sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

https://packetstormsecurity.com/files/165421/sqlmap-1.6.tar.gz

Wireshark is a GTK±based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

https://packetstormsecurity.com/files/165420/wireshark-3.6.1.tar.xz

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.

https://packetstormsecurity.com/files/165375/wapiti3-3.0.9.tar.gz

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

https://packetstormsecurity.com/files/165352/tor-0.4.6.9.tar.gz

Google’s OSS Fuzz tool aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution.

https://packetstormsecurity.com/files/165353/oss-fuzz-master-202112170617.zip

This utility looks for log4j in the currently running JVM. It is useful for systems that allow plugins to introduce their own jars. Therefore, you can find if someone is using log4j with a dangerous version.

https://packetstormsecurity.com/files/165310/log4j-recognizer-main.zip

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

https://packetstormsecurity.com/files/165302/openssl-1.1.1m.tar.gz

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. This is the cross platform package.

https://packetstormsecurity.com/files/165259/ZAP_2.11.1_Crossplatform.zip

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

https://packetstormsecurity.com/files/165236/nfstream-6.4.0.tar.gz

ETS Password Recovery Tool allows you to recover passwords for an ETS5 project. This is due to a significant design flaw as ETS5 uses a hard-coded password and salt to encrypt the project information.

https://packetstormsecurity.com/files/165200/ets5-password-recovery-main.zip

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

https://packetstormsecurity.com/files/165133/i2psource_1.6.1.tar.bz2

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.

https://packetstormsecurity.com/files/165103/wapiti3-3.0.8.tar.gz

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.

https://packetstormsecurity.com/files/165102/Stegano-0.10.1.tar.gz

Photon is a relatively fast crawler designed for automating OSINT (Open Source Intelligence) with a simple interface and tons of customization options. It is written in Python. Photon essentially acts as a web crawler which is able to extract URLs with parameters, also able to fuzz them, secret AUTH keys, and a lot more.

https://packetstormsecurity.com/files/165104/Photon-1.3.2.zip

OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).

https://packetstormsecurity.com/files/165097/openstego-0.8.2.zip

GnuPG (the GNU Privacy Guard or GPG) is GNU’s tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.

https://packetstormsecurity.com/files/165072/gnupg-2.2.33.tar.bz2

Wireshark is a GTK±based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

https://packetstormsecurity.com/files/165055/wireshark-3.6.0.tar.xz

OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for images).

https://packetstormsecurity.com/files/165041/openstego-0.8.1.zip

Hashcat is an advanced GPU hash cracking utility that includes the World’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

https://packetstormsecurity.com/files/165042/hashcat-6.2.5.tar.gz

Hashcat is an advanced GPU hash cracking utility that includes the World’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

https://packetstormsecurity.com/files/165043/hashcat-6.2.5.7z