KitPloit - PenTest Tools!

OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them .

Why OWASP VBScan ?

If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.

Project Leader : Mohammad Reza Espargham
Github : https://github.com/rezasp/vbscan/
SourceForge : https://sourceforge.net/projects/vbscan/
OWASP Page : https://www.owasp.org/index.php/OWASP_VBScan_Project

Usage :

perl vbscan.pl <target>
perl vbscan.pl http://target.com/vbulletin
perl vbscan.pl --help

Download OWASP VBScan

Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns.

The project was started in 2013 by the founder Brandon "zeknox" McCann. Brandon identified inefficiencies in the way that many penetration testers were conducting email phishing engagements. Wanting to make it easier to manage phishing campaigns Brandon started the "Phishing Frenzy" project.

The goal of the project is to streamline the phishing process while still providing clients the best realistic phishing campaign possible. This goal is obtainable through campaign management, template reuse, statistical generation, and other features the Frenzy has to offer.

Resources

Download Phishing Frenzy

Skydive is an open source real-time network topology and protocols analyzer. It aims to provide a comprehensive way of understanding what is happening in the network infrastructure.

Skydive agents collect topology informations and flows and forward them to a central agent for further analysis. All the informations are stored in an Elasticsearch database.

Skydive is SDN-agnostic but provides SDN drivers in order to enhance the topology and flows informations. Currently only the Neutron driver is provided but more drivers will come soon.

Topology Probes

Topology probes currently implemented:

OVSDB
NetLINK
NetNS
Ethtool

Topology connectors:

Neutron
Docker

Flow Probes

Flow probes currently implemented:

sFlow
PCAP

Dependencies

Go >= 1.5
Elasticsearch >= 2.0

Install

Make sure you have a working Go environment. See the install instructions .

Then make sure you have Godep installed. See the install instructions .

$ go get github.com/redhat-cip/skydive/cmd/skydive

Getting started
Skydive relies on two main components:

skydive agent, has to be started on each node where the topology and flows informations will be captured
skydive analyzer, the node collecting data captured by the agents

Configuration
For a single node setup, the configuration file is optional. For a multiple node setup, the analyzer IP/PORT need to be adapted.
Processes are bound to 127.0.0.1 by default, you can explicitly change binding address with "listen: 0.0.0.0:port" in the proper configuration sections.
See the full list of configuration parameters in the sample configuration file etc/skydive.yml.default .

Start

$ skydive agent [--conf etc/skydive.yml]

$ skydive analyzer [--conf etc/skydive.yml]

WebUI
To access to the WebUI of agents or analyzer:

http://<address>:<port>

Skydive client
Skydive client can be used to interact with Skydive Analyzer and Agents. Running it without any command will return all the commands available.

$ skydive client

Usage:
  skydive client [command]

Available Commands:
  alert       Manage alerts
  capture     Manage captures

Flags:
  -h, --help[=false]: help for client
      --password="": password auth parameter
      --username="": username auth parameter

Specifying the subcommand will give the usage of the subcommand.

$ skydive client capture

If an authentication mechanism is defined in the configuration file the username and password parameter have to be used for each command. Environment variables SKYDIVE_USERNAME and SKYDIVE_PASSWORD can be used as default value for the username/password command line parameters.

Start Flow captures
Skydive client allows you to start flow captures on topology Nodes/Interfaces

$ skydive client capture create -p <probe path>

The probe path parameter references the interfaces where the flow probe will be started, so where the capture will be done.
The format of a probe path follows the links between topology nodes from a host node to a target node :

host1[Type=host]/.../node_nameN[Type=node_typeN]

The node name can be the name of :

a host
an interface
a namespace

The node types can be :

host
netns
ovsbridge

Currently target node types supported are :

ovsbridge
veth
device
internal
tun
bridge

To start a capture on the OVS bridge br1 on the host host1 the following probe path is used :

$ skydive client capture create -p "host1[Type=host]/br1[Type=ovsbridge]""

A wilcard for the host node can be used in order to start a capture on all hosts.

$ skydive client capture create -p "*/br1[Type=ovsbridge]"

A capture can be defined in advance and will start when a topology node will match.
To delete a capture :

$ skydive client capture delete <probe path>

API
Topology informations are accessible through HTTP or a WebSocket API
HTTP endpoint:

curl http://<address>:<port>/api/topology

WebSocket endpoint:

ws://<address>:<port>/ws/graph

Messages:

NodeUpdated
NodeAdded
NodeDeleted
EdgeUpdated
EdgeAdded
EdgeDeleted

Devstack
Skydive provides a DevStack plugin that can be used in order to have Skydive Agents/Analyzer configured and started with the proper probes by DevStack.
For a single node setup adding the following lines to your local.conf file should be enough.

enable_plugin skydive https://github.com/redhat-cip/skydive.git

enable_service skydive-agent skydive-analyzer

The plugin accepts the following parameters:

# Address on which skydive analyzer process listens for connections.
# Must be in ip:port format
#SKYDIVE_ANALYZER_LISTEN=

# Inform the agent about the address on which analyzers are listening
# Must be in ip:port format
#SKYDIVE_AGENT_ANALYZERS=

# ip:port address on which skydive agent listens for connections.
#SKYDIVE_AGENT_LISTEN=

# Configure the skydive agent with the etcd server address
# http://IP_ADDRESS:2379
#SKYDIVE_AGENT_ETCD=

# The path for the generated skydive configuration file
#SKYDIVE_CONFIG_FILE=

# List of agent probes to be used by the agent
# Ex: netns netlink ovsdb
#SKYDIVE_AGENT_PROBES=

# Remote port for ovsdb server.
#SKYDIVE_OVSDB_REMOTE_PORT=6640

# Set the default log level, default: INFO
#SKYDIVE_LOGLEVEL=DEBUG

Download Skydive

HostedNetworkStarter is a simple tool for Windows 7 and later that allows you to easily create a wifi hotspot with your wireless network adapter, using the Wifi hosted network feature of Windows operating system. With the wifi hotspot created by this tool, you can allow any device with wifi support to access the network and the Internet connection available in your computer.

System Requirements

Any version of Windows, starting from Windows 7 and up to Windows 10, 32-bit or 64-bit systems. (In older versions of Windows, there is no support for Wifi hosted network)
Wireless network adapter that supports Wifi hosted network.

