WHAX toollist: This is a overview of a couple of tools coming with the whax-distribution
This is a list of all tools present in /pentest. It does NOT include the native linux tools like nmap, cheops, etc or the tools installed in /../usr/*. I tried to find a working URL for every tool. If there wasn't any URL available I just marked it with 'NUA' (No URL available). If you find a missing URL, please send me a mail.A tool is missing? You found an error? You have any suggestions or additions? Just send me a mail as well.
/pentest/bluetooth
bluesnarfer-v.0.1 - http://www.alighieri.org/
Bluesnarfer will download the phonebook of any mobile device vulnerable to bluesnarfing.
bluesniffer-v.0.1 - NUA
A bluetooth sniffer.
btscanner-1.0 - http://www.pentest.co.uk/
btscanner is a tool designed specifically to extract as much information as possible from a Bluetooth device without the requirement to pair.
redfang-v.2.5 - http://www.atstake.com/
RedFang is a small proof-of-concept application to find non discoverable Bluetooth devices.
/pentest/bruteforce
adsmb-0.3 - http://adm.freelsd.net/ADM/
ADMsmb is a security scanner for Samba based on the source of smbclient.
adsnmp-0.1 - http://adm.freelsd.net/ADM/
ADMsnmp is an snmpd audit scanner.
brutus-0.9.2 - http://0xdeadbeef.info/
Remote login/password bruteforce cracker for TELNET, FTP, POP3, and SMTP protocols.
crackcvspass-v0.1 - http://oelewapperke.studentenweb.org/
Recover lost cvs passwords
lotus-domino - http://www.cqure.net/
Lodowep is a tool for analyzing password strength of accounts on a Lotus Domino webserver system.
nat-1.0.4 - - NUA
The intention of this package is to perform various security checks on remote servers running NetBIOS file sharing services.
onesixtyone-0.3.2 - http://www.phreedom.org/solar/onesixtyone/
An efficient SNMP Scanner
snmpbrute-fixedup - NUA
snmpbrute tries to brute force the community name used by the remote SNMP device.
tftp-bruteforce-0.1 - http://www.arhont.com/
This is a fast TFTP config filename bruteforcer.
VNCcrack-0.9.1 - http://www.randombit.net/
VNCcrack is a fast offline password cracker for VNC passwords.
vncrack-1.17 - http://www.phenoelit.de/
VNCrack is what it looks like: crack VNC.
webmin - NUA
Webmin BruteForce + Command execution.
webroot - http://www.cirt.dk/
WebRoot is a Webserver auditing tools, that tries each and every combination (incremental)or a list of words from a file, against the Webserver.
/pentest/cisco
brute-enable-v.1.0.2 - http://www.avatarcorp.org/
Enabler attempts to find the enable password on a cisco system via brute force.
cisco-auditing-tool-v.1.0 - NUA
Perl script which scans cisco routers for common vulnerabilities.
cisco-global-exploiter - http://www.blackangels.it/
Multiple Cisco Products Vulnerabilities Exploit.
cisco-scanner-v.1.3/ciscos - NUA
Ciscos.c v1.3 scans class A, B, and C networks for cisco routers which have telnet open and have not changed the default password from cisco.
cisco-scanner-v.1.3/mass-scanner - http://www.hacklab.tk/
Compact mass scanner for Cisco routers with default telnet/enable passwords.
cisco-torch-0.4b - http://www.arhont.com/
Cisco Torch is a mass scaning, fingerprinting and exploitation tool.
copy-router-config-v.0.1 - http://www.whitehat.co.il/
Very crude and simple scripts to COPY and MERGE cisco config scriptsusing SNMP.
ios7decrypt-v.1.1 - NUA
Cisco IOS password decrypter.
ios-w3-vul - NUA
Cisco IOS HTTP Server Vulnerability Scanner.
jitney-0.10 - NUA
Jitney is a packet translator for Cisco IOS-based devices running in debug mode.
nemesis-1.4 - http://nemesis.sourceforge.net/
Nemesis is a command-line network packet crafting and injection utility.
