A collection of parsers and automation tools (mostly/all in Perl) developed for penetration testing and security assessment work between 2010 and 2023. These scripts were created to streamline common tasks during vulnerability assessments, infrastructure reconnaissance, password audits, phishing campaigns, and reporting workflows.
Note: These tools are published primarily for archiving purposes and nostalgia. While some may still be useful and functional, they were written organically during actual engagements over many years and are not actively maintained. So, i don't recommend using them, you are better off looking for newer alternatives (plenty).
These tools span over a decade of security work:
- 2023: HTTPx infrastructure parser for large-scale reconnaissance
- 2016: Phishing campaign analytics and Nmap URL generators
- 2015: LinkedIn employee email enumeration
- 2013: Automated vulnerability research tool mining CVEDetails and SecurityFocus
- 2011: Web crawler and Nmap to MindMap converter
- 2010 and earlier: Email harvesting from search engines
Most scripts were written organically during actual engagements to solve specific problems and improve efficiency.
-
Nmap - Network reconnaissance and vulnerability research
- Nmap to MindMap - Convert Nmap XML to visual mindmaps
- vMiner - Vulnerability Miner - Automated CVE/exploit research
- Generate URLs from Nmap - Extract web service URLs
- Generate URLs for VHosts in Scope - Cross-reference hostnames with scan results
- Extract Software Versions from Nmap - Export detected software versions
-
Infrastructure Analysis - Large-scale reconnaissance
- HTTPx CSV Parser and Analyzer - Advanced web infrastructure analysis
-
Crawlers - Web application mapping
- yCrawler - Web Application Crawler - Discover GET/POST parameters
-
Passwords - Password audit analysis
- Domain Admin Password Cracker Analysis - Analyze cracked DA accounts
-
Phishing - Social engineering campaigns
- Better Phishing Frenzy Statistics - Enhanced campaign analytics
- LinkedIn Email Scraper and Generator - Generate target email lists
- Email Address Extractor - Harvest emails from search engines
-
Nessus - Vulnerability assessment reporting
- Nessus Vulnerability Report Parser - Professional vulnerability reports
- Nessus Compliance Report Parser - Compliance audit reports
-
Miscellaneous - Specialized tools
- SQL Injection Exploit Modifier - Standardize SQLi exploit output
- Source Code Grepper - Find user input in PHP code
Nmap to MindMap Link
Parses Nmap XML output and generates MindManager-compatible MindMap files with network topology visualization. Organizes discovered systems by IP address, hostname, open ports, service versions, and OS fingerprinting results. Also creates statistical summaries of interesting services (FTP, SSH, Telnet, HTTP, RDP, MS-SQL, MySQL) for quick identification of attack surface.
Coded in November 2011.
vMiner - Vulnerability Miner Link
Automated vulnerability research tool that parses Nmap XML output, extracts software versions, and queries CVEDetails.com and SecurityFocus.com for known vulnerabilities and exploits. Supports filtering by CVSS score, vulnerability type, authentication requirements, and access vector. Generates comprehensive reports in TXT, HTML, and MindMap formats with exploit links, Metasploit modules, and remediation guidance.
This was coded around November 2013 out of frustration with manually researching vulnerabilities for every service discovered during assessments. The code is admittedly spaghetti-level but it worked reliably for automated vuln correlation.
Generate URLs from Nmap Link
Parses Nmap XML output and automatically generates HTTP/HTTPS URLs for all discovered web services. Intelligently handles SSL/TLS detection, non-standard ports, and constructs properly formatted URLs for mass web application testing.
Generate URLs for VHosts in Scope Link
Cross-references a list of hostnames against Nmap scan results to identify which hostnames resolve to IPs that were already scanned. Automatically generates URLs for newly discovered virtual hosts, preventing redundant port scans and ensuring comprehensive coverage of in-scope web applications.
Useful when you discover additional hostnames mid-engagement that may point to already-scanned infrastructure.
Extract Software Versions from Nmap Link
Simple parser that extracts all detected software products and versions from Nmap XML output into a clean list format for vulnerability research and reporting.
HTTPx CSV Parser and Analyzer Link
Advanced parser for HTTPx CSV output designed for large-scale infrastructure reconnaissance. Aggregates and analyzes thousands of URLs by IP address, HTTP status code, content length, content type, page title, server banner, CDN provider, and detected technologies. Provides statistical analysis, search functionality, and identifies unique URLs based on response characteristics to reduce noise in large datasets.
Written in January 2023 during a large Synack target engagement with my friend caffeine.
yCrawler - Web Application Crawler Link
Full-featured web crawler that discovers all GET and POST input parameters on a website. Supports HTTP proxy, logging, domain-limited crawling, and extracts forms with all input fields. Designed to map application attack surface before manual testing.
Written on 17 February 2011.
Two companion scripts for analyzing password cracking results during Active Directory assessments:
-
Show DA's usernames that had their hashes cracked Link: Takes a list of Domain Admin accounts and Hashcat output to identify which DA accounts had their passwords cracked
-
Show DA's cracked passwords Link: Extracts the actual cleartext passwords for cracked Domain Admin accounts from Hashcat output
Essential for demonstrating high-impact findings in penetration test reports.
Better Phishing Frenzy Statistics Link
Enhanced analytics for Phishing Frenzy campaigns that correlate Apache access logs with campaign data to generate detailed statistics:
- Click timestamps, source IPs, and device fingerprints per victim
- Aggregated statistics showing click distribution patterns
- OS/device breakdown with percentages
- Multiple-click behavior analysis
Written around November-December 2016 because Phishing Frenzy's native reporting was insufficient for client deliverables.
LinkedIn Email Scraper and Generator Link
Scrapes Google search results for LinkedIn profiles of employees at a target company and generates email addresses based on configurable naming conventions. Supports 24 different email syntax patterns (firstname.lastname, f.lastname, etc.) for building targeted phishing lists.
Coded on 30 July 2015.
Email Address Extractor Link
Legacy tool from 2010 or earlier that scrapes search engines for leaked email addresses of specific email providers. Supports both command-line and IRC bot modes for distributed OSINT gathering.
Nessus Vulnerability Report Parser Link
Comprehensive Nessus parser that generates professional vulnerability reports ready for MS Word. Creates two detailed tables:
- Summary table with risk-sorted vulnerabilities, service counts, CVE counts, and exploit availability
- Detailed appendix with full vulnerability descriptions, CVE links, solutions, and exploit information
Includes built-in logic to identify publicly exploited vulnerabilities (e.g., MS17-010/EternalBlue) that Nessus sometimes underreports. Filters by CVSS score and groups statistics by risk level and exploitability.
Nessus Compliance Report Parser Link
Parses Nessus compliance audit scans (CIS benchmarks, etc.) and generates human-friendly HTML reports with clean tables showing failed policies, expected vs actual values, and system-specific results. Designed for quick copy-paste into MS Word for compliance deliverables.
SQL Injection Exploit Modifier Link
Automatically modifies SQL injection exploit payloads to standardize output matching patterns. Wraps extracted data with consistent delimiters (g0tpwn3dbyv6) to enable reliable regex parsing in automated scanners.
Originally coded to adapt proof-of-concept SQLi exploits for use in IRC-based vulnerability scanners.
Source Code Grepper Link
Automated PHP source code scanner that searches for user-supplied input variables ($_GET, $_POST, $_COOKIE, $_SERVER) as a starting point for manual source code review. Identifies potential injection points and generates a report of interesting code locations for security analysis.
GNU GPL v2 or later (see individual script headers)