close(x)

Best Reverse Engineering Tools for 2020


Best Reverse Engineering Tools

If you are thinking of all the main tools used by a modern software, then you are in luck because this article is going for them.

Therefore, if you are from someone who is familiar with network interaction principles, assembler language, and has some level of experience related to Windows programming using API functions, then you should read.

Understanding the Need for Best Software Reverse Engineering Tools.

Every day there are countless new software applications in the kind of world we live in. Furthermore, most of them have their source code hidden which makes more work while trying to understand the nuances, algorithms etc. of the said software. This is also where software reverse engineering tools come from.

There are many such tools to choose from and trying one of the best crowns can be quite difficult. Let go to applications that are frequently used.

Software Reverse Engineering Tools.

1. IDA-Pro, Hex-Rays.

It is an interactive disassembler and has an inbuilt command language or IDC. It supports a wide range of executives, operating systems and more. You can use this tool to draw diagrams, rename markers, and do more of the whole. An assembler code can be decomposed through a hex-res decompler plug-in.

IDA Pro should be one of the best reverse engineering tools. It is an interactive disassembler, widely used for software reversal. It has an in-built command language (IDC), which supports multiple executable formats for a variety of processors and operating systems. In addition it has a large number of plugins that allow disassembler functionality to be extended even further.

The main advantage of this tool is that it allows you to interactively change any element of the displayed data:

  • Give the names to the functions, variables, data structures, etc
  • Change the data representation (as numbers, as strings in a various encodings, as data structures)
  • Build diagrams and graphs of code flow to simplify the understanding of disassembled code.
  • Use the type information about function arguments and structure definitions from C++, so that the arguments and variables are automatically named.
  • Automatically recognize and name the standard library functions in the assembler code and much more.

There IDA plugins, which are also worth mentioning besides the disassembler itself.

Hex Rays Decompiler

This is a plugin that adds assembler from ID decompiler to IDA. The decompoiler produces substantially more accurate C code than the one produced by a human reverse engineer. These are really problems with complex assembler code, where the original code was specifically modified by replacing the inline montage or replacing some manual customization. But in the normal state, it decomposes the code created by various C ++ compilers, just fine, no matter the architecture.

Lighthouse

Plugin that adds the ability to mark execution paths within disassembler. This allows the researcher to understand which parts of the code are participating in the execution, and if they are involved in some algorithm or feature. Originally, this plugin marked the code coverage tool’s report in the IDA database and marked the piece of code that was executed with a specific color, depending on how often the piece Was executed. So while browsing the expression it becomes clear which part of the code is noticeable.

ClassInformer

This plugin is to be used on binaries created by Visual Studio and searches for RTTI information, stored in the data section of the executable file. The RTTI Info plugin allows the C ++ classes to find the class names and virtual methods, and name them for the user. In addition it presents a list of found classes

BinDiff by zynamix

It is a tool that uses the IDA engine to compare bytes, not as a stream of bytes, but as assembler code. So that it is able to add code changes of two versions of the same program as a list of instructions for changes to specific functions that were added, removed, or changed. The changes can also be represented as code flow graphs.

IDA-Function-Tagger

A plugin that analyzes imported functions and functions, which calls them and then groups them by tags: cryptography-related, registry-related, network-related, and more. Such grouping simplifies finding the portion of code responsible for specific tasks.

ida-x86emu

It is a plugin that allows the execution of unsatisfied code to be simulated, without the need to run the application in the disbugger. So it allows simulating the result of any code without fear of modifying something in the system. The user only specifies the initial values of the CPU register and can then perform step by step.

2. CFF Explorer.

This includes a resource editor, PE and HEX editor, signature scanner, import editor, address converter, a disassembler, and a dependency analyzer.

CFF Explorer includes:

  • PE and HEX editors
  • Resource editor
  • Import editor
  • Signature scanner
  • Address converter
  • Disassembler
  • Dependency analyzer

 3. API Monitor

It intercepts API function calls and can also display output and input data.

API Monitor is an application that accepts API function calls. It can display input and output data. By default, 10,000 API functions and more than 600 COM-interfaces are enabled.

 4. WinHex

It can display codes of software files, something that a simple text editor can’t do.

It is a HEX-editor that provides rich set of features and tools.

WinHex can display checksums or codes of software files, which simple text editor…..

5. Hiew

Hiew is a binary files editor, focused on work with code. It has built-in disassembler for x86, x86-64, and ARM, assembler for x86, x86-64.