Start Using HostedNetworkStarter

HostedNetworkStarter doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file - HostedNetworkStarter.exe

After running HostedNetworkStarter, the 'Hosted Network Options' window is opened, allowing you to choose the desired configuration of your Wifi hotspot. After filling the network name ,the network key, and choosing the desired Internet connection to share, you should press the Start button to start the Wifi Hotspot.

After starting the wifi hotspot, the main window of HostedNetworkStarter displays information about the started hotspot. The upper pane displays general statistics about the active hotspot (Hosted Network State, Channel Number, number of Connected clients, Sent Bytes, Received Bytes, and so on) , and the lower pane displays the list of clients that are currently connected to your hotspot

If there was any error during the hotspot activation, the error code or message will be displayed in one or more of the following lines in the upper pane: 'Hosted Network Error', 'Hosted Network Reason Code', and 'Internet Connection Sharing Error'.

The 'Hosted Network Options' window

Here's the description of all options available in the 'Hosted Network Options' window:

Network Name (SSID):The name of your Wifi hotspot.
Network Key:The network key of your Wifi hotspot.
Persistent Key:If this option is checked, Windows operating system will store your network key, and it'll use it in the future if the 'Network Key' field is empty.
Storing the network key inside the .cfg file:Tells HostedNetworkStarter how to store the network key inside HostedNetworkStarter.cfg (located in the same folder of the .exe file):
- Don't store the network key inside the .cfg file (The default)
- Store the network key inside the .cfg file without encryption
- Store the network key inside the .cfg file with Windows encryption
If you choose to store the network key with Windows encryption, HostedNetworkStarter will be able to get load the key only when running it on the same computer with the same user.
Share the Internet and the network from the following connection:If this option is checked, the devices that connect to your hotspot will be able to use the Internet from the selected network connection as well as to access other computers and devices on your network. HostedNetworkStarter automatically activates the Internet connection sharing when you start the wifi hotspot and deactivates it when you stop wifi hotspot.
If this option is turned off, you can still manually activate the Internet connection sharing from the settings window of your network adapter.
If this option is turned off and you don't activate the Internet connection sharing manually, then the devices connect to your hotspot will only be able to access the computer that runs HostedNetworkStarter and any other device that is connected to the wifi hotspot.
Maximum number of connected devices:The maximum number of wifi devices that will be able to connect your wifi hotspot concurrently.

Download HostedNetworkStarter

Litesploit is a library and intepreter for penetration testing tools. This includes exploits, tools and litepreter.

Litesploit support for Linux like ubuntu or debian, and more distro penetration testing like BackBox and Kali Linux.

Platform	Support
Linux Ubuntu	Yes
Linux Debian	Yes
Microsoft Windows	No

Installation

Requirements

PHP 5 or higher
GCC
Zephir lang
PHP-Dev
libpcre3-dev

For Linux Ubuntu and Debian

sudo apt-get install -y gcc make re2c php5-cli php5-dev php5-curl php5-json libpcre3-dev

Install on Ubuntu/Debian

git clone https://github.com/devilscream/litesploit.git
cd litesploit
./install

Usage

Open litesploit

root@user:~# litesploit
Litesploit >

Load exploits/tools

Litesploit > [exploit file/tools]

Example:

Litesploit > exploits/modem/router/zte/f660

Download Litesploit

CANToolz is a framework for analysing CAN networks and devices. This tool based on different modules which can be assembled in pipe together and can be used by security researchers and automotive/OEM security testers for black-box analysis and etc. You can use this software for ECU discovery, MITM testing, fuzzing, bruteforcing, scanning or R&D testing and validation.

This platform is a try to unify all needed tricks/tools and other things that you can do with CAN bus in one place. I have found, that there are many tools available, from Charlie Miller and Chris Valasek tools to UDS/CAN tools by Craig Smith.

More details and use-case published in the blog See wiki (currently in dev.): WIKI

Using a Hardware

CANToolz can work with CAN network by using next hardware:

Fast start

sudo python cantoolz.py -g w -c examples/can_sniff.py

Then use browser and connect to http://localhost:4444

Modules

hw_CANBusTriple - IO module for CANBus Triple HW
hw_USBtin - IO module forUSBtin
mod_firewall - module for blocking CAN message by ID
mod_fuzz1 - Simple 'Proxy' fuzzer (1 byte) Can be combined with gen_ping/gen_replay
mod_printMessage - printing CAN messages
mod_stat - CAN messages statistic (with .csv file output) Analysis option (c mod_stat a) will try to find UDS/ISO TP messages
gen_ping - generating CAN messages with chosen IDs (ECU/Service discovery)
gen_replay - save and replay packets

P.S. of course we are working on supporting other types of I/O hardware and modules. Please join us! Main idea that community can produce different modules that can be useful for all of us 8)

Dependencies

python 3.4

pip install pyserial

Last stable release for Python 2.7: https://github.com/eik00d/CANToolz/tree/Python_2.7_last_release

Usage Examples

See more use-cases inside examples folder:

CAN Switch filter scanner Checking which CAN frames can be passed from diagnostic interface to HU and back
MITM with firewall (ECU ID detection) Checking what packets are responsible for chosen "action"
Replay discovery Checking what packets are responsible for chosen "action"
Ping discovery ( with ISO TP and UDS support) UDS detection and etc

And many other options possible. Just use modules as "needed". Example with DIFF mode, to find door unlock commands.

Download CANToolz aka YACHT

This tool is aimed for Incident Response Team and anyone what's want to know the behaviour of the "suspicious" IP Address. The tools do search looking for reputation info from a set of open threat intelligence sources. Information about this IP like malware activity, malicious activity, blacklist, spam and botnet activity.

Depedencies :

request
shodan

Installation :

pip install requests & easy_install shodan
git clone "repositori"
config API token into config.json

try: $> python sipi.py any_ip -A

Descripcion
[[@SVTCloud] Simple IP Information Tool [[@st2labs]]

 sIPi - is a free reconnaissance tool for obtain IP Address Information from
 many Open Sources: cymon.io | shoda.io | ipinfo.io

Julian J. Gonzalez Caracuel - @rhodius Version: 0.1
Es una herramienta que analiza una IP o lista de IP, obteniendo como resultado información sobre:

    - reputación / actividad
    - nivel de exposición 
    - geolocalización

Reputación / detección de la IP en lista negras según las siguientes categorias:

   Source: cymon.io - Cymon is the largest open tracker of malware, phishing, botnets, spam, and more

   ['malware',
       'botnet',
       'spam',
       'phishing',
       'malicious activity',
       'blacklist',
       'dnsbl']

Nivel de exposición:

    Source: shodan.io - Shodan is the world's first search engine for Internet-connected devices.

    Obtiene información toda la dirección IP que tiene SHODAN sobre la dirección IP, dependiendo del nivel de acceso al motor SHODAN 
    se podra obtener información con mayor cantidad de datos (número de puertos, banner, geolocalización)

Geolocalización:

    Source: ipinfo.io

    Obtiene información simple de la dirección IP, geolocalización e información sobre el ASN, permite un ratio de 1000/day

Instalacion Requisitos

cymon.io  - Necesita token de autenticación - usuario registrado ratio: 1000/days
shodan.io - Necesita token de autenticación - usuario registrado limite 100 resultados, puertos limitados

La configuración de los token, se introduce en Fichero: config.json, que debe estar en el directorio donde se ejecuta sipi.py << API token from all service is setting up into a "config.json" filename place in the root directory >>
Dependencias
requests

pip install requests

shodan

easy_install shodan

Linux & Windows

Examples | Ejemplos

 Buscar información en todas las categorias de reputación, nivel de exposición & ip información
 Get Info to IP's list filename in All categoty from cymon, and adds info from Shodan & IPInfo
 $> python sipi.py list_ip -A -s -i

 Obtener información sobre la IP en lista de SPAM, nivel de exposición & ip información
 Get Info to IP's list filename only in SPAM categoty from cymon, and adds info from Shodan & IPInfo
 $> python sipi.py list_ip -t spam -s -i

 Obtener información sobre la lista de IP en reputación a nivel de Malware
 Get Info to IP's list filename only in MALWARE categoty from cymon with 1 day ago and 1000 entry limits
 $> python sipi.py list_ip -t malware -d 1 -l 1000

    -d <days[1-3]> Solamente se puede analizar el nivel de reputación de la IP hace 3 días
    If you don't find anythings, maybe events was more than 3 day ago, please try to use -d 4 options
    Para más de 3 días utilizar -d 4

    -l <limite> Controlar el número de resultados donde analizar la IP - Default: 100

Output Example:
$> python sipi.py lista.txt -d 4 -A
[[@SVTCloud] Simple IP Information Tool [[@st2labs]]

 sIPi - is a free recorn tool for obtain IP Address Information from
 many Open Sources: cymon.io | shoda.io | ipinfo.io

Julian J. Gonzalez Caracuel - @rhodius Version: 0.1

 [!] This IP ['83.55.23.240s'] is not valid & have been removed from searching


 If days more than 3, auto change mode is active
 [ip_blacklist > ip_events] to obtain Ip Info


 ++++++++++++++++++++++++++++++++++++++
 + Info obtain from: http://cymon.io  +
 +     Checking for ip_events
 ++++++++++++++++++++++++++++++++++++++


 +---------------------------------+
 +-Events for IP:93.76.61.78
 +---------------------------------+

   +--

   [!] IP 93.76.61.78 found in malicious activity BlackList
   Detected by: [u'esentire threat labs']

   --+

   [NOT_FOUND] IP 93.76.61.78  in this CATEGORIES:['malware', 'botnet', 'spam', 'phishing', 'blacklist', 'dnsbl']


 +---------------------------------+
 +-Events for IP:93.183.250.196
 +---------------------------------+

   +--

   [!] IP 93.183.250.196 found in malicious activity BlackList
   Detected by: [u'esentire threat labs']

   --+

   [NOT_FOUND] IP 93.183.250.196  in this CATEGORIES:['malware', 'botnet', 'spam', 'phishing', 'blacklist', 'dnsbl']


 +---------------------------------+
 +-Events for IP:176.101.204.172
 +---------------------------------+

   +--

   [!] IP 176.101.204.172 found in malicious activity BlackList
   Detected by: [u'esentire threat labs']

   --+

   [NOT_FOUND] IP 176.101.204.172  in this CATEGORIES:['malware', 'botnet', 'spam', 'phishing', 'blacklist', 'dnsbl']

Download sIPI

Features

Interface mode switcher (Monitor-Managed).
DoS over wireless networks with different methods.
Assisted Handshake file capture.
Cleaning and optimizing Handshake captured files.
Offline password decrypt on WPA/WPA2 captured files (dictionary and bruteforce).
Compatibility with many Linux distros (see requirements section).
Easy targeting and selection in every section.
Controlled Exit. Cleaning tasks and temp files. Option to keep monitor mode if desired.
Multilanguage support and autodetect OS language feature (see supported languages section).
Help hints in every zone/menu for easy use.
Autoupdate. Script checks for newer version if possible.

Requirements
Bash version 4 or later needed.

We say a distro is a 100% compatible Linux distro if it has installed by default all the essential tools script needs to work.

Tested on these 100% compatible Linux distros:
-Kali. 2.0 and 2016.1
-Wifislax. 4.11.1 and 4.12
-Backbox. 4.5.1
-Parrot. 2.2.1
-Blackarch 2016.01.10
-Cyborg Hawk 1.1

Anyway, can be used with any Linux distro if you have installed the tools what script needs. The script checks for them at the beginning.

Essential tools: <- the script doesn't work if you don't have installed all of them
iwconfig iw awk airmon-ng airodump-ng aircrack-ng curl

Optional tools: <- not necessary to work, only needed for some features
wpaclean crunch aireplay-ng mdk3

Other (non 100% compatible) distros tested successfully after installing missing tools:
-Debian 8 (Jessie)
-Ubuntu 15.10 and Xubuntu 15.10
-OpenSUSE Leap 42.1

Impossible compatibility for Mac OSX at the moment. Some reasons:
-Bash version <- it can be avoided upgrading to 4 or later, this is not the problem
-Aircrack suite <- this suite for OSX doesn't support airodump and aireplay
-Wireless tools <- iwconfig doesn't exists for OSX, and airport command can't be used. It generates very different outputs

Use
Under some distros like Kali Linux must be called only using bash (not sh). Example bash /path/airgeddon.sh
Under Wifislax and others, it can be called using bash or sh. Example sh /path/airgeddon.sh
If you call the script using sh and a "Syntax error" appears, use it with bash instead of sh.

Supported Languages
English, Spanish, French and Catalan.

Download Airgeddon

RSPET (Reverse Shell and Post Exploitation Tool) is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario.

Features

Remote Command Execution
Trafic masking (XORed insted of cleartext); for better results use port 443[1]
Built-in File/Binary transfer (both ways) over the masked trafic
Built-in UDP Flooding tool
Built-in UDP Spoofing tool[2]
Multiple/All Hosts management; order File/Binary transfer and UDP Flood from Multiple/All connected Hosts
Modular Code Design to allow easy customization[3]
Client script is tested and is compatible with PyInstaller (can be made into .exe)[4]

*[1]The idea for XORing as well as the skeleton for the client came from primalsecurity.net so if you like this pack of scripts you'll probably love what they do

*[2]UDP Spoofing uses RAW_SOCKETS so in order to utilize it, the client has to run on an OS that supports RAW_SOCKETS (most Unix-Based) and with root privilages. Finally, most of the ISPs have implementations in place that will either drop or re-structure spoofed packets

*[3]See EXPANDING for how you can easily add new functionality and customize RSPET to your needs

*[4]Again check primalsecurity.net's perfect blogpost about producing an .exe

Deployment:

RSPET_server.py or RSPET_server_min.py is situated at the attacker's machine and running to accept connections
RSPET_client.py or RSPET_client_min.py is situated in the infected machine(s) and will initiate the connection and wait for input.

Execution:

Server:

python RSPET_server.py (max_connections)

max_connections defaults to 5 if left blank

Client:

python RSPET_client.py server_ip

Many changes can be made to fit individual needs.
As always if you have any suggestion, bug report or complain feel free to contact me.

Todo

~~Fix logic bug where if a dirrect command to Host OS has no output Server displays command not recognised~~
Fix logic bug where if a dirrect command's to Host OS execution is perpetual the Server deadlocks
~~Add client version and type (min or full) as a property when client connects and at List_Hosts~~
Add client update mechanism (being worked on)
Add UDP Reflection functionality (already in the workings)

Download RSPET

CJExploiter is drag and drop ClickJacking exploit development assistance tool. First open the "index.html" with your browser locally and enter target URL and click on "View Site". You can dynamically create your own inputs. Finally by click the "Exploit It" you can see the P0C.

Summery

Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.

Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker. OWASP

You can use this tool to generate dynamic P0C.

Download CJExploiter

Marfil is an extension of the Aircrack-ng suite, used to assess WiFi network security. It allows to split the work of performing long running dictionary attacks among many computers.

Motivation

The Aircrack-ng suite provides the aircrack-ng tool, which is a 802.11 WEP and WPA/WPA2-PSK key cracking program. When cracking the latter, a dictionary or word list has to be used. The longer these dictionaries are, the longer the process takes. Depending on your hardware it could even take days or weeks.

If you happen to have some additional hardware at your disposal aircrack-ng does not allow you to distribute the load between them: you have to choose the fastest one and stick to it. This is exactly where Marfil comes to play.

Solution

Marfil is a php-based tool that distributes the cracking load between different nodes. The approach followed is considerably simple: instead of using only one node to crack a .cap file using a big dictionary it splits the dictionary and distributes it among the rest of the nodes. The high-level process goes like this:

Dictionaries to use are configured in the server node
A client node sends a crack request to the server includes a .cap file and the BSSID of the target network)
Clients ask the server for work
Once work is needed the server answers with a .cap file and BSSID along with a dictionary piece
Clients perform the cracking on their own and when finished return the result
The server updates the status of the crack request according to the result
Eventually, either the .cap file is processed against all parts of a dictionary without success or the password is found
The process repeats. Note the first step is only needed for the first time or whenever the dictionaries are updated. The server node can also work as a client node.

Requirements

aircrack-ng suite
PHP >= 5.5.9
SQLite module for PHP5 (only needed for the server node)
Composer (only needed if you do not download the release from the releases section)

Marfil has only been tested on Linux so far. However, the approach followed and the tools used are considerably platform-independent so it should also work on Windows or Mac.

Setup

Initial setup and dictionary configuration

Download the most up-to-date file in the release section
Decompress it in all your nodes (server and clients)
Install PHP5 and the aircrack-ng suite in all clients
On Debian Linux you can do this by running this command:
```
      sudo apt-get install php5 aircrack-ng     
```
Install SQLite module for PHP5 on the server
On Debian Linux you can do this by running this command:
```
      sudo apt-get install php5-sqlite     
```
On the server node, start a web server setting the root as the public directory in the Marfil directory
Using PHP's built-in web server, this can be done by running the following command in the Marfil directory:
```
      php -S 0.0.0.0:8080 -t public     
```
You can test this worked by accessing http://localhost:8080 in a browser on your server node and see an empty list of crack requests
Make sure you can access the web server from your clients by accessing http://YOUR_SERVER_IP_ADDRESS:8080 in a web browser from your clients
Place dictionaries in the storage/app/dictionaries directory. Search the web for word lists, if you don't have any
Execute this command in the Marfil directory to split the dictionaries into pieces and prepare the dictionary database (depending on the size of the dictionaries, it might take a while):
```
      php artisan marfil:refresh-dictionaries     
```

Adding crack requests and working on them

In order to add crack requests, a .cap file with the WPA handshake and the BSSID of the target network is needed. This can either be done through the web server interface or by executing the following command in the Marfil directory of any node:
```
      php artisan marfil:crack YOUR_SERVER_IP_ADDRESS:8080 path/to/file.cap 01:23:45:67:89:AB     
```
Any successfully generated crack request can be displayed in the web server interface
Any of the nodes can be used as a worker client. In order to do so just run the following command in the Marfil directory:
```
      php artisan marfil:work YOUR_SERVER_IP_ADDRESS:8080     
```
This command will make the client ask for work every 60 seconds. When the server responds with work, the client will download the needed files and try to crack the .cap file.
Progress can be tracked by means of the web interface

Support
If any issue is found, please, report it providing all the needed information to reproduce it. Failing to do so will result in the ticket being closed.
Some additional notes:

It is possible to watch server logs by monitoring storage/logs/lumen.log file
The database can be regenerated by running this command:
```
      php artisan migrate:refresh     
```

Download Marfil

WiFi-Pumpkin is a security tool that provides the Rogue access point to Man-In-The-Middle and network attacks.

Installation
Kali 2.0/WifiSlax 4.11.1/Parrot 2.0.5

Python 2.7

 git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git
 cd WiFi-Pumpkin
 chmod +x installer.sh
 ./installer.sh --install

refer to the wiki for Installation

Features

Rogue Wi-Fi Access Point
Deauth Attack Clients AP
Probe Request Monitor
DHCP Starvation Attack
Credentials Monitor
Transparent Proxy
Windows Update Attack
Phishing Manager
Partial Bypass HSTS protocol
Support beef hook
Mac Changer
ARP Poison
DNS Spoof

Plugins

Plugin	Description
net-creds	Sniff passwords and hashes from an interface or pcap file
dns2proxy	This tools offer a different features for post-explotation once you change the DNS server to a Victim.
sslstrip2	Sslstrip is a MITM tool that implements Moxie Marlinspike's SSL stripping attacks based version fork @LeonardoNve/@xtr4nge.
sergio-proxy	Sergio Proxy (a Super Effective Recorder of Gathered Inputs and Outputs) is an HTTP proxy that was written in Python for the Twisted framework.

Transparent Proxy
Transparent proxies that you can use to intercept and manipulate HTTP/HTTPS traffic modifying requests and responses, that allow to inject javascripts into the targets visited. You can easily implement a module to inject data into pages creating a python file in directory "Proxy" automatically will be listed on PumpProxy tab.

Plugins Example
The following is a sample module that injects some contents into the tag to set blur filter into body html page:

from Plugin import PluginProxy

class blurpage(PluginProxy):
    ''' this module proxy set blur into body page html response'''
    _name          = 'blur_page'
    _activated     = False
    _instance      = None
    _requiresArgs  = False

    @staticmethod
    def getInstance():
        if blurpage._instance is None:
            blurpage._instance = blurpage()
        return blurpage._instance

    def __init__(self):
        self.LoggerInjector()
        self.injection_code = []

    def setInjectionCode(self, code):
        self.injection_code.append(code)

    def inject(self, data, url):
        injection_code = '''<head> <style type="text/css">
        body{
        filter: blur(2px);
        -webkit-filter: blur(2px);}
</style>'''
        self.logging.info("Injected: %s" % (url))
        return data.replace('<head>',injection_code )

FAQ

I can't install it

have a look at the Installation

I have this message warning Error Network Card

You system not have support run Wifi-Pumpkin with Wireless connection

hi , is it work on X Wireless Adapters ?

I don't know, check this page

I can't install package X

Try installing the package via pip, Google is your friend!

It Windows supported?

No, It will never be

Download Wifi-Pumpkin

netdata is a highly optimized Linux daemon providing real-time performance monitoring for Linux systems, Applications, SNMP devices, over the web !

It tries to visualize the truth of now , in its greatest detail , so that you can get insights of what is happening now and what just happened, on your systems and applications.

This is what you get:

Stunning bootstrap dashboards , out of the box (themable: dark, light)
Blazingly fast and super efficient , mostly written in C (for default installations, expect just 2% of a single core CPU usage and a few MB of RAM)
Zero configuration - you just install it and it autodetects everything
Zero dependencies , it is its own web server for its static web files and its web API
Zero maintenance , you just run it, it does the rest
Custom dashboards that can be built using simple HTML (no javascript necessary)
Extensible , you can monitor anything you can get a metric for, using its Plugin API (anything can be a netdata plugin - from BASH to node.js, so you can easily monitor any application, any API)
Embeddable , it can run anywhere a Linux kernel runs and its charts can be embedded on your web pages too

What does it monitor?
This is what it currently monitors (most with zero configuration):

CPU usage, interrupts, softirqs and frequency (total and per core)
RAM, swap and kernel memory usage (including KSM and kernel memory deduper)
Disks (per disk: I/O, operations, backlog, utilization, etc)
Network interfaces (per interface: bandwidth, packets, errors, drops, etc)
IPv4 networking (bandwidth, packets, errors, fragments, tcp: connections, packets, errors, handshake, udp: packets, errors, broadcast: bandwidth, packets, multicast: bandwidth, packets)
IPv6 networking (bandwidth, packets, errors, fragments, ECT, udp: packets, errors, udplite: packets, errors, broadcast: bandwidth, multicast: bandwidth, packets, icmp: messages, errors, echos, router, neighbor, MLDv2, group membership, break down by type)
netfilter / iptables Linux firewall (connections, connection tracker events, errors, etc)
Linux DDoS protection (SYNPROXY metrics)
Processes (running, blocked, forks, active, etc)
Entropy (random numbers pool, using in cryptography)
NFS file servers , v2, v3, v4 (I/O, cache, read ahead, RPC calls)
Network QoS (yes, the only tool that visualizes network tc classes in realtime)
Linux Control Groups (containers), systemd, lxc, docker, etc
Applications , by grouping the process tree (CPU, memory, disk reads, disk writes, swap, threads, pipes, sockets, etc)
Users and User Groups resource usage , by summarizing the process tree per user and group (CPU, memory, disk reads, disk writes, swap, threads, pipes, sockets, etc)
Apache web server mod-status (v2.2, v2.4)
Nginx web server stub-status
mySQL databases (multiple servers, each showing: bandwidth, queries/s, handlers, locks, issues, tmp operations, connections, binlog metrics, threads, innodb metrics, etc)
ISC Bind name server (multiple servers, each showing: clients, requests, queries, updates, failures and several per view metrics)
Postfix email server message queue (entries, size)
Squid proxy server (clients bandwidth and requests, servers bandwidth and requests)
Hardware sensors (temperature, voltage, fans, power, humidity, etc)
NUT UPSes (load, charge, battery voltage, temperature, utility metrics, output metrics)
Tomcat (accesses, threads, free memory, volume)
PHP-FPM (multiple instances, each reporting connections, requests, performance)
SNMP devices can be monitored too (although you will need to configure these)

And you can extend it, by writing plugins that collect data from any source, using any computer language.

Installation
Use our automatic installer to build and install it on your system
It should run on any Linux system. It has been tested on:

Gentoo
Arch Linux
Ubuntu / Debian
CentOS
Fedora
RedHat Enterprise Linux
SUSE
Alpine Linux
PLD Linux

Documentation
Check the netdata wiki .

Download Netdata

Eh'Trace (pronounced ATrace) is a binary tracing tool for Windows.

