Archive for the ‘Geek Stuff’ Category

What is patator?
It is a universal tool brute force, having on board a decent number of modules and the ability to fairly flexible settings. Patator is, as usual, a python script, management is made from cli.

Currently it supports the following modules:

* ftp_login : Brute-force FTP
* ssh_login : Brute-force SSH
* telnet_login : Brute-force Telnet
* smtp_login : Brute-force SMTP
* smtp_vrfy : Enumerate valid users using the SMTP VRFY command
* smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command
* finger_lookup : Enumerate valid users using Finger
* http_fuzz : Brute-force HTTP/HTTPS
* ajp_fuzz : Brute-force AJP
* pop_login : Brute-force POP
* pop_passd : Brute-force poppassd (not POP3)
* imap_login : Brute-force IMAP
* ldap_login : Brute-force LDAP
* smb_login : Brute-force SMB
* smb_lookupsid : Brute-force SMB SID-lookup
* rlogin_login : Brute-force rlogin
* vmauthd_login : Brute-force VMware Authentication Daemon
* mssql_login : Brute-force MSSQL
* oracle_login : Brute-force Oracle
* mysql_login : Brute-force MySQL
* mysql_query : Brute-force MySQL queries
* rdp_login : Brute-force RDP (NLA)
* pgsql_login : Brute-force PostgreSQL
* vnc_login : Brute-force VNC
* dns_forward : Brute-force DNS
* dns_reverse : Brute-force DNS (reverse lookup subnets)
* ike_enum : Enumerate IKE transforms
* snmp_login : Brute-force SNMPv1/2 and SNMPv3
* unzip_pass : Brute-force the password of encrypted ZIP files
* keystore_pass : Brute-force the password of Java keystore files
* umbraco_crack : Crack Umbraco HMAC-SHA1 password hashes


root@ddos:~/Desktop# git clone

root@ddos:~/Desktop# cd patator/

root@ddos:~/Desktop/patator# python

tv crime2

Recently I was asked how to deny navigation and download capabilities of a compromised machines on the local network.  Well this script by codepr performs an ARP poison attack and sending reset TCP packets to every request made to the router.


$ git clone
$ cd creak
$ python install

or simply clone the repository and run the after all requirements are installed:

$ git clone

It is required to have installed pcap libraries for raw packet manipulations and dpkt module, for dns spoofing options is required to have installed dnet module from libdnet package, do not confuse it with pydnet (network evaluation tool) module. It can use also scapy if desired, can just be set in the file.


Usage: [options] dev

  -h, --help           show this help message and exit
  -1, --sessions-scan  Sessions scan mode
  -2, --dns-spoof      Dns spoofing
  -x, --spoof          Spoof mode, generate a fake MAC address to be used
                       during attack
  -m MACADDR           Mac address octet prefix (could be an entire MAC
                       address in the form AA:BB:CC:DD:EE:FF)
  -M MANUFACTURER      Manufacturer of the wireless device, for retrieving a
                       manufactur based prefix for MAC spoof
  -s SOURCE            Source ip address (e.g. a class C address like
              usually the router address
  -t TARGET            Target ip address (e.g. a class C address like
  -p PORT              Target port to shutdown
  -a HOST              Target host that will be redirect while navigating on
                       target machine
  -r REDIR             Target redirection that will be fetched instead of host
                       on the target machine
  -v, --verbose        Verbose output mode
  -d, --dotted         Dotted output mode


Most basic usage: Deny all traffic to the target host

$ python -t wlan0

Set a different gateway:

$ python -s -t wlan0

Set a different mac address for the device:

$ python -m 00:11:22:33:44:55 -t wlan0

Spoof mac address generating a fake one:

$ python -x -t wlan0

Spoof mac address generating one based on manufacturer(e.g Xeros):

$ python -x -M xeros -t wlan0

DNS spoofing using a fake MAC address, redirecting ab.xy to cd.xz(e.g. localhost):

$ python -x -M xeros -t -a www.ab.xy -r wlan0



Nmap is a powerful network scanner used to identify systems and services. nmap was originally developed with network security in mind, it is a tool that was designed to find vulnerabilities within a network. nmap is more than just a simple port scanner though, you can use nmap to find specific versions of services, certain OS types, or even find that pesky printer someone put on your network without telling you.

nmap can be used for good and for evil, today we will cover some common situations where nmap makes life easier for sysadmins which is generally good. Even if some Sysadmins are evil…

Discover IP’s in a subnet (no root)

 $ nmap -sP
 Starting Nmap 7.30 ( ) at 2016-10-12 21:12 GMT
 Nmap scan report for
 Host is up (0.0013s latency).
 Nmap scan report for
 Host is up (0.0032s latency).
 Nmap scan report for
 Host is up (0.0011s latency).

