Gateway-finder is a scapy script that will help you determine which of the systems on the local LAN has IP forwarding enabled and which can reach the Internet. This can be useful during Internal pentests when you want to quickly check for unauthorised routes to the Internet (e.g. rogue wireless access points) or routes to other […]


timing-attack-checker is a simple PERL script that helps you check for timing attacks. The most common form of timing attack I’ve noticed while pentesting is that the server may take longer to respond to a valid username than to an invalid username.  This can be handy for bruteforcing a list of valid usernames.  I’ll work […]

Bootparamd Client for Linux

See this blog post for download link and installation instructions.

Rexd Client For Linux

Full details about “on”, the rexd client can be found on this blog post.


Basically tries lots of combinations of local and remote usernames to execute commands via RSH. Download SHA1sum: f1b37abb6ad54df775c1cf194ab91fd41d607f1f MD5sum: 2ecae8730f89c697f2512181ded3842f User documentation is also available in PDF format.


Tool for performing lots of DNS queries quickly. Download dns-grind v1.0 here. SHA1sum: db2beb7ca6caf4343f81936d78617f02b87da024 MD5sum: f145a5acf5cc53507d9be147adbe384e User documentation is also available in PDF format.


TCP Half-open port scanner / fast ICMP scanner. Some limited support for UDP scans too. It’s beta, but still kinda useful. Download Yapscan v0.7.4-beta as tar.gz. Recent changes are detailed in the CHANGELOG. Update: You’re better off using the SVN copy on google code.  It’s more up to date. MD5 and SHA1 checksums are the […]