Tools, freely shipped.

Five utilities I've built and released for the penetration testing community — codenamed after curious, hardy and ancient creatures. All free; all open to feedback.

5 tools

01 · Released

Current tools

stable releases

SSLAuditor

/ Opabinia

Utility to audit SSL services — ciphers, certificates, configuration and headers.

LicenseFreeware

DomainPen Testing

Status● Released

Version4.0

ReleasedFeb 2013

Windows (64-bit) Release notes →

Overview

Performs 30 checks. Overview image.
Works on https, pop3s, imaps, smtps, rdp, ldaps.
Flexible input: IP/host, IP range, file with IP/host list, NMap XML.
Integrates multiple tools to gather information.

Advantages

Cipher issues: SSLv2 support, weak ciphers.
Certificate issues: self-signed, wildcard, expiration, weak cryptography.
Configuration: CRIME, BEAST, renegotiation, resumption.
Web server: HSTS & security headers, Heartbleed, banners, cache settings.
Validity-only mode for scanning huge ranges quickly.
Internal timer adapts to server response, professional reporting with mitigations.

Sample Reports

ReportGen

/ Nothronychus

Generate reports faster, more consistent, and of better quality — across multiple scans & tools.

LicenseFreeware

DomainPen Testing

Status● Testing / Beta

Version4.0

ReleasedApr 2014

v4.0 beta — Windows Documentation →

Overview

Generates reports for various issues using a curated repository.
Standardised reports across multiple projects / scans.
View, add, modify, delete issues; search by title or full text.
Select specific issues and generate a focused report.
Multi-platform (C++).
Imports from Nessus, Burp, OWASP ZAP, Nipper, Surecheck, NMap.
Imports XML/database files into the current issue DB.
Offline library: CVE, CWE, OWASP, RFC, CAPEC, SANS (in development).
Exports to HTML, TXT, XML, PDF, ODT/ODS.
Filtering on import & export.

AutoNMap

/ T. Dohrnii

Automate and analyse NMap scans — flexible scope, parallel runs, merged reports.

LicenseFreeware

DomainPen Testing

Status● Released

Version1.2

ReleasedJun 2014

v1.2 — Linux 64-bit v1.0 — Linux 32-bit Release notes →

Overview

Automates various NMap scans and analyses all NMap results in a directory.
Merges results to generate a report of open ports identified across scans.
Multi-platform (C++).
Flexible scope import — manual, file/list or range.
Analysis & report generation for previous/past scans.
HTML (with tables) and CSV output.

02 · Older

Legacy software

archived but still useful

sqlmapGUI

/ a friendly face for sqlmap

GUI for sqlmap — surfaces almost every option, validates incompatibilities, generates the command for use elsewhere.

LicenseFreeware

DomainPen Testing

Status● Released

Version2.4.0

ReleasedOct 2012

Windows · 5.84 MB BT5 Qt4.7.0 · 298 KB Release notes →

Overview

Multi-platform.
Graphical interface with almost all options exposed.
Checks for incompatible options.
Surfaces most possibilities for every available option.
Options from the latest development build.
References for studying SQL injection & mitigation.
Can generate the sqlmap command for use elsewhere (SSH/CLI).

Acknowledgements

Many thanks to David Wood & Daniele Costa @ NCC for valuable feedback.
Special thanks to Bernardo Damele for his detailed review.

More screenshots

Concute

/ CONcurrent exeCUTEr

Run a command on a set of entities in parallel using threading — saves time on bulk operations.

LicenseFreeware

DomainPen Testing

Status● Beta

Version2.0

ReleasedOct 2011

Linux executable (v2)

Advantages

Execute a command on multiple entities at the same time — saves time.
Preset commands for various tasks (see documentation).
Optional sequential execution.
All output saved as text files in a folder; unique names prevent overwrite.
One-click navigation between entity outputs via HTML index.

Roadmap

More pre-built commands.
Multiple-command selection (v3.0).
Command-line version for scripting (cmdconcute).
Scheduled execution.