HNNCast.T00lT1m3 tool list per episode

Hello @ThisisHNN Followers.

Oh… The comments in the right column?

You can just ignore that….

I’ll be expanding this list when I have time. Also, I’m not sure if I started with the oldest episode. Keep an eye on the front page as I’ll be rolling out a few “technology solutions” related to security in the coming months (good ol’ snort/sguil, splunk, sagan, OSSEC, dionaea… can you tell I’m not a pentester professionally?).

P.S. This isn’t my only nerd-gasmic experience.


Too bad this “show” (and network) went off the air.

Does any-any-any-anybody know what time it is?

SpiderPig (pdf fuzzer)
PDF Dissector
Padding Oracle Exploit Tool
White Phosphorus (for Canvas)
SysInternals (updates)
Blue box tone generator for android (or this one)

Wireshark 1.2.9
THC Hydra
John the ripper 1.7.6
Immunet Protect Free (cloud based anti-virus)
Fierce: Domain scan
Patvera Maltego
Honeybot, Your Man in the Middle for Automated Social Engineering (paper)

THC IPv6 Attack Suite
MetaSploit Vasto
ElcomSoft iPhone Password Breaker
L0phtCrack 6.0.8
HTTPS Everywhere

Zynamics BinNavi
Zynamics PDF Dissector
Zynamics ida2sql
Deblaze (fuzzing flex apps)
Killer Bee (zigbee exploiter)
Ostinato (packet generator and analyzer)
neopwn (mobile penestration tester, merged into backtrack)
QubesOS (sandboxing apps in VM)
Digital Assembly (JPG forensic recovery)

Metasploit 3.4.1
SkullSecurity nbtool (NetBIOS poisoner)
Download Indexed Cache (scrapes Google cache, useful for OWASP search engine recon compliance)
log2timeline (parses log and creates a super timeline)

Microsoft Security Essentials (anti-virus)
Kraken (a51 GSM cracker)
Nmap Defcon Edition
TrueCrypt 7.0
Nikto 2.1.2 (web server scanner)
PDF Dissector
Harald Scan (*nix Bluetooth scanner)
Shell Of The Future (session hi-jacker using javascript)
backtrack 4 r1
Tenable Network Security’s Sploitware (SCADA vulnerability framework) no release (video and slides)

Aanval (snort and syslog management console)
SourceFire Razorback (framework for scrapeing and analyzing files)
Digital Forensic’s Framework
Passware Kit (hard drive cracker)
West Coast Hacker Godai Group BinPack
Zynamics BinNavi
PDF Dissector
Zynamics pin-tools
Seccubus (Nessus scheduler and comparing scans)
Shell Of The Future (session hi-jacker using javascript)
LophtCrack 6

IPSecs Grid Toolkit by Ph03n1x (gridsphere portal framework hackery)
Acunetix Web Vulnerability Scanner
Win autopwn
Van Heusden listener (sound trigger auto recording)
WPbruteForcer (WordPress)
Debian live studio
PHPIDS Web Application Security (PHP attack tracker)
AccessData Forensic Toolkit
TitanMist (automates reversing unpackers)
Malheur (malware analyzer)
Blueinfy DOM Scan & DOM tracer
Open SCADA Security Project

RIPS (web vulnerability scanner)
RSMangler (ruby-based word list generator)
ROPEME Rop exploit made easy
Halbred HTTP Load balancers
Samhain (DSI DSS compliance)
NFEX (extract files from pcap live or file)
URLVoid (web based virus scanner for URLs)
MSFT’s Baseline Security Analyzer
NmapSI4 (QT gui for nmap)

Fast HTTP Vulnerability scanner (router and web server scanner)
XSSer (peneration tester using XSS)
HTTP4e (tests REST headers)
dotdotpwn (directory traversal tester for ftp and http)
Root Kit Unhooker (rootkit revealer/remover mostly for NT-based systems)
DigiNinja’s RSMangler (correction)

Windows Sysinternals ProcDump and ProcMon
PDF Dissector
win-app-debug (python debug module)
Athena (SSL cipher scanner, identifier)
SpiceWorks (network management)
SIP Inspector (SIP message manager)
Rainbow Crack (cracker)

Ncrack (network auth cracker w/ RDP support)
WinAPIOverride32 (API monitor and tamperer)
Sysinternals WinObj
Rootkit analytics’s StreamArmor (find alternate data streams)
SandCat (web app scanner)
Tenable Nessus iPhone App
MetaSplot express (easy to use metasploit)
Fiddler core (web debugging proxy API)
HexInject (raw packet injector)
SocialEngineering Toolkit

