Top 15 Open Source/Free Security/Hacking Tools

1. Nmap

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap homepage.

2. Wireshark

Wireshark is a network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. Wireshark homepage.

3. Metasploit Community edition

Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners. This helps prioritize remediation and eliminate false positives, providing true security risk intelligence. Metasploit community edition homepage.

4. Nikto2

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Nikto2 homepage.

5. John the Ripper

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version. John the Ripper homepage.

6. ettercap

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. ettercap homepage.

7. NexPose Community edition

The Nexpose Community Edition is a free, single-user vulnerability management solution. Nexpose Community Edition is powered by the same scan engine as Nexpose Enterprise and offers many of the same features. Nexpose homepage.

8. Ncat

Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses. ncat homepage.

9. Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT. kismet homepage.

10. w3af

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. w3af homepage.

11. hping

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. hping homepage.

12. burpsuite

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. BurpSuite homepage.

13. THC-Hydra

A very fast network logon cracker which support many different services.  hydra homepage.

14. sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. sqlmap homepage.

15. webscarab

WebScarab has a large amount of functionality, and as such can be quite intimidating to the new user. But, for the simplest case, intercepting and modifying requests and responses between a browser and HTTP/S server, there is not a lot that needs to be learned. WebScarab homepage.

 

51.526392 -0.091389

Websploit V1.4 – Open Source Tools Released

WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability

Description :

[+]Autopwn – Used From Metasploit For Scan and Exploit Target Service

[+]wmap – Scan,Crawler Target Used From Metasploit wmap plugin

[+]format infector – inject reverse & bind payload into file format

[+]phpmyadmin – Search Target phpmyadmin login page

[+]lfi – Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF

[+]apache users – search server username directory (if use from apache webserver)

[+]Dir Bruter – brute target directory with wordlist

[+]admin finder – search admin & login page of target

[+]MLITM Attack – Man Left In The Middle, XSS Phishing Attacks

[+]MITM – Man In The Middle Attack

[+]Java Applet Attack – Java Signed Applet Attack

[+]MFOD Attack Vector – Middle Finger Of Doom Attack Vector

[+]USB Infection Attack – Create Executable Backdoor For Infect USB For Windows

About Author :

Founder : Bl4ck.Viper (Fardin Allahverdinajhand)
Location : Iran – Azarbaycan

Download WebSploit Toolkit V.1.6

51.526392 -0.091389

Kid-Friendly Linux Distributions

 

Believe it or not, there are several distributions of Linux intended for use by children as young as 3 years old. Child-oriented Linux distros tend to have a simplified interface with large, “chunky”, colorful icons and a specialized set of programs designed with kids in mind. Some of the better-known distributions aimed at children include:

• Sugar, the operating system designed for the One Laptop Per Child project. Sugar is a radical departure from traditional desktops, with a strong emphasis on teaching programming skills, but is very strongly geared towards classroom use. Although I’m pretty comfortable using Linux, I’m afraid Sugar might be too different for me to help my nephew and niece make use of it.
• Edubuntu is based on the popular Ubuntu distribution. Designed to be easy to install and very Windows-like in its operation, Edubuntu would be my first choice if I were using newer hardware. With its rich graphical interface, though, I worry that these years-old PCs, neither of which have graphic cards, will lag running Edubuntu. And given kids’ attention spans, I’m afraid that would be a major barrier to getting them to use it.
• LinuxKidX uses a KDE-based desktop highly customized for children, and is based on the Slackware distro. The only drawback for me is that most of the support material is in Portuguese (although the distro I linked to is in English), making it hard for me to be confident about my ability to help if there are any problems.
• Foresight for Kids is based on Foresight Linux, a distro distinguished by the use of the Conary package manager. Conary is intended to make updates and dependencies much easier to manage than other package managers – in English, it should be easier to install and update software.  On the other hand, finding software packaged for the Conary installer might be a challenge, though I expect the most popular programs are being adapted by the Foresight team.
• Qimo is another system based on Ubuntu, but designed to be used by a single home user instead of in classroom instruction. The system requirements are fairly low, since it’s designed to be run on donated equipment which Qimo’s parent organization, QuinnCo, distributes to needy kids.

Given the low specs of the equipment I”m working with, Qimo seems idea for me, but since most of these will run from either a Live CD or a USB memory key, there’s no reason not to download them all and give each a try to see what you – and, more importantly, your kids – like best.

Linux Software for Kids

In addition to the kid-friendly interface, all of the distributions above come with an assortment of software that’s either designed especially for kids or has special appeal for kids. This includes specifically educational software intended to teach math, typing, art, or even computer programming; typical productivity applications like word processors and graphics programs; and, of course, games. Of course, Linux doesn’t have nearly the range of games that are available for Windows PCs, but my thinking is, the games are good enough for younger kids, and older kids will gravitate towards consoles (my brother and sister-in-law have a Wii).

Some of the software available for kids includes:

• GCompris, a set of over 100 educational games intended to teach everything from basic computer use to reading, art history, telling time, and vector drawing.
• Childsplay is another collection of games, with an emphasis on memory skills.
• TuxPaint, an amazing drawing program filled with fun sound effects and neat effects.
• EToys is a scripting environment, more or less. The idea is that kids solve problems by breaking them down into pieces, scripting them, and running their scripts – the same way programmers do. But the goal doesn’t seem to be to teach programming but rather to provide an immersive learning environment in which kids learn foundational thinking skills.
• SuperTux and Secret Maryo are Super Mario clones, because kids love Super Mario. You already know that.
• TomBoy, a wiki-like note-taking program.
• TuxTyping, a typing game intended to help develop basic typing skills.
• Kalzium is a guide to the periodic table and a database of information about chemistry and the elements. Great for older students.
• Atomix, a cool little game where kids build molecules out of atoms.
• Tux of Math Command is an arcade game that helps develop math skills.

Not all distros come with all of these games, but they are easy enough to install from the online repositories if your chosen distro doesn’t come with one or more of them. Of course, most distros also come with standard Linux programs like OpenOffice.org (an Office-like suite of productivity apps), AbiWord (a Word-like word processor), GIMP (a powerful image editor), Pidgin (a multi-account IM client), and Firefox.

Linux is a complex operating system, but it’s also a highly customizable one – for kids, that means a system that can grow as they do and a powerful learning environment. Of course, children’s computer use should not be totally unsupervised – any kid can stumble across Web content that might be pretty uncomfortable for mom and dad to have to explain – but kids should have a chance to explore the possibilities of today’s technology and get their hands dirty, like kids do. And worst-case scenario – your 6-year old borks the operating system and you re-install. Wouldn’t you rather it was on the Edubuntu system, rather than on your mission-critical work PC? (Make sure you back up the /home directory regularly so you don’t lose all your kids’ drawings, poems, stories, or whatever.)

 

51.526392 -0.091389

Notepad++ Banned? Which Countries, and Why There’s a Controversy

Here is a superb article written by Dylan Brier of Opensourceware.org

This cross platform source code and text editor has been downloaded over twenty million times. It has incredible features for those who need to utilize code editing tools for their daily grind, or even just for their own small business, personal website, or applications.However, it has been at the center of plenty of controversy, and has even been banned in several countries.

What is NotePad++?

NotePad++ is a text editor with many in-depth capabilities, including:

• Drag & Drop Capabilities
• Split Screen Editing
• File Comparison
• Synchronized Scrolling
• Find & Replace on Multiple Documents
• Zooming
• Tabbed Doc Interface
• Compatibility with Many Syntaxes

The following are capabilities it can be enhanced to have with additional plugins:

• Multi Clipboard
• Spell checking

Notepad++ also has a few phenomenal features for editing source code, such as:

• Bookmarking
• FTP Browsing
• File Status Auto Detection
• Speech Synthesis
• Brace & Indent Highlighting
• Auto Completion
• Macro Recording & Execution

Additionally, the developers of Notepad++ have very strong feelings about certain things, like human rights issues, and are not afraid to show it.Which is where the controversy begins.

To read more go to Opensourceware.org

51.526392 -0.091389