Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests. This framework is written by Nikhil Mittal who is also author...
Showing posts with label hacking tools. Show all posts
Showing posts with label hacking tools. Show all posts
undefined
undefined
The Browser Exploitation Framework (BeEF) is a penetration testing tool written in Ruby and designed to both showcase browser weaknesses as well as perform attacks both on and through the web browser. BeEF consists of a server application that manages the connected clients, known as “zombies”, and JavaScript “hooks” which...
undefined
undefined
In this brief post, we are listing a few popular and interesting Firefox add-ons that are useful for penetration testers. These add-ons vary from information gathering tools to attacking tools. If you are using BACKTRACK than use OWASP Mantra which has lots of useful Add-ons.(1)FirebugFirebug is a nice add-on that integrates...
undefined
undefined
Backtrack has lots of tools for web-application testing. Directory traversal is one of the critical vulnerability in web-application. Previously i post about what is directory traversal & how to bypass its filter , but that process is manual, it can consume lots of time.But in bactrack automatic tools are available...
undefined
undefined
Cisco Global Exploiter (CGE), is an advanced, simple and fast security testing tool/ exploit engine, that is able to exploit 14 vulnerabilities in disparate Cisco switches and routers. CGE is command-line driven perl script which has a simple and easy to use front-end.Vulnerabilities...
undefined
undefined
Wpscan is wordpress security scanner, which is pre-installed in backtrack 5 , but it`s outdated version, so when you tried to update it, you may have face some problems. Here is solution which work for me.cd /pentest/webrm -rf wpscangit clone https://github.com/wpscanteam/wpscan.gitcd wpscangem install bundler &&...
undefined
undefined
Lens is an open-source ethical hacking tool specialized to penetration testing of ASP.NET web applications. Lens is written in WPF 4 and its internal modular architecture allows us to easily add new tests to the system.You can Download source code from following website.http://ethicalhackingaspnet.codeplex.com/releases/view/52623Currently...
undefined
undefined
Usually we use NMAP as a port scanner to find open port of web-server, But with help of this Tool we can also gather Information about victim using NMAP script. In this tutorial we use NMAP to gather information.(1) Use NMAP to determine I.P. Address of victim:- NMAP include two scripts in his database. nmap --script...
undefined
undefined
Windows Credentials Editor (WCE) is a security tool that allows to list Windows logon sessions and add, change, list and delete associated credentials (e.g.: LM/NT hashes, Kerberos tickets and cleartext passwords).The tool allows users to:Perform Pass-the-Hash on Windows'Steal' NTLM credentials from memory (with and without code...
undefined
undefined
PenTBox is a Security Suite that packs security and stability testing oriented tools for networks and systems.Programmed in Ruby and oriented to GNU/Linux systems, but compatible with Windows, MacOS and every systems where Ruby works.Main Features:-- Cryptography toolsBase64 Encoder & DecoderMulti-Digest (MD5, SHA1,...
undefined
undefined
!-- @page { margin: 0.79in } P { margin-bottom: 0.08in } A:link { so-language: zxx } Recon-ng is a true framework whose interface is modeled after the very popular and powerful Metasploit Framework. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command...
undefined
undefined
What is BRUTE-FORCE attack ?A password attack that does not attempt to decrypt any information, but continue to try different passwords. For example, a brute-force attack may have a dictionary of all words or a listing of commonly used passwords. To gain access to an account using a brute-force attack, a program tries...
undefined
undefined
w3af is a complete environment for auditing and attacking web applications. This environment provides a solid platform for web vulnerability assessments and penetration tests.Download:-The framework can be downloaded from the project main page:http://www.w3af.com/#downloadInstallation:-Some of the requirements are bundled...
undefined
undefined
Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular websites by impersonating those sites and convincing the user that the site is genuine.The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability...
undefined
undefined
Social Engineering Tool kit is cool tool which came with BACKTRACK, this increase power of metasploit. If you are on any linux system other than BACKTRACK , then you can install it .Updated:This article was written when S.E.T. use SVN. Now it`s move to github. So please click here to new installation method. Extra package...
undefined
undefined
As we know in past , famous Hacktivist group Anonymous carried out series Of DDOS attack in number of websites like paypal ,master-card ,visa. At that time they used tool LOIC for down the website.Although they got success in their project ,but due to LOIC some of hackers arrested later. So they decide to build new weapon...
undefined
undefined
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration...
undefined
undefined
(1)Open a browser and go to this URL: ‘http://ha.ckers.org/slowloris‘ (here you can know more about what is SLOWLORIS, & what it can do)(2)Scroll down to the bottom of the page and right click, the slowloris link ‘save link as’ and save the file to your desktop.(3)Open a terminal and type this command: cd Desktop and...
undefined
undefined
Hey here is new tools which I found is WEBSPLOIT. First download WEBSPLOIT from here.Now install it. (it`s old article; view updated part at bottom to download latest version)Installation process are as follow.(1)First download WebSploit toolkit (2)Now unzip the file folder (3)Now change the permission of WebSploit...