This is one of the simplest uses of nmap. This command is commonly refereed to as a “ping scan”, and tells nmap to send an icmp echo request, TCP SYN to port 443, TCP ACK to port 80 and icmp timestamp request to all hosts in the specified subnet. nmap will simply return a list of ip’s that responded. Unlike many nmap commands this particular one does not require root privileges, however when executed by root nmap will also by default send arp requests to the subnet.

Scan for open ports (no root)

 $ nmap
 Starting Nmap 7.30 ( ) at 2016-10-12 21:20 GMT
Nmap scan report for Host is up (0.0043s latency). Not shown: 998 closed ports PORT STATE SERVICE 80/tcp open http 443/tcp open https 

This scan is the default scan for nmap and can take some time to generate. With this scan nmap will attempt a TCP SYN connection to 1000 of the most common ports as well as an icmp echo request to determine if a host is up. nmap will also perform a DNS reverse lookup on the identified ip’s as this can sometimes be useful information.

Identify the Operating System of a host (requires root)

 # nmap -O
 Starting Nmap 7.30 ( ) at 2016-10-12 21:35 GMT
 Nmap scan report for
 Host is up (0.00032s latency).
 Not shown: 996 closed ports
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp
 MAC Address: 00:00:00:00:00:00 (Unknown)
 Device type: general purpose
 Running: Apple Mac OS X 10.5.X
 OS details: Apple Mac OS X 10.5 - 10.6 (Leopard - Snow Leopard) (Darwin 9.0.0b5 - 10.0.0)
 Network Distance: 1 hop

With the -O option nmap will try to guess the targets operating system. This is accomplished by utilizing information that nmap is already getting through the TCP SYN port scan. This is usually a best guess but can actually be fairly accurate. The operating system scan however does require root privileges.

Identify Hostnames (no root)

 $ nmap -sL
 Starting Nmap 7.30 ( ) at 2016-10-12 21:35 GMT
 Nmap scan report for
 Nmap scan report for router.local (
 Nmap scan report for fake.local (
 Nmap scan report for another.fake.local (

This is one of the most subtle commands of nmap, the -sL flag tells nmap to do a simple DNS query for the specified ip. This allows you to find hostnames for all of the ip’s in a subnet without having send a packet to the individual hosts themselves.

Hostname information can tell you a lot more about a network than you would think, for instance if you labeled your Active Directory Servers with you shouldn’t be surprised if someone guesses its use.

TCP Syn and UDP Scan (requires root)

 # nmap -sS -sU -PN
 Starting Nmap 7.30 ( ) at 2016-10-12 21:12 GMT
 Nmap scan report for
 Host is up (0.00029s latency).
 Not shown: 1494 closed ports, 496 filtered ports
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp
 88/udp open|filtered kerberos-sec
 123/udp open ntp
 137/udp open netbios-ns
 138/udp open|filtered netbios-dgm
 631/udp open|filtered ipp
 5353/udp open zeroconf

The TCP SYN and UDP scan will take a while to generate but is fairly unobtrusive and stealthy. This command will check about 2000 common tcp and udp ports to see if they are responding. When you use the -Pn flag this tells nmap to skip the ping scan and assume the host is up. This can be useful when there is a firewall that might be preventing icmp replies.

TCP SYN and UDP scan for all ports (requires root)

 # nmap -sS -sU -PN -p 1-65535
 Starting Nmap 7.30 ( ) at 2016-10-12 21:36 GMT
 Nmap scan report for
 Host is up (0.00021s latency).
 Not shown: 131051 closed ports
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp
 17500/tcp open unknown
 88/udp open|filtered kerberos-sec
 123/udp open ntp
 137/udp open netbios-ns
 138/udp open|filtered netbios-dgm
 631/udp open|filtered ipp
 5353/udp open zeroconf
 17500/udp open|filtered unknown
 51657/udp open|filtered unknown
 54658/udp open|filtered unknown
 57798/udp open|filtered unknown
 58488/udp open|filtered unknown
 60027/udp open|filtered unknown

This command is the same as above however by specifying the full port range from 1 to 65535 nmap will scan to see if the host is listening on all available ports. You can use the port range specification on any scan that performs a port scan.

