Sparta – a Network Infrastructure Penetration Testing Tool


What is it?

It is a known fact that all hackers like terminals but most (good) hackers also like efficiency and automating repetitive tasks. This is where SPARTA comes in.

SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenient way. If little time is spent setting up commands and tools, more time can be spent focusing on analysing results.

Have a look:

What are the goals?

– One of the most important goals of the project is the ability to fully customise what tools/commands you run from SPARTA. Every penetration tester has his/her own methods and toolkit and we do not want to change that. SPARTA tries to simplify the way you run tools and centralises their outputs, displaying them in a meaningful way.

– Automation of repetitive tasks is a must. You will always need to check for default credentials. You will always need to enumerate users. You always run certain tools when you find certain services. You can now perform these actions (on several hosts) in one click.

Any cool features?

– Nmap XML output importer

– Any tool that can be run from a terminal, can be run from SPARTA

– Default credentials check for most common services

– If any usernames/passwords are found by Hydra they are stored in internal wordlists which can then be used on other targets in the same network (breaking news: people reuse passwords)

– Ability to mark hosts that you have already worked on so that you don’t waste time looking at them again

– Screenshot taker so that you don’t waste time on less interesting web servers

What are the requirements?

– A Linux OS preferably Kali Linux as all the tools are already there

– A few extra python libraries

This project is very much a work in progress but hopefully the first release will be out in a few months. So stay tuned! 🙂

You may also be interested in...

Oct. 13, 2019

NetScaler EPA Bypass Burp plugin

This Burp plugin is a fork of the aforementioned code that will listen for “Pre-Authentication Endpoint Analysis” requests and reply to the server that these were passed.

See more
Dec. 19, 2018

Burp Extension – HMAC Signature in Custom HTTP Header

In this post I would like to share some steps that were required before testing could begin during a web API penetration test.

See more