SpiderLabs Toolset for Pentesting
SpiderLabs has developed dozens of tools over the years. Most of them end up as internal-only tools since they eventually make their way into one of Trustwave’s product offerings. Recently, we have decided to showcase some of these tools and provide them as Open Source to the information security community. The tools have been made available without warranty and are available under the GNU General Public License as published by the Free Software Foundation.
- ackack : A program to monitor network traffic and detect unauthorized sessions. Provides the ability to send alerts based on source and/or duration of each session, which aids in the detection of malware such as botnets and bind shells.
- batchyDNS: A reconnaissance tool that can quickly discover hostnames from a list of IP addresses.
- Deblaze: Through the use of the Flex programming model and the ActionScript language, Flash Remoting was born. Flash applications can make request to a remote server to call server side functions, such as looking up accounts, retrieving additional data and graphics, and performing complex business operations. However, the ability to call remote methods also increases the attack surface exposed by these applications. Deblaze, a tool written in Python, will allow you to perform method enumeration and interrogation against flash remoting end points. The current development site for this tool is http://deblaze-tool.appspot.com/.
- Deface: DefaceTool is an open-source Java Server Faces(JSF)testing tool for decoding view state and creating view state attack vectors. The tool can be used to create XSS attacks and session and application scope attacks against Apache MyFaces 1.2.8 applications. The tool has been architected to be extensible and can be modified to support other versions of Apache MyFaces and Sun Mojarra.
- Grendel-Scan: Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual application penetration testing. The current development site for this tool is located at http://www.grendel-scan.com/
- VNC Authentication Scanner: A tool built using the NMAP Scripting Engine to detect VNC servers on a network with authentication set to "None". The tool will scan 1500 hosts in 90 seconds.
- WS-DNS-BFX: A tool to quickly extract DNS hostnames from sites that refuse DNS transfers. Utilizing a dictionary file and concurrent threads, this program can produce a list of hostnames for most domains in under a minute. Supports both IPv4 and IPv6, and includes logic to extract multiple IP addresses from sites that employ high-availability (HA) and network load balancing (NLB) technologies.