Local Pentest Transform Package - Sploitego

Sploitego is a local pen-test transform package that uses the Canari Framework for local transform execution in Maltego. The framework was first introduced at DEFCON 20 and has since picked up steam.

Sploitego has currently been tested on Mac OS X and Linux.


Sploitego is only supported on Python version 2.6. The setup script will automatically download and install most of the prerequisite modules, however, some modules will still need to be installed manually.

Some of the transforms require external command-line tools (e.g. nmap, amap, p0f, etc.). The following command-line tools are currently supported:

ºNmap version 5.51: Download
ºP0f version 3.05b: Download
ºAmap version 5.4: Download
ºMetasploit: Download
ºNessus: Download

Download  Sploitego

Read More

Anonymous - A Guerra no Brasil 2016 (The War in Brazil)

ºWe are Anonymous.
ºWe are Legion.
ºWe do not forgive.
ºWe do not forget.
ºExpect us.

By OffensiveSec

Read More

The movie - They Live (Portuguese) 1988

John (Roddy Piper) is a handyman who comes to Los Angeles and finds work in a factory. During an unprecedented crackdown, police destroyed an entire block of the slum where he lives. In the confusion Nothing is seemingly ordinary sunglasses, but using them can see hideous alien creatures disguised as humans, as well as the subliminal messages they convey through the media in general. Nothing realize that the invaders are already controlling the planet and, along with his co-worker Frank ( Keith David ) , decides to engage in the resistance movement, which is persecuted as subversive by the police.

(Update)By OffensiveSec

Read More

Portable Linux Auditing CD

PLAC is a business card sized bootable cdrom running linux. It has network auditing, disk recovery, and forensic analysis tools. ISO will be avialable and scripts to roll you own cd.

Download PLAC

Read More

Bootable Forensics - snarl

snarl is a bootable forensics ISO based on FreeBSD and using @stake's autopsy and task as well as scmoo's list of known good checksums. Once you boot the iso just log in as root there is no password. You will boot into a dialog driven menu. select the first option and choose the checksum set for the OS you are auditing. this will convert the schmoo checksum database into a format that autopsy understands. Then select the second option. this will configure and start autopsy. Then select the third option and links will be launched browsing the autopsy page. You can also select exit and use the large collection of security related ports.

Download snarl

Read More

Data Wiping Software - DBAN

DBAN is free erasure software designed for the home user. It automatically deletes the contents of any hard disk that it can detect. This method prevents identity theft before recycling a computer. DBAN is also a commonly used solution to remove viruses and spyware from Microsoft Windows installations.

DBAN users should be aware of some product limitations, including:

ºNo guarantee of data removal (e.g. DBAN does not detect or securely erase SSDs)
ºNo audit-ready reporting for regulatory compliance
ºLimited hardware support (e.g. no RAID dismantling)
ºNo customer support or regular software updates

Download DBAN

Read More

ATTENTION-DEFICIT-DISORDER - ADD

ADD is a physical memory anti-analysis tool designed to pollute memory with fake artifacts. This tool was first presented at Shmoocon 2014. Please note that this is a proof of concept tool. It forges OS objects in memory (poorly). It would be easy (very easy) to beat with better tool development. The tools would only need to provide better sanity checks of objects discovered during scanning. In that case, further development on ADD would be needed to beat new versions of forensics tools.

Download ADD

Read More

OWASP - mantra

Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers, security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. Mantra is a security framework which can be very helpful in performing all the five phases of attacks including reconnaissance, scanning and enumeration, gaining access, escalation of privileges, maintaining access, and covering tracks. Apart from that it also contains a set of tools targeted for web developers and code debuggers which makes it handy for both offensive security and defensive security related tasks.

Mantra is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.

The Mantra is a powerful set of tools to make the attacker's task easier. The beta version of Mantra Security Toolkit contains following tools built onto it. You can also always suggest any tools/ scripts that you would like see in the next release.


º Access Me
º Add N Edit Cookies+
º Chickenfoot
º CookieSwap
º DOM inspector
º Domain Details
º Firebug
º Firebug Autocompleter
º Firecookie
º FireFTP
º Firesheep
º FormBug
º FoxyProxy
º Google Site Indexer
º Greasemonkey
º Groundspeed
º HackBar
º Host Spy
º HttpFox
º iMacros
º JavaScript Deobfuscator
º JSview
º Key Manager
º Library Detector
º Live HTTP Headers
º PassiveRecon
º Poster
º RefControl
º Refspoof

º RESTClient
º RESTTest
º Resurrect Pages
º Selenium IDE
º SQL Inject ME
º Tamper Data
º URL Flipper
º User Agent Switcher
º Vitzo WHOIS
º Wappalyzer
º Web Developer
º XSS Me

Download mantra

Read More

Secure data destruction - wipe

Wipe is a secure file wiping utility. There are some low level issues that must be taken into consideration. One of these is that there must be some sort of write barrier between passes. Wipe uses fdatasync(2) (or fsync(2)) as a write barrier, or if fsync(2) isn't available, the file is opened with the O_DSYNC or O_SYNC flag. For wipe to be effective, each pass must be completely written. To ensure this, the drive must support some form of a write barrier, write cache flush, or write cache disabling. SCSI supports ordered command tags, has a force media access bit for commands, and write cache can be disable on mode page 8. IDE/ATA drives support write cache flushes and write cache disabling. Unfortunetly, not all drives actually disable write cache when asked to. Those drives are broken. 

Download wipe

Read More