BBQSQL is a blind SQL injection framework written in Python.

Change current released : fixing help menu
Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don’t you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues.
BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.

Overview of Readme
We tried to write the tool in such a way that it would be very self explanatory when setting up an attack in the UI. However, for sake of thoroughness we have included a detailed Readme that should provide you additional insight on the specifics of each configuration option. One thing to note is that every configuration option in the UI has a description associated with it, so if you do choose to fire up the tool without reading this page you should be able to hack your way through an attack.

High Level Usage
Similar to other SQL injection tools you provide certain request information.

Must provide the usual information:

  • URL
  • HTTP Method
  • Headers
  • Cookies
  • Encoding methods
  • Redirect behavior
  • Files
  • HTTP Auth
  • Proxies

Then specify where the injection is going and what syntax we are injecting. Read on for details.

After you pull the tool from Github, you can install simply by typing:

python install

Download in here | Read more right here


crackpkcs12 – Multithreaded program to crack PKCS#12 files (p12 and pfx extensions)

What is it?
crackpkcs12 is a tool to audit PKCS#12 files passwords (extension .p12 or .pfx). It’s written in C and uses openssl library.
It works on GNU/Linux and other UNIX systems.
His author is aestu and his license is GPLv3+ slightly modified to use openssl library.

How to install it?
You have to install libssl library. libssl is the package in Debian like distros and openssl in RedHat like distros.
For Debian like distributions (Debian, Ubuntu, Mint, Backtrack, etc) you can download .deb packages. No compilation is needed.
For other GNU/Linux distros or UNIX systems you have to compile from sources. See next section.

How to compile it?
You have to install libssl development library. libssl-dev is the package in Debian like distros and openssl-devel in RedHat like distros.
Afterwards, you can follow the standard process:
tar -xf crackpkcs12*
cd crackpkcs12*
sudo make install

How to use it?
crackpkcs12 is able to perform two types of attack: Dictionary (no dictionary is provided) or brute force.
Use help message to read the params description:
crackpkcs12 -h
Download Right Here | Read more in here

jNetPort – Active monitoring tool and network status display

jNetPort is a complete Java based active monitoring tool and network status display. It includes a graphic user interface for multiple port scanner engines (including Nmap) with multitasking environment (allowing to do multiple scans at the same time), graphic ping tool, traceroute tool with worldwide IP location display, and a complete statistics section which allows to display plots and compare and save results.
NOTE: Jpcap and Nmap required.


Download in here | Read More Right here

mft2csv : MFT decoder, NTFS File Extracter & cmdline fileinfo dumper

This tool will decode the $MFT record for a given file. It is a combination of mft2csv and NtfsFileExtracter. That means it is a tool for quick decode and dumping of file records. It does not write any csv, but dumps the information to the console. It is very handy when testing stuff and learning NTFS, as you can do stuff to a file and get it decoded right away, without first having to extract the whole $MFT and then decode it to a csv, before importing it into Excel or something and get the actual result. MFTRCRD is therefore for quick dumping of record information for individual files, whereas mft2csv is for decoding the complete $MFT with all its records, which may be a substantial amount and timeconsuming task.
It supports both file name+path and IndexNumber (MFT record) as input (param1). One switch (param3) is for optimizing decode speed when $ATTRIBUTE_LIST is present for a given file. For most usage, set param3 as attriblist=off. That will produce faster output. Only set param3 as attriblist=on when there is an $ATTRIBUTE_LIST attribute present. Another switch (param4) is for choosing wether to hexdump resolved INDX records from the $INDEX_ALLOCATION attribute.

Attributes currently handled:
$SECURITY_DESCRIPTOR (just raw hex dump)
$BITMAP (just raw hex dump)

Download In here | Read more right here

Winpmem v-0.1 rc1 released.

Winpmem is an open source windows memory imager which exposes a raw device with direct physcial memory access.

This tool can be used to allow volatility to run on the raw memory of a live system – with no need to take an image.
Included is a simple user space imaging application using the driver.

Download In here | Read more right here


MaxCannon is a UDP Denial of Service stress tester with a twist. The tool also allows your computer to because a server for a volunteer botnet where other people with MaxCannon can connect and are under the command of the server operator. The clients that connect to this volunteer botnet can join and leave any time they want.

Commands:The two commands as the server operator are

flood <ip>
connected (shows who is connected)


  • UDP Flood (DoS)
  • UDP Flood (DDoS) With Volunteer Botnet
  • Simple to Use
  • Volunteer Botnet
  • Powerful
  • Simple UI

Download in here | read more right here

TurboPower LockBox 3 is a FOSS Delphi Cryptographic Library.

LockBox 3 is a Delphi library for cryptography. Currently supported Delphi 7, 2005, 2007, 2009 and 2010. It provides support for AES, DES, 3DES, Blowfish, Twofish, SHA, MD5, a variety of chaining modes, RSA digital signature and verific…

  • AES
  • SHA2 (including the new SHA-512/224 & SHA-512/256)
  • DES/3DES
  • Blowfish
  • Twofish
  • SHA1
  • MD5
  • RSA Sign & Verify
  • Chaining modes: ECB, CBC, CFB8, CFB, CTR, ECB, OFB, PCBC

Download In here
Read more right here: