Inguma - A Free Penetration Testing and Vulnerability Research Toolkit


Inguma comes with many modules, non integrated tools, libraries and so on. The project can be divided in 4 components:

  1. The Inguma tool. Is the main part.
  2. The Inguma GUI tool. Based on QT.
  3. The Krash token based fuzzer.
  4. The OpenDis assembler clarifying tool.

Inguma (Text based)

The daily use tool and the most important part of Inguma is the text based console version. All modules should work using the text based version. Well, "should work", remember that is in ALPHA state currently.

Inguma GUI (QT)

As a proof of concept I write a graphical toolkit for Inguma. It's based in PyQT (version 3 at the moment). Some modules (not all) works in the graphical version but is not as tested as the text based version and many modules, specially those that are using "raw_input" will not work.

Don't expect to automagically own one Oracle Database Server by clicking. Not at the moment.

Krash. Token based fuzzer

Krash is a general purpose network oriented fuzzer. Save a raw packet in a file and the tool will (internally) split it into "tokens" (i.e., automagically find block) and will fuzz any token the tool founds.

In fact it is block based fuzzing but a little bit automated.

OpenDis Framework

Reading assembler may be a tedious task. Reading asm to reverse engineer a (large) binary project is a very tedious task. If you don't have the money to buy one commercial toolkit (IDA Pro...) you finally need a tool that simplifies the task of highlighting error prone blocks and identify variables, blocks, functions, tools to make binary diffs, etc...

OpenDis uses internally "objdump" and "nm". If you're using Linux or Unix (*BSD) you will surely have these tools installed. Under Win32 you need to download these binaries. In example, downloadingMinGW development environment.

OpenDis is not only a disassembler or assembly language clarifier but a reverse engineering framework. In the latest version, as of Inguma 0.0.6, binaries can be saved as databases. OpenDis databases are [c]pickle objects you can load and read from simple Python scripts.

Copyright (c) 2007 Joxean Koret