Exploit Engines


















      Security Forest


Pen Testing Framework:


Pen Test Framework 






Pre-site Template


Pre-site Template


Report Template


Report Template


Compliance Testing




DNS Tools


Exploiting NFS


IT Threats


Routing Registries


RSS Feed


Online Trace Route






Not exactly an exploit engine per see but a massive suite of tools, 222 to be exact that gives you the ability to carry out a number of services including enumeration, spoofing, brute forcing and also comes with a number of pre-built udp/ tcp clients/ servers etc.


A full listing of all the available tools in the suite:


1:Display network configuration

2:Display debugging information

3:Display information about an IP address or a hostname

4:Display information about an Ethernet address

5:Obtain Ethernet addresses of computers in an IP list

6:Display how to reach an IP address


8:Sniff and display open ports

9:Sniff and display Ethernet addresses

10:Sniff and display network statistics

11:Sniff and verify checksums

12:Display which values to use for netwox parameters

13:Obtain DLT type for sniff and spoof for each device

14:Spoof a record

15:Display content of a record

16:Convert a record

17:Recompute checksums of packets in a record

18:Reassemble IP packets of a record, and reorder TCP flow

19:Extract a range of packets from a record

20:Search for strings in packets from a record

21:Convert a number

22:Convert a string

23:Display ASCII table

24:Convert IP addresses ranges

25:Test if a directory is secure

26:Dump a file

27:Compute MD5 of a file

28:Convert a binary file to readable and editable file

29:Convert a readable and editable file to a binary file

30:Convert a file from unix to dos

31:Convert a file from dos to unix

32:Spoof Ethernet packet

33:Spoof EthernetArp packet

34:Spoof EthernetIp4 packet

35:Spoof EthernetIp4Udp packet

36:Spoof EthernetIp4Tcp packet

37:Spoof EthernetIp4Icmp4 packet

38:Spoof Ip4 packet

39:Spoof Ip4Udp packet

40:Spoof Ip4Tcp packet

41:Spoof Ip4Icmp4 packet

42:Spoof of packet samples : fragment

43:Spoof of packet samples : fragment, ip4opt:noop

44:Spoof of packet samples : fragment, ip4opt:rr

45:Spoof of packet samples : fragment, ip4opt:lsrr

46:Spoof of packet samples : fragment, ip4opt:ts

47:Spoof of packet samples : fragment, ip4opt:ipts

48:Spoof of packet samples : fragment, ip4opt:ippts

49:Ping ICMP

50:Ping ICMP (EthIP spoof)

51:Ping TCP

52:Ping TCP (EthIp spoof)

53:Ping UDP

54:Ping UDP (EthIp spoof)

55:Ping ARP

56:Ping ARP (EthIp spoof)

57:Traceroute ICMP

58:Traceroute ICMP (EthIP spoof)

59:Traceroute TCP

60:Traceroute TCP (EthIp spoof)

61:Traceroute UDP

62:Traceroute UDP (EthIp spoof)

63:Traceroute on a specified IP protocol

64:Traceroute on a specified IP protocol (EthIp spoof)

65:Scan ICMP

66:Scan ICMP (EthIP spoof)

67:Scan TCP

68:Scan TCP (EthIp spoof)

69:Scan UDP

70:Scan UDP (EthIp spoof)

71:Scan ARP

72:Scan ARP (EthIp spoof)

73:Simulate presence of a/several computer/s (arp and ping)

74:Flood a host with random fragments

75:Fill table of a switch using a flood of Ethernet packets


77:Check if seqnum are predictible

78:Reset every TCP packet

79:Acknowledge every TCP SYN

80:Periodically send ARP replies

81:Send an ICMP4 timestamp

82:Sniff and send ICMP4/ICMP6 destination unreachable

83:Sniff and send ICMP4/ICMP6 time exceeded

84:Sniff and send ICMP4/ICMP6 parameter problem

85:Sniff and send ICMP4 source quench

86:Sniff and send ICMP4/ICMP6 redirect

87:TCP client

88:UDP client

89:TCP server

90:UDP server

91:TCP server multiclients

92:UDP server multiclients

93:TCP remote administration server

94:TCP remote administration client (exec)

95:TCP remote administration client (get file)

96:TCP remote administration client (put file)

