Tools / Scripts

This page provides a few links to tools and scripts that I’ve created which others may also find a use for.

Tools / Scripts

Nmap-ssl-parser –  a python script designed to query nmap XML output and provide a list of usable ssl services in the format host:port

Auto-sslscan – a python script designed to automate the process of conducting ssl scanning via sslcan. The Auto-sslscan script parses an nmap.xml output file, extracts all SSL services and automatically performs an sslscan of them.

Babel Scripting Framework (babel-sf) – a collection of custom scripts to facilitate useful pentest related functions via scripting languages.

All of the following tools are replicated in the following languages – PowerShell, Perl, Ruby and Python:

  1. Portscanner
  2. ARPscanner
  3. FTP Client
  4. WGET Client
  5. Bind Metasploit Payload
  6. Reverse Metasploit Payload

Nix-auditor.sh – A simple Ubuntu / Redhat / CentOS and Debian Audit Script.

Metasploit Modules

cerberus_sftp_enumusers.rb – Metasploit module that uses a dictionary to brute force valid usernames from Cerberus FTP server versions older than 6.0.9.0 or 7.0.0.2 (via SFTP). This flaw is caused by a discrepancy in the way the SSH service handles failed logins for valid and invalid users.

kerberos_enumusers.rb –  Metasploit module to enumerate valid Domain Users via Kerberos from an  unauthenticated perspective. It utilises the different responses returned by the service for valid and invalid users.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>