tools, tool, verktøy, sikkerhetstester, sikkerhetstesting

Tools

Dette er en samling av verktøy (tools) som kan være nyttig for deg, hvis du er interessert i IT-sikkerhet.
Kildekode publisert av Encripto følger en FreeBSD lisens. Bruk programvarene på EGEN RISIKO.

Det er ansvaret til brukeren å følge lovverk. Encripto AS eller utvikleren av verktøyene har ikke ansvar for misbruk eller skade utført av programvarene.
Verktøyene kan lastes ned kun hvis du godtar lisensen og disse betingelsene.

30.06.22 - Blue Team Training Toolkit v2.9

Blue Team Training Toolkit (BT3) is designed for network analysis training sessions, incident response drills and red team engagements. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk.

The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto’s Maligno, Pcapteller and Mocksum.
Check out the BT3 user guide, or the Blue Team Training Toolkit Video Series for practical examples.

Changelog: This is a final release with offline mode only. The BT3 API is now deprecated. The BT3 content library is available for download for offline use.

sha-256sum: 39b24206653dbb67f70c0b9529ff7524fecc1226fe682a0fc729b46dba16a034

Last ned

03.01.16 - Maligno v2.5 (legacy)

This is a legacy version, and it is no longer supported. The latest version of Maligno is now part of the Blue Team Training Toolkit.

Maligno is an open source penetration testing tool written in Python that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded prior to transmission.

Maligno also comes with a client tool, which supports HTTP, HTTPS and encryption capabilities. The client is able to connect to Maligno in order to download an encrypted Metasploit payload. Once the shellcode is received, the client will decode it, decrypt it and inject it in the target machine.

The client-server communications can be configured in a way that allows you to simulate specific C&C communications or targeted attacks. In other words, the tool can be used as part of adversary replication engagements.

Are you new to Maligno? Check our ongoing Maligno Video Series with examples and tutorials.

Changelog: Proxy basic authentication support for non-Windows platforms, bug fixes and minor adjustments.

sha-256sum: 769542adfb8846bf766f80097cea25abe83f88a40a0b96d35c82ce0750d272ef

Last ned

03.01.15 - Persongen v0.4

Persongen is a tool that generates Norwegian Social Security Numbers (SSNs). It implements Wikipedia’s algorithm for calculating SSNs. SSNs are generated based on a given date of birth, gender, and SSN type. As you may guess, Persongen can be useful for testing applications which handle Norwegian SSNs.

Changelog: Output coloring, update detection routine and other minor improvements.

sha-256sum: 024803d511f5eacb51f8eb11825e35a7303420eb4368d7f31853a800a904ef7c

Last ned

05.02.14 - Inteno DG301 Command Injection PoC

This is a Proof of Concept (PoC) that illustrates a command injection vulnerability affecting Inteno DG301 residential gateways, discovered by Juan J. Güelfo at Encripto AS.

sha-256sum: 676c063a123bb6632d0c3722f2eb7566064d177f5285af48d6fca8019e6a8363

Last ned

21.08.13 - Netgear ProSafe PoC - CVE-2013-4775 & CVE-2013-4776

This is a Proof of Concept (PoC) that illustrates two vulnerabilities affecting Netgear ProSafe switches (CVE-2013-4775 & CVE-2013-4776), discovered by Juan J. Güelfo at Encripto AS.

sha-256sum: 7800b6ff437edfd74ac359c57731415a147812ee00c20f33d3f83f604b154189

Last ned