Implemented in C but has some interesting properties that may make it suitable for tracing binaries when other methods are not sufficient, in particular EhTrace does not require changes to a binary to enable traces, despite being able to collect the same information as hooker type instrumentation, zero knowledge is needed to inspect complete code coverage and binary execution flow, register state and more.

We maintain high performance using an adaption of some known methods for high performance tracing, yet there is no requirement to use a debugger or enable debug/trace MSR capabilities.

Why is it high perf?

Branch stepping not single stepping . We get for free basic block's and do not have to worry about multipath evaluation or doing complex static analysis. State is automatically maintained temporally due to the nature of VEH. All of this is inproc also which saves context switching that impacts typical debug engines. Next update is to include get_tsc into the current struct to demonstate our event rate more clearly.

In 10 seconds; 428,833,152 (32 byte events) each event is a basic block head

I'll be presenting/releasing the first release @ CanSecWest this year, updates to follow.

CSW16 demo of notepad generated this trace, no symbols

BB graph/coverage CSW16 run of notepad.exe

Associated projects

EhTrace (exe is just for testing, build as DLL) <-- meat and potatoes injection DLL that will do your blockfighting ;)
Acleanout dump's the logs from shared memory that are created by EhTrace
Agasm is a Glue/Dissassembly tool that might be better to use from WPFx to generate graphs (just easier to do sym's and capstone in one lib)
Aload can load a DLL
Aprep is a test case EXE (basically EhTrace.dll setup to build as an EXE)
Amerger is probably just garbage not going to use
Dia2Sharp is an attempt to not use C++/CLI since I think most people don't know/like it, but maybe not since using C++/CLI seems faster
TestDump2 is a test of the Dia2Sharp
WPFx is just a lil test thing just using MSAGL Graphing (soon to get GraphMaps) until I bring in a more substantional GUI (probably based on Gemini/AvalonDock/Caliburn/MahApps/MaterialDesign (whew GUI's need a lot of 3rd party ;)

YOU NEED DBGHELP.DLL AND SYMSRV.DLL I'LL CHECK THEM IN LATER I THINK THEY ARE REDISTABLE?

More help/info on how todo whatever soon.

Download Ehtrace

Easy and fast file sharing from the command-line. This code contains the server with everything you need to create your own instance.

Transfer.sh support currently the s3 (Amazon S3) provider and local file system (local).

Usage

Upload:
$ curl --upload-file ./hello.txt https://transfer.sh/hello.txt

Encrypt & upload:
$ cat /tmp/hello.txt|gpg -ac -o-|curl -X PUT --upload-file "-" https://transfer.sh/test.txt

Download & decrypt:
$ curl https://transfer.sh/1lDau/test.txt|gpg -o- > /tmp/hello.txt

Upload to virustotal:
$ curl -X PUT --upload-file nhgbhhj https://transfer.sh/test.txt/virustotal

Add alias to .bashrc or .zshrc:
===
transfer() {
    # write to output to tmpfile because of progress bar
    tmpfile=$( mktemp -t transferXXX )
    curl --progress-bar --upload-file $1 https://transfer.sh/$(basename $1) >> $tmpfile;
    cat $tmpfile;
    rm -f $tmpfile;
}

alias transfer=transfer
===
$ transfer test.txt

Development

npm install
bower install

go get github.com/PuerkitoBio/ghost/handlers
go get github.com/gorilla/mux
go get github.com/dutchcoders/go-clamd
go get github.com/goamz/goamz/s3
go get github.com/goamz/goamz/aws
go get github.com/golang/gddo/httputil/header
go get github.com/kennygrant/sanitize
go get github.com/dutchcoders/go-virustotal
go get github.com/russross/blackfriday

grunt serve
grunt build

go run transfersh-server/*.go -provider=local --port 8080 --temp=/tmp/ --basedir=/tmp/

Build

go build -o transfersh-server *.go

Docker
For easy deployment we've enabled Docker deployment.

docker build -t transfersh .
docker run --publish 8080:8080 --rm transfersh --provider local --basedir /tmp/

Creators
Remco Verhoef

Uvis Grinfelds

Download Transfer.Sh

doork is a open-source passive vulnerability auditor tool that automates the process of searching on Google information about specific website based on dorks.

doork can update his own database from ghdb and use it for find flaws without even contact the target endpoint. You can provide your custom wordlist and save the output anywhere

installation
You can download doork by cloning the Git repository:

git clone https://github.com/AeonDave/doork doork

doork works with Python version 2.6.x and 2.7.x on any platform. You have also to install

pip install beautifulsoup4
pip install requests

Download Doork

Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers.

Vulnerability data is continuously imported from a known set of sources and correlated with the indexed contents of container images in order to produce lists of vulnerabilities that threaten a container. When vulnerability data changes upstream, the previous state and new state of the vulnerability along with the images they affect can be sent via webhook to a configured endpoint. All major components can be customized programmatically at compile-time without forking the project.

Our goal is to enable a more transparent view of the security of container-based infrastructure. Thus, the project was named Clair after the French term which translates to clear , bright , transparent .

Common Use Cases

Manual Auditing

You're building an application and want to depend on a third-party container image that you found by searching the internet. To make sure that you do not knowingly introduce a new vulnerability into your production service, you decide to scan the container for vulnerabilities. You docker pull the container to your development machine and start an instance of Clair. Once it finishes updating, you use the local image analysis tool to analyze the container. You realize this container is vulnerable to many critical CVEs, so you decide to use another one.

Container Registry Integration

Your company has a continuous-integration pipeline and you want to stop deployments if they introduce a dangerous vulnerability. A developer merges some code into the master branch of your codebase. The first step of your continuous-integration pipeline automates the testing and building of your container and pushes a new container to your container registry. Your container registry notifies Clair which causes the download and indexing of the images for the new container. Clair detects some vulnerabilities and sends a webhook to your continuous deployment tool to prevent this vulnerable build from seeing the light of day.

Hello Heartbleed

During the first run, Clair will bootstrap its database with vulnerability data from its data sources. It can take several minutes before the database has been fully populated.

NOTE: These setups are not meant for production workloads, but as a quick way to get started.

