advanced password recovery

Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices. It checks security settings according to the profiles the user creates and changes them to recommended settings based on the CIS AWS Benchmark source at request of the user.

LightBulb is an open source python framework for auditing web applications firewalls.

SELKS is a free and open source Debian (with LXDE X-window manager) based IDS/IPS platform released under GPLv3 from Stamus Networks (https://www.stamus-networks.com/).

Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps.

Open source log management that actually works.

Security issues happen for two reasons -

Developers who have just started and cannot really tell a difference between using MD5 or bcrypt.
Developers who know stuff but forget/ignore them.

Our detailed explanations should help the first type while we hope our checklist helps the second one create more secure systems. This is by no means a comprehensive guide, it just covers stuff based on the most common issues we have discovered in the past.

Online WPA WPA2 NTLM MD5 DESCRYPT MD5CRYPT Password Cracker.
Crackq is an online distributed GPU-accelerated password cracker designed to help penetration testers and network auditors identify weak passwords. It supports a number of hash types and we are actively adding new algorithms. There are no delays associated with manual submissions and payment processing. The results are emailed automatically as soon as the hash is processed.

A comprehensive tutorial on cross-site scripting

safepaste is a security-conscious paste service for sharing private, encrypted data. All encryption is done client-side and it's impossible for the server, admin, or anyone without your 256 bit key to view the paste. All pastes are encrypted using AES-256.

Hackazon is a free, vulnerable test site that is an online storefront built with the same technologies used in today’s rich client and mobile applications. Hackazon has an AJAX interface, strict workflows and RESTful API’s used by a companion mobile app providing uniquely-effective training and testing ground for IT security professionals. And, it’s full of your favorite vulnerabilities like SQL Injection, cross-site scripting and so on.

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

Real-time updated, P2P websites
using Bitcoin cryptography and the BitTorrent network

Peergos is a peer-to-peer encrypted filesystem with secure sharing of files designed to be resistant to surveillance of data content or friendship graphs. It will have a secure email replacement, with some interoperability with email. There will also be a totally private and secure social network, where users are in control of who sees what (executed cryptographically).

Analyse your HTTP response headers and find security breaches

Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.

Tron est un script batch sorti des entrailles de Reddit qui automatise une bonne grosse session de désinfection et de nettoyage sur les Windows. Compatible avec les versions allant de XP à Windows 10, Tron enchaine plusieurs opérations.

IPFS (the InterPlanetary File System) is a new hypermedia distribution protocol, addressed by content and identities. IPFS enables the creation of completely distributed applications. It aims to make the web faster, safer, and more open.

Bruteforces [.onion] domains

Malcom is a tool designed to analyze a system's network communication using graphical representations of network traffic, and cross-reference them with known malware sources. This comes handy when analyzing how certain malware species try to communicate with the outside world.