Free Hack Tools: EN

Showing posts with label EN. Show all posts

Wednesday, April 30, 2014

Wireshark v1.11.3 - The world’s foremost network protocol analyzer

Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

Changelog v1.11.3

New and Updated Features

The following features are new (or have been significantly updated) since version 1.11.1:

Qt port:
- The About dialog has been added
- The Capture Interfaces dialog has been added.
- The Decode As dialog has been added. It managed to swallow up the User Specified Decodes dialog as well.
- The Export PDU dialog has been added.
- Several SCTP dialogs have been added.
- The statistics tree (the backend for many Statistics and Telephony menu items) dialog has been added.
- The I/O Graph dialog has been added.
- French translation has updated.

The following features are new (or have been significantly updated) since version 1.11.1:

Mac OS X packaging has been improved.

The following features are new (or have been significantly updated) since version 1.11.0:

Dissector output may be encoded as UTF-8. This includes TShark output.
Qt port:
- The Follow Stream dialog now supports packet and TCP stream selection.
- A Flow Graph (sequence diagram) dialog has been added.
- The main window now respects geometry preferences.

The following features are new (or have been significantly updated) since version 1.10:

Wireshark now uses the Qt application framework. The new UI should provide a significantly better user experience, particularly on Mac OS X and Windows.
The Windows installer now uninstalls the previous version of Wireshark silently. You can still run the uninstaller manually beforehand if you wish to run it interactively.
Expert information is now filterable when the new API is in use.
The “Number” column shows related packets and protocol conversation spans (Qt only).
When manipulating packets with editcap using the -C <choplen> and/or -s <snaplen> options, it is now possible to also adjust the original frame length using the -L option.
You can now pass the -C <choplen> option to editcap multiple times, which allows you to chop bytes from the beginning of a packet as well as at the end of a packet in a single step.
You can now specify an optional offset to the -C option for editcap, which allows you to start chopping from that offset instead of from the absolute packet beginning or end.
“malformed” display filter has been renamed to “_ws.malformed”. A handful of other filters have been given the “_ws.” prefix to note they are Wireshark application specific filters and not dissector filters.

Download Wireshark v1.11.3

RAWR - Rapid Assessment of Web Resources

Introducing RAWR (Rapid Assessment of Web Resources). There’s a lot packed in this tool that will help you get a better grasp of the threat landscape that is your client’s web resources. It has been tested from extremely large network environments, down to 5 node networks. It has been fine-tuned to promote fast, accurate, and applicable results in usable formats. RAWR will make the mapping phase of your next web assessment efficient and get you producing positive results faster!

Features

A customizable CSV containing ordered information gathered for each host, with a field for making notes/etc.
An elegant, searchable, JQuery-driven HTML report that shows screenshots, diagrams, and other information.
a CSV Treat Matrix for an easy view of open ports across all provided hosts. (Use -a to show all ports.)
Default password suggestions using a list compiled from several online sources.
Supports the use of a proxy (Burp, Zap, W3aF)
Captures/stores SSL Certificates, Cookies, and Cross-domain.xml
Customizable crawl of links within the host’s domain.
PNG Diagram of all pages found during crawl
List of links crawled in tiered format.
List of documents seen for each site.
Automation-Friendly output (JSON strings)

Requirements

nmap – at least 6.00 – required for SSL strength assessment
graphviz – site diagram from crawl (optional)
python-lxml – parsing xml & html
python-pygraphviz – site layout from crawl (optional)
phantomJS – tested with 1.9.1, can be downloaded/installed in local folder during –check-install

Download RAWR

Tuesday, April 29, 2014

BlackArch Linux v2014.04.21 - Lightweight expansion to Arch Linux for pentesters and security researchers

BlackArch Linux is an Arch-based GNU/Linux distribution for pentesters and security researchers. The BlackArch package repository is compatible with existing Arch installs.

