Acunetix 7 Enterprise - Portable

- On first startup will ask for web license,but don't worry. All you have to do is to click Next, then again Next, and Next and finish. Can not register for each machine, their licensing system improved a bit.

-In Acunetix folder will be auto-created folder necessary for program to work, if you erase folder you will have to "register" again, plus all other settings made during previous scanning will be erased.

-Page of the guy who made keygen is loading during first activation and this is one small thanks for his contribution

-Vulnerability database and patches are updateable, but updating build will probably corrupt license and fake serial, so... don't. Difference to newest version is extremely manor.

-File is clean on NOD 32 and Dr.Web, but I would like to people with Kaspersky, Norton and Avira check for viruses, too, and leave feedback here. His keygen was detected a lot, so better to check even it was activated in virtual machine.

Download

MioStar

MioStar is an offspring of the SkypeTrojan. Unlike the SkypeTrojan MioStar puts its focus on hooking functions that deal with sensitive data like account information or network traffic. The initial objective was not to produce a hacker tool ready to use or incorporate in malware. But at the point we reached now it is more than just a simple proof of concept. We have a nice, fancy GUI now and a handful of preconfigured applications where we can extract sensitive data. And in the future the list will grow.

Instead of extracting sensitive data you can also manipulate the function arguments and replace the passed values by your own. As an example the function GetAddrInfoEx normally resolves hostnames and gives back the according IP address. Instead of resolving www.google.com replace this parameter by www.megapanzer.com. All traffic for google gets then redirected to Megapanzer.

Source & Download

Medusa

Medusa Parallel Network Login Auditor

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application:

Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.

Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing.

Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.

Source & Download

Ravan

Ravan is a JavaScript based Distributed Computing system that can perform brute force attacks on salted hashes by distributing the task across several browsers. It makes use of HTML5 WebWorkers to start background JavaScript threads in the browsers of the workers, each worker computes a part of the hash cracking activity.

Salted and plain versions of the following hashing algorithms are currently supported:MD5 ,SHA1 ,SHA256,SHA512

Source

WINDOWS AUTOPWN (WINAUTOPWN)

Autohack your targets with least possible interaction.

Features :- Contains already custom-compiled executables of famous and effective exploits alongwith a few original exploits.

- No need to debug, script or compile the source codes.

- Scans all ports 1 - 65535 after taking the IP address and tries all possible exploits according to the list of discovered open ports (OpenPorts.TXT)

- PortScan is multi-threaded.

- Doesn't require any Database at the back-end like others

- Can be also be used to test effectiveness of IDS/IPS

- Launched exploits are independent and don't rely on service fingerprinting (to avoid evasion, if any)

The aim of creating winAUTOPWN is not to compete with already existing commercial frameworks like Core Impact (Pro), Immunity Canvas, Metasploit Framework (freeware), etc. which offer autohacks, but to create a free, quick, standalone application which is easy to use and doesn't require a lot of support of other dependencies.

Note: Some anti-viruses might falsely detect the exploits as malicious.

TnX & CrediT: AuthoR

Source & Download

Decrypting GSM phone calls

GSM telephony is the world’s most popular communication technology spanning most countries and connecting over four billion devices. The security standards for voice and text messaging date back to 1990 and have never been overhauled. Our GSM Security Project creates tools to test and document vulnerabilities in GSM networks around the world so to ignite the discussion over whether GSM calls can and should be secured. The project is summarized in this BlackHat 2010 presentation.

Tools. The following tools are used to analyze voice calls:

GnuRadio is included in recent Linux distributions

Recording data requires a programmable radio receiver such as the USRP

Airprobe is available through: git clone git://git.gnumonks.org/airprobe.git

Please follow this tutorial to decode GSM traffic with Airprobe

Kraken is available through: git clone git://git.srlabs.de/kraken.git

Background on Kraken’s rainbow tables are provided on the project web page

Kraken uses rainbow tables that are available through Bittorrent.

Please use these tools carefully and never intentionally record other people’s conversations. We do encourage you to use them to test the security of your cell phone service and discuss your results on the project mailing list.

Source

AES in C/C++

AES (Advanced Encryption Standard) is the latest standard for symmetric key encryption/decryption which was selected by National Institute of Standards and Technology (NIST), USA. It has been proven to be much secure than most other encryption algorithms used today. It uses key lengths of 128,192 or 256 bits. The original algorithm is called Rijndael (Rain-doll).

The implementations given here is in C / C++. It is given as an aid for beginners to get acquainted with the algorithm and can be used as a base for actual implementation. The main feature of this AES implementation is not efficiency; It is simplicity and readability.

The implementation is provided in two parts. One for encryption and other for decryption. Both are stand alone programs. Please note that classes or any other OOP construct is not used in this implementation. It is advised not to use classes or high end data structures in the implementations since that can affect the performance of the algorithm seriously.

AES Encryption source code in C/C++

AES Decryption source code in C/C++

Armitage

Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you.

Armitage organizes Metasploit’s capabilities around the hacking process. There are features for discovery, access, post-exploitation, and maneuver.

For discovery, Armitage exposes several of Metasploit’s host management features. You can import hosts and launch scans to populate a database of targets. Armitage also visualizes the database of targets–you’ll always know which hosts you’re working with and where you have sessions.

Armitage assists with remote exploitation–providing features to automatically recommend exploits and even run active checks so you know which exploits will work. If these options fail, you can use the Hail Mary approach and unleash db_autopwn against your target database.

Requirements

To use Armitage, you need the following:
Linux or Windows
Java 1.6+
Metasploit Framework 3.5+
A configured database. Make sure you know the username, password, and host.

Download [Win]
Download [LiN/niX]

Source