Section: .. / Win /
|
Windows tools - This directory contains hundreds of assorted Windows security tools. Try them out first on a test machine first unless you are sure you know what you are doing.
|
| /// File Name: |
EchoMirage-1-1.zip |
Description:
|
Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function calls so that data transmitted and received by local applications can be observed and modified. Windows encryption and OpenSSL functions are also hooked so that plain text of data being sent and received over an encrypted session is also available. Traffic can be intercepted in real-time, or manipulated with regular expressions and action scripts
| | Author: | Dave | | Homepage: | http://www.bindshell.net/tools/echomirage/ | | File Size: | 651660 | | Last Modified: | Oct 3 19:04:26 2006 |
| MD5 Checksum: | 44055140ab5472d8e65d685ca86ee0c6 |
|
| /// File Name: |
uhooker_v1.2.tgz |
Description:
|
The Universal Hooker is a tool to intercept execution of programs. It enables the user to intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory. The Universal Hooker tries to create very simple abstractions that allow a user of the tool to write hooks for different API and non-API functions using an interpreted language (python), without the need to compile anything, and with the possibility of changing the code that gets executed when the hooked function is called in run-time.
| | Homepage: | http://oss.coresecurity.com/projects/uhooker.htm | | Changes: | Multiple bug fixes, enhancements, and features have been added. | | File Size: | 61894 | | Last Modified: | Sep 7 05:14:40 2006 |
| MD5 Checksum: | 694b79a4fda0e478e560620f0f1e445f |
|
| /// File Name: |
uhooker_v1.0.tgz |
Description:
|
The Universal Hooker is a tool to intercept execution of programs. It enables the user to intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory. The Universal Hooker tries to create very simple abstractions that allow a user of the tool to write hooks for different API and non-API functions using an interpreted language (python), without the need to compile anything, and with the possibility of changing the code that gets executed when the hooked function is called in run-time.
| | Homepage: | http://oss.coresecurity.com/projects/uhooker.htm | | File Size: | 113511 | | Last Modified: | Jun 28 23:07:25 2006 |
| MD5 Checksum: | 3ce6915a59ff45b32055d496e4f67760 |
|
| /// File Name: |
smac20_setup.exe |
Description:
|
SMAC 2.0 is a MAC Address spoofer for Windows 2000, XP and 2003 systems. Users can generate random MAC Address and SMAC will validate MAC Address before spoofing. User can pre-define MAC addresses and load the MAC Address list. Spoofed MAC Address can sustain from reboots.
| | Author: | KLC Consulting Security Team | | Homepage: | http://www.klcconsulting.net/smac | | File Size: | 5168831 | | Last Modified: | May 21 15:23:18 2006 |
| MD5 Checksum: | f97d67f4a512b747d736151a11cacde4 |
|
| /// File Name: |
metacab-2006-04-R5.zip |
Description:
|
Metacab (meta.cab) is a single, inclusive Microsft CAB file of remote administration tools. The CAB file and everything within can be decompressed, installed and used with only cmd.exe. Includes: WinPcap needed for Nmap, DCOM RPC overflow exploit, Simple bat file to ping sweep a Class D, HOD's PnP exploit, Netcat CAB, Nmap CAB, VNC CAB.
| | Author: | Phoenix 2600 | | Changes: | Now includes TCPDUMP, install.bat hides Metacab install, map.bat timeout cut in half, Naming is cleaner, Updated README, including links to sources. Homepage http://www.phx2600.org. | | File Size: | 1398661 | | Last Modified: | Apr 27 18:04:45 2006 |
| MD5 Checksum: | c6ee4155396f5027ab2b60cb3d79f2fd |
|
| /// File Name: |
metacab-2006-04-R3.zip |
Description:
|
Metacab (meta.cab) is a single, inclusive Microsft CAB file of remote administration tools. The CAB file and everything within can be decompressed, installed and used with only cmd.exe. Includes: WinPcap needed for Nmap, DCOM RPC overflow exploit, Simple bat file to ping sweep a Class D, HOD's PnP exploit, Netcat CAB, Nmap CAB, VNC CAB.
| | Author: | Phoenix 2600 | | Homepage: | http://www.phx2600.org | | File Size: | 1116569 | | Last Modified: | Apr 17 14:45:28 2006 |
| MD5 Checksum: | 6e4ae30da5c8fe91318f6252447e5cf1 |
|
| /// File Name: |
lbrute.zip |
Description:
|
lbture is a local Windows account password brute forcer. It supports dictionary attacks and resume. Works on Windows NT/2K/XP/2K3.
| | Homepage: | http://warl0ck.metaeye.org/ | | File Size: | 40640 | | Last Modified: | Apr 12 00:22:52 2006 |
| MD5 Checksum: | 7b9101ddddd40f32e3d74eda14219e54 |
|
| /// File Name: |
HookExplorer.zip |
Description:
|
HookExplorer is a small GPL utility designed to scan a target process and identify any IAT or detours style hooks that may be installed by unknown code. Data is presented in an easy to digest format and allows for custom filters to help trim results.
| | Homepage: | http://labs.idefense.com/labs-software.php?show=19 | | File Size: | 250442 | | Last Modified: | Apr 4 16:59:34 2006 |
| MD5 Checksum: | 2bb04344700caf643472255f3c4dafbf |
|
| /// File Name: |
sec_cloak.zip |
Description:
|
Security Cloak is designed to protect against TCP/IP stack fingerprinting and computer identification/information leakage via timestamp and window options by modifying relevant registry keys. The settings used are based on the results of SYN packet analysis by p0f. While the OS reported by other OS detection scanners were not identical to those of p0f, testing against Nmap, xprobe2, queso and cheops showed that they were unable to identify the correct operating system/version after Security Cloak settings had been applied.
| | Author: | Craig Heffner | | Homepage: | http://www.craigheffner.com/security | | File Size: | 10138 | | Last Modified: | Mar 8 23:40:08 2006 |
| MD5 Checksum: | 71270c9f80595377033308ee642d084d |
|
| /// File Name: |
minishell.zip |
Description:
|
Small bindshell (908 bytes for binary) for Windows compacted to 804 bytes with a little Headers modification. Both binary and Source code (VC++) included.
| | Author: | Miguel Tarasco Acuna,Andres Tarasco | | Homepage: | http://www.haxorcitos.com/ | | File Size: | 5206 | | Last Modified: | Feb 13 23:52:12 2006 |
| MD5 Checksum: | e275e14e75886fcd4294ead4c4c1667b |
|
| /// File Name: |
changemac-win.c |
Description:
|
MAC changing utility that can be used on Windows from the command line.
| | Author: | Robbe De Keyzer | | File Size: | 6144 | | Last Modified: | Dec 31 02:34:47 2005 |
| MD5 Checksum: | 4eff620a8f4c19d1135ff3278e7da1c3 |
|
| /// File Name: |
httprint_win32_301.zip |
Description:
|
httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. httprint can import web servers from nmap network scans, if they are saved in XML format. The current version adds the ability to save reports in CSV and XML formats, and features a completely new method of scoring by confidence ratings to minimize false positives. This version is the Windows release.
| | Author: | Saumil Shah | | Homepage: | http://net-square.com/httprint/ | | Changes: | New multi-threaded engine. SSL in formation gathering. Automatic SSL port detection. Various bug fixes. | | File Size: | 811893 | | Last Modified: | Dec 28 18:16:18 2005 |
| MD5 Checksum: | a66408308c3f540030bbb0d59716b032 |
|
| /// File Name: |
xpfiremon.zip |
Description:
|
XPFiremon is a system tray application that will monitor the settings and services associated with the Windows firewall to ensure they are running. If they are disabled a warning is popped up onto the screen and the system tray icon will turn red. The program allows the user to configure, start, and stop the firewall.
| | Author: | Inferno | | File Size: | 54622 | | Last Modified: | Nov 20 02:40:53 2005 |
| MD5 Checksum: | c4a18c09cb25d33d3861576df1dbd43e |
|
| /// File Name: |
ipeyegui.rar |
Description:
|
This is a GUI for the windows TCP portscanning tool ipEye. ipEye GUI comes with a copy of ipEye, and include visual basic 6 source code.
| | Author: | Digital Blast Inc. | | Homepage: | http://digitalblast.shinranet.com/ | | File Size: | 42893 | | Last Modified: | Oct 18 19:24:58 2005 |
| MD5 Checksum: | 97dde445e1208c331949d061f490080c |
|
| /// File Name: |
KNOCK-0-81.ZIP |
Description:
|
The Doorman is a port-knocking listener daemon which helps users secure private servers. It allows a server to run invisibly, with all TCP ports closed. This version is the Microsoft Windows binary executable release.