Changelog v2014.04.21

added new system packages: mplayer, abs, ack, bc, bridge-utils, darkhttpd, flashplugin, inotify-tools, irssi, makepasswd, mercurial, mplayer, rtorrent, scrot, strace, tor-browser-en
added .Xresources with entries for xterm
added wicd to system start (systemctl)
added wicd and wicd-gtk networkmanager
removed ‘xset r rate 150 100′ entry for X
updated menu entries
added more than 150 new tools
replaced zathura pdf reader with mupdf

Main Features

Support for i686, x86_64, armv6h and armv7h architectures
Over 750 tools (constantly increasing)
Modular package groups
A live ISO with multiple window managers, including dwm, fluxbox, openbox, awesome, wmii, i3 and spectrwm.
An installer with the ability to build from source.

Download BlackArch Linux

BluetoothLogView - Creates a log of Bluetooth devices activity around you

BluetoothLogView is a small utility that monitors the activity of Bluetooth devices around you, and displays a log of Bluetooth devices on the main window. Every time that a new Bluetooth device arrives to your area and when the device leaves your area, a new log line is added with the following information: Device Name, Device Address, Event Time, Event Type ('Device Arrival' or 'Device Left'), Device Type, and the company that created the device. BluetoothLogView also allows you to specify a description for every device (according to its MAC address) that will appear under the 'Description' column.

Download BluetoothLogView

OWASP ZAP v2.3.0 - An easy to use integrated penetration testing tool for finding vulnerabilities in web applications

OWASP Zed Attack Proxy (ZAP) An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

Changelog v2.3.0, highlights

A ZAP ‘lite’ version in addition to the existing ‘full’ version
View, intercept, manipulate, resend and fuzz client-side (browser) events
Enhanced authentication support
Support for non standard apps
Input Vector scripts
Scan policy – fine grained control
Advanced Scan dialog
Extended command line options
More API support
Internationalized help file
Keyboard shortcuts
New UI options
More functionality moved to add-ons
New and improved active and passive scanning rules

Download OWASP ZAP v2.3.0

oclHashcat v1.20 - Worlds fastest password cracker

oclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack (implemented as mask attack), combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack.

This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite.

GPU Driver requirements:

NV users require ForceWare 331.67 or later
AMD users require Catalyst 14.4 or later

Changelog v1.20

Added algorithms
AMD Catalyst v14.x (Mantle) driver
Improved distributed cracking support
Added outfiles directory
Rewrote restore system from scratch
Rewrote multihash structure
Added debugging support for rules
Added support for $HEX[]
Added tweaks for AMD OverDrive 6 and better fan speed control
Adding new password candidates on-the-fly
Rewrote weak-hash check
Reload previously-cracked hashes from potfile

Full Changelog: here

Features

Worlds fastest password cracker
Worlds first and only GPGPU based rule engine
Free
Multi-GPU (up to 128 gpus)
Multi-Hash (up to 100 million hashes)
Multi-OS (Linux & Windows native binaries)
Multi-Platform (OpenCL & CUDA support)
Multi-Algo (see below)
Low resource utilization, you can still watch movies or play games while cracking
Focuses highly iterated modern hashes
Focuses dictionary based attacks
Supports distributed cracking
Supports pause / resume while cracking
Supports sessions
Supports restore
Supports reading words from file
Supports reading words from stdin
Supports hex-salt
Supports hex-charset
Built-in benchmarking system
Integrated thermal watchdog
100+ Algorithms implemented with performance in mind

Attack-Modes

Straight (accept Rules)
Combination
Brute-force
Hybrid dict + mask
Hybrid mask + dict

