Complemento v0.6 – LetDown TCP Flooder, ReverseRaider Subdomain Scanner & Httsquash HTTP Server Scanner Tool


We first wrote about Complemento 0.4b a little while ago when it first hit the public domain just last month (December 2008).

Now there have been 2 major updated versions, the latest being 0.6.

What is Complemento?

Complemento is a collection of tools that the author originally created for his own personal toolchain for solving some problems or just for fun. Now he has decided to release it to the public.

LetDown is a TCP flooder written after the author read the article by fyodor entitled article “TCP Resource Exhaustion and Botched Disclosure“. It has an (experimental) userland TCP/IP stack, and support multistage payloads for complex protocols, fragmentation of packets and variable TCP window.

ReverseRaider is a domain scanner that uses brute force wordlist scanning for finding a target sub-domains or reverse resolution for a range of ip addresses. This is similar to some of the functionality in DNSenum. It supports permutation on wordlist and IPv6.

Httsquash is an HTTP server scanner, banner grabber and data retriever. It can be used for scanning large ranges of IP addresses and finding devices or HTTP servers (there is an alpha version of a GUI for this). It supports IPv6 and personalized HTTP requests.

Improvements for v0.6

LetDown:

  • New (experimental) userland TCP stack
  • Support for multistage payloads (for complex and stateful protocol, such as FTP, SMTP…)
  • Variable TCP Window size
  • Fragmentation of packets
  • Polite mode (ACK received packets and/or closing the connection with FIR or RST packets)

ReverseRaider:

  • Support for IPv6

HttSquash:

  • Support for IPv6

You can download Complemento v0.6 here:

complemento-0.6

Or read more here.

Posted in: Hacking Tools, Networking Hacking, Web Hacking

, ,


Latest Posts:


zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors
Memhunter - Automated Memory Resident Malware Detection Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.
Sandcastle - AWS S3 Bucket Enumeration Tool Sandcastle – AWS S3 Bucket Enumeration Tool
Sandcastle is an Amazon AWS S3 Bucket Enumeration Tool, formerly known as bucketCrawler. The script takes a target's name as the stem argument (e.g. shopify).
Astra - API Automated Security Testing For REST Astra – API Automated Security Testing For REST
Astra is a Python-based tool for API Automated Security Testing, REST API penetration testing is complex due to continuous changes in existing APIs.
Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network


One Response to Complemento v0.6 – LetDown TCP Flooder, ReverseRaider Subdomain Scanner & Httsquash HTTP Server Scanner Tool

  1. Owenzea February 3, 2009 at 11:59 am #

    The way the author has implemented letDown is a little bit strange. I mean the code is hardly clean. Nevertheless it does its job quite well.
    Fyodor’s article inspired other coders : a tool called Hdos is available ( http://www.unix-junkies.org/index.php?a=9 ) and more efficient according to me.