! Development moved to a public github repository: https://github.com/vanhauser-thc/thc-hydra

 * Added RTSP module, thanks to jjavi89 for supplying!
 * Added patch for ssh that fixes hyra stopping to connect, thanks to ShantonRU for the patch
 * Added new -O option to hydra to support SSL servers that do not suport TLS
 * Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames
 * Added patch to redis for initial service checking by Petar Kaleychev - thanks a lot!
 * Added support in hydra-http for http-post (content length 0)
 * Fixed important bug in http-*://server/url command line processing
 * Added SSL SNI support
 * Fixed bug in HTTP Form redirection following - thanks for everyone who reported and especially to Hayden Young for setting up a test page for debugging
 * Better library finding in ./configure for SVN + support for Darwin Homebrew (and further enhanced)
 * Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting!
 * Fixed for SSL connection to support TLSv1.2 etc.
 * Support for different RSA keylengths, thanks to fann95 for the patch
 * Fixed a bug where the cisco-enable module was not working with the password-only logon mode
 * Fixed an out of memory bug in http-form
 * Fixed imap PLAIN method
 * Fixed -x option to bail if it would generate too many passwords (more than 4 billion)
 * Added warning if HYDRA_PROXY_CONNECT environment is detected, that is an outdated setting
 * Added --fhs switch to configure (for Linux distribution usage)

$sudo git clone https://github.com/m4n3dw0lf/PytheM/ 
$cd PytheM 
$sudo pip install -r requirements.txt 
$sudo ./pythem

• [Brute-Force]
• [Man-In-The-Middle]:
• [Remote]:
• [Sniffing]:
• [Scanning]:
• [Web]:
• [Wireless]:

ant4g0nist$ cp lisa.py ~/lisa.py

ant4g0nist$ cp lldbinit ~/.lldbinit

ant4g0nist$ lldb

    lllllll   iiii
    l:::::l  i::::i
    l:::::l   iiii
    l:::::l
    l::::l iiiiiii     ssssssssss     aaaaaaaaaaaaa
    l::::l i:::::i   ss::::::::::s    a::::::::::::a
    l::::l  i::::i ss:::::::::::::s   aaaaaaaaa:::::a
    l::::l  i::::i s::::::ssss:::::s           a::::a
    l::::l  i::::i  s:::::s  ssssss     aaaaaaa:::::a
    l::::l  i::::i    s::::::s        aa::::::::::::a
    l::::l  i::::i       s::::::s    a::::aaaa::::::a
    l::::l  i::::i ssssss   s:::::s a::::a    a:::::a
    l::::::li::::::is:::::ssss::::::sa::::a    a:::::a
    l::::::li::::::is::::::::::::::s a:::::aaaa::::::a
    l::::::li::::::i s:::::::::::ss   a::::::::::aa:::a
    lllllllliiiiiiii  sssssssssss      aaaaaaaaaa  aaaa

    -An Exploit Dev Swiss Army Knife. Version: v-ni

(lisa)target create tests/binaries/abort
(lisa)process launch -s
Process 1660 stopped
* thread #1: tid = 0x10801, 0x00007fff5fc01000 dyld`_dyld_start, stop reason = signal SIGSTOP
    frame #0: 0x00007fff5fc01000 dyld`_dyld_start
dyld`_dyld_start:
->  0x7fff5fc01000 <+0>: pop    rdi
    0x7fff5fc01001 <+1>: push   0x0
    0x7fff5fc01003 <+3>: mov    rbp, rsp
    0x7fff5fc01006 <+6>: and    rsp, -0x10
Process 1660 launched: '/Users/v0id/Documents/Research/lisa.py/tests/binaries/abort' (x86_64)

**exploitable** : checks if the crash is exploitable
<!-- run this when the process stops cause of an exception -->

    (lisa)exploitable

**shellcode**: Searches shell-storm for shellcode

    (lisa)shellcode 
    Syntax:   shellcode <option> <arg>

    Options:  -search <keyword>
              -display <shellcode id>
              -save <shellcode id>
    (lisa)shellcode -search osx
    Connecting to shell-storm.org...
    Found 17 shellcodes
    ScId    Size Title
    [312]   300  Osx/ppc - Bind Shell PORT TCP/8000 - encoder OSXPPCLongXOR - 300 bytes
    [127]   222  Osx/ppc - add inetd backdoor - 222 bytes
    [128]   219  Osx/ppc - Add user r00t - 219 bytes
    [761]   131  Osx/x86-64 - reverse tcp shellcode - 131 bytes
    [126]   122  Osx/ppc - create /tmp/suid - 122 bytes
    [129]   72   Osx/ppc - execve(/bin/sh,[/bin/sh],NULL)& exit() - 72 bytes
    [736]   51   Osx/x86-64 - setuid shell x86_64 - 51 bytes
    [130]   32   Osx/ppc - sync(), reboot() - 32 bytes
    [692]   24   Osx/x86 - execve(/bin/sh) - 24 byte
    [121]   n/a  Osx/ppc - remote findsock by recv() key shellcode
    [122]   n/a  Osx/ppc - Single Reverse TCP
    [123]   n/a  Osx/ppc - stager sock find peek
    [124]   n/a  Osx/ppc - stager sock find
    [125]   n/a  Osx/ppc - stager sock reverse
    [120]   n/a  Osx/ppc - shellcode execve(/bin/sh)
    [777]   n/a  Osx/x86-64 - universal ROP shellcode
    [786]   n/a  Osx/x86-64 - universal OSX dyld ROP shellcode  

**extract**: Extract a given architecture from a Universal binary

    (lisa)extract
    Syntax: extract x86_64 /usr/lib/system/libsystem_kernel.dylib ./libsystem_kernel.dylib
    (lisa)extract x86_64 /usr/lib/system/libsystem_kernel.dylib ./libsystem_kernel.dylib
    (lisa)

**pattern_create**: Creates a cyclic pattern of given length

    (lisa)pattern_create 100
    Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2A

**pattern_offset**: Finds the offset of a given pattern in cyclic pattern of n length

    (lisa)pattern_offset 100 Ad2A
    Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2A
    offsets: [96]
    (lisa)

**ct**: Prints the context of execution

    (lisa)ct
    [*] Disassembly :

    libsystem_kernel.dylib`__pthread_kill:
    ->  0x7fff8f6a4f06 <+10>: jae    0x7fff8f6a4f10            ; <+20>
        0x7fff8f6a4f08 <+12>: mov    rdi, rax

    [*] Stack :

    0x7fff5fbff788: 0x8d36b4ec 0x00007fff 0x00000000 0x00000000
    0x7fff5fbff798: 0x5fbff7d0 0x00000307 0x5fbff7d0 0x00007fff
    0x7fff5fbff7a8: 0x00000000 0x00000000