Algorithms

MD4
MD5
SHA1
SHA-256
SHA-512
SHA-3 (Keccak)
RipeMD160
Whirlpool
GOST R 34.11-94
HMAC-MD5 (key = $pass)
HMAC-MD5 (key = $salt)
HMAC-SHA1 (key = $pass)
HMAC-SHA1 (key = $salt)
HMAC-SHA256 (key = $pass)
HMAC-SHA256 (key = $salt)
HMAC-SHA512 (key = $pass)
HMAC-SHA512 (key = $salt)
LM
NTLM
DCC
DCC2
NetNTLMv1
NetNTLMv1 + ESS
NetNTLMv2
Kerberos 5 AS-REQ Pre-Auth etype 23
AIX {smd5}
AIX {ssha1}
AIX {ssha256}
AIX {ssha512}
FreeBSD MD5
OpenBSD Blowfish
descrypt
md5crypt
bcrypt
sha256crypt
sha512crypt
DES(Unix)
MD5(Unix)
SHA256(Unix)
SHA512(Unix)
OSX v10.4
OSX v10.5
OSX v10.6
OSX v10.7
OSX v10.8
OSX v10.9
Cisco-ASA
Cisco-IOS
Cisco-PIX
GRUB 2
Juniper Netscreen/SSG (ScreenOS)
RACF
Samsung Android Password/PIN
MSSQL
MySQL
Oracle
Postgres
Sybase
DNSSEC (NSEC3)
IKE-PSK
IPMI2 RAKP
iSCSI CHAP
WPA
WPA2
1Password, cloudkeychain
1Password, agilekeychain
Lastpass
Password Safe SHA-256
TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES
TrueCrypt 5.0+ PBKDF2 HMAC-SHA512 + AES
TrueCrypt 5.0+ PBKDF2 HMAC-Whirlpool + AES
TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + boot-mode
TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + hidden-volume
TrueCrypt 5.0+ PBKDF2 HMAC-SHA512 + AES + hidden-volume
TrueCrypt 5.0+ PBKDF2 HMAC-Whirlpool + AES + hidden-volume
TrueCrypt 5.0+ PBKDF2 HMAC-RipeMD160 + AES + hidden-volume + boot-mode
SAP CODVN B (BCODE)
SAP CODVN F/G (PASSCODE)
Citrix Netscaler
Netscape LDAP SHA/SSHA
Apache MD5-APR
hMailServer
EPiServer
Drupal
IPB
Joomla
MyBB
osCommerce
Redmine
SMF
vBulletin
Woltlab Burning Board
xt:Commerce
WordPress
phpBB3
Half MD5 (left, mid, right)
Double MD5
Double SHA1
md5($pass.$salt)
md5($salt.$pass)
md5(unicode($pass).$salt)
md5($salt.unicode($pass))
md5(sha1($pass))
sha1($pass.$salt)
sha1($salt.$pass)
sha1(unicode($pass).$salt)
sha1($salt.unicode($pass))
sha1(md5($pass))
sha256($pass.$salt)
sha256($salt.$pass)
sha256(unicode($pass).$salt)
sha256($salt.unicode($pass))
sha512($pass.$salt)
sha512($salt.$pass)
sha512(unicode($pass).$salt)
sha512($salt.unicode($pass))

Download oclHashcat v1.20

Hashcat-Utils - Set of small utilities that are useful in advanced password cracking

Hashcat-utils are a set of small utilities that are useful in advanced password cracking. They all are packed into multiple stand-alone binaries.

All of these utils are designed to execute only one specific function. Since they all work with STDIN and STDOUT you can group them into chains.

The programs are available for Linux and Windows on both 32 bit and 64 bit architectures. The programs are also available as open source.

List of Utilities

combinator: This program is a stand-alone implementation of the Combinator Attack.
Each word from file2 is appended to each word from file1 and then printed to STDOUT.
Since the program is required to rewind the files multiple times it cannot work with STDIN and requires real files.
cutb: This program (new in hashcat-utils-0.6) is designed to cut up a wordlist (read from STDIN) to be used in Combinator attack. Suppose you notice that passwords in a particular dump tend to have a common padding length at the beginning or end of the plaintext, this program will cut the specific prefix or suffix length off the existing words in a list and pass it to STDOUT.
expander: This program has no parameters to configure. Each word going into STDIN is parsed and split into all its single chars, mutated and reconstructed and then sent to STDOUT.

There are a couple of reconstructions generating all possible patterns of the input word by applying the following iterations:

All possible lengths of the patterns within a maximum of 7 (defined in LEN_MAX macro, which you can increase in the source).
All possible offsets of the word.
Shifting the word to the right until a full cycle.
Shifting the word to the left until a full cycle.
gate: Each wordlist going into STDIN is parsed and split into equal sections and then passed to STDOUT based on the amount you specify. The reason for splitting is to distribute the workload that gets generated.The two important parameters are “mod” and “offset”.
The mod value is the number of times you want to split your dictionary.
The offset value is which section of the split is getting that feed.
hcstatgen: Tool used to generate .hcstat files for use with the statsprocessor.
len: Each word going into STDIN is parsed for its length and passed to STDOUT if it matches a specified word-length range.
morph: Basically morph generates insertion rules for the most frequent chains of characters from the dictionary that you provide and that, per position.

