Search This Blog

Showing posts with label PenTesting Tools. Show all posts

Ubnhd2 PenTesting OS : Change your Android mobile as Hacking Device

Ubnhd2 is a security and pentest focused ubuntu/debian system that runs natively on the HTC HD2 phone. To boot this you need the Magldr on your phone and the first FAT partition should be named "SD". The Ubnhd2 is in beta version.

The Ubnhd2 is in beta .  For now, these options work:
- Booting via Magldr
- Landscape Display orientation
- usb host
- Haret booting
- Touchscreen
- Wifi with encryption
- 3G network connection, sim-pin needs to be disabled !
- Audio/audio player
- Audio Outputs (Loudspeaker, Phonespeaker or Headphones)
- The Hardware Controls (Display Brightness, LEDs etc)
- x11VNC Server(not the fastest one due to workarounds, but still usable)
- PwnPi & Backtrack Tools(not all but most atm)
- dpms
- The common ubuntu stuff

What doesnt work:
- Monitor Mode for bc5329
- Phone Feature(no calls no sms/mms sPhone stills needs to be loaded or 3g network wouldnt work.)
- Bluetooth(kernel side looking ok, but the rest is incomplete)
- Battery Stats (no percentage, no recharging)
- Video Player (Without Audio it looks delicious with Xine, even in
fullscreen, but due to the Audio problem mentioned before it has desynchronized and laggy sound)
- Hardware keys, (Kernel side ok but the xorg.conf and xinput settings are not correct)
- Second Mouse Button

The Project needs:
- Kernel Developers (urgent)
- People who are familiar with implementing the msm/qsd driver
- People who are able to crosscompile for arm's
- Developers that have good tools or scripts to embed
- Pentesters who want to contribute some toolchains and methods
- Designers / Webdesigners
- Translators
- People who are able to fix

If you want to enter the project, you can contact the developer via XDA-developers forum.

How to install Ubnhd2?:
Rename the first FAT Partition of the SD card to "SD" or many things wont work !  (this should be done externally and not in the phone because ubuntu sets the mount points on boot time !)

You need the Magldr on your HD2

Extract all files from the downloaded archive "" to the directory "linux" on your sd card

Set the right "Android from SD" folder in Magldr (SD/linux), select "Boot AD from SD"

The package "connman" should be deinstalled because its consuming too much cpu and doesn't work well together with wicd, the wifi autoconnect after boot was also affected by this.

Password for both accounts is still "ubuntu"

Be careful what you install, it has Debian and Ubuntu repos. In some cases the "Force Version" Option helps

To get the Wifi working you need the drivers from here:

- extract the two files (fw_bcm4329.bin & bcm4329.ko)
- move them to the root folder of your SD-Card
- boot up ubnhd2
- go to gnome-menu -> Stuff -> System -> bcd-res-upd
- take option 7 (Import ... from SD)
- takes a second
- Press the wifi-signal in the dock
- answer the dialog with ok
- after the vibration signal from the wifi script the networks can be
configured by clicking the icon in the menubar (wicd app)

Download beta:

Backtrack 5 R3 Released - PenTesting Distribution

Offensive Security has released updated version of its PenTesting distribution, BackTrack 5 R3.  The update version  focuses on bug-fixes as well as the addition of over 60 new tools-several of which were released in BlackHat and Defcon 2012.

A whole new tool category was populated – “Physical Exploitation”, which now includes tools such as the Arduino IDE and libraries, as well as the Kautilya Teensy payload collection.

"Together with our usual KDE and GNOME, 32/64 bit ISOs, we have released a single VMware Image (Gnome, 32 bit). For those requiring other VM flavors of BackTrack – building your own VMWare image is easy – instructions can be found in the BackTrack Wiki." Offensive Security Team said.

For the insanely impatient, you can download the BackTrack 5 R3 release via torrent right now. Direct ISO downloads will be available once all their HTTP mirrors have synched, which should take a couple more hours. Once this happens, they will update their BackTrack Download page with all links.

Microsoft released Attack Surface Analyzer 1.0

Microsoft has released Attack Surface Analyzer 1.0 which determines the security of an application by examining how it affects the computer it is installed on.

The tools was originally released on January 2011 during the Blackhat DC security conference as Beta version.

According to the press release, the new release includes performance enhancements and bug fixes to improve the user experience. Through improvements in the code, Microsoft reduces the number of false positives and improve Graphic User Interface performance. This release also includes in-depth documentation and guidance to improve ease of use.

"The Attack Surface Analyzer tool is designed to assist independent software vendors (ISVs) and other software developers during the verification phase of the Microsoft Security Development Lifecycle (SDL) as they evaluate the changes their software makes to the attack surface of a computer. " Microsoft explains.