Main features

 

  • Viewing and editing logical and physical drives.
  • Searching for assembler commands by template.
  • Keyboard macros.
  • Built-in 64-bit calculator.
  • Tools to create custom plugins.

6. Fiddler

Fiddler is a proxy that works with traffic between a computer and a remote server, and allows (MITM) to view or change it. It can work with both HTTP and HTTPS.

You can use Fiddler to stop the traffic going between the application and the server.

This allows HTTP / HTTPS to be intercepted. It is possible to add plugins (such as the wbxml view, which can decode wbxml), displaying requests / responses in different views. It has a built-in hex editor. Fiddler is also capable of generating requests or creating custom requests based on the selected one.

In addition, there is a “Request to Code” plugin for Fiddler, which allows getting ready code that executes requests over C #, VB, or Python. You can download it here.

7. Scylla

It is an application that allows to dump a running application process and restore the import table. After that, you can run the application. You can download the application here.

 

8. Relocation Section Editor

Application that removes values from the Relocation table. You can download it here.

 9. PEiD

PEiD is the best tool for Reverse Engineering the  use to detect the packer. By analyzing the entropy, PEiD can detect whether the application is packed or not.

There is also the KANAL (Krypto Analyzer for PEiD) plugin, which analyses PE file for the presence of known encryption algorithms.

There are various useful plugins that help to analyze PE files.

Learn more details here.

Practical software reverse engineering examples to show tools

Now let’s consider how to use mentioned reverse engineering software tools in practice, to research the applications. We will research a test application, you can download it here.

1. Opening of the researched executable in IDA-Pro

Let’s download a test application to IDA Pro. We receive the following message:

It means that something goes wrong with application: import table cannot be found. After that, we press the OK button and get the following:

The import table is almost empty. Its upper part shows that it was possible to detect a small piece of code (the blue part), and the left part shows which functions were detected (in our case, only two functions were detected). As we can see, there is a set of undetected bytes above the start function. We suppose that the application is packed by means of some packer. PeiD will help us to detect which packer was used.

2. Getting the information about the packer in PEiD

Load our application.

The fact that Entry Point is located in the UPX1 section is not really saying much. It is necessary to run a scan. Just go to Options and choose “Hardcode scan”:

Then, select the folder where our application is. After scan, we will see the result:

We can see that the application is packed using UPX.

The tool contains various plugins:

We are not going to consider them all, just mentioning that one of them is able to unpack the application. We will better do this via CFF Explorer.

3. Unpacking with CFF Explorer

CFF Explorer helps to unpack the application. To do that, we go to the UPX Utility page and press the Unpack button:

Best Reverse Engineering Tools 2020

After that, we can upload the application to IDA Pro, and assembler code will be restored.

We download it again to IDA Pro, which will ask whether to upload symbols from server, and we agree. Here is the result:

Best Reverse Engineering Tools 2020

Best Reverse Engineering Tools 2020

We see that there are code, some functions in the application, and import table. Now we run the application and debug it in IDA Pro. Select Debugger->Select Debuger->Local Win32 debugger, and then F9. As a result, we get:

Best Reverse Engineering Tools 2020

The tested application detected that it was debugged, and even displayed a message that it was not registered:

Best Reverse Engineering Tools 2020

We need to get rid of the fact that the application has detected a debugger.

See the import table:

Best Reverse Engineering Tools 2020

At once, we can notice the NtQueryInformationProcess function. After clicking on it, we get the following list of xref functions:

Best Reverse Engineering Tools 2020

Clicking on it, we can see where it is called. The third parameter is an output one, if it equals to 1, then debugger is attached to application, if it equals to 0, then debugger is not attached.  Let’s see where the result of this function is written to:

Best Reverse Engineering Tools 2020

We see that the third parameter contains the address of local variable (var_8). After function call, the result of the function is checked (test eax, eax). Then the value of var_8 is checked. If it is not 0, then the value is written to byte_131443C. Let’s check if this variable is used somewhere else in this function:

Best Reverse Engineering Tools 2020

We’ll start from the end. This value contains the result from al (lower bytes). Before that, the esi result is written to eax, and 1 is written to esi. Above, we see the condition for writing 1 to esi: if ecx + 2 is not equal to 0. The value in ecx is large fs:30h (and then + 2), it is a verification of debugger presence bypassing the IsDebuggerPresent function (a field of undocumented PEB structure). Let’s rename this variable. Press “N” or Right click->Rename. Let’s see where it is used:

Best Reverse Engineering Tools 2020

There is “…” in the end, so it is used in more places. Place the cursor over it and click «X» or Right click->Jump to xref to operand:

Best Reverse Engineering Tools 2020

We already know the first places, where it is used, but not the last one. Let’s check it:

Best Reverse Engineering Tools 2020

We see that it is checked whether it equals to 0. If it doesn’t, then we receive the message that there is a debugger.

We’ll consider the way to remove this verification in the “Hiew” section. It is worth noticing that IDA also allows to patch memory/code. In order to quickly find this piece of code, we’ll run the Rebase program to get the same offset as in Hiew. Select Edit->Segments->Rebase program, enter 0x400000:

Best Reverse Engineering Tools 2020

Let’s get the address of the code that performs the comparison. It is 0х401329:

Best Reverse Engineering Tools 2020

This value will be used in Hiew.

4. Modification of the executed statements in Hiew

Let’s upload our application. First, it looks as follows:

Best Reverse Engineering Tools 2020

Switch to the Decode mode. Press F4->Decode. Now we have to find the address, which we received in IDA Pro earlier. It is 0х401329. Press F5 and set the address this way:

We get code that compares our variable (g_isDebbugerPresent):

Best Reverse Engineering Tools 2020

Now we can replace it with, for example, jmp to specific address, so that this condition would never be satisfied (in real applications, it can be an exception to immediately close the application).

Press F3 and then F2 to switch to the Edit mode. Enter the address of the next command after if. Add “.” in the beginning of the address, so that it would be relative:

Best Reverse Engineering Tools 2020

After editing, our modified command is highlighted in yellow. Press F9 (Update), our application is saved.

If we try to run it, it is crashed.

Considering the Assembler code, we see that the new jmp will result in call esi, and esi will contain garbage instead of the MessageBox function address. We’ve missed the first mov esi, ds: MessageBox:

Best Reverse Engineering Tools 2020

Therefore, let’s swap saving address to esi and our jmp. Now, we should set relative address in jmp to 14, but no longer to 1E, because the command became closer to the command we are going to.

Best Reverse Engineering Tools 2020

Now, to make jmp, we should save the MessageBox address to esi.

After working with Hiew, let’s run it in IDA Pro, we go to our address:

Best Reverse Engineering Tools 2020

We see that there is an unconditional jump. If we run application using debugger, we’ll receive crash, because previous command contained absolute address, and after application start, loader passes the Relocation table and adds delta to and each value to make all addresses valid. We just have to remove this value from the Relocation table. Let’s upload the original file to IDA Pro, find deleted earlier cmp, and enable option of showing commands in byte representation in IDA. Select Option->General:

Best Reverse Engineering Tools 2020

This is what we get:

Best Reverse Engineering Tools 2020

Cmp is a double-byte command starting with 1329, and the address starts with 132B. We can see that jmp is a one-byte command and its address is relative (it means that it shouldn’t be in the Relocation table):

Best Reverse Engineering Tools 2020

Thus, we have to remove the 132A value from the Relocation table.

Open the application, changed by us, via Relocation Section Editor.

5. Deleting a value from the Relocation table by means of Relocation Section Editor

We have loaded the application and found the target value – 0x0040132A.

Best Reverse Engineering Tools 2020

Remove it and save. After running, we get crash again. Go back to IDA Pro.

 

After removing 132A from the Relocation table and swapping jmp/mov, we also get crash. That’s because we haven’t edited the value, which previously pointed to mov, and now should point to jmp.

 6. Modification of a value in the Relocation table by means of CFF Explorer.

Open it in CFF Explorer. We have found the value, on which delta for MessageBox used to be added before. It is 1332.

Best Reverse Engineering Tools 2020

Now, we’ll replace it with 132B, new value, bt which MessageBox can be found.

We run the application and see that it is not crashed any more and doesn’t show message about debugger detecting:

Best Reverse Engineering Tools 2020

You can remove this message yourself :).

 7. API Monitor.

This program contains a number functions it can monitor. There is also a possibility to add your own functions.

Let’s monitor our application – we’ll try to find the MessageBox function calling:

Best Reverse Engineering Tools 2020

I have pointed only a few functions.

Select File->Monitor New Process and set the path to our file.

After running our process, we see the list of the called functions. Let’s try to find MessageBox – here it is:

Best Reverse Engineering Tools 2020

API Monitor shows which parameters were passed to it.

It is possible to set different breakpoints:

Best Reverse Engineering Tools 2020

Run the monitoring of our file and here is what we get:

Best Reverse Engineering Tools 2020

We can see the parameters, passed to this function.

By means of API Monitor, it is easy to monitor the network function calls and research the passed parameters (of course, if the traffic is not encrypted).

8. WinHex.

We should detect the type of binary file before exploring it. To do that, you can use any hex editor. As an example, I will use WinHex. Open file:

Best Reverse Engineering Tools 2020

MZ signature at zero offset corresponds to the PE-format files (executables or shared libraries), so it is an exe file or dll.

For example, dump will look as follows:

Best Reverse Engineering Tools 2020

Most file formats have its unique signatures.

9. Scylla.

In this section, we’ll consider the packed app. We are not going to unpack it, we will make its memory dump and try to run it.

To do that, open the packed executable file in IDA Pro. We do it to find the original entry point into the application (OEP), rather than the entry point of the packer.

Best Reverse Engineering Tools 2020

The pusha command saves general-purpose registers to the stack. In the end, there should be popa, which pushes the stored register values. After this command, there is jmp to the original point of entry. You can use the “Search for text” option by pressing Alt + T and looking for popa.

Best Reverse Engineering Tools 2020

Below the popa, there is jmp 40A191, which will eventually move to the original entry point.

Put a breakpoint in jmp and run the debugger.

Now let’s follow jmp, but IDA Pro shows:

Best Reverse Engineering Tools 2020

It means that there is no code at the point, we’re going to. Therefore, IDA will create instructions in disassembled listing on the basis of bytes pointed by EIP.

Best Reverse Engineering Tools 2020

0x00971A91 is the address of the original entry point after unpacking the application into memory.

Now, without closing the IDA Pro, open the Scylla in order to make the application dump and restore the import table.

In the process list, we choose our application and put OEP into the field:

Best Reverse Engineering Tools 2020

Press IAT Autosearch, and then press Get imports. As a result, it shows that the import table is found.

Best Reverse Engineering Tools 2020

Let’s make an application dump: press Dump, save it, then Fix Dump, and select the previously saved application.

If we run our application, it will still crash. So, we need to remove the Relocation table.

Open modified dump (it has the _SCY prefix) in CFF Explorer.

Best Reverse Engineering Tools 2020

Set 0 to the «Relocation Directory RVA» field.

Best Reverse Engineering Tools

Check whether the ImageBase is the same as the application loaded into memory. This value can be found in IDA Pro, Edit-> Segments-> Rebase program.

Best Reverse Engineering Tools

Save and run your application. We receive the expected message:

Best Reverse Engineering Tools

In this example, I tried to show you how to work with each of the reverse engineering tools we briefly described in the first section. Anyway, the best way to master all these products is just start experimenting and researching yourself 🙂

Sources

  1. https://www.hex-rays.com/products/ida/
  2. http://www.ntcore.com/exsuite.php
  3. http://www.rohitab.com/apimonitor
  4. http://www.x-ways.net/winhex/
  5. http://www.hiew.ru/
  6. http://www.telerik.com/fiddler
  7. https://tuts4you.com/download.php?view.3503
  8. https://github.com/mohic/Relocation-Section-Editor
  9. https://www.aldeid.com/wiki/PEiD

 

 

Have any Question or Comment?

2 comments on “Best Reverse Engineering Tools for 2020

What’s up colleagues, how is the whole thing, and what you wish for to say concerning this paragraph, in my view its genuinely remarkable in favor of me.| а

Reply

Well I truly enjoyed studying it. This tip provided by you is very useful for proper planning.

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Help

If you need any kind of hacking tools and software, then contact me.

Instagram

Facebook

twitter

Youtube

Recent Posts

Categories

google Adsense

Hacking tools list

Binders (23):

amokjoiner
Bl0b B!nder 0.2.0 + USG
blackhole Binder
F.B.I. Binder
Predator 1.6
PureBiND3R by d3will
Schniedelwutz Binder 1.0
Simple Binder by Stonedinfect
sp1r1tus Binder 1.0
Tool-Store Binder 1.0
Tool-Store Toasty Binder 1.0
Yet Another Binder 2.0
Albertino_Binder
bl0b_bind
EESBinder10
Kbw-Binder
Public_27.12
Rapid_Binder_v_1.0
Sadaf_Binder
SaLiXeM_File_Binder
Sh!T_Multi_Binder_Free-
vBinder
yab201

“““““““““““““““““““““““““““““““

Cracking Tools (16):

Access Driver
Ares
Attack Toolkit v4.1 & source code included
Brutus
Golden eye 2005
HellLabs Proxy Checker v7.4.18
HostScan v1.6.5.531
Invisible Browsing v4.0
IPScanner v1.86
Net Tools Suite Pack Abril
NFO-Tools All In One
Patchs All In One 2005
Sentry20
SoftIce 4.05 -Win 2000-XP
VNC Crack
WWWHack

“““““““““““““““““““““““““““““““

Crypters (24):

Bifrost Crypter by ArexX 2
Cryptable Seduction 1.0 by DizzY
Crypter by Permabatt
Crypter bY YoDa
Cryptic 1.5
Daemon Crypt 2 Public
Deception 4 by [RaGe]
Destructor Crypter
EXECrypt 1 M0d by CARDX
Fuzz Buzz 1.2 by BulletProof
OSC-Crypter by haZl0oh M0d
Poison Ivy Crypt M0d by CARDX
SaW V1 Mod by LEGIONPR
Skorpien007 Crypter 3.1
Stonedinfect Crypter 1.0
Trojka Crypter 1.1 by tr1p0d
Builder
Carb0n_Crypter_1.8
Sick Crypter
Sikandar’s_Crypter_Version_1.0_Public
Simple+Crypter
Test1
Triloko_Crypter
XxVtecman9xX_Crypter

“““““““““““““““““““““““““““““““

DDosers (53):

assault_1.0
click_2.2
crazyping_1.1
death_n_destruction
donut_http_flooder_1.4
fed_up_2.0
firewall_killer_1.3
igmp_nuke_1.0
illusion DOS
krate_port_bomber
meliksah_nuke_2.5
nemesy_1.3
NetBot_Attacker 1.4 English
panther_2.0
spoofed_irc_nuker_1.3
~FuCk_It!~_DOS
ass4ult
b4ttl3p0ng
bd0rk’s DoS Killer
BFF_DoS_%28Ping%29_v1.0
BioHazard
clik2
CS_DoS
DDOS
denden_ddos
DoS 5.5 Fina Cold_Assassin69l
Dos Attacker Alpha 1.1
doshttp_setup
fortune
FUBAR
Hartz4Flooder_v0.2.
IFRAME_DDoS_v1.0
iGirls_DoS_Tool
IP Port Ddos
IRAN DoS
Longcat_TCP_HTTP_UDP_Flooder_v2.3_Final
MegaDeath
PM2
Private_ddos_tool_by_pureedee_v3.0
rDos
RocketV1_0
rpcnuke
ServerAttack
Site_Hog_v1_release
SMFH_DOS
SuPeRdDoS_1.0
Supernova 5
SYN-flood
t3c4i3_s_Dos_Tool_v2.00
Website_Crasherv4.7
XDos
zDoS

“““““““““““““““““““““““““““““““

Fake Programs (24):

Cod_Mw2_Keygen-Idecrypt
CoD-Mw2-Keygen
ddoser_3.6
Dice_RiggerDoXiE__1.2
emblem_crypter
FAKE_Steam_Keygen
FlexBot_Runescape
Flooder
Gamebattles_Credit_Adder
Microsoft_Point_Generator
MSDN_admin
MSN_Password_Cracker
Multi-Hacker
MW2_Serial_Generator
Norton_2010_Keygen
Paypal_Money_hack
PayPal_Money_Hacker
Poker_Hack
Rapidshare%20Extender
Runescape_Stat_Changer
teamviewer_patch
Windows_7_Serial_Generater
Windows_Activator
WoW_account_hacker
XBox_360_Account_Hacker

“““““““““““““““““““““““““““““““

Host Boosters (8):

BioZombie
dbot
DDoSeR_3.4
Host_Booter
Metus_GB_Edition
MeTuS-Delphi-2.8
X-R
z3r0xb0t_Final_Public_Release_[v2.0]

“““““““““““““““““““““““““““““““

Phishing Pages (56):

eBay.com
Fake Login Page(Tut)
Gmail.de
Playstation Underground
RapidShare.com
RapidShare.de
Abbey ( CC ) Phisher
Abbey Phisher
AceMailer-v1
Adult Friend Finder Phisher
AIM Phisher
Amazon Phisher
AnonymousMailer
astatalk Phisher
Chase Phisher
DeviantArt Phisher
Dynamic_RapidShare_Phisher_v0.8
E-Trade Phisher
facebook Phisher
FileFront Phisher
FreeWebs Phisher
Friendster Phisher
Gaia Gold generator Fake login
Gmail Phisher
GoDaddy Phisher
Habbo Phisher
Hi 5 Phisher
hotmail Phisher
HP ( Shop ) Phisher
IMVU Phisher
IP Hider
Jiffy Gmail Account Creator
MySpace Phisher
Nationwide Phisher
PayPal Phisher
Phisher Maker!
Phishing Letters
Photobucker Phiser
PornoTube Phisher
RapidExtract
Regions Phisher
Ripway Phisher
RuneScape Phisher
SendSpace Phisher
Skype Phisher
SourceForge Phisher
Steam Phiser
Tagged Phisher
Tarantula
thisis50 Phisher
Warez-bb Phisher
Wells Fargo Phisher
WoW Phisher
WWE Phisher
XboxLive Phisher
YouTube Phisher

“““““““““““““““““““““““““““““““

Remote Administration Tools: (86)

bn135
SubSeven 2.2
[BUGFIX]Schwarze Sonne RAT 0.8.1
[BUGFIX]SS-RAT 0.4 Final
A32s (fifth) RAT
Apocalypse144
Arabian-Attacker v1.2.2
Arabian-Attacker v1.4.0
Archelaus Beta
Arctic R.A.T. 0.0.1 Alpha
Beast v2.07
Bifrost12
Cerberus RAT 1.03.4 Beta
Cerberus
Char0n
CIA_v1.3
CyberGate v1.00.1
CyberGate v1.02.0
CyberGate v1.03.0
CyberGate v1.04.8
CyberGate_v1.01.8
CyberGate-v1.00.0
Daleth RAT 1.0(ss rat src)
DarkComet2RC1
DarkComet2RC5
DarkComet-RAT 2.0 Final RC2
DarkComet-RAT 2.0 Final
DarkComet-RAT 2.0 LAST BETA
DarkComet-RAT 2.0b 2
DarkComet-RAT 2.0b3
DarkComet-RAT Beta Test 01
DarkMoon v4.11
Deeper 1.0 Beta10 – Fix1
Deeper_1.0_Beta8
Deeper_1.0_Beta9
DRAT 2009 V4.0 Build 1201
DRAT 2009 V4.2 Build 1216
Golden Phoenix Rat 0.2
GraphicBooting RAT Beta v0.3
Lost Door 4.2.2
Lost Door V2.2 Stable Public edition
Lost Door v4.3.1
Lost_Door_V4.2_light
MiniMo v0.7a PublicBeta
MiniMo_v0.7a_PublicBeta
miniRAT 0.6 Beta
MofoTro
NetDevil_v1.5
NovaLite_final5
NyTrojan_RAT
Optix v1.33
Optix_v1.33
PaiN RAT 0.1 Beta 9
painrat0.1Beta9
PI2.3.2
Pocket RAT
Poison Ivy 2.3.2
ProRat_v1.9 SE
Schwarze Sonne 0.2 Final
Schwarze Sonne RAT 0.1 Final
Schwarze Sonne RAT 0.1 Public Beta 2
Schwarze Sonne RAT 0.1 Public Beta
Schwarze Sonne RAT 0.2 Beta
Schwarze Sonne RAT 0.7
Schwarze Sonne RAT 0.8
Schwarze_Sonne_0.5_Beta
Seed1.1
sharK_3
SharpEye-Rat1-0_beta2
solitude_1.0_cracked_by_DizzY_D
Spt-Net_[RAT]_v2.6
Spy-Net 2.7
SS-RAT 0.3 Beta
SS-RAT 0.5 Final
SS-RAT 0.6 Final_bugfix
SS-RAT 0.6 Public Beta
SubSeven_2.3
Turkojan4
Vanguard
Venomous Ivy
vibe1909_10giayFamatech.Radmin.v3.1.Remote.Control.Cracked-NoGRP
VorteX RAT
xHacker.3.
xtremeRAT
Y3kRat2k5RC10

“““““““““““““““““““““““““““““““
Scanners: (23)

