Tuoni Web Attacking Program and Cryptan Cryptography Suite

I have been working on two public projects in Python.

The first, Tuoni, is a web attacking program.

Tuoni currently has the following capabilities:

• Shellshock attack
• Directory fuzzer
• Session hijacker
• Get robots.txt file
• Test file upload ability
• Whois lookups
• Zone transfers
• Web spidering
• Banner grabbing

The second, Cryptan, is a cryptography suite.

Cryptan currently has the following capabilities:

* Format conversion: Hex, Ascii, Decimal, Octal, Binary
* XOR Encryption/Decryption
* Caesar Cipher Encryption/Decryption
* Caesar Cipher Brute-force Decryption
* Single Byte XOR Decryption
* Single Character XOR Detection & Decryption
* Repeating-Key XOR (Vigenere) Decryption
* AES-ECB Detection
* AES-ECB Decryption
* PKCS#7 Padding
* AES-CBC Decryption

Tuoni is a great tool for the first stages of information gathering. With it, you can discover directories, test for the ability of uploading files (which can lead to uploading a reverse shell), and also attempt a shellshock attack and session hijacking.

Cryptan is a great tool for your cryptography needs. Most wargames and capture the flags include cryptography challenges that involve Cryptan’s functionalities in one way or another. For real-life testing, most devices actually have very basic cryptography implementations, so Cryptan can easily decrypt whatever it is they are trying to encrypt.

These are open-ended projects. There is still much to add. As is, they work great.