TCP Connect Scan (no root)

 $ nmap -sT
 Starting Nmap 7.30 ( ) at 2016-10-12 21:40 GMT
 Nmap scan report for
 Host is up (0.0015s latency).
 Not shown: 964 closed ports, 32 filtered ports
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp

This command is similar to the TCP SYN scan however rather than sending a SYN packet and reviewing the headers it will ask the OS to establish a TCP connection to the 1000 common ports.

Aggressively Scan Hosts (no root)

 $ nmap -T4 -A
 Nmap scan report for
 Host is up (0.00060s latency).
 Not shown: 996 closed ports
 22/tcp open ssh OpenSSH 5.9p1 Debian 5ubuntu1 (protocol 2.0)
 | ssh-hostkey: 1024 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:6c (DSA)
 |_2048 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:6c (RSA)
 80/tcp open http nginx 1.1.19
 |_http-title: 403 Forbidden
 |_http-methods: No Allow or Public header in OPTIONS response (status code 405)
 111/tcp open rpcbind
 | rpcinfo:
 | program version port/proto service
 | 100000 2,3,4 111/tcp rpcbind
 | 100000 2,3,4 111/udp rpcbind
 | 100003 2,3,4 2049/tcp nfs
 | 100003 2,3,4 2049/udp nfs
 | 100005 1,2,3 46448/tcp mountd
 | 100005 1,2,3 52408/udp mountd
 | 100021 1,3,4 35394/udp nlockmgr
 | 100021 1,3,4 57150/tcp nlockmgr
 | 100024 1 49363/tcp status
 | 100024 1 51515/udp status
 | 100227 2,3 2049/tcp nfs_acl
 |_ 100227 2,3 2049/udp nfs_acl
 2049/tcp open nfs (nfs V2-4) 2-4 (rpc #100003)
 Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

Unlike some of the earlier commands this command is very aggressive and very obtrusive. The -A simply tells nmap to perform OS checking and version checking. The -T4 is for the speed template, these templates are what tells nmap how quickly to perform the scan. The speed template ranges from 0 for slow and stealthy to 5 for fast and obvious.

Fast Scan (no root)

 $ nmap -T4 -F
 Starting Nmap 7.30 ( ) at 2016-10-12 21:48 GMT
 Nmap scan report for
 Host is up (0.00047s latency).
 Not shown: 96 closed ports
 88/tcp open kerberos-sec
 139/tcp open netbios-ssn
 445/tcp open microsoft-ds
 631/tcp open ipp

This scan limits the scan to the most common 100 ports, if you simply want to know some potential hosts with ports open that shouldn’t be this is a quick and dirty command to use.


 $ nmap -T4 -A -v
 Starting Nmap 7.30 ( ) at 2016-10-12 21:50 GMT
 NSE: Loaded 93 scripts for scanning.
 NSE: Script Pre-scanning.
 Initiating Ping Scan at 21:50
 Scanning [2 ports]
 Completed Ping Scan at 21:50, 0.00s elapsed (1 total hosts)
 Initiating Parallel DNS resolution of 1 host. at 21:50
 Completed Parallel DNS resolution of 1 host. at 21:50, 0.01s elapsed
 Initiating Connect Scan at 21:50
 Scanning [1000 ports]
 Discovered open port 139/tcp on
 Discovered open port 445/tcp on
 Discovered open port 88/tcp on
 Discovered open port 631/tcp on
 Completed Connect Scan at 21:50, 5.22s elapsed (1000 total ports)
 Initiating Service scan at 21:50
 Scanning 4 services on
 Completed Service scan at 21:51, 11.00s elapsed (4 services on 1 host)
 NSE: Script scanning
 Initiating NSE at 21:51
 Completed NSE at 21:51, 12.11s elapsed
 Nmap scan report for
 Host is up (0.00026s latency).
 Not shown: 996 closed ports
 88/tcp open kerberos-sec Mac OS X kerberos-sec
 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
 631/tcp open ipp CUPS 1.4
 | http-methods: GET HEAD OPTIONS POST PUT
 | Potentially risky methods: PUT
 | http-robots.txt: 1 disallowed entry
 Service Info: OS: Mac OS X; CPE: cpe:/o:apple:mac_os_x

By adding verbose to a majority of the commands above you get a better insight into what nmap is doing; for some scans verbosity will provide additional details that the report does not provide.
While these are 10 very useful nmap commands I am sure there are some more handy nmap examples out there. If you have one to add to this list feel free to drop it into a comment.

Performing a nMap Scan

Researchers have disclosed a critical zero-day vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library, which could allow an attacker to remotely execute arbitrary code on the affected systems.

Discovered by security researchers at Cisco Talos group, the zero-day flaw, assigned as TALOS-2016-0193/CVE-2016-8332, could allow an out-of-bound heap write to occur that triggers the heap corruption and leads to arbitrary code execution.

OpenJPEG is an open-source JPEG 2000 codec. Written in C language, the software was developed for coding and encoding JPEG2000 images, a format that is often used for tasks like embedding image files within PDF documents through popular software including PdFium, Poppler, and MuPDF.Hackers can exploit the security vulnerability by tricking the victim into opening a specially crafted, malicious JPEG2000 image or a PDF document containing that malicious file in an email.
The hacker could even upload the malicious JPEG2000 image file to a file hosting service, like Dropbox or Google Drive, and then send that link to the victim.
Once downloaded to the system, it would create a way for hackers to remotely execute malicious code on the affected system.The flaw was caused “due to an error while parsing mcc records in the jpeg2000 file,…resulting in an erroneous read and write of adjacent heap area memory,” Cisco explained in its advisory.

Careful manipulation of heap layout and can lead to further heap metadata process memory corruption ultimately leading to code execution under attacker control.“The researchers successfully tested the JPEG 2000 image exploit on the OpenJPEG openjp2 version 2.1.1. The flaw was discovered by Aleksandar Nikolic from the Cisco Talos Security team.

The team reported the zero-day flaw to OpenJPEG developers in late July, and the company patched the flaw last week with the release of version 2.1.2.

The vulnerability has been assigned a CVSS score of 7.5, categorizing it as a high-severity bug.


Here is some help for you guys and gals that are looking for some forensic tools, they can also be good fun to mess around with.

1. Disk tools and data capture

Arsenal Image Mounter :
Mounts disk images as complete disks in Windows, giving access to Volume Shadow Copies, etc.
DumpIt :
Generates physical memory dump of Windows machines, 32 bits 64 bit. Can run from a USB flash drive.
EnCase :
Create EnCase evidence files and EnCase logical evidence files
Encrypted Disk Detector :
Checks local physical drives on a system for TrueCrypt, PGP, or Bitlocker encrypted volumes
EWF MetaEditor :
Edit EWF (E01) meta data, remove passwords (Encase v6 and earlier)
FAT32 Format :
Enables large capacity disks to be formatted as FAT32
Forensics Acquisition of Websites :
Browser designed to forensically capture web pages
FTK Imager :
Imaging tool, disk viewer and image mounter
Guymager :
Multi-threaded GUI imager under running under Linux
Live RAM Capturer :
Extracts RAM dump including that protected by an anti-debugging or anti-dumping system. 32 and 64 bit builds
NetworkMiner :
Network analysis tool. Detects OS, hostname and open ports of network hosts through packet sniffing/PCAP parsing
Nmap :
Utility for network discovery and security auditing
Magnet RAM :
Captures physical memory of a suspect’s computer. Windows XP to Windows 10, and 2003, 2008, 2012. 32 & 64 bit
OSFClone :
Boot utility for CD/DVD or USB flash drives to create dd or AFF images/clones.
OSFMount :
Mounts a wide range of disk images. Also allows creation of RAM disks
Wireshark :
Network protocol capture and analysis
Disk2vhd :
Creates Virtual Hard Disks versions of physical disks for use in Microsoft Virtual PC or Microsoft Hyper-V VMs

2. Email analysis

EDB Viewer :
Open and view (not export) Outlook EDB files without an Exchange server
Mail Viewer :
Viewer for Outlook Express, Windows Mail/Windows Live Mail, Mozilla Thunderbird message databases and single EML files
MBOX Viewer :
View MBOX emails and attachments
OST Viewer  :
Open and view (not export) Outlook OST files without connecting to an Exchange server
PST Viewer  :
Open and view (not export) Outlook PST files without needing Outlook
3. General tools

