OpenBSD, FreeBSD, Solaris, and/or other Unix variants


Store passwords in encrypted files with an easy to use command line interface, and utilities to use the passwords in code. In its simplest form, the keys are generated per environment with OS access controls while the password files are stored in SCM


Jasager is an implementation of Karma designed to run on OpenWrt on the Fon. It will probably run on most APs with Atheros wifi cards but it was designed with the Fon in mind as it is a nice small AP which gives it a lot of scope for use in penetration tests and other related fun.

A quick highlight of features:
•Web interface showing currently connected clients with their MAC address, IP address (if assigned) and the SSID they associated with
•The web interface allows control of all Karma features and can either run fully featured through AJAX enabled browsers or just as well through lynx
•Auto-run scripts on both association and IP assignment
•Full logging for later review
•Pluggable module system for easy extensibility
•Basic command line interface so you don't have to remember the different iwpriv commands


Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases


Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla!


SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. SSLsplit can also use existing certificates of which the private key is available, instead of generating forged ones. SSLsplit supports NULL-prefix CN certificates and can deny OCSP requests in a generic way. SSLsplit removes HPKP response headers in order to prevent public key pinning.

% sslsplit -h
Usage: sslsplit [options...] [proxyspecs...]
-c pemfile use CA cert (and key) from pemfile to sign forged certs
-k pemfile use CA key (and cert) from pemfile to sign forged certs
-C pemfile use CA chain from pemfile (intermediate and root CA certs)
-K pemfile use key from pemfile for leaf certs (default: generate)
-t certdir use cert+chain+key PEM files from certdir to target all sites
matching the common names (non-matching: generate if CA)
-O deny all OCSP requests on all proxyspecs
-P passthrough SSL connections if they cannot be split because of
client cert auth or no matching cert and no CA (default: drop)
-g pemfile use DH group params from pemfile (default: keyfiles or auto)


SQLol is a configurable SQL injection testbed. SQLol allows you to exploit SQL injection flaws, but furthermore allows a large amount of control over the manifestation of the flaw.


XMLmao is a configurable XML/XPath injection testbed. XMLmao allows
you to exploit XML/XPath injection flaws, but furthermore allows
a large amount of control over the manifestation of the flaws.

XMLmao is based on the idea of SQLol, an earlier release which
allows for SQL injection exploitation.


fragroute intercepts, modifies, and rewrites egress traffic destined for a specified host, implementing most of the attacks described in the Secure Networks "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper of January 1998.
It features a simple ruleset language to:
or otherwise monkey with
all outbound packets destined for a target host, with minimal support for randomized or probabilistic behavior.

Surf Jack

Session Hijacking tool

A tool which allows one to hijack HTTP connections to steal cookies - even ones on HTTPS sites! Works on both Wifi (monitor mode) and Ethernet.


MSFMap provides a port scanner for Meterpreter using a NMap-like syntax. It's primary benefits are speed and ease of use while not writing anything to disk. MSFMap allows penetration testers to rapidly utilize a compromised host to scan internal networks.

Syndicate content