Projects

Metasploit Framework

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security ... [More] researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler. [Less]

FusionInventory

FusionInventory is a free and open source project providing hardware, software inventory and network discovery to the IT asset management and helpdesk software called GLPI. "FusionInventory for GLPI" is a collection of plugins using GLPI's internal framework and philosophy (entities ... [More] , habilitations, user interface, etc.) and communicate with some agents (FusionInventory-Agent), deployed on computers. [Less]

nmapsi4

DescriptionNmapSi4 is a complete Qt-based Gui with the design goals to provide a complete nmap interface for Users, in order to management all options of this powerful security net scanner! ==NOTE==: Source Repository: https://github.com/nmapsi4/nmapsi4

Ronin

Ronin is a Ruby platform for exploit development and security research. Ronin allows for the rapid development and distribution of code, exploits or payloads over many common Source-Code-Management (SCM) systems.

Cura

Cura is a mobile phone application for the Android platform (Gingerbread 2.3.3 and above). It is a bundle of remote servers-administration tools targeted mainly at sysadmins. It provides a personalized terminal emulator, a syslog module that allows for reading logs directly from a server, a ... [More] SysMonitor module that visually graphs CPU and RAM usage percentages, access to Nmap, and Server Stats which offers general server information like its Vitals, Hardware information, Memory information, processes, and so on. A security which allows users to have Cura's database completely wiped upon them sending the compromised phone a secret pattern of their choosing is also implemented. [Less]

yandiff

Yandiff (previously called Xndiff) is a command line utility (written in Perl) that allows users to monitor networks for changes in port states and running services. It does this by comparing the XML output of two nmap scans, one designated the "baseline", the other the ... [More] "observation". Alternatively a third XML file can be created containing the differences. It is loosely based on ndiff written by James Levine (circa 2001), except where ndiff used nmap’s "grepable" output, yandiff reads XML output using Nmap::Parser. [Less]

ScanDB

ScanDB is a library and utility for importing and analyzing information generated by various network scanning utilities.

macshark

MacShark - network toolbox for Mac OS XThis project aims to be a comprehensive network toolbox. Its features are to be lightweight (compared to other tools) secure (only one small executable to be setuid to execute as root) be Mac OS X style (using Objective-C and Cocoa programming and GUI) ... [More] features sniffer nmap frontend (require nmap as setuid root, see below) dig whois installation unzip run executable, first time you try to sniff you will be asked for your administrator password nmap setup install nmap in your PATH set the nmap binary as setuid : chown root /usr/local/bin/nmap chmod 4755 /usr/local/bin/nmap [Less]

httpscout

Description:This eXtension launches (the ultra-useful) Nmap port scanner (http://insecure.org/nmap/) and attempts to locate open ports on the scanned web server, that speak HTTP or HTTPS. Once the port scan is done, HTTPScout will add the HTTP-speaking ports to the current scan configuration. ... [More] This eXtension is useful to discover additional HTTP applications on the same server (e.g. web based administration consoles) and add them to the scan automatically. [Less]

lockpick

There are plenty of tools that do specific functions, or a range of technical functions (NMAP, Nessus). However, there are not many open source tools to help manage the scope of the testing a system. Lockpick will fill that role. When I start a penetration test, Lockpick will provide my checklists ... [More] and script resources and update my tools. For intelligence gathering, Lockpick will let me create profiles for target companies and persons. I can shell out to my normal tool suite and organize my log files and other output with the tool. Eventually, I can use Lockpick to pull all of the testing data together and generate an executive summary and detail report with the logs and profiles for addenda. [Less]