Overview:
Cortana is a scripting language for Armitage and Cobalt Strike. This is a collection of Cortana scripts that can be used with Cobalt Strike and Armitage.
Fang is a multi service threaded MD5 cracker
fang.conf
POST|http://www.onlinehashcrack.com/free-hash-reverse.php[hashToSearch:{HASH},searchHash:Search]|Plain text \: ]*>([^<]+)
POST|http://www.md5decryption.com/[hash:{HASH},submit:Decrypt+It%21]|>Decrypted Text: <\/b>(.+)<\/font>
GET|http://md5.gromweb.com/?md5={HASH}|name="string" value="(.+)" id="form_string" maxlength="255" size="40" />
GET|http://www.stringfunction.com/md5-decrypter.html?st={HASH}|(.+)
GET|http://md5.noisette.ch/md5.php?hash={HASH}|
POST|http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php[md5:{HASH},x:23,y:8]|Hashed string: (.+)\s*
POST|http://md5pass.info/[hash:{HASH},get_pass:Get+Pass]|Password - (.+)\s*
Climber is an automated auditing tool to check UNIX/Linux systems misconfigurations which may allow local privilege escalation.
Dependencies
python >= 2.7
python-crypto
python-mako
python-paramiko
Note
Climber needs Exscript, a Python module and a template processor for automating network connections over protocols such as Telnet or SSH.
https://github.com/knipknap/exscript
This module is already included in Climber sources.
NetCommander 1.3 - An easy to use arp spoofing tool.
Copyleft Simone Margaritelli
http://www.evilsocket.net
http://www.backbox.org
pyCryptocat - A Cryptocat standalone python client
Authors and contributors
Simone Margaritelli (evilsocket)
Raffaele Forte
Cryptocat is free software that aims to provide an open, accessible Instant Messaging environment that encrypts your conversations and works right in your browser.
pyCryptocat is a Cryptocat standalone chat client written in Python, using python-webkit package to serve Cryptocat JS and HTML files.
Cryptocat provides multi-user (and private) instant messaging inside chatrooms. It uses the OTR protocol for encrypted two-party chat and the (upcoming) mpOTR protocol for encrypted multi-party chat.
The goal is to provide the easiest, most accessible way to chat while maintaining your privacy online.
PHP-CGI Remote Code Execution Scanner - This small python script scans for a number of variations on the PHP-CGI remote code execution vulnerability, includes "apache magica" and plesk paths, along with other misconfigurations.
Authored by infodox
Nsdtool is a toolset of scripts used to detect Netgear switches in local networks.
The tool contains some extra features like bruteforce and setting a new password.
Netgear has its own protocol called NSDP (Netgear Switch Discovery Protocol), which is implemented to support security tests on the commandline.
It is not being bound to the delivered tools by Netgear.
The post-quantum cryptography tool.
This is a GnuPG-like unix program for encryption and signing that uses only quantum-computer-resistant algorithms:
McEliece cryptosystem (compact quasi-dyadic variant) for encryption
Hash-based Merkle tree algorithm (FMTSeq variant) for digital signatures
Why this?
Go read http://pqcrypto.org/
Links
infopage: http://e-x-a.org/codecrypt/
package downloads: http://e-x-a.org/codecrypt/files/
Documentation
There is a complete, UNIXy manual page supplied with the package. You can view it online here: http://e-x-a.org/codecrypt/ccr.1.html
Simple IPv4 and IPv6 banner grabbing scripts; typically used for telnet/cisco appliances, although may work on services.
GoldenEye is an python app for SECURITY TESTING PURPOSES ONLY!
GoldenEye is a HTTP DoS Test Tool.
Attack Vector exploited: HTTP Keep Alive + NoCache
GoldenEye is an HTTP/S Layer 7 denial of service testing tool. It uses KeepAlive (and Connection: keep-alive) paired with Cache-Control options to persist socket connection busting through caching (when possible) until it consumes all available sockets on the HTTP/S server.
Changes: Referer strings from search engines now only domain part hardcoded. Referer generation function now generates even more random referers. Evades Juniper Netscreen signature. Various other updates and improvements.
OLD:
Usage
USAGE: ./goldeneye.py [OPTIONS]
OPTIONS:
Flag Description Default
-t, --threads Number of concurrent threads (default: 500)
-m, --method HTTP Method to use 'get' or 'post' or 'random' (default: get)
-d, --debug Enable Debug Mode [more verbose output] (default: False)
-h, --help Shows this help
NEW:
USAGE: ./goldeneye.py [OPTIONS]
OPTIONS:
Flag Description Default
-u, --useragents File with user-agents to use (default: randomly generated)
-w, --workers Number of concurrent workers (default: 50)
-s, --sockets Number of concurrent sockets (default: 30)
-m, --method HTTP Method to use 'get' or 'post' or 'random' (default: get)
-d, --debug Enable Debug Mode [more verbose output] (default: False)
-h, --help Shows this help
Utilities
util/getuas.py - Fetchs user-agent lists from http://www.useragentstring.com/pages/useragentstring.php subpages (ex: ./getuas.py http://www.useragentstring.com/pages/Browserlist/) REQUIRES BEAUTIFULSOUP4