PacketFence (NAC)
iScanner (OSS ruby-based detect and remove malicious code from web pages)
Zynamic’s BinDiff
BLuelog (bluetooth scanner, log discoverable mode)
Hajiv (SQL injection via web page, scanner)
Blind Cat (SQL injection)
WSFuzzer (python based SOAP based page fuzzer)

WakeOnLAN (magic packet generator)
WiFite (WEP cracker, and SSID discovery)
Samurai wtf (web testing framework)
CERT basic fuzzing framework (linux app fuzzer)
Core Labs Pass the Hash (Windows LSA sniffing and modification)
Mandos (client/server file system)

QubesOS (application sandboxing OS)
Snort 2.9.0 (IDS)
sluethkit 3.2.0 b1 and autopsy (file system forensics)
Xplico v0.3 (network forensics)
Padbuster (oracle padding attacker)
Microsoft Web Application configuration analyzer
Router Defense (cisco IOS security assessment tool)
Hydra 5.8

Microsoft SDL Regex Fuzzer (app fuzzer)
Puzzlebox (php fuzzing exploiter)
OracleEnumerator (enumeration of oracle DBs)
winserviceenum (windows service info)
Amplia Security’s GUI transfer toolkit (upload and download files through citrix)
Amplia Security’s Windows credendials editor (view change delete hashes for arbitary Windows sessions)
Amplia Security’s Coldfusion Decryptor
Hacking Digity (identify vulnerable systems via google and bing)
BeEF (command and control interface to find zombie browsers)
XPython (python interpreter in a single file)

EvilMaid (USB stick based whole disk encryption “defeater”)
OwnSpy (remote spy for iphone)
Phone Creeper (microSD based Windows mobile spy)
PenTester Scripting (web site with pentesting stuff)
Rapid7’s MetaSploit pro collaborative pen testing’s Dojo (web application security pen testing training environment)
dSquare Security’s (live forensics via Canvas)
V3rity for oracle (oracle security)
GreenSQL (DB firewall)
AndiParos (paros proxy fork)
Qualys BrowserCheck (browser plugin check)

WhisperSystems: TextSecure and RedPhone
hashkill 0.2.3: password hash cracker
Open DNS Sec project: DNSSEC
CodeProAnalytix: Java testing tool
LiveKD: WinDbg and kd debugger on a live system
randomstorm RSYaba: Bruteforce against services, written in ruby
watobo: local proxy, passive and active checks, vulnerability scanner web application toolbox (ruby based)
NetWitness Spectrum: network scanner that uses algorithm driven analytics to detect anomalous and malicious executables
Patvera’s Maltego: forensics and intelligence application (mining)

evilgrade: framework for injecting windows updates
Azure storage explorer: Windows GUI for modification of Azure stores
Patvera’s Maltego: for OSX
The Slueth Kit:
Digital Forensics Framework: Update
BlueLog: Bluetooth scanner update
win auto pwn: update
SIP Inspector: update
Samhain: update
w3af: update
Process Hacker: like process explorer, regex string search
SysInternals VM Map: Virtual Memory map GUI
DotDotPwn: Directory traversal fuzzer
USBsploit: metasploit on a stick?

Kitana: update
Verbsweep: update
Maltego: update
Puzzlebox: update
Sucubus: update
Ostinato: update
Snort: update
Sandcat: update
skitfish: update
Vasto: update
Mega Panzer’s Miostar: program surveyor via API injection.
Forensic Control: lots of tools
sslcipherchecker: update
sqlinjector: update
filefolderenum: update
Bluetooth Dayo: bluetooth penetration tester
JDGUI: Java source code browser
Freebird and FreeLoad: DNSSEC tools

  1. Kam Jerman
    February 25, 2013 at 12:13 pm

    [here is an amusing comment posted by some dude either performing SEO or just trying to get people to go to the below URL. I’m allowing it through for amusement. My kababayan-in-law’s source IP is (Philippines).– matt]

    Looking out about anything online but take care while using the internet must be virus could be the greatest threat in online. The virus is some kind of a software that will be replicated as well as installed for ones laptop or computer whenever you surf sites. Some virus programs are self establishing programs and never need any of your permission in organising. Whenever a virus is installed in your PC, you simply can’t remove it yourself. You can either like to use the most effective free scan virus online and also removal program and/or format your hard disk generally if the herpes simplex virus remains a single area it has the capability to pass on all the way through your computer…

    Brand new piece of writing on our internet site:
    [The URL: [not trust worthy (wot), looks porny.]

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: