I have been working on two public projects in Python.
The first, Tuoni, is a web attacking program.
Tuoni currently has the following capabilities:
- Shellshock attack
- Directory fuzzer
- Session hijacker
- Get robots.txt file
- Test file upload ability
- Whois lookups
- Zone transfers
- Web spidering
- Banner grabbing
The second, Cryptan, is a cryptography suite.
Cryptan currently has the following capabilities:
* Format conversion: Hex, Ascii, Decimal, Octal, Binary
* XOR Encryption/Decryption
* Caesar Cipher Encryption/Decryption
* Caesar Cipher Brute-force Decryption
* Single Byte XOR Decryption
* Single Character XOR Detection & Decryption
* Repeating-Key XOR (Vigenere) Decryption
* AES-ECB Detection
* AES-ECB Decryption
* PKCS#7 Padding
* AES-CBC Decryption
Tuoni is a great tool for the first stages of information gathering. With it, you can discover directories, test for the ability of uploading files (which can lead to uploading a reverse shell), and also attempt a shellshock attack and session hijacking.
Cryptan is a great tool for your cryptography needs. Most wargames and capture the flags include cryptography challenges that involve Cryptan’s functionalities in one way or another. For real-life testing, most devices actually have very basic cryptography implementations, so Cryptan can easily decrypt whatever it is they are trying to encrypt.
These are open-ended projects. There is still much to add. As is, they work great.
One thought on “Tuoni Web Attacking Program and Cryptan Cryptography Suite”