Dictionary = Wordlist used for frequency analysis.

Depth = Determines what “top” chains that you want. For example 10 would give you the top 10 (in fact, it seems to start with value 0 so that 10 would give the top 11).Width = Max length of the chain. With 3 for example, you will get up to 3 rules per line for the most frequent 3 letter chains.pos_min = Minimum position where the insertion rule will be generated. For example 5 would mean that it will make rule to insert the string only from position 5 and up.pos_max = Maximum position where the insertion rule will be generated. For example 10 would mean that it will make rule to insert the string so that it’s end finishes at a maximum of position 10.

permute: This program is a stand-alone implementation of the Permutation Attack. It has no parameters to configure. Each word going into STDIN is parsed and run through “The Countdown QuickPerm Algorithm” by Phillip Paul Fuchs.
prepare: This program is made as an dictionary optimizer for the Permutation Attack. Due to the nature of the permutation algorithm itself, the input words “BCA” and “CAB” would produce exactly the same password candidates.
req: Each word going into STDIN is parsed and passed to STDOUT if it matches an specified password group criteria. Sometimes you know that some password must include a lower-case char, a upper-case char and a digit to pass a specific password policy. That means checking passwords that do not match this policy will definitely not result in a cracked password. So we should skip it. This program is not very complex and it can not fully match all the common password policy criteria, but it does provide a little help.
rli: compares a single file against another file(s) and removes all duplicates. rli can be very useful to clean your dicts and to have one unique set of dictionaries.
rli2: Unlike rli, rli2 is not limited. But it requires infile and removefile to be sorted and uniqued before, otherwise it won’t work as it should.
splitlen: This program is designed to be a dictionary optimizer for oclHashcat. oclHashcat has a very specific way of loading dictionaries, unlike hashcat or oclHashcat. The best way to organize your dictionaries for use with oclHashcat is to sort each word in your dictionary by its length into specific files, into a specific directory, and then to run oclHashcat in directory mode.

Download Hashcat-Utils

Monday, April 28, 2014

NetworkTrafficView - Monitor the traffic on your network adapter

NetworkTrafficView is a network monitoring tool that captures the packets pass through your network adapter, and displays general statistics about your network traffic. The packets statistics is grouped by the Ethernet Type, IP Protocol, Source/Destination Addresses, and Source/Destination ports. For every statistics line, the following information is displayed: Ethernet Type (IPv4, IPv6, ARP), IP Protocol (TCP, UDP, ICMP), Source Address, Destination Address, Source Port, Destination Port, Service Name (http, ftp, and so on), Packets Count, Total Packets Size, Total Data Size, Data Speed, Maximum Data Speed, Average Packet Size, First/Last Packet Time, Duration, and process ID/Name (For TCP connections).

Download NetworkTrafficView

Saturday, April 26, 2014

IronWASP 2014 - One of the world's best web security scannners

Find security issues on your website automatically using IronWASP, one of the world's best web security scannners.

Here's what is new:

1) Login recording

Now you can easily just record a login sequence and use it in vulnerability scans and other automated tests. See video tutorial.

2) Automatically testing for CSRF, Broken Authentication, Privilege Escalation and Hidden Parameters

Now IronWASP has a new section called Interactive Testing tools that let you automatically discover vulnerabilities that could only be discovered by manual testing.

See video tutorials for CSRF Tester, Broken Authentication Tester, Hidden Parameter Tester and Privilege Escalation Tester

3) Browser pre-configured for Manual Crawling

The most common problem with intercepting proxies is that you have to change your browser's proxy settings and import the tool's certificate as a trusted CA for SSL traffic. Even after doing this there is change that traffic from your regular browsing will get mixed with your test traffic. IronWASP solves all of these problems, it comes with a browser pre-configured to use IronWASP as proxy, it handles SSL certificate errors automatically (no need to import as CA) and since this is a separate browser it does not affect the regular browsing that you are doing in your other browser. See video.