"Because Attack Surface Analyzer does not require source code or symbol access, IT professionals and security auditors can also use the tool to gain a better understanding of the aggregate attack surface change that may result from the introduction of line-of-business (LOB) applications to the Windows platform. "

Nmap Security Scanner version v6.0 released

The Nmap Project released Nmap Security Scanner version 6.00. It is the product of almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009.

Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts, better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more! We recommend that all current users upgrade.

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for network inventory, managing service upgrade schedules, monitoring host or service uptime, and many other tasks

Top 6 Improvements in Nmap 6

  • NSE Enhanced
  • Better Web Scanning
  • Full IPv6 Support
  • New Nping Tool
  • Better Zenmap GUI & results viewer
  • Faster scans
More details about the latest version can be found here:

IronWASP v0.9.0.3 released -A web application vulnerability Testing Tool

IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing, developed by Lavakumar Kuppan.

It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners.

  • Automated Scanning
  • Manual Testing
  • Scripting Shell
  • Javascript Static Analysis
  • Active and Passive Plugins
  • Format Plugin
  • Logging
  • Session Plugin
In recent null chennai meeting, Mr.Lavakumar demonstrated how to use this tool to test your web application against Web application vulnerabilities(Sqli and XSS).  Fortunately, i was there and enjoyed the demo. In next null chennai meeting, he is going to present Second part of the Demo. So don't miss it!

You can download the latest version from here:

Mole V.0.3 released ,an automatic SQL Injection exploitation tool

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique.

ChangeLog v-0.3 :

+ Added integer union sql injection exploitation support.

+ Added early DBMS Detection.

+ Added import command (only XML format supported).

+ Added export command (only XML format supported).

+ Added find_tables command.

+ Added find_tables_like command.

+ Added find_users_table command.

+ Added readfile command (only supported in MySQL).

+ Added xml import and export support.

+ Fixed gathering of schemas, tables and columns in SQL Server.

+ Fixed dumping bugs in Postgres.

+ Fixed other minor bugs.

Platform : Windows & Linux:


Now Upgrade to Backtrack 5 R2 ~ BT5 R2 will be Released On March

The long awaited release of the BackTrack 5 R2 kernel has arrived, and it’s now available in Backtrack repositories. With a spanking brand new 3.2.6 kernel, a huge array of new and updated tools and security fixes, BT5 R2 will provide a more stable and complete penetration testing environment than ever before.

Backtrack will start a series of blog posts on how to upgrade, deal with VMWare, and even build your own updated BT5 R2 by yourself. Backtrack explained how to upgrade to BT5 R2 here

"March 1st! The BackTrack 5 R2 ISOS will we available for download from our site on March 1st via Torrent only. HTTP links will be added a few days later." promised in the Backtrack-linux.

DPScan : Drupal Vulnerability Scanner Released

A Pen tester , Ali Elouafiq and his team have developed a new Penetration testing tool for scanning vulnerabilities in Drupal CMS.

Drupal Security Scanner will enumerate at least the modules used by Drupal so we can simulate a White Box audit on our private machines.

 They released this tool publicly so that it can help for other PenTesters and auditors to do their job faster.

Download the Scanner from here:

How to scan?
1.After downloading the tool, Move the downloaded file to pentesting folder or Desktop.
2.Open your terminal.
3.Navigate to the dpscan folder using cd command.
4.Use the command to scan the vulnerability in target website:
python [Target_Drupal_site]

Armitage 02.14.12 Update released, cyber attack management tool for Metasploit

Armitage 02.14.12 Update has been released,  a comprehensive red team collaboration tool for Metasploit that visualizes targets, recommends exploits, and exposes the advanced post-exploitation features in the framework.

Official Changelog:
  • Added ports 5631 (pc anywhere) and 902 (vmauthd) to the MSF Scans feature.
  •  Several cosmetic tweaks to the spacing in Armitage tables.
  •  Moved table render code from Sleep to Java to avoid potential lock conflicts
  •  Added support for vba-exe payload output type.
  • Payload generation dialog now sets more appropriate default options for the vba output type when it is selected.
  •  Meterp command shell "read more stuff?" heuristic now accounts for Yes/No/All
  • Fixed ExitOnSession showing up twice when setting advanced options for a client-side exploit
  •  You may now import multiple files through Hosts -> Import again.
  •  Added 5s timeout to d-server connect attempt.
  • Added a --client [] to specify which Metasploit server to connect to. The file is a Java properties file that looks like this (without the leading whitespace):


Get it from here:

THC-Hydra v7.2 released :A very fast network logon cracker

Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast. Hydra was tested to compile on Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, and is made available under GPLv3 with a special OpenSSL license expansion.

* Speed-up http modules auth mechanism detection
* Fixed -C colonfile mode when empty login/passwords were used (thanks to will(at)configitnow(dot)com for reporting)
* The -f switch was not working for postgres, afp, socks5,
* firebird and ncp, thanks to Richard Whitcroft for reporting!
* Fixed NTLM auth in http-proxy/http-proxy-url module
* Fixed URL when being redirected in http-form module, thanks to gash(at)chaostreff(dot)at
* Fix MSSQL success login condition, thanks to whistle_master(at)live(dot)com
* Fix http form module: optional headers and 3xx status redirect, thx to Gash
* Fix in configure script for --prefix option, thanks to dazzlepod
* Update of the dpl4hydra script by Roland Kessler, thanks!
* Small fix for hydra man page, thanks to brad(at)comstyle(dot)com

Download it from here:

Web application security scanner Netsparker v2.1 released

Netsparker® can find and report security issues such as SQL Injection and Cross-site Scripting (XSS) in all web applications regardless of the platform and the technology they are built on.

Netsparker's unique detection and exploitation techniques allows it to be dead accurate in reporting hence it's the first and the only False Positive Free web application security scanner.

Download from here:

Finally Maltego updated version 3.1 and CaseFile 1.0 released

After 2 years, finally Maltego updated version 3.1 is released. Maltego is an open source intelligence and forensics application. It will offer you timous mining and gathering of information as well as the representation of this information in a easy to understand format.

Get it from here:


Fatcat: Automated SQL Injection Tool

This is an automatic SQL Injection tool called as FatCat , Use of FatCat for testing your web application and exploit your application more deeper. FatCat Features that help you to extract the Database information, Table information, and Column information from web application. Only If it is vulnerable to SQL Injection Vulnerability.


1)Normal SQL Injection
2) Double Query SQL Injection

In Next Version

1) WAF bypass
2) Cookie Header passing
3) Load File
3) Generating XSS from SQL


1) PHP Verison 5.3.0
2) Enable file_get_function


Slowhttptest version 1.4 released : Pen Testing Tools

SlowHTTPTest is a highly configurable tool that simulates some Application Layer Denial of Service attacks.

It implements most common low-bandwidth Application Layer DoS attacks, such as slowloris, Slow HTTP POST, Slow Read attack (based on TCP persist timer exploit) by draining concurrent connections pool, as well as Apache Range Header attack by causing very significant memory and CPU usage on the server.

Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy, this creates a denial of service. This tool is sending partial HTTP requests, trying to get denial of service from target HTTP server.

Official changelog:
  • This build includes bug fixes.
  • A man page has been added.
  • This build also features 64K concurrent connections.


Hcon’s Security Testing Framework (Hcon STF) v0.4 [Fire base] codename ‘Freedom’

Hcon respects & salutes to all of the freedom fighters of India, without whom we can never be able get our freedom.

A tribute to all of the freedom fighters of all the countries we present HconSTF version 0.4 codename ‘Freedom’.

Hope this year brings freedom for everyone on the internet form different governments & companies which are making the internet users their slaves.
For this purpose HconSTF 0.4 has integrated many functions for anonymity and OSINT.

Some Highlight Features :
  • Categorized and comprehensive toolset
  • Contains hundreds of tools and features and script for different tasks like SQLi,XSS,Dorks,OSINT to name a few
  • HconSTF webUI with online tools (same as the Aqua base version of HconSTF)
  • Each and every option is configured for penetration testing and Vulnerability assessments
  • Specially configured and enhanced for gaining easy & solid anonymity
  • Works for web app testing assessments specially for owasp top 10
  • Easy to use & collaborative Operating System like interface
  • Light on Hardware Resources
  • Portable - no need to install, can work from any USB storage device
  • Multi-Language support (feature in heavy development translators needed)
  • Works side-by-side with your normal web browser without any conflict issues
  • Works on both architectures x86 & x64 on windows XP, Vista, 7 (works with ubuntu linux using wine)
  • Netbook compatible - User interface is designed for using framework on small screen sizes
  • Free & Open source and always will be

Categories of tools :
  1. Information gathering / Analysis
  2. Editors / Debuggers
  3. Exploitation / Auditing
  4. Anonymity
  5. Passwords
  6. Cryptography
  7. Database
  8. Scripting / Automation
  9. Network Utilities
  10. Reporting

License :
MPL,GPL,LGPL . in simple words its free as speech , no license fees.

