SkipFish is a fully automated, active web application security reconnaissance tool.

Key Features:

• High Speed: Pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
• Ease of Use: Heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
• Cutting-Edge Security Logic: High quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

The tool is believed to support Linux, FreeBSD 7.0+, MacOS X, and Windows (Cygwin) environments.

Download: skipfish-1.13b.tgz

More Info: SkipFish – Project Home

FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses. Provides a console interface so you can easily integrate this tool to your pentest automation system.

It retrieves domain names/web sites which are located on specified ip address/hostname.

This tool is prepared by starting with Bing API 2.0 code sample.

In order to use FindDomains :

• Create an appid from “Bing Developers”, this link.
• It’ll be like that : 32AFB589D1C8B4FEC73D4BCB6EA0AD810E0FA2C7
• When you have registered an appid, enter it to the “appid.txt” which is on program directory.

Some outlines :

• Uses Bing search engine. Works with first 1000 records.
• Multithreaded on crawling and DNS resolution.
• Performs DNS resolution for extracted domains to eleminate cached/old records.
• Has a console interface so it can be very useful with some command-line foo.
• Works with Mono. But running under Windows is more efficient.

Sample usage :

1) FindDomains.exe 1.2.3.4
2) FindDomains.exe www.hotmail.com

Requirements :
1) NET Framework 3.5. Also working with Mono.

Download: FindDomainsv0.1.1.rar

More Info: FindDomains Project Home

inSSIDer is an award-winning free Wi-Fi network scanner for Windows Vista and Windows XP. Because NetStumbler doesn’t work well with Vista and 64-bit XP, an open-source Wi-Fi network scanner designed for the current generation of Windows operating systems.

What’s Unique about inSSIDer?

• Use Windows Vista and Windows XP 64-bit.
• Uses the Native Wi-Fi API.
• Group by Mac Address, SSID, Channel, RSSI and “Time Last Seen”.
• Compatible with most GPS devices (NMEA v2.3 and higher).

How can inSSIDer help me?

• Inspect your WLAN and surrounding networks to troubleshoot competing access points.
• Track the strength of received signal in dBm over time.
• Filter access points in an easy to use format.
• Highlight access points for areas with high Wi-Fi concentration.
• Export Wi-Fi and GPS data to a KML file to view in Google Earth.

Download: Inssider_Installer.msi

More Info: inSSIDer Wi-Fi Scanner | Metageek

The scanner will be able to determine Major and Minor device class of device, as well as attempt to resolve the device’s MAC address to the largest known Bluetooth MAC address Vendor list.

The goal of this project is to obtain as many MAC addresses mapped to device vendors as possible.

Requirements:

• Python 2.6
• Pybluez
• PySQLite

Installation:

• Unpack to a directory
• Run python haraldscan -b to build database
• python haradscan [Options] to run Harald Scan

Download: haraldscan-0.3

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).
Xplico is released under the GNU General Public License.

Features:

• Protocols supported: HTTP, SIP, IMAP, POP, SMTP, TCP, UDP, IPv6.
• Port Independent Protocol Identification (PIPI) for each application protocol.
• Multithreading.
• Output data and information in SQLite or Mysql database and/or files.
• At each data reassembled by Xplico is associated a XML file that uniquely identifies the flows and the pcap containing the data reassembled.
• Realtime elaboration (depends on the number of flows, the types of protocols and by the performance of computer -RAM, CPU, HD access time).
• TCP reassembly with ACK verification for any packet or soft ACK verification.
• Reverse DNS lookup from DNS packages contained in the inputs files (pcap), not from external DNS server.
• No size limit on data entry or the number of files entrance (the only limit is HD size).
• IPv4 and IPv6 support.
• Modularity. Each Xplico component is modular. The input interface, the protocol decoder (Dissector) and the output interface (dispatcher) are all modules.
• The ability to easily create any kind of dispatcher with which to organize the data extracted in the most appropriate and useful to you.

Latest Release: Xplico v0.5.2

Download: http://www.xplico.org/download