Powered by Tech-Attacks

Top-15 Hacking - Cracking - Pentesting tools till 2013 - FREE Download

Hello All today Tech-Attacks is going to give you Best 15 Hacking - Cracking - Pentesting tools till 2013. These tools considers almost all the hacking areas and cracking passwords and lot of exploits. Using these tools you can be great hacker. ( based on how you using this ).

So guys just enjoy by reading this post and dont forget to download this tools. I provided the 15 tools downloading links . Just download and Try it. The Tools are follows.

15 Hacking tools:

1. PwnSTAR
A bash script to launch the AP, can be configured with a variety of attack options. Including a php script and server index.html, for phishing. Can act as a multi-client captive portal using php and iptables. Exploitation classics such as crime-PDF, De-auth with aireplay, etc..
General Features:
Managing Interfaces and MAC Spoofing
Set sniffing
Phishing Web
WPA handshake
De-auth client
Managing Iptables
Download This PWN Star

(ZAP) is an integrated penetration testing tool for finding vulnerabilities in web applications. This tool is designed for use by people with a variety of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to the toolbox tester.
Key Features:
Intercepting Proxy
Active scanners
Passive scanners
Brute Force scanner
Port Scanner
Dynamic SSL certificates
Beanshell integration
ZAP Download Here

Tools that focus on attacking the human element of weakness and inadvertence. This tool is widely used today and is one of the most successful tools demonstrated at Defcon.
Key Features:
Spear-Phishing Attack Vector
Java Applet Attack Vector
Metasploit Browser Exploit Method
Credential Harvester Attack Method
Tabnabbing Attack Method
Man Left in the Middle Attack Method
Web Jacking Attack Method
Multi-Attack Web Vector
Infectious Media Generator
Teensy USB HID Attack Vector
Download Social Engineering Toolkit here

4. Burp Suite
Burp Suite is a very nice tool for web application security testing. This tool is great for pentester and security researchers. It contains a variety of tools with many interfaces between them designed to facilitate and accelerate the process of web application attacks.

General Function:
Interception proxies
Radar and spiders crawling
Webapps scanner
Tool assault
Repeater and sequencer tools
Burp Suite Download Here


Ettercap is a multipurpose sniffer / interceptor / logger for Local Area Network . It supports active and passive dissection of many protocols (even in code) and includes many feature for network and host analysis.
General Function:
To capture traffic and data
To do logging network
Download Ettercap Here

The SANS Investigative Forensic Toolkit (SIFT) Workstation is a VMware Appliance that can be configured with all the requirements to perform a detailed digital forensic. Compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The new version has been completely rebuilt on the Ubuntu base with many additional tools and capabilities that are used in modern forensic technology.
General Function SIFT:
iPhone, Blackberry, and Android Forensic Capabilities
Registry Viewer (YARU)
Compatibility with F-Response Tactical, Standard, and Enterprise
PTK 2.0 (Special Release - Not Available for Download)
Automated Generation Timeline via log2timeline
Many Firefox Investigative Tools
Windows Journal Parser and Shellbags Parser (jp and sbag)
Many Windows Analysis Utilities (prefetch, usbstor, event logs, and more)
Complete Overhaul of Regripper Plugins (added over 80 additional plugins)

Wireshark is the most widely used and most popular in the world the protocol analyzer, and is the de facto standard across many industries and educational institutions to analyze the network in different protocol.
General Function:
Live capture and offline analysis
Standard three-pane packet browser
Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
Captured data network can be browsed via a GUI, or via the TTY-mode tshark utility
The most powerful display filters in the industry
Rich VoIP analysis
Read / write many different capture file formats
Download Wireshark Here

WebSploit is an Open Source Project for Remote Scan and Analysis System of the weaknesses in web applications.

Key Features: 
[>] Social Engineering Works
[>] Scan, Web Crawler & Analysis
[>] Automatic Exploiter
[>] Support Network Attacks
[+] Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+] WMAP - Scan, Target Used Crawler From Metasploit WMAP plugin
[+] format infector - inject the payload into reverse and bind file format
[+] phpmyadmin Scanner
[+] LFI Bypasser
[+] Apache Users Scanner
[+] Dir Bruter
[+] admin finder
[+] MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+] MITM - Man In The Middle Attack
[+] Java Applet Attack
[+] MFOD Attack Vector
[+] USB Infection Attack
[+] Dos ARP Attack
[+]'s Killer Attack
[+] Attack Fake Update
[+] Fake Access Point Attack


