Hack Tools

SQLMap 0.9 Released – SQL Injection Tool


sqlmap 0.9After a year of hardcore development, sqlmap 0.9 is out!
Introduction:
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
New Features:
  • Rewritten SQL injection detection engine
  • Support to directly connect to the database without passing via a SQL injection, -d switch
  • Added full support for both time-based blind SQL injection and error-based SQL injection techniques
  • Implemented support for SQLite 2 and 3
  • Implemented support for Firebird
  • Implemented support for Microsoft Access, Sybase and SAP MaxDB
  • Added support to tamper injection data with –tamper switch
  • Added automatic recognition of password hashes format and support to crack them with a dictionary-based attack
  • Added support to fetch unicode data
  • Added support to use persistent HTTP(s) connection for speed improvement, –keep-alive switch
  • Implemented several optimization switches to speed up the exploitation of SQL injections
  • Support to parse and test forms on target url, –forms switch
  • Added switches to brute-force tables names and columns names with a dictionary attack, –common-tables and –common-columns.


Download: 
http://downloads.sourceforge.net/sqlmap/sqlmap-0.9.tar.gz

BlackHole RAT Beta – Mac OS X Trojan Horse


BlackHole is a variant of a well-known Remote Access Trojan (RAT) for Windows known as darkComet.
BlackHole RAT Client
“Hello, Im the BlackHole Remote Administration Tool.
I am a Trojan Horse, so i have infected your Mac Computer.
I know, most people think Macs can’t be infected, but look, you ARE Infected!
I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it.
So, Im a very new Virus, under Development, so there will be much more functions when im finished.
But for now, it’s okay what I can do?”
This message, displayed in the full screen window with the reboot button blocks user’s screen.
As even the malware itself admits, it is not yet finished, but it could be indicative of more underground programmers taking note of Apple’s increasing market share.
Functions :
  • Remote execution of shell commands.
  • Opens URL using victim’s default browser.
  • Sends a message which is displayed on the victims screen.
  • Creates a text file.
  • Perform shutdown, restart and sleep operation.
  • Popping up a fake “Administrator Password” window to phish the target.

Mallory – Transparent TCP and UDP Proxy


Mallory ProxyMallory is a transparent TCP and UDP proxy.
It can be used to get at those hard to intercept network streams, assess those tricky mobile web applications, or maybe just pull a prank on your friend.
In more technical terms, Mallory is an extensible TCP/UDP man in the middle proxy that is designed to be run as a gateway.

Download: 
https://bitbucket.org/IntrepidusGroup/mallory/get/tip.tar.gz


NiX – Linux Brute Forcer


NiX Brute Forcer is a tool that uses brute force in parallel to log into a system without having authentication credentials beforehand. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of NiX is to support a variety of services that allow remote authentication such as: MySQL, SSH, FTP, IMAP. It is based on NiX Proxy Checker.
Features:
  • Basic Authorization & FORM support in both standard and HTTPS (SSL) mode
  • HTTP/SOCKS 4 and 5 proxy support
  • FORM auto-detection & Manual FORM input configuration.
  • It is multi-threaded
  • Wordlist shuffling via macros
  • Auto-removal of dead or unreliable proxy and when site protection mechanism blocks the proxy
  • Integrated proxy randomization to defeat certain protection mechanisms
  • With Success and Failure Keys results are 99% accurate
  • Advanced coding and timeout settings makes it outperform any other brute forcer

Download:
http://myproxylists.com/NIX_BruteForce.bz2
More Info: http://myproxylists.com/nix-brute-force

Nmap 5.50 Released with Gopher protocol support

Nmap 5.50
A primary focus of this release is the Nmap Scripting Engine, which has allowed Nmap to expand up the protocol stack and take network discovery to the next level. Nmap can now query all sorts of
application protocols, including web servers, databases, DNS servers, FTP, and now even Gopher servers! Remember those? These capabilities are in self-contained libraries and scripts to avoid bloating Nmap’s core engine.
This release isn’t just about NSE. The Nping packet probing and analysis tool (http://nmap.org/nping/) is also added in 5.35DC1. Version 5.50 improves Nping further with an innovative new echo mode (http://bit.ly/nping-echo).
Also added 636 OS fingerprints and 1,037 version detection signatures to Nmap since 5.21, bringing the totals to 2,982 and 7,319, respectively. No other tool comes close.

Download:
http://nmap.org/dist/nmap-5.50-setup.exe