The Social-Engineer Toolkit (SET) v2.5 “Rippin and Tearin” has been released!

The Social-Engineer Toolkit (SET) v2.5 Codename: “Rippin and Tearin” has been released! This version is primarily enhancements of existing attack vectors and a rehaul of some portions of the codebase. Most noticeably, the site cloner has been modified to target the body tags first for the applet injection versus the header html tags. This allows the website to render properly first, then trigger the applet. In addition, fixes around the Java Repeater have been fixed.

Changelog below:

~~~~~~~~~~~~~~~~
version 2.5
~~~~~~~~~~~~~~~~

* rehaul of site cloner, it now injects into body properly and leverages unc, redirection, and others properly
* redid a few options on repeater.database, unc.database to make more streamline
* fixed bugs with java repeater
* added more granularity around how repeater operates and functions when on different webpages
* added ability to inject into tags first and if not found then it injects into tags
* added ability to render even when flag is being used versus
* added more stability to the Java Applet.jar and backup routine for redirect to websites
* bug fix in website cloner
* rewrote portions of java applet to gain more stability around java repeater as a fallback
* added better handling around unc database and fixed a bug when in the wrong loop within cloner.py
* established a baseline fallback for java applet

Download : http://www.secmaniac.com

M.O.R.E >> "The Social-Engineer Toolkit (SET) v2.5 “Rippin and Tearin” has been released!"

MD5 Cracker Web List

Just wanna share with you guys. A list of web/services for cracking a md5 hash.
Check it out. r0x d4 n3tw0rk

- md5gle.com

- online md5 cracker,md5 reverse, md5 decrypt (457,354,352,282)

- md5Crack.com | online md5 cracker

- [ md5 crack password crack hash checker ]

- md5cracker.tk (MD5 Search engine by searches a total of 14 on-line crackers.)

- Index of / (5,889,729)

- AP3 Designs

- http://md5-db.com (The database is approximately 70gb)

- md5.rednoize.com - reverse engineer md5 hashes - powered by rednoize.com (56,502,235)

- GData: An Online MD5 Hash Database (3,251,106)

- TMTO[dot]ORG (306.000.000.000)

- milw0rm.com - free md5/lm hash cracking (Milw0rm Cracker db)

- BlackLight's hash cracker (2,456,288)

- .:Shell-Storm.org:. | DataBase MD5 | ( The data base currently contains 169582 passwords )

- Parallels Confixx (Need Account)

- Passwords recovery - MD5, SHA1, MySQL (Register to increase your priority)

- md5ÔÚÏß²éѯÆƽâ|md5½âÃÜ|md5¼ÓÃÜ|salt

- Hashkiller.com

- plain-text.info

- insidepro.com

- md5decrypter.co.uk

- c0llision.net

- md5pass.info

- hashcrack.com

- generuj.pl

- authsecu.com

- md5decryption.com

- chwett.com/md5

- md5this.com

- tmto.org

- kerinci.net

- hash.db.hk

- crackfor.me

- md5hood.com

- neofusion.de

- md5.shalla.de

- md5.my-addr.com

- hashcracking.info <-- API: https://hashcracking.info/check.php?hash= {hash}

- md5.opencracking.info

- md5online.net

- macrosoftware.ro/md5

- netmd5crack.com

- bokehman.com

- hash-database.net

- thoran.eu

- md5-database.net

- web-security-services.com

- bitdelivery.net



-----------------------------------------------------------------
CRACKED PASSWORD LIST
-----------------------------------------------------------------
www.md5oogle.com
[ md5 crack password crack hash checker ]
milw0rm.com - free md5/lm hash cracking
darkc0de.com [ index ]

-----------------------------------------------------------------
MULTI
-----------------------------------------------------------------
md5cracker.org
md5.igrkio.info
hashkiller.com
hashchecker.de
sinhalayo159.07x.net


-----------------------------------------------------------------
IRC
-----------------------------------------------------------------
plain-text.info (irc.Plain-Text.info #rainbowcrack |||| irc.rizon.net #rainbowcrack)
md5.overclock.ch (irc.rizon.net #md5)
c0llision.net (irc.after-all.org #md5crack |||| ircd.hopto.org #md5crack)



-----------------------------------------------------------------
ICQ
-----------------------------------------------------------------
c0llision.net (427-921-047) <- md5, ntlm
hashkiller.com (405-701-776) <- md5



-----------------------------------------------------------------
LM
-----------------------------------------------------------------
lmcrack.com
plain-text.info


-----------------------------------------------------------------
NTLM
-----------------------------------------------------------------
plain-text.info
md5decrypter.co.uk


-----------------------------------------------------------------
SHA1
-----------------------------------------------------------------
md5.rednoize.com
hash.db.hk
md5decrypter.co.uk


-----------------------------------------------------------------
SHA256
-----------------------------------------------------------------
md5.shalla.de
hash.db.hk


-----------------------------------------------------------------
RAINBOW TABLE
-----------------------------------------------------------------
Free Rainbow Tables » Distributed Rainbow Cracking » LM, NTLM, MD5, SHA1, HALFLMCHALL, MSCACHE
Rainbow Tables . net

M.O.R.E >> "MD5 Cracker Web List"

PHP Vulnerability Hunter v.1.1.4.6

PHP Vulnerability Hunter v.1.1.4.6

PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool.

