Miscellaneous Tools

• 6thSense: 6thsense is a TCP port scanning technique which allows you to remain completely invisible to the scanned host, as described in a Bugtraq post by Antirez. This Perl script automates the tedious process.

• BiLE-Publig: BiLE stands for Bi-directional Link Extraction. It is used in the footprinting process to find non-obvious relationships between different web sites.

• BiLE-suite: The BiLE suite includes a couple of Perl scripts used in enumeration processes. It featured in the Penetration Tester's Open Source Toolkit book.

• Decoyblues: decoyblues.pl is a denial of service attack against active firewalls. It works by creating a lot of decoys with nmap. The router/firewall will try to block all the (decoyed) IP numbers, eventually running out of access list/packet filters, and possibly crashing, or overwriting access lists.

• desperate: Desperate is a collection of tools used to extract user names via EXPN and finger, and obtaining IP addresses via "brute force" DNS lookups. Contains lists of commonly used usernames and DNS names. Coded in Perl.

• finder: finder.pl remotely checks IIS Servers for most of the methods used by WebDAV. If the server does not complain about the method, it is an indication that WebDAV is in use.

• go: go.pl allows you to scan ports through a misconfigured Squid proxy.

• MonSoen: MonSoen.py proxy server network scanner and tunnelling tool. You can learn more from our original Monsoen blog post.

• mpdchecker: Mpd (or MethodPerDirectory) is a Python script that can be used to confirm the presence of HTTP methods per directory. MpdChecker can be pointed to both port 80 and 443 instances.

• pudding: Pudding is a proxy which recodes HTTP requests using most of RFP's IDS evasion encoding methods, plus random UTF-8 encoding support. Allows any web aware program/exploit/cgi-scanner to evade IDS without modification of the original code. Encoding methods include all uppercase, hex encoding, /./ directory insertion, fake parameters, premature URL endings, windows delimiters, and random UTF-8 encoding.

• sensedecode: sensedecode includes 2 Perl scripts which exploit the IIS URL decoding bug. Decodecheck.pl checks for hosts that have the "decode" problem and decodexecute executes code using the decoding problem, with redirection.

• SP-DNS-mine.pl: SP-DNS-mine.pl uses Google to extract sub-domains and DNS names for a given domain. This Perl script features in Johnny Long's book Google Hacking for Penetration Testers.

• sr.pl: CheckPoint FireWall-1's SecureRemote allows any IP to connect and download sensitive network information. This Perl script gives a potential attacker a wealth of information including IP addresses, network masks (and even friendly descriptions).

• unitools: unitools contains two Perl scripts: unicodeloader.pl uploads files to a vulnerable IIS site and unicodexecute3.pl includes searches for more executable directories and is more robust and stable.