Showing posts with label Penetration Testing Tools. Show all posts
Showing posts with label Penetration Testing Tools. Show all posts

Tuesday, November 27, 2012

jSQL Injection - Java based automated SQL injection tool

jSQLi is java based free SQL Injection Tool.  It is very easy for user to retrieve database information from a vulnerable web server.

SQL Injection features:
  • GET, POST, header, cookie methods
  • normal, error based, blind, time based algorithms
  • automatic best algorithms detection
  • data retrieving progression
  • proxy setting
  • evasion
  • for now supports MySQL
Download it from here:
Continue   Reading>>

Tuesday, August 7, 2012

chapcrack: A tool for cracking MS-CHAPv2 network handshakes

Chapcrack is a tool for parsing and decrypting MS-CHAPv2 network handshakes. In order to use it, a packet with an MS-CHAPv2 network handshake must be obtained. The tool is used to parse relevant credentials from the handshake. In other words, Chapcrack parses the credential information out of MS-CHAPv2 handshakes, sends to Cloudcracker which in turn will return a packet that can be decrypted by Chapcrack to recover the password.

The resulting file (“token”) is then submitted to CloudCracker, an online password cracking service for penetration testers and network auditors, which returns the cracked MD4 hash in under a day. For each handshake, it outputs the username, known plaintext, two known ciphertexts, and will crack the third DES key. Whats interesting to know is that Cloudcracker forwards your handshake information to a Pico Computing’s DES cracking box, which is powered by a FPGA box that implemented DES as a real pipeline, with one DES operation for each clock cycle. With 40 cores at 450mhz, that’s 18 billion keys/second!

The hash is inserted into chapcrack, and the entire network capture is decrypted. Alternatively, it can be used to login to the user’s VPN service or WPA2 Enterprise radius server. All of this is possible only because of the weak protocol architecture that allows MD4 hash of the user’s password to be authenticated as them, as well as to decrypt any of their traffic.

How to use chapcrack?

  • Obtain a packet capture with an MS-CHAPv2 network handshake in it (PPTP VPN or WPA2 Enterprise handshake, for instance).
  • Use chapcrack to parse relevant credentials from the handshake (chapcrack parse -i path/to/capture.cap).
  • Submit the CloudCracker token to
  • Get your results, and decrypt the packet capture (chapcrack decrypt -i path/to/capture.cap -o output.cap -n )


Continue   Reading>>

Sunday, May 6, 2012

List of Best Ethical Hacking / Penetration Testing Tools

Here is list of useful and Best Software tools that helpful in Ethical Hacking and Penetration Testing, Forensics ...

MetaSploit :

Metsploit is a very Powerful PenTesting Tool . Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. The Metasploit Project is also well known for anti-forensic and evasion tools, some of which are built into the Metasploit Framework. Very useful tool for Information Gathering, Vulnerability Scanning, Exploit Development, Client side exploits,...
Official site:

WireShark is a free and best Network Packet Analyzer tool for UNIX and Windows.  It is used for networking troubleshooting, Malware analysis and education.


Nmap("Network Mapper") Free Security Scanner For Network Exploration & Hacking.It is used to scan a network and gathers information about the target network including open ports,Services running in the host, OS information,packet filters/firewalls details, and  more.

Official site:

John The Ripper:
JTR is free and  fast password cracker.  Its primary purpose is to detect weak Unix password.
Official site:

Acunetix Web Security Scanner
Audit your website security and web applications for SQL injection, Cross site scripting and other web vulnerabilities with Acunetix Web Security Scanner.
This tools is not free one ;(
Official Site:


Maltego is an open source intelligence and forensics application. It will offer you timous mining and gathering of information as well as the representation of this information in a easy to understand format.
Official site:

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners.

Official site:

HconSTF is very useful PenTesting tool. It is used for Information gathering,Enumeration & Reconnaissance,Vulnerability assessment, Exploitation,Privilege escalation,Reporting.

Official site:

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.
Official site:

If you think i left some tools, you can help me to add it.

Continue   Reading>>

Saturday, May 5, 2012

Download Hash Code Verifier v1.0 : A tool to verify the File Integrity

Hello BTS Readers,
we are happy to announce that we have released our second security tool 'Hash Code Verifier'.  Hash Code Verifier is a Cross-platform application to verify the Integrity of your download files. Hash Code verifier can be very useful if you want to check if a downloaded file is original and not corrupted or modified by hackers.

In order prevent users from such problem, websites often publish MD5 or SHA hash of the file so that users can ensue that a file has not been modified by checking the file's hash value . Hash Code verifier can generate hash for a file and allow user to check with the provided hash value.

  • Verify the Hash of a file
  • Calculate hash for multiple files
  • Compare Two files
  • Simply Drag and drop files from computer into the application for generating hash.
  • Supports MD5,SHA1,SHA256,SHA512 and CRC32 hash codes.
  • Save the generated hash list in a text/HTML format
  • Automatically generate hash when you browse or drop the files.
  • Yes, it is Cross-platform(You can use this application in any Operating system)

System Requirements:
Operating System: All OS(windows xp,7, Linux,Mac,....)
Java Runtime Environment: JRE 1.6 or higher version is required.(you can get it from



Continue   Reading>>

Tuesday, October 11, 2011

Automated Blind SQL Injection Attacking Tools~bsqlbf Brute forcer

What is Blind SQL Injection:
Some Websites are vulnerable to SQL Injection but the results of injection are not visible to the attacker.  In this situation, Blind SQL Injection is used. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This type of attack can become time-intensive because a new statement must be crafted for each bit recovered.

There are plenty of automated Blind Sql Injection tool available. Here i am introducing one of Tool named as bsqlbf(expanded as Blind Sql Injection Brute Forcer).

This tool is written in Perl and allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections
Supported Database:
  • MS-SQL
  • MySQL
  • PostgreSQL
  • Oracle

The tool supports 8 attack modes(-type switch):-
Type 0: Blind SQL Injection based on true and false conditions returned by back-end server

Type 1: Blind SQL Injection based on true and error(e.g syntax error) returned by back-end server.

Type 2: Blind SQL Injection in "order by" and "group by".

Type 3: extracting data with SYS privileges (ORACLE dbms_export_extension exploit)

Type 4: is O.S code execution (ORACLE dbms_export_extension exploit)

Type 5: is reading files (ORACLE dbms_export_extension exploit, based on java)

Type 6: is O.S code execution DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC exploit

Type 7: is O.S code execution SYS.KUPP$PROC.CREATE_MASTER_PROCESS(), DBA Privs

-cmd=revshell Type 7 supports meterpreter payload execution, run generator.exe first

Type 8: is O.S code execution DBMS_JAVA_TEST.FUNCALL, with JAVA IO Permissions

-cmd=revshell Type 8 supports meterpreter payload execution, run generator.exe first

For Type 4(O.S code execution) the following methods are supported:

-stype: How you want to execute command:

SType 0 (default) is based on java..will NOT work against XE.

SType 1 is against oracle 9 with plsql_native_make_utility.

SType 2 is against oracle 10 with dbms_scheduler.

This Article is for Education purpose only.  The above mentioned software is developed for Penetration testers to test their own Web application Vulnerability. 
Continue   Reading>>

Sunday, October 9, 2011

Learn Web Application Exploits and Defenses for free~Penetration Testing

Are you willing to Learn Web Application Exploitation and Defense against that? Here is the chance for you.   Google Labs provides a Lab to learn Web Application for free of cost.

Penetration Testing :
  • Learn how hackers find security vulnerabilities!
  • Learn how hackers exploit web applications!
  • Learn how to stop them! 
This code lab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you'll learn the following:
  • How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
  • How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.
To get the most out of this lab, you should have some familiarity with how a web application works (e.g., general knowledge of HTML, templates, cookies, AJAX, etc.).

This codelab is built around Gruyere /ɡruːˈjɛər/ - a small, cheesy web application that allows its users to publish snippets of text and store assorted files. "Unfortunately," Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is to guide you through discovering some of these bugs and learning ways to fix them both in Gruyere and in general.

The codelab is organized by types of vulnerabilities. In each section, you'll find a brief description of a vulnerability and a task to find an instance of that vulnerability in Gruyere. Your job is to play the role of a malicious hacker and find and exploit the security bugs. In this codelab, you'll use both black-box hacking and white-box hacking. In black box hacking, you try to find security bugs by experimenting with the application and manipulating input fields and URL parameters, trying to cause application errors, and looking at the HTTP requests and responses to guess server behavior. You do not have access to the source code, although understanding how to view source and being able to view http headers (as you can in Chrome or LiveHTTPHeaders for Firefox) is valuable. Using a web proxy like Burp or WebScarab may be helpful in creating or modifying requests. In white-box hacking, you have access to the source code and can use automated or manual analysis to identify bugs. You can treat Gruyere as if it's open source: you can read through the source code to try to find bugs. Gruyere is written in Python, so some familiarity with Python can be helpful. However, the security vulnerabilities covered are not Python-specific and you can do most of the lab without even looking at the code. You can run a local instance of Gruyere to assist in your hacking: for example, you can create an administrator account on your local instance to learn how administrative features work and then apply that knowledge to the instance you want to hack. Security researchers use both hacking techniques, often in combination, in real life.

They'll tag each challenge to indicate which techniques are required to solve them: 

Challenges that can be solved just by using black box techniques.

Challenges that require that you look at the Gruyere source code.

Challenges that require some specific knowledge of Gruyere that will be given in the first hint.

Accessing or attacking a computer system without authorization is illegal in many jurisdictions. While doing this codelab, you are specifically granted authorization to attack the Gruyere application as directed. You may not attack Gruyere in ways other than described in this codelab, nor may you attack App Engine directly or any other Google service. You should use what you learn from the codelab to make your own applications more secure. You should not use it to attack any applications other than your own, and only do that with permission from the appropriate authorities (e.g., your company's security team). 

Continue   Reading>>

Thursday, October 6, 2011

Hash Code Cracker v1.2 Video Tutorials

Running Application:

In Linux:
Terminal: The same procedure is followed for Linux version.  Just open the Terminal instead command Prompt.

Using Application for Cracking password:
How to Crack the Password using Online Cracker Hash Code Cracker v1.2?

Continue   Reading>>

How to Crack the Password using Online Cracker Hash Code Cracker v1.2?

Continue   Reading>>

How to Run Hash Code Cracker Jar using Command Prompt~Password Cracking

Continue   Reading>>

How to start Hash Code Cracker Jar with double Click~Password Cracking

Continue   Reading>>

Wednesday, September 14, 2011

Pangolin a SQL Injection Testing Tool ~PenTesting Tools

Pangolin is a penetration testing, SQL Injection test tool on database security. It finds SQL Injection vulnerabitlities.Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user"s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.

Database support:
Access,DB2,Informix,Microsoft SQL Server 2000,Microsoft SQL Server 2005,Microsoft SQL Server 2008,MySQL,Oracle,PostgreSQL,Sqlite3,Sybase.

Here is parts of features:
HTTPS support
Specify any HTTP headers(User-agent, Cookie, Referer and so on)
Bypass firewall setting
Auto-analyzing keyword
Detailed check options
Injection-points management
Injection Digger
Data dumper

Download From Here:
Continue   Reading>>

How to Install BlackBuntu inside VirtualBox ~ PenTesting Tutorials

This tutorial will guide you to install the  BlackBuntu(Penetration testing Distribution) inside the Virtual Box

First of all download and install the virtual box.

After installation, you can start VirtualBox as follows:

On a Windows host, in the standard "Programs" menu, click on the item in the "VirtualBox" group. On Vista or Windows 7, you can also type "VirtualBox" in the search box of the "Start" menu.

Continue   Reading>>

Tuesday, September 13, 2011

pytbull – Intrusion Detection/Prevention System (IDS/IPS) Testing Framework

What is pytbull?
Pytbull is a python based flexible IDS/IPS testing framework shipped with more than 300 tests, grouped in 9 modules, covering a large scope of attacks (clientSideAttacks, testRules, badTraffic, fragmentedPackets, multipleFailedLogins, evasionTechniques, shellCodes, denialOfService, pcapReplay)

Pytbull is shipped with about 300 tests grouped in 9 testing modules:
  1. clientSideAttacks: this module uses a reverse shell to provide the server with instructions to download remote malicious files. This module tests the ability of the IDS/IPS to protect against client-side attacks.
  2. testRules: basic rules testing. These attacks are supposed to be detected by the rules sets shipped with the IDS/IPS.
  3. badTraffic: Non RFC compliant packets are sent to the server to test how packets are processed.
  4. fragmentedPackets: various fragmented payloads are sent to server to test its ability to recompose them and detect the attacks.
  5. multipleFailedLogins: tests the ability of the server to track multiple failed logins (e.g. FTP). Makes use of custom rules on Snort and Suricata.
  6. evasionTechniques: various evasion techniques are used to check if the IDS/IPS can detect them.
  7. shellCodes: send various shellcodes to the server on port 21/tcp to test the ability of the server to detect/reject shellcodes.
  8. denialOfService: tests the ability of the IDS/IPS to protect against DoS attempts
  9. pcapReplay: enables to replay pcap files

Pytbull easily adapts to your environment, whatever your IDS/IPS (Snort, Suricata, ...) and your architecture (standalone mode, gateway mode).
There are basically 2 types of architectures:
  • Standalone mode: This is the default mode. It enables to test an IDS that is connected to the switch just as a standard computer on the network (only one network interface used).
  • Gateway mode: This mode is commonly used for IPS and has to be used in case two network interfaces are used on the IDS.
Depending on the mode you choose, tests are processed differently (e.g. use of a reverse shell in standalone mode to simulate a client that downloads malicious files)

There are basically 6 types of tests:

  1. socket: open a socket on a given port and send the payloads to the remote target on that port.
  2. command: send command to the remote target with the python function.
  3. scapy: send special crafted payloads based on the Scapy syntax
  4. multiple failed logins: open a socket on port 21/tcp (FTP) and attempt to login 5 times with bad credentials.
  5. client side attacks: use a reverse shell on the remote target and send commands to it to make them processed by the server (typically wget commands).
  6. pcap replay: enables to replay traffic based on pcap files. 
    Continue   Reading>>

    Tuesday, August 30, 2011

    Xcode SQL Injection / LFI / XSS & Webshell Vulnerability Scanner

    XCODE Exploit: Vulnerable and Webshell Scanner.Once downloaded, extract all the files and run XCodeXploitScanner.exe, Dork Click It and a tool will collect links from Dork you enter and displays the list is. after displaying List, you will be able to conduct SQL injection vulnerability scanning / Local File Inclusion / Cross Site Scripting on the web that is in the list.

    This tool will send the injection parameters to the web as' - * /../../../../../../../../../../../../. . / .. / etc / passwd% 00 "> alert (" XXS Xcode Exploit Scanner Detected ").

    If the Web has a bug then the status will appear:

    SQLi Vulnerablitiy:
    LFI Vulnerablity: . / .. / etc / passwd% 00
    XSS Vulnerablity: "> alert (" XXS Xcode Exploit Scanner Detected ")

    At the status list is detected, you can click Open Vuln links with a web browser to display on your browser

    This tool also adds webshell hunter, where you can search the web shell C99, R57, C100, ITsecteam_shell, b374k, which had been uploaded by the hackers.

    Continue   Reading>>

    xdos.c: A Simple HTTP DoS Tool! ~ C programming Code

    A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.

    Continue   Reading>>

    Sunday, August 28, 2011

    INSECT Pro 2.7 ~ Penetration security auditing and testing Tool

    INSECT Pro 2.7 - This penetration security auditing and testing software solution is designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities and implement active security policies by performing penetration tests across their infrastructure and applications.

    INSECT can help to build a strong security posture that is easy to use so both professional penetration testers and less experienced security pros will have all the tools they need to reduce costs, proactively find vulnerabilities, assess risk, and check the effectiveness of security defenses.

     This is a partial list of the major changes implented in version 2.7
    • Available targets now has a submenu under right-click button
    • Check update function added in order to verify current version
    • Project saved on userland - Application Data special folder
    • 50 Remote exploits added
    • AgentConnect now use telnetlib
    Supported Platforms and Installations
    – Windows XP, 2003, Vista, 2008 Server, and Windows 7 (requires Python and .NET)

    Download From Here

    Video Demo Here:
    Continue   Reading>>

    ERPScan WEBXML Checker- Security Testing for SAP J2EE applications

    ERPScan WEBXML checker is a freeware tool that is intended for checking security configuration of SAP J2EE applications by scanning a WEB.XML file . It is intended to checking WEB.XML files for different vulnerabilities and missconfigurations like Verb Tampering, Invoker servlet bypass and other missconfigurations. Detailed information about that vulnerabilities can be found in whitepaper “Architecture and program vulnerabilities in SAP’s J2EE engine” presented at BlackHat conference.

    Continue   Reading>>

    Snort v 2.9.1~Network intrusion prevention and detection system (IDS/IPS)

    Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS. 

    It is  capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

    Download it From Here:
    Continue   Reading>>

    Friday, August 19, 2011

    TheHarvester v2.1 Blackhat Edition Upgraded

    TheHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).
    This tools is intended to help Penetration testers in the early stages of the project It’s a really simple tool, but very effective.

    This is the official change log for theHarvester:

    • DNS Bruteforcer
    • DNS Reverse lookups
    • DNS TDL Expansion
    • SHODAN DB integration
    • HTML report
    • DNS server selection
    Download it From Here:
    Continue   Reading>>

    Tuesday, August 16, 2011

    Matriux Krypton |Pen Testing Tool

    The Matriux is a phenomenon that was waiting to happen. It is a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used normally as your default desktop system.

    Continue   Reading>>
    Older Post Home

    © Break The Security. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com