Breaking News

Sunday, 7 December 2014

Premium Transparent / Level3 Proxies dated 07-12-2014
Read more ...

Top 5 Hack Forums To Learn Hacking

Some'One Well Said That
 " Hacking Is Not a Crime But Its Crime To Play This Game "
Most Of Our Young Generation Want To Be Hacker To Hack Their Competitor's Sites
So We Are Discussing Top 5 Hack Forums To Learn Hacking

1)  Hack  Forums
Hackforums Is The World Most Famous US  Hacking Forum To Learn Hacking And Show Off Hacked Websites,All The Tutorials And Hacking Tools Are Shared Free Of Cost In This Site.

Newbies Work And Learn Under The Most Famous Hackers From All Over The World,And Hackers From All Over The World Come To Learn Here And For Show Off Their Skills.
This Forum Was Registered On September 27, 2005 And Will Expire On September 27, 2016.

"" Is Second Most Famous "Panama" Hacking School Of Hackers ,Its Also Freeware Hack Forums For New Hackers Who Want To Learn And Burn, This Site Also Full Of Many Hacking Tutorials And Hack Tools Like , Keyloggers,crypters,Phisphers, Etc
This Domain Was Registered On July 17,2010 And Will Expire On July 17 2016.

This Is 3rd  Famous Canadian Hack Forum To Learn Hacking And Also For Show off Hacked Sites
This Site Is Also Good Opportunity For Newbie To Learn,
The Domain Of This Site Was Registered On  July 7,2012 And Will Expire On July 7,2015
4) Hack This Site Forum
This Is Oldest Hack Forum Of  "United State" Included With All Old And New Hack Tools And Tutorials , This Is Also a Good Forums For Those Young'ones Who Want To Learn.

The Domain Was Registered On August 10,2003 And Will Expire On August 10,2015.

Evilzone Is 5th Most Visited "Netherlands" Hack Forum To Learn Hacking ,
This Forum Also Freeware To Use And Learn New Hacking Skills,
The Domain Of Evil Zone Was Registered On  April 11,2007 And Will Expired On April 11,2018.

Thanks To Read This Article ' This Article Will Help You To Select Better Hacking School For You.

Read more ...


As the part of the CISO keeps on evoling inside associations towards that of an official level position, we see a becoming stress on conventional business organization aptitudes over the more specialized abilities that formerly characterized the top security administration work. 

Regardless, Cisos need to stay up to date with the most recent down-in-the-weeds apparatuses and innovations that can advantage their association's security carriage, and also those instruments that are broadly accessible which could be abused by pernicious on-screen characters to distinguish and endeavor system security shortcomings. 

In light of that reality, we as of late identifies with Nabil Ouchn (@toolswatch), the coordinator of the Arsenal Tools show and exercises at the Blackhat Conferences in both the US and Europe since 2011, and being the author of the entry 

Toolswatch is a free intelligent administration intended to help examiners, entrance analyzers, and other security experts keep their moral hacking tool stash forward with the most recent and most prominent assets. 

Ouchn is a persuasive security master with in excess of 15 years involvement in weakness administration, consistence evaluation and entrance testing, and Co-Founder of a creative Saas Multi-Engines Threats Scanning Solution.

As a major aspect of his exploration, Ouchn keeps up a few undertakings, including Default Password Enumeration (DPE), the open source connected & cross-connected defenselessness database vfeed, and the Firefox Catalog of Auditing augmentations called Firecat. 

We asked Ouchn to amass what he accepted to be the top programmer devices each CISO ought to in any event comprehend, if not effectively empower for mix into their own security programs. 

"Keep in mind the paper Improving the Security of Your Site by Breaking Into It composed 20 years prior by Dan Farmer and Wietse Venema?" Ouchn asked. "It is still substantial today. The best approach to alleviating the vulnerabilities and dangers to a data framework stays being able to demonstrate that they exist." 

"The accompanying is my rundown of instruments each CISO ought to be on top of, and it was tricky to thin it down to these few things with such a large number of significant apparatuses out there," Ouchn said. "My decisions were determined by a blend of the apparatus' quality and their usability."


“Metasploit has become over the years the best framework to conduct penetration testing on network systems and IT infrastructure. Nevertheless, I will focus on Armitage an open source effort to bring user-friendly interface to Metasploit,” Ouchn said.
“Armitage demonstrations are very convincing and allow you to analyze weak and vulnerable machines in a network in just a few clicks. The compromised devices are depicted with a lightning round,”  Ouchn continued.
“This tool has brilliantly hidden the complexity of Metasploit (for a non-technical audience) in favor of usabilityand is a great way to demonstrate the security in depth of an IT architecture,” Ouchn said.
“In fact, the framework has several capabilities to exploit vulnerabilities in almost any type of layer to therefore infiltrate (by pivoting) systems to reach the network’s nerve center. Armitage should definitely be part of the CISO’s Arsenal and his internal Red Tiger team.”


