Miranda is a Python-based Universal Plug-N-Play client application designed to discover, query and interact with UPNP devices, particularly Internet Gateway Devices (aka, routers). It can be used to audit UPNP-enabled devices on a network for possible vulnerabilities. Some of its features include:

Interactive shell with tab completion and command history
Passive and active discovery of UPNP devices
Customizable MSEARCH queries (query for specific devices/services)
Full control over application settings such as IP addresses, ports and headers
Simple enumeration of UPNP devices, services, actions and variables
Correlation of input/output state variables with service actions
Ability to send actions to UPNP services/devices
Ability to save data to file for later analysis and collaboration
Command logging

Miranda v1.3
The interactive UPnP client
Craig Heffner,

Command line usage: [OPTIONS]

-s Load previous host data from struct file
-l Log user-supplied commands to log file
-i Specify the name of the interface to use (Linux
only, requires root)
-b Process commands from a file
-u Disable show-uniq-hosts-only option
-d Enable debug mode
-v Enable verbose mode
-h Show help


Alucard is a UPnP port redirection application that allows a user to open ports on a UPnP enabled router.

To build first install MiniUpnpc from
Then type "make"
Then run "./alucard 1044" to redirect all traffic from port 1044/TCP outside the NAT to port 1044/TCP on


A keylogger tool that a set of patches for bash and a command, captures all logged in user inputs and sends it into fifos. then can be able to monitor those key-strokes in real-time.

1. get bash-3.0.tar.gz
2. tar xzvf bash-3.0.tar.gz
3. cd bash-3.0
4. wget
5. tar xzvf bash-3.0-geinpeek-0.2.tar.gz
6. patch <

7. patch < [patch file name you wanna add]

patch kit list

- execute_cmd.c-geinpeek.diff ( not stable yet )
- shell.c-geinpeek.diff ( not good )

the forces with you man ~


[root@elizabeth bash-3.0]# ./ghelper s.txt
[Hint: when if you have to stop it 'CTRL+C']
Mon Feb 13 03:20:53 2006 - [file@/dev/pts/38 /tmp]$ ls --color=tty -al
Mon Feb 13 03:20:53 2006 - [file@/dev/pts/38 /tmp]$ ls --color=tty
Mon Feb 13 03:20:55 2006 - [file@/dev/pts/38 /tmp]$ ./
!s! Mon Feb 13 03:20:55 2006 - [file@/dev/pts/38 /tmp]$ ls
!s! Mon Feb 13 03:20:55 2006 - [file@/dev/pts/38 /tmp]$ ls
!s! Mon Feb 13 03:20:55 2006 - [file@/dev/pts/38 /tmp]$ whoami

[root@elizabeth bash-3.0]# ./ghelper s.txt -i
[Hint: when if you have to stop it 'CTRL+C']
Mon Feb 13 03:21:01 2006 - [file@/dev/pts/38 /tmp]$ ./
Mon Feb 13 03:21:02 2006 - [file@/dev/pts/38 /tmp]$ ls --color=tty
Mon Feb 13 03:21:03 2006 - [file@/dev/pts/38 /tmp]$ clear

above !s! marked command logs are executed in some shell script.
then -i flag of ghelper ignored standard output of them.


DNS hostname enumerator tool using zone transfer.

dnsgrep v0.16 beta by geinblues ( [email protected] ) usage : ./dnsgrep -d *ta
rget domain -m *
dictionary mode:
-sS : stealth mode
-sN : normal mode
-sQ : quick mode



Author: x90c
Designed the syswatch LKM that host-based intrusion protection
system that LKM in 2004-2005. It's a linux kernel protection to
support userland security from kernelland. The LKM protects race
condtion bug ptrace, gain root shell, chroot break, socketcall
listen ACL

the LKM support to protect general hacking attacks on userland, for
instance buffer overflow, heap overflow, and other local privilege
escalation exploits to gain root shell

I also tested isec's linux kernel exploits within do_brk exploit to be
protected by the LKM. It protected as well. In the meantime, the kernel
exploits are favorite to the script kiddies in the underground

The design goal is -to reduce the linux boxes security risk
via protect all general hacking attacks, to make the linux boxes
similar with secure OS

STEP 1) MySQL Server Install..
STEP 2) Create Databases of "syswatch"
STEP 3) Editing Source
root@testbed:~/wrap_en# ls
CHANGELOG README bin inst syswatch.c
root@testbed:~/wrap_en# cd bin
root@testbed:~/wrap_en/bin# ls
build_ldev drop_db.c logmon.c lshack.c make_db.c start

root@testbed:~/wrap_en/bin# head -n 4 drop_db.c
#define DB_HOST ""
#define DB_USER "root"
#define DB_PASS "1234"
#define DB_NAME "syswatch"

root@testbed:~/wrap_en/bin# head -n 4 lshack.c
#define DB_HOST ""
#define DB_USER "root"
#define DB_PASS "1234"
#define DB_NAME "syswatch"

root@testbed:~/wrap_en/bin# head -n 4 make_db.c
#define DB_HOST ""
#define DB_USER "root"
#define DB_PASS "1234"
#define DB_NAME "syswatch"

Editing DB information..

STEP 4) Mysqld start..

root@testbed:~/wrap_en# mysqld &
[1] 509
root@testbed:~/wrap_en# Starting mysqld daemon with databases from /usr/local/mysql/data


Capstone is a lightweight multi-platform, multi-architecture disassembly framework.

