We have got a lot of packet sniffer/analyzer software out there, I am a self confessed Wireshark & Ettercap lover, but still, when it comes to analyzing network traffic from command line in a fast manner, ngrep is my one of my favourites. Written by Jordan Ritter its used to “grep” traffic patterns from the network interfaces. As per official documentation -
ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
ngrep runs on Windows & *nix platforms alike and you need WinPCAP to run it since it relies on it.
Once you install it, it by default uses the first interface on your machine, so , make sure to check the detected interfaces by running -
C:\Users\RISHABH\Desktop>ngrep -L
idx dev
--- ---
1: \Device\NPF_{4D491111-D331-42BC-9A33-98EF8C40D422} (Microsoft)
2: \Device\NPF_{ADBF6AC1-D111-463D-8D99-C58FA1BEF979} (Sun)
3: \Device\NPF_{6F801AE0-CA61-4A6D-B5FF-DCB7CE8FC529} (VMware Virtual Ethernet Adapter)
4: \Device\NPF_{930B6EC8-A5E3-4FFA-B68F-F159FDFC2064} (VMware Virtual Ethernet Adapter)
5: \Device\NPF_{D1999293-A041-4C2A-B63F-5D8B4906000F} (Realtek PCIe GBE Family Controller)
exit
Now for example you want to check out whats going on at port 23 using interface 5
C:\Users\RISHABH\Desktop>ngrep -d 5 port 23
interface: \Device\NPF_{D1999293-A041-4C2A-B63F-5D8B4906000F} (192.168.1.0/255.255.255.0)
filter: (ip or ip6) and ( port 23 )
exit
0 received, 0 dropped
Piece of cake.. and if you want to filter any website in you are searching for keyword "password" then :
ngrep -d 5 “password” port 80
Easy aint it ? Ngrep does it all : ] With some complex grep commands , you can become a pcap ninja.
Well, you can
applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.Enthusiastics can experiment with its opotions and pwn many of the servers around,or can test their skills to secure their servers..but remember,SQL map is a tool,its might help you to find and apply vulnerabilities and injections,but in the end,you really must have a good knowledge of SQL some real pwning out there..Linux Source: sqlmap-0.7.tar.gz
Windows Portable: sqlmap-0.7_exe.zip
Hi friends.. I recently bought HTC wildfire and have been experimenting with it to the fullest. 
G-mon
G-mon is a powerful WarDriving scanner and GSM / UMTS Netmonitor and drive test tool. It scans for all WiFi networks in range & saves the data with GPS coordinates into a file on your sd card. You can create a kml file for Google Earth. It shows you the encryption, channel an signal strength. It shows all APs in range in a live map. I used it to collect lots of wifi data which I will be publishing soon.
Wardrive
another fantastic wardriving app which stores scans in sqlite db on the sdcard and displays found networks around in the map.It Requires Google MAPS installed.
Wifi Analyzer
This app literally turns your android phone into a Wi-Fi analyzer!! It helps you to find a less crowded channel for your wireless router and allows to audit networks.
Once you get networks, you can then break them into it using Aircrack and backtrack. Its easy and worth its salt :) . Here is a slice of my wardriving logs while i was in DTC bus :D
BSSID;LAT;LON;SSID;Crypt;Beacon Interval;Connection Mode;Channel;RXL;Date;Time
00:08:5C:EF:08:F0;28.56602;77.22951;Adiva;WpaPsk;-93;Infra;11;-92;2011/03/17;18:52:01
00:08:9F:81:8F:C4;28.56944;77.20531;Car0baR;WPA2;-96;Infra;6;-95;2011/03/17;18:58:30
00:0F:A3:6A:88:B8;28.56804;77.22473;sbi;Wep;-93;Infra;6;-91;2011/03/17;18:53:02
00:17:9A:09:D1:79;28.56813;77.22440;WebunivM;Wep;-93;Infra;6;-91;2011/03/17;18:53:05
00:18:02:87:02:8F;28.56845;77.22306;RT2561_6;Wep;-94;Infra;6;-93;2011/03/17;18:53:18
00:18:02:8E:32:5A;28.56885;77.21437;SrDDGA;WpaPsk;-91;Infra;6;-90;2011/03/17;18:55:31
00:18:02:92:A2:73;28.56955;77.20365;mtnlbb;Wep;-90;Infra;6;-89;2011/03/17;19:00:21
00:18:39:AA:5E:B8;28.56845;77.22306;Neeta;Wep;-89;Infra;11;-88;2011/03/17;18:53:18
at the end of the day, the moment that put a smile on my face was when i saw this as a network name near Delhi Cantt -
“You cant hack this Wifi dear neighbor”
It was a wpa2/psk secured network with static ip and mac filtering and the guy knew what he was doing :) Watching secured networks always makes my day.
Mausezahn is a free fast traffic generator written in C which allows you to send nearly every possible and impossible packet. It is mainly used to test VoIP or multicast networks but also for security audits to check whether your systems are hardened enough for specific attacks.
Mausezahn can be used for example:
Mausezahn is basically a versatile packet creation tool on the command line with a simple syntax and context help. It could also be used within (bash-) scripts to perform combination of tests. By the way, Mausezahn is quite fast; when started on my old PIII-Laptop (1.4 GHz, Gigabit Ethernet) I measured 755 Mbit/s using the interface packet counters of an HP ProCurve 5400 switch.
Currently Mausezahn is only available for Linux platforms. Please do NOT PORT Mausezahn to Windows! (Here is a nice explanation why; I really share Felix von Leitner’s point of view.)
Yoiu can download Mausezahn here:
Or read more here.
Like This post ? You can buy me a Beer :)
If you are in security, you might have heard of an Intrusion Detection system, which is a device or mechanism that 
Snort can be run in 4 modes:
A lot of people in the very active snort community are sharing their security rules which is very useful if you are not an security expert and wants to have up-to-date rules.Snort can be combined with other free software such as sguil, OSSIM, and the Basic Analysis and Security Engine (BASE) to provide a visual representation of intrusion data..which is in fact a PHP script displaying alerts on a web interface. At the end of the day, Snort is a must have for any security researcher or network paranoids out there..another mentionable IDS systems are Fragrouter,OSSEC HIDS and sGUIL.
You can download Snort from here
Like This post ? You can buy me a Beer :)
Posted by XERO. ALL RIGHTS RESERVED.
testing and breaking program available. JTR, as its fondly called ,combines multiple password cracking packages into one package,includes auto detection of hashes and is a fast password cracker. It is currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS and supports 15 different platforms . Its primary purpose is to detect weak Unix passwords ( no..I m kidding,Its primary purpose is to break passwords :P ).It can natively detect and crack various encrypted password formats including several crypt password hash types most commonly found on various Unix flavors (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. JTR has an active community and multiple third party patches have been added to increase its functionality to include MD4-based password hashes and passwords stored in LDAP, MySQL and others unsupported hashes. JTR is the penultimate when it comes to password cracking in windows (Cain and Abel is the ultimate :P), but for Linux and open source,its the best you can get your hands on.Fire it up with a wordlist and you are good to goroot@0[john-1.6.37]# cat wpass.txt user:AZl.zWwxIh15Q root@0[john-1.6.37]# john -w:password.lst wpass.txt Loaded 1 password hash (Traditional DES [24/32 4K]) example (user)
guesses: 1 time: 0:00:00:00 100% c/s: 752 trying: 12345 - pookie
You can download JTR from here
