Peludo is a system that provides a toolchain and a runtime to create and launch self-contained, platform independent, injectable, network transportable, non-static applications that can be dynamically extended on-demand. From a security assessment perspective, it could be seen as a tool to create advanced payloads: entire libraries and multithreading programs can be deployed over the network without touching the target file system.
Metasploit Express is security software for security professionals in enterprises and government agencies who need to carry out penetration tests against their systems quickly and easily. It adds a graphical user interface to the Metasploit Framework, the de-facto leader in pentesting tools, and automates many of the tasks that otherwise require custom scripting, such as smart brute forcing, evidence collection, and reporting.
Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don't use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you.
creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown, accompanied with relevant information (i.e. what was posted from that specific location) to provide context to the presentation.
Inguma is a penetration testing and vulnerability research toolkit. The framework includes modules that discover hosts, gather information, fuzz targets, brute force user names and passwords and attempt exploits. While the current exploitation capabilities are limited, the program provides numerous tools for information gathering and target auditing.
NetSecL ToolSet is a sub-project of NetSecL Linux containing all penetration tools as in the live CD of NetSecL Linux. The goal of this sub-project is to have a minimal Linux distribution in VM with a shh webshell (ajaxterm), no GrSecurity or hardening as in the live CD. After starting the appliance you can use it remotely via ssh or via Web browser.
Username-Anarchy is a commandline tool for the generation of usernames based on the users' real names. This is useful for user account/password brute force guessing and username enumeration when usernames are based on the users’ names. By attempting a few weak passwords across a large set of user accounts, user account lockout thresholds can be avoided. Common aliases (or self-chosen usernames) from forums are also included. Features include a plugin architecture, format string-style username formats, and substitutions. When only a first initial and lastname is known (LinkedIn lists users like this), it will attempt all possible first names, common first and last names from various countries (from Familypedia and PublicProfiler), and an exhaustive list of first and lastnames from Facebook. This also includes usernames scraped from forums, ordered by popularity.
Bletchley is a real-world cryptanalysis framework. It was created to assist with the detection, analysis, and exploitation of cryptographic flaws and aims to help automate the tedious aspects of this analysis while leaving the security expert in control of the process. It features automated token encoding detection (36 encoding variants), passive ciphertext block length and repetition analysis, a script generator for efficient automation of HTTP requests, and a flexible, multithreaded padding oracle attack library with CBC-R support.