11 May 2016



changeme is a default credential scanner. I wrote changeme out of frustration with commercial vulnerability scanners missing common default credentials. Getting default credentials added to commercial scanners is often difficult and slow. changeme is designed to be simple to add new credentials without having to write any code or modules.


PWN Lab is a collection of Vagrant scripts and boxes to create security training environments. Getting a running environment is as easy as cloning the repository and running vagrant up.

Sticky Keys Hunter

I wrote a script called Sticky Keys Hunter to automate the process of checking for sticky keys and utilman backdoors.

Recon-ng Modules

Recon-ng is a Python-based reconnaissance framework. I wrote a few modules that did not get accepted into the the framework because of their third-party dependencies. The modules are available on github, Recon-ng Modules.


The brute_force_threaded module was a rewrite of the Recon-ng brute_force DNS subdomain brute forcing module to add multi-threading support.


The ssl_san module interrogates a host’s SSL certificate looking for Subject Alternative Names (SANs) present in the certificate.

Metasploit Modules

I’ve contributed a little code to the Metasploit Framework.


I refactored the jboss_vulscan so that it could successfully identify default JBoss AS 6 credentials.


pgpass_creds is a post-exploitation module that attempts to obtain clear-text credentials from .pgpass or pgpass.conf files.


I added some code to the wordpress_login_enum scanner module to enumerate usernames based on the author id enumeration method (i.e. index.php?author=1).

comments powered by Disqus