    [*] Registers   :
           rax = 0x0000000000000000
           rbx = 0x0000000000000006
           rcx = 0x00007fff5fbff788
           rdx = 0x0000000000000000
           rdi = 0x0000000000000307
           rsi = 0x0000000000000006
           rbp = 0x00007fff5fbff7b0
           rsp = 0x00007fff5fbff788
            r8 = 0x0000000000000000
            r9 = 0x00007fff782e90c8  atexit_mutex + 24
           r10 = 0x0000000008000000
           r11 = 0x0000000000000206
           r12 = 0x0000000000000000
           r13 = 0x0000000000000000
           r14 = 0x00007fff76fb8000  libsystem_pthread.dylib`_thread
           r15 = 0x0000000000000000
           rip = 0x00007fff8f6a4f06  libsystem_kernel.dylib`__pthread_kill + 10
        rflags = 0x0000000000000206
            cs = 0x0000000000000007
            fs = 0x0000000000000000
            gs = 0x0000000000000000


    [*] Jumping to  :0x7fff8f6a4f10
    (lisa)

**s**: thread step-in

    (lisa)s
    [*] Disassembly :

    dyld`_dyld_start:
    ->  0x7fff5fc0102d <+45>: lea    r9, [rbp - 0x8]
        0x7fff5fc01031 <+49>: call   0x7fff5fc01076            ; dyldbootstrap::start(macho_header const*, int, char const**, long, macho_header const*, unsigned long*)

    [*] Stack :

    0x7fff5fbff800: 0x00000000 0x00000000 0x00000000 0x00000000
    0x7fff5fbff810: 0x00000000 0x00000000 0x00000001 0x00000000
    0x7fff5fbff820: 0x5fbff9f8 0x00007fff

    [*] Registers   :
           rax = 0x0000000000000000
           rbx = 0x0000000000000000
           rcx = 0x0000000000000000
           rdx = 0x00007fff5fbff820
           rdi = 0x0000000100000000
           rsi = 0x0000000000000001
           rbp = 0x00007fff5fbff810
           rsp = 0x00007fff5fbff800
            r8 = 0x00007fff5fc00000  
            r9 = 0x0000000000000000
           r10 = 0x0000000000000000
           r11 = 0x0000000000000000
           r12 = 0x0000000000000000
           r13 = 0x0000000000000000
           r14 = 0x0000000000000000
           r15 = 0x0000000000000000
           rip = 0x00007fff5fc0102d  dyld`_dyld_start + 45
        rflags = 0x0000000000000246
            cs = 0x000000000000002b
            fs = 0x0000000000000000
            gs = 0x0000000000000000

**si**: thread step-into

    (lisa)si
    [*] Disassembly :

    dyld`_dyld_start:
    ->  0x7fff5fc01031 <+49>: call   0x7fff5fc01076            ; dyldbootstrap::start(macho_header const*, int, char const**, long, macho_header const*, unsigned long*)
        0x7fff5fc01036 <+54>: mov    rdi, qword ptr [rbp - 0x8]

    [*] Stack :

    0x7fff5fbff800: 0x00000000 0x00000000 0x00000000 0x00000000
    0x7fff5fbff810: 0x00000000 0x00000000 0x00000001 0x00000000
    0x7fff5fbff820: 0x5fbff9f8 0x00007fff

    [*] Registers   :
           rax = 0x0000000000000000
           rbx = 0x0000000000000000
           rcx = 0x0000000000000000
           rdx = 0x00007fff5fbff820
           rdi = 0x0000000100000000
           rsi = 0x0000000000000001
           rbp = 0x00007fff5fbff810
           rsp = 0x00007fff5fbff800
            r8 = 0x00007fff5fc00000  
            r9 = 0x00007fff5fbff808
           r10 = 0x0000000000000000
           r11 = 0x0000000000000000
           r12 = 0x0000000000000000
           r13 = 0x0000000000000000
           r14 = 0x0000000000000000
           r15 = 0x0000000000000000
           rip = 0x00007fff5fc01031  dyld`_dyld_start + 49
        rflags = 0x0000000000000246
            cs = 0x000000000000002b
            fs = 0x0000000000000000
            gs = 0x0000000000000000

**so**: thread step-over

    (lisa)so
    [*] Disassembly :

    dyld`_dyld_start:
    ->  0x7fff5fc01036 <+54>: mov    rdi, qword ptr [rbp - 0x8]
        0x7fff5fc0103a <+58>: cmp    rdi, 0x0

    [*] Stack :

    0x7fff5fbff800: 0x00000000 0x00000000 0x8e8765ad 0x00007fff
    0x7fff5fbff810: 0x00000000 0x00000000 0x00000001 0x00000000
    0x7fff5fbff820: 0x5fbff9f8 0x00007fff

    [*] Registers   :
           rax = 0x0000000100000f80  abort`main
           rbx = 0x0000000000000000
           rcx = 0x00007fff8e8765ad  libdyld.dylib`start + 1
           rdx = 0x00007fff5fbff808
           rdi = 0x00007fff5fc406a8  dyld`initialPoolContent + 2264
           rsi = 0x0000000000000001
           rbp = 0x00007fff5fbff810
           rsp = 0x00007fff5fbff800
            r8 = 0x00000000fffffffc
            r9 = 0x00007fff782e90c8  atexit_mutex + 24
           r10 = 0x00000000ffffffff
           r11 = 0xffffffff00000000
           r12 = 0x0000000000000000
           r13 = 0x0000000000000000
           r14 = 0x0000000000000000
           r15 = 0x0000000000000000
           rip = 0x00007fff5fc01036  dyld`_dyld_start + 54
        rflags = 0x0000000000000202
            cs = 0x000000000000002b
            fs = 0x0000000000000000
            gs = 0x0000000000000000


**sf**: thread step-in 'n' number of times

    (lisa)sf 4
    [*] Disassembly :

    dyld`_dyld_start:
    ->  0x7fff5fc0100a <+10>: sub    rsp, 0x10
        0x7fff5fc0100e <+14>: mov    esi, dword ptr [rbp + 0x8]

    [*] Stack :

    0x7fff5fbff810: 0x00000000 0x00000000 0x00000001 0x00000000
    0x7fff5fbff820: 0x5fbff9f8 0x00007fff 0x00000000 0x00000000
    0x7fff5fbff830: 0x5fbffa34 0x00007fff

    [*] Registers   :
           rax = 0x0000000000000000
           rbx = 0x0000000000000000
           rcx = 0x0000000000000000
           rdx = 0x0000000000000000
           rdi = 0x0000000100000000
           rsi = 0x0000000000000000
           rbp = 0x00007fff5fbff810
           rsp = 0x00007fff5fbff810
            r8 = 0x0000000000000000
            r9 = 0x0000000000000000
           r10 = 0x0000000000000000
           r11 = 0x0000000000000000
           r12 = 0x0000000000000000
           r13 = 0x0000000000000000
           r14 = 0x0000000000000000
           r15 = 0x0000000000000000
           rip = 0x00007fff5fc0100a  dyld`_dyld_start + 10
        rflags = 0x0000000000000202
            cs = 0x000000000000002b
            fs = 0x0000000000000000
            gs = 0x0000000000000000


**dump**: Dump's Memory of the process in a given address range

    (lisa)dump
    Syntax: dump outfile 0x6080000fe680 0x6080000fe680+1000
    (lisa)dump memorydump.bin 0x00007fff8e8765ad 0x00007fff8e8765ad+100
    100 bytes written to 'memorydump.bin'
    (lisa)

***rop***:
      rop(ROPgadget) lets you search your gadgets on a binary. It supports several 
      file formats and architectures and uses the Capstone disassembler for
      the search engine.