“There is constantly a battle between security folks and users when it comes to passwords. Although it is simple to deploy a Password Policy in a company, it’s also very difficult to justify it,” Ouchn noted.
“Because in a perfect world from users perspective, the best password would be the name of the family cat with no expiration date, and this fact applies  to any system that requires authentication.”
HashCat has shown that the selection of a strong  password must be done carefully, and this tool allows us to demonstrate the ease with which a password can be recovered,” Ouchn said.
“A CISO should certainly incorporate this password cracking tool in his arsenal because it allows to check the complexity of the company password policy. Of course, the complexity of a password is not the only criterion for a well-constructed policy, as there are a plethora of criteria: Duration, length, entropy, etc… So HashCat is a must have for any CISO.” (See also John the Ripper).


“You know what you have connected to when using your hardwired network, but have you ever wondered if the air is playing tricks on you? To test your WiFi security, Wifite has the simplest way,” Ouchn says.
“The grip is instantaneous. It is written in Python and runs on all platforms. CISOs should need only to supply the WiFi interface they use and it does the job, verifying that the corporate wireless networks are configured according to the applicable Security Policy, and better yet, it can be used to identify any open and accessible network that can potentially be harmful in terms of Phishing” Ouchn continued.
“Wifite allows the discovery of all devices that have an active wireless capability enabled by default (like some printers for example). Wifite is a very simple and convincing way for a CISO to validate the security of wireless networks. (See also AirCrack).


“Known for many years as EtherealWireShark is probably the best tool when it comes to sniffing for and collecting data over a network,” Ouchn says.
“On the one hand, WireShark has boosted its capabilities with the support of several types of networks (Ethernet, 802.11, etc.) and also in the simplicity of its use through a very friendly user interface.”
“WireShark allows a CISO to demonstrate that outdated protocols such as Telnet / FTP should be banned from a corporate network, and that sensitive information should be encrypted to avoid being captured by a malicious user,” Ouchn explained.
“Beyond the sniffing features, WireShark is also a great way to validate the network filtering policy. When placed near filtering devices, it can detect the protocols and communication flow in use. WireShark should be considered by any conscious CISO to validate the filtering policy and the need for encryption.(See also Cain & Abel).


“Those who attended the latest demo by David Kennedy (SET lead developer and author) at the BlackHat Arsenal in Las Vegas understand the importance of such a tool” Ouchn said.
SET is a framework that helps the in creation of sophisticated technical attacks which operated using the credulity of the human. It can be used in the process of preparing a phishing attack mimicking a known website or trapping PDF files with the appropriate payload,” he continued. “The simplicity of use via an intuitive menu makes it an even more attractive tool.”
“It is the dream of every CISO to drive security awareness campaigns without ruining the security budget. With SET, the team in charge of security audits can design attacks scenarios and distribute them internally to the targeted users,” Ouchn says.
“This will confirm the users security perception within the company and validate the best Awareness Policy to deploy. The SET tool is very well maintained and is also based on a framework already mentioned above: Metasploit.”
Read more ...

Top 10 penetration testing tools 2013

Here is our prescribed rundown of pentesting apparatuses utilized by ethical hackers and penetration testers – or anybody with an enthusiasm toward data security. Our rundown is a mix of open source and paid or authorized arrangements. 

We scoured the web for comparable posts and made very much a long rundown, so what we did was we sifted  the most widely recognized and well known security instruments and outlined it into our Top-Ten
OK moving on, generally speaking security tools fall into one or more of the following categories:
Radio-frequency identification (RFID) tools
Information gathering
Vulnerability assessment
Exploitation tools
Reporting tools
Maintaining access
Reverse engineering
Stress testing
Privilege escalation
We are constantly amazed by the quantity, quality and communities that surround these information security tools. We’d appreciate it if you can let us know in the comments below if we have missed out a tool or service that really ought to be in this list. Enjoy!
(In alphabetical order):
acunetix1. Acunetix has a free and paid version. This hacking tool has many uses but in essence it tests and reports on SQL injection and Cross Site scripting testing. It has a state of the art crawler technology which includes a client script analyzer engine. This security tool generates detailed reports that identify security issues and vulnerabilities. The latest version, Acunetix WVS version 8, includes several security features such as a new module that tests slow HTTP Denial of Service. This latest version also ships with a compliance report template for ISO 27001. This is useful for penetration testers and developers since it allows organizations to validate that their web applications are ISO 27001 compliant.

