LastActivityView is a tool for Windows
operating system that collects information from various sources on a
running system, and displays a log of actions made by the user and
events occurred on this computer.
Read More...
Showing posts with label tools. Show all posts
Showing posts with label tools. Show all posts
Monday, 5 November 2012
Thursday, 18 October 2012
Free online file converter
How to Use this service
Go to www.online-convert.com and select the tool you want to use. Suppose i wish to convert an image to PNG format. Select the conversion and click on go.Now browse the file or enter the web URL of the image. Select the quality settings and then click on convert.
After the conversion, you will find the download link of the converted file.
Download the file and enjoy. This is a nice online converter file which can be used any time from any where.
Monday, 7 May 2012
Browser Forensic Tool v2.0 - Advanced browser history search engine
crackthesecurity | 02:15 |
tools
Be the first to comment!
Browser Forensic Tool v2.0 , Developed by DarkCoderSc (Jean-Pierre LESUEUR) ,is an advanced local browser history search engine, in less than few seconds it will extract the chosen keywords of most famous web browser, actually Internet Explorer, Google Chrome, Mozilla FireFox, RockMelt, Comodo Dragon and Opera.
BFT will attempt to find the keyword(s) in the history title and search, if the keyword is present or suspected to be, it will be display in the result list with his URL and Title. The software also give you the possibility to edit the default keywords and of course add / modify your own keywords, to separate keywords subject you can create your own keywords categories and only scan for some keywords in the chosen category .
The program is fully asynchronous so it won't affect your work during the scan time nor it will block the customization of keywords and keylist and can be canceled at anytime.
BFT will attempt to find the keyword(s) in the history title and search, if the keyword is present or suspected to be, it will be display in the result list with his URL and Title. The software also give you the possibility to edit the default keywords and of course add / modify your own keywords, to separate keywords subject you can create your own keywords categories and only scan for some keywords in the chosen category .
The program is fully asynchronous so it won't affect your work during the scan time nor it will block the customization of keywords and keylist and can be canceled at anytime.
Sunday, 6 May 2012
Commands in Demand | All useful Windows commands, settings on 1 click
crackthesecurity | 00:27 |
tools
Be the first to comment!
Commands in Demand provides non-technical users with easy access to more than 150 Windows commands and features that can be hard to find or time consuming to get to. The program includes shortcuts to terminate non-responsive applications, restart Windows Explorer, view/clear the clipboard, open a command prompt in a selected folder, access system folders, view TCP/IP configuration settings, etc.
It has a selections menu (sections) according to were its commands are related. If a command is related with more than one section and in order to be less confused, you may find the same command buttons more than one times.
Here are some of the commands that are available in your demand:
» Applications’ Shortcuts creator to minimize apps in the SysTray
» Clipboard real-time Editing
» Color Sample Picker
» Command Prompt starter in any folder of the System
» Desktop Icons Refreshing
» Desktop Shortcuts Copy to a desirable folder
» Device Manager with Hidden Devices
» Hide / Show Desktop Icons
» Icons Extraction from files
» Images Conversion of known formats
» Internet Searching with Two Engines simultaneously
» List Alphabetizer Application
» Memory and CPU Info
» Memory Instantly Cleaning
» Non-Responding Applications Killing
» Running Processes Killing
» Safely Removal of USB Drives
» Screenshots of whatever is visible
» System Drives Quick Cleaning
» System instant General Refresh
» System’s Clock Hiding
» System’s Volume Mute
» Taskbar Hiding
» Transparency Level to the Active window
» Transparency Level to the Taskbar
» URL Shortcuts creation
» User’s and Common System Folders browsing
» Windows commonly used and hidden applications starter
» WinLogoKey shortcuts simulator
Monday, 30 April 2012
Android Network Toolkit (ANTI) Review - Pentest at the push of a button
Recently White-Hat Hacker, Itzhak "Zuk" Avraham, the founder of zImperium unveiled its new app in Blackhat / Defcon19, introducing a new concept where both home users and local IT can have the same tools to, at the push of a button, check for their security faults. The new zImperium product, named Android Network Toolkit (or in short - ANTI), allows professional penetration testers, ethical hackers, IT and home users to scan for security issues in their network.
In a few simple clicks ANTI covers the most advanced attack vectors in order to check for vulnerabilities, even those that up until now could only be performed by top-notch penetration testers. This means that while you might think that you’re safe because you have a firewall on, with ANTI you can check and prove it (or add it to your penetration testing report if you’re doing this as a job). Know if your desktop is easily hackable only a few clicks away by using the ANTI “Penetrate CSE” button, which will perform both MiTM and inject Client Side Exploit to check if you have the latest version of a vulnerable software (e.g: outdated java). You only need to imagine re-producing this using other currently available methods to appreciate why ANTI has gotten so much respect from our community.
