Site Map           Contact


In this section, you will find all the documentation helping you to efficiently use VulnIT.


The version history of VulnIT is presented on this table, and the minor changes of each version on this page.


The VulnIT software relies on a selection of open-source tools described below. Their automation and the development progress of VulnIT (in orange) are showed on this diagram.
If you encounter problems viewing this diagram, you can see its last version in pdf format.

  • dhcping

    - is a DHCP and BOOTP scanner.
    Integrated in version 4.3
    Edwin Groothuis

  • nbtscan

    - includes the same features as windows 'nbtstat' command (listing all open Netbios services).
    Integrated in version 1.0
    Stephen Friedl

  • dig

    - provided within the dnsutils package

    - allows to request a DNS server to get the list of the nameservers by DNS zone transfer.
    Integrated in version 1.0
    Internet Systems Consortium, Inc (ISC)

  • nmap

    - is the famous port scanner used to detect running services on targets.
    Integrated in version 4.3
    Gordon Lyon

  • OpenVAS

    - integrates thousands of tests upon patch management: OS, applications, DBMS, etc.
    Integrated in version 2.0
    OpenVAS team

  • Aircrack

    - is a set of tools allowing to analyse the security of wifi access points.
    Integrated in version 2.0
    Thomas d'Otreppe

  • smbclient

    - is an equivalent to 'net use' from Windows and allows to get informations on Windows sharing.
    Integrated in version 1.0
    Samba team


    - SMBAT (SaMBa Auditing Tools) includes smbdumpusers tool allowing to list the users of Windows NT/2000.
    Integrated in version 1.0
    Patrik Karlsson

  • Medusa

    - allows to test authentication on a few services (FTP, SSH, SNMP, SMTP...).
    Integrated in version 1.0

  • snmpwalk

    - provided within the net-snmp package allows to browse information provided by SNMP protocol.
    Integrated in version 1.0

  • netcat

    - allows to establish network connexions and adds a lot of useful features to telnet.
    Integrated in version 1.0
    Giovanni Giacobbi

  • rpcclient

    - allows to access "named pipes" and execute MS RPC commands. It is part of the Samba suite.
    Integrated in version 1.0
    Samba team

  • sslscan

    - determines which cryptographic algorithm is in use on a SSL server (basically in the case of an https web application).
    Integrated in version 1.0
    Ian Ventura-Whiting

  • tnscmd10g

    - allows to list the instances of an Oracle database (including 10g and 11g versions).
    Integrated in version 1.0
    James W. Abendschan et Saez Scheihing

  • SIDguesser

    - allows to discover Oracle instances when they are transmitted by listener (attack using a dictionary).
    Integrated in version 1.0
    Patrik Karlsson

  • opwg

    - (part of the Oracle Auditing Tools suite) attacks an Oracle database using a dictionary.
    Integrated in version 1.0
    Patrik Karlsson

  • MSSQLScan

    - allows to get some informations on Microsoft SQL Server database.
    Integrated in version 1.0
    Patrik Karlsson

  • db2getprofile

    - (part of the db2utils suite) gets the access profile to DB2 database and particularly lists the instances and databases.
    Integrated in version 1.0
    Patrik Karlsson

  • flasm

    - disassembles SWF menus in order to extract the links redirecting to other webpages.
    Integrated in version 3.0
    Ben Schleimer

  • sqlmap

    - is an open source penetration testing tool that automates the process of detecting SQL injection flaws.
    Integrated in version 3.0
    Bernardo Damele

  • wdiff

    - is a front end to diff for comparing files on a word per word basis.
    Integrated in version 3.0
    Denver Gingerich

  • WhatWeb

    - identifies content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more.
    Integrated in version 3.0
    Andrew Horton