phrasen|drescher (MD5 sum: 1ccd3b01bba05364c2c164fd5962d21e phrasen|drescher is a cracking tool used for the purpose of finding the pass phrase for RSA or DSA keys as they would be used by SSH for instance. It performs word list and rule based attacks against the key. The tool can be used on multiple keys at once and is known to run on FreeBSD, NetBSD, OpenBSD, MacOS and Linux.

sucrack (MD5 sum: 6ebfe5e94577a53ce8dcabadd3581ec3) sucrack is a multi threaded Linux/UNIX tool for brute-force cracking local user accounts via su. It reads passwords from a dictionary or from stdin, which would allow you to use other smart password generators with it. Furthermore, sucrack provides a rewriting functionality by which words from a dictionary are rewritten after certain rules.

FUZZLED (MD5SUM:- 4d71849c1f07e89ae4289ac6557e4693) Fuzzled is a powerful fuzzing framework. Fuzzled includes helper functions, namespaces, factories which allow a wide variety of fuzzing tools to be developed. Fuzzled comes with several example protocols and drivers for them .This most recent release includes : * Support for a raft of additional protocols, including HTTPInject, NNTP, SMTP and IMAP. * New and improved namespaces. * Improvements to the pattern factory. * Documentation on writing a fuzzer in Fuzzled. * Numerous bugfixes and other minor improvements.

hoppy (MD5 sum: c4a20d42ef10cb2d83218b2a2c7ebdc8) Hoppy (*[H]ttp [O]ptions [P]rober In [PY]thon*) is a http server method prober written in python, does exactly what it says on the tin. It tests http methods for configuration issues leaking information or just to see if they are enabled. Latest Version is 1.5.1

ManySSL(MD5 sum: fdf2ef8c7f42bfcc9af4134337e22a30) Primarily a tool for Linux users to enumerate the SSL ciphers in use on any SSL encrypted service, including mail servers that utilise starttls. This tool has an option to identify only the weak ciphers (Ciphers under 128 bit) so administrators can know which ciphers to remove from their service.

XSSshell-xsstunnell.zip XSS Tunnel is a proxy which allows you to traffic any HTTP traffic through a Cross-site Scripting (XSS) Channel opened by XSS Shell. This release includes a new version of XSS Shell, XSS Tunnel and source codes. Please refer to the white paper for details.

http-dir-enum-0.4.2.tar.gz (MD5SUM:- 0b80f413bd3d00d181fbd7b69f05680c) PERL script to guess directory names within a website. http-dir-enum uses a wordlist of potential directory names. It supports Basic Authentication HTTP Keep-alive, proxies, cookies and can save results in XML format. Typical speed across a LAN is around 350 guesses / second, but depends heavily on how fast the web server is.

XSSSHELL (MD5SUM:- 0947babc5801dabce902869a44f85048) XSS Shell is a powerful XSS backdoor. XSS Shell allows interactively getting control over a Cross-site Scripting (XSS) vulnerability in a web application. Demonstrates the real power and damage of Cross-site Scripting attacks.

SYNSCAN (MD5SUM:- b704c17689a8c75a49722d54eb43f260) Another aspect of enumeration of hosts is the determining of TCP ports in an OPEN state, that is to say TCP ports which respond to SYN packets with a Syn and the ACK flag set, Syn-Ack. Synscan is impressively fast at determinining this via the use of two processes, one to send the Syn packets and one to listen for the responses. NB: At first start with low settings as it can impact systems if it is run too fast. The portparse utility is also a useful little tool!

ONESIXTYONE (MD5SUM:- 79a231d09c02c65105a00ece992b18f7) This is an updated verison of the well known onesixtyone SNMP bruteforce tool. Onesixtyone is an SNMP scanner that sends multiple SNMP requests to multiple IP addresses, trying different community strings and waiting for replies. This version fixes a number of bugs in other publically available versions of the software, such as allowing for very large dictionary files and reading target IP addresses from a file.

APACHE_USERS (MD5SUM:- 2fb2e8c2432bc6255387848b29d15e27) Apache username enumerator, via /~username requests. This script uses a list of common system names like root, admin etc ... You should manually check the issue to establish the http return code, ie: 403 as this is needed for the command line. No native SSL support.

ENUM4LINUX-0.7.0.tar.gz (MD5SUM:- 5e28652f9fa7db9f9a25c4efd68a163d) Simple shell script which attempts to use RID cycling to extract a list of users from Windows (or Samba) hosts which have RestrictAnonymous set to 1 (Windows NT and 2000), or "Network access: Allow anonymous SID/Name translation" enabled (XP, 2003). Dependancy info: You will need to have the smbclient package installed as this script is basically just a wrapper around rpcclient (to do the RID cycling) and nmblookup (to grab the workgroup/domain).