Archive for the ‘Tools’ Category

TNS Connection Profiler – Oracle Tool

TNS listener is a service that allows clients application to connect to oracle database. The service running on the database allows to log and control the connection and by default it uses port 1521/1526. Database administrator needs to restrict this port to only required applications by filtering IPs. Each connection over this service logs information [...]

Share

iRET – iOS Reverse Engineering Toolkit

iRET is an open source tool that you can use to analyze and evaluate iOS applications. The toolkit includes the following features: Binary Analysis where you can check the binary encryption , architecture of the application and if it has stack-smashing protection enabled. Keychain Analysis this to analyze the keychain contents, including passwords, keys, certificates [...]

Share

Volafox Mac OS X Memory Analysis Toolkit

Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any malicious program on the system. Security analyst can have the following information using this tool: MAC Kernel version, CPU, and [...]

Share

APKinspector- Tool to Analyze Android applications

APKinspector is another open source project that comes to reverse and analyze Android applications. project owners have created a graphical interface to allow visualizing the structure of the application modules this will make security analysts select the good Android application that is safe to use. APKinspector can be a good addition to the toolbox you [...]

Share

WPScan WordPress Vulnerability Scanner

New version of the wordpress security assessment tool – WPScan, the tool already included in many popular pentest distributions such as BackBox Linux, Kali Linux ,Pentoo and SamuraiWTF. The new release is 2.4 include new fingerprints for WP 3.8.3 & 3.7.3, 3.9 and addition vulnerabilities for wordpress CMS. There is also update for the theme [...]

Share

Subterfuge Automated Man-in-the-Middle Attack Framework

Subterfuge is a python based tool that you can use for testing Man-In-The-Middle attacks. the program will start to sniff network traffic and wait to have user login to online websites such as gmail , twitter, facebook and more.  Next it will display accounts information. Beside the session hijacking module there are other modules that [...]

Share

passivedns network sniffer to log DNS query

Domain name servers may contain several type of security vulnerabilities that allow a malicious user to redirect website visitors to a third party website. The attack can be cache poisoning or ARP spoof and this in case that the DNS server is not patched or hardened. Passivedns is an open source tool that you can [...]

Share