Open Source BSD Penetration Testing Tools - Page 5

A Python re-write and extension of the (apparently abandoned) Hackbot script. It is designed to assist in the footprinting and enumeration phases of penetration testing.

hcraft is a HTTP systems penetration testing framework designed to make exploitation of known vulnerabilities in HTTP systems a dynamic, simple process.

ISR-evilgrade: is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates.

A distributed and dynamically threaded password cracker. Completely cross-platform using Qt 4.3. Utilizes 1 server and N clients to distribute password cracking across N machines, each of which can utilize N CPUs.

Backhand is a project to run a full set of security auditing / penetration testing tools from an HP Jornada 720 handheld device.

mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse. The client requires impacket and sysadmin privileges on the SQL server. The first step is to execute code in the SQL Server process context. As extended stored procedures are going to be deprecated in future versions of MSSQL, we pay attention to Microsoft recommendations and thus, use CLR assemblies instead.

Strength in numbers. Existing products we're involved in include port to Linux of Tony Forbes' MFAC for brute-force factorization of MM61 for relatively small factors, and further development and improvement of Tim Charron's ECMnet distributed computing f

Operative Systems Suported are: Linux-ubuntu, kali-linux, backtack-linux (un-continued), freeBSD, Mac osx (un-continued) Netool its a toolkit written using 'bash, python, ruby' that allows you to automate frameworks like Nmap, Driftnet, Sslstrip, Metasploit and Ettercap MitM attacks. this toolkit makes it easy tasks such as SNIFFING tcp/udp traffic, Man-In-The-Middle attacks, SSL-sniff, DNS-spoofing, D0S attacks in wan/lan networks, TCP/UDP packet manipulation using etter-filters, and gives you the ability to capture pictures of target webbrowser surfing (driftnet), also uses macchanger to decoy scans changing the mac address. Rootsector module allows you to automate some attacks over DNS_SPOOF + MitM (phishing - social engineering) using metasploit, apache2 and ettercap frameworks. Like the generation of payloads, shellcode, backdoors delivered using dns_spoof and MitM method to redirect a target to your phishing webpage. recent as introducted the scanner inurlbr (by cleiton)

Full-featured C2 framework which silently persists on webserver via polymorphic PHP oneliner. The obfuscated communication is accomplished using HTTP headers under standard client requests and web server's relative responses, tunneled through a tiny polymorphic backdoor. Detailed help for any option (help command) Cross-platform on both client and server. CLI supports auto-completion & multi-command. Session saving/loading feature & persistent history. Multi-request support for large payloads (such as uploads) Provides a powerful, highly configurable settings engine. Each setting, such as user-agent has a polymorphic mode. Customizable environment variables for plugin interaction. Provides a complete plugin development API.

pngacidbath is the one true PNG image brute force compressor. While other tools simply run down a list of "intelligent" compressor algorithms (some known as zlib methods), pngacidbath tries every byte combination to come up with THE smallest file.

An attempt to send a full flagged MIME based email using open relay mail servers (authentication not required). Written in Python3. Using smtplib and email liabraries TODO: Bruteforce the SMTP authentication. Support TLS.

This is rarbrute, a shell script to brute force encrypted rar files under unix and linux. A long wordlist and a paper about security in internet cafes is included.

Open source Penetration Testing Suite for IT professionals and penetration testers. SecTest automates the boring repetitive procedures of penetration testing.

Secwatch is an intrusion detection system using log analysis to detect service scan and other brute-force attempts on a server or other computer using system logs and will create temporary firewall rules to block offending IPs

swap_digger is a bash script used to automate Linux swap analysis for post-exploitation or forensics purpose. It automates swap extraction and searches for Linux user credentials, Web form credentials, Web form emails, HTTP basic authentication, WiFi SSID and keys, etc. swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.

A non-brute-force sudoku solver. Ukodos is sodoku backwards; According to wikipedia, Sodoku is a bacterial zoonotic disease.

Enables a user to view & alter all aspects of comunications with a web site via a proxy. Primarily used for security based penetration testing of web sites, it can also be used for debugging during development. Seen as part of a hacker toolkit.

EtherMan: Ethernet Man In The Middle Attack Tool. It is capable of forcing traffic between two hosts to pass by a third party (MITM) and then redirected to its original destination again. This program is written for educational reasons, and I am not res

BFBTester is great for doing quick, proactive, security checks of binary programs. BFBTester will perform checks of single and multiple argument command line overflows and environment variable overflows. Versions 2.0-BETA and higher can also watch for tem