urlsnarf is a tool that outputs all requested URLs sniffed from HTTP traffic in Common Log Format (CLF, used by almost all web servers), suitable for offline post processing with your favorite web log analysis tool (analog, wwwstat, and so on).

To access urlsnarf, navigate to Sniffing/Spoofing | Network Sniffers and select urlsnarf. A Terminal will pop up showcasing use options as shown in the following screenshot:

To use urlsnarf, type urlsnarf –i and the interface you want to monitor. urlsnarf will display it's listening. This following screenshot shows urlsnarf listing to eth0:

urlsnarf will display a dump of any URL request seen on the wire. For example, a windows user accesses www.thesecurityblogger.com. The URL requests are displayed in urlsnarf for future use.

acccheck is a password dictionary attack tool that targets windows authentication using the SMB protocol. acccheck is a wrapper script around the smbclient binary, and, as a result, is dependent on it for its execution.

hexinject is a versatile packet injector and sniffer that provides a command-line framework for raw network access. hexinject is designed to work together with other command-line utilities, and for this reason it facilitates the creation of powerful shell scripts capable of reading, intercepting and modifying network traffic in a transparent manner. hexinject can inject anything into the network, as well as calculate the checksum and packet size fields of TCP/IP protocols.

Patator is a multi-purpose brute force utility with a modular design and flexible usage. Patator's capabilities include brute-forcing FTP, SSH, Telnet, SMTP, HTTP/HTTPS, POP, IMAP, LDAP, SMB, MSSQL, Oracle, MySQL, DNS, SNMP, and password files.

DBPwAudit performs online audits of password quality for several database engines. The application is designed to allow for adding additional database drivers by copying new JDBC drivers to the JDBC directory.