“Penetrate CSE” is part of the newly released ANTI3, which covers more vulnerabilities than before. The authors at zImperium will keep improving this product and add even more vulnerabilities in the future.
Upon successful client-side / remote exploitation, the report is updated with the current findings that a specific computer wasn’t patched for a certain vulnerability. Performing MiTM and injecting exploits has never been so easy for the professional penetration tester and is now also available for the home-user and the IT - you don’t have to be a security guru to run security checks!
ANTI runs on Android version 2.1 and up, while CSE vector only one of several capabilities that makes this tool very powerful, especially when it runs on your smart phone!
The app is also capable of mapping your network, scanning for vulnerable devices or configuration issues. It is for use by the amateur security enthusiast home user to the professional penetration tester, ANTI provides many other useful features such as: easy connection to open ports, visual sniffing (URLs & Cookies) and - establishing MiTM attacks (using predefined and user-defined filters), Server Side / Client Side Exploits, Password cracker to determine password’s safety level, Replace Image as visual in demos and Denial of Service attacks. All this is packed into a very user-friendly and intuitive Android app (and soon to be released iOS app).
As zImperium chose to enable ANTI via their website, rather than through the market, thus the APK is installed manually by a few simple steps:
Go to http://www.zImperium.com/anti.html and follow the instructions there. You will receive a download link to your email. Open this link from your smartphone and then install the app as instructed. (Make sure that 3rd Party Applications is enabled in Settings->Applications->Unknown Sources.)
iOS users can join the list of upcoming (public) BETA testers in the same page, by clicking on the Apple icon.
On each run, ANTI will prompt to map the connected network, and when done, it will suggest scanning it for known vulnerabilities and misconfiguration on the targets found. Once a vulnerable target (to remote attacks) is found, it will be marked with red stamp and will appear on the report as a vulnerable device. Displayed in the report is the issue (e.g : MS08-067), how to solve the issue (Windows Update) and how to defend from similar threats in the future (Block port 445 on firewall).
We start by mapping the network - ANTI will scan and detect devices connected to the network. Each device will be displayed with a suitable icon identifying its hardware type and/or the operating system. We can then further scan for vulnerabilities on each of the devices found.
Now that we have our available targets displayed, we can choose any of them to try and penetrate, connect, or sniff network traffic.
The sniffer captures network traffic and displays images, URL’s, user/password combinations, and cookies - all this is collected from the target in real-time, and displayed on ANTI for viewing and examining. We can click on any of the URL’s/cookies to visit the same site our target is visiting.
ANTI also allows us to connect to open ports on the targets, also displaying the opened ports that were found on previous scans.
After playing a bit with the app, I feel comfortable enough to try and penetrate one of my computers, running Windows7 or Mac OS X that are updated only to 1 month prior to this report. I choose the target and click ‘Penetrate CSE’. This plug-in is injecting javascript code using MiTM into target's traffic and redirect traffic to a URL serving Client Side Exploit. Once the target got exploited, ANTI reveals several functions that can be executed over the exploited target: Send screenshot of the current desktop, execute command. The controller functionality is implemented in a very easy-to-use and fun (!) way, allowing both advanced users and home-users to understand the risks of the found vulnerability - while zImperium censored any real possibility to cause real damage to the target, they allow basic information gathering and real life demos such as ejecting the CD-ROM, or grabbing a screenshot (for the assessment’s final report).
I decided to try the password-cracker on my router. I then realized (the good old hard way) that I better change my password ASAP since it took ANTI less than 30 seconds to crack! Next I executed the cracker on my target running a SQL server and, lo and behold, ANTI didn’t discover the passwords - due to use of high complexity passwords. These results were enough to get me to (finally!) change my router’s password.
There are additional functionalities built into ANTI, such as a unique and fully functional HTTP server that allows publishing files on your device, as well as uploading files to the device, visual traceroute using google-maps, and more.
Once we are done testing, the most important ANTI function is the Report - Everything we have found in the network, vulnerable devices, opened ports, and extra information that will later assist when preparing the assessment report - all is summed up in text and emailed. ANTI3 supports multiple networks so now you can fully use it for your daily penetration tests. And everything is extremely user-friendly!
Download ANTI3 from zImperium website
In a few simple clicks ANTI covers the most advanced attack vectors in order to check for vulnerabilities, even those that up until now could only be performed by top-notch penetration testers. This means that while you might think that you’re safe because you have a firewall on, with ANTI you can check and prove it (or add it to your penetration testing report if you’re doing this as a job). Know if your desktop is easily hackable only a few clicks away by using the ANTI “Penetrate CSE” button, which will perform both MiTM and inject Client Side Exploit to check if you have the latest version of a vulnerable software (e.g: outdated java). You only need to imagine re-producing this using other currently available methods to appreciate why ANTI has gotten so much respect from our community.