Kubernetes

An easy way to run Clair is with Kubernetes 1.2+. If you are using the CoreOS Kubernetes single-node instructions for Vagrant you will be able to access the Clair's API at http://172.17.4.99:30060/ after following these instructions.

git clone https://github.com/coreos/clair
cd clair/contrib/k8s
kubectl create secret generic clairsecret --from-file=./config.yaml
kubectl create -f clair-kubernetes.yaml

Docker Compose
Another easy way to get an instance of Clair running is to use Docker Compose to run everything locally. This runs a PostgreSQL database insecurely and locally in a container. This method should only be used for testing.

$ curl -L https://raw.githubusercontent.com/coreos/clair/master/docker-compose.yml -o $HOME/docker-compose.yml
$ mkdir $HOME/clair_config
$ curl -L https://raw.githubusercontent.com/coreos/clair/master/config.example.yaml -o $HOME/clair_config/config.yaml
$ $EDITOR $HOME/clair_config/config.yaml # Edit database source to be postgresql://postgres:password@postgres:5432?sslmode=disable
$ docker-compose -f $HOME/docker-compose.yml up -d

Docker Compose may start Clair before Postgres which will raise an error. If this error is raised, manually execute docker start clair_clair .

Docker
This method assumes you already have a PostgreSQL 9.4+ database running. This is the recommended method for production deployments.

$ mkdir $HOME/clair_config
$ curl -L https://raw.githubusercontent.com/coreos/clair/master/config.example.yaml -o $HOME/clair_config/config.yaml
$ $EDITOR $HOME/clair_config/config.yaml # Add the URI for your postgres database
$ docker run -d -p 6060-6061:6060-6061 -v $HOME/clair_config:/config quay.io/coreos/clair -config=/config/config.yaml

Source
To build Clair, you need to latest stable version of Go and a working Go environment . In addition, Clair requires that bzr , rpm , and xz be available on the system $PATH .

$ go get github.com/coreos/clair
$ go install github.com/coreos/clair/cmd/clair
$ $EDITOR config.yaml # Add the URI for your postgres database
$ ./$GOBIN/clair -config=config.yaml

Documentation
Documentation can be found in a README.md file located in the directory of the component.

Architecture at a Glance

Terminology

Image - a tarball of the contents of a container
Layer - an appc or Docker image that may or maybe not be dependent on another image
Detector - a Go package that identifies the content, namespaces and features from a layer
Namespace - a context around features and vulnerabilities (e.g. an operating system)
Feature - anything that when present could be an indication of a vulnerability (e.g. the presence of a file or an installed software package)
Fetcher - a Go package that tracks an upstream vulnerability database and imports them into Clair

Vulnerability Analysis
There are two major ways to perform analysis of programs: Static Analysis and Dynamic Analysis . Clair has been designed to perform static analysis ; containers never need to be executed. Rather, the filesystem of the container image is inspected and features are indexed into a database. By indexing the features of an image into the database, images only need to be rescanned when new detectors are added.

Default Data Sources

Data Source	Versions	Format
Debian Security Bug Tracker	6, 7, 8, unstable	dpkg
Ubuntu CVE Tracker	12.04, 12.10, 13.04, 14.04, 14.10, 15.04, 15.10, 16.04	dpkg
Red Hat Security Data	5, 6, 7	rpm

Customization
The major components of Clair are all programmatically extensible in the same way Go's standard database/sql package is extensible.
Custom behavior can be accomplished by creating a package that contains a type that implements an interface declared in Clair and registering that interface in init() . To expose the new behavior, unqualified imports to the package must be added in your main.go , which should then start Clair using Boot(*config.Config) .
The following interfaces can have custom implementations registered via init() at compile time:

Datastore - the backing storage
Notifier - the means by which endpoints are notified of vulnerability changes
Fetcher - the sources of vulnerability data that is automatically imported
MetadataFetcher - the sources of vulnerability metadata that is automatically added to known vulnerabilities
DataDetector - the means by which contents of an image are detected
FeatureDetector - the means by which features are identified from a layer
NamespaceDetector - the means by which a namespace is identified from a layer

Related Links

Talk and Slides @ ContainerDays NYC 2015
Quay : the first container registry to integrate with Clair
Dockyard : an open source container registry with Clair integration

Download Clair

Shellsploit let's you generate customized shellcodes, backdoors, injectors for various operating system. And let's you obfuscation every byte via encoders.

Install/Uninstall

If you want to use Shellsploit, you have to install Capstone first.
For the Capstone's installation:

root$ sudo pip install capstone

Also pyreadline for tab completion:

root$ sudo pip install readline (Not necessary for windows coz preinstalled in shellsploit.)

Pip works on both windows/nix machines without problem. Now you are ready to install:

root$ python setup.py --s/ --setup install 
root$ chmod +x shellsploit (if you are using windows just pass this step)
root$ ./shellsploit

Don't want it anymore? Uninstall it:

root$ python setup.py --s/--setup uninstall

Usage

usage: shellsploit  [-l] [-p] [-o] [-n]
                        [--host] [--port]


optional arguments:
       -l, --list           Show  list of backdoors,shellcodes,encoders,injectors
       -p, --payload        Set payload for usage
       -n, -nc              Declare netcat for usage
       --host               The connect/listen address
       --port               The connect/listen port 

Inline arguments:

    Main Menu:
        help                Help menu
        os                  Command directly ur computer
        use                 Select Module For Use
        clear               Clear the menu
        show modules        Show Modules of Current Database
        show backdoors      Show Backdoors of Current Database
        show injectors      Show Injectors(Shellcode,dll,so etc..)

    Shellcode Menu:
        back                Exit Current Module
        set                 Set Value Of Options To Modules
        ip                  Get IP address(Requires net connection)
        os                  Command directly ur computer
        clear               Clear the menu
        disas               Disassembly the shellcode(Support : x86/x64)
        whatisthis          Learn which kind of shellcode it is
        iteration           Encoder iteration time
        generate            Generate shellcode 
        output              Save option to shellcode(txt,py,c,cpp,exe)
        show encoders       List all obfucscation encoders
        show options        Show Current Options Of Selected Module

    Injector Menu:
        set                 Set Value Of Options To Modules
        help                Help menu
        back                Exit Current Module
        os                  Command directly ur computer
        pids                Get PID list of computer
        getpid              Get specific PID on list(Ex. getpid Python)

Bugs

Please do not forget to report bugs! You can submit an issue, pull request, or even directly PM me through my email address.

Screenshots

Download Shellsploit

One of the most time consuming tasks as a red teamer is diving into filesystems and shares, attempting to identify any potentially sensitive information. SMBCrunch allows a red teamer to quickly identify Windows File Shares in a network, performs a recursive directory listing of the provided shares, and can even grab a file from the remote share if it looks like a juicy target.
There are three (3) different tools that work together. Read all three sections below to get an idea of how they work together.

SMBHunt
Given a file (or gnmap file), SMBHunt finds all the Windows File Shares associated with the servers provided (if gnmap file is provided, it looks at servers with port 445 open). If no credentials are supplied to perform the check, it will check for null session shares.
Warning: If your user has access to one share on the server, the script will show all shares hosted by that server. If a share is listed in this output, it does not mean you have access to that share. Use the next tool for that.
This script does warn you if the credentials you supply fail to avoid locking out domain accounts. "-f" switch overrides this protection.
This script only checks a server using one credential. This is by design since the server will respond with a full list of shares if the user has access to only one share on the system

Requirements:

Linux
Perl
smbclient (should be default in Kali)

Basic Usage:

./SMBHunt.pl [-a <account>] -i <file> [-o <output_file>]

Example Usage:

./SMBHunt.pl -a 'testdomain\john:hunter2' -i portscan443.gnmap -o shares_found.txt

Help to show all available options:

./SMBHunt.pl -h

Arguments:

-a, --account <string>

User credentials to test. Usernames are accepted in the form of 'Domain\Username:Password' ('Domain\' is optional) If no account is given, script checks for null session shares

-i, --inputFile <file>

A file of systems separated by a new line, or a gnmap file of a portscan containing port 445. Each server with port 445 open will be checked for SMB shares

-o, --output <file>

Print results to a file

-f, --force

Forces the script to continue even if the domain credential may be incorrect.

--noipc

Do not show IPC shares (IPC$)

--nohidden

Do not show hidden shares (C$, IPC$, ADMIN$, etc)

SMBList
SMBList will take the output file from "SMBHunt.pl" (or a file of shares separated by a newline in the format of "\server\share") and will perform a recursive directory listing of those shares using the credentials provided. SMBList will attempt to authenticate to the share until a valid credential is found from the list provided. It will then store the directory listings in a subfolder specified.
This makes the file listing extremely easy to grep through!
** The best result file to use is: /ALL_COMBINED_RESULTS.txt **

Requirements:

Linux
Perl
smbclient (should be default in Kali)

Basic Usage:

./SMBList.pl -c <credential/file> -s <share/file> -o <nonexistent directory>

Example Usage:

./SMBList.pl -c credentials_found.txt -s shares_found.txt -o share_listing -m 150

Help to show all available options:

./SMBList.pl -h

Arguments:

-c, --credentials <credential/file>

A single credential or file of credentails to test. Credentials are accepted in the form of 'Domain\Username:Password' separated by a new line (if providing a file)

-s, --shares <share/file>

A single share or file of shares to test against. Each credential will be tested for authorization until a valid one is found. Shares should be in the form "\server\share", separated by a new line (if providing a file)

-o, --output <nonexistent directory>

A new directory will be created named this. For protection of output, the script cannot be run with this directory existing. It must be a directory that does not exist!

-m, --maxexec <seconds>

The maximum amonut of time spent dumping any one share, in seconds. Default is 300 seconds (5 minutes)

-f, --force

Never remove a share from the list if it errors and never remove a credential if it gets a logon failed message. If you are using this flag, make sure you know what you are doing! You might lock out accounts if you aren't careful!

-n, --nocreds

Don't include credentials in the output. WARNING: If you use this switch, you cannot use the output with the next tool, "SMBGrab.pl".

SMBGrab
File listings from SMBList.pl can be pipped into this utility to grab the files wanted from the shares. The original listing from SMBList.pl should be "grepped" before passing to this script, otherwise all files will be downloaded (which is the equivalent of copying the entire share and is bad)
This script requires SMBList.pl be pipped in to it. Look at "Example Usage" below

Requirements:

Linux
Perl
smbclient (should be default in Kali)

Basic Usage:

./SMBGrab.pl [-s <directory>]

Example Usage:

grep -i 'password.txt' share_listing/ALL_COMBINED_RESULTS.TXT | ./SMBGrab.pl -s savedfiles

Help to show all available options:

./SMBGrab.pl -h

Arguments:
If no arguments are supplied, the file is retrieved from the share and displayed to the user. It is not saved.

-s, --savedir <directory>

A directory to save all the grabbed files to. If this directory does not exist, it will be created. Using this argument saves the files but prevents the files from being printed to the screen

-a, --all

Read all files pipped in. Without this switch, the script protects against accidentally downloading massive amounts of files by limiting the input to 100 files.

-n, --noedit

This will preserve the files to their original form. If this switch is not used, a note will be made at the bottom of each file containing information about the file metadata (read/write times, file location in the Share, etc)

-h, --help

Display a help menu

Download SMBCrunch

This script communicates with the Nessus API in an attempt to help with automating scans. Depending on the flag issued with the script, you can list all scans, list all policies, start, stop, pause, and resume a scan. It may be helpful to create a cron job/scheduled task for automating the start or pause of scans if the client has a desired testing window.

Please feel free to use and modify this code; it works for our purposes but may not work perfectly for yours. Any suggestions or improvements are highly encouraged.

Dependencies

Requires python version 2.x and "requests" module to be installed. Installation can be found here: http://docs.python-requests.org/en/latest/user/install/

Start & Help


python autoNessus.py   

python autoNessus.py -h

Both will run the help menu and display a list of options.

Credentials
This script authenticates to the Nessus server when supplying any other flag than -h. Correct URL and credentials must be placed on lines 52-56 of the script.

Examples
List all scans and scan IDs (scan IDs to be used with other flags)

python autoNessus.py -l

Start scan 42

python autoNessus.py -sS 42

Pause scan 42

python autoNessus --pause 42

Notes
If you would like to start an already completed scan (one with a "completed" status) you must add 'completed' to the list on line 272. This was done to ensure that scans would not re-run once completed.

Download AutoNessus

Why OWASP VBScan ?

Usage :

Resources

Installation Guides

How To

Guides

How To Videos

Presentations

System Requirements

Start Using HostedNetworkStarter

The 'Hosted Network Options' window

Installation

Requirements

Install on Ubuntu/Debian

Usage

Open litesploit

Load exploits/tools