Overview:
  • Performs 30 checks at present. For an overview click here.
  • Works on https, pop3s, imaps, smtps, rdp, ldaps.
  • Very flexible input handling - 4 types supported: IP/host, IP range, file with IP/host list and NMap XML.
  • Integrates multiple tools to gather information.
Advantages:
  • Check all issues on SSL including ciphers, certificates and configuration issues.
  • Cipher issues: sslv2 support, weak ciphers.
  • Certificate issues: self-signed, wild card, expiration, use of weak cryptography.
  • Configuration issues: CRIME, BEAST, renegotiation, resumption.
  • Web server issues: HSTS and other security related headers, Heartbleed, banners, cache settings.
  • Validity checker: For scanning a huge range with focus only on validity.
  • Internal timer to identify time-outs/errors according to the response of the server.
  • Detailed and professional reporting with mitigation procedures for identified issues.
Sample reports:
  Sample Audit Report     Sample Validity Report

Overview:
  • Nothronychus is a software that helps in generating reports for various issues using a repository
  • This helps in generating a standard report across multiple projects / scans
  • A generic tool to view, add, modify, delete the text for the issues. Ability to search only in the title or in the entire text
  • Ability to select issues and generate report for only selected issues
  • Multiple platform support (C++ code)
  • Import reports from Nessus, Burp, Owasp ZAP, Nipper, Surecheck, Nmap
  • Import generated XML or other database files into the current issue database
  • Offline Library - Library of CVE, CWE, OWASP, RFC, CAPEC, SANS (under development)
  • Export to HTML, TXT, XML and PDF, ODT/ODS (Open Document)
  • Filtering of issues to import and export

Overview:
  • It automates various NMap scans and can also analyse all NMap results in a directory
    and merges them to generate a report of open ports identified in the scans
  • Multiple platform support (C++ code)
  • Flexible import of scope (manual, file/list or range
  • Analysis and report generation for previous/past scans
  • HTML (with tables) and CSV

Overview:
  • Multi Platform
  • Graphical Interface with almost all the options present
  • Checks for any incompatible options
  • Gives most possiblities for every option available
  • Options from the latest development build
  • List of references to study about the SQL injection and its mitigation
  • Can be used to generate sqlmap command for use elsewhere [SSH/Command line]
To Do:
  • 1-click install of python plugins
  • Saving and loading of options on the interface
  • Enhance output display
  • URL history on the target tab
Acknowledgements:
  • Many thanks to David Wood@NCC and Daniele Costa@NCC for their valuable feedback
  • Special thanks to Bernardo Damele for his detailed feedback
More Screenshots:
  Tab 1 - Target   Tab 2 - Scan Settings   Tab 3 - Enumeration   Tab 4 - Output   Tab 5 - Settings

Advantages:
  • Execution of a command on multiple entities at the same time [saves time]
  • Preset commands with options for various tasks [refer documentation]
  • Option to run sequentially, if required
  • All output saved as text files in a folder
  • Multiple executions of the tools will not overwrite the outputs from previous executions [unique names]
  • Easy to navigate/change from the output of one entity to another [one click - HTML index]
To Do:
  • Inclusion of more pre-built commands
  • Selection of multiple commands [Version 3.0]
  • Command Line version for scripting [cmdconcute]
  • Schedule the execution of the command
More Screenshots:
  Concute2 Main Interface   Sample Pre-built Commands