Support & feedback :
Please give your feedback suggestions, questions in

Links :

Hcon Security Testing Framework (HconSTF) v0.4 [Fire base] codename ‘Freedom’

WeBaCoo(Web Backdoor Cookie) script kit v0.2.1released

The WeBaCoo (Web Backdoor Cookie) script-kit is a tiny stealth PHP backdoor that is capable to provide a “pseudo”-terminal connection on a remote web server injected with a chunk of malicious PHP code. It does so by sending the server’s command output using the HTTP response headers. It sends shell commands hidden in Cookie headers obfuscated with base64 encoding and the output is transmitted back to client hidden (base64 encoded too) in Cookie headers after execution.”


+ MySQL CLI support
+ Support for extension modules

Since 0.2.1 version an extension module support has been added in order
to provide extra functionalities to WeBaCoo. Within terminal mode you
can execute 'load' to list the available modules and initialize the desired
one from the list. By typing 'unload' you can restore back to the initial
terminal mode.


Armitage 01.19.12 released: Pen Testing tools

Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you.

change log for Armitage 01.19.12:
  • Data export now includes a sessions file. This lists all of the Metasploit sessions you had in your database. There’s some neat data here including which exploit was used, which payload, start time, and close time. You can calculate how much time you spent on your client’s boxes. Cool stuff.
  • Fixed a potential dead-lock caused by mouse enter/exit events firing code that required a lock. Nice landmine to defuse.
  • Fixed a weird condition with d-server detection. Sometimes (rarely) Armitage wouldn’t detect the d-server even when it’s present.
  • Added check to d-server allowing one lock per/client. Client won’t reobtain a lock until it lets it go. This prevents you from opening two shell tabs for a shell session in team mode.
  • Fixed an infinite loop condition when some Windows shell commands would return output with no newlines (e.g., net stop [some service]). Thanks Jesse for pointing me to this one.
  • Data export now includes a timeline file. This file documents all of the major engagement events seen by Armitage. Included with each of these events is the source ip of the attack system and the user who carried out the action (when teaming is setup).
  • Data export now exports timestamps with current timezone (not GMT)
  • Fixed a nasty bug that’s been with Armitage since the beginning! I wasn’t freeing edges properly in the graph view. If you had pivots setup in graph view and used Armitage long enough–eventually Armitage would slow down until the program became unusable. At least it’s fixed now.
  • Adjusted the d-server state identity hash combination algorithm to better avoid collissions.
  • Armitage now displays ‘shell session’ below a host if the host info is just the Windows shell banner.


BackBox Linux 2.01 Released ! ~ Penetration Testing Distribution

BackBox released BackBox Linux v2.01 .The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0.

BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools

  • System upgrade
  • Performance boost
  • New look
  • Improved start menu
  • Bug corrections
  • New sections such as Forensic Analysis, Documentation & Reporting and Reverse Engineering
  • New Hacking tools and updated tools such as dradis 2.8, ettercap, john 1.7.8, metasploit 4.2, nmap 5.51, set 2.5.2, sleuthkit 3.2.1, w3af 1.0, weevely 0.5, wireshark 1.6.3, etc.

System requirements
  • 32-bit or 64-bit processor
  • 256 MB of system memory (RAM)
  • 4.4 GB of disk space for installation
  • Graphics card capable of 800×600 resolution
  • DVD-ROM drive or USB port
The ISO images (32bit & 64bit) can be downloaded from the following location:

Nmap 5.61TEST4 released -51 New Scripts, web spidering, vuln library,and more!

Nmap 5.61TEST4 has a number of interesting features.
  • a spidering library and associated scripts for crawling websites.
  • 51 new NSE scripts, bringing the total to 297.
  • a substantial decrease in the size of the Mac OS X installer due to the removal of PPC support.
  • a new vulnerability management library which stores and reports found vulnerabilities.

More information can be found here.

MySQL 5 Enumeration: Blackhatacademy released Blind SQL Injection Tool

Blackhatacademy released a Script that uses blind SQL injection and boolean enumeration to perform INFORMATION_SCHEMA Mapping

  • By default, this script will first determine username, version and database name before enumerating the information_schema information.
  • When the -q flag is applied, a user can supply any query that returns only a single cell
  • If the exploit or vulnerability requires a single quote, simply tack %27 to the end of the URI.
  • This script contains error detection : It will only work on a mysql 5.x database, and knows when its queries have syntax errors.
  • This script uses perl's LibWhisker2 for IDS Evasion (The same as Nikto).
  • This script uses the MD5 algorithm for optimization. There are other optimization methods, and this may not work on all sites.

For More information and get the script from here: