SECFORCE/sparta SECFORCE/sparta

  • Stars
    star
    1,614
  • Rank 28,990 (Top 0.6 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 10 years ago
  • Updated over 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
SECFORCE/sparta
github

SECFORCE

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Network Infrastructure Penetration Testing Tool

SPARTA v2.0 (http://sparta.secforce.com)

Authors:

SECFORCE

Antonio Quina (@st3r30byt3)

Leonidas Stavliotis (@lstavliotis)

Description

SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenient way. If little time is spent setting up commands and tools, more time can be spent focusing on analysing results. Despite the automation capabilities, the commands and tools used are fully customisable as each tester has his own methods, habits and preferences.

Requirements

It is recommended that Kali Linux is used as it already has most tools installed, however SPARTA would most likely also work in Debian based systems.

Kali 2020:

sudo apt install python3-sqlalchemy python3-pyqt5 wkhtmltopdf

Other than these, the following tools are required for SPARTA to have its minimum functionality:

  • nmap (for adding hosts)
  • hydra (for the brute tab)

In Kali, to ensure that you have all the tools used by SPARTA's default configuration use:

apt-get install ldap-utils rwho rsh-client x11-apps finger

Installation

cd /usr/share/
git clone https://github.com/secforce/sparta.git

Place the "sparta" file in /usr/bin/ and make it executable.
Type 'sparta' in any terminal to launch the application.

Credits

Credits where credits are due. The nmap XML output parsing engine was largely based on code by yunshu, modified by ketchup and modified by us. SPARTA relies heavily on nmap, hydra, cutycapt, python, PyQt, Elixir and many other tools and technologies so we would like to thank all of the people involved in the creation of those. Credits to Bernardo Damele A.G. for the ms08-067_check script used by smbenum.sh. Credit to Diana GuardΓ£o (https://www.behance.net/didoquinhasfaaa) for the logo design. Thanks as well to our incredible team at SECFORCE for the countless bug reports and feedback. Last but not least, thank you for using SPARTA. Let us know how we can improve it! Happy hacking!

More Repositories

1

Tunna

Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments.
Python
1,237
star
2

SNMP-Brute

Fast SNMP brute force, enumeration, CISCO config downloader and password cracking script.
Python
292
star
3

SharpWhispers

C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.
C#
100
star
4

DLL-Hollow-PoC

DLL Hollowing PoC - Remote and Self shellcode injection
C
69
star
5

SharpASM

SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections allocated by the CLR.
C#
57
star
6

sftp-exploit

OpenSSH <=6.6 SFTP misconfiguration universal exploit
Python
27
star
7

fixer

FIX (Financial Information eXchange) protocol fuzzer
Ruby
23
star
8

CVE-2017-3599

Proof of concept exploit for CVE-2017-3599
Python
23
star
9

proxyfuzz

Python
11
star
10

NimWhispers

Nim
9
star
11

CVE-2018-8941

D-Link DSL-3782 Code Execution (Proof of Concept)
8
star
12

Macro-Keystrokes

PoC of execution of commands on a Word macro, without the use of rundll32.exe and importation of kernel32 libraries such as CreateRemoteThread or CreateProcessA. This technique simply relies on sending keystrokes to the host.
7
star
13

SharpZip

C#
6
star
14

CVE-2021-37748

Python
5
star
15

AWS-Cognito-Finder

AWS Cognito Finder Burp Suite Extension
Python
5
star
16

awsome-cis-checker

Python
4
star
17

CVE-2011-4107

phpMyAdmin 3.3.X and 3.4.X - Local File Inclusion
Ruby
4
star
18

WPTimeCapsulePOC

An authentication bypass was recently discovered (https://www.webarxsecurity.com/vulnerability-infinitewp-client-wp-time-capsule/) on WP Time Capsule < 1.21.16. This PoC proves how the issue works and how it can be exploited.
Python
4
star
19

CVE-2008-5416

Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection
3
star
20

Beacon2023

Slides from Beacon 2023 Conference
3
star
21

CVE-2008-1613

RedDot CMS versions 7.5 Build 7.5.0.48 and below full database enumeration exploit that takes advantage of a remote SQL injection vulnerability in ioRD.asp.
Python
2
star
22

SharpExtractor

SharpExtractor is a dotnet project that allows file extraction from file containers.
C#
1
star
23

CSS_exfiltration

Python
1
star
24

chrome-stale-pointer-POC

1
star
25

CVE-2011-3368

CVE-2011-3368 exploit code
Python
1
star
26

CVE-2018-1000082-exploit

1
star