4) DOM XSS Analyzer

If you understand what DOM XSS sources and sinks are and have the ability to understand and analyse JavaScript code then you will find this new utility really useful. It makes the process of discovering DOM XSS really easy for manual testers. See video tutorial.

5) XmlChor - XPATH Injection Exploitation tool

This version comes with a new Module called XmlChor written by Harshal Jamdade. This module can be used to automatically exploit XPATH Injection vulnerabilities and extract the backend XML file from the server. See video tutorial.

6) WiHawk - WiFi Router Vulnerability Scanner

There version has one more awesome module called WiHawk written by Anamika Singh. This module can be used to scan a range of IP addresses for WiFi routers that have default password and authentication bypass vulnerabilities. It also supports Shodan API to scan large number of devices on the internet. See video tutorial.

Download IronWASP 2014

NetworkLatencyView - Calculates the network latency (in milliseconds)

NetworkLatencyView is a simple tool for Windows that listens to the TCP connections on your system and calculates the network latency (in milliseconds) for every new TCP connection detected on your system. For every IP address, NetworkLatencyView displays up to 10 network latency values, and their average. The latency value calculated by NetworkLatencyView is very similar to the result you get from pinging to the same IP address.

NetworkLatencyView also allows you to easily export the latency information to text/csv/tab-delimited/html/xml file, or copy the information to the clipboard and then paste it to Excel or other application.

Download NetworkLatencyView

Friday, April 25, 2014

Dll Hijack Auditor v3.5 - Smart Tool to Audit the DLL Hijack Vulnerability

DLL Hijack Auditor is the smart tool to Audit against the Dll Hijacking Vulnerability in any Windows application.

This is one of the critical security issue affecting almost all Windows systems. Though most of the apps have been fixed, but still many Windows applications are susceptible to this vulnerability which can allow any attacker to completely take over the system.

DllHijackAuditor helps in discovering all such Vulnerable Dlls in a Windows application which otherwise can lead to successful exploitation resulting in total compromise of the system.

With its simple GUI interface DllHijackAuditor makes it easy for anyone to instantly perform the auditing operation. It also presents detailed technical Audit report which can help the developer in fixing all vulnerable points in the application.

Dll Hijack Auditor is a fully portable and works on wide range of platforms starting from Windows XP to Windows 8.

Download Dll Hijack Auditor v3.5

Pyrasite - Inject arbitrary code into a running Python process

Pyrasite is a library and a set of tools for injecting code into running Python programs.

usage: pyrasite [-h] [--gdb-prefix GDB_PREFIX] [--verbose] pid [filename]

pyrasite - inject code into a running python process

positional arguments:
  pid                   The ID of the process to inject code into
  filename              The second argument must be a filename

optional arguments:
  -h, --help            show this help message and exit
  --gdb-prefix GDB_PREFIX
                        GDB prefix (if specified during installation)
  --verbose             Verbose mode

For updates, visit https://github.com/lmacken/pyrasite

Download Pyrasite

Thursday, April 24, 2014

WebPwn3r - Web Applications Security Scanner

WebPwn3r is a Web Applications Security Scanner coded in Python to help Security Researchers to scan Multiple links in the same time against Remote Code/Command Execution & XSS Vulnerabilities.

You can extract the URL’s from Burp Suite and save it in list.txt then pass it to WebPwn3r.

You can also use your own crowler to gather URL’s for a certain domain or a random domains, and save it in list.txt then pass it to WebPwn3r.

WebPwn3r got below Features:

1- Scan a URL or List of URL’s

2- Detect and Exploit Remote Code Injection Vulnerabilities.

3- ~ ~ ~ Remote Command Execution Vulnerabilities.

4- ~ ~ ~ Typical XSS Vulnerabilities.

5- Detect WebKnight WAF.

6- Improved Payloads to bypass Security Filters/WAF’s.

7- Finger-Print the backend Technologies.

