Be the first to post a text review of A free penetration testing toolkit. Rate and review a project by clicking thumbs up or thumbs down in the right column.

View all reviews

• Tracker artifact added

  oxdef created the Incorrect DSN in sid guess artifact

  posted by oxdef 164 days ago

• Tracker comment added

  oxdef commented on the Not full data recieved in response of TNS command artifact

  posted by oxdef 171 days ago

• Tracker artifact added

  Anonymous created the Not full data recieved in response of TNS command artifact

  posted by nobody 172 days ago

• inguma Inguma 0.1.0 (R1) file released: inguma-0.1.1.tar.gz

  CURRENT_RELEASE Joxean Koret - Version 0.1.0 * Added library libinformix. Supports connection establishment and command execution. Pure python code. * Added a brute force module for Informix databases (bruteifx). * Fixed bugs in the Sybase's brute force module. * Added an Informix SQLEXEC protocol fuzzer. * Added liboracleinternals.py. Currently it just work for creating oracle password files (from version 8 to 11). * Added module db2discover to discover IBM DB2 database servers. * Added an information gather module for Informix database servers. * Very (basic) initial support for RDP protocol format. * Added support for fuzzing based on PCAP packets. * Added a POC for the Sun Java Web Proxy Server heap overflow (fixed). * Distributed Nikto database updated. * Added basic support for Bluetooth and Wifi (Hugo). * Added a frontend for Nmap (Hugo). * Added libhexdump (Hugo). * Added modules tcpproxy, hexdump and simple web server (Hugo). * Changed format of OpenDis databases to SQLite format (use -sdb=file.sqlite). * Added OpenDis Binary Navigator. (...a lot of silence...) 2008-0811 Joxean Koret - Version 0.0.8 * Fixed bugs in the SMTP, POP3 and IMAP brute forcers. * Module "isnated" enhanced (Thanks you Sp0oKeR!). * Added module "dnsspoof". * Added module "fakearp", a fake ARP server. * Added various changes to make Inguma Debian friendly. * Added module "dtspc" to gather information from dtspcd. * Many changes and enhancements to PyShellCodeLib. * Added libdisassemble from Immunity Sec to the toolkit. * Added a JavaScript object's fuzzer. Connect with your browser to the spawned web server and follow the instructions that appears. * Help command now shows output summarized by category (discover, gather, etc...). * Upgraded Scapy to version 1.2.0.2 to avoid problems with IKE. * Added module "ikescan", a tool like the well know ike-scan. * Added module "unicornscan", a wrapper for the popular tool. Thanks you Hugo!. 2008-03-12 Joxean Koret - Version 0.0.7 * Fixed bugs in allmost all modules. * Added support for command line history and autocompletion (whenever readline is available). * Fixed various oracle module's documentation. * Added the first version of "anticrypt", a tool to detect the encryption algorithm used for a password hash. It saves a lot of time when auditing a (weak) encryption algorithm. * Added a Nikto plugin (Thanks you Sullo!). * Added module "archanix". Usefull to check old Unix boxes. * Many changes to PyShellcodelib (Thanks erg0t!). * Added a brute forcer for SMTP servers. * First release of the documentation by Andrew Brooks. Check the wiki available at http://inguma.wiki.sourceforge.net/ (Many thanks Andrew!). * Added 4 new Oracle exploit modules for CPUJAN2008. * Added a skr1pT k1|>i3 like module for the Oracle PL/SQL gateway flaw. Give a target & port and use "oragateway". The module will automagically guess the correct DAD and bypass technique. After it an SQL terminal will be opened. 2007-11-26 Joxean Koret - Version 0.0.6 * Enhanced the module "sidguess". It now extracts the SID from Enterprise Manager banner. Thanks to Alexander Kornbrust! * Added more services to the identify module. * Added a brute force module for HTTP servers. * Renamed the directory "aux" to "auxi" to avoid problems in Win32. * Added a tool to known your external ip address. Util to check how anonymous an anonymous proxy server is ;) For more information navigate to http://inguma.wiki.sourceforge.net/externip. * Added various Oracle 8i, 9i and 10g SQL injection modules. A total of 5 new modules. * Oracle payloads changed to use, when possible, the cursor injection technique. * Fixed bugs in whois module. * Added module nmbstat to gather NetBIOS information. * Enhanced the module firetest to make ICMP probes as well as TCP/IP probes. The probes are executed with an small MTU and with a common MTU (by default 16000). * Initial version of the Website (http://inguma.sourceforge.net). * Initial version of the Wiki (http://inguma.wiki.sourceforge.net). * Added a protocol scanner. Check what IP protocols enabled has a target. Take a look to the module "protoscan". * Initial version of PyShellCodeLib. A GPL'ed library similar to the well known InlineEgg. * Module SIDVault uses now PyShellCodeLib instead of InlineEgg. * Addedd module getmac to get the MAC address and the vendor name from a given IP address. * Added a module to poison ARP target's cache. * Fixed security paranoia bugs. * Added examples of the OpenDis framework. A tool called asmdiff.py has been added to do binary diffs as a well as other example that prints an OpenDis format database. See $INGUMA_DIR/dis/README for details. 2007-10-20 Joxean Koret - Version 0.0.5 * Fixed too many bugs in the text and QT versions. * Fixed too many bugs in the modules section. * Added support to identify LDAP, RDP enabled servers and also some very old Unix services. * Added module "firetest" to test firewall configurations. * Added module "brutessh" to brute force SSH servers. * Removed many (stupids) sys.path.append (Thanks PH!). * Added module "bruteora" to brute force Oracle servers. It will check for every (commonly) possible user or for an specified user. * Removed scapereal from distribution. You can use it, of course, but you need to download it yourself. * Added a tool to crack MD5 hashes using freely available rainbow tables. * Added module "sidguess" to guess the SID of an Oracle Database instance. * Added module's option "help". Type "info <command>" to get the correspondient help. * _*Initial*_ shellcode support. See the SIDVault remote root exploit and $INGUMA_DIR/lib/libexploit.py for details. x86 support with InlineEgg. Thanks you Gera! * Added one exploit for the vulnerability in SYS.LT.FINDRICSET (CPU Oct. 2007). * Added a password cracker for Oracle11g. * Added a password cracker for MS SQL Server 7 and 2000. * Enhanced the Oracle PL/SQL fuzzer. 2007-10-03 Joxean Koret - Version 0.0.4 * Added one module to check for the most common Oracle Appplications Server vulnerable urls. * Added "smbgold" module, to search in SMB/CIFS shares for interesting files (*.mdb, passwords.txt, ...). * Added "scapereal" to distribution. Run "sniffer", sniff a packet list and type "ethereal". You will see an ethereal like GTK Window showing all the sniffed packets in a graphical fashion. * First version of the GUI using pyqt. * Added a module to gather information from an Oracle TimesTen server. 2007-09-06 Joxean Koret - Version 0.0.3 * Added a, non integrated, disassembler (you will need objdump). See dis/README for details. * Added a, non integrated, general purpose token based fuzzer. See krash/README for details. * Enhaced the Oracle PL/SQL fuzzer. * Added a TNS fuzzer. Use the tnscmd's option "fuzz". * Minor changes to the TNS Listener tool "tnscmd". * Support to "autoscan" a complete network (i.e., 192.168.1.0/24). * Now, it can "automagically" brute force username and passwords. * Added "libfuzz", a library to make easier the task of writing new fuzzers. * The module "identify" now can identify rmi, ocfs2, web servers, ftp servers, ssh servers, TNS listeners, CIFS/SMB compatible servers, LPD servers, Jet Direct printers, SMTP servers and MySQL servers. Sufficient for now (at least for me ;]). * Better support for Win32. * Basic plain text report support. * Better support for kb (knowledge base) files. * Better support for brute force modules. * Added the "interactive" option to launch in interactive or batch mode. * Autoscan can ignore specified hosts. * Autoscan is "SMB/CIFS" aware and can automagically brute force username and passwords. * Module "portscan" have been enhanced. * Rpcdump and samrdump can use username and passwords (brute forced or guessed). * Module "tcpscan" have been enhanced. * Minor fixes for various discover modules. * Added "libslp", a library (dissector?) for the Service Location Protocol. * The FTP fuzzer have been integrated. 2007-04-06 Joxean Koret - Version 0.0.2 * Added knowledge base support (DANGEROUS!). * Added "whois" and "netcraft" discover modules. * Added brute force modules for FTP, IMAP, POP3 and SMB. * Added support for "autobrute". * Support to generate reports of the command "autoscan". * Many fixes mainly focused in Win32 support. 2007-02-16 Joxean Koret - Version 0.0.1 * First public version. PRE-ALPHA

  posted 316 days ago

• Screenshot Added

  joseanpiti added a screenshot of OpenDis Binary Navigator showing cross references for a proc

  posted by joseanpiti 316 days ago

• Screenshot Added

  joseanpiti added a screenshot of OpenDis Binary Navigator: Text browser

  posted by joseanpiti 316 days ago

• File released: /inguma/Inguma 0.1.0 (R1)/inguma-0.1.1.tar.gz

  posted 316 days ago

• Screenshot Added

  joseanpiti added a screenshot of OpenDis Binary Navigator showing a basic blocks diagram

  posted by joseanpiti 316 days ago

• Project Information Updated

  joseanpiti added joseanpiti to the A free penetration testing toolkit project

  posted by joseanpiti 334 days ago

• inguma Inguma - 0.0.9 file released: inguma-0.0.9.1.tar.gz

  CURRENT_RELEASE Joxean Koret - Version 0.0.8 * Fixed bugs in the SMTP, POP3 and IMAP brute forcers. * Module "isnated" enhanced (Thanks you Sp0oKeR!). * Added module "dnsspoof". * Added module "fakearp", a fake ARP server. * Added various changes to make Inguma Debian friendly. * Added module "dtspc" to gather information from dtspcd. * Many changes and enhancements to PyShellCodeLib. * Added libdisassemble from Immunity Sec to the toolkit. * Added a JavaScript object's fuzzer. Connect with your browser to the spawned web server and follow the instructions. * Help command now shows output summarized by category (discover, gather, etc...). * Upgraded Scapy to version 1.2.0.2 to avoid problems with IKE. * Added module "ikescan", a tool like the well know ike-scan. * Added module "unicornscan", a wrapper for the popular tool. Thanks you Hugo!. * Added to the public version of Inguma various DOS exploits for recently fixed vulnerabilities in Oracle TimesTen, Oracle Internet Directory and Sun Java Web Proxy Server.

  posted 456 days ago