This is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second.

It produces results similar to nmap, the most famous port scanner. Internally, it operates more like scanrand, unicornscan, and ZMap, using asynchronous transmission. The major difference is that it's faster than these other scanners. In addition, it's more flexible, allowing arbitrary address ranges and port ranges.


theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual
hosts, open ports/ banners, and employee names from different public sources
(search engines, pgp key servers).

Is a really simple tool, but very effective for the early stages of a penetration
test or just to know the visibility of your company in the Internet.

Penetration Testers Framework

The PenTesters Framework (PTF) is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we've been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all of the time. We have those "go to" tools that we use on a regular basis, and using the latest and greatest is important.

PTF attempts to install all of your penetration testing tools (latest and greatest), compile them, build them, and make it so that you can install/update your distribution on any machine. Everything is organized in a fashion that is cohesive to the Penetration Testing Execution Standard (PTES) and eliminates a lot of things that are hardly used. PTF simplifies installation and packaging and creates an entire pentest framework for you. Since this is a framework, you can configure and add as you see fit. We commonly see internally developed repos that you can use as well as part of this framework. It's all up to you.

The ultimate goal is for community support on this project. We want new tools added to the github repository. Submit your modules. It's super simple to configure and add them and only takes a few minute.


For use with Kali Linux. Custom bash scripts used to automate various pentesting tasks.

Mana Toolkit

A toolkit for rogue access point (evilAP) attacks first presented at Defcon 22.

More specifically, it contains the improvements to KARMA attacks we implemented into hostapd, as well as some useful configs for conducting MitM once you've managed to get a victim to connect.

Cortana Scripts by Mudge

Cortana is a scripting language for Armitage and Cobalt Strike. This is a collection of Cortana scripts that can be used with Cobalt Strike and Armitage.

Teensy Penetration Testing Payload

Teensy Penetration Testing Payload

This Teensy sketch demonstrates the use of NUM / Scroll / CAPS Lock LEDs to communicate
back and forth between a Windows computer and the Teensy. Using this method, we can "check"
for success on execution of scripts, and get the Teensy to react accordingly.

Requires a Teensy with a soldered SD, and optional DIP switch. More details about this can be
found here -
Make sure to choose: Tools-> USB Type -> Disk (SD Card) for the SD to kick in as a USB Storage device.

Will work on an unmodified Teensy. We simply stripped out all the SD card and DIP switch relevant code.

Crude bash script to convert binary files for transfer from the Teensy SD to Windows, using echo commands.
This utility should only be used when you are not mounting the SD Storage as a USB Storage device.
File transfer rate is at around 22 kb/minute. A 100k byte file could take around 5 minutes to be transferred.

Note: This peensy code has been cannibalized from multiple sources, including and not limited to :

-- Social Engineering Toolkit
-- Kautilya
-- IronGeeks PHUKD library
-- Various resources on the net.


WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”.
WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices.
WhatWeb can be stealthy and fast, or thorough but slow.
WhatWeb supports an aggression level to control the trade off between speed and reliability.
When you visit a website in your browser, the transaction includes many hints of what web technologies are powering that website.
Sometimes a single webpage visit contains enough information to identify a website but when it does not, WhatWeb can interrogate the website further.
The default level of aggression, called ‘passive’, is the fastest and requires only one HTTP request of a website.
This is suitable for scanning public websites. More aggressive modes were developed for in penetration tests.
Most WhatWeb plugins are thorough and recognise a range of cues from subtle to obvious.
For example, most WordPress websites can be identified by the meta HTML tag, e.g. ‘‘, but a minority of WordPress websites remove this identifying tag but this does not thwart WhatWeb.
The WordPress WhatWeb plugin has over 15 tests, which include checking the favicon, default installation files, login pages, and checking for “/wp-content/” within relative links.

Example Usage
whatweb [options]
Using WhatWeb on a handful of websites, standard WhatWeb output is in colour.
backbox@backbox:~$ whatweb [301] X-XSS-Protection[1; mode=block], HTTPServer[gws],
RedirectLocation[1], UncommonHeaders[x-xss-protection], IP[],
Title[301 Moved], Country[UNITED STATES][US] [200] X-XSS-Protection[1; mode=block], HTTPServer[gws], UncommonHeaders[x-xss-protection], HTML5, IP[],
Cookies[NID,PREF], Title[Google], Country[UNITED STATES][US]

Verbose Output


Fang is a multi service threaded MD5 cracker

POST|[hashToSearch:{HASH},searchHash:Search]|Plain text \: ]*>([^<]+)
POST|[hash:{HASH},submit:Decrypt+It%21]|>Decrypted Text: <\/b>(.+)<\/font>
GET|{HASH}|name="string" value="(.+)" id="form_string" maxlength="255" size="40" />
POST|[md5:{HASH},x:23,y:8]|Hashed string: (.+)\s*
POST|[hash:{HASH},get_pass:Get+Pass]|Password - (.+)\s*

# This file is part of Fang.
# Copyright(c) 2010-2011 Simone Margaritelli
# <a href="<br />
#<br />
#" title="<br />
#<br />
#"><br />
#<br />
#</a> This file may be licensed under the terms of of the
# GNU General Public License Version 2 (the ``GPL'').
# Software distributed under the License is distributed
# on an ``AS IS'' basis, WITHOUT WARRANTY OF ANY KIND, either
# express or implied. See the GPL for the specific language
# governing rights and limitations.
# You should have received a copy of the GPL along with this
# program. If not, go to <a href="<br />
#" title="<br />
#"><br />
#</a> or write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

import getopt, sys, os, urllib, urllib2, re, urlparse, os, threading, signal
from optparse import OptionParser, OptionGroup

class Service(threading.Thread):
def __init__ ( self, type, url, regex, exit_on_match, hash ):

self.type = type
self.url = url


Climber is an automated auditing tool to check UNIX/Linux systems misconfigurations which may allow local privilege escalation.

python >= 2.7

Climber needs Exscript, a Python module and a template processor for automating network connections over protocols such as Telnet or SSH.

This module is already included in Climber sources.

Syndicate content