Hacking Articles » Hacking Tools

CutyCapt – A Qt WebKit Web Page Rendering Capture Utility

Raj Chandel — Fri, 03 May 2013 07:33:31 +0000

CutyCapt is a small cross-platform command-line utility to capture WebKit’s rendering of a web page into a variety of vector and bitmap formats, including SVG, PDF, PS, PNG, JPEG, TIFF, GIF, and BMP

First download the cutycapt from here

Open your cutycapt from command prompt and type following command

CutyCapt –url=http://www.example.com –out=anyfile.pdf (Convert in PDF Format)

CutyCapt –url=http://www.example.com –out=anyfile.jpg (Convert in Image File)

In Kali Linux

Open your kali linux terminal and type

CutyCapt –url=http://www.example.com –out=anyfile.pdf (To Convert in PDF Format)

CutyCapt –url=http://www.example.com –out=anyfile.jpg (To Convert in Image File)

Netdiscover – Active/Passive ARP Scanner

Raj Chandel — Tue, 18 Dec 2012 10:42:55 +0000

Netdiscover is an active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks. Built on top of libnet and libpcap, it can passively detect online hosts, or search for them, by actively sending arp requests, it can also be used to inspect your network arp traffic, or find network addresses using auto scan mode, which will scan for common local networks

Open your backtrack terminal and type

netdiscover –I eth2 –r 192.168.0.100/24

Usage:

netdiscover [-i device] [-r range | -p] [-s time] [-n node] [-c count] [-f] [-S]

-i device: your network device

-r range: scan a given range instead of auto scan. 192.168.6.0/24,/16,/8

-p passive mode do not send anything, only sniff

-s time: time to sleep between each arp request (miliseconds)

-c count: number of times to send each arp reques (for nets with packet loss)

-n node: last ip octet used for scanning (from 2 to 253)

-S enable sleep time supression betwen each request (hardcore mode)

-f enable fastmode scan, saves a lot of time, recommended for auto

How to use Nmap (Beginner Tutorial)

Raj Chandel — Thu, 06 Dec 2012 17:37:59 +0000

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime

First Download nmap From Here and install in your pc

How to Detect All Connected PC in Network

nmap -sn 192.168.0.100/24

How to Scan Network Exclude a Specific Host

nmap –exclude 192.168.0.108 192.168.0.1/24

How to Detect Installed OS in Remote PC

nmap -O 192.168.0.102

How to Scan All TCP Port in All Remote PC

nmap -sT 192.168.0.100/24

How to Scan All UDP Ports in Remote PC

nmap -sU 192.168.0.102

How to Scan IP Protocol

nmap -sO 192.168.0.102

How to Detect services of Remote PC

nmap -sV 192.168.1.2

How to Scan Name Server of Website

nmap -sV -T4 -F www.upscportal.in

DMitry – Deepmagic Information Gathering Tool

Raj Chandel — Tue, 04 Dec 2012 14:55:57 +0000

DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line program coded purely in C with the ability to gather as much information as possible about a host.

Basic functionality of DMitry allows for information to be gathered about a target host from a simple whois lookup on the target to UpTime reports and TCP portscans.

First Open Your backtrack and Follow these path

Applications->Backtrack–>Information gathering->Network analysis->route analysis->dmitry

./dmitry -w target” will perform a standard named whois lookup

./dmitry -i target” will Perform an Internet Number whois lookup on the target.

./dmitry -n target” will Retrieve netcraft.com data concerning the host, this includes Operating System, Web Server release and UpTime information.

./dmitry -s target” Perform a Sub Domain search on the specified target.

./dmitry -e target	Perform a search possible email address
./dmitry –p target	Perform a TCP Port scan on a host
./dmitry –b target	Read in the banner received from the scanned port

HTEXPLOIT – Bypassing htaccess Restrictions

Raj Chandel — Fri, 28 Sep 2012 15:19:38 +0000

HTExploit (HiperText access Exploit) is an open-source tool written in Python that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process. By using this tool anyone would be able to list the contents of a directory protected this way, bypassing the authentication process.

The tool provides modularity, by allowing the tester to fully perform an analysis on the protected website of the following attacks: SQL Injection, Local File Inclusion, Remote File Inclusion and others.

The main characteristic of this tool is that all of the analyses performed are done inside the protected directory, not from the publicly accessible site.

Features

Multiples modules to execute.
Save the output to an specify directory.
HTML Reporting.
Use multiples wordlist to probe against htaccess bypassing.
Mode verbose for full detailed information.