/pentest/databases
absinthe-1.3 - http://www.0x90.org/
Absinthe was designed to automate the process of exploiting blind SQL injection holes on Microsoft SQL Server.
oracle-auditing-tools/oat-v.1.3.1 - http://www.cqure.net/
The Oracle Auditing Tools are to be run against Oracle servers on the Microsoft Windows platform.
oracle-auditing-tools/oracle-dump-sids-v0.0.1 - http://www.cqure.net/
Getsids tries to enumerate Oracle Sids by sending the services command to the Oracle TNS listener. Like doing 'lsnrctl service'.
oracle-auditing-tools/oracle-scanner-v.1.0.6 - http://www.cqure.net/
Oscanner is an Oracle assessment framework developed in Java. It has a plugin-based architecture and comes with a couple of plugins.
sql-auditing-tools/sqlat-1.1.0 - http://www.cqure.net/
SQLAT should be used to audit security in Microsoft SQL Servers.
sql-auditing-tools/sqlbf-v.1.0 - http://www.cqure.net/
This tool should be used to audit the strength of Microsoft SQL Server passwords offline.
sql-auditing-tools/sqlcmd-v.1.0 - http://www.excluded.ath.cx/
Connect to mssql server and spawn a shell via master..xp_cmdshell 'command'.
sql-auditing-tools/sqlping-v.1.0 - http://www.relaygroup.com/
Sqlping v1.1 (unix port) is a tool which sends a specially crafted UDP packet to port 1434 to SQL Server 2000 which will return gobs of useful info including SQL version and service pack.
squirrel-sql-1.2 - http://squirrel-sql.sourceforge.net/
SQuirreL SQL Client is a graphical Java program that will allow you to view the structure of a JDBC compliant database, browse the data in tables, issue SQL commands etc.
/pentest/dictionaries
all.gz, bigdict.zip, dpl.html, Wordlist.zip
A couple of files with dictionaries and default password lists.
/pentest/enumeration
dns-ptr - http://www.cotse.com/
Mass DNS Query.
dnsenum - http://www.whitehat.co.il/
DNS Enumeration
google/dns-predict-v.0.0.2 - NUA
Scrape names from google predict and check if dns names exist.
google/goog-mail.py - NUA
Find mail addresses using google.
google/google-search - http://www.excluded.org/
Automate attacks with google.
google/googrape-v.0.1 - NUA
Google Hacking Database.
google/gooscan-v0.9 - http://johnny.ihackstuff.com/
Gooscan is a tool that automates queries against Google search appliances.
inet-enum/ - http://www.whitehat.co.il/
Automatic Internet Enumeration Script.
isr-form-1.0/ - http://www.infobyte.com.ar/
Simple html parser to get information of html form tags to analyze web applications.
ldap-enum-v.003 - http://sourceforge.net/projects/ldapenum
ldapenum is a perl script designed to enumerate information from windows 2000 and windows 2003 domain controllers using LDAP.
ldapbrowser - http://www.iit.edu/~gawojar/ldap
The LDAP Browser/Editor provides a user-friendly Windows Explorer-like interface to LDAP directories with tightly integrated browsing and editing capabilities.
list-urls - http://www.whitehat.co.il/
Extract links form webpage.
lsrscan-0.5.1 - http://www.synacklabs.net/
lsrscan checks the behaviour of remote hosts to loose source routed packets.
lsrtunnel-0.2.1 - http://www.synacklabs.net/
lsrtunnel assists in spoofing connections to a remote host using loose source routed frames.
relayscanner - http://www.cirt.dk/
This program is used to test SMTP servers for Relaying problems that could lead to an spammer using your mailserver to send SPAM.
scapy - http://www.secdev.org/projects/scapy.html
Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery, packet sniffer, etc.
smb-enum/nat - http://www.tux.org/pub/security/secnet/tools/
NetBIOS auditing tool.
smb-enum/smbdumpusers - http://www.cqure.net/
Used to retrieve users from a Windows NT/2000 box.
smb-enum/smbgetserverinfo - http://www.cqure.net/
Returns some information from the ipaddress supplied.
smtp-vrfy - NUA
Vrfy.pl uses the vrfy command to verify users/mail accounts on a network by using a list of common system names like root, admin etc.
snmpenum - NUA
Enumerate information on machines that are running SNMP.