    (lisa)rop
        description:
          ROPgadget lets you search your gadgets on a binary. It supports several 
          file formats and architectures and uses the Capstone disassembler for
          the search engine.

        formats supported: 
          - ELF
          - PE
          - Mach-O
          - Raw

        architectures supported:
          - x86
          - x86-64
          - ARM
          - ARM64
          - MIPS
          - PowerPC
          - Sparc
          epilog=examples:
          rop --binary ./test-suite-binaries/elf-Linux-x86 
          rop --binary ./test-suite-binaries/elf-Linux-x86 --ropchain
          rop --binary ./test-suite-binaries/elf-Linux-x86 --depth 3
          rop --binary ./test-suite-binaries/elf-Linux-x86 --string "main"
          rop --binary ./test-suite-binaries/elf-Linux-x86 --string "m..n"
          rop --binary ./test-suite-binaries/elf-Linux-x86 --opcode c9c3
          rop --binary ./test-suite-binaries/elf-Linux-x86 --only "mov|ret"
          rop --binary ./test-suite-binaries/elf-Linux-x86 --only "mov|pop|xor|ret"
          rop --binary ./test-suite-binaries/elf-Linux-x86 --filter "xchg|add|sub"
          rop --binary ./test-suite-binaries/elf-Linux-x86 --norop --nosys
          rop --binary ./test-suite-binaries/elf-Linux-x86 --range 0x08041000-0x08042000
          rop --binary ./test-suite-binaries/elf-Linux-x86 --string main --range 0x080c9aaa-0x080c9aba
          rop --binary ./test-suite-binaries/elf-Linux-x86 --memstr "/bin/sh"
          rop --binary ./test-suite-binaries/elf-Linux-x86 --console
          rop --binary ./test-suite-binaries/elf-Linux-x86 --badbytes "00|7f|42"
          rop --binary ./test-suite-binaries/Linux_lib64.so --offset 0xdeadbeef00000000
          rop --binary ./test-suite-binaries/elf-ARMv7-ls --depth 5
          rop --binary ./test-suite-binaries/elf-ARM64-bash --depth 5
          rop --binary ./test-suite-binaries/raw-x86.raw --rawArch=x86 --rawMode=32     

ant4g0nist$ cp lisa.py ~/lisa.py

ant4g0nist$ cp lldbinit ~/.lldbinit

ant4g0nist$ python test.py

- Mona.py : https://github.com/corelan/mona

- Crashwrangler : https://developer.apple.com/library/mac/technotes/tn2334/_index.html

- Metasploit : https://github.com/rapid7/metasploit-framework

- PEDA :    https://github.com/longld/peda

- Phillips : https://www.phillips321.co.uk/2013/04/02/recreating-pattern_create-rb-in-python/

- Jonathan Salwan : http://shell-storm.org/shellcode/

• Barcodes (code128)
• QRCodes
• DataMatrix
• EAN13

• Python3
• PyStrich
  • pip3 install pystrich
  • Incase of jpeg error: sudo apt-get install libtiff5-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.6-dev tk8.6-dev python-tk
• Pillow
  • pip3 install pillow

./spoofcheck.py [DOMAIN]

• dnspython
• colorama

Hosts detail window

Import report button and dialog

Loading dialog

Pro & Corp changes:

• Fixed the title color for all vulns in the Executive Report -  all vuln titles were painted as critical due to a problem with the template, but not anymore!

Community, Pro & Corp changes:

• Added Import Report dialog to Faraday GTK
• Added a 'Loading workspace...' dialog to Faraday GTK
• Added host sidebar to Faraday GTK
• Added host information dialog to Faraday GTK with the full data about a host, its interfaces, services and vulnerabilities
• Added support for run Faraday from other directories - supported in all interfaces
• Fixed log reappearing after being disabled if user created a new tab
• Fixed bug regarding exception handling in Faraday GTK
• Now Faraday GTK supports Ctrl+Shift+C / Ctrl+Shift+V to Copy/Paste
• Faraday will now not crash if you suddenly lose connection to your CouchDB

3.1 -- 2016-06-20

Bug #1589: Cannot run nfq in workers mode
Bug #1804: yaml: legacy detect-engine parsing custom values broken

3.1RC1 -- 2016-06-07

Feature #681: Implement TPACKET_V3 support in AF_PACKET
Feature #1134: tls: server name rule keyword
Feature #1343: OOBE -1- increasing the default stream.memcap and stream.reassembly.memcap values
Feature #1344: OOBE -2- decreasing the default flow-timeouts (at least for TCP)
Feature #1563: dns: log sshfp records
Feature #1760: Unit tests: Don't register return value, use 1 for success, 0 for failure.
Feature #1761: Unit tests: Provide macros for clean test failures.
Feature #1762: default to AF_PACKET for -i if available
Feature #1785: hyperscan spm integration
Feature #1789: hyperscan mpm: enable by default
Feature #1797: netmap: implement 'threads: auto'
Feature #1798: netmap: warn about NIC offloading on FreeBSD
Feature #1800: update bundled libhtp to 0.5.20
Feature #1801: reduce info level verbosity
Feature #1802: yaml: improve default layout
Feature #1803: reimplement rule grouping
Bug #1078: 'Not" operator (!) in Variable causes extremely slow loading of Suricata
Bug #1202: detect-engine profile medium consumes more memory than detect-engine profile high
Bug #1289: MPM b2gm matcher has questionable code
Bug #1487: Configuration parser depends on key ordering
Bug #1524: Potential Thread Name issues due to RHEL7 Interface Naming Contentions
Bug #1584: Rule keywords conflict will cause Suricata restart itself in loop
Bug #1606: [ERRCODE: SC_ERR_SYSCALL(50)] - Failure when trying to get MTU via ioctl: 6
Bug #1665: Default maximum packet size is insufficient when VLAN tags are present (and not stripped)
Bug #1714: Kernel panic on application exit with netmap Suricata 3.0 stable
Bug #1746: deadlock with autofp and --disable-detection
Bug #1764: app-layer-modbus: AddressSanitizer error (segmentation fault)
Bug #1768: packet processing threads doubled
Bug #1771: tls store memory leak
Bug #1773: smtp: not all attachments inspected in all cases
Bug #1786: spm crash on rule reload
Bug #1792: dns-json-log produces no output
Bug #1795: Remove unused CPU affinity settings from suricata.yaml
Optimization #563: pmq optimization -- remove patter_id_array
Optimization #1037: Optimize TCP Option storage
Optimization #1418: lockless flow handling during capture (autofp)
Optimization #1784: reduce storage size of IPv4 options and IPv6 ext hdrs

Whonix is a desktop operating system designed for advanced security and privacy. It realistically addresses attacks while maintaining usability. It makes online anonymity possible via fail-safe, automatic, and desktop-wide use of the Tor network. A heavily reconfigured Debian base is run inside multiple virtual machines, providing a substantial layer of protection from malware and IP leaks. Pre-installed applications, pre-configured with safe defaults are ready for use. Additionally, installing custom applications or personalizing the desktop will in no way jeopardize the user. Whonix is the only actively developed OS designed to be run inside a VM and paired with Tor.

Whonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible. With Whonix, you can use applications and run servers anonymously over the internet. DNS leaks are impossible, and not even malware with root privileges can find out the user's real IP.

 Whonix benefits anyone who does sensitive work on their desktop or online. This includes:

• Investigators and whistleblowers whose work threatens the powerful.
  • Within an isolated environment, research and evidence can be gathered without accidental exposure.

• Researchers, government officials, or businesspeople who may be targets of espionage.
  • Anti-malware and anti-exploit modifications lower the threat of trojans and backdoors.

• Journalists who endanger themselves and their families by reporting on organized crime.
  • Compartmentalized, anonymous internet use prevents identity correlation between social media (and other) logins.

• Political activists under targeted surveillance and attack.
  • The usefulness of threatening the ISP in order to analyze a target's internet use will be severely limited. The cost of targeting a Whonix user is greatly increased.

• Average computer users in a repressive or censored environment.
  • Easy Tor setup (and options for advanced setups) gives users in repressive countries full internet access desktop-wide, not just in their browser.

• Average computer users who simply don’t want all or some aspect of their private lives uploaded, saved, and analyzed.
  • Whonix does not silently upload identifying information in the background.

sudo qubes-dom0-update --enablerepo=qubes-tempates-community qubes-template-whonix-gw qubes-template-whonix-ws

    $ pip install katastrophe   

• Clone the repo git clone https://github.com/alyakhtar/katastrophe
• Run python setup.py install

• BeautifulSoup4
• tabulate
• docopt
• requests
• lxml

• for Linux/Mac OS X
  • Deluge / Transmission / QBitTorrent / Vuze
• for Windows
  • BitTorrent / μTorrent / Deluge

  katastrophe.py 
  katastrophe [-m | -t | -a | -s | -l | -g | -p | -b | -x | -M | -T | -A | -S | -B | -G | -P | -X]
  katastrophe -h | --help
  katastrophe --version

  Multi Download:
    i,j     From Serial No. i to Serial No. j
    ,i      From Serial No. 1 to Serial No. i 
    i,      From Serial No. i to serial no 25
    i,j,... Multiple Serial Numbers

    $ katastrophe -m   

    $ katastrophe -t   

    $ katastrophe -g   

    $ katastrophe -s   

    $ katastrophe -a

    $ katastrophe -b   

    $ katastrophe -l   

1. badTraffic: Non RFC compliant packets are sent to the server to test how packets are processed.
2. bruteForce: tests the ability of the server to track brute force attacks (e.g. FTP). Makes use of custom rules on Snort and Suricata.
3. clientSideAttacks: this module uses a reverse shell to provide the server with instructions to download remote malicious files. This module tests the ability of the IDS/IPS to protect against client-side attacks.
4. denialOfService: tests the ability of the IDS/IPS to protect against DoS attempts
5. evasionTechniques: various evasion techniques are used to check if the IDS/IPS can detect them.
6. fragmentedPackets: various fragmented payloads are sent to server to test its ability to recompose them and detect the attacks.
7. ipReputation: tests the ability of the server to detect traffic from/to low reputation servers.
8. normalUsage: Payloads that correspond to a normal usage.
9. pcapReplay: enables to replay pcap files
10. shellCodes: send various shellcodes to the server on port 21/tcp to test the ability of the server to detect/reject shellcodes.
11. testRules: basic rules testing. These attacks are supposed to be detected by the rules sets shipped with the IDS/IPS.

1. socket: open a socket on a given port and send the payloads to the remote target on that port.
2. command: send command to the remote target with the subprocess.call() python function.
3. scapy: send special crafted payloads based on the Scapy syntax
4. client side attacks: use a reverse shell on the remote target and send commands to it to make them processed by the server (typically wget commands).
5. pcap replay: enables to replay traffic based on pcap files

Architecture

Remote mode

Local mode

IDS mode with attacked server in DMZ

IPS mode

IPS mode with attacked server in DMZ

Usage

$ ./pytbull-server.py -p 34567

$ mkdir pdf/
$ cd pdf/
$ ../pytbull-server.py -p 34567

$ sudo ./pytbull -t 192.168.100.48

                 _
     _ __  _   _| |___  __ _ _ __
    | '_ \| | | | / __|/ _` | '__|
    | |_) | |_| | \__ \ (_| | |
    | .__/ \__,_|_|___/\__,_|_|  v0.1-dev
    |_|

usage: pulsar.py [-h] [-c CONF] [-l] [-p PCAP] [-b BINARIES] [-a] [-x]
                 [-o OUT] [-d DIMENSION] [-s] [-z] [-m MODEL]

Protocol Learning and Stateful Fuzzing

optional arguments:
  -h, --help            show this help message and exit
  -c CONF, --conf CONF  Change default directory for configuration files. If
                        no directory is given, the files from 'pulsar/conf'
                        will be read.

MODEL LEARNING:
  -l, --learner         Learn a model from a set of network traces.
  -p PCAP, --pcap PCAP  tcpdump output file (pcap) or list of files separated
                        by commas to use as input data for a new model.
  -b BINARIES, --binaries BINARIES
                        Name of binaries to process from the cuckoo storage
                        dir separated with commas.
  -a, --all-binaries    Generate models for all binaries from the cuckoo
                        storage dir (cuckoo/storage/binaries).
  -x, --process         Process derrick files through the functions defined in
                        utils/preprocessing/derrick.py.
  -o OUT, --out OUT     Change output directory for generated models. If no
                        directory is given, the model will be written to the
                        'models' directory.
  -d DIMENSION, --dimension DIMENSION
                        Number of components to be used for NMF clustering.

SIMULATION & FUZZING:
  -s, --simulate        Simulate communication based on a given model.
  -z, --fuzzer          Start a fuzzing session based on a given model.
  -m MODEL, --model MODEL
                        Path of the dir containing the model files to be
                        loaded for simulation or fuzzing.

sudo pip install progressbar
sudo pip install python-levenshtein

$> pulsar.py -l -p file.pcap (1 pcap file)
$> pulsar.py -b 016169EBEBF1CEC2AAD6C7F0D0EE9026 (1 or more binaries from cuckoo storage)
$> pulsar.py -a (all binaries from cuckoo storage)

$> pulsar.py -s -m model_file

$> pulsar.py -z -m model_file

waybackpack dol.gov -d ~/Downloads/dol-wayback --to-date 1996

~/Downloads/dol-wayback/
├── 19961102145216
│   └── dol.gov
│       └── index.html
├── 19961103063843
│   └── dol.gov
│       └── index.html
├── 19961222171647
│   └── dol.gov
│       └── index.html
└── 19961223193614
└── dol.gov
└── index.html

waybackpack dol.gov --list

pip install waybackpack

usage: waybackpack [-h] (-d DIR | --list) [--raw] [--root ROOT]
                   [--from-date FROM_DATE] [--to-date TO_DATE]
                   [--user-agent USER_AGENT] [--follow-redirects]
                   [--uniques-only] [--collapse COLLAPSE] [--quiet]
                   url

positional arguments:
  url                   The URL of the resource you want to download.