97:SYSLOG client

98:Flood a host with syslog messages

99:TELNET client

100:TELNET client executing one or several commands

101:Brute force telnet client

102:Query a DNS server

103:Obtain version of a Bind DNS server

104:DNS server always answering same values

105:Sniff and send DNS answers

106:Send an email

107:Post a newsgroup message

108:List newsgroups available on a server

109:Download one, or more, newsgroup messages

110:Ethernet bridge limiting flow

111:FTP listing a directory

112:FTP client : get a file

113:FTP client : put a file

114:FTP client : del a file

115:FTP client : get a directory recursively

116:FTP client : put a directory recursively

117:FTP client : del a directory recursively








125:HTTP server

126:HTTP remote administration server

127:Cypher/decypher a file using a xor

128:Split a file in smaller chunks

129:Reassemble chunks of a file

130:Brute force ftp client

131:Brute force http client (site password)

132:Brute force http client (proxy password)

133:Convert an url/uri

134:Obtain urls/uris in a HMTL file

135:Convert urls/uris in a HMTL file to absolute urls

136:Web download (http://... or ftp://...)

137:Create a sample configuration file for tool 138

138:Web spider (use configuration file created by tool 137)

139:Web spider on command line (fully recursive)

140:Spoof EthernetIp6 packet

141:Spoof EthernetIp6Udp packet

142:Spoof EthernetIp6Tcp packet

143:Spoof EthernetIp6Icmp6 packet

144:Spoof Ip6 packet

145:Spoof Ip6Udp packet

146:Spoof Ip6Tcp packet

147:Spoof Ip6Icmp6 packet

148:Ping ICMP6 Neighbor Discovery

149:Ping ICMP6 Neighbor Discovery (EthIp spoof)

150:Scan ICMP6 Neighbor Discovery

151:Scan ICMP6 Neighbor Discovery (EthIp spoof)

152:Interactive IRC client

153:IRC client listing channels

154:IRC client listening on a channel

155:Network performance measurement : TCP server

156:Network performance measurement : TCP client

157:Network performance measurement : UDP server

158:Network performance measurement : UDP client

159:SNMP Get

160:SNMP Walk

161:SNMP Trap

162:SNMP Trap2

163:SNMP Inform

164:SNMP Set

165:TFTP client : get a file

166:TFTP client : put a file

167:TFTP server

168:FTP server

169:Display simple network configuration easy to parse

170:TELNET server

171:DHCP client

172:List articles range of a newsgroup

173:Download overview of one, or more, newsgroup messages

174:FTP client : get a file and check its MD5

175:Web download (http://... or ftp://...) and check its MD5

176:TFTP client : get a file and check its MD5

177:Check if a SMTP server is up

178:Check if an IRC server is up

179:DHCP client requesting an INFORM

180:SNTP client obtaining time

181:SNTP server

182:Obtain size of a web file (http://... or ftp://...)

183:TCP relay

184:UDP relay

185:TCP multiclient relay

186:Millisecond sleep

187:Display date and time

188:SYSLOG server

189:SMTP server

190:Make coffee

191:Generate a password (English, French, Spanish)

192:Spoof of packet samples : fragment, ip4opt:ssrr

193:IDENT client requesting info about an open session

194:IDENT client creating a session and requesting its info

195:IDENT server

196:WHOIS client

197:WHOIS client guessing server

198:SMB/CIFS client: list shares

199:SMB/CIFS client: create a directory

200:SMB/CIFS client: delete a directory

201:SMB/CIFS client: rename a directory

202:SMB/CIFS client: list contents of a directory

203:SMB/CIFS client: delete a file

204:SMB/CIFS client: rename a file

205:SMB/CIFS client: get a file

206:SMB/CIFS client: put a file

207:SMB/CIFS client: recursively get a directory

208:SMB/CIFS client: recursively put a directory

209:SMB/CIFS client: recursively delete a directory

210:Web spider on command line (stay in same directory)

211:Web spider : converts a local downloaded filename to its original url

212:Web spider : converts an url to its local downloaded filename

213:Display a list of IP addresses

214:Traceroute discovery: graph of network topology

215:Traceroute discovery (EthIp spoof)


217:SMB/CIFS server

218:Netwox internal validation suite

219:Compute cryptographic hash of a file (md5, sha, etc.)

220:Convert a binary file to a base64 encoded file

221:Convert a base64 encoded file to a binary file

222:In a HMTL file, suppress links pointing to local urls


Obviously from this list, just about everything is covered and netwox is extremely useful.  It can be used in either command line mode or gui utilising netwag.


