SkipFish is a fully automated, active web application security reconnaissance tool.

Key Features:

• High Speed: Pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
• Ease of Use: Heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
• Cutting-Edge Security Logic: High quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

The tool is believed to support Linux, FreeBSD 7.0+, MacOS X, and Windows (Cygwin) environments.

Download: skipfish-1.13b.tgz

More Info: SkipFish – Project Home

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.

Ncrack’s features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap’s and many more.

Ncrack was started as a “Google Summer of Code” Project in 2009. While it is already useful for some purposes, it is still unfinished, alpha quality software. It is released as a standalone tool.

Ncrack is available for many different platforms, including Linux, *BSD, Windows and Mac OS X. There are already installers for Windows and Mac OS X and there is a universal source code tarball that can be compiled on every system.

Example: A representative Ncrack scan

Downloads:
http://nmap.org/ncrack/dist/ncrack-0.01ALPHA.tar.gz
http://nmap.org/ncrack/dist/ncrack-0.01ALPHA-setup.exe
http://nmap.org/ncrack/dist/ncrack-0.01ALPHA.dmg

Ncrack Man Page: http://nmap.org/ncrack/man.html

Ncrack Home: http://nmap.org/ncrack

FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses. Provides a console interface so you can easily integrate this tool to your pentest automation system.

It retrieves domain names/web sites which are located on specified ip address/hostname.

This tool is prepared by starting with Bing API 2.0 code sample.

In order to use FindDomains :

• Create an appid from “Bing Developers”, this link.
• It’ll be like that : 32AFB589D1C8B4FEC73D4BCB6EA0AD810E0FA2C7
• When you have registered an appid, enter it to the “appid.txt” which is on program directory.

Some outlines :

• Uses Bing search engine. Works with first 1000 records.
• Multithreaded on crawling and DNS resolution.
• Performs DNS resolution for extracted domains to eleminate cached/old records.
• Has a console interface so it can be very useful with some command-line foo.
• Works with Mono. But running under Windows is more efficient.

Sample usage :

1) FindDomains.exe 1.2.3.4
2) FindDomains.exe www.hotmail.com

Requirements :
1) NET Framework 3.5. Also working with Mono.

Download: FindDomainsv0.1.1.rar

More Info: FindDomains Project Home

inSSIDer is an award-winning free Wi-Fi network scanner for Windows Vista and Windows XP. Because NetStumbler doesn’t work well with Vista and 64-bit XP, an open-source Wi-Fi network scanner designed for the current generation of Windows operating systems.

What’s Unique about inSSIDer?

• Use Windows Vista and Windows XP 64-bit.
• Uses the Native Wi-Fi API.
• Group by Mac Address, SSID, Channel, RSSI and “Time Last Seen”.
• Compatible with most GPS devices (NMEA v2.3 and higher).

How can inSSIDer help me?

• Inspect your WLAN and surrounding networks to troubleshoot competing access points.
• Track the strength of received signal in dBm over time.
• Filter access points in an easy to use format.
• Highlight access points for areas with high Wi-Fi concentration.
• Export Wi-Fi and GPS data to a KML file to view in Google Earth.

Download: Inssider_Installer.msi

More Info: inSSIDer Wi-Fi Scanner | Metageek

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

Version 3.3 is the latest stable release of the Metasploit Framework and the recommended starting point for new users. Using the online update system, this version can be synchronized with the development tree to obtain the latest exploits and payloads.

Metasploit now has 445 exploit modules and 216 auxiliary modules.

Download: Metasploit 3.3

More Info: Metasploit 3.3 Release Notes