optional arguments:
  -h, --help            show this help message and exit
  -d DIR, --dir DIR     Directory to save the files. Will create this
                        directory if it doesn't already exist.
  --list                Instead of downloading the files, only print the list
                        of snapshots.
  --raw                 Fetch file in its original state, without any
                        processing by the Wayback Machine or waybackpack.
  --root ROOT           The root URL from which to serve snapshotted
                        resources. Default: 'https://web.archive.org'
  --from-date FROM_DATE
                        Timestamp-string indicating the earliest snapshot to
                        download. Should take the format YYYYMMDDhhss, though
                        you can omit as many of the trailing digits as you
                        like. E.g., '201501' is valid.
  --to-date TO_DATE     Timestamp-string indicating the latest snapshot to
                        download. Should take the format YYYYMMDDhhss, though
                        you can omit as many of the trailing digits as you
                        like. E.g., '201604' is valid.
  --user-agent USER_AGENT
                        The User-Agent header to send along with your requests
                        to the Wayback Machine. If possible, please include
                        the phrase 'waybackpack' and your email address. That
                        way, if you're battering their servers, they know who
                        to contact. Default: 'waybackpack'.
  --follow-redirects    Follow redirects.
  --uniques-only        Download only the first version of duplicate files.
  --collapse COLLAPSE   An archive.org `collapse` parameter. Cf.:
                        https://github.com/internetarchive/wayback/blob/master
                        /wayback-cdx-server/README.md#collapsing
  --quiet               Don't log progress to stderr.

• @grawity
• @taggartk
• @jtemplon
• @jwilk
• @wumpus
• @bevacqua
• @ErikBorra
• @StevenACoffman

$ ./peach.py -h
usage: peach.py [-h] [-s] [-f] [--follow] [-c CONFIG] [-o OUTPUT] [-sh] [-nh]
                paths [paths ...]

positional arguments:
  paths                 files and directories to scan

optional arguments:
  -h, --help            show this help message and exit
  -s, --scan            use configuration file for vulnerability scanning
                        (vulnscan.json).
  -f, --fuzz            use configuration file for automated fuzzing
                        (fuzzing.json).
  --follow              follow symbolic links when scanning directories
  -c CONFIG, --config CONFIG
                        specify a custom configuration file (default:
                        vulnscan.json)
  -o OUTPUT, --output OUTPUT
                        output results to the specified JSON file
  -sh, --scan-hidden    Scan hidden files and directories (default)
  -nh, --no-hidden      Do not scan hidden files and directories

• peach.py
  This is the core of the utility; the Python script that kickstarts all threads and scans from the given command-line arguments .
  
• scan
  This directory hosts all the classes that can be duplicated and extended for specific file "scans," in which you could do pretty much anything you want. They are just housed in this folder to keep things clean.
  
• vulnscan.json
  This acts like the global configuation; in this JSON file you specify what scans you want to run for all of the files processed, and determine whatever criteria you want to use to identify those files (file extension, MIME type , or executable). All scanners listed in this configuration should be merely that: scanners. No fuzzers should be listed here!
  
• fuzzing.json
  This file is similar to vulnscan.json except that it contains references to fuzzers and can be used to start automatically fuzzing a directory or file. WARNING: using this config will execute ALL files with executable permissions! Be careful using it!
  
• test
  This directory holds anything that has been often used to test some of the scanners. You can add to it as you please.
  
• colors.py
  This small module acts as a wrapper for colorama , in an effort to supply some shorthand function calls.
  

sudo pip install pwn

Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It's really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for. This does not perform exploitation and does not scan the whole internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network. Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That's especially useful in targeted malware.

$ pip3 install fierce
$ fierce -h

$ git clone https://github.com/mschwager/fierce.git
$ cd fierce
$ pip3 install -r requirements.txt
$ python3 fierce.py -h

$ fierce --domain google.com --subdomains accounts admin ads

$ fierce --domain facebook.com --subdomains admin --traverse 10

$ fierce --domain facebook.com --subdomains admin --search fb.com fb.net

$ fierce --domain stackoverflow.com --subdomains mail --connect

$ fierce --domain facebook.com --wide

$ fierce --domain zonetransfer.me

$ fierce --domain zonetransfer.me > output.txt

$ fierce --dns-servers 10.0.0.1 --range 10.0.0.0/24

$ fierce --help

•  Map and manipulate DEX/ODEX/APK/AXML/ARSC format into full Python objects, 
•  Diassemble/Decompilation/Modification of DEX/ODEX/APK format, 
•  Decompilation with the first native (directly from dalvik bytecodes to java source codes) dalvik decompiler (DAD), 
•  Access to the static analysis of the code (basic blocks, instructions, permissions (with database from http://www.android-permissions.org/) ...) and create your own static analysis tool, 
•  Analysis a bunch of android apps, 
•  Analysis with ipython/Sublime Text Editor, 
•  Diffing of android applications, 
•  Measure the efficiency of obfuscators (proguard, ...), 
•  Determine if your application has been pirated (plagiarism/similarities/rip-off indicator), 
•  Check if an android application is present in a database (malwares, goodwares ?), 
•  Open source database of android malware (this opensource database is done on my free time, of course my free time is limited, so if you want to help, you are welcome !), 
•  Detection of ad/open source librairies (WIP), 
•  Risk indicator of malicious application, 
•  Reverse engineering of applications (goodwares, malwares), 
•  Transform Android's binary xml (like AndroidManifest.xml) into classic xml, 
•  Visualize your application with gephi (gexf format), or with cytoscape (xgmml format), or PNG/DOT output, 
•  Integration with external decompilers (JAD+dex2jar/DED/fernflower/jd-gui...) 

• TRACK2 (CreditCard) data from merchant/POS processes
• PII data
• Encryption Keys & All the other goodstuff

• Gmail
• Office365
• Outlook Web

• Xero
• MYOB

• Juniper SSL-VPN
• Citrix NetScaler
• Remote Desktop Web Access 2012

• Jira
• Github
• Bugzilla
• Zendesk
• Cpanel

• Malwr
• VirusTotal
• AnubisLabs

• Dropbox
• Microsoft Onedrive
• AWS Web Services
• Slack
• Twitter
• Facebook

• Custom regex - The syntax for adding custom regex is as follows:

    [mimikittenz.MemProcInspector]::AddRegex("<NameOfTarget>","<regex_here>")   

• Custom target process - Just append your target proccess name into the array:

    $matches=[mimikittenz.MemProcInspector]::InspectManyProcs("iexplore","chrome","firefox")   

Installation

• Reverse engineer apk files to smali, java jar files, java source code and dalvik bytecode (jadx format)
• Reverse engineer dex, jar and class files into java source code and dalvik bytecode (jadx format)
• Statically Analyze java source code and dalvik bytecode
• Scan for apk vulnerabilities via androbugs
• Scan ssl domains found in the app via the standalone SSL scanner that makes use of pyssltest and testssl

•  Having a tool to perform TCP/IP protocol fuzzer,  covering common regular protocols, such as: ICMP, TCP and UDP.