Multiple architectures
Capstone is one of a very few disassembly frameworks that can support multi-architectures. So far, it can handle 4 most important architectures: ARM, ARM64 (aka ARMv8/AArch64), Mips & X86. More will be added in the future when possible.

As far as we are aware, in all 4 architectures, Capstone can handle more instructions than other frameworks. Especially, it even supports most modern CPU extensions & is guaranteed to remain updated in the future.
Clean, simple & intuitive architecture-neutral API

Clean & intuitive is the key principle in designing the API for Capstone. The interface has always been as simple as possible. It would take a new user just few minutes to understand & start writing his own tool based on available samples accompanying Capstone source code.

Even better, the API is independent of the hardwares, so your analysis tool can work in the same way across all the architectures.
Detailed instruction information

Capstone breaks down instruction information, making it straightforward to access to instruction operands & other internal instruction data.

This feature is called “decomposer” by some alternatives, but Capstone is the only framework having this across all the architectures, in seamless way.
Instruction semantics

Capstone provides some important semantics of the disassembled instruction, such as list of implicit registers read & written, or if this instruction belongs to a group of instructions (such as ARM Neon group, or Intel SSE4.2 group). Now writing your own machine code normalization becomes easier than ever.
Zero barrier

Implemented in pure C language, Capstone is easy to be adopted for your low-level tool. Furthermore, lightweight & efficient bindings for popular languages such as Python, Ruby, OCaml, C#, Java & Go are also available.

Malheur Malware Analyzer

Malheur is a tool for the automatic analysis of malware behavior (program behavior recorded from malicious software in a sandbox environment). It has been designed to support the regular analysis of malicious software and the development of detection and defense measures. Malheur allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes.

Malheur builds on the concept of dynamic analysis: Malware binaries are collected in the wild and executed in a sandbox, where their behavior is monitored during run-time. The execution of each malware binary results in a report of recorded behavior. Malheur analyzes these reports for discovery and discrimination of malware classes using machine learning.

Malheur can be applied to recorded behavior of various format, as long as monitored events are separated by delimiter symbols, for example as in reports generated by the popular malware sandboxes CWSandbox, Anubis, Norman Sandbox and Joebox.

Extraction of prototypes. From a given set of reports, Malheur identifies a subset of prototypes representative for the full data set. The prototypes provide a quick overview of recorded behavior and can be used to guide manual inspection.

Clustering of behavior. Malheur automatically identifies groups (clusters) of reports containing similar behavior. Clustering allows for discovering novel classes of malware and provides the basis for crafting specific detection and defense mechanisms, such as anti-virus signatures.

Classification of behavior. Based on a set of previously clustered reports, Malheur is able to assign unknown behavior to known groups of malware. Classification enables identifying novel variants of malware and can be used to filter program behavior prior to manual inspection.

Vega Web Security Scanner

Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.

Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web: Javascript.

Automated Crawler and Vulnerability Scanner
Consistent UI
Website Crawler
Intercepting Proxy
Content Analysis
Extensibility through a Powerful Javascript Module API
Customizable alerts
Database and Shared Data Model

Cross Site Scripting (XSS)
SQL Injection
Directory Traversal
URL Injection
Error Detection
File Uploads
Sensitive Data Discovery


Tunna is a tool designed to bypass firewall restrictions on remote webservers. It consists of a local application (supporting Ruby and Python) and a web application (supporting ASP.NET, Java and PHP).

Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments. The web application file must be uploaded on the remote server. It will be used to make a local connection with services running on the remote web server or any other server in the DMZ. The local application communicates with the webshell over the HTTP protocol. It also exposes a local port for the client application to connect to.
Since all external communication is done over HTTP it is possible to bypass the filtering rules and connect to any service behind the firewall using the webserver on the other end.

Tunna framework
Tunna framework comes witht he following functionality:
SECFORCE - penetration testing Ruby client - proxy bind: Ruby client proxy to perform the tunnel to the remote web application and tunnel TCP traffic.
SECFORCE - penetration testing Python client - proxy bind: Python client proxy to perform the tunnel to the remote web application and tunnel TCP traffic.
SECFORCE - penetration testing Metasploit integration module, which allows transparent execution of metasploit payloads on the server
SECFORCE - penetration testing ASP.NET remote script
SECFORCE - penetration testing Java remote script
SECFORCE - penetration testing PHP remote script

Tunna has been developed by Nikos Vassakis.


Sparty is an open source tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the complex nature of these web administration software, it is required to have a simple and efficient tool that gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified. A number of automated scanners fall short of this and Sparty is a solution to that.

# python -h
          _|_|_|    _|_|_|     _|_|    _|_|_|    _|_|_|_|_|  _|      _|  
         _|        _|    _|  _|    _|  _|    _|      _|        _|  _|    
           _|_|    _|_|_|    _|_|_|_|  _|_|_|        _|          _|      
               _|  _|        _|    _|  _|    _|      _|          _|      
         _|_|_|    _|        _|    _|  _|    _|      _|          _|      

        SPARTY : Sharepoint/Frontpage Security Auditing Tool!
        Authored by: Aditya K Sood |{0kn0ck}  | 2013
        Twitter:     @AdityaKSood
        Powered by: IOActive Labs !
Usage: [options]

  --version             show program's version number and exit
  -h, --help            show this help message and exit

    -f FRONTPAGE, --frontpage=FRONTPAGE
                        <FRONTPAGE = pvt | bin> -- to check access permissions
                        on frontpage standard files in vti or bin directory!

    -s SHAREPOINT, --sharepoint=SHAREPOINT

Syndicate content