WinAutoPWN is a tool that is used to exploit the Windows Framework directly, so that we are automatically going to be an administrator on the windows. Widely used by "Defacer" Indonesia to deface the Windows Server

Download WinAutoPWN Here

Hashcat are a variety of tools to crack passwords in encrypted, it is very powerful for password recovery.
General Function:
Multi-Hash (up to 24 million hashes)
Multi-OS (Linux, Windows and OSX native binaries)
Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, etc)
SSE2 accelerated
All Attack-Modes except Brute-Force and Permutation can be extended by rules
Very fast Rule-engine
Rules compatible with JTR and PasswordsPro
Possible to resume or limit session
Automatically recognizes recovered hashes from outfile at startup
Can automatically generate random rules
Load saltlist from an external file and then use them in a Brute-Force Attack variant
Able to work in an distributed environment
Specify multiple wordlists or multiple directories of wordlists
Number of threads can be configured
Lowest priority threads run on
30 + Algorithms is implemented with performance in mind
& much more
Download HashCat Here

Uniscan is a scanner for web applications, written in perl for Linux. Currently Uniscan version is 6.2.

General Function:
Identification of system pages through a Web Crawler.
Use of threads in the crawler.
Control the maximum number of requests the crawler.
Control of variation of system pages identified by Web Crawler.
Control of file extensions that are ignored.
Test of pages found via the GET method.
Test the forms found via the POST method.
Support for SSL requests ( HTTPS ).
Proxy support.
Generate site list using Google.
Generate site list using Bing.
Plug-in support for Crawler.
Plug-in support for dynamic tests.
Plug-in support for static tests.
Plug-in support for stress tests.
Multi-language support.
Web client.
Download Uniscan Here

OllyDbg is a 32-bit assembler debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source code is not available.
General Function:
Intuitive user interface, no cryptical commands
Code analysis - traces registers, recognizes procedures, loops, API calls, switches, tables, constants and strings
Directly loads and debugs DLLs
Object file scanning - locates routines from object files and libraries
Allows for user-defined labels, comments and function descriptions
Understands debugging information in Borland ® format
Saves patches between sessions, writes them back to executable file and updates fixups
Open architecture - many third-party plugins are available
No installation - no trash in registry or system directories
Debugs multithreaded applications
Attaches to running programs
Configurable disassembler, supports both MASM and IDEAL formats
MMX, 3DNow! and SSE instructions and the data types, Including Athlon extensions
Full UNICODE support
Dynamically recognizes ASCII and UNICODE strings - also in Delphi format!
Recognizes complex code constructs, like call to jump to procedure
Decodes calls to more than 1900 standard API and 400 C functions
Gives context-sensitive help on API functions from external help file
Sets conditional, logging, memory and hardware breakpoints
Traces program execution, logs arguments of known functions
Shows fixups
Dynamically traces stack frames
Searches for imprecise commands and masked binary sequences
Searches whole allocated memory
Finds references to constant or address range
Examines and modifies memory , sets breakpoints and Pauses program on-the-fly
Assembles commands into the shortest binary form
Starts from the floppy disk
BBQSQL an Opensource SQL injection tools with the framework specifically designed to carry out the process in hyper fast, database agnostic, easy to setup, and easy to modify. This is another amazing release from Arsenal Blackhat USA 2012. When conducting security assessments of applications, we often find that it is difficult to SQL vulnerabilities exploitable, with this tool will be extremely easy.
BBQSQL written in the Python programming language. This is very useful when complex SQL injection attack vulnerabilities. BBQSQL also a semi-automated tool, which allows little customization for those who are finding it difficult to trigger a SQL injection. The tool is built to be database agnostic and very versatile. It also has an intuitive UI for setting up the attack much easier.
General Function:
SQL Injection Tools
HTTP Method
Encoding methods
Redirect behavior
Download BBQSQL Here

Tools to crack password / hash where cryptohaze supports CUDA, OpenCL , and the CPU code (SSE, AVX, etc.). Can run on OS that support CUDA. These are intended to make it easier to pentester did crack the hash.
General Function:
Crack various kinds of hash
Showing results from crackhash
Cracking on various OS platforms
Download Cryptohaze Here

SWTF is used to do testing / pentest against web application, is used to find a weakness and exploited to perform web. Very comprehensive and widely used in the world, including one used by staff binushacker

General Function:
Web Scanner
Web Mapping
Web Exploitation
Download The Samurai Web Testing Framework

That was the list of 15 security tools of 2013. So we hope you guys like it.
Try this if any doubt mention it in comment .

No comments:

Post a Comment