Infiltrated dot Net

Below are some oddball programs I've whipped up over the years out of experience, learning, etc., some have a specific focus, e.g., forensics, VoIP, networking, etc. All of these scripts are provided as is. You are your own boss so please test these on a non-production environment to ensure you don't damage any system.


nparse - parses out alarm entries on Netrake nCite Session Border Controllers for potential SIP based attackers (shell)
7c37a0af95c7f47613477646294e9e94 (md5) || 98ab9bb60aadd6a48e9c3f1c29275ef0d506347c (SHA1)

BotHunterGatherer - simple IPTables script to get the latest offenders from's Bothunter list (shell)
e1c9a232e2a38c593eed9d630fbb51d0 (md5) || ee155637f177010c99a4f1d3afebed7a294759eb (SHA1)

Poison - SIP Voicemail generation tool (perl)
MD5 (poison) = 2f5b6995636cd01183b87431400515f0
SHA1 (poison) = 89c8de3e55e44c210550e7e79ef1fb8347ed2110

Rigger - SIP INVITE generator (perl)
MD5 (rigger) = bee3f5e65a298433c51cff3e3ad7c733
SHA1 (rigger) = 993368f21deb80859d07f316c5e5834e60705218

Sipper - Random SIP message generator (perl)
MD5 (sipper) = 38a56bb956ed183dcefae597ab18a044
SHA1 (sipper) = a0a6f2ad4e9bb9f5c212b51c90e0bf5f99427598

Slither - SIP fuzzer generates random SIP messages and random CIDs (perl)
MD5 (slither) = 9d0babc2933899d35ba133792476b936
SHA1 (slither) = 42ec62e50434d54b44d2096bdef02d494f716857

Snix - Generates Cisco Pix rules from Snort alerts (shell)
MD5 (snix) = 33d3988ab69ebdaf9fea3257862047fc
SHA1 (snix) = 00d5821b7fe4bcf456c2ad672f9982d7b34b5500

Dsphunxion - Proof of Concept post compromise backdoor keeper. Generates a backdoor hidden in an SSL cert (perl)
MD5 ( = dfbd7f0589f0b6e4302189bdd387c3f1
SHA1 ( = 343476f05225a179d9e4864beb69ed5375574d98

Amphibios - Proof of concept Windows information hoarder. The purpose of Amphibios is to accumulate detailed information on the
system in which launches Amphibios without introducing or installing applications on the system itself. The use of Amphibios can be
correlated with either a system administrator documenting and detailing information on the system, or one can use the information
for other means. For example, in performing a host based penetration test, the information gathered via say installed patches will
allow a tester to determine the possible exposure state due to patches that weren't installed. (Windows BAT file)
MD5 (amphibios.bat) = 922833d1e116baf398c62366abd32a30
SHA1 (amphibios.bat) = 00aa2530b64212da27445dd50db794fd7b8614d5

Phorensix - Phorensix is a post-login VoIP forensics tool created for Asterisk (tested on Asterisk 1.4.5 to be exact). Phorensix takes
a look at a rogue host connecting to a vulnerable account. Who is connecting, where are they coming from, what are they doing to
my PBX, what are they doing ON MY PBX. It is a work in progress that can be scripted to take a list of accounts, and do the legwork.
It uses tshark to capture a 2 minute network conversation between the attacker and host, does a quick lookup to see where the
attacker is coming from, checks against rogue hosts via Shadowserver and can also block that subnet if need be.
MD5 (phorensix) = c5e2ddc4a07de0e44f07d16113d2e5ce
SHA1 (phorensix) = 0d8e8c135ad2ebcdd2c58552031967ebd1a2532d