aircrack-ng2. Aircrack-ng is a comprehensive set of network security tools that includes, aircrack-ng (which can cracks WEP and WPA Dictionary attacks), airdecap-ng (which can decrypts WEP or WPA encrypted capture files), airmon-ng (which places network cards into monitor mode, for example when using the Alfa Security Scanner with rtl8187), aireplay-ng (which is a packet injector), airodump-ng (which is a packet sniffer), airtun-ng (which allows for virtual tunnel interfaces), airolib-ng (which stores and manages ESSID and password lists), packetforge-ng (which can create encrypted packets for injection), airbase-ng (which incorporates techniques for attacking clients) and airdecloak-ng (which removes WEP cloaking). Other tools include airdriver-ng (to manage wireless drivers), airolib-ng (to store and manages ESSID and password lists and compute Pairwise Master Keys), airserv-ng (which allows the penetration tester to access the wireless card from other computers). Airolib-ng is similiar to easside-ng which allows the user to run tools on a remote computer, easside-ng (permits a means to communicate to an access point, without the WEP key), tkiptun-ng (for WPA/TKIP attacks) and wesside-ng (which an an automatic tool for recovering wep keys).
Like most of the security tools in our list, Aircrack also has a GUI interface – called Gerix Wifi Cracker. Gerix is a freely licensed security tool under the GNU General Public License and is bundled within penetration testing Linux distributions such as BackTrack and Backbox. The Gerix GUI has several penetration testing tools that allow for network analysis, wireless packet capturing, and SQL packet injection.

cainabel3. Cain & Abel, or just Cain for short, has a reputation of being a bit of a script-kiddie tool, but it is still awesome nonetheless. Cain & Abel is defined as being a password recovery tool. This tool allows a penetration tester to recover various types of passwords by sniffing the network, and cracking encrypted passwords using either a dictionary or brute-force attacks. The tool can also record VoIP conversations and has the ability to decode scrambled passwords, discover WiFi network keys and cached passwords. With the correct usage and expertise, a penetration tester can also analyze routing protocols. The security tool does not inherently exploit any software vulnerabilities or holes, rather it identifies security weaknesses in protocol’s standards.
Students studying for IT information security certificates will use the tool to learn about APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks (often abbreviated to MITM). The sniffer features in the latest version of Cain allow for the analysis of encrypted protocols such as SSH-1 and HTTPS. The new version also contains routing protocols authentication monitors, dictionary and brute-force crackers for all popular hashing algorithms, password calculators, cryptanalysis attacks and password cracking decoders.

ettercap4. Ettercap often accompanies Cain (third in our list). Ettercap is a free and open source network security tool for man-in-the-middle attacks (MITM) on LAN. The security tool can be used to analyze computer network protocols within a security auditing context. Ettercap has four methods of functionality:
Security scanning by filtering IP-based packets, MAC-based: whereby packets are filtered based on MAC address, (this is useful for sniffing connections through a gateway). ARP-based scanning by using ARP poisoning to sniff on a switched LAN between two hosts (known as full-duplex). PublicARP-based functionality: Ettercap uses ARP poisoning to sniff on a switched LAN from a victim host to all other hosts (known as half-duplex).

ripper5. John The Ripper has the coolest name on our Concise Courses 2013 Security Pentesting Tools list! John the Ripper was written by Black Hat Pwnie Winner Alexander Peslyak. This very popular security tool, often abbreviated just to “John” is a free password cracking software tool. Originally created for the UNIX operating system, it currently works on every major operating system. By far, this tool is one of the most popular password testing and breaking programs used by information security professionals. The pentesting tool combines various password crackers into one concise package which is then able to identify password hash types through its own customizable cracker algorithm.

metasploit6. Metasploit is huge. Developed by Rapid7 and used by every pentester and ethical hacker in the world. Period. The Metasploit Project is a security project which delivers information about security vulnerabilities and helps penetration testing and Intrusion detection. The open source project – known as the Metasploit Framework, is used by security professionals to execute exploit code against a remote target machine – for penetration testing of course!
Another cool project is Metasploitable which is an intentionally vulnerable version of Ubuntu Linux built on purpose for testing security tools, like all of ones listed here, and demonstrating common vulnerabilities.

