Wednesday, February 15, 2012

HconSTF: Security Testing Framework

HCON is a security framework. This latest release is the portable penetration testing environment, capable of assisting in all tasks of any penetration testing or vulnerability assessments and more. It has two versions based on the Firefox and Chromium source code, called Fire and Aqua respectively.

Most of the part of HconSTF is semi-automated but you still need your brain to work it out. It can be use in all kind of security testing stages, it has tools for conducting tasks like,

  1. Information gathering
  2. Enumeration & Reconnaissance
  3. Vulnerability assessment
  4. Exploitation
  5. Privilege escalation
  6. Reporting
  7. Web debugging

Key Features of HconSTF

  • Categorized and comprehensive toolset
  • Contains hundreds of tools and features and script for different tasks like SQLi,XSS,Dorks,OSINT to name a few
  • HconSTF webUI with online tools (same as the Aqua base version of HconSTF)
  • Each and every option is configured for penetration testing and Vulnerability assessments
  • Specially configured and enhanced for gaining easy & solid anonymity
  • Works for web app testing assessments specially for owasp top 10
  • Easy to use & collaborative Operating System like interface
  • Light on Hardware Resources
  • Portable – no need to install, can work from any USB storage device
  • Multi-Language support (feature in heavy development translators needed)
  • Works side-by-side with your normal web browser without any conflict issues
  • Works on both architectures x86 & x64 on windows XP, Vista, 7 (works with ubuntu linux using wine)
  • Netbook compatible – User interface is designed for using framework on small screen sizes
  • Free & Open source and always will be

As a tribute to all of the freedom fighters of all the countries, HconSTF version 0.4 codenamed ‘Freedom’, was made available on the Indian Republic day. This release has integrated many functions for anonymity and OSINT.

Download HconSTF:

HconSTF - –