Advanced IP Scanner
Advanced Port Scanner
Bitching Threads
BluePortScan
LanSpy
NeoTracePro
NetScan Tools
ProPort
Putty_0.6
SuperScan [Fav]
Trojan Hunter 15
ZenMap – NMap V5.21 [Win]
angry_ip_scanner
bitchinthreads
bluesprtscn
bobup
DD7s_Port_Scanner
HLDL-5967freeipscanner
ProPort
superscan4
te_port_scanner
TrojanHunter15
xss_scanner

“““““““““““““““““““““““““““““““

Sniffers: (2)

Cain & Abel Self Installer [WinXP]
WireShark Self-Installer [Win32]

“““““““““““““““““““““““““““““““

SQL Injection Tools: (14)

Vbulletin 3.6.5 Sql Injection
GYNshell.php
Havij_1.08
Hexjector v1.0.7.3SE
MySQLi_Dumper_v.1.2_BIN
Pangolin_Professinal_Edition_v3.0.0.1011
SPInjv1.2
Sql Hack pack -Updated
sql.txt
SQL_Exploiter_Pro_2.15
SQL_Injection_Tool_v2.1a
SQLDEFACER
V3MoHackzSQLExplt
yourleetdefacepage.html

“““““““““““““““““““““““““““““““

Stealers: (75)

1337 SteamACC Stealer Private
Allround Stealer
Armageddon Stealer 1.0 by Krusty
bl0b Recovery 1.0
Blade Stealer 1.0 PUBLIC
Codesoft PW Stealer 0.35
Codesoft PW Stealer 0.50
Dark Screen Stealer 2
Dimension Stealer 2 by Gumball
FileZilla Stealer 1.0 PUBLIC
FileZilla Stealer by Stonedinfect
Firefox Password Stealer – Steamcafe
Fly Stealer 0.1
Fudsonly Stealer 0.1
Hackbase Steam Phisher 1.2 BETA
Hackhound 0.0.1.4
Hackhound Stealer
HardCore Soft 0.0.0.1
ICQ Steal0r
IStealer 4.0
IStealer 6.0 Legends
Keyloggers
LabStealer by Xash
Multi Password Stealer 1.6
Papst Steale.NET
Pass Stealer 3.0
Pesca Stealer 0.2
pixel Stealer 1.3.0 SC
pixel Stealer 1.4.0
ProStealer
Public Firefox 3 Stealer
Pure-Steam 1.0 CS
Pw Stealer by Killer110
PWStealer 2.0
Remote Penetration 2.2
SC LiteStealer 1
SimpleStealer 2.1
SPS Stealer
SStealer by till7
Steam Stealer 1.0 by ghstoy
Steam Stealer by till7
Stupid Stealer 6 mit PHP Logger
System Stealer 2
The Simpsons Stealer 0.2
Tool-Store FileZilla Stealer 1.0
Trojan Horses
Ultimate Stealer 1.0
Universal1337 – The Account Stealer
Universal1337 2
Universal1337 3
Viotto Keylogger 2.0
[Release]Hackhound_Stealer
1337_SteamACC_Stealer_Private
AuraStealer
BKL_Public_Edition_v2.0
Builder
Dark_IP_Stealer_-_by_mana5olia
Dark_Screen_Stealer_V2
FF_Stealer_steamcafe
iStealer_3,0
iStealer_4.0
istealer_5.0
iStealer_6.3_Legends
jps18
LabStealer
lps
Midnight_Stealer_1.5
Multi_Password_Stealer_1.6
PassStealer_v3.0
PWstealer_v2.0
Ref_Stealer_-_99__FUD
Remote_Penetration_v2.2
SimpleStealer_v1.2.4.1
Universal1337_V2
UNLIMITED_PW_STEALER_0.4

“““““““““““““““““““““““““““““““
Virus Builders: (10)

DELmE’s Batch Virus Generator v 2.0
DrVBS
hellp2p
In_Shadow_Batch_Virus_Gen_-_5.0.0_-_MOD
Kill_Switch
Nathans_Image_Worm
Pokes-Worm-Gen-2
Power Of Batch.txt
Tera_Bit
vbswg2
Virus-O-Matic

“““““““““““““““““““““““““““““““

Vulnerability Scanners and Exploiters: (2)

Metasploit Framework V3.4.0 [Win]
Nessus [Win32]

*********************************************************************************************************
*********************************************************************************************************