/pentest/exploits
client-side/CMDexe-XP-SP12 - NUA
Windows Exploit - Remote code execution with parameters - Proof of Concept.
exploit-tree - http://www.securityforest.com/
The ExploitTree is a categorized collection of ALL available exploit code.
framework-2.4 - http://www.metasploit.com/
The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code.
microsoft/HOD-ms04011-lsasrv-expl - NUA
MS04011 Lsasrv.dll RPC buffer overflow remote exploit v0.1.
microsoft/THCsql - http://www.thc.org/
Wind0wZ remote root sploit for MSSQL-Servers (SP3).
microsoft/WinJPEGAdminExp_MS04-028.sh - NUA
MS04-028 Exploit PoC II with Shellcode: CreateUser X in Administrators Group.
microsoft/kill-bill - NUA
Microsoft ASN.1 remote exploit for CAN-2003-0818 (MS04-007).
microsoft/oc192-dcom - NUA
RPC DCOM remote Windows exploit.
microsoft/sasser-bo - NUA
Sasser Worm Remote FTPD Buffer Overflow Exploit Code.
microsoft/sql2 - NUA
SQL Server UDP Buffer Overflow Remote Exploit.
microsoft/win_msrpc_lsass_ms04-11_Ex - NUA
MS04011 Lsasrv.dll RPC buffer overflow remote exploit v0.1.
microsoft/wins-045 - NUA
Windows Internet Name Service (WINS) Remote Heap Buffer Overflow Exploit.
milw0rm - http://milw0rm.com/
Milw0rm Exploit Database from 04-21-05.
packetstorm - http://www.packetstormsecurity.org/
Packetstorm Exploit Database.
securityfocus - http://www.securityfocus.com/
Securityfocus Exploit Database.
shellcode/SCMorphism - http://www.bsdaemon.org/
This is a personal project to implement some shellcode mutation engines.
shellcode/alpha2 - http://www.edup.tudelft.nl/~bjwever/
ALPHA 2 encodes your IA-32 shellcode to contain only alphanumeric characters.
shellcode/beta-shellcode - http://www.edup.tudelft.nl/~bjwever/
Multi-format shellcode encoding tool.
shellcode/encoder - http://www.klake.org/~jt/encoder/
x86 Windows/Unix shellcode encoder.
shellcode/shellforge - http://www.cartel-securite.fr/pbiondi//projects/shellforge/
ShellForge is a python program that builds shellcodes from C.
/pentest/forensic
sleuthkit-2.01 - http://www.sleuthkit.org/
The Sleuth Kit is a collection of command line digital forensic tools.
/pentest/fuzzers
bed-v.0.5 - http://www.snake-basket.de/
BED is a program which is designed to check daemons for potential buffer overflows, format string bugs etc.
fuzzer-1.1 - http://hack3rs.org/~shadown/Twister/
Fuzzer is a Net-Twister module that help in the Vulnerability Research and Development process.
fuzzer-mod - http://hack3rs.org/~shadown/Twister/
Fuzzer is a Net-Twister module that help in the Vulnerability Research and Development process (moded version).
spike-v.2.9 - http://www.atstake.com/
This is SPIKE, a Fuzzer Creation Kit.
/pentest/proxies
paros - http://www.parosproxy.org/
Paros is a program for people who need to evaluate the security of their web applications.
penproxy-0.4.10 - http://shh.thathost.com/pub-java/html/PenProxy.html
An proxy that may be of help for people who are pen-testing web applications.
proxifier-v0.1 - NUA
This is an automated Proxy List Generator for www.proxy4free.com.
webscarab-20050411 - http://www.owasp.org/
WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols.
whopper-0.3 - http://projects.vanscherpenseel.nl/whopper/
Simple but powerfull tool to connect to remote services through a chain of HTTP (CONNECT) proxy servers, to gain high anonymity.
/pentest/scanners
banshee-3.3 - http://www.blakhat.co.uk/
Banshee is a small fast lightweight scanner designed for mass scanning.
dcom_scanner/dcom-isvuln - NUA
DCOM vulnerabilitie scanner.
dcom_scanner/dcom_scanner - NUA
DCOM scanner.
knocker-0.7.1 - http://knocker.sourceforge.net/
Knocker is a simple and easy to use TCP security port scanner written in C using which is able to analyze hosts and all of the different services started on them.
lsrscan-1.0 - http://www.synacklabs.net/
lsrscan checks the behaviour of remote hosts to loose source routed packets.
match-scanner - http://penguin-skills.com/
Match Scanner is an HTTP vulnerability scanner that uses a database of over 900 exploits that is updated every day with new exploits found.
nikto-1.35 - http://www.cirt.net/
Nikto is a tool for finding default web files and examing web server and CGI security.
probe-4.1 - http://http.thc.org/
Small and nice toolset for scanning/probing hosts and networks.
raccess-0.7 - http://www.salix.org/raccess/
Remote Access Session is a security tool to analyze the integrity of systems.
relaycheck - http://david.weekly.org/
Relaycheck scans a network for vulnerable SMTP hosts that permit "relaying" of email.
retina-scanners/CIScan.exe - http://www.foundstone.com/
This free tool will help identify potentially vulerable Cisco devices.
retina-scanners/MessengerScan.exe - http://www.foundstone.com/
Scanning Windows 2000, Windows XP and Windows 2003 for MS Messanger Vulnerability MS03-043.
retina-scanners/NetSchedScan.exe - http://www.foundstone.com/
A Windows network admin utility for remotely detecting the Task Scheduler vulnerability on Microsoft Windows 2000 and Windows XP systems.
retina-scanners/RetinaApacheChunked.exe - http://www.eeye.com/
The scanner will properly identify Apache web servers vulnerable to the recent Chunked encoding buffer overflow attack.
retina-scanners/RetinaCodeRed.exe - http://www.eeye.com/
The Retina CodeRed Scanner detects 1) the .ida vulnerabily and 2) any trace of CodeRed II infection.
retina-scanners/RetinaMSGSVC.exe - http://www.eeye.com/
Checks for Buffer Overrun in Messenger Service that Could Allow Code Execution (MS03-043)
retina-scanners/RetinaMyDoom.exe - http://www.eeye.com/
Mydoom/MIMAIL.R Scanner
retina-scanners/RetinaNimda.exe - http://www.eeye.com/
The Retina Nimda Scanner detects 1) the unicode and double decode vulnerabilities and 2) any trace of Nimda infection.
retina-scanners/RetinaRPCDCOM.exe - http://www.eeye.com/
DCom Scanner (MS03-026 and MS03-039 ).
retina-scanners/RetinaSapphireSQL.exe - http://www.eeye.com/
The Retina Sapphire SQL Scanner sends a packet to SQL server on port 1434 UDP. A vulnerable server will respond back with certain data.
retina-scanners/RetinaSasser.exe - http://www.eeye.com/
The Sasser scanner first sends a request to port 445 in order to verify if the system is patched. If port 445 is closed, the scanner will try port 139.
retina-scanners/RetinaSpida.exe - http://www.eeye.com/
The scanner will properly identify vulnerable v6.0+ SQL servers on multilingual systems.
retina-scanners/SNScan.exe - http://www.foundstone.com/
This free tool will help identify potentially vulerable Cisco devices.
sixthsense - NUA
6thSense utilizes a TCP port scanning technique that allows you to remain completely invisible to the scanned host.
thcrut-1.2.5 - http://www.thc.org/
RUT (aRe yoU There, pronouced as 'root') is your first knife on foreign network. It gathers informations from local and remote networks.
welchia_scan - NUA
This utility scans a network range looking for port 707/tcp which is the port welchia listens on after infecting a machine.
