Tag: Command Line Tool

Analyze MFT

analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multiple formats. https://github.com/dkovar/analyzeMFT

Permanent link to this article: http://www.darknessgate.com/2016/10/07/analyze-mft/

Mft2Csv

Extract $MFT record info and log it to a csv file. This tool is for parsing, decoding and logging information from the Master File Table ($MFT) to a csv. It is logging a large amount of data and that has been the main purpose from the very start. Having all this data in a csv …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2016/10/07/mft2csv/

Timestomp

Timestomp allows you to delete or modify all four New Technology File System (NTFS) timestamp values: Modified, Accessed, Created and Entry Modified. http://www.jonrajewski.com/data/for270/timestomp.exe Tool offical website is currently offline: https://www.bishopfox.com/resources/tools/other-free-tools/mafia/

Permanent link to this article: http://www.darknessgate.com/2016/07/29/timestomp/

EtherApe

EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display. It supports Ethernet, FDDI, Token Ring, ISDN, PPP, SLIP and WLAN devices, plus several encapsulation formats. It can filter traffic …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2015/04/21/etherape/

sslstrip

This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2015/03/15/sslstrip/

Snort 2.9.7.0

Open-Source IDS/IPS Download Snort

Permanent link to this article: http://www.darknessgate.com/2015/03/04/snort-2-9-7-0/

Wfuzz

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc. Some features: * Multiple Injection points capability with multiple dictionaries * Recursion (When doing …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2015/02/26/wfuzz/

Crowbar

Crowbar (crowbar) is brute forcing tool that can be used during penetration tests. It is developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example, while most brute forcing tools use username and password for SSH brute force, Crowbar uses SSH key. So SSH keys, …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2015/02/23/crowbar/

Aircrack-ng

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2015/02/12/aircrack-ng-3/

The web-application vulnerability scanner

Wapiti allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2015/02/12/web-application-vulnerability-scanner/

Wipe

Wipe is a secure file wiping utility. There are some low level issues that must be taken into consideration. One of these is that there must be some sort of write barrier between passes. Wipe uses fdatasync(2) (or fsync(2)) as a write barrier, or if fsync(2) isn’t available, the file is opened with the O_DSYNC …

Continue reading »

Permanent link to this article: http://www.darknessgate.com/2015/02/07/wipe-2/