Useful Apps
For forensics and security testing
Free VPN Indicator
This app extracts IP addresses from forensic artefacts (log files etc) and flags if any belong to one of the popular free VPN services that do not require a credit card sign-up. Perfect for zoning in on suspicious source addresses. Download it
LinkedIn_Facebook Join Date Estimator
This app provides a date (accurate to within 2 months) when a particular Facebook or LinkedIn user joined these platforms. This can help with social media investigations, in particular to assess whether a profile may be fake based on a recent creation date. Download it
Uncropped image revealer
Cropped screenshots and images within PowerPoint, Excel and Word documents, can reveal the portions of the area deleted but not completely removed. There is a risk that low classification documents could still reveal sensitive data, or data which can help with investigations. Download it
ShadowBin
Secretly gets a copy of everything that gets sent to the Windows Recycle Bin and saves to another folder on the same system. So even if files get further deleted from the Recycle Bin, there will be a copy of everything removed. Useful for monitoring systems for suspicious activity either on shared systems or systems that are at risk of being breached. *Contact us for a copy/pricing
CPP
CPP is a small script to produce common variants of a particular password when testing login credentials using tools such as BurpSuite Intruder or similar.
Analysis of huge numbers of existing passwords have shown that when a user is required to set a complex password, they sometimes use their existing (simple) password but change it using predictable methods. This gives them the best balance of meeting the application's complexity requirements whilst still being able to easily remember their password. This program rapidly provides the most common permutations. *This utility is meant to be used only by those authorised to test the intended websites. Download it
Pinwheel
Pinwheel is a credential-guessing enhancement to BurpSuite/Turbo-Intruder which allows multiple username/password attempts whilst circumventing any application server login attempt protection which may be more likely to happen with repeated login attempts of the same username. Many websites implement network defences against repeated login requests to prevent misuse and this often comes into play after the user has tried a set number of login attempts. The user, after a set period of not making any further requests (usually a few minutes to one hour), is often then permitted by the application to resume making credential-guessing requests.
This script allows several username and counterpart passwords lists to be tried in turn and so in this respect is useful if there are login credentials for several users on the same site which need to be tested. *This utility is meant to be used only by those authorised to test the intended websites. Download it
Run-Pause-Run
RPR is a credential-guessing enhancement to BurpSuite’s Turbo-Intruder extension, which can implement pauses during attack runs. This enables the attacker to set a pause time after a specified number of test login requests in the middle of an attack run, in order to avoid having the target site block the attack. The program allows BurpSuite Intruder to iterate through a list of passwords, but with the ability to set pauses in the middle of the attack after a specified number of requests have been made. After each pause, the attack then resumes automatically. *This utility is meant to be used only by those authorised to test the intended websites. Download it