“Penetrate CSE” is part of the newly released ANTI3, which covers more vulnerabilities than before. The authors at zImperium will keep improving this product and add even more vulnerabilities in the future.
Upon successful client-side / remote exploitation, the report is updated with the current findings that a specific computer wasn’t patched for a certain vulnerability. Performing MiTM and injecting exploits has never been so easy for the professional penetration tester and is now also available for the home-user and the IT - you don’t have to be a security guru to run security checks!
ANTI runs on Android version 2.1 and up, while CSE vector only one of several capabilities that makes this tool very powerful, especially when it runs on your smart phone!
The app is also capable of mapping your network, scanning for vulnerable devices or configuration issues. It is for use by the amateur security enthusiast home user to the professional penetration tester, ANTI provides many other useful features such as: easy connection to open ports, visual sniffing (URLs & Cookies) and - establishing MiTM attacks (using predefined and user-defined filters), Server Side / Client Side Exploits, Password cracker to determine password’s safety level, Replace Image as visual in demos and Denial of Service attacks. All this is packed into a very user-friendly and intuitive Android app (and soon to be released iOS app).
As zImperium chose to enable ANTI via their website, rather than through the market, thus the APK is installed manually by a few simple steps:
Go to http://www.zImperium.com/anti.html and follow the instructions there. You will receive a download link to your email. Open this link from your smartphone and then install the app as instructed. (Make sure that 3rd Party Applications is enabled in Settings->Applications->Unknown Sources.)
iOS users can join the list of upcoming (public) BETA testers in the same page, by clicking on the Apple icon.
On each run, ANTI will prompt to map the connected network, and when done, it will suggest scanning it for known vulnerabilities and misconfiguration on the targets found. Once a vulnerable target (to remote attacks) is found, it will be marked with red stamp and will appear on the report as a vulnerable device. Displayed in the report is the issue (e.g : MS08-067), how to solve the issue (Windows Update) and how to defend from similar threats in the future (Block port 445 on firewall).
We start by mapping the network - ANTI will scan and detect devices connected to the network. Each device will be displayed with a suitable icon identifying its hardware type and/or the operating system. We can then further scan for vulnerabilities on each of the devices found.
Now that we have our available targets displayed, we can choose any of them to try and penetrate, connect, or sniff network traffic.
The sniffer captures network traffic and displays images, URL’s, user/password combinations, and cookies - all this is collected from the target in real-time, and displayed on ANTI for viewing and examining. We can click on any of the URL’s/cookies to visit the same site our target is visiting.
ANTI also allows us to connect to open ports on the targets, also displaying the opened ports that were found on previous scans.
After playing a bit with the app, I feel comfortable enough to try and penetrate one of my computers, running Windows7 or Mac OS X that are updated only to 1 month prior to this report. I choose the target and click ‘Penetrate CSE’. This plug-in is injecting javascript code using MiTM into target's traffic and redirect traffic to a URL serving Client Side Exploit. Once the target got exploited, ANTI reveals several functions that can be executed over the exploited target: Send screenshot of the current desktop, execute command. The controller functionality is implemented in a very easy-to-use and fun (!) way, allowing both advanced users and home-users to understand the risks of the found vulnerability - while zImperium censored any real possibility to cause real damage to the target, they allow basic information gathering and real life demos such as ejecting the CD-ROM, or grabbing a screenshot (for the assessment’s final report).
I decided to try the password-cracker on my router. I then realized (the good old hard way) that I better change my password ASAP since it took ANTI less than 30 seconds to crack! Next I executed the cracker on my target running a SQL server and, lo and behold, ANTI didn’t discover the passwords - due to use of high complexity passwords. These results were enough to get me to (finally!) change my router’s password.
There are additional functionalities built into ANTI, such as a unique and fully functional HTTP server that allows publishing files on your device, as well as uploading files to the device, visual traceroute using google-maps, and more.
Once we are done testing, the most important ANTI function is the Report - Everything we have found in the network, vulnerable devices, opened ports, and extra information that will later assist when preparing the assessment report - all is summed up in text and emailed. ANTI3 supports multiple networks so now you can fully use it for your daily penetration tests. And everything is extremely user-friendly!
Download ANTI3 from zImperium website
Tuesday, 17 April 2012
web-sorrow – Remote Web Security Scanner
crackthesecurity | 06:14 |
tools
Be the first to comment!
Web-sorrow is a web server security scanner which is used for checking a Web server for misconfiguration, version detection, enumeration, and server information. This tool is based on PERL. Mos important thing about this tool is that it is not an exploitation framework ofvculnerability scanner. It is a simple tool for checking web server misconfiguration
Current Functionality
-S – stands for standard. a set of Standard tests and includes: indexing of directories testing, banner grabbing, language detection (should be obvious), robots.txt, and 200 response testing (some servers send a 200 ok for every req)
-Eb – stands for error bagging. The default config for servers is to put the server daemon and version and sometimes even the OS inside of error pages. web-sorrow reqs a URl of 20 random bytes with get and post methods.