| | Author: | Bruce Ward | | Homepage: | http://doorman.sourceforge.net/ | | Changes: | Fixed the silent doorman problem. | | File Size: | 36738 | | Last Modified: | Sep 7 04:36:53 2005 |
| MD5 Checksum: | c299f069aded9f65d74c37de0c93e031 |
|
| /// File Name: |
IRCRv2.1.zip |
Description:
|
The Incident Response Collection Report is a script to call a collection of tools that gathers and/or analyzes data on a Microsoft Windows system. You can think of this as a snapshot of the system in the past. Most of the tools are oriented towards data collection rather than analysis.
| | Author: | John McLeod | | Homepage: | http://tools.phantombyte.com/ | | Changes: | IRCR version 2 is a complete code change from Perl to DOS batch file. Anyone should be able to modify the batch file to suite their needs. Requires the HELIX (www.e-fense.com/helix) IR folder to run. | | File Size: | 32300 | | Last Modified: | Aug 13 03:06:23 2005 |
| MD5 Checksum: | 7061fd54ada29878c7b513b9cff1bc39 |
|
| /// File Name: |
msnfuzzer.txt |
Description:
|
Fuzzer that can be used for checking MSN passwords.
| | Homepage: | http://www.class101.org/ | | File Size: | 17337 | | Last Modified: | Aug 11 01:09:27 2005 |
| MD5 Checksum: | 25c1e4a9daf86d6454c5fd253da92841 |
|
| /// File Name: |
process_stalker.zip |
Description:
|
Process Stalker is a software package that combines the process of run-time profiling, state mapping, and tracing. Consisting of a series of tools and scripts, the goal of a successful stalk is to provide the reverse engineer with an intuitive visual interface to filtered, meaningful, run-time block-level trace data.
| | Author: | Pedram Amini | | Homepage: | http://labs.idefense.com/ | | File Size: | 978069 | | Last Modified: | Jul 7 09:39:47 2005 |
| MD5 Checksum: | 279fef6cbfb8a5edddc8456f6942d13b |
|
| /// File Name: |
olly_heap_vis.zip |
Description:
|
OllyDbg Heap Vis plugin that adds the Heap option under the View menu for Windows variants that do not have this functionality.
| | Homepage: | http://labs.idefense.com/ | | File Size: | 329232 | | Last Modified: | Jun 18 15:40:50 2005 |
| MD5 Checksum: | 815b1dd9cd01a6dae3a2374cac590384 |
|
| /// File Name: |
olly_bp_man.zip |
Description:
|
iDEFENSE Labs release of the OllyDbg Breakpoint Manager, an OllyDbg plug-in developed to address some shortcomings of the built-in breakpoint management functionality. The plug-in provides three main functions - breakpoint exporting, breakpoint importing and automatic breakpoint loading. Offsets are used in place of absolute addresses to support setting and restoring breakpoints on modules that move around in memory.
| | Author: | Pedram Amini | | Homepage: | http://labs.idefense.com | | File Size: | 160324 | | Last Modified: | Apr 17 14:09:20 2005 |
| MD5 Checksum: | 0c98bebf071a90b41292fd1860c42960 |
|
| /// File Name: |
cachedump-1.1.zip |
Description:
|
CacheDump is a tool that demonstrates how to recover cache entry information: username and hashed password (called MSCASH). This tool also explains the technical issues underneath Windows password cache entries, which are undocumented by Microsoft.
| | Author: | Arnaud Pilon | | Homepage: | http://www.cr0.net:8040/misc/cachedump.html | | Changes: | Bug fixes, domain DNS, and display domain name changes. | | File Size: | 42838 | | Last Modified: | Mar 25 00:18:17 2005 |
| MD5 Checksum: | dec7d6a768a1f3f403f1d8a45eb061b9 |
|
| /// File Name: |
cachedump-1.0.zip |
Description:
|
CacheDump is a tool that demonstrates how to recover cache entry information: username and hashed password (called MSCASH). This tool also explains the technical issues underneath Windows password cache entries, which are undocumented by Microsoft.
| | Author: | Arnaud Pilon | | Homepage: | http://www.cr0.net:8040/misc/cachedump.html | | File Size: | 42014 | | Last Modified: | Jan 12 02:50:43 2005 |
| MD5 Checksum: | 5065266fbad9362d5a329c5388627ea5 |
|
| /// File Name: |
mac_v01.zip |
Description:
|
MAC address modification utility for Windows 2000 / XP / 2003 Server.
| | Author: | Gogu Gigi | | File Size: | 8192 | | Last Modified: | Jan 7 11:34:48 2005 |
| MD5 Checksum: | d02dc661b03005c109e03c5be8cde416 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