Download WebPwn3r

WhoIsConnectedSniffer - Network discovery tool that listens to network packets on your network

WhoIsConnectedSniffer is a network discovery tool that listens to network packets on your network adapter using a capture driver (WinpCap or MS network monitor) and accumulates a list of computer and devices currently connected to your network. WhoIsConnectedSniffer uses various protocols to detect the computers connected to your network, including ARP, UDP, DHCP, mDNS, and BROWSER.

For every detected computer or device, the following information is displayed: (Some of the fields might be empty if the information cannot be found inside the packets) IP Address, MAC Address, name of the device/computer, description, Operating System, Network Adapter Company, IPv6 Address.

After collecting the connected computers/devices information, you can easily export the list to tab-delimited/comma-delimited/xml/html file.

Protocols supported by WhoIsConnectedSniffer

ARP:WhoIsConnectedSniffer listens to this protocol to get the IP address and MAC address of computers and devices.
UDP:When a computer broadcasts a UDP packet to all other computers, WhoIsConnectedSniffer extracts from it the IP address and the MAC address.
DHCP:When a computer connects to the network, it usually sends a DHCP request. WhoIsConnectedSniffer uses this request to get the host name and IP address of the computer.
mDNS:This protocol is used on Linux and Mac OS systems. WhoIsConnectedSniffer uses it to get the host name and IP address of the computer, and also the operating system (on Linux)
BROWSER:This protocol is mainly used by Windows, but some Linux systems supports this protocol too. WhoIsConnectedSniffer uses it to get the name of the computer, description text of the computer, and the operating system.

Download WhoIsConnectedSniffer

Wednesday, April 23, 2014

Hash Kracker v2.5 - All-in-one Hash Password Recovery Software

Hash Kracker is the free all-in-one tool to recover the hash password for multiple hash types.

Currently it supports password recovery from following popular Hash types

MD5
SHA1
SHA256
SHA384
SHA512

It uses dictionary based cracking method which makes the cracking operation simple and easier.

Though it supports only Dictinary Crack method, you can easily use tools like Crunch, Cupp to generate brute-force based or any custom password list file and then use it with 'Hash Kracker'.

Download Hash Kracker v2.5

Andiparos - Security tool that can be used for web application security assessments

Andiparos is a fork of the famous Paros Proxy. It is an open source web application security assessment tool that gives penetration testers the ability to spider websites, analyze content, intercept and modify requests, etc.

The advantage of Andiparos is mainly the support of Client Certificates on Smartcards. Moreover it has several small interface enhancements, making the life easier for penetration testers...

Features:

Smartcard support
BeanShell support
History Filter (URLs)
Passive Scanner
Advanced search functionality
MultiTags for request/response
Mark Request/Response
Better Mac OS X integration
other nice enhancements...

For stability reasons, JDIC support has been completely removed.

Download Andiparos

Tuesday, April 22, 2014

Instant PDF Password Remover v3.5 - Free PDF Password & Restrictions Removal Tool

Instant PDF Password Remover is the FREE tool to instantly remove Password of protected PDF document. It can remove both User & Owner password along with all PDF file restrictions such as Copy, Printing, Screen Reader etc.

Often we receive password protected PDF documents in the form of mobile bills, bank statements or other financial reports. It is highly inconvenient to remember or type these complex and long passwords.

'Instant PDF Password Remover' helps you to quickly remove the Password from these PDF documents. Thus preventing the need to type these complex/long password every time you open such protected PDF documents.

Note that it cannot help you to remove the unknown password. It will only help you to remove the KNOWN password so that you don't have to enter the password everytime while opening the PDF file.

It makes it even easier with the 'Right Click Context Menu' integration. This allows you to simply right click on the PDF file and launch the tool. Also you can Drag & Drop PDF file directly onto the GUI window to start the password removal operation instantly.

It can unlock PDF document protected with all versions of Adobe Acrobat Reader using different (RC4, AES) encryption methods.

It comes with Installer for quick installation/un-installation. It works on wide range of Operating systems starting from Windows XP to Windows 8.

Download Instant PDF Password Remover v3.5

Shodan Plugin for Chrome

The Shodan plugin tells you where the website is hosted (country, city), who owns the IP and what other services/ ports are open.

