This is a collection of tools which might be useful for you, if you are a pentester or security consultant. All source code published on this website is licensed under the FreeBSD license.

Use the software at YOUR OWN RISK.
It is the user's responsibility to obey all applicable laws. The developer or Encripto AS assume no liability, and are not responsible for any misuse or damage caused by the software.

Do not download or use the software, if you do not agree with such license terms and conditions.

Maligno v2.1

Maligno is an open source penetration testing tool written in Python that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded prior to transmission.

Maligno also comes with a client tool, which supports HTTP, HTTPS and encryption capabilities. The client is able to connect to Maligno in order to download an encrypted Metasploit payload. Once the shellcode is received, the client will decode it, decrypt it and inject it in the target machine.

The client-server communications can be configured in a way that allows you to simulate specific C&C communications or targeted attacks. In other words, the tool can be used as part of adversary replication engagements.

Are you new to Maligno? Check our ongoing Maligno Video Series with examples and tutorials.

Changelog: Client WPAD support added with unauthenticated and NTLM-authenticated proxies, payload ID via cookie parameter support added, failsafe mode added, standalone client generation added, new adversary replication profile added, new web server error template added, minor improvements.

Important: Configuration files or profiles made for Maligno v2.0 are not compatible with Maligno v2.1.

sha-256sum: b9eda40dc7133d2369b344300b056ee97cf546f41848fcb8094cb573d87b5007


Persongen v0.4

Persongen is a tool that generates Norwegian Social Security Numbers (SSNs). It implements Wikipedia's algorithm for calculating SSNs. SSNs are generated based on a given date of birth, gender, and SSN type. As you may guess, Persongen can be useful for testing applications which handle Norwegian SSNs.

Changelog: Output coloring, update detection routine and other minor improvements.

sha-256sum: 024803d511f5eacb51f8eb11825e35a7303420eb4368d7f31853a800a904ef7c


Inteno DG301 Command Injection PoC

This is a Proof of Concept (PoC) that illustrates a command injection vulnerability affecting Inteno DG301 residential gateways, discovered by Juan J. Güelfo at Encripto AS.

sha-256sum: 676c063a123bb6632d0c3722f2eb7566064d177f5285af48d6fca8019e6a8363


Netgear ProSafe PoC - CVE-2013-4775 & CVE-2013-4776

This is a Proof of Concept (PoC) that illustrates two vulnerabilities affecting Netgear ProSafe switches (CVE-2013-4775 & CVE-2013-4776), discovered by Juan J. Güelfo at Encripto AS.

sha-256sum: 7800b6ff437edfd74ac359c57731415a147812ee00c20f33d3f83f604b154189


@encriptoPostboks 2017, 6028 Ålesund, Norge