Section: .. / Win /
|
Windows tools - This directory contains hundreds of assorted Windows security tools. Try them out first on a test machine first unless you are sure you know what you are doing.
|
| /// File Name: |
reglookup-0.12.0.tar.gz |
Description:
|
RegLookup is a small command line utility for parsing and searching registry files from Windows NT and later.
| | Author: | Timothy D. Morgan | | Homepage: | http://projects.sentinelchicken.org/reglookup/ | | Changes: | Big data support was improved and added to reglookup-recover. A -i option was added to reglookup for assisting with timeline generation. Unicode support was improved by correctly interpreting UTF-16LE key and value names. Data type interpretation was moved into regfi, and the regfi library interface was reorganized. regfi documentation was improved and Doxygen formatting was added. | | File Size: | 95483 | | Last Modified: | Mar 9 16:12:34 2010 |
| MD5 Checksum: | 7fa5bd1f55f3f8345952bf6a03ef2e1a |
|
| /// File Name: |
AdvancedWinServiceManager.zip |
Description:
|
AdvancedWinServiceManager is a smart tool to remove hidden rootkit services. It makes it easy to eliminate such malicious services by separating out third party services from Windows services. By default it shows only third party services along with more details such as Company Name, Description, Install Date, File Path etc at one place which helps in quickly differentiating between legitimate and malicious services. It comes with rich features such as detecting hidden rootkit services, exporting the service list to html based log file, displaying only third party services etc.
| | Homepage: | http://www.spywareanalytics.com/ | | File Size: | 226161 | | Last Modified: | Mar 6 10:33:26 2010 |
| MD5 Checksum: | edff068f86952106dba21a8ffe5e9a9d |
|
| /// File Name: |
WebRaider-0.2.3.8.zip |
Description:
|
WebRaider is a proof of concept quality tool to get a reverse shell out of SQL injection (MS-SQL) by using One Click Ownage.
| | Author: | Ferruh Mavituna | | File Size: | 14014017 | | Last Modified: | Mar 2 21:29:05 2010 |
| MD5 Checksum: | ffd9c7091633668de0d1a022a97bd39c |
|
| /// File Name: |
ieceo1.cpp.txt |
Description:
|
This is another dirty mitigation for another Internet Explorer zero-day vulnerability. This mitigation works by registering as a Browser Helper Object, then modifying MSHTML.DLL in memory to break createEventObject.
| | Author: | Derek Soeder | | File Size: | 13738 | | Last Modified: | Jan 18 20:16:38 2010 |
| MD5 Checksum: | fb9425e15540fe8651595cb514b0d39a |
|
| /// File Name: |
tsl-bypass.txt |
Description:
|
This registry code allows any terminal client access to a Terminal Server. It bypasses the Microsoft "Terminal Server License" and allows the client to create a session on the server without a CAL (Client Access License) or MS Open License. It works on WinNT, Win2000, Win2003 server and Win2008 server.
| | Author: | Zorzan Urban Pawel | | Homepage: | http://www.pawelzorzan.eu/ | | File Size: | 23020 | | Last Modified: | Jan 11 17:21:23 2010 |
| MD5 Checksum: | 41053a7e4a261472d04cdc1eea0cae07 |
|
| /// File Name: |
iissemi1_cpp.txt |
Description:
|
This code was released to mitigate the Microsoft IIS semi-colon vulnerability. It's intended for IIS 4.0, 5.x, and 6.0.
| | Author: | Derek Soeder | | File Size: | 19359 | | Last Modified: | Dec 30 13:35:31 2009 |
| MD5 Checksum: | db33583aeba8b7ee1bfde1461d772560 |
|
| /// File Name: |
WinScanX_Basic.zip |
Description:
|
WinScanX is a Windows enumeration utility featuring over 20 options including the ability to identify easy-to-guess Windows passwords, the ability to identify easy-to-guess SNMP community strings, and the ability to locate and decrypt WinVNC passwords. Includes an optional GUI front-end.
| | Author: | Reed Arvin | | Homepage: | http://windowsaudit.com/ | | File Size: | 100810 | | Last Modified: | Dec 22 16:27:30 2009 |
| MD5 Checksum: | 46f9d4769513714550c3368066a2122d |
|
| /// File Name: |
winappdbg-1.3.tar.bz2 |
Description:
|
The WinAppDbg python module allows developers to quickly add Windows application debugging facilities to your Python scripts.
| | Homepage: | http://sourceforge.net/apps/trac/winappdbg/ | | Changes: | 64 bit support. Windows Vista and 7 support. Various other support. | | File Size: | 174560 | | Last Modified: | Dec 1 15:50:39 2009 |
| MD5 Checksum: | 4c07d425bd8e8d4d48168cb1e6fa5dbd |
|
| /// File Name: |
styledll-mitigate.txt |
Description:
|
This code is for a DLL that loads into Internet Explorer as a BHO and modifies MSHTML.DLL in memory to mitigate attempts by the getElementsByTagName Body Style vulnerability.
| | Author: | Derek Soeder | | Related Exploit: | iestyle-0day.txt | | File Size: | 16019 | | Last Modified: | Nov 23 18:15:55 2009 |
| MD5 Checksum: | 33c5b8d8cbd660aa00712ba7d659b926 |
|
| /// File Name: |
DamBurst-1.2.exe |
Description:
|
Dam Burst is a simple utility that allows an unprivileged user to disable the censorship functionality of the Green Dam Youth Escort software. Dam Burst operates by injecting code into a running application and removing the Green Dam hooks that enable it to monitor and block user activity, effectively restoring the running application to its original uncensored state.
| | Author: | Jon Oberheide | | Homepage: | http://jon.oberheide.org/damburst/ | | File Size: | 96680 | | Last Modified: | Sep 29 11:10:30 2009 |
| MD5 Checksum: | bacb81fa63707e78ca1ec66d2241773a |
|
| /// File Name: |
winappdbg-1.2.tar.bz2 |
Description:
|
The WinAppDbg python module allows developers to quickly add Windows application debugging facilities to your Python scripts.
| | Homepage: | http://sourceforge.net/apps/trac/winappdbg/ | | File Size: | 131815 | | Last Modified: | Jun 16 14:52:25 2009 |
| MD5 Checksum: | 6a34a6a04c145000968bb24e03eb38bc |
|
| /// File Name: |
processhacker-1.3.6.5-src.zip |
Description:
|
Process Hacker is a feature-packed tool for manipulating processes and services on your computer. It can show you the threads (with symbols), modules, memory regions, handles and token of processes. It has detailed graphs that show CPU usage, memory usage and I/O activity. It can even change the DEP status of some processes and protect/unprotect them! It can read/write memory using a built-in hex editor and search through memory. It has a powerful run-as tool that can run programs as almost any user, including SYSTEM, LOCAL SERVICE and NETWORK SERVICE. Finally, its kernel-mode driver enables Process Hacker to show information for any process, even if it is protected by a rootkit. This zip file is the source distribution.
| | Homepage: | http://processhacker.sourceforge.net/ | | File Size: | 1558245 | | Last Modified: | Apr 14 19:06:06 2009 |
| MD5 Checksum: | 7cd5420d1ea764c8cb142aa8d9e13e71 |
|
| /// File Name: |
processhacker-1.3.6.5-bin.zip |
Description:
|
Process Hacker is a feature-packed tool for manipulating processes and services on your computer. It can show you the threads (with symbols), modules, memory regions, handles and token of processes. It has detailed graphs that show CPU usage, memory usage and I/O activity. It can even change the DEP status of some processes and protect/unprotect them! It can read/write memory using a built-in hex editor and search through memory. It has a powerful run-as tool that can run programs as almost any user, including SYSTEM, LOCAL SERVICE and NETWORK SERVICE. Finally, its kernel-mode driver enables Process Hacker to show information for any process, even if it is protected by a rootkit. This zip file is the binary distribution.
| | Homepage: | http://processhacker.sourceforge.net/ | | File Size: | 746707 | | Last Modified: | Apr 14 19:05:59 2009 |
| MD5 Checksum: | 647386cf5b0f73c8910f293dddaaaae6 |
|
| /// File Name: |
winftprecon0.9beta2.tgz |
Description:
|
winftprecon is a tool to poll a Windows based FTP service for the output of the SITE STATS command. The SITE STATS command gives out statistics on the FTP service which can be used for simple statistics purposes but also for remote enumeration of the FTP service for attack and penetration purposes. The output of the SITE STATS command, if supported and enabled, consists of a list of FTP commands that were issued towards the FTP service and how many time in the form of a number. The information can be saved in csv format or saved in a sqlite3 database as dataset for statistics and enumeration of the ftp service to obtain valuable information towards attack/assessment planning.
| | Author: | Tom Van de Wiele | | File Size: | 5322 | | Last Modified: | Mar 24 01:18:16 2009 |
| MD5 Checksum: | 7cedfe3ad8f1dff06a7576ead3bc4c60 |
|
| /// File Name: |
pt-check-09-001.zip |
Description:
|
Standalone MS vulnerabilities network scanner to help identify systems vulnerable to the MS08-067, MS08-065 and MS09-001 (Microsoft Bulletins) flaws. The utility operates in PenTest mode. This requires no special rights to detect network nodes without updates. System administrators and security professionals can use this utility for fast and easy discovery of vulnerable systems and install appropriate patches according to the scanning results.
| | Homepage: | http://www.securitylab.ru/ | | File Size: | 61282 | | Last Modified: | Feb 27 17:29:40 2009 |
| MD5 Checksum: | 182b4a62d0f99f0a01e79a9e63464dee |
|
| /// File Name: |
JASNMP.zip |
Description:
|
JA-SNMP-Reader is a simple Windows executable that reads values from an OID of a given SNMP Agent.
| | Author: | Jerome Athias | | File Size: | 4462717 | | Last Modified: | Dec 30 14:14:28 2008 |
| MD5 Checksum: | 0e01e20163806e271245cbde3cc37c42 |
|
| /// File Name: |
KomodiaLSP.zip |
Description:
|
A repacked version of the Microsoft free LSP sample and Komodia's LSP guide. LSP is a technology that allows to intercepts all commands between an application and winsock (ws2_32.dll) thus allowing to log all network data, modify network commands and even change inbound/outbound data.
| | Author: | Barak Weichselbaum | | Homepage: | http://www.komodia.com/ | | File Size: | 469594 | | Last Modified: | Dec 9 02:05:57 2008 |
| MD5 Checksum: | 08af247b780b56fb35c59822fd4b71ac |
|
| /// File Name: |
smbrelay3.zip |
Description:
|
SmbRelay3 is a proof of concept tool that is able to replay NTLM authentication from several protocols like SMB/HTTP/IMAP/etc.
| | Author: | Andres Tarasco | | Homepage: | http://www.514.es/ | | File Size: | 546679 | | Last Modified: | Nov 14 16:02:58 2008 |
| MD5 Checksum: | d764203437eff48fca628ba178318bb7 |
|
| /// File Name: |
CoolCon0.2.rar |
Description:
|
A simple command-line converter written in C language (win32) that converts input as string or integer. ASCII to Binary/Decimal/Octal/Hexadecimal, Binary to Decimal/Octal/Hexadecimal, Decimal to Binary/Octal/Hexadecimal. ROT13 and URL Unicode UTF-8 encoding feature. Compiled .exe binary and .c source code included. Updated version of CoolCon v0.01.
| | Author: | LiquidWorm | | Homepage: | http://www.itsec.com.mk/ | | File Size: | 14515 | | Last Modified: | Sep 14 16:08:31 2008 |
| MD5 Checksum: | 121ca52e400d9018132ab05dd484b5d6 |
|
| /// File Name: |
collabreate-defcon.tgz |
Description:
|
CollabREate is an IDA Pro plugin with a server backend that allows multiple people to collaborate on a single RE (reverse engineering) project. This is the Defcon demo bundle.
| | Author: | Chris Eagle,Tim Vidas | | Homepage: | http://www.idabook.com/defcon/ | | File Size: | 233811 | | Last Modified: | Aug 20 03:34:31 2008 |
| MD5 Checksum: | d205984bf3188797c6e56f224938cda7 |
|
| /// File Name: |
ProcL.zip |
Description:
|
ProcL is a utility that detects hidden processes. The methods of detecting hidden processes examines each kernel object - EPROCESS, ETHREADS, HANDLES, JOBS.
| | Homepage: | http://www.scanit.net/rd/tools/03 | | File Size: | 161304 | | Last Modified: | Aug 1 16:21:19 2008 |
| MD5 Checksum: | 3d4bbfec18ed54c58e14f984c8a11a88 |
|
| /// File Name: |
SDTCleaner-v1.0.zip |
Description:
|
SDT Cleaner is a small laboratory tool that attempts to restore the pointers installed by Anti-Virus and Firewalls in the SSDT (System Service Descriptor Table).
| | Author: | Nahuel Riva | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 243769 | | Last Modified: | Jul 23 19:57:13 2008 |
| MD5 Checksum: | 9123411f2b13fc9ec9a831f7e8a6514d |
|
| /// File Name: |
pshtoolkit_v1.4-src.tgz |
Description:
|
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).
| | Author: | Hernan Ochoa | | Homepage: | http://oss.coresecurity.com/ | | Changes: | Support for XP SP 3 for whosthere/iam. New switches. | | File Size: | 42406 | | Last Modified: | Jul 9 21:22:55 2008 |
| MD5 Checksum: | e8ad895ec745e26b339aafa9a4ad1822 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
