Special Targets
Hardware and IOT
IPV6 and ICMPV6
thc-ipv6 - Attack toolkit for testing IPv6 and ICMPv6 protocol weaknesses.
www.thc.org/thc-ipv6/
Cisco Products
A mass Cisco scanning tool.
Perl script which scans cisco routers for common vulnerabilities.
Cisco Global Exploiter (CGE), is an advanced, simple and fast security testing tool.
Cisco device vulnerability scanner
Cisco copy-router-config
Copies configuration files from Cisco devices running SNMP.
VoIP (SIP)
SeeYouCM-Thief - Simple tool to automatically download and parse configuration files from Cisco phone systems searching for SSH credentials. Will also optionally enumerate active directory users from the UDS API.
sipvicious - SIPVicious OSS is a set of security tools that can be used to audit SIP based VoIP systems. Specifically, it allows you to find SIP servers, enumerate SIP extensions and finally, crack their password.
protos-sip - The purpose of this test-suite is to evaluate implementation level security and robustness of Session Initiation Protocol (SIP) implementations.
iaxflood - Voip flooding tool
ohrwurm - ohrwurm is a small and simple RTP fuzzer that has been successfully tested on a small number of SIP phones.
siparmyknife - SIP Army Knife is a fuzzer that searches for cross site scripting, SQL injection, log injection, format strings, buffer overflows, and more.
sipp - SIPp is a free Open Source test tool / traffic generator for the SIP protocol.
sipsak - sipsak is a small command line tool for developers and administrators of Session Initiation Protocol (SIP) applications. It can be used for some simple tests on SIP applications and devices.
Lync Server
lyncsmash - A collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations
LyncSniper - LyncSniper is a tool for penetration testing Lync and Skype for Business deployments hosted either on premise or in Office 365.
Thick Clients
https://github.com/secvulture/dvta - Damn Vulnerable Thick Client App
Mobile Devices
OWASP Mobile Security Testing Guide - Bernhard Mueller et al.
Mobile-Security-Framework-MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
quark-engine - Quark-Engine is a full-featured Android analysis framework written in Python for hunting threat intelligence inside the APK, DEX files.
Hacking: The next generation - Abusing mobile devices: Targeting your mobile workforce, pg. 149
Networking Devices
RouterHunterBR - Unauthenticated Remote DNS change/ users & passwords.
routersploit - an open-source exploitation framework dedicated to embedded devices
Printers
Last updated