In warfare, CornerShot is a weapon that allows a soldier to look past a corner (and possibly take a shot), without risking exposure. Similarly, the CornerShot package allows one to look at a remote host’s network access without the need to have any special privileges on that host. Using CornerShot, a source, with network accessRead More
Batea is a context-driven network device ranking framework based on the anomaly detection family of machine learning algorithms. The goal of Batea is to allow security teams to automatically filter interesting network assets in large networks using nmap scan reports. We call those Gold Nuggets. For more information about Gold Nuggeting and the science behindRead More
ZMap is a fast single packet network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection, ZMap is capable scanning the entire public IPv4 address space in under 45 minutes. With a 10gigE connection and PF_RING, ZMap can scan the IPv4 address space in under 5 minutes. ZMapRead More
webscan is a browser-based network IP scanner and local IP detector. It detects IPs bound to the user/victim by listening on an RTP data channel via WebRTC and looping back to the port across any live IPs, as well as discovering all live IP addresses on valid subnets by monitoring for immediate timeouts (TCP RSTRead More
NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format. The tool was developed to extract NTLMv2 hashes from files generated by native Windows binaries like NETSH.EXE and PKTMON.EXE without conversion. The following binary network packet capture formats are supported: *.pcap *.pcapng *.cap *.etl UsageRead More
NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and unpatched services. It is not a replacement for Qualys, Nessus, or OpenVAS. It does not do authenticated scans, and operates in black-box mode only. NERVE will do “some” CVE checks, but this is primarily coming fromRead More
Network reconnaisance tool that sniffs for active hosts IntroductionNetenum passively monitors the ARP traffic on the network. It extracts basic data about each active host, such as IP address, MAC address and manufacturer. The main objective of this tool is to find active machines without generating too much noise.Features Provides basic information about the network,Read More
Perform automated network reconnaissance scans to gather network intelligence.IntelSpy is a multi-threaded network intelligence spy tool which performs automated enumeration of network services. It performs live hosts detection scans, port scans, services enumeration scans, web content scans, brute-force, detailed off-line exploits searches and more.The tool will also launch further enumeration scans for each detected serviceRead More
Tsunami is a general-purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.To learn more about Tsunami, visit our documentations.Tsunami relies heavily on its plugin system to provide basic scanning capabilities. All publicly available Tsunami plugins are hosted in a separate google/tsunami-security-scanner-plugins repository.Current Status Currently Tsunami is in ‘pre-alpha’ releaseRead More
Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test. 1. Capsulecorp PentestThe Capsulecorp Pentest is a small virtual network managed by vagrant and ansible. It contains five virtual machines, including one Linux attacking system running xubuntu and 4 Windows 2019 servers configured with various vulnerable services. This project can be used to learn networkRead More
