Pentesting Frameworks

Note: To find such frameworks use google search “exploit framework -xenotix -beef -metasploit” for current year search results.

  1. Android Vulnerability Test Suite
    1. https://github.com/nowsecure/android-vts
  2. SHURIKEN – Exploit throwing framework
    1. https://github.com/samuraictf/shuriken-framework
  3. PowerSploit – A PowerShell Post-Exploitation Framework
    1. https://github.com/mattifestation/PowerSploit
  4. Fast-Track –  a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network.
    1. http://www.darknet.org.uk/2009/02/fast-track-40-automated-penetration-testing-suite/
  5. Metasploit – no explanation required
    1. http://www.metasploit.com/
  6. Set – Social-Engineer Toolkit
    1. https://github.com/trustedsec/social-engineer-toolkit
  7. Shellter – can be used in order to inject shellcode into native Windows applications (currently 32-bit apps only)
    1. https://www.shellterproject.com/introducing-shellter/
  8. Sandy – Static and Dynamic exploit analysis framework
    1. https://github.com/fb1h2s/sandy
    2. http://www.garage4hackers.com/entry.php?b=2532
  9. RouterPwn – Router Exploitation Framework
    1. http://www.routerpwn.com/
    2. http://exploiterz.blogspot.co.il/2013/08/routerpwn-router-exploitation-framework.html
  10. EyjafjallajöKull Framework – Exploit Kits Krawler Framework (maybe might be used after a little change to crawl other info other than exploit kits)
    1. http://archive.hack.lu/2013/Hack.lu.2013-ExploitKitsKrawlerFramework.pdf
    2. https://www.youtube.com/watch?v=NnHQOJjdnVk
    3. https://github.com/Eyjafjallajokull
  11. pykek – Kerberos Exploitation Kit
    1. https://github.com/bidord/pykek
  12. OSINT framework – designed to automate and make it easy to gather and store the intelligence collected from open sources
    1. https://github.com/sebdraven/OSINT
  13. A Python FrameWork For NoSQL Scanning and Exploitation Framework. Support For Mongo,Couch,Redis,H-Base,Cassandra.
    1. https://github.com/torque59/Nosql-Exploitation-Framework
  14. Evilgrade – Update exploitation framework
    1. https://github.com/infobyte/evilgrade
    2. https://www.youtube.com/watch?v=aBy-9KxopDE
  15. w3af – a Web Application Attack and Audit Framework
    1. http://w3af.org/
    2. https://github.com/andresriancho/w3af
  16. subterfuge – Automated Man-in-the-Middle Attack Framework
    1. https://code.google.com/p/subterfuge/
    2. http://www.elithecomputerguy.com/2013/02/19/introduction-to-subterfuge-for-easy-mitm-attacks-man-in-the-middle/
  17. Nishang – a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests
    1. https://github.com/samratashok/nishang
    2. http://www.labofapenetrationtester.com/2013/06/nishang-0-2-7.html
  18. BDF (bakcdoor factory) – The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state
    1. https://github.com/secretsquirrel/the-backdoor-factory
  19. Veil – a red team toolkit focused on evading detection
    1. https://github.com/Veil-Framework/Veil
    2. https://www.veil-framework.com/
    3. https://pen-testing.sans.org/blog/2013/07/12/anti-virus-evasion-a-peek-under-the-veil
  20. Beef – xss exploitation framework
    1. https://github.com/beefproject/beef
    2. http://beefproject.com/
  21. xssshell – xss exploitation framework
    1. https://github.com/portcullislabs/xssshell-xsstunnell
    2. http://www.darknet.org.uk/2006/12/xss-shell-v039-cross-site-scripting-backdoor-tool/
  22. xssf – xss exploitation framework
    1. https://code.google.com/p/xssf/
  23. AFE – Android Framework for Exploitation
    1. https://github.com/xysec/AFE
    2. https://www.mayrhofer.eu.org/downloads/publications/IWSSI2011-Android-Exploit-Framework.pdf
    3. https://www.mayrhofer.eu.org/android-exploit-framework
  24. thc-ipv6 – IPv6 attack toolkit
    1. https://github.com/vanhauser-thc/thc-ipv6
Advertisements

One thought on “Pentesting Frameworks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s