-auth – looks for login pages with a list of some of the most common login files and dirs. We don’t need to be very big list of URLs because what else are going to name it?
-cmsPlugins – run a huge list of plugins dirs for cms servers. the list is a bit old (2010)
-I – searches the responses for interesting strings
-Ws – looks for web services such as hosting provider, blogging services, favicon fingerprinting, and cms version info
-Fd – look for generally things people don’t want you to see. The list is generated form a TON of robot.txt so whatever it finds should be interesting.
-proxy – send all http reqs via a proxy. example: 255.255.255.254:8080
-e – run all the scans in the scanner
web-sorrow also has false positives checking on most of it’s requests (it pretty accurate but not perfect).
Download
Current Functionality
-S – stands for standard. a set of Standard tests and includes: indexing of directories testing, banner grabbing, language detection (should be obvious), robots.txt, and 200 response testing (some servers send a 200 ok for every req)
-Eb – stands for error bagging. The default config for servers is to put the server daemon and version and sometimes even the OS inside of error pages. web-sorrow reqs a URl of 20 random bytes with get and post methods.
-auth – looks for login pages with a list of some of the most common login files and dirs. We don’t need to be very big list of URLs because what else are going to name it?
-cmsPlugins – run a huge list of plugins dirs for cms servers. the list is a bit old (2010)
-I – searches the responses for interesting strings
-Ws – looks for web services such as hosting provider, blogging services, favicon fingerprinting, and cms version info
-Fd – look for generally things people don’t want you to see. The list is generated form a TON of robot.txt so whatever it finds should be interesting.
-proxy – send all http reqs via a proxy. example: 255.255.255.254:8080
-e – run all the scans in the scanner
web-sorrow also has false positives checking on most of it’s requests (it pretty accurate but not perfect).
Download
Monday, 16 April 2012
Enema v.1.6 SQL Injection Tool Released
- Features:
- Multi-platform.
- User-friendly graphical interface.
- Multithreaded.
- Dump.
- Customise your queries
- Plugins to automate attacks
- Supported for today:
- POST, GET, Cookies
- MSSQL >=2000 and MySQL>=5.0
- Injection methods supported:
- Error based injection.
- Union based injection (using subquery).
- Blind Time-based MSSQL(waitfor), MySQL(sleep)
Video Demo: http://code.google.com/p/enema/wiki/Video
Six Open Source USB Applications
Firefox Portable: One of the worst things about having to use someone else's browser is it is not configured the way you want it. With Firefox portable, you can install Firefox on your USB drive and configure it with all the add-ons and extensions you want so your browsing experience never changes.
Download: http://portableapps.com/apps/internet/firefox_portableThunderbird Portable: The second annoyance of having to use someone else's computer is not being able to check your email. However, Thunderbird can be custom tailored just like Firefox to provide you with a seamless email experience just as you would get at home.
Download: http://portableapps.com/apps/internet/firefox_portablePortable Apps Suite: This suite makes it possible to arrange all of your portable apps into a start menu like interface so that when you plug your USB drive into any computer, it is almost like running an OS on top of an OS. With this installed on the drive, you have specified document folders that are organized according to type so there's no more hunting around on the drive for important files.
Download: http://portableapps.com/suiteOpenOffice Portable: Getting work done while you are outside the office or your home computer can be a pain, especially if the computer you are using does not have Microsoft Office installed on it. You can alleviate this problem by using Open Office, which is compatible with all of Microsoft's proprietary file extensions. When integrated with Portable Apps Suite, it completes the productivity experience on any computer, as you have access to a word processor, spreadsheet manager, and database manager.
Download: http://portableapps.com/apps/office/openoffice_portablePidgin Portable: Keeping up with friends across multiple chat networks is hard enough on your home computer, so instead of installing GTalk, AIM, Yahoo, and MSN on your portable device, simply install Pidgin to manage all the services from one unique program. Pidgin will remember your settings across multiple sessions on any computer, making it the perfect way to communicate with friends when you're not on your main machine.
Download: http://portableapps.com/apps/internet/pidgin_portableAvast! Portable Anti-Virus Scanner: Protecting yourself while you're on a foreign computer is of top priority, which is why you need to include an anti-virus to round off your USB drive portable apps. Avast! is one of the top anti-viruses for computers and this portable app will scan and detect viruses and worms and remove them. This is very good for diagnosing problems on other PCs.
Download: http://www.pendriveapps.com/avast-virus-cleaner-virus-and-worm-removal-tool/