1. ICMP   - Internet Control Message Protocol
2. IGMP   - Internet Group Management Protocol
3. TCP    - Transmission Control Protocol
4. UDP    - User Datagram Protocol

1. High-Availability
2. Load Balancing
3. Backup Sites (Cold Sites, Hot Sites, and Warm Sites)
4. Disaster Recovery
5. Data Redundancy
6. Service Level Agreements
7. Etc...

• Confidentiality
• Integrity
• AVAILABILITY

1. Interior Gateway Protocols (Distance Vector Algorithm):
1. Routing Information Protocol (RIP)
2. Enhanced Interior Gateway Routing Protocol (EIGRP)
2. Interior Gateway Protocols (Link State Algorithm): 
1. Open Shortest Path First (OSPF)
3. Quality-of-Service Protocols: 
1. Resource ReSerVation Protocol (RSVP).
4. Tunneling/Encapsulation Protocols:  
1. Generic Routing Encapsulation (GRE).

1. Send sequentially the following fifteen (15) protocols: 
1. ICMP   - Internet Control Message Protocol 
2. IGMPv1 - Internet Group Management Protocol v1 
3. IGMPv3 - Internet Group Management Protocol v3  
4. TCP    - Transmission Control Protocol 
5. EGP    - Exterior Gateway Protocol 
6. UDP    - User Datagram Protocol 
7. RIPv1  - Routing Information Protocol v1  
8. RIPv2  - Routing Information Protocol v2 
9. DCCP   - Datagram Congestion Control Protocol 
10. RSVP   - Resource ReSerVation Protocol 
11. GRE    - Generic Routing Encapsulation  
12. IPSec  - Internet Protocol Security (AH/ESP) 
13. EIGRP  - Enhanced Interior Gateway Routing Protocol  
14. OSPF   - Open Shortest Path First
2. It is the only tool capable to encapsulate the protocols  (listed above) within Generic Routing Encapsulation (GRE).
3. Send an (quite) incredible amount of  packets per second,  making  it  a "second to none" tool:  

• More than 1,000,000 pps of SYN Flood  (+50% of the network uplink)  in  a 1000BASE-T Network (Gigabit Ethernet). 
• More than 120,000 pps of SYN Flood  (+60% of the network uplink)  in a  100BASE-TX Network (Fast Ethernet).

sudo apt-get install build-essential
git clone https://github.com/fredericopissarra/t50
cd t50
./configure
sudo make install

$ t50 --help
T50 Experimental Mixed Packet Injector Tool 5.6.3
Originally created by Nelson Brito 
Previously maintained by Fernando Mercês 
Maintained by Frederico Lamberti Pissarra 

Usage: t50  [options]
Common Options:
    --threshold NUM           Threshold of packets to send     (default 1000)
    --flood                   This option supersedes the 'threshold'
    --encapsulated            Encapsulated protocol (GRE)      (default OFF)
 -B,--bogus-csum              Bogus checksum                   (default OFF)
    --turbo                   Extend the performance           (default OFF)
 -l,--list-protocols          List all available protocols
 -v,--version                 Print version and exit
 -h,--help                    Display this help and exit

GRE Options:
    --gre-seq-present         GRE sequence # present           (default OFF)
    --gre-key-present         GRE key present                  (default OFF)
    --gre-sum-present         GRE checksum present             (default OFF)
    --gre-key NUM             GRE key                          (default RANDOM)
    --gre-sequence NUM        GRE sequence #                   (default RANDOM)
    --gre-saddr ADDR          GRE IP source IP address         (default RANDOM)
    --gre-daddr ADDR          GRE IP destination IP address    (default RANDOM)

DCCP/TCP/UDP Options:
    --sport NUM               DCCP|TCP|UDP source port         (default RANDOM)
    --dport NUM               DCCP|TCP|UDP destination port    (default RANDOM)

TCP Options:
    --acknowledge NUM         TCP ACK sequence #               (default RANDOM)
    --sequence NUM            TCP SYN sequence #               (default RANDOM)
    --data-offset NUM         TCP data offset                  (default 5)
 -F,--fin                     TCP FIN flag                     (default OFF)
 -S,--syn                     TCP SYN flag                     (default OFF)
 -R,--rst                     TCP RST flag                     (default OFF)
 -P,--psh                     TCP PSH flag                     (default OFF)
 -A,--ack                     TCP ACK flag                     (default OFF)
 -U,--urg                     TCP URG flag                     (default OFF)
 -E,--ece                     TCP ECE flag                     (default OFF)
 -C,--cwr                     TCP CWR flag                     (default OFF)
 -W,--window NUM              TCP Window size                  (default NONE)
    --urg-pointer NUM         TCP URG pointer                  (default NONE)
    --mss NUM                 TCP Maximum Segment Size         (default NONE)
    --wscale NUM              TCP Window Scale                 (default NONE)
    --tstamp NUM:NUM          TCP Timestamp (TSval:TSecr)      (default NONE)
    --sack-ok                 TCP SACK-Permitted               (default OFF)
    --ttcp-cc NUM             T/TCP Connection Count (CC)      (default NONE)
    --ccnew NUM               T/TCP Connection Count (CC.NEW)  (default NONE)
    --ccecho NUM              T/TCP Connection Count (CC.ECHO) (default NONE)
    --sack NUM:NUM            TCP SACK Edges (Left:Right)      (default NONE)
    --md5-signature           TCP MD5 signature included       (default OFF)
    --authentication          TCP-AO authentication included   (default OFF)
    --auth-key-id NUM         TCP-AO authentication key ID     (default 1)
    --auth-next-key NUM       TCP-AO authentication next key   (default 1)
    --nop                     TCP No-Operation                 (default EOL)

IP Options:
 -s,--saddr ADDR              IP source IP address             (default RANDOM)
    --tos NUM                 IP type of service               (default 0x40)
    --id NUM                  IP identification                (default RANDOM)
    --frag-offset NUM         IP fragmentation offset          (default 0)
    --ttl NUM                 IP time to live                  (default 255)
    --protocol PROTO          IP protocol                      (default TCP)

ICMP Options:
    --icmp-type NUM           ICMP type                        (default 8)
    --icmp-code NUM           ICMP code                        (default 0)
    --icmp-gateway ADDR       ICMP redirect gateway            (default RANDOM)
    --icmp-id NUM             ICMP identification              (default RANDOM)
    --icmp-sequence NUM       ICMP sequence #                  (default RANDOM)

EGP Options:
    --egp-type NUM            EGP type                         (default 3)
    --egp-code NUM            EGP code                         (default 3)
    --egp-status NUM          EGP status                       (default 1)
    --egp-as NUM              EGP autonomous system            (default RANDOM)
    --egp-sequence NUM        EGP sequence #                   (default RANDOM)
    --egp-hello NUM           EGP hello interval               (default RANDOM)
    --egp-poll NUM            EGP poll interval                (default RANDOM)

