FantaGhost is a perl script that assists with penetration testing by scanning for hidden directories and pages.
de3d7da80da7a9e25f88605774eee513ce090e983c4a83f3f0bae900bb0affb7
ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.
ecb0015dcaf2c33676782b33e8df8f700c71993eb29d2d41c8dc2453fdec7dc0
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
10532b626e8182605e3ca9215d856a20145f776c30c729387f374dd753230a15
Sparty is an open source tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the complex nature of these web administration software, it is required to have a simple and efficient tool that gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified. A number of automated scanners fall short of this and Sparty is a solution to that.
f7b4720b68387a85282ee51ecffe1c6bd87d4c236fb4fcacbe37fb52ae430b18
WATOBO, the Web Application Toolbox, is a tool that enables security professionals to perform highly efficient (semi-automated) web application security audits. It acts like a local proxy and analyzes the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL injection, cross site scripting and more.
ecc5cef05aa502575841bd3e15d42e0dc6e464feff4a873f60fa69774446b024
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
6c364875431542e3f00b8c2fc0e354e4ddf333ed282f83e28a0d6a79326572d5
arp-scan sends ARP (Address Resolution Protocol) queries to the specified targets, and displays any responses that are received. It allows any part of the outgoing ARP packets to be changed, allowing the behavior of targets to non-standard ARP packets to be examined. The IP address and hardware address of received packets are displayed, together with the vendor details. These details are obtained from the IEEE OUI and IAB listings, plus a few manual entries. It includes arp-fingerprint, which allows a system to be fingerprinted based on how it responds to non-standard ARP packets.
ce908ac71c48e85dddf6dd4fe5151d13c7528b1f49717a98b2a2535bd797d892
fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.
ebf0f5a55992e516fa44063993cbcc51bb9555cef769ac9ab5d8be77a8df99dc
Against is a very fast ssh attack script which includes a multithreaded port scanning module (tcp connect) for discovering possible targets and a multithreaded brute-forcing module which attacks in parallel (multiprocessing) all discovered hosts or given ip addresses from a list.
a381147676345ca9c836e4c1462e3640dcacda8fa9c672bb180705d90835376b
Web Soul is a plugin based scanner for attacking and data mining web sites. Written in Perl.
ca415409ae86c574f541ca482e698ed751209791460f27cc6c8ca5dd4207e578
Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
31f2d0097dcb428cdfb4e14b20982cbccf4d799920eaa871858214dbddcd6c85
aidSQL SQL injection detection and exploitation tool is a modular PHP scanner that allows you to develop your own plugins for use.
ede98363826326ac8e65d9fb102f11c06147d57f5417e955d5fa2422c49f5e89
This is a python script for searching Bing for sites that may have local and remote file inclusion vulnerabilities.
b57e9c6371c8ee26ae27e8621e28c0050585e84a7b11dc144d70b52d742a8976
This is a SQL injection tool similar to havij but is super fast per the author.
bb0ace9f65db972df40d580e46e07ff19b711b4e9d4df7895f33dec8cc400b54
This php script fingerprints a given Joomla system and then uses Packet Storm's archive to check for bugs related to the installed components.
88262f0098e3ae940b541af13f63757e65e56df737aad47c872d4403ce361308
ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.
aec14a937bbc7b54b411e858d71799f4d45d60a0a002a29bca604e2bf90dccff
This is a simple python tool written to extract all web resources by leveraging an exposed .SVN folder.
2675f79a415d1f1f96f60a6a337e25c1fb941c47573e612e32d8468062080155
This toolkit houses various IPv6 tools that have been tested to compile and run on Debian GNU/Linux 6.0, FreeBSD 9.0, NetBSD 5.1, OpenBSD 5.0, Mac OS 10.8.0, and Ubuntu 11.10.
8392ec6c2414194f839d154313ea7965a2c6503286828f22860c4c50a635d099
wdivulge is a tool designed to find and download hidden files from a webserver. This is most commonly pictures, but you can adjust the file definitions to bruteforce any type of file that you'd like. wdivulge technically falls under the definition of a web fusker.
29e6623de8a65649d70f952b6b3e9f12a7eefe3ca42b4b1101b33bdfcc5fc10b
This toolkit houses various IPv6 tools that have been tested to compile and run on Debian GNU/Linux 6.0, FreeBSD 9.0, NetBSD 5.1, OpenBSD 5.0, Mac OS 10.8.0, and Ubuntu 11.10.
182d3e7b34ea800eae21d5fbf5fd4fa7f13792f27d9a4c5f61947ae0e178a720
HostBox SSH is a SSH password/account scanner written in python.
36d0695c3fcf2240852de6eb7a08d01edaa9bc4492c28e29d3b4d044c37e3e6d
ISME is a small framework to test IP phones from several editors. It can gather information from IP phone infrastructures, test their web servers for default login/password combinations, and also implement attacks against the systems. ISME has been written in perl with a perl/Tk interface to provide a portable and easy to use tool. Full documentation is also provided.
5aef8c3878ccdf4212191b79817bd3ebee7e973b448abb904f5c4514370f4194
Compact mass scanner for Cisco routers with default telnet/enable passwords.
867a0b5fd20fabea27f9b864ebcfd8aa4198e3378d494f86556283265b4301b0
This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.
652f806668e2da16c60d530a21a840a2cbd6cb4da1794bfc93cc12dac7a062fe
Mpctp is a tool for manipulation of raw packets that allows a large number of options. Its primary purpose is to diagnose and test several scenarios that involving the use of the types of TCP/IP packets. It is able to send certain types of packets to any specific target and manipulations of various fields at runtime. These fields can be modified in its structure as the the Source/Destination IP address and Source/Destination MAC address.
877f0fde7a1b9bb0cdd0999db9a608db6beb44a3c5860736fcb665139c816ff8