analyzeMFT.py is designed to fully parse the MFT file from an NTFS filesystem and present the results as accurately as possible in multiple formats. https://github.com/dkovar/analyzeMFT
Tag: Command Line Tool
Permanent link to this article: https://www.darknessgate.com/2016/10/07/analyze-mft/
Mft2Csv
Extract $MFT record info and log it to a csv file. This tool is for parsing, decoding and logging information from the Master File Table ($MFT) to a csv. It is logging a large amount of data and that has been the main purpose from the very start. Having all this data in a csv …
Permanent link to this article: https://www.darknessgate.com/2016/10/07/mft2csv/
Timestomp
Timestomp allows you to delete or modify all four New Technology File System (NTFS) timestamp values: Modified, Accessed, Created and Entry Modified. http://www.jonrajewski.com/data/for270/timestomp.exe Tool offical website is currently offline: https://www.bishopfox.com/resources/tools/other-free-tools/mafia/
Permanent link to this article: https://www.darknessgate.com/2016/07/29/timestomp/
EtherApe
EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display. It supports Ethernet, FDDI, Token Ring, ISDN, PPP, SLIP and WLAN devices, plus several encapsulation formats. It can filter traffic …
Permanent link to this article: https://www.darknessgate.com/2015/04/21/etherape/
sslstrip
This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which …
Permanent link to this article: https://www.darknessgate.com/2015/03/15/sslstrip/
Snort 2.9.7.0
Open-Source IDS/IPS Download Snort
Permanent link to this article: https://www.darknessgate.com/2015/03/04/snort-2-9-7-0/
Wfuzz
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc. Some features: * Multiple Injection points capability with multiple dictionaries * Recursion (When doing …
Permanent link to this article: https://www.darknessgate.com/2015/02/26/wfuzz/
Crowbar
Crowbar (crowbar) is brute forcing tool that can be used during penetration tests. It is developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example, while most brute forcing tools use username and password for SSH brute force, Crowbar uses SSH key. So SSH keys, …
Permanent link to this article: https://www.darknessgate.com/2015/02/23/crowbar/
Aircrack-ng
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng …
Permanent link to this article: https://www.darknessgate.com/2015/02/12/aircrack-ng-3/
The web-application vulnerability scanner
Wapiti allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, …
Permanent link to this article: https://www.darknessgate.com/2015/02/12/web-application-vulnerability-scanner/
Wipe
Wipe is a secure file wiping utility. There are some low level issues that must be taken into consideration. One of these is that there must be some sort of write barrier between passes. Wipe uses fdatasync(2) (or fsync(2)) as a write barrier, or if fsync(2) isn’t available, the file is opened with the O_DSYNC …
Permanent link to this article: https://www.darknessgate.com/2015/02/07/wipe-2/