Stuff
- SQL Server backdoor client
-
It was a long time ago, but after the presentation of Cesar Cerrudo and Esteban Martinez, we spent some time playing with the materials provided. One of the most interesting was the SQL Server Backdoor. It provides basic backdoor functionality through opening a conection against a specified server and port and waiting for any order to execute in the trojanized database.
However, there is no client provided for this, so we spent some more time coding a little client that awaits for incoming connections from the backdoor and allows to interact with the database showing the results. It is available here, and you can find the backdoor into the additional materials from the black hat presentation here.
Download Here
- Geoedge
-
This little tools is designed to get geolocalization information of a host, it get the information from two sources (maxmind and geoiptool). It's useful when doing forensics, log analisis, or just plain curiosity. Enjoy
Download Here
- AWexploder 1.3- Virtual host and CMS discovery
-
AWexploder helps you to find virtual hosts for a given IP address and looks for a CMS in each virtual host. In this version it looks for OpenSourceCMS's. More cms's will be added in later verions.
Download Here
- Md5bf - Md5 cracker
-
This tool lets you crack md5 hashes using dictionaries or brute force attacks. The tools is coded in C, and is the first tool done by Deepbit!
Download Here - BruteSSH, Ssh Bruteforcer v.05
-
A simple sshd password bruteforcer using a wordlist, it's very fast for internal networks. It's multithreads.
Download Here - Virtual Host Finder
-
A script that search virtual hosts of a target IP. It uses Msn Search "ip:" option.
Download Here - Netcraft Subdomain Finder
-
This is a little script that connects to Netcraft.com and search subdomains for the selected domain name.
This will help you in the information gathering phase of a pentest.
Download Here - Modsecurity Web Console
-
Here we have a console to manage the Modsecurity logs, it provides a web frontend to query and analyze the alerts. It's inspired by ACID and BASE used by the Snort Project. It's in an early phase but it very useful, if you want to help with this please contact cmartorella_at_edge-security.com
Download Here - DigDug, nameserver bruteforcer
-
This little program is for auditing a DNS, it will brute force a domain asking for hostnames taken from a predefined list. The list has the most common names used for hosts. It supports hybrid querys to find a broader range of hosts. You can download it Here
- ProxyFinder
-
A program to download and parse a list of open proxys, from 2 websites (samair and multiproxys), and then check if the proxies are working. Can test for GET and CONNECT method. You could restrict the search for a specific number of working proxies. You can download it Here