This is the application that detected almost all of the web application vulnerabilities listed on the advisories page. PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range of exploitable faults in PHP web applications. Minimal configuration is necessary to begin a scan; PHP Vulnerability Hunter doesn’t even need a user specified starting URI.

ChangeLog:
Added code coverage report
Updated GUI validation
Several instrumentation fixes
Fixed lingering connection issue
Fixed GUI and report viewer crashes related to working directory

Download: http://code.google.com

More: http://www.autosectools.com/PHP-Vulnerability-Scanner

M.O.R.E >> "PHP Vulnerability Hunter v.1.1.4.6"

NetSecL v.3.2 Released

NetSecL v.3.2 Released

NetSecL is a hardened,live and installable OS based on OpenSuse suitable for Desktop/Server and Penetration testing. Once installed you can fully enjoy the features of GrSecurity hardened kernel and penetration tools OR use the penetration tools directly from your live DVD.

NetSecL 3.2 comes with a brand new XFCE which increased dramatically the performance experience, we closed many bugs and also gained more compatibility to OpenSuse 11.4 – most packages are 11.4 compatible.GrSecurity kernel is updated to 2.6.32.8 

Download : www.netsecl.com

M.O.R.E >> "NetSecL v.3.2 Released"

Web Security Dojo v.1.2 Released

Web Security Dojo v.1.2 Released

Web Security Dojo is a free open-source self-contained training environment for Web Application Security penetration testing. Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v9.10. The Web Security Dojo is for learning and practicing web app security testing techniques. It is ideal for training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started - tools, targets, and documentation

Download : sourceforge.net - Dojo 1.2

M.O.R.E >> "Web Security Dojo v.1.2 Released"

Portable Firefox - Penetration Suite

This is portable Firefox browser that comes with a lot of tools and addons for penetration operation.
This is a Portable version of Mozilla Firefox with several add-ons that are useful for Web Application Security. The purpose of this package is to have the best available addons to manually test XSS, SQL, siXSS, CSRF, Trace XSS, RFI, LFI, and others.

Lets check it..


Download : fireFox-Web-Tools

M.O.R.E >> "Portable Firefox - Penetration Suite"

Nmap Online

As we now that nmap is the tool for network and port scanner..But it also have an Online Version

Which is..you can use it with out install the software..

They offer three types of scan; they are Quick Scan, Full Nmap Scan and Custom Scan. Let me explain you about each type in detail..

Visit :
http://nmap-online.com/

M.O.R.E >> "Nmap Online"

RIPS v.0.4.0 Released

RIPS v.0.4.0 Released

A static source code analyser for vulnerabilities in PHP scripts

There has been a couple of bugfixes and improving especially regarding file inclusions which are vital for correct analysis. Also RIPS now tries to analyse SQL queries on quotes before a decision on correct securing is made. However this feature is still not 100% working correctly in all cases.
Another important feature is that code snippets that belong to the same vulnerability are now grouped and titled with the vulnerability category. In earlier versions they were unconnected and one had to jump between several snippets. With this it is now possible to look at specific vulnerability categories and to hide unimportant ones. This can be done by clicking on the categories name in the statistics window that also has been improved with a pie chart (HTML5 for the win )

Download: http://sourceforge.net 

M.O.R.E >> "RIPS v.0.4.0 Released"

Safe3 Sql Injector v.8.1

Safe3 Sql Injector v.8.1 released

Safe3SI is one of the most powerful and easy usage penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Features:
Full support for http, https website.
Full support for Basic, Digest, NTLM http authentications.
Full support for GET, Post, Cookie sql injection.
Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
Full support for four SQL injection techniques: blind, error-based, UNION query and force guess.
Powerful AI engine to automatic recognite injection type, database type, sql injection best way.
Support to enumerate databases, tables, columns and data.
Support to read,list and write any file from the database server underlying file system when the database software is MySQL or Microsoft SQL Server.
Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is Oracle or Microsoft SQL Server.
Support to ip domain query,web path guess,md5 crack etc.
Support for sql injection scan.

Download: http://sourceforge.net

M.O.R.E >> "Safe3 Sql Injector v.8.1"

OWASP Mantra - Security Framework v.6.1

Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers, security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. Mantra is a security framework which can be very helpful in performing all the five phases of attacks including reconnaissance, scanning and enumeration, gaining access, escalation of privileges, maintaining access, and covering tracks. Apart from that it also contains a set of tools targeted for web developers and code debuggers which makes it handy for both offensive security and defensive security related tasks.

Download: http://www.getmantra.com 

More: https://www.owasp.org

M.O.R.E >> "OWASP Mantra - Security Framework v.6.1"