The Shodan plugin for Chrome automatically checks whether Shodan has any information for the current website. Is the website also running FTP, DNS, SSH or some unusual service? With this plugin you can see all the info that Shodan has collected on a given website/ domain.

Download Shodan Plugin for Chrome

Monday, April 21, 2014

XVI32 - Freeware Hex Editor

XVI32 is a freeware hex editor running under Windows 9x/NT/2000/XP/Vista/7. The name XVI32 is derived from XVI, the roman notation for the number 16. XVI32 and all of its components are developed by myself.

The current release 2.55 is available since June 26, 2012. It comes with a complete online help and requires only 1.02 MB of hard disk space. There is no setup program needed - just unzip the downloaded archive to your hard disk! XVI32 doesn't write any data to your registry.

XVI32 is used by thousands of people all over the world. It was included in books like the Hacker's Guide. Even people at Microsoft ™ do use XVI32! If you don't believe me, look at http://support.microsoft.com/kb/835840/EN-GB/.

Features

XVI32 has the following main features. Especially note the highlighted advantages of XVI32.

XVI32 is a portable application, i.e. no setup program is needed, you can run XVI32 from your USB stick, no data is written to the registry
data inspector to view decoded numbers (see screen shot; can be turned off).
Has built-in script interpreter.
Easily works with huge files. Try to open a 60 MB sized text file with some other hex editor (not to speak about Wordpad), then use XVI32... If you don't have such a huge text file, use my freeware tool RndFile to create one
XVI32 allows to edit files up to 2 GB (enough virtual memory provided, of course)
For your convenience, XVI32 stores settings and last used search strings etc. in XVI32.INI file
Progress indication in percent for most operations
You can abort nearly all operations (reading/writing files, search, replace, print...)
Display of both text (ASCII/ANSI) and hexadecimal representation
Two synchronous cursors in text and hex area
Fully resizeable window (change number of rows and columns)
Font and font size adjustable
Overwrite or insert characters
Insert text or hex string n times
Switch byte offset (address) of first byte between 0 or 1 to examine also record structure of plain text files
Search text or hex string, e.g. find "this text" or find "0D 0A"
Simplified search for Unicode Latin (UTF-16) strings
Search optionally with joker (wildcard) char that will match any character, e.g. find "A.C" or "00 2E 2E 00" where "." = "2E" (user-defined) stands for any character
Fast searching algorithm (Quicksearch) for both search directions (down/up)
Count occurences of text or hex string
Replace text or hex string, e.g. replace "0D 0A" by "0A" or replace "0D 0A" by text "EOL"
Extremely fast "replace all" mode (if needed, additional memory is allocated beforehead, not at every single replacing operation)
Menu item Shredder data to overwrite all bytes of a file with binary zeroes
Auto-fill feature to copy bytes from current address into input field for hex string using right arrow key
Character conversion using self-defined character table
Easy converting of text to hex string in dialogs (e.g. "abc" -> "61 62 63")
Decoding and encoding of 1, 2, 4, and 8 byte integers or 4/8 byte floats in 2 possible byte orders
Bit manipulation (view or set bits)
Open file in Read Only Mode (e.g. if opened by another application or to avoid unintentional modifications)
Insert file contents into file
Write block to file
Copy, move or delete block
Clipboard support
Goto address (absolute or relative up/down)
Up to 9 named bookmarks
Enter jump width and jump up/down (useful for files with fixed record length)
Patch BORLAND PASCAL 7.0 EXE files for execution on processors > 200 MHz
Printing with preview or print to file
Simplified search for Unicode Latin (UTF-16) strings
Command "Reload" to open current file again
Easily access most recently used files
And last, but not least: XVI32 is free!

Download XVI32

Pyew - A Python tool for static malware analysis

Pyew is a (command line) python tool to analyse malware. It does have support for hexadecimal viewing, disassembly (Intel 16, 32 and 64 bits), PE and ELF file formats (it performs code analysis and let you write scripts using an API to perform many types of analysis), follows direct call/jmp instructions in the interactive command line, displays function names and string data references; supports OLE2 format, PDF format and more. It also supports plugins to add more features to the tool.

Pyew have been successfully used in big malware analysis systems since almost 2 years, processing thousand of files daily.

Download Pyew