectable)
• Load_File output Formatting (rebuilt html into code, to display properly)
• Dumping Data (All In One)
• SQL TOOL Javascript Injection (Gave you url even when site was not vuln)

Additions:

• Multi Threading
• MySQL Explorer
• GeoIP (Country Flags)
• Check Load_File()
• FPD check

Features

• Bypass Mod_Security
• Bypass Illegal Union
• Bypass WebKnight WAF
• No Union
• Blind SQL
• SQL Explorer
• All In One Request (Tables/Columns/Data)

Download : SQL Tool v1.3 Beta.rar (1.1 MB)
Find Other version |
Sources : SQL TOOL  Our post before