Section: .. / Win /
|
Windows tools - This directory contains hundreds of assorted Windows security tools. Try them out first on a test machine first unless you are sure you know what you are doing.
|
| /// File Name: |
winappdbg-1.2.tar.bz2 |
Description:
|
The WinAppDbg python module allows developers to quickly add Windows application debugging facilities to your Python scripts.
| | Homepage: | http://sourceforge.net/apps/trac/winappdbg/ | | File Size: | 131815 | | Last Modified: | Jun 16 14:52:25 2009 |
| MD5 Checksum: | 6a34a6a04c145000968bb24e03eb38bc |
|
| /// File Name: |
processhacker-1.3.6.5-src.zip |
Description:
|
Process Hacker is a feature-packed tool for manipulating processes and services on your computer. It can show you the threads (with symbols), modules, memory regions, handles and token of processes. It has detailed graphs that show CPU usage, memory usage and I/O activity. It can even change the DEP status of some processes and protect/unprotect them! It can read/write memory using a built-in hex editor and search through memory. It has a powerful run-as tool that can run programs as almost any user, including SYSTEM, LOCAL SERVICE and NETWORK SERVICE. Finally, its kernel-mode driver enables Process Hacker to show information for any process, even if it is protected by a rootkit. This zip file is the source distribution.
| | Homepage: | http://processhacker.sourceforge.net/ | | File Size: | 1558245 | | Last Modified: | Apr 14 19:06:06 2009 |
| MD5 Checksum: | 7cd5420d1ea764c8cb142aa8d9e13e71 |
|
| /// File Name: |
processhacker-1.3.6.5-bin.zip |
Description:
|
Process Hacker is a feature-packed tool for manipulating processes and services on your computer. It can show you the threads (with symbols), modules, memory regions, handles and token of processes. It has detailed graphs that show CPU usage, memory usage and I/O activity. It can even change the DEP status of some processes and protect/unprotect them! It can read/write memory using a built-in hex editor and search through memory. It has a powerful run-as tool that can run programs as almost any user, including SYSTEM, LOCAL SERVICE and NETWORK SERVICE. Finally, its kernel-mode driver enables Process Hacker to show information for any process, even if it is protected by a rootkit. This zip file is the binary distribution.
| | Homepage: | http://processhacker.sourceforge.net/ | | File Size: | 746707 | | Last Modified: | Apr 14 19:05:59 2009 |
| MD5 Checksum: | 647386cf5b0f73c8910f293dddaaaae6 |
|
| /// File Name: |
winftprecon0.9beta2.tgz |
Description:
|
winftprecon is a tool to poll a Windows based FTP service for the output of the SITE STATS command. The SITE STATS command gives out statistics on the FTP service which can be used for simple statistics purposes but also for remote enumeration of the FTP service for attack and penetration purposes. The output of the SITE STATS command, if supported and enabled, consists of a list of FTP commands that were issued towards the FTP service and how many time in the form of a number. The information can be saved in csv format or saved in a sqlite3 database as dataset for statistics and enumeration of the ftp service to obtain valuable information towards attack/assessment planning.
| | Author: | Tom Van de Wiele | | File Size: | 5322 | | Last Modified: | Mar 24 01:18:16 2009 |
| MD5 Checksum: | 7cedfe3ad8f1dff06a7576ead3bc4c60 |
|
| /// File Name: |
pt-check-09-001.zip |
Description:
|
Standalone MS vulnerabilities network scanner to help identify systems vulnerable to the MS08-067, MS08-065 and MS09-001 (Microsoft Bulletins) flaws. The utility operates in PenTest mode. This requires no special rights to detect network nodes without updates. System administrators and security professionals can use this utility for fast and easy discovery of vulnerable systems and install appropriate patches according to the scanning results.
| | Homepage: | http://www.securitylab.ru/ | | File Size: | 61282 | | Last Modified: | Feb 27 17:29:40 2009 |
| MD5 Checksum: | 182b4a62d0f99f0a01e79a9e63464dee |
|
| /// File Name: |
JASNMP.zip |
Description:
|
JA-SNMP-Reader is a simple Windows executable that reads values from an OID of a given SNMP Agent.
| | Author: | Jerome Athias | | File Size: | 4462717 | | Last Modified: | Dec 30 14:14:28 2008 |
| MD5 Checksum: | 0e01e20163806e271245cbde3cc37c42 |
|
| /// File Name: |
KomodiaLSP.zip |
Description:
|
A repacked version of the Microsoft free LSP sample and Komodia's LSP guide. LSP is a technology that allows to intercepts all commands between an application and winsock (ws2_32.dll) thus allowing to log all network data, modify network commands and even change inbound/outbound data.
| | Author: | Barak Weichselbaum | | Homepage: | http://www.komodia.com/ | | File Size: | 469594 | | Last Modified: | Dec 9 02:05:57 2008 |
| MD5 Checksum: | 08af247b780b56fb35c59822fd4b71ac |
|
| /// File Name: |
smbrelay3.zip |
Description:
|
SmbRelay3 is a proof of concept tool that is able to replay NTLM authentication from several protocols like SMB/HTTP/IMAP/etc.
| | Author: | Andres Tarasco | | Homepage: | http://www.514.es/ | | File Size: | 546679 | | Last Modified: | Nov 14 16:02:58 2008 |
| MD5 Checksum: | d764203437eff48fca628ba178318bb7 |
|
| /// File Name: |
CoolCon0.2.rar |
Description:
|
A simple command-line converter written in C language (win32) that converts input as string or integer. ASCII to Binary/Decimal/Octal/Hexadecimal, Binary to Decimal/Octal/Hexadecimal, Decimal to Binary/Octal/Hexadecimal. ROT13 and URL Unicode UTF-8 encoding feature. Compiled .exe binary and .c source code included. Updated version of CoolCon v0.01.
| | Author: | LiquidWorm | | Homepage: | http://www.itsec.com.mk/ | | File Size: | 14515 | | Last Modified: | Sep 14 16:08:31 2008 |
| MD5 Checksum: | 121ca52e400d9018132ab05dd484b5d6 |
|
| /// File Name: |
collabreate-defcon.tgz |
Description:
|
CollabREate is an IDA Pro plugin with a server backend that allows multiple people to collaborate on a single RE (reverse engineering) project. This is the Defcon demo bundle.
| | Author: | Chris Eagle,Tim Vidas | | Homepage: | http://www.idabook.com/defcon/ | | File Size: | 233811 | | Last Modified: | Aug 20 03:34:31 2008 |
| MD5 Checksum: | d205984bf3188797c6e56f224938cda7 |
|
| /// File Name: |
ProcL.zip |
Description:
|
ProcL is a utility that detects hidden processes. The methods of detecting hidden processes examines each kernel object - EPROCESS, ETHREADS, HANDLES, JOBS.
| | Homepage: | http://www.scanit.net/rd/tools/03 | | File Size: | 161304 | | Last Modified: | Aug 1 16:21:19 2008 |
| MD5 Checksum: | 3d4bbfec18ed54c58e14f984c8a11a88 |
|
| /// File Name: |
SDTCleaner-v1.0.zip |
Description:
|
SDT Cleaner is a small laboratory tool that attempts to restore the pointers installed by Anti-Virus and Firewalls in the SSDT (System Service Descriptor Table).
| | Author: | Nahuel Riva | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 243769 | | Last Modified: | Jul 23 19:57:13 2008 |
| MD5 Checksum: | 9123411f2b13fc9ec9a831f7e8a6514d |
|
| /// File Name: |
pshtoolkit_v1.4-src.tgz |
Description:
|
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).
| | Author: | Hernan Ochoa | | Homepage: | http://oss.coresecurity.com/ | | Changes: | Support for XP SP 3 for whosthere/iam. New switches. | | File Size: | 42406 | | Last Modified: | Jul 9 21:22:55 2008 |
| MD5 Checksum: | e8ad895ec745e26b339aafa9a4ad1822 |
|
| /// File Name: |
pshtoolkit_v1.3-src.tgz |
Description:
|
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).
| | Author: | Hernan Ochoa | | Homepage: | http://oss.coresecurity.com/ | | Changes: | Various updates. | | File Size: | 38281 | | Last Modified: | Mar 3 14:35:45 2008 |
| MD5 Checksum: | 548e936b9b17ab10fa8032b0ecb61283 |
|
| /// File Name: |
pshtoolkit_v1.2_src.tgz |
Description:
|
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!). Both source tarball and binary tarballs are included.
| | Author: | Hernan Ochoa | | Homepage: | http://oss.coresecurity.com/ | | Changes: | Various updates. | | File Size: | 17212 | | Last Modified: | Jan 21 21:42:32 2008 |
| MD5 Checksum: | 9ed448f068a585eee10146a1cffb428f |
|
| /// Directory: |
/ winfingerprint / |
Description:
|
Winfingerprint 2 is a console based Win32 discovery tool.
| | Total Files: | 24 | | Last Modified: | Jan 3 20:22:53 2008 |
|
| /// File Name: |
uhooker_v1.3.tgz |
Description:
|
The Universal Hooker is a tool to intercept execution of programs. It enables the user to intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory. The Universal Hooker tries to create very simple abstractions that allow a user of the tool to write hooks for different API and non-API functions using an interpreted language (python), without the need to compile anything, and with the possibility of changing the code that gets executed when the hooked function is called in run-time.
| | Homepage: | http://oss.coresecurity.com/projects/uhooker.htm | | Changes: | Several bug fixes. | | File Size: | 74047 | | Last Modified: | Dec 17 21:10:18 2007 |
| MD5 Checksum: | 677ed30fea6cdd16a26416b1b89bf16c |
|
| /// Directory: |
/ genius / |
Description:
|
Genius - Enhancements for Windows 95/98/NT
| | Total Files: | 6 | | Last Modified: | Oct 15 22:31:40 2007 |
|
| /// Directory: |
/ patches / |
Description:
|
Unavailable.
| | Total Files: | 3 | | Last Modified: | Sep 5 21:26:30 2007 |
|
| /// Directory: |
/ misc / |
Description:
|
Miscellaneous Windows Files (e.g. OCX/VB/Winsock) to run certain applications.
| | Total Files: | 32 | | Last Modified: | Sep 5 21:26:27 2007 |
|
| /// Directory: |
/ cgi-scanners / |
Description:
|
Windows CGI / Web Vulnerability Scanners
| | Total Files: | 3 | | Last Modified: | Sep 5 21:26:22 2007 |
|
| /// File Name: |
pshtoolkit-1.1.tgz |
Description:
|
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!). Both source tarball and binary tarballs are included.
| | Author: | Hernan Ochoa | | Homepage: | http://oss.coresecurity.com/ | | Changes: | Improvements for the German and French versions of Microsoft Windows XPSP2, Windows 2003 SP1/SP2, and more. | | File Size: | 134356 | | Last Modified: | Sep 5 01:08:20 2007 |
| MD5 Checksum: | c3c250b9475fbfe42cf275475d05bd3c |
|
| /// File Name: |
pshtoolkit-1.0.tgz |
Description:
|
The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions maintained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!). Both source tarball and binary tarballs are included.
| | Author: | Hernan Ochoa | | Homepage: | http://oss.coresecurity.com/ | | File Size: | 122577 | | Last Modified: | Aug 16 04:51:32 2007 |
| MD5 Checksum: | 93512dd3912e0cbc8c16551c50592991 |
|
|
|
|
|