First Open Your backtrack and Follow these path

Applications->Backtrack–>Exploitation Tools->Web Exploitation Tools->htexpoit

You can also do this manually. First Open your backtrack Terminal and type

cd /pentest/web/htexploit

./htexploit

Python htexploit –u www.example.com

usage

-h, –help	show this help message and exit
-m MODULE, –module=MODULE	Select the module to run (Default: detect)
-u URL, –url=URL	REQUIRED – Specify the URL to scan
-o OUTPUT, –output=OUTPUT	Specify the output directory
-w WORDLIST, –wordlist=WORDLIST	Specify the wordlist to use
-v, –verbose	Be verbose

Domain Analyzer Security Tool

Raj Chandel — Mon, 24 Sep 2012 19:24:24 +0000

Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way.

Features

It creates a directory with all the information, including nmap output files.
It uses colors to remark important information on the console.
It detects some security problems like host name problems, unusual port numbers and zone transfers.
It is heavily tested and it is very robust against DNS configuration problems.
It uses nmap for active host detection, port scanning and version information (including nmap scripts).
It searches for SPF records information to find new hostnames or IP addresses.
It searches for reverse DNS names and compare them to the hostname.
It prints out the country of every IP address.
It creates a PDF file with results.
It automatically detects and analyze sub-domains!
It searches for domains emails.
It checks the 192 most common hostnames in the DNS servers.
It checks for Zone Transfer on every DNS server.
It finds the reverse names of the /24 network range of every IP address.
It finds active host using nmap complete set of techniques.
It scan ports using nmap.
It searches for host and port information using nmap.
It automatically detects web servers used.
It crawls every web server page using our Web Crawler Security Tool.
It filters out hostnames based on their name.
It pseudo-randomly searches N domains in google and automatically analyze them!
Uses CTRL-C to stop current analysis stage and continue working.

First download Domain Security Analyzer from here and save in your desktop

Now untar the file tar zxvf domainanalyzer.tar.gz

Crawler

./crawler.py –u www.hackingarticles.in

Options:

-u, –url	URL to start crawling.
-m, –max-amount-to-crawl	Max deep to crawl. Using breadth first algorithm
-w, –write-to-file	Save summary of crawling to a text file. Output directory is created automatically
-s, –subdomains	Also scan subdomains matching with url domain.
-r, –follow-redirect	Do not follow redirect. By default follow redirection at main URL.
-f, –fetch-files	Download there every file detected in ‘Files’ directory. Overwrite existing content.
-F, –file-extension	Download files specified by comma separated extensions. This option also activates ‘fetch-files’ option. ‘Ex.: -F pdf,xls,doc’
-d, –docs-files	Download docs files:xls,pdf,doc,docx,txt,odt,gnumeric,csv, etc. This option also activates ‘fetch-files’ option.
-E,–exclude-extensions	Do not download files that matches with this extensions. Options ‘-f’,'-F’ or ‘-d’ needed.
-h, –help	Show this help message and exit.
-V, –version	Output version information and exit
-v, –verbose	Be verbose
-D, –debug	Debug.

Domain Analyzer

./domain_analyzer_v_0.5.py –d www.example.com

Options

-h, –help	Show this help message and exit
-V, –version	Output version information and exit.
-D, –debug	Debug
-d, –domain	Domain to analyze.
-j, –not-common-hosts-names	Do not check common host names. Quicker but you will lose hosts
-t, –not-zone-transfer	Do not attempt to transfer the zone.
-n, –not-net-block	Do not attempt to -sL each IP netblock.
-o, –store-output	Store everything in a directory named as the domain. Nmap output files and the summary are stored inside.
-a, –not-scan-or-active	Do not use nmap to scan ports nor to search for active hosts
-p, –not-store-nmap	Do not store any nmap output files in the directory /nmap
-e, –zenmap	Move xml nmap files to a directory and open zenmap with the topology of the whole group. Your user should have access to the DISPLAY variable.
-g, –not-goog-mail	Do not use goog-mail.py (embebed) to look for emails for each domain
-s, –not-subdomains	Do not analyze sub-domains recursively. You will lose subdomain internal information.
-f, –create-pdf	Create a pdf file with all the information.
-w, –not-webcrawl	Do not web crawl every web site (in every port) we found looking for public web mis-configurations (Directory listing, etc.).
-m, –max-amount-to-crawl	If you crawl, do it up to this amount of links for each web site. Defaults to 50.
-F, –download-files	If you crawl, do ti up to this amount of links for each web site. Defaults to 10.
-c, –not-countrys	Do not resolve the country name for every IP and hostname.
-q, –not-spf	Do not check SPF records.
-k, –random-domain	Find this amount of domains from google and analyze them. For base domain
-x, –nmap-scantype	Nmap parameters to port scan. Defaults to: ‘-O –reason –webxml –traceroute

thad0ctor’s Backtrack 5 Toolkit

Raj Chandel — Mon, 24 Sep 2012 04:21:12 +0000

The backbone of thad0ctor’s Backtrack 5 Toolkit is the Wordlist Toolkit that contains a plethora of tools to create, modify, and manipulate word lists in order for end users to strengthen their systems by testing their passwords against a variety of tools designed to expose their pass phrases. In short it is the ultimate tool for those looking to make a wide variety of word lists for dictionary based and other brute force attacks.

