SECFORCE          
SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing
   
HOME SECFORCE - penetration testing COMPANY SECFORCE - penetration testing SERVICES SECFORCE - penetration testing RESEARCH SECFORCE - penetration testing BLOG SECFORCE - penetration testing INITIATIVES SECFORCE - penetration testing CONTACT
 
SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing
    SECFORCE - penetration testing

Tools ■

 
SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing
    Home : Research : Tools  
SECFORCE - penetration testing SECFORCE - penetration testing
   
SECFORCE - penetration testing

Tunna

Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments. The web application file must be uploaded on the remote server. It will be used to make a local connection with services running on the remote web server or any other server in the DMZ. The local application communicates with the webshell over the HTTP protocol. It also exposes a local port for the client application to connect to.

SECFORCE - penetration testing

VMInjector

VMInjector is a tool designed to bypass OS login authentication screens of major operating systems running on VMware Workstation/Player, by using direct memory manipulation.

SECFORCE - penetration testing

phpMyAdmin local file inclusion - XEE injection (CVE-2011-3368 PoC)

Proof of concept for CVE-2011-4107. This Metasploit module can be used by authenticated attackers to read local files in the phpMyAdmin server.

Download Tool (Metasploit RB, 7.8 kb )

SECFORCE - penetration testing

Apache Proxy Scanner (CVE-2011-3368 PoC)

Proof of concept for CVE-2011-3368. The script can be used to perform a port scan of DMZ hosts and retrieve resource from internal servers.

Download Tool (PY, 3.8 kb )

SECFORCE - penetration testing

Metasploit SQL Injection wrapper

Wrapper for exploiting SQL injection vulnerabilities using Metasploit. When command execution via xp_cmdshell or MS09004 exploitation is achieved, this wrapper allows the use of all the magic that brings Metasploit: vnc payloads, meterpreter, encoding payloads, etc.

Download Tool (ZIP, 9.4 kb )

SECFORCE - penetration testing

Cisco config retriever

Very simple python script for retrieving large amounts of Cisco config files with a given username/password. Very useful for internal penetration tests where there is password reuse across all the routers.

Download Tool (PY, 1.8 kb )

SECFORCE - penetration testing

Windows PHP socket hijack toolset

This toolset demonstrates the use of PHP on Windows environments to perform interesting and creative vectors of attack.

Download Tool (ZIP, 15.1 kb ) | View Demo | View Presentation

SECFORCE - penetration testing

Taof

Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols.

Download Tool (Code Repository) | View Demo

SECFORCE - penetration testing

ProxyFuzz

ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.

ProxyFuzz is a good tool for quickly testing network protocols and provide with basic proof of concepts. Using this tool you will be amazed by the poor quality of software and you will see clients and servers dying upon unexpected input, just be prepared to see the very weird behaviours.

Download Tool (PY, 5.6 kb) | Win Binary (ZIP, 4.4 mb) | View Demo

SECFORCE - penetration testing

Bsishell

Bsishell is an interactive python shell used to exploit blind SQL injection vulnerabilities. Currently it supports attacks  against  MSSQL server, however customization for SYBASE and Oracle is straightforward.

Download Tool (PY, 8.8 kb) | View Demo

 
RESEARCH
SECFORCE - penetration testing
SECFORCE - penetration testing
SECFORCE - penetration testing
Presentations
SECFORCE - penetration testing
Tools
SECFORCE - penetration testing
Advisories
SECFORCE - penetration testing
 
SECFORCE - penetration testing
  SECFORCE - penetration testing Suite 11, Beaufort Court
Admirals Way, Canary Wharf - E14 9XL, London
SECFORCE - penetration testing Direct Line +44 (0) 845 056 8694
E-mail SECFORCE - penetration testing
  Follow us in Twitter Check us out in LinkedIn SECFORCE is CREST certified. Click on the logo for more information ISO9001 ISO27001
SECFORCE - penetration testing
    Copyright (c) 2015 SECFORCE Ltd · All Rights Reserved