RIP Options:
    --rip-command NUM         RIPv1/v2 command                 (default 2)
    --rip-family NUM          RIPv1/v2 address family          (default 2)
    --rip-address ADDR        RIPv1/v2 router address          (default RANDOM)
    --rip-metric NUM          RIPv1/v2 router metric           (default RANDOM)
    --rip-domain NUM          RIPv2 router domain              (default RANDOM)
    --rip-tag NUM             RIPv2 router tag                 (default RANDOM)
    --rip-netmask ADDR        RIPv2 router subnet mask         (default RANDOM)
    --rip-next-hop ADDR       RIPv2 router next hop            (default RANDOM)
    --rip-authentication      RIPv2 authentication included    (default OFF)
    --rip-auth-key-id NUM     RIPv2 authentication key ID      (default 1)
    --rip-auth-sequence NUM   RIPv2 authentication sequence #  (default RANDOM)

DCCP Options:
    --dccp-data-offset NUM    DCCP data offset                 (default VARY)
    --dccp-cscov NUM          DCCP checksum coverage           (default 0)
    --dccp-ccval NUM          DCCP HC-Sender CCID              (default RANDOM)
    --dccp-type NUM           DCCP type                        (default 0)
    --dccp-extended           DCCP extend for sequence #       (default OFF)
    --dccp-sequence-1 NUM     DCCP sequence #                  (default RANDOM)
    --dccp-sequence-2 NUM     DCCP extended sequence #         (default RANDOM)
    --dccp-sequence-3 NUM     DCCP sequence # low              (default RANDOM)
    --dccp-service NUM        DCCP service code                (default RANDOM)
    --dccp-acknowledge-1 NUM  DCCP acknowledgment # high       (default RANDOM)
    --dccp-acknowledge-2 NUM  DCCP acknowledgment # low        (default RANDOM)
    --dccp-reset-code NUM     DCCP reset code                  (default RANDOM)

RSVP Options:
    --rsvp-flags NUM          RSVP flags                       (default 1)
    --rsvp-type NUM           RSVP message type                (default 1)
    --rsvp-ttl NUM            RSVP time to live                (default 254)
    --rsvp-session-addr ADDR  RSVP SESSION destination address (default RANDOM)
    --rsvp-session-proto NUM  RSVP SESSION protocol ID         (default 1)
    --rsvp-session-flags NUM  RSVP SESSION flags               (default 1)
    --rsvp-session-port NUM   RSVP SESSION destination port    (default RANDOM)
    --rsvp-hop-addr ADDR      RSVP HOP neighbor address        (default RANDOM)
    --rsvp-hop-iface NUM      RSVP HOP logical interface       (default RANDOM)
    --rsvp-time-refresh NUM   RSVP TIME refresh interval       (default 360)
    --rsvp-error-addr ADDR    RSVP ERROR node address          (default RANDOM)
    --rsvp-error-flags NUM    RSVP ERROR flags                 (default 2)
    --rsvp-error-code NUM     RSVP ERROR code                  (default 2)
    --rsvp-error-value NUM    RSVP ERROR value                 (default 8)
    --rsvp-scope NUM          RSVP SCOPE # of address(es)      (default 1)
    --rsvp-address ADDR,...   RSVP SCOPE address(es)           (default RANDOM)
    --rsvp-style-option NUM   RSVP STYLE option vector         (default 18)
    --rsvp-sender-addr ADDR   RSVP SENDER TEMPLATE address     (default RANDOM)
    --rsvp-sender-port NUM    RSVP SENDER TEMPLATE port        (default RANDOM)
    --rsvp-tspec-traffic      RSVP TSPEC service traffic       (default OFF)
    --rsvp-tspec-guaranteed   RSVP TSPEC service guaranteed    (default OFF)
    --rsvp-tspec-r NUM        RSVP TSPEC token bucket rate     (default RANDOM)
    --rsvp-tspec-b NUM        RSVP TSPEC token bucket size     (default RANDOM)
    --rsvp-tspec-p NUM        RSVP TSPEC peak data rate        (default RANDOM)
    --rsvp-tspec-m NUM        RSVP TSPEC minimum policed unit  (default RANDOM)
    --rsvp-tspec-M NUM        RSVP TSPEC maximum packet size   (default RANDOM)
    --rsvp-adspec-ishop NUM   RSVP ADSPEC IS HOP count         (default RANDOM)
    --rsvp-adspec-path NUM    RSVP ADSPEC path b/w estimate    (default RANDOM)
    --rsvp-adspec-m NUM       RSVP ADSPEC minimum path latency (default RANDOM)
    --rsvp-adspec-mtu NUM     RSVP ADSPEC composed MTU         (default RANDOM)
    --rsvp-adspec-guaranteed  RSVP ADSPEC service guaranteed   (default OFF)
    --rsvp-adspec-Ctot NUM    RSVP ADSPEC ETE composed value C (default RANDOM)
    --rsvp-adspec-Dtot NUM    RSVP ADSPEC ETE composed value D (default RANDOM)
    --rsvp-adspec-Csum NUM    RSVP ADSPEC SLR point composed C (default RANDOM)
    --rsvp-adspec-Dsum NUM    RSVP ADSPEC SLR point composed D (default RANDOM)
    --rsvp-adspec-controlled  RSVP ADSPEC service controlled   (default OFF)
    --rsvp-confirm-addr ADDR  RSVP CONFIRM receiver address    (default RANDOM)

IPSEC Options:
    --ipsec-ah-length NUM     IPSec AH header length           (default NONE)
    --ipsec-ah-spi NUM        IPSec AH SPI                     (default RANDOM)
    --ipsec-ah-sequence NUM   IPSec AH sequence #              (default RANDOM)
    --ipsec-esp-spi NUM       IPSec ESP SPI                    (default RANDOM)
    --ipsec-esp-sequence NUM  IPSec ESP sequence #             (default RANDOM)

EIGRP Options:
    --eigrp-opcode NUM        EIGRP opcode                     (default 1)
    --eigrp-flags NUM         EIGRP flags                      (default RANDOM)
    --eigrp-sequence NUM      EIGRP sequence #                 (default RANDOM)
    --eigrp-acknowledge NUM   EIGRP acknowledgment #           (default RANDOM)
    --eigrp-as NUM            EIGRP autonomous system          (default RANDOM)
    --eigrp-type NUM          EIGRP type                       (default 258)
    --eigrp-length NUM        EIGRP length                     (default NONE)
    --eigrp-k1 NUM            EIGRP parameter K1 value         (default 1)
    --eigrp-k2 NUM            EIGRP parameter K2 value         (default 0)
    --eigrp-k3 NUM            EIGRP parameter K3 value         (default 1)
    --eigrp-k4 NUM            EIGRP parameter K4 value         (default 0)
    --eigrp-k5 NUM            EIGRP parameter K5 value         (default 0)
    --eigrp-hold NUM          EIGRP parameter hold time        (default 360)
    --eigrp-ios-ver NUM.NUM   EIGRP IOS release version        (default 12.4)
    --eigrp-rel-ver NUM.NUM   EIGRP PROTO release version      (default 1.2)
    --eigrp-next-hop ADDR     EIGRP [in|ex]ternal next-hop     (default RANDOM)
    --eigrp-delay NUM         EIGRP [in|ex]ternal delay        (default RANDOM)
    --eigrp-bandwidth NUM     EIGRP [in|ex]ternal bandwidth    (default RANDOM)
    --eigrp-mtu NUM           EIGRP [in|ex]ternal MTU          (default 1500)
    --eigrp-hop-count NUM     EIGRP [in|ex]ternal hop count    (default RANDOM)
    --eigrp-load NUM          EIGRP [in|ex]ternal load         (default RANDOM)
    --eigrp-reliability NUM   EIGRP [in|ex]ternal reliability  (default RANDOM)
    --eigrp-daddr ADDR/CIDR   EIGRP [in|ex]ternal address(es)  (default RANDOM)
    --eigrp-src-router ADDR   EIGRP external source router     (default RANDOM)
    --eigrp-src-as NUM        EIGRP external autonomous system (default RANDOM)
    --eigrp-tag NUM           EIGRP external arbitrary tag     (default RANDOM)
    --eigrp-proto-metric NUM  EIGRP external protocol metric   (default RANDOM)
    --eigrp-proto-id NUM      EIGRP external protocol ID       (default 2)
    --eigrp-ext-flags NUM     EIGRP external flags             (default RANDOM)
    --eigrp-address ADDR      EIGRP multicast sequence address (default RANDOM)
    --eigrp-multicast NUM     EIGRP multicast sequence #       (default RANDOM)
    --eigrp-authentication    EIGRP authentication included    (default OFF)
    --eigrp-auth-key-id NUM   EIGRP authentication key ID      (default 1)

OSPF Options:
    --ospf-type NUM           OSPF type                        (default 1)
    --ospf-length NUM         OSPF length                      (default NONE)
    --ospf-router-id ADDR     OSPF router ID                   (default RANDOM)
    --ospf-area-id ADDR       OSPF area ID                     (default 0.0.0.0)
 -1,--ospf-option-MT          OSPF multi-topology / TOS-based  (default RANDOM)
 -2,--ospf-option-E           OSPF external routing capability (default RANDOM)
 -3,--ospf-option-MC          OSPF multicast capable           (default RANDOM)
 -4,--ospf-option-NP          OSPF NSSA supported              (default RANDOM)
 -5,--ospf-option-L           OSPF LLS data block contained    (default RANDOM)
 -6,--ospf-option-DC          OSPF demand circuits supported   (default RANDOM)
 -7,--ospf-option-O           OSPF Opaque-LSA                  (default RANDOM)
 -8,--ospf-option-DN          OSPF DOWN bit                    (default RANDOM)
    --ospf-netmask ADDR       OSPF router subnet mask          (default RANDOM)
    --ospf-hello-interval NUM OSPF HELLO interval              (default RANDOM)
    --ospf-hello-priority NUM OSPF HELLO router priority       (default 1)
    --ospf-hello-dead NUM     OSPF HELLO router dead interval  (default 360)
    --ospf-hello-design ADDR  OSPF HELLO designated router     (default RANDOM)
    --ospf-hello-backup ADDR  OSPF HELLO backup designated     (default RANDOM)
    --ospf-neighbor NUM       OSPF HELLO # of neighbor(s)      (default NONE)
    --ospf-address ADDR,...   OSPF HELLO neighbor address(es)  (default RANDOM)
    --ospf-dd-mtu NUM         OSPF DD MTU                      (default 1500)
    --ospf-dd-dbdesc-MS       OSPF DD master/slave bit option  (default RANDOM)
    --ospf-dd-dbdesc-M        OSPF DD more bit option          (default RANDOM)
    --ospf-dd-dbdesc-I        OSPF DD init bit option          (default RANDOM)
    --ospf-dd-dbdesc-R        OSPF DD out-of-band resync       (default RANDOM)
    --ospf-dd-sequence NUM    OSPF DD sequence #               (default RANDOM)
    --ospf-dd-include-lsa     OSPF DD include LSA header       (default OFF)
    --ospf-lsa-age NUM        OSPF LSA age                     (default 360)
    --ospf-lsa-do-not-age     OSPF LSA do not age              (default OFF)
    --ospf-lsa-type NUM       OSPF LSA type                    (default 1)
    --ospf-lsa-id ADDR        OSPF LSA ID address              (default RANDOM)
    --ospf-lsa-router ADDR    OSPF LSA advertising router      (default RANDOM)
    --ospf-lsa-sequence NUM   OSPF LSA sequence #              (default RANDOM)
    --ospf-lsa-metric NUM     OSPF LSA metric                  (default RANDOM)
    --ospf-lsa-flag-B         OSPF Router-LSA border router    (default RANDOM)
    --ospf-lsa-flag-E         OSPF Router-LSA external router  (default RANDOM)
    --ospf-lsa-flag-V         OSPF Router-LSA virtual router   (default RANDOM)
    --ospf-lsa-flag-W         OSPF Router-LSA wild router      (default RANDOM)
    --ospf-lsa-flag-NT        OSPF Router-LSA NSSA translation (default RANDOM)
    --ospf-lsa-link-id ADDR   OSPF Router-LSA link ID          (default RANDOM)
    --ospf-lsa-link-data ADDR OSPF Router-LSA link data        (default RANDOM)
    --ospf-lsa-link-type NUM  OSPF Router-LSA link type        (default 1)
    --ospf-lsa-attached ADDR  OSPF Network-LSA attached router (default RANDOM)
    --ospf-lsa-larger         OSPF ASBR/NSSA-LSA ext. larger   (default OFF)
    --ospf-lsa-forward ADDR   OSPF ASBR/NSSA-LSA forward       (default RANDOM)
    --ospf-lsa-external ADDR  OSPF ASBR/NSSA-LSA external      (default RANDOM)
    --ospf-vertex-router      OSPF Group-LSA type router       (default RANDOM)
    --ospf-vertex-network     OSPF Group-LSA type network      (default RANDOM)
    --ospf-vertex-id ADDR     OSPF Group-LSA vertex ID         (default RANDOM)
    --ospf-lls-extended-LR    OSPF LLS Extended option LR      (default OFF)
    --ospf-lls-extended-RS    OSPF LLS Extended option RS      (default OFF)
    --ospf-authentication     OSPF authentication included     (default OFF)
    --ospf-auth-key-id NUM    OSPF authentication key ID       (default 1)
    --ospf-auth-sequence NUM  OSPF authentication sequence #   (default RANDOM)

Some considerations while running this program:
 1. There is no limitation of using as many options as possible.
 2. Report t50 bugs at https://github.com/fredericopissarra/t50.git.
 3. Some header fields with default values MUST be set to '0' for RANDOM.
 4. Mandatory arguments to long options are mandatory for short options too.
 5. Be nice when using t50, the author DENIES its use for DoS/DDoS purposes.
 6. Running t50 with '--protocol T50' option sends ALL protocols sequentially.