News - Main Page
Whitepapers
Tools and Download
Presentations

Portcullis Labs » Tools

Licence Authors OS Language
RSS Feed RSS Feed - Tools

Content

  • acccheckThe tool is designed as a password dictionary attack tool that targets windows authentication via the SMB protocol. It is really a wrapper script around the 'smbclient' binary, and as a result is dependent on it for its execution.
  • Banner GrabBannerGrab is a tool that performs connection, trigger-based and basic information collection from network services.
  • BSQL brute forcer V2Updated version of the Blind SQL Injection Brute Forcer from www.514.es. Works against PostgreSQL, MySQL, MSSQL and Oracle and supports custom SQL Queries.
  • BSQL HackerBSQL (Blind SQL) Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.
  • enum4linuxA Linux alterntive to enum.exe for enumerating data from Windows and Samba hosts.
  • hoppyHTTP options prober and information disclosure scanner
  • http-dir-enumA command-line tool for bruteforce-guessing directory and filenames on web servers.
  • ldapuserenumAn information disclosure vulnerability exists in the manner that Microsoft LDAP server responds when binding to the LDAP server
  • ManySSLUse this perl script to enumerate SSL ciphers
  • MIBparseMIBparse.pl has been designed as an offline parser to quickly parse output from SNMP tools such as 'snmpwalk'.
  • MS08-067 checkAnonymously check if a target machine or a list of target machines are affected by MS08-067 vulnerability
  • nbtscan-1.5.2NBTscan is a program for scanning IP networks for NetBIOS name information.
  • onesixtyoneAn enhanced version of Solar Eclipse's SNMP Community string guessing tool.
  • phrasen|drescherA tool for bruteforce guessing pass phrases, password hashes or remote accounts of various services
  • polenumpolenum is a python script which uses Core's Impacket Library to get the password policy from a windows machine
  • rmiInfoA tool for extracting information from Java Remote Method Invocation (RMI) services.
  • sucrackLinux/UNIX tool for brute-force cracking local user accounts via su.
  • Sun Patch CheckSun Patch Check lists missing security patches by comparing the output from the Sun Solaris "showrev" command to that from the Sun recommended patch list.
  • udp-proto-scannerudp-proto-scanner.pl discovers UDP services by sending triggers to a list of hosts.
  • vesslvessl is a bash script that uses openssl to get and verify the ssl certificate of a remote server
  • viewstateViewstate is an ASP.Net viewstate decoder, checker, parser and encoder.
  • XSS ShellXSS Shell is a powerful XSS backdoor, in XSS Shell one can interactively send requests and get responses from victim and it allows you to keep the control of session
  • XSS TunnelXSS Tunnel is a standard HTTP proxy which sits on an attacker’s system. Any tool that is configured to use it will tunnel its traffic through the active XSS Channel on the XSS Shell server.