At S9L, R&D is an important part of our work. We truly think that without good and fun research, there cannot be a healthy and high-quality working/hacking environment. Because of this, our team is constantly thinking outside the box in order to come with great ideas, advisories, tools and all sort of AWESOME hacks.
A ruby framework that started as a simple proof of concept interface capable of searching the Internet for email addresses and people. As time went by, it added support for search engines that include, but are not limited to, Google, Google Profiles, Bing, Classmates, and LinkedIn. Additionally, Esearchy is capable of downloading and parsing several file formats in order to search for emails inside them. Under its current version the framework comes with a CLI tool, a C&C web interface that supports multiple drones across multiple networks.
A robust Phishing Framework with a full featured CLI interface. The project was born out necessity through of years of engagements with tools that just didn't do the job. Even though there are many projects out there, we were not able to find a suitable solution that gave us both easy of use and customizability. Cartero is a modular project divided into commands that perform independent tasks (i.e. Mailer, Cloner, Listener, AdminConsole, etc...). In addition each sub-command has repeatable configuration options to configure and automate your work.
Nmap With Attitude, N.W.A., a simple go-lang application that takes an xml nmap results and generates an in-memory web-application in order to review the nmap findings. The applicatin allows you to filter by port, OS, services, among other things. As the names says nmap with some attitude.
Singularity is a Ruby on Rails Security Project Manager, built for Consulting firms to manage projects, scans and vulnerabililities. The web-application was created from a consultant points of view and to serve as a singular convergence point in which all of the nessus, Qualys, Nexpose, Burp and manual vulnerabilities can be mantained, checked and then converted into usable reports. Also it is worth noting that is PCI aware, so it is capable of generating different ASV reports. The tool is currently under heavy development and code will be made public shortly.