OpenBSD, FreeBSD, Solaris, and/or other Unix variants


WarVOX is a free, open-source VOIP-based war dialing tool for exploring, classifying, and auditing phone systems. WarVOX processes audio from each call by using signal processing techniques and without the need of modems.[1] WarVOX uses VoIP providers over the Internet instead of modems used by other war dialers.[2] It compares the pauses between words to identify numbers using particular voicemail systems


EyeWitness is designed to take a file, parse out the URLs, take a screenshot of the web pages, and generate a report of the screenshot along with some server header information. EyeWitness is able to parse three different types of files, a general text file with each url on a new line, the xml output from a NMap scan, or a .nessus file.

Peeping Tom

This tool allows the tester to feed in urls or ip addresses and it will go out and grab screenshots of the websites.


ZMap is a fast network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection, ZMap is capable scanning the entire public IPv4 address space in under 45 minutes. With a 10gigE connection and PF_RING, ZMap can scan the IPv4 address space in under 5 minutes.

While previous network tools have been designed to scan small network segments, ZMap is specifically architected to scan the entire address space. It is built in a modular manner in order to allow incorporation with other network survey tools. ZMap operates on GNU/Linux and supports TCP SYN and ICMP echo request scanning out of the box.


This is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second.

It produces results similar to nmap, the most famous port scanner. Internally, it operates more like scanrand, unicornscan, and ZMap, using asynchronous transmission. The major difference is that it's faster than these other scanners. In addition, it's more flexible, allowing arbitrary address ranges and port ranges.

Mana Toolkit

A toolkit for rogue access point (evilAP) attacks first presented at Defcon 22.

More specifically, it contains the improvements to KARMA attacks we implemented into hostapd, as well as some useful configs for conducting MitM once you've managed to get a victim to connect.

Cortana Scripts by Mudge

Cortana is a scripting language for Armitage and Cobalt Strike. This is a collection of Cortana scripts that can be used with Cobalt Strike and Armitage.


Fang is a multi service threaded MD5 cracker

POST|http://www.onlinehashcrack.com/free-hash-reverse.php[hashToSearch:{HASH},searchHash:Search]|Plain text \: ]*>([^<]+)
POST|http://www.md5decryption.com/[hash:{HASH},submit:Decrypt+It%21]|>Decrypted Text: <\/b>(.+)<\/font>
GET|http://md5.gromweb.com/?md5={HASH}|name="string" value="(.+)" id="form_string" maxlength="255" size="40" />
POST|http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php[md5:{HASH},x:23,y:8]|Hashed string: (.+)\s*
POST|http://md5pass.info/[hash:{HASH},get_pass:Get+Pass]|Password - (.+)\s*

# This file is part of Fang.
# Copyright(c) 2010-2011 Simone Margaritelli
# [email protected]
# <a href="http://www.evilsocket.net<br />
#<br />
#" title="http://www.evilsocket.net<br />
#<br />
#">http://www.evilsocket.net<br />
#<br />
#</a> This file may be licensed under the terms of of the
# GNU General Public License Version 2 (the ``GPL'').
# Software distributed under the License is distributed
# on an ``AS IS'' basis, WITHOUT WARRANTY OF ANY KIND, either
# express or implied. See the GPL for the specific language
# governing rights and limitations.
# You should have received a copy of the GPL along with this
# program. If not, go to <a href="http://www.gnu.org/licenses/gpl.html<br />
#" title="http://www.gnu.org/licenses/gpl.html<br />
#">http://www.gnu.org/licenses/gpl.html<br />
#</a> or write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

import getopt, sys, os, urllib, urllib2, re, urlparse, os, threading, signal
from optparse import OptionParser, OptionGroup

class Service(threading.Thread):
def __init__ ( self, type, url, regex, exit_on_match, hash ):

self.type = type
self.url = url


Climber is an automated auditing tool to check UNIX/Linux systems misconfigurations which may allow local privilege escalation.

python >= 2.7

Climber needs Exscript, a Python module and a template processor for automating network connections over protocols such as Telnet or SSH.


This module is already included in Climber sources.


NetCommander 1.3 - An easy to use arp spoofing tool.
Copyleft Simone Margaritelli

Usage: netcmd.py [options]

  -h, --help            show this help message and exit
  -I IFACE, --iface=IFACE
                        Network interface to use if different from the default
  -N NETWORK, --network=NETWORK
                        Network to work on.
  -G GATEWAY, --gateway=GATEWAY
                        Gateway to use.
  -K, --kill            Kill targets connections instead of forwarding them.
  -D DELAY, --delay=DELAY
                        Delay in seconds between one arp packet and another,
                        default is 5.
  -A, --all             Keep spoofing and spoof all connected and later
                        connected interfaces.

Syndicate content