WarBerryPi alternatives

Chiron is a security assessment framework for IPv6. It provides several modules including an IPv6 scanner, IPv6 Local Link, IPv4-to-IPv6 proxy, IPv6 attack module, and IPv6 proxy. These modules help to perform an assessment, like a penetration test.

The tool uses IPv6 extension headers to create a headers chain. This may allow evading security devices like IDS, IPS, and firewalls. Due to the flexibility of the framework, the tool can also be used to perform fuzzing of the IPv6 stack of a device.

Btlejack is a security tool that provides all options to sniff, jam, and hijack Bluetooth Low Energy (BLE) devices. It can be used during security assessments to test the security of devices that use Bluetooth as a communication protocol.

This tool lacks documentation, so the review is limited at this moment.

This security tool enables the user to perform hop enumeration (similar to traceroute). Instead of sending actual packets, it uses an established TCP connection.

Wireshark is a mature project with many users all over the world. Its library is stable and can be used by both graphical as text-based interfaces. With many books and even conferences around the subject, this tool is a safe bet to have in your toolbox.

Expliot is a framework to perform security testing and exploitation of IoT infrastructure and IoT devices. It comes with a set of tests in the form of plugins. The framework can be extended by creating custom plugins. As you may expect from a tool like Expliot, the typical communication protocols and message buses are supported. Examples include CANBus, BLE, MQTT, CoAP. In other words, enough acronyms for those familiar with the technology.

EAPHammer is a toolkit to perform a targeted evil twin attack against WPA2-Enterprise networks. It can be used during security assessments of the wireless network. The focus of EAPHammer is to provide a powerful interface while still being easy to use.

The attacks and features that EAPHammer supports are evil twin and karma attack, SSID cloaking, steal RADIUS credentials (WPA-EAP and WPA2-EAP), and hostile portal attacks to capture Active Directory credentials or perform indirect wireless pivots.

EAPHammer has an extensive set of features and comes with several WiFi related attacks. The GitHub page of the project has good documentation on the types of attacks and the requirements to perform them.

Wifiphisher would have a good usage in security assessments to obtain credentials. In that regard it is considered to be an offensive tool, especially considering it could be used to infect the systems of victims with malware. Wifiphisher is not a brute forcing tool, but more focused to perform a social engineering attack.

This toolkit focuses on several aspects:

• Testing: Test WiFi devices and capabilities of the driver
• Monitoring: Packet capture and data export
• Attacking: Perform replay attacks, de-authentication, set up fake access points, and perform packet injection
• Cracking: Perform attacks on WEP and WPA PSK (WPA 1 and 2)

Tools like Airgeddon can be used to test the security of wireless networks. It is flexible and written in shell script, making it fairly easy to understand what is does and how it works.

Trackerjacker is a security tool to map WiFi networks that you are not connected to. It allows mapping and tracking of devices using the 802.11 protocol. It may be useful for intelligence gathering or performing specific WiFi attacks, such as a deauthentication attack. The tool comes with plugin support so that it can interact with other tools. For example, when a particular event occurs it can be picked up by another tool.

Termineter is a framework written in Python to assist with testing the security of smart meters. It can be used during development or afterward to test supported devices.

Domain Analyzer is an information gathering tool and comes in handy for reconnaissance. This can be useful for doing penetration testing or evaluating what information is publically available about your own domains. Some pieces of information that can be discovered include DNS servers, IP addresses, mail servers, SPF information, open ports, and more.

Wappalyzer can be a useful asset when performing reconnaissance on a particular target like a web application or website. It helps to find what software is used to run a particular page. Components that can be detected are the content management system (CMS), JavaScript framework, e-commerce software, web server, and more.

APT2 stands for Automated Penetration Testing Toolkit.

APT2 performs a scan with Nmap or can import the results of a scan from Nexpose or Nessus. The processed results will be used in the second phase. This phase launches exploit and enumeration modules. It helps pentesters to automate assessments and tasks.

Suggested components to have installed: convert, dirb, hydra, java, john, ldapsearch, msfconsole, nmap, nmblookup, phantomjs, responder, rpcclient, secretsdump.py, smbclient, snmpwalk, sslscan, xwd

BeEF is used by penetration testers to assess the security of a system by leveraging the web browser. This makes the tool different to many other tools, as it ignores the security on network or system level. It uses command modules from within the web browser to perform requested attacks against the system.

Faraday helps teams to collaborate when working on penetration tests or vulnerability management. It stores related security information in one place, which can be easily tracked and tested by other colleagues.

OWTF is short for Offensive Web Testing Framework and it is one of the many OWASP projects to improve security.

PTF or the PenTesters Framework is a Python script to keep your penetration testing toolkit up-to-date. It is designed for distributions running Debian, Ubuntu, Arch Linux, or related clones. PTF will do the retrieval, compilation, and installation of the tools that you use. As it is a modular framework, you can use many of the common pentesting tools or add your own tools.

SearchSploit is a small by OffensiveSecurity to search for exploits and related data in the exploit database (Exploit-DB). This may help penetration testers in their security assignments.