Tools / Scripts

This page provides a few links to tools and scripts that I’ve created which others may also find a use for.

Lockdown Testing

Babel Scripting Framework (babel-sf) – a collection of custom scripts to facilitate useful pentest related functions via scripting languages.

Nix-auditor.sh – A simple Ubuntu / Redhat / CentOS and Debian Audit Script.

Metasploit Modules

cerberus_sftp_enumusers.rb – Metasploit module that uses a dictionary to brute force valid usernames from Cerberus FTP server versions older than 6.0.9.0 or 7.0.0.2 (via SFTP). This flaw is caused by a discrepancy in the way the SSH service handles failed logins for valid and invalid users.

kerberos_enumusers.rb –  Metasploit module to enumerate valid Domain Users via Kerberos from an  unauthenticated perspective. It utilises the different responses returned by the service for valid and invalid users.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>