Ghost Phisher is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honey pot , could be used to service DHCP request , DNS requests or phishing attacks

Requirements:

python
python-qt4
dhcp3-server
xterm
subversion

Download
http://code.google.com/p/ghost-phisher/downloads/list

To get the source code for this project from SVN, here's the checkout link:
root@host:~# svn checkout http://ghost-phisher.googlecode.com/svn/Ghost-Phisher

To install simply run the following command in terminal after changing directory to the path were the downloaded package is:
root@host:~# dpkg -i ghost-phisher_1.3_all.deb

FreeDOS 1.1 has been released after being in development for several years. FreeDOS is an opensource operating system aiming to provide the same (or better) functionality as Microsoft'sold MS-DOS. Right now the main use is running old games and software, but you might encounter it on somefreshly sold computers, motherboard setup CDs, BIOS flashing diskettes, embedded hardware and other uses.

Download
http://www.freedos.org/freedos/files/

Reaver is a WPA attack tool developed by Tactical Network Solutions that exploits a protocol design flaw in WiFi Protected Setup (WPS). This vulnerability exposes a side-channel attack against Wi-Fi Protected Access (WPA) versions 1 and 2 allowing the extraction of the Pre-Shared Key (PSK) used to secure the network. With a well-chosen PSK, the WPA and WPA2 security protocols are assumed to be secure by a majority of the 802.11 security community.

Download
http://code.google.com/p/reaver-wps/downloads/list

Usage is simple just specify the target BSSID and the monitor mode interface to use:

# reaver -i mon0 -b 00:01:02:03:04:05

Info
http://securityxploit.blogger.de/stories/1970771/

Bluelog is a simple Bluetooth scanner designed to tell you how many discoverable devices there are in an area as quickly as possible. It is written in C. That so eliminating compatibility issues in most platforms.

Download
ftp://ftp.digifail.com/downloads/software/bluelog/bluelog-1.0.0.tar.gz

This utility scans the passwords stored by popular Windows applications (Microsoft Outlook, Internet Explorer, Mozilla Firefox, and more...)
Supported Applications

Internet Explorer 4.0 - 6.0
Internet Explorer 7.0 - 9.0
Mozilla Firefox (All Versions)
Dialup/VPN passwords of Windows
MSN/Windows Messenger
Microsoft Outlook
Windows Live Mail


Download
http://www.nirsoft.net/utils/password_security_scanner.html

Source by Astr0baby
http://pastebin.com/PDJdHbRz

Edit by Vanish3r
http://pastebin.com/7xmvGnks
In order to be able to compile the generated payload we must install the following packages ; Mingw32 gcc which you can install by :
root@bt:~# apt-get install mingw32-runtime mingw-w64 mingw gcc-mingw32 mingw32-binutils

After the installation we must move our shell-script - Vanish.sh - to default Metasploit folder (/pentest/exploits/framework) and execute it. Recommended Seed Number = 7000 and Number of Encode = 14 .

BozoCrack is a depressingly effective MD5 password hash cracker with almost zero CPU/GPU load. Instead of rainbow tables, dictionaries, or brute force, BozoCrack simply finds the plaintext password. Specifically, it googles the MD5 hash and hopes the plaintext appears somewhere on the first page of results.

Download
https://github.com/juuso/BozoCrack/blob/master/bozocrack.rb

Initially the backdoor PHP code is generated using payloads containing main PHP system functions that operate under a basic Cookie handling mechanism. This code is then injected, after which the client can send shell commands hidden in Cookie headers obfuscated with base64 encoding. On the server side the shell command is executed and the output is transmitted back to client hidden (base64 encoded too) in Cookie headers.

ReadMe
https://github.com/anestisb/WeBaCoo/#readme

Download
http://github.com/anestisb/WeBaCoo/zipball/master

Features:
+ Sniffing passwords\hashes of the types:
ICQ\IRC\AIM\FTP\IMAP\POP3\SMTP\LDAP\BNC\SOCKS\HTTP\WWW\NNTP\CVS\TELNET\MRA\DC++\VNC\MYSQL\ORACLE
+ Sniffing chat messages of ICQ\AIM\JABBER\YAHOO\MSN\IRC\MRA
+ Promiscuous-mode\ARP\DHCP\Gateway\Smart Scanning
+ Raw mode (with pcap filter)
+ eXtreme mode
+ Capturing packets and post-capture (offline) analyzing
+ Remote traffic capturing via RPCAP daemon
+ NAT
+ ARP MiTM
+ DNS over ICMP MiTM
+ DHCP MiTM
+ SSL MiTM + SSL Strip

Download
http://intercepter.nerf.ru/Intercepter-NG.v09.zip




FAQ
Q: My adapter's IP is 0.0.0.0
A: Turn off ipv6 in TCP\IP settings

Q: I dont see my adapter in list
A: WinPcap does not support your card

Q: Intercepter doesn't run, just nothing
A: Try to 'Run As Admin' or remove wpcap\packet dlls
and install original WinPcap
http://www.winpcap.org/install/default.htm

Q: Im running WiFi card and nothing work, even arp poison
A: Disable 'Spoofing' option. WiFi doesn't allow to spoof mac
and disable 'EnableICMPRedirect' in registry.
Also make sure that Stelth IP is able to connect to inet.

WAFP is a Web Application Finger Printer written in ruby using a SQLite3 DB. WAFP fetches the files given by the Finger Prints from a webserver andchecks if the checksums of those files are matching to the given checksums from theFinger Prints. This way it is able to detect the detailed version andeven the build number of a Web Application.

Download
http://mytty.org/wafp/wafp-0.01-26c3.tar.lzma