Oyedata is a new tool to perform black-box OData security testing and help secure OData deployments. Gursev Singh Kalra wrote Oyedata from a penetration testing perspective and its the major features are summarized below:

Intuitive GUI based tool written in C#.
Ability to create attack templates from local and remote Service Documents and Service Metadata Documents.
Support for XML and JSON data formats.
Ability to export attack templates in JSON and XML formats that can be fed to custom Fuzzing code.
Ability to engage the OData services for manual testing.
Data generator for EDMSimpleType test data generation.
Ability to generate “Read URIs” for Entities, Entity Properties and Entity Property Values.
Ability to generate attack templates for Creation of new Entries, updating existing Entries, Service Operation invocation, Entry deletion etc…
Ability to identify Keys, Nullable and Non-Nullable Properties and indicate the same in the attack templates.
Web proxy, HTTP and HTTPS support and Error logging.

The files are:
Oyedata User Guide Oyedata for OData Assessments.pdf - Oyedata user guide.
setup.exe and OyedataSetup.msi - Oyedata setup files.

System Requirements:
Microsoft .Net 4.0


Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests. It contains many interesting scripts like download and execute, keylogger, password hash dumper, time based payload and much more.

It contains many interesting scripts like download and execute, keylogger, dns txt pwnage, wait for command and much more.

All payloads and scripts are Get-Help compatible. Use "Get-Help -full" on a PowerShell prompt to get full help details.

Checkout svn repo for latest code
svn checkout http://nishang.googlecode.com/svn/trunk/ nishang


JMSDigger is a new tool that can be leveraged to engage and assess enterprise messaging applications with the current release focuses on ActiveMQ. JMSDigger has following features:

Validate credentials and perform credential bruteforce
Dump destinations (topics, queues and queue browsers)
Create, dump and delete durable subscribers
Perform anonymous authentication
Password Decryption
Retrieve Statistics for Broker, Topic and Queues
Create dynamic queues and topics


Voice over IP penetration testing tookit providing SIP and NGN Services Testing Modules for Metasploit Framework

Viproy Voip Pen-Test Kit is developed to improve the quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 10 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.


Invoke-ReflectivePEInjection is a PowerShell script which can reflectively load and execute a windows PE file such as an EXE or DLL inside the PowerShell process on a remote computer without writing to disk. This is accomplished by (partially) rewriting the Win32 functionality which loads EXEs/DLLs in PowerShell.

The script allows a penetration tester to:

Execute EXEs/DLLs on remote computers without writing to disk (detection is extremely difficult)
Execute existing tools inside the PowerShell process (potentially bypassing application whitelisting)
Hide reflectively loaded EXEs/DLLs from tools such as ListDLL's which lists all loaded DLL's
Bypass antivirus by never writing anything to disk, everything happens in memory using PowerShell remoting

A beta version of the script is currently available for download on Github at: https://github.com/clymb3r/PowerShell. The final version will be a part of PowerSploit (and hopefully synced in to Kali linux).


HTExploit (HiperText access Exploit) is an open-source tool written in Python that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process. By using this tool anyone would be able to list the contents of a directory protected this way, bypassing the authentication process.
The tool provides modularity, by allowing the tester to fully perform an analysis on the protected website of the following attacks: SQL Injection, Local File Inclusion, Remote File Inclusion and others.
The main characteristic of this tool is that all of the analyses performed are done inside the protected directory, not from the publicly accessible site.

x Multiples modules to execute.
x Save the output to an specify directory.
x HTML Reporting.
x Use multiples wordlist to probe against htaccess bypassing.
x Mode verbose for a full detailed information.
x Recursive crawling engine.

$ python htexploit

H H TT E l ii t
HHHH TT EEE x x ppp l ooo ttt
H H TT E x p p l o o ii t
H H TT EEEE x x ppp l ooo ii tt
p v0.77

Usage: htexploit -u [URL] [options]

-h, --help show this help message and exit
-u URL, --url=URL **REQUIRED** - Specify the URL to scan
-o OUTPUT, --output=OUTPUT
Specify the output directory (Default: Random)
-w WORDLIST, --wordlist=WORDLIST
Specify the wordlist to use (Default: 'res/FullList')
-v, --verbose Verbosity level (Default: 0)

Example Usage:
python htexploit -u somesite.com -w somewordlist_not_included -o folder_to_output


WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found.

After a scan is complete, a detailed PDF report is emailed to the user. The report includes descriptions of the vulnerabilities found, recommendations and details of where and how each vulnerability was exploited.

The vulnerabilities tested by WebVulScan are:

Reflected Cross-Site Scripting
Stored Cross-Site Scripting
Standard SQL Injection
Broken Authentication using SQL Injection
Autocomplete Enabled on Password Fields
Potentially Insecure Direct Object References
Directory Listing Enabled
HTTP Banner Disclosure
SSL Certificate not Trusted
Unvalidated Redirects


Crawler: Crawls a website to identify and display all URLs belonging to the website.
Scanner: Crawls a website and scans all URLs found for vulnerabilities.
Scan History: Allows a user to view or download PDF reports of previous scans that they performed.
Register: Allows a user to register with the web application.
Login: Allows a user to login to the web application.
Options: Allows a user to select which vulnerabilities they wish to test for (all are enabled by default).
PDF Generation: Dynamically generates a detailed PDF report.
Report Delivery: The PDF report is emailed to the user as an attachment.


Watcher is a Fiddler addon which aims to assist penetration testers in passively finding Web-application vulnerabilities. The security field today has several good choices for HTTP proxies which assist auditors and pen-testers. We chose to implement this as a plugin for Fiddler which already provides the proxy framework for HTTP debugging.

Geek Squad MRI

This is the Best Buy geek squad repair disc - Code Name MRI - for internal use only, confidential, and a trade secret. The disc has tools to help fix computers - it has AntiVirus, AntiSpyware, Disk Cleaner, Process List, Winsock Fix, etc, all a graphical user interface. Essentially it's a tool that makes removing spyware and other issues with Windows a breeze.

This tool has been cracked by SOLDIERX since version 4.8.1. Ever since, all of the geek squad propaganda has been replaced with SX propaganda. The tool was originally cracked by RaT, but and above were cracked by pirrup and edited by RaT.

The latest public SX release is The latest private SX releases are, 5.10.8,, 5.10.4, 5.10.3 v2 (5.10.3 v1 had serious bugs), 5.10.2, and 5.10.1

Fake Versions:
MRI 5.7.3
MRI 5.8.3
MRI 5.9.2
MRI 5.9.3
MRI 10.0.0


Recon-ng is a full-featured Web Reconnaisance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.

Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance. If you want to exploit, use the Metasploit Framework. If you want to Social Engineer, us the Social Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng!

Syndicate content