/pentest/sniffers
aimsniff-0.9d - http://www.aimsniff.com/
AIM Sniff is a utility for monitoring and archiving AOL Instant Messenger messages across a network.
driftnet-0.1.6 - http://www.ex-parrot.com/~chris/driftnet/
Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes.
smbsniffer - http://www.hsc.fr/ressources/outils/
Smbsniff is a LanManager(SMB/CIFS) packet sniffer that will write to your disk all the files shared and the documents printed in a LanManager environnement (all the Microsoft and Samba machines using LanManager protocol to share data).
sslsniff-0.4 - http://www.thoughtcrime.org/
A simple tool that exploits the IE SSL CertificateChain vulnerability.
xspy - http://www.acm.vt.edu/~jmaxwell/
Monitors keystrokes even the keyboard is grabbed.
/pentest/utilities
tftp-server - http://iridia.ulb.ac.be/~fvandenb/
A tftp server.
/pentest/voip
vomit-0.2c - http://vomit.xtdnet.nl/
The vomit utility converts a Cisco IP phone conversation into a wave file that can be played with ordinary sound players.
/pentest/windows-binaries
databases/sqlexec20.exe - NUA
SQL execute helper tool .
exploits/101_WINS-.exe - http://www.hat-squad.com/
Windows Internet Name Service (WINS Remote Heap Buffer Overflow Exploit
exploits/iis_media.exe - http://www.tomydan.net/
IIS Media exploit.
exploits/ios-w3-vul.exe - NUA
This code scanning a Cisco router/switch for vulnerability, and as an option fetching the configuration, without any authentication, of the router/switch if vulnerability is found.
exploits/kaHt2.exe - NUA
DCOM RPC exploit.
exploits/kaht3.exe - NUA
MS04-011 Lsasrv.dll RPC Exploit.
exploits/lsass-04-011.exe - NUA
Microsoft Windows Lsass.exe Local SYSTEM Exploit (MS04-011).
exploits/ms04011lsass.exe - NUA
Windows Lsasrv.dll RPC [ms04011] buffer overflow Remote Exploit.
exploits/posixexp-source.exe|.c - http://www.cnhonker.com/
Microsoft Windows POSIX Subsystem Local Privilege Escalation Exploit (MS04-020).
exploits/serv-u-local.exe|.c - NUA
Serv-u Local Exploit >v3.x.
exploits/util-allin1.exe|.c - http://www.coromputer.net
The exploit executes a shell through utilman.exe with SYSTEM priviliges.
exploits/utility-manager.exe - NUA
Windows 2000 Utility Manager Privilege Elevation Exploit (MS04-019).
exploits/webdav-majik.exe - NUA
Remote Exploit for IIS 5.0 WebDAV.
exploits/webdav-spawn.exe - http://rs-labs.com/
IIS 5.0 WebDAV Exploit.
exploits/xwbf-v0.3.exe - http://www.coromputer.net/
GUI version of webdav.c.
passwd-attack/FindPass.exe - NUA
Find Password in the Winlogon process.
passwd-attack/PWDump4.exe.dll - NUA
PWDUMP4.02 dump winnt/2000 user/password hash remote or local for crack.
passwd-attack/SAMDUMP.EXE - NUA
Dumps the sam
passwd-attack/TSgrinder.rar|tsgrinder-2.03.zip - http://www.hammerofgod.com/
TSGrinder is the first production Terminal Server brute force tool.
passwd-attack/cachedump.exe - http://www.cr0.net:8040/misc/cachedump.html
Recovering Windows Password Cache Entries
passwd-attack/ipscan - http://www.cnhonker.com/
IpcScan is a NT weak accounts scanner running on Win NT/2K/XP.
passwd-attack/pulist.exe - http://www.microsoft.com/
This utility displays all the processes running on a system.
passwd-attack/smbcrack2 - NUA
SMB Password Cracker 2.0 For Windows.
pstools/psexec.exe - http://www.sysinternals.com/
PsKill is a kill utility that also can kill processes on remote systems.
pstools/pskill.exe - http://www.sysinternals.com/
PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software.
pstools/psservice.exe - http://www.sysinternals.com/
PsService is a service viewer and controller for Windows NT/2K.
