John The Ripper – One Stop Password Audit Tool

John The Ripper – A one stop password audit tool for various formats John is a state of the art offline password cracking tool. John was better known as John The Ripper(JTR) combines many forms of password crackers into one single tool. It automatically detects the type of password & tries to crack them with …

Dnsenum – Tool for DNS enumeration to find DNS Servers

Dnsenum is a tool for DNS enumeration, which is the process of locating all DNS servers and DNS entries for an organization. DNS enumeration will allow us to gather critical information about the organization such as usernames, computer names, IP addresses, and so on. DNSENUM OPTIONS –dnsserver     <server> Use this DNS server for A, NS and MX …

THC-SSL-DOS – DoS Tool Against Secure Web-Servers and for Testing SSL-Renegotiation

THC is The Hacker’s Choice. They are a group of hackers from Germany. Thc-SSL-dos is used for checking whether a website or server is enabled with SSL-renegotiation, thereby checking for renegotiation vulnerability (CVE-2009-3555). SSL renegotiation is the process of renegotiating a client at the time of authentication. This tools sends SSL requests(Client Hello) to a …

Fragroute – A Network Packet Fragmentation & Firewall Testing Tool

Fragroute intercepts modify and rewrite egress traffic destined for the specified host. Simply frag route fragments packets originating from our(attacker) system to the destination system. Its used by security personnel or hackers for evading firewalls, avoiding IDS/IPS detections & alerts etc. Also, pentesters use it to gather information from a highly secured remote host. Options …

Netdiscover – Live Host Identification

Netdiscover – simple ARP Scanner to scan for live hosts in a network Netdiscover is a simple ARP scanner that can be used to scan for live hosts in a network. It can scan for multiple subnets also. It simply produces the output in a live display(ncurse). This can be used in the first phases …

Burpsuite – Use Burp Intruder to Bruteforce Forms

Using Burp Intruder to Bruteforce passwords. Burpsuite is a collection of tools and plugins for any web application security testing bundled into a single executable jar file. It contains about 8 useful tools for performing spidering, fuzzing, decoding etc. But the prime feature is that, it is an intercepting proxy which works on application layer. …

Update Nmap in Kali Linux

Install & Update Nmap in Kali Linux Rolling, Sana & earlier versions This tutorial will show you how to update nmap in kali linux 2.0. Nmap 7.0 was released earlier this month. Refer to here to view What’s New in Nmap 7. Kali Rolling comes with nmap v7 by default. Still you can use the …

NMAP 7.0 Released

NMAP 7.0 What’s New ? Nmap has always been the king of scanners for a Security professional. After 18 years from it’s first release, the 7th version has been released. This is the current major & stable release containing about 330 significant improvements. Over all this period, the developers have managed to improve the speed …

SQLMAP – Introduction & Automation of SQLi

Basic Operation of SQLMAP & enumeration of Server¬†through automatic SQL Injection. SQLMAP is a database pentesting tool used to automate SQL Injection. Practically using sqlmap, we can dump a whole database from a vulnerable server. SQLMap is written in python and has got dynamic testing features. It can conduct tests for various database backends very …

World Wide Live Attack Map & Analytics

Ever wanted to see live DOS attacks across the globe? There is a website from a security firm that shows live attacks from all over the globe including the protocol information, IP addresses and country. All this information is put together in a wonderful hacker-like map. Live attacks & traffic are¬†shown once you start the …