nessus7. Nessus is another giant – a security tool that focuses on vulnerability scanning. There is a free and paid version – free for personal use. Started in 1998 by Renaud Deraison is has evolved into one of the world’s most popular security tools – particularly as a vulnerability scanner. The organization behind Nessus, Tenable Security, estimates that it is used by over 75,000 organizations worldwide.
Essentially Nessus scans for various types of vulnerabilities: ones that check for holes that hackers could exploit to gain control or access a computer system or network. Furthermore, Nessus scans for possible misconfiguration (e.g. open mail relay, missing security patches, etc.). The tools also scans for default passwords and common passwords which is can use execute through Hydra (an external tool) to launch a dictionary attack. Other vulnerability scans include denials of service against the TCP/IP stack.

nmap8. Nmap is another massive giant of a security tool which has been around for forever and is probably the best known. Nmap has featured on many movies including the Matrix – just Google it and you’ll see what we mean. Written in C, C++, Python, Lua by Gordon Lyon (Fyodor) starting from 1997, Nmap (Network Mapper) is the defacto security scanner which is used to discover hosts and services on a computer network. To discover hosts on a network Nmap sends specially built packets to the target host and then analyzes the responses. The program is really sophisticated because unlike other port scanners out there, Nmap sends packets based upon network conditions by taking into account fluctuations, congestion and more.

ripper9. Kismet is a wireless network detector, sniffer, and intrusion detection security pentesting tool. Kismet can monitor and sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. There are many sniffing tools out there but what makes Kismet different and very popular is the fact that it works passively – meaning that the program does not send any loggable packets whilst being able to monitor wireless access points and wireless clients. It is open source and widely used.

wireshark10. Wireshark Wireshark has been around for ages and is extremely popular. Wireshark allows the pentester to put a network interface into a promiscuous mode and therefore see all traffic. This tool has many features such as being able to capture data from live network connection or read from a file that saved already-captured packets. Wireshark is able to read data from a wide variety of networks, from Ethernet, IEEE 802.11, PPP, and even loopback. Like most tools in our 2013 Concise Courses Security List the captured network data can be monitored and managed via a GUI – which also allows for plug-ins to be inserted and used. Wireshark can also capture VoIP packets (like Cain & Able – see tool 3) and raw USB traffic can also be captured.
In the event that you are a sharp specialist or an expert infiltration analyzer then you must see how to utilize these devices successfully. These security apparatuses are amazing and enjoyable to learn and utilization – the people that make them are basically splendid programers and make the entrance testing occupation a ton simpler to oversee. What do you think? What devices do you utilize the most and why – have we missed any out? Tell us in the remarks below
Read more ...

Top 15 Free Hacking | Cracking | Pentesting Tools You should Know 2014

hacking tools

There are numerous hacking & security devices accessible that programmers and security researchers use for pentesting purposes. Here is a rundown and a concise depiction of normally utilized Hacking & Security apparatuses.

1. Nmap
Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. You can download Nmap from Nmap homepage.

2. Wireshark
Wireshark is a network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. Wireshark homepage.

3. Metasploit Community edition
Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners. This helps prioritize remediation and eliminate false positives, providing true security risk intelligence. Metasploit community edition homepage.

4. Nikto2
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Nikto2 homepage.

5. John the Ripper
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version. You can download John the Ripper from here.

6. ettercap
Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. ettercap homepage.

7. NexPose Community edition
The Nexpose Community Edition is a free, single-user vulnerability management solution. Nexpose Community Edition is powered by the same scan engine as Nexpose Enterprise and offers many of the same features. Nexpose homepage.

8. Ncat
Ncat is a feature-packed networking utility which reads and writes data across networks from the command line. Ncat was written for the Nmap Project as a much-improved reimplementation of the venerable Netcat. It uses both TCP and UDP for communication and is designed to be a reliable back-end tool to instantly provide network connectivity to other applications and users. Ncat will not only work with IPv4 and IPv6 but provides the user with a virtually limitless number of potential uses. ncat homepage.

9. Kismet
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT. kismet homepage.

10. w3af
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. w3af homepage.

11. hping
hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. hping homepage.

12. burpsuite
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. BurpSuite homepage.

13. THC-Hydra
A very fast network logon cracker which support many different services.  hydra homepage.

14. sqlmap
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. You can download Sqlmap from here.

15. webscarab
WebScarab has a large amount of functionality, and as such can be quite intimidating to the new user. But, for the simplest case, intercepting and modifying requests and responses between a browser and HTTP/S server, there is not a lot that needs to be learned.

Read more ...
CopyRight 2015 ComputerInitaite Powered By ComputerInitaite