Agent Ransack :
Search multiple files using Boolean operators and Perl Regex
Computer Forensic Reference Data Sets :
Collated forensic images for training, practice and validation
EvidenceMover :
Copies data between locations, with file comparison, verification, logging
FastCopy :
Self labelled ‘fastest’ copy/delete Windows software. Can verify with SHA-1, etc.
File Signatures :
Table of file signatures
HexBrowser :
Identifies over 1000 file types by examining their signatures
HashMyFiles :
Calculate MD5 and SHA1 hashes
MobaLiveCD :
Run Linux live CDs from their ISO image without having to boot to them
Mouse Jiggler :
Automatically moves mouse pointer stopping screen saver, hibernation etc.
Notepad ++ :
Advanced Notepad replacement
Hash sets of ‘known’ (ignorable) files
Quick Hash :
A Linux & Windows GUI for individual and recursive SHA1 hashing of files
USB Write Blocker :
Enables software write-blocking of USB ports
Volix :
Application that simplifies the use of the Volatility Framework
Windows Forensic Environment :
Guide by Brett Shavers to creating and working with a Windows boot CD
4. File and data analysis

Advanced Prefetch Analyser :
Reads Windows XP,Vista and Windows 7 prefetch files
analyzeMFT :
Parses the MFT from an NTFS file system allowing results to be analysed with other tools
bstrings :
Find strings in binary data, including regular expression searching.
CapAnalysis :
PCAP viewer
Crowd Reponse :
Windows console application to aid gathering of system information for incident response and security engagements.
Crowd Inspect :
Details network processes, listing binaries associated with each process. Queries VirusTotal, other malware repositories & reputation services to produce “at-a-glance” state of the system
DCode :
Converts various data types to date/time values
Defraser :
Detects full and partial multimedia files in unallocated space
eCryptfs Parser :
Recursively parses headers of every eCryptfs file in selected directory. Outputs encryption algorithm used, original file size, signature used, etc.
Encryption Analyzer :
Scans a computer for password-protected & encrypted files, reports encryption complexity and decryption options for each file
ExifTool :
Read, write and edit Exif data in a large number of file types
File Identifier :
Drag and drop web-browser JavaScript tool for identification of over 2000 file types
Forensic Image Viewer :
View various picture formats, image enhancer, extraction of embedded Exif, GPS data
Ghiro :
In-depth analysis of image (picture) files
Highlighter :
Examine log files using text, graphic or histogram views
Link Parser :
Recursively parses folders extracting 30+ attributes from Windows .lnk (shortcut) files
LiveContactsView :
View and export Windows Live Messenger contact details
PECmd :
Prefetch Explorer
PlatformAuditProbe :
Command Line Windows forensic/ incident response tool that collects many artefacts. Manual
RSA Netwitness Investigator :
Network packet capture and analysis!freeware
Memoryze :
Acquire and/or analyse RAM images, including the page file on live systems
MetaExtractor :
Recursively parses folders to extract meta data from MS Office, OpenOffice and PDF files
MFTview :
Displays and decodes contents of an extracted MFT file
PictureBox :
Lists EXIF, and where available, GPS data for all photographs present in a directory. Export data to .xls or Google Earth KML format
PsTools :
Suite of command-line Windows utilities
Shadow Explorer :
Browse and extract files from shadow copies
SQLite Manager :
Firefox add-on enabling viewing of any SQLite
Strings :
Command-line tool for text searches
Structured Storage Viewer :
View and manage MS OLE Structured Storage based files
Switch-a-Roo :
Text replacement/converter/decoder for when dealing with URL encoding, etc
Windows File Analyzer :
Analyse thumbs.db, Prefetch, INFO2 and .lnk files
Xplico :
Network forensics analysis tool
5. Mac OS tools

Audit :
Audit Preference Pane and Log Reader for OS X
ChainBreaker :
Parses keychain structure, extracting user’s confidential information such as application account/password, encrypted volume password (e.g. filevault), etc
Disk Arbitrator :
Blocks the mounting of file systems, complimenting a write blocker in disabling disk arbitration
Epoch Converter :
Converts epoch times to local time and UTC
FTK Imager CLI for Mac OS :
Command line Mac OS version of AccessData’s FTK Imager
IORegInfo :
Lists items connected to the computer (e.g., SATA, USB and FireWire Drives, software RAID sets). Can locate partition information, including sizes, types, and the bus to which the device is connected
PMAP Info :
Displays the physical partitioning of the specified device. Can be used to map out all the drive information, accounting for all used sectors
Volafox :
Memory forensic toolkit for Mac OS X
6. Mobile devices

iPBA2 :
Explore iOS backups
iPhone Analyzer :
Explore the internal file structure of Pad, iPod and iPhones
ivMeta :
Extracts phone model and software version and created date and GPS data from iPhone videos.
Last SIM Details :
Parses physical flash dumps and Nokia PM records to find details of previously inserted SIM cards.
Rubus :
Deconstructs Blackberry .ipd backup files
Obtain SMS Messages, call logs and contacts from Android devices
7. Data analysis suites

