tool which checks if the host names listed in a file or contained in a hosts file can be resolved or not. Supports multi-threading, logging, delay between each query and allows to choose the type of primary query (A record by default) and a backup one in case the first fails (for example A and then NS)
clusterd is an open source application server attack toolkit. Born out of frustration with current fingerprinting and exploitation methods, clusterd automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack. See the wiki for more information.
BIRP is a tool that will assist in the security assessment of mainframe applications served over TN3270. Much like what BURP and other web application proxies do for web application assessments, BIRP aims to do the same for TN3270 application assessments. And, much like with web applications, being able to see and modify fields that the application developer assumed were neither visible nor modifiable allows security assumptions be bypassed.
In particular, BIRP provides two capabilities for the aspiring TN3270 hacker. The first is that it shows all the data returned by the application in the screen. This includes hidden fields. The second is that it allows fields marked as "protected" aka "non modifiable" to be modified. Depending on how the application has been developed, this can allow application functionality to be modified.
SPartan is a Frontpage and Sharepoint fingerprinting and attack tool. Features:
Sharepoint and Frontpage fingerprinting
Management of Friendly 404s
Default Sharepoint and Frontpage file and folder enumeration
Active Directory account enumeration
Download interesting files and documents, including detection of uninterpreted ASP and ASPX
Search for keywords in identified pages
Saves state from previous scans
Accepts NTLM creds and session cookies for authenticated scans
PSIKOTIK TSO User Enumerator. A fast TSO user enumerator written in straight python without the need for s3270 or x3270.
It should mostly work on any mainframe. If it doesn't get to the TSO logon screen then you need to sniff a real connection to the mainframe and find out what the hex stream looks like when you type 'TSO1' (for example) and change tso_command to reflect that value.
SensePost's network footprinting and enumeration tool. You can't pwn what you don't know about.
It is a cross-platform, Java application. It’s predecessor, BidiBlah, was only available on Windows platforms and hopefully with Yeti we can now offer Internet intelligence gathering to everyone.
Originally conceived as a method to enumerate various pastebins (slexy,pastie,pastebin,gisthub) as a response to corelans
pastenum – http://www.corelan.be/index.php/2011/03/22/pastenum-pastebinpastie-enume..., its changed slightly to a more general enumerator.
Pastenum is a ruby application that runs client side to enumerate various bins, this just took it a bit further by putting it in a web application
as mine kept crashing trying to load the previous results.
Pastenum is a text dump enumeration tool. It currently searches pastebin.com and pastie.org.
WarVOX is a free, open-source VOIP-based war dialing tool for exploring, classifying, and auditing phone systems. WarVOX processes audio from each call by using signal processing techniques and without the need of modems. WarVOX uses VoIP providers over the Internet instead of modems used by other war dialers. It compares the pauses between words to identify numbers using particular voicemail systems
EyeWitness is designed to take a file, parse out the URLs, take a screenshot of the web pages, and generate a report of the screenshot along with some server header information. EyeWitness is able to parse three different types of files, a general text file with each url on a new line, the xml output from a NMap scan, or a .nessus file.