pstools/psshutdown.exe - http://www.sysinternals.com/
PsShutdown is a clone of the Resource Kit shutdown tool, providing you the same options and ability to shutdown, and optionally reboot, local and remote Windows NT/2K/XP systems.
pstools/pstoreview.exe - http://www.ntsecurity.nu/
PStoreView lists the contents of the Protected Storage.
scanners/SynScan.zip - http://www.iamaphex.cjb.net/
This command line scanner allows you to specify a starting host and one or more ports to be checked for a connection.
scanners/dfind.exe - http://class101.org/
This command line scanner allows you to specify a starting host and one or more ports to be checked for a connection.
scanners/hs_wins.exe - www.hat-squad.com/
WINS Vulnerability/OS Scanner
scanners/ms04-028 GDIScan.rar - http://isc.sans.org/
gdiscan.exe was written for Windows 2000 and higher. It scans the drive containing the Windows %system% directory and Looks for vulnerable versions of gdiplus.dll, sxs.dll, wsxs.dll, mso.dll.
scanners/sl.exe - http://www.foundstone.com/
A port scanner
sniffers/ngrep1.41win32full.zip - http://www.packetfactory.net/
The Win32 port of ngrep.
sniffers/rawsniffer - http://www.codehome.6600.org/
A sniffer.
tools/Fport.exe - http://www.foundstone.com/
Identify unknown open ports and their associated applications.
tools/WHOAMI.EXE - http://www.microsoft.com/
This command-line tool returns the domain or computer name and the user name of the user currently logged onto the computer on which the tool runs.
tools/enumplus - NUA
A smb enumeration tool.
tools/klogger.exe - http://ntsecurity.nu/
KLogger is a keystroke logger for Windows NT / 2000 / XP.
tools/mbenum.exe - http://www.cqure.net/
MBEnum queries the master browser for whatever information it has registered.
tools/mstsc.exe - http://www.microsoft.com/
Terminal Service Client.
tools/nbtenum.exe - http://ntsleuth.0catch.com/
NBTEnum is a Windows compatible program that is useful for enumerating NETBIOS info from one host or a range of hosts.
tools/nc.exe - http://www.atstake.com/
The network swiss army knife.
tools/plink.exe - http://www.chiark.greenend.org.uk/~sgtatham/putty/
A command-line interface to the PuTTY back ends.
tools/regdmp.exe - NUA
This command-line tool writes all or part of the Windows 2000 registry to the standard output (STDOUT).
tools/tftpd32.exe - http://tftpd32.jounin.net/
A free TFTP server and a free DHCP server for windows.
tools/wget.exe - http://users.ugent.be/~bpuype/wget/
GNU Wget is a free software package for retrieving files using HTTP, HTTPS and FTP, the most widely-used Internet protocols.
trojans/Institution_2004.zip - http://iamaphex.cjb.net/
The currently most complete and advanced Remote Admin Tool available.
trojans/sbd.exe - http://tigerteam.se/
sbd is a Netcat-clone, designed to be portable and offer strong encryption.
/pentest/wireless
aircrack-2.2 - http://www.cr0.net:8040/
aircrack is a 802.11 WEP key cracker.
cowpatty-2.0 - http://www.remote-exploit.org/
coWPAtty is designed to audit the pre-shared key (PSK) selection for WPA networks based on the TKIP protocol.
void11-0.2.0 - http://www.wlsec.net/void11/
A free implementation of some basic 802.11b attacks.
wepdecypt-0.5 - http://wepdecrypt.sourceforge.net/
WepDecrypt is a Wireless LAN Tool for Linux which guesses WEP Keys based on a active dictionary attack and several other methods. Millions of words can be checked out.
weplab-0.1.4 - http://weplab.sourceforge.net/
WepLab is a tool designed to teach how WEP works, what different vulnerabilities it has, and how they can be used in practice to break a WEP protected wireless network.
wpa-cracker-2.0c.1 - http://www.tinypeap.com/
Tool that uses a dictionary attack to attempt to learn WPA encryption keys.