WSORROW TOOL

web-sorrow is a PERL based tool used for checking a Web server for misconfiguration, version detection, enumeration, and server information. It is NOT a vulnerability scanner, inspection proxy, DDoS tool or an exploitation framework.

Current Functionality:

-S – stands for standard. a set of Standard tests and includes: indexing of directories testing,
banner grabbing, language detection (should be obvious), robots.txt, and 200 response testing (some servers send a 200 ok for every req)


-Eb – stands for error bagging. The default config for servers is to put the server daemon and version and sometimes even the OS inside of error pages. web-sorrow reqs a URl of 20 random bytes with get and post methods.

-auth – looks for login pages with a list of some of the most common login files and dirs. We don’t need to be very big list of URLs because what else are going to name it?


-cmsPlugins – run a huge list of plugins dirs for cms servers. the list is a bit old (2010)


-I – searches the responses for interesting strings

-Ws – looks for web services such as hosting provider, blogging services, favicon fingerprinting, and cms version info

-Fd – look for generally things people don’t want you to see. The list is generated form a TON of robot.txt so whatever it finds should be interesting
-proxy – send all http reqs via a proxy. example: 255.255.255.254:8080-e – run all the scans in the scannerweb-sorrow also has false positives checking on most of it’s requests (it pretty accurate but not perfect).

VIDEO TUTORIAL:
http://www.youtube.com/watch?v=GoSzXtKGU9o

DOWNLOAD LINK:       LINK 1

Sqlmap: Automatic SQL injection attack tool

 sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Features :


* Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2,  SQLite, Firebird, Sybase and SAP MaxDB database management systems.
* Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band.
* Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
* Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
* Automatic recognition of password hash formats and support for cracking them using a dictionary-based  attack.
* Support to dump database tables entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.
* Support to search for specific database names, specific tables across all databases or specific columns across all databases' tables.

* This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.
* Support to download and upload any file from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
* Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.
* Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying operating system.

* This channel can be an interactive command prompt, a  Meterpreter session or a graphical user interface (VNC) session as per user's choice.
*Support for database process' user privilege escalation via Metasploit's Meterpreter getsystem command.

Video Demo:

  Download SQLMap :        LINK 1

Termineter : smart meter testing framework

Termineter is a framework written in python to provide a platform for the security testing of smart meters. It implements the C12.18 and C12.19 protocols for communication. Currently supported are Meters using C12.19 with 7-bit character sets. Termineter communicates with Smart Meters via a connection using an ANSI type-2 optical probe with a serial interface.

Basic Steps
Below is a summary of the basic steps to get started with Termineter after the environment has been configured.


* Connect the optical probe to the smart meter and start termineter
* Configure the connection options. On Windows, this would be something like COM1 and on Linux  something like /dev/ttyS0. Check Configuring the Connection for more details.

* Use the connect command, this will also check that the meter is responding.

Will Termineter integrate with Metasploit?
No, Termineter will not integrate with Metasploit. Because of the highly specialized nature of the application there is no need to integrate with Metasploit at this time.

Will Termineter work with Non-ANSI Meters?
No, Termineter will only support meters that conform to the ANSI standards, specifically ones that support C12.18 and C12.19.

Can Termineter read how much power is being used?
Technically, yes if the tables can be accessed. The information would however be raw and unparsed. Because Termineter was designed with a focus on the need for a security orientated tool, most consumer-related features have not been fully developed. This may change at a later point in time as development continues.


Download Termineter  :      LINK 1

WAppEx : Web Application Exploiter

WAppEx is an integrated platform for performing penetration testing and exploiting of web applications on Windows or Linux. It can automatically check for all type of security vulnerabilities in the given target and then let you to run various payloads to exploit and take advantages of the vulnerability.
WAppEx is a multi platform application and it is executable in Linux and Windows.

WAppEx's database which includes hundreds of exploits provides an automated, comprehensive and reliable exploit for penetration testers and security professionals worldwide.
Regular database update is available. Top priorities are high-risk and zero-day vulnerabilities.

Payloads for using in exploits are reliable payloads which contains connect-back, listener shell, arbitrary code execution, arbitrary file upload,...


WAppEx's script based engin let experienced users write their own scripts and payloads to test and exploit any vulnerability in web applications.

Software and vulnerability updates are available at any time and a daily support is available via phone or email.

WAppEx can exploit the following web application vulnerabilities:

SQL Injection:
The most dangerous vulnerability in web applications. WAppEx uses Havij - Advanced SQL Injection Tool engine to find and exploit this vulnerability.

Remote File Inclusion:
It allows an attacker to include a remote file. WAppEx can check for this vulnerability and run various payloads to execute commands on web server.

Local File Inclusion:
It allows an attacker to include a local file. Just like RFI WAppEx tests and exploits this vulnerability.

OS Commanding:
It let the attacker to execute OS commands on server. WAppEx tests and exploits this vulnerability to execute custom commands to get a reverse shell.

Script injection:
It can be used by an attacker to introduce (or "inject") script into a web application. WAppEx automatically tests and exploit this vulnerability to escalate access to web server and get a reverse shell.

Local File Disclosure:
as the name says it disclosure content of local files on the web server. WAppEx can exploit this vulnerability to read sensitive files on the server.


WAppEx contains the following tools to help you in penetration testing and exploiting web apps.