Netwag is a graphical front end for netwox. It permits to easily :


- search tools proposed in netwox

- construct command line

- run tools

- keep an history of commands




To utilise both command-line and gui versions the following needs to be installed:



Activestate tcl




Netwag requires that the netwag535.tcl script be amended and the line:

set netwag_glo_bin_netwox "netwox535"

be altered to the location that the netwox535 executable is located. 

Note: - It may be easier to unzip netwox directly into the netwag directory to save any alteration.


Netwox is available from here.

Netwag is available from here.






D:\Documents and Settings\hacker\Desktop\netwox-5.35.0-bin_windows>netwox535.exe
Netwox toolbox version 5.35.0. Netwib library version 5.35.0.

######################## MAIN MENU #########################
0 - leave netwox
3 - search tools
4 - display help of one tool
5 - run a tool selecting parameters on command line
6 - run a tool selecting parameters from keyboard
a + information
b + network protocol
c + application protocol
d + sniff (capture network packets)
e + spoof (create and send packets)
f + record (file containing captured packets)
g + client
h + server
i + ping (check if a computer if reachable)
j + traceroute (obtain list of gateways)
k + scan (computer and port discovery)
l + network audit
m + brute force (check if passwords are weak)
n + remote administration
o + tools not related to network
Select a node (key in 03456abcdefghijklmno):
Select tool number (between 1 and 222):


################## running tool number 1 ###################
Title: Display network configuration
| This tool displays network configuration: |
| - the list of devices/interfaces: |
| + nu: device number |
| + dev: easy device name |
| + eth_hw: Ethernet address or hardware type (if not Ethernet) |
| + mtu: MTU (maximum size of packets) |
| + real_dev: real device name |
| - the list of IP addresses: |
| + nu: device number of device associated to this address |
| + ip: IP address |
| + netmask: network mask |
| + ppp: if true(1), this address is a Point To Point |
| + ppp_with: if ppp, this is the address of remote endpoint |
| - the IP4 ARP cache or IP6 neighbor (this contains Ethernet |
| addresses for other computers) |
| + nu: device number of device associated to this entry |
| + eth: Ethernet address of computer |
| + ip: IP address of computer |
| - the routes |
| + nu: device number of device associated to this entry |
| + destination/netmask: destination addresses |
| + source: source IP address, or local for a local route |
| + gateway: gateway (first router) to use |
| + metric: metric of route |
| |
| Parameter --device ask to display devices list. |
| Parameter --ip ask to display ip list. |
| Parameter --arpcache ask to display ARP cache and neighbors. |
| Parameter --routes ask to display routes list. |
| If no Parameter is set, they are all displayed. |
| |
| This tool may need to be run with admin privilege in order to obtain |
| full network configuration. |
Synonyms: address, arp, device, gateway, ifconfig, interface, ipconfig, mac, nei
ghbor, netmask, route, show
Usage: netwox 1 [-d|+d] [-i|+i] [-a|+a] [-r|+r]
-d|--devices|+d|--no-devices display devices
-i|--ip|+i|--no-ip display ip addresses
-a|--arpcache|+a|--no-arpcache display arp cache and neighbors
-r|--routes|+r|--no-routes display routes
Example: netwox 1
Enter optional tool parameters and press Return key.
netwox 1 -d -i -a -r
nu dev ethernet_hwtype mtu real_device_name
1 Lo0 loopback 1520 Loopback
2 Unk0 unknown 0 \Device\NPF_GenericDialupAdapter
3 Eth0 00:15:C5:CJ:C3:BJ 1500 \Device\NPF_{720B03E4-B057-444E-8D93-B321DE296D
nu ip /netmask ppp point_to_point_with
1 / 0
3 / 0
nu ethernet ip
3 00:15:C5:CF:C3:BC
nu destination /netmask source gateway metric
1 / local 0
3 / local 0
3 / 0
1 / 0

Command returned 0 (OK)
Press 'r' or 'k' to run again this tool, or any other key to continue


I don't know about you but that seems a little like hard work just to get a small bit of host information returned and that's from a simple tool that is available in the suite.  I would recommend using Netwag to aid the use of this suite.




Execute netwag535.tcl



Double-click on the tool required, I will duplicate the use of the command-line tool above:



Select the left hand boxes to request this information (the right boxes de-sets the request)



The same information is displayed.


This is a massive tool that will take a long time to be mastered.            Thursday September 13, 2007
hit counter
html hit counter