Autopsy :
Graphical interface to the command line digital investigation analysis tools in The Sleuth Kit (see below)
Backtrack :
Penetration testing and security audit with forensic boot capability
Caine :
Linux based live CD, featuring a number of analysis tools
Deft :
Linux based live CD, featuring a number of analysis tools
Digital Forensics Framework :
Analyses volumes, file systems, user and applications data, extracting metadata, deleted and hidden items
Forensic Scanner :
Automates ‘repetitive tasks of data collection’. Fuller description here
Paladin :
Ubuntu based live boot CD for imaging and analysis
VMware Appliance pre-configured with multiple tools allowing digital forensic examinations
The Sleuth Kit :
Collection of UNIX-based command line file and volume system forensic analysis tools
Volatility Framework :
Collection of tools for the extraction of artefacts from RAM

8. Internet analysis
MozillaHistoryView :
Reads the history.dat of Firefox/Mozilla/Netscape Web browsers, and displays the list of all visited Web page
MyLastSearch :
Extracts search queries made with popular search engines (Google, Yahoo and MSN) and social networking sites (Twitter, Facebook, MySpace)
PasswordFox :
Extracts the user names and passwords stored by Mozilla Firefox Web browser
OperaCacheView :
Reads the cache folder of Opera Web browser, and displays the list of all files currently stored in the cache
OperaPassView :
Decrypts the content of the Opera Web browser password file, wand.dat
Web Historian :
Reviews list of URLs stored in the history files of the most commonly used browsers
Web Page Saver :
Takes list of URLs saving scrolling captures of each page. Produces HTML report file containing the saved pages

9. Registry analysis

AppCompatCache Parser :
Dumps list of shimcache entries showing which executables were run and their modification dates. Further details.
ForensicUserInfo :
Extracts user information from the SAM, SOFTWARE and SYSTEM hives files and decrypts the LM/NT hashes from the SAM file
Process Monitor :
Examine Windows processes and registry threads in real time
RECmd :
Command line access to offline Registry hives. Supports simple & regular expression searches as well as searching by last write timestamp. Further details.
Registry Decoder :
For the acquisition, analysis, and reporting of registry contents
Registry Explorer :
Offline Registry viewer. Provides deleted artefact recovery, value slack support, and robust searching. Further details.
RegRipper :
Registry data extraction and correlation tool
Regshot :
Takes snapshots of the registry allowing comparisons e.g., show registry changes after installing software
ShellBags Explorer  :
Presents visual representation of what a user’s directory structure looked like. Additionally exposes various timestamps (e.g., first explored, last explored for a given folder. Further details.
USB Device Forensics :
Details previously attached USB devices on exported registry hives
USB Historian :
Displays 20+ attributes relating to USB device use on Windows systems
USBDeview :
Details previously attached USB devices
User Assist Analysis :
Extracts SID, User Names, Indexes, Application Names, Run Counts, Session, and Last Run Time Attributes from UserAssist keys
UserAssist :
Displays list of programs run, with run count and last run date and time
Windows Registry Recovery :
Extracts configuration settings and other information from the Registry
10. Application analysis

Dropbox Decryptor :
Decrypts the Dropbox filecache.dbx file which stores information about files that have been synced to the cloud using Dropbox
Google Maps Tile Investigator :
Takes x,y,z coordinates found in a tile filename and downloads surrounding tiles providing more context
KaZAlyser :
Extracts various data from the KaZaA application
LiveContactsView :
View and export Windows Live Messenger contact details
SkypeLogView :
View Skype calls and chats

KickassTorrent went down, The Pirate Bay and Extra Torrent were the Kings of the Piracy World, However, the recent developments have resulted in the seizure of KickassTorrents’ primary domains and the arrest of its 30-year-old founder.

Before Kickass Torrent went Down, it was the world’s biggest torrent site with more than 50 Million unique visitors and 69 worldwide Alexa rank. When the Kickass Torrent went down this news was breaking the internet, After the seized of Kickass Torrent domains, we have seen the advent of multiple KickassTorrents mirrors and a new community formed by its original staffers, the original pirate website is nowhere to be seen.

Now the torrent users have now started looking for the best KickassTorrents alternatives. Talking about such website, The Pirate Bay looks like the biggest alternative.

It’s interesting to note that The Pirate Bay faced a similar experience back in 2014 when it went offline for a month. Then, TPB users flocked to KAT.

Expressing the support, a TBP staffer told TF:

“When both TPB and its forum went down, we had overwhelming support from KAT users on their forum, and our staff were able to keep the communities updated on important news and announcements.”
The Pirate Bay hopes that Kickass Torrent will be back and its loyal users and the loyal community will be there to support Kickass Torrent and will help to make it work again.

Now here it’s come the second largest Kickass Torrent alternative, Extra Torrent is one of the biggest torrent website in the world.

Just like Kickass Torrent, Extra Torrent has very good community and a really big range of torrents. ET is becoming the second big choice for users, After went down ET’s signup getting boost up with 200% and traffic increased by 300%.

“So far we got 200% signup, and 300% traffic increase at ExtraTorrent,” said SaM, the operator of ET. It is sad to see an iconic site go this way, and it shows how the torrent community is targeted by all means. But, I guess torrenting will prevail and this doesn’t mean the death or end of this era.”



WordPress is the most popular Content Management System (CMS) used to power digital assets of websites and blogs on the Internet.

In fact, about 75 million sites (representing about 26% of all sites) depend on WordPress to make their online presence known.

Because of its increasing popularity, WordPress powered platforms are normally targeted by malicious hacking attacks and other types of security vulnerabilities.

In early 2016, Wordfence, a site providing security plugin for WordPress users, reported over 6 million password attacks  targeting over 72,000 individual sites within a 16-hour period.

And, what’s the most vulnerable point in the security of any WordPress site?

Yes, you are right, it’s the P A S S W O R D.

If an unauthorized person is able to guess, crack, or retrieve your password, then you could be in for a long, very long day.

Currently, with the modern advancement in technology, password-cracking techniques have equally become better. Some passwords could be very easy for a computer to break and strenuous for a person to keep in memory or type.

One of the most advanced password cracking tools can attempt up to 350 billion password guesses every second.

So, creating unbreakable passwords is key to maintaining the security of your blog.

Here are some useful tips.

  1. Keep away from the world’s worst passwords

In the current digital age, having a password to access your online accounts is simply indispensable.

SplashData, which focuses on making password management software, compiled a list of commonly used passwords among Internet users. The company analyzed the data from more than 2 million passwords retrieved in 2015.

If this list contains the password or its related combinations you use for accessing your WordPress site, then move swiftly to a more secure one.

Here is a list of the 25 commonly used passwords:

Keep away from the world’s worst passwords

  1. Use a unique and creative password for your WordPress site

Do not make the fatal mistake of using the same password for your email account, social media accounts, and other places for accessing your WordPress website or blog.

Regurgitating your passwords is a risky affair you should avoid as plague. In case a malicious hacker discovers the password you use for one account, he or she could simply make your online life unbearable.

Desist from using names of places and dictionary words in your passwords. Currently, the methods of cracking passwords have advanced such that hackers are able to “brute force“; that is, try out different dictionary words and other common phrases to break the passwords.

Furthermore, to be unique, you can avoid using a password that’s related to your WordPress site and use a creative mixture of upper case and lower case letters, numbers, and symbols. This way, you will be making the work of someone trying to guess your password hard.

For instance, you can choose a random word or phrase and insert letters and numbers throughout it to increase complexity (such as “uTo7pyr$ll0%w4Ge”).

To make such complex passwords easier to remember but difficult for others to guess, you can take a sentence and convert it into a password by abbreviating words and creatively adding other memorable components.

For example, “I and my wife went for a holiday to Singapore for $3,500” could be “Iamww4@h2S4$35”. And, “Woohoo! I Blog Seven times a Week for money and fun” could translate to something like “WOO!IbG7#aWk4$+f”.

Here is how you can substitute some of the alphabets:

A= @

I= 1


o= 0 (zero)


Z= 2

Better still, you can use convenience software like LastPass and 1Password for remembering your strong, complex passwords.