* Online Hash Cracker: A tool for cracking hashes using the reverse lookup in online sites.
* Encoder/Decoder: An encoder/decoder with a complete encryption algorithms.
* Find Login Page: It looks for login pages on a target.
* Browser: A small browser you can use to view source code and HTTP headers.

WAppEx is so easy to use and also so flexible. It doesn't matter you're a beginner or a professional, using WAppEx makes your works easier, faster and more effective.


Download  :            LINK 1

Burp Suite, a tool for performing security testing of web applications

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Burp Suite contains the following key components:


* An intercepting proxy, which lets you inspect and modify traffic between your browser and the target        application.

* An application-aware spider, for crawling content and functionality.
* An advanced web application scanner, for automating the detection of numerous types of vulnerability.
* An intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.
* A repeater tool, for manipulating and resending individual requests.
* A sequencer tool, for testing the randomness of session tokens.
* The ability to save your work and resume working later.
* Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized  tasks within Burp.


Burp is easy to use and intuitive, allowing new users to begin working right away. Burp is also highly configurable, and contains numerous powerful features to assist the most experienced testers with their work.


Download Burp Suite  :         LINK 1

Websploit Framework Version 2.0.1 Released

WebSploit Is an Open Source Project for Scan and Analysis Remote System from Vulnerability.
WebSploit Is An Open Source Project For :
[>]Social Engineering Works
[>]Scan,Crawler & Analysis Web
[>]Automatic Exploiter
[>]Support Network Attacks
---->
[*]Autopwn - Used From Metasploit For Scan and Exploit Target Service
[*]wmap - Scan,Crawler Target Used From Metasploit wmap plugin
[*]format infector - inject reverse & bind payload into file format
[*]phpmyadmin Scanner
[*]LFI Bypasser
[*]Apache Users Scanner
[*]Dir Bruter
[*]admin finder
[*]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[*]MITM - Man In The Middle Attack
[*]Java Applet Attack
[*]MFOD Attack Vector
[*]USB Infection Attack
[*]ARP Dos Attack
[*]Web Killer Attack
[*]Fake Update Attack
[*]Fake Access point Attack


Download WebSploit Framework  :         LINK 1



Note: websploit toolkit project closed and new project started called Websploit Framework

NOWASP (Mutillidae): application for testing your Web PenTesting and Hacking skills

NOWASP (Mutillidae) is a free, open source web application provided to allow security enthusiest to pen-test a web application.

NOWASP (Mutillidae) can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to administrate a webserver.

It is already installed on Samurai WTF and Rapid7 Metasploitable-2. The existing version can be updated on either. Containing dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment deliberately designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, in corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software.

Instructional videos using NOWASP (Mutillidae) are available on the "webpwnized" YouTube account at https://www.youtube.com/user/webpwnized. Updates on the project and video posts are tweeted to @webpwnized

Download NOWASP :       LINK 1

Download Backtrack 5 R3 , a Penetration testing linux

BackTrack 5 R3 has been released. R3 focuses on bug-fixes as well as the addition of over 60 new tools – several of which were released in BlackHat and Defcon 2012. A whole new tool category was populated – “Physical Exploitation”, which now includes tools such as the Arduino IDE and libraries, as well as the Kautilya Teensy payload collection.


For the insanely impatient, you can download the BackTrack 5 R3 release via torrent right now. Direct ISO downloads will be available once all our HTTP mirrors have synched, which should take a couple more hours. Once this happens, we will update our BackTrack Download page with all links.
BT5R3-GNOME-64.torrent (md5: 8cd98b693ce542b671edecaed48ab06d)
BT5R3-GNOME-32.torrent (md5: aafff8ff5b71fdb6fccdded49a6541a0)
BT5R3-KDE-64.torrent (md5: 981b897b7fdf34fb1431ba84fe93249f)
BT5R3-KDE-32.torrent (md5: d324687fb891e695089745d461268576)
BT5R3-GNOME-32-VM.torrent (md5: bca6d3862c661b615a374d7ef61252c5)

jSQL Injection, a Java GUI for database injection

An easy to use SQL injection tool for retrieving database informations from a distant server.

jSQL Injection features:

* GET, POST, header, cookie methods
* visual, errorbase, blind algorithms
* automatic best algorithms detection
* data retrieving progression
* proxy setting


For now supports MySQL.

Running injection requires the distant server url and the name of parameter to inject.


Download jSQLi  :            LINK 1

Burp Suite Free Edition v1.5 released

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Burp Suite contains the following key components:

An intercepting Proxy, which lets you inspect and modify traffic between your browser and the target application.
An application-aware Spider, for crawling content and functionality.
An advanced web application Scanner, for automating the detection of numerous types of vulnerability.
An Intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.
A Repeater tool, for manipulating and resending individual requests.
A Sequencer tool, for testing the randomness of session tokens.
The ability to save your work and resume working later.
Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.


This is a significant upgrade with a wealth of new features added since
v1.4, most notably:


Completely new user interface with numerous usability enhancements.
Several new Proxy listener options, to deal with unusual situations.
New payload types in Burp Intruder.
JSON support.
Support for streaming HTTP responses.
Support for Android SSL connections (device and emulator).
Numerous new session handling options.
Full contextual documentation within the software itself.



Download Burp Suite Free Edition v1.5:        LINK 1