Inguma - A Free Penetration Testing and Vulnerability Research Toolkit

A paper about fuzzing with Inguma's Krash Fuzzer

Andrew Brooks wrote a paper about how easy working with Krash, Inguma's supplied fuzzer can be. You can download the paper in ODT or PDF. Thank you so much Andrew!.

He also started a blog which you can view here.

Krash Fuzzing

Inguma project awarded as excellent/recommended penetration testing toolkit!

The people at Security Database awarded the Inguma project as an excellent/recommended tool in their "Best IT Security and Auditing Softwares 2007" contest. Thanks you so much!

I recommend to everybody to check the contest they made as it is quite interesting.


This is the project website of Inguma, a penetration testing and vulnerability research toolkit. Here you will find documentation, links, notes about the project, news, etc...

Inguma release

Inguma version has been released. In this version I have added new modules and exploits, fixed many, many, many bugs as well as enhancing existing modules, such as the Oracle related stuff.

PyShellcodelib has been enhanced as well and now supports Mac OS X. But, for the moment, just BSD syscalls. Mach syscalls implementation is on the way. You will also notice that it is now object oriented as opossed to the previous versions.

Among with the aforementioned changes, I'm releasing 5 new Oracle modules: 4 modules for bugs fixed in the Critical Patch Update of January 2008 and one skr1pT k1|>i3 like module for the Oracle PL/SQL gateway flaw. Give to the module the target's address and port and run "oragateway". The module will automagically guess the correct DAD and bypass technique. After it an SQL terminal will be opened.

The new modules added to the framework are the following:

nikto: A plugin that uses Nikto based databases (Thanks you Sullo!).
archanix: As you may imagine, it gathers information from archaic Unix services.
brutesmtp: A brute forcer for SMTP servers.
anticrypt: A tool to guess the encryption algorithm of a password's hash. It saves a lot of time when auditing passwords.

Inguma 0.0.6 released

Inguma version 0.0.6 have been released. In this new version I added many modules as well as enhanced existent ones as, in example, the Oracle modules. The Oracle payloads now uses the Cursor Injection method when possible so CREATE PROCEDURE system privilege is not needed to become DBA.

The support for InlineEgg, added in version, have been removed and a new completely free library have been added: PyShellCodeLib. Currently, the library supports Linux and OpenBSD x86 based shellcodes. See an example.

The static analysis framework OpenDis have been enhanced and now you can use the API exposed by OpenDis to write your own binary static analysis tools. As an example of the API, a tool to make binary diffs have been added. Take a look to the file $INGUMA_DIR/dis/ and to the README stored in the same directory.

New 5 exploits for Oracle Databases have been added and the module "sidguess" have been enhanced to retrieve the SID of the database instance from the Enterprise Manager/Database Control banner when possible (Thanks you Alex!).

The new modules added to the discover, gather and brute sections are the following:
brutehttp: A brute forcer for HTTP servers.
extip : A tool to known your external IP address. Very usefull to check anonymous proxies, i.e.
nmbstat : A tool to gather NetBIOS information.
ipscan : A tool to check what IP protocols are enabled in the target.
arppoison: A tool to poison target's ARP cache
You can download the new version from here.

Funny message of the week

Just a note: Any new mail like this will be posted in the main page. If you don't know too much about computers don't try to run it.

News regarding version 0.0.6 [2007-11-22]

I'm finishing the version 0.0.6 and many new features will be added. One of the most interesting new features is a Python library to create shellcodes like the one from CORE Impact, the InlineEgg project.

The version 0.0.5 makes use of the InlineEgg library for the first remote-root exploit added to the toolkit but, due to the restrictions imposed by the license of InlineEgg I decided to write a complete replacement for it. PyEgg? PyPotroak? Currently the library has no name.

The following is a simple script that creates a simple bind shellcode and prints a C program that executes the shellcode:

    from pyshellcodelib import PyEgg
    import socket
    #Change to a = PyEgg("openbsd") if you want to create a shellcode for OpenBsd
    a = PyEgg("linux")
    # Change to root
    # Listen in all available addresses at port 31337
    a.socket(socket.AF_INET, socket.SOCK_STREAM)
    # Got a connection, duplicate fd descriptors
    # Run /bin/sh

    # Change to a.getEgg() to use in your scripts
    sc = a.getShellcode() # Return a C style buffer

    print "#include <stdio.h>"
    print 'char *sc="%s";' % sc
    print "int main(void) {"
    print "\t((void(*)())sc)();"
    print "}"

Did you find it interesting? ;) The next version should be available in the next weeks.

As well as the mentioned library many Oracle exploits will be released and the oracle payloads were changed to use, when possible, the cursor injection method.

References to Inguma

Browsing the web I found the following interesting Inguma related posts in blogs. Take a look if you want to know what others says about the project.

Inguma Logo

The following is the Inguma logo. If you want to know more about the logo, take a look here.


Copyright (c) 2007 Joxean Koret