The toolkit is designed with usability in mind for the Backtrack 5R2 Linux distro but will also work on BT5 R1 and other Ubuntu based distros if configured properly. The script is constantly updated with multiple revisions to include new cutting edge features and improvements in order to provide full spectrum wordlist creation capabilities.

Features

Create word lists for SSNs, Phone Numbers, Date Ranges, Random Patterns, Password Policies, Patterns, from PDF/EBOOK files, for Default Router Passwords, or by profiling targets
Manipulate word lists by changing character cases, mirroring or doubling up words, reversing words prefixing or appending sequences of numbers or characters, inserting text, removing patterns or characters, converting words to 1337 speak, mangling words with John the Ripper and more
Optimize word lists by converting them to ASCII, trimming the words to set minimum and maximum lengths, sorting and removing duplicates, removing non-printable characters, splitting word lists into more manageable chunks and more
Analyzes word lists by viewing their line count, a break down of their most common patterns and characters used, search word lists for a certain string or sub-string, and calculate the time it would take to process a word list through a aircrack-ng or pyrit based dictionary attack
Combine individual word lists or word lists of a directory into a single word list and gather word lists system wide into one directory
Fully customize the usage of the script to streamline functionality. Change console output text color, configure passthough attack options for certain attacks, toggle or force on or off the GTK and CLI versions of the script, toggle whether or not to display the start up banner, toggle the main menu style and customize the script 1337ify options.
Stay up to date with a fully integrated and fool proof update system that pulls directly from the script’s Sourceforge for up to the minute updates and configure whether or not you would like to auto-update the script on start up.
Make sure everything is working properly and dependencies are met with an automated dependency check and install system that takes all the pain and guesswork out of dependency issues.

First Download thad0ctor Toolkit from here on your desktop

Now unzip the file unzip thad0ctors.zip

Now you can start it with./LAUNCH_TOOLKIT.sh

Now choose option 1 wordlist tools (creation, Manipulation, Combination, and Analyzation)

In main menu choose option 2 for wifi tools

In main menu choose option 3 for view all this script’s word list tools

In main menu choose option c for configure /Install Scripts and Shortcuts /check dependencies

In main menu choose option I for Info / Readme /Upgrade /chagelog /Debug Info /Dev, RSS Feed

Goofile – Search for Filetypes from Command Line

Raj Chandel — Sat, 22 Sep 2012 12:26:03 +0000

Goofile is other python tool which is used for finding the different files existed in the website. There is only single command line in the usage of the tool.

Open your backtrack terminal and type cd /pentest/enumeration/google/goofile

If you would like to search for files with the extension “pdf” on this website, run this command:

Python goofile.py –d www.example.com –f pdf

-d: domain to search

-f: filetype (ex. pdf

Tor’s Hammer – Slow POST Denial of Service Testing Tool

Raj Chandel — Thu, 09 Aug 2012 11:41:53 +0000

Tor’s Hammer is a slow post dos testing tool written in Python. It can also be run through the Tor network to be anonymized. If you are going to run it with Tor it assumes you are running Tor on 127.0.0.1:9050. Kills most unprotected web servers running Apache and IIS via a single instance. Kills Apache 1.X and older IIS with ~128 threads, newer IIS and Apache 2.X with ~256 threads.

First Download torshammer script from here and save in your desktop

Now untar the file using tar xvf torshammer.tar

How to use Tor’s Hammer

You can start it with./torshammer.py

They already provide an example, but I will provide you another example simply for the context,

“./torshammer.py -t www.example.com -r 50000 “, the larger the thread count, the more efficient and effective the attack.

-t|–target

-r|–threads Defaults to 256

-p|–port Defaults to 80

-T|–tor Enable anonymising through tor on 127.0.0.1:9050

-h|–help shows this help

Hcon – Open Source Penetration Testing / Ethical Hacking Framework

Raj Chandel — Tue, 07 Aug 2012 21:01:53 +0000

HconSTF is Open Source Penetration Testing Framework based on different browser technologies, which helps any security professional to assists in the Penetration testing or vulnerability scanning assessments. contains web tools which are powerful in doing xss(cross site scripting), Sql injection, siXSS, CSRF, Trace XSS, RFI, LFI, etc. Even useful to anybody interested in information security domain – students, Security Professionals, web developers, manual vulnerability assessments and much more.

Features

Categorized and comprehensive toolset
Contains hundreds of tools and features and script for different tasks like SQLi, XSS,Dorks, OSINT to name a few
HconSTF webUI with online tools (same as the Aqua base version of HconSTF)
Each and every option is configured for penetration testing and Vulnerability assessments
Specially configured and enhanced for gaining easy & solid anonymity
Works for web app testing assessments specially for owasp top 10
Easy to use & collaborative Operating System like interface
Multi-Language support (feature in heavy development translators needed)