Mac OS

Apple Mac OS X


Kolkata is a web application fingerprinting engine written in Perl that combines cryptography with IDS evasion. Kolkata uses session splicing for IDS evasion and configurable checksums of static files in order to determine the version of a web application.

LibWhisker2 - This comes bundled in the tarball, with nikto, and a variety of other tools on this site.
YAML::XS - Install with cpan in bash (cpan -i YAML::XS)

Usage -d domain.tld [-v -p [remote_path_to_web_application]]

kolkata requires a directory called sigs in its directory
The sigs directory must contain properly formatted yml files with checksums.

DNS Amplification Attack Script

This script works by crafting packets being sent to a DNS server that allows for recursion, the attacker can make a normal query that is 64 bytes in size, return a response that is tens of times larger than the original request.
More information can be seen at:

# DNS Amplification DOS Attack Script - Proof of Concept
# Co-Authored Johnathin Ferretti and Pat Litke
# Pat Litke | geudrik
# Jonathin Ferretti | LISTERINe
# January 2012
# Dependencies
# python-scapy
# python-dnspython


This script will attempt to gain code execution on sites vulnerable to local file inclusion via an httpd error log or by modifying the user-agent and including a file containing environment variables. The php code execution test is performed using an arithmetic challenge, and the script uses system() as its php execution function. The fact that every part of this process is randomized including the math challenge prevents signature based detection while LibWhisker provides IDS Evasion.

Session Splicing
User-Agent and Log injection
Arithmetic Test

perl -h www.vuln.tld -u "/vuln.ext?page=main&foo=bar" -i page

Bleeding Life

Bleeding Life 2 is an exploit pack that affects the web browsers on the Microsoft Windows operating system with remote code execution buffer overflows.


JMSDigger is a new tool that can be leveraged to engage and assess enterprise messaging applications with the current release focuses on ActiveMQ. JMSDigger has following features:

Validate credentials and perform credential bruteforce
Dump destinations (topics, queues and queue browsers)
Create, dump and delete durable subscribers
Perform anonymous authentication
Password Decryption
Retrieve Statistics for Broker, Topic and Queues
Create dynamic queues and topics


Voice over IP penetration testing tookit providing SIP and NGN Services Testing Modules for Metasploit Framework

Viproy Voip Pen-Test Kit is developed to improve the quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 10 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.


shellnoob is a toolkit to help you write shellcode.

convert shellcode between different formats and sources. Formats currently supported: asm, bin, hex, obj, exe, C, python, ruby, pretty, safeasm, completec, shellstorm. (All details in the "Formats description" section.)
interactive asm-to-opcode conversion (and viceversa) mode. This is useful when you cannot use specific bytes in the shellcode and you want to figure out if a specific assembly instruction will cause problems.
support for both ATT & Intel syntax. Check the --intel switch.
support for 32 and 64 bits (when playing on x86_64 machine). Check the --64 switch.
resolve syscall numbers, constants, and error numbers (now implemented for real! Smile).
portable and easily deployable (it only relies on gcc/as/objdump and python). And it just one self-contained python script!
in-place development: you run ShellNoob directly on the target architecture!
built-in support for Linux/x86, Linux/x86_64, Linux/ARM, FreeBSD/x86, FreeBSD/x86_64.
"*prepend breakpoint*" option. Check the -c switch.
read from stdin / write to stdout support (use "-" as filename)
uber cheap debugging: check the --to-strace and --to-gdb option!
Use ShellNoob as a Python module in your scripts! Check the "ShellNoob as a library" section.
Verbose mode shows the low-level steps of the conversion: useful to debug / understand / learn!
Extra plugins: binary patching made easy with the --file-patch, --vm-patch, --fork-nopper options! (all details below)


HTExploit (HiperText access Exploit) is an open-source tool written in Python that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process. By using this tool anyone would be able to list the contents of a directory protected this way, bypassing the authentication process.
The tool provides modularity, by allowing the tester to fully perform an analysis on the protected website of the following attacks: SQL Injection, Local File Inclusion, Remote File Inclusion and others.
The main characteristic of this tool is that all of the analyses performed are done inside the protected directory, not from the publicly accessible site.

x Multiples modules to execute.
x Save the output to an specify directory.
x HTML Reporting.
x Use multiples wordlist to probe against htaccess bypassing.
x Mode verbose for a full detailed information.
x Recursive crawling engine.

$ python htexploit

H H TT E l ii t
HHHH TT EEE x x ppp l ooo ttt
H H TT E x p p l o o ii t
H H TT EEEE x x ppp l ooo ii tt
p v0.77

Usage: htexploit -u [URL] [options]

-h, --help show this help message and exit
-u URL, --url=URL **REQUIRED** - Specify the URL to scan
-o OUTPUT, --output=OUTPUT
Specify the output directory (Default: Random)
-w WORDLIST, --wordlist=WORDLIST
Specify the wordlist to use (Default: 'res/FullList')
-v, --verbose Verbosity level (Default: 0)

Example Usage:
python htexploit -u -w somewordlist_not_included -o folder_to_output


Collection of single use scripts written for windows forensics


Ruby-Nessus is a ruby interface for the popular Nessus vulnerability scanner. Ruby-Nessus aims to deliver an easy yet powerful interface for interacting and manipulating Nessus scan results and configurations. Ruby-Nessus currently supports both version 1.0 and 2.0 of the .nessus file format.

Syndicate content