As earlier mentioned here at Legit Blogger, avoid using commonly used words or sequential patterns that make the work of hackers easy.

The reason why “1qaz2wsx” made it to the list of the 25 worst passwords of 2015 (though it seems to be strong) is because it’s based on a sequential pattern of the initial two column keys on a standard computer keyboard.

So, better be safe than sorry and inject uniqueness and some creativity into your passwords.

  1. Do not fall prey of “phishing” attacks

If you receive an email from your hosting company or another source prompting you to change the login details of your cPanel, update the login details of your site, or provide other sensitive information, be careful before responding to such a message.

Before clicking on any links, ensure that the source is legitimate or you may fall a victim of a “phishing” attack.

If you provide your password details to a malicious website, a hacker could get hold of the information and make you curse, instead of blessing, your blogging life.

  1. Consider using WordPress security plugins

It prevents WordPress users with administrative access privileges from entering weak passwords. With this innovative plugin, a user can only publish posts, upload files, or edit posts only with a strong verified password.

These plugins will incorporate an additional layer of security to your WordPress blog by using a combination of two separate security credentials, for example, sending you a unique code to your mobile phone each time you want to log into your site, in addition to requiring you to enter your usual log in details.

As the name suggests, this innovative plugin will restrict the number of times a user can enter a password to gain access to a site. Therefore, someone trying to use a brute force attack to compromise your site has fewer chances.

With this powerful plugin, your WordPress site will be protected from malicious attacks by giving you frequent security updates, enforcing strong passwords, and accomplishing several other things.

  1. Length of password is key

The longer the password, the more secure it becomes in protecting your digital assets from malicious intrusions. It’s recommended to have passwords of at least 8 characters long. A good way to have longer passwords is to use passphrases.

Passphrases are just like passwords apart from being constructed from an unsystematic mixture of words, instead of just a single word. For example, press demonstrate blog million.

To create a passphrase, simply select a list of random numbers or use the free password creator tool. Thereafter, you can add some extra layer of robustness by a mixture of symbols, upper case letters, and lower case letters. Remember to avoid placing words in an easily predictable pattern and including easily identifiable phrases.

Furthermore, to have longer and stronger passwords, you can consider using a password manager. With such an application, you can safely create strong, lengthy passwords, which are kept in a secure database.

You can use a single passphrase to access the password manager; thereafter, the application will automatically enter your details on the login page of your WordPress site.

Because of the innovative capabilities of the password managers, it will not be necessary to remember your lengthy passwords every time you want to login into your site.

Click here for a list of the best passwords managers you can consider using.

  1. Keep your backup password options secure and up-to-date

Since uses your email address as the primary means of identification, you need to ensure that you frequently update your recovery email address.

Failure to keep the details of your email address up-to-date and secure could make an attacker to easily reset your passwords and login to your WordPress site.

Most free email service providers, such as Gmail and Yahoo mail, have a multi-factor authentication process.

When you enable this feature on your email account, you will be required to enter a short code sent to your mobile device and answer a series of security questions before accessing your account from an unrecognized device.

This way, the possibility of your account going into the wrong hands is greatly reduced.

  1. Be proactive
  • After creating a password, check its strength using this free tool. If it’s weak, you may continue modifying it until you get something solid.
  • Change your WordPress login details as frequently as possible. Using “Admin” as username and the name of your site as the password without frequently making improvements could land you into the land controlled by hackers.
  • Do not dish your passwords to anyone, even your “close” friends. You may never know how much they are concerned about the security of your site.
  • If you have to send your passwords through email, use a secure method of transmission such as com and select the password expiry time. If you send naked passwords through emails, which are rarely encrypted, the bad guys could get old of them.
  • When on a public computer, avoid saving your passwords or using the “Remember Me” feature, Further, watch out for people trying to look at your screen over your shoulder and remember to log out or close down your computer after you have finished your work.


Having your site compromised by an attacker is a horror that few webmasters are prepared to endure. Ensuring that your site is up and running normally after a successful attack requires thick skin, patience, and money.

Nonetheless, security issues are vital for the optimal performance of any WordPress website or blog. Therefore, instituting ample security measures beforehand is normally better than tackling the aftermath.

Fortunately, the robust WordPress platform, which is trusted by a large number of site owners, is generally very safe. And, one of the vital ways of keeping a WordPress site free from attackers is by vigilantly using strong and secure passwords.