Hacker Indonesia

10 [RIPS] A STATIC SOURCE CODE ANALYSER PHP

RIPS adalah tools yang dibuat menggunakan PHP untuk menemukan kelemahan pada aplikasi yang berbasis PHP dengan metode static code analysis.

• Code Execution
• Command Execution
• Cross-Site Scripting
• Header Injection
• File Disclosure
• File Inclusion
• File Manipulation
• LDAP Injection
• SQL Injection
• Unserialize with POP
• XPath Injection
• … other

• scan and vulnerability statistics
• grouped vulnerable code lines (bottom up or top down)
• vulnerability description with example code, PoC, patch
• exploit creator
• file list and graph (connected by includes)
• function list and graph (connected by calls)
• userinput list (application parameters)
• source code viewer with highlighting
• active jumping between function calls
• search through code by regular expression
• 8 syntax highlighting designs
• … much more

• fast
• tokenizing with PHP tokenizer extension
• taint analysis for 232 sensitive sinks
• inter- and intraprocedural analysis
• handles very PHP-specific behaviour
• handles user-defined securing
• reconstruct file inclusions
• detect blind/non-blind exploitation
• detect backdoors
• 5 verbosity levels
• over 100 testcases
• … much more

Download RIPS

Selamat mempelajari, mencoba dan menggunakan. Gunakanlah sesuai dengan sebaik-baiknya dan sesuai kebutuhan 

. [DROIDSQLI] MYSQL INJECTION TOOL FOR ANDROID

DroidSQLi adalah untuk melakukan SQL injecttion dengan menggunakan perangkat Android.



Fitur-fitur yang tersedia DroidSQLi:
- Time based injection
- Blind injection
- Error based injection
– Normal injection
Download DroidSQLi

8. [RAFT V3.0.1] RESPONSE ANALYSIS AND FURTHER TESTING TOOL

RAFT adalah testing tool untuk mengidentifikasi kelemahan terhadap aplikasi web.

RAFT bisa digunakan untuk fuzzing.
Download Raft v3.0.1

7. [RESOLVER V1.0.9] THE REVERSE/BRUTEFORCE DNS LOOKUP

Fitur-fitur yang tersedia:

• Resolve a Single IP
• Resolve an IP Range
• Resolve IP’s provided in a text file
• Export Results to a text file
• Copy results to Clipboard
• DNS Records brute force

Download Resolver v1.0.9

6. [COOKIECATCHER] SESSION HIJACKING TOOL

Download CookieCatcher

5. [SPEARPHISHER] A SIMPLE PHISHING EMAIL GENERATION TOOL

• The tool supports specifying different sending names and email addresses, multiple recipients via TO, CC, BCC, and allows bulk loading with one recipient email address per line in a file.
• It allows customization of the subject, adding one attachment, and SSL support for SMTP enabled mail servers. One of the popular features with our client is the WYSIWYG HTML editor that allows virtually anyone to use the tool; previewing results as you point and click edit your malicious email body.
• If you want to add custom XSS exploits, client side attacks, or other payloads such as a Java Applet code generated by the Social Engineer Toolkit (SET), its split screen editor allows more advanced users to edit HTML directly.

Download SpearPhisher

4. [JSQL INJECTION V0.5] JAVA TOOL FOR AUTOMATIC DATABASE INJECTION

jSQL Injection adalah aplikasi yang ringan untuk mendapatkan informasi database dan mengexploitasi database.

• SQL shell
• Uploader
• Admin page checker and preview

• Brute forcer (md5 mysql)
• Coder (encode decode base64 hex md5)

• Distant file reading
• Webshell deposit
• Terminal for webshell commands
• Configuration backup
• Update checker

• Time based algorithm
• Multi-thread control (start/pause/resume/stop)
• Shows URL calls

• GET, POST, header, cookie methods
• Normal, error based, blind algorithms
• Automatic best algorithm selection
• Progression bars
• Simple evasion
• Proxy setting
• Supports MySQL

Download jSQL Injection v0.5