Projects

sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting ... [More] from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. [Less]

The Dradis Framework

Dradis is an open source framework to enable effective information sharing, specially during security assessments. Our goals: Share the information effectively. Easy to use, easy to be adopted. Otherwise it would present little benefit over other systems. Flexible: with a powerful and simple ... [More] extensions interface. Small and portable. You should be able to use it while on site (no outside connectivity). It should be OS independent (no two testers use the same OS). Some of the features: Platform independent Easy report generation: in Word, HTML, etc. Markup support for the notes: styles, images, links, etc. Integration with existing systems and tools: Burp Scanner, Metasploit, Nessus, NeXpose, Nikto, Nmap, OpenVAS, OSVDB, SureCheck, Vuln::DB, w3af, wXf [Less]

Ronin

Ronin is a Ruby platform for exploit development and security research. Ronin allows for the rapid development and distribution of code, exploits or payloads over many common Source-Code-Management (SCM) systems.

ThreadFix

ThreadFix is a software vulnerability aggregation and management system that reduces the time it takes to fix software vulnerabilities. ThreadFix imports the results from dynamic, static and manual testing to provide a centralized view of software security defects across development teams and ... [More] applications. The system allows companies to correlate testing results and streamline software remediation efforts by simplifying feeds to software issue trackers. By auto generating application firewall rules, this tool allows organizations to continue remediation work uninterrupted. ThreadFix empowers managers with vulnerability trending reports that show progress over time, giving them justification for their efforts. [Less]

Panoptic

Panoptic is an open source penetration testing tool that automates the process of search and retrieval of content for common log and config files through LFI vulnerability.

ArchPwn

ArchPwn is a security based Linux Live CD/DVD system that aims to be a fully working swiss army knife for pentesting purpose (GPL licensed). It's based on the famous ArchLinux distrubution, and inherits from this her philosphy.

bloit

Bloit is a bluetooth exploitation kit that is designed to mangle with bluetooth packages at it's lowest level in a very easy fashion. It's being designed mainly as a library so people can easy corporate in into there own applications.

yaptest

Yet Another PenTEST...Work in progress: This project has not yet been moved to google code. See also the official homepage. At times pentesting is one of the most fun jobs around. Other times, though it's dull. When you're having to manually check for the same issues on the next host ... [More] and the next host and the next... testing can get kinda tedious. Vulnerability scanners (nessus and the like) have their place, but no scanner is going to test for everything that you're interested in. Yaptest aims to make it easy for a pentester to automate parts of testing on the fly. This is particularly useful when testing very large networks. Below are some examples of tasks which would be easy to automate using yaptest: Run nikto on anything nmap thinks is an HTTP service Run hydra on every host with TCP port 21 open Attempt upload a file to any TFTP servers found Run onesixtyone on all hosts that are up Try metasploit's solaris_kcms_readfile exploit against any hosts running kcmsd Yaptest is the glue between your favourite tools and the knowledge base gathered during your pentest. It handles all the mundane stuff that can easily be automated and leaves you free to get on with owning boxes demonstrating risk using techniques that yaptest doesn't know about yet. [Less]

gobag

This is a collection of open source pentesting tools to make updating your toolset easier before going on an engagement.

discoverypentest

As we are a group interested in the security side we think to make a different thing. the first goal of it is to upgrade our culture and thinking skills. so, we decides to make a penetrating system framework its main function is to check any network system then print a report contains all vulnerabilities exploitation in this system.