SECFORCE/sparta SECFORCE/sparta

  • Stars
    star
    1,591
  • Rank 28,439 (Top 0.6 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created almost 10 years ago
  • Updated almost 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
SECFORCE/sparta
github

SECFORCE

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Network Infrastructure Penetration Testing Tool

SPARTA v2.0 (http://sparta.secforce.com)

Authors:

SECFORCE

Antonio Quina (@st3r30byt3)

Leonidas Stavliotis (@lstavliotis)

Description

SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenient way. If little time is spent setting up commands and tools, more time can be spent focusing on analysing results. Despite the automation capabilities, the commands and tools used are fully customisable as each tester has his own methods, habits and preferences.

Requirements

It is recommended that Kali Linux is used as it already has most tools installed, however SPARTA would most likely also work in Debian based systems.

Kali 2020:

sudo apt install python3-sqlalchemy python3-pyqt5 wkhtmltopdf

Other than these, the following tools are required for SPARTA to have its minimum functionality:

  • nmap (for adding hosts)
  • hydra (for the brute tab)

In Kali, to ensure that you have all the tools used by SPARTA's default configuration use:

apt-get install ldap-utils rwho rsh-client x11-apps finger

Installation

cd /usr/share/
git clone https://github.com/secforce/sparta.git

Place the "sparta" file in /usr/bin/ and make it executable.
Type 'sparta' in any terminal to launch the application.

Credits

Credits where credits are due. The nmap XML output parsing engine was largely based on code by yunshu, modified by ketchup and modified by us. SPARTA relies heavily on nmap, hydra, cutycapt, python, PyQt, Elixir and many other tools and technologies so we would like to thank all of the people involved in the creation of those. Credits to Bernardo Damele A.G. for the ms08-067_check script used by smbenum.sh. Credit to Diana Guardão (https://www.behance.net/didoquinhasfaaa) for the logo design. Thanks as well to our incredible team at SECFORCE for the countless bug reports and feedback. Last but not least, thank you for using SPARTA. Let us know how we can improve it! Happy hacking!

More Repositories

1

Tunna

Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
Python
1,218
star
2

SNMP-Brute

Fast SNMP brute force, enumeration, CISCO config downloader and password cracking script.
Python
289
star
3

SharpWhispers

C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.
C#
91
star
4

DLL-Hollow-PoC

DLL Hollowing PoC - Remote and Self shellcode injection
C
62
star
5

SharpASM

SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections allocated by the CLR.
C#
44
star
6

sftp-exploit

OpenSSH <=6.6 SFTP misconfiguration universal exploit
Python
27
star
7

fixer

FIX (Financial Information eXchange) protocol fuzzer
Ruby
24
star
8

CVE-2017-3599

Proof of concept exploit for CVE-2017-3599
Python
22
star
9

proxyfuzz

Python
12
star
10

Macro-Keystrokes

PoC of execution of commands on a Word macro, without the use of rundll32.exe and importation of kernel32 libraries such as CreateRemoteThread or CreateProcessA. This technique simply relies on sending keystrokes to the host.
9
star
11

NimWhispers

Nim
8
star
12

CVE-2018-8941

D-Link DSL-3782 Code Execution (Proof of Concept)
8
star
13

SharpZip

C#
6
star
14

AWS-Cognito-Finder

AWS Cognito Finder Burp Suite Extension
Python
5
star
15

awsome-cis-checker

Python
4
star
16

CVE-2021-37748

Python
4
star
17

CVE-2011-4107

phpMyAdmin 3.3.X and 3.4.X - Local File Inclusion
Ruby
4
star
18

WPTimeCapsulePOC

An authentication bypass was recently discovered (https://www.webarxsecurity.com/vulnerability-infinitewp-client-wp-time-capsule/) on WP Time Capsule < 1.21.16. This PoC proves how the issue works and how it can be exploited.
Python
4
star
19

CVE-2008-5416

Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection
3
star
20

CVE-2008-1613

RedDot CMS versions 7.5 Build 7.5.0.48 and below full database enumeration exploit that takes advantage of a remote SQL injection vulnerability in ioRD.asp.
Python
3
star
21

CVE-2011-3368

CVE-2011-3368 exploit code
Python
2
star
22

CSS_exfiltration

Python
1
star
23

SharpExtractor

SharpExtractor is a dotnet project that allows file extraction from file containers.
C#
1
star
24

chrome-stale-pointer-POC

1
star
25

CVE-2018-1000082-exploit

1
star
26

Beacon2023

Slides from Beacon 2023 Conference
1
star