OpenBSD, FreeBSD, Solaris, and/or other Unix variants


JAD is a java decompiler that was developed many years ago, the creators site is no longer accessible but I found a mirror Wink.

Cisco Auditing Tool

Cisco Auditing Tool - Perl script which scans cisco routers for common vulnerabilities. Checks for default passwords, easily guessable community names, and the IOS history bug. Includes support for plugins and scanning multiple hosts.

Cisco Global Exploiter

Cisco Global Exploiter (CGE), is an advanced, simple and fast security testing tool/ exploit engine, that is able to exploit 14 vulnerabilities in disparate Cisco switches and routers. CGE is command-line driven perl script which has a simple and easy to use front-end.

Dradis Framework

Dradis is an open source framework to enable effective information sharing, specially during security assessments. It is also is a self-contained web application that provides a centralised repository of information to keep track of what has been done so far, and what is still ahead.


Armitage is an easy to use front end extension for the metasploit framework.

DarkBing Sql Scanner

darkBing is a tool written in python that leverages bing for mining data on systems that may be susceptible to SQL injection.


The Browser Exploitation Framework (BeEF) is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging browser vulnerabilities to assess the security posture of a target. This project is developed solely for lawful research and penetration testing.
BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.


A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.

Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script inclusion issues, content serving problems, insufficient XSRF and XSS defenses, and much more.


Cryptcat is an encrypted version of netcat


Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.

Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
Possibility of adding fake file contents so the attacker can 'cat' files such as /etc/passwd. Only minimal file contents are included
Session logs stored in an UML compatible format for easy replay with original timings
Just like Kojoney, Kippo saves files downloaded with wget for later inspection
Trickery; ssh pretends to connect somewhere, exit doesn't really exit, etc

An operating system (tested on Debian, CentOS, FreeBSD and Windows 7)
Python 2.5+
Twisted 8.0+
Zope Interface

Syndicate content