Tools Under Development for the OSSTMM


Since the OSSTMM is comprised of security research ahead of the current security market, some implementers have developed their own tools to automate various tests because none have existed. These tools are open source and available freely to all.

If you are interested in sharing tools you have created for the OSSTMM please contact us.

A port and protocol scanner witht he speed and power to catch a Unicorn. Actually, a truthful scanner that scales to very large networks while remaining equally fast. The scanner is truthful as it tells the tester exactly what is being returned in a clear format with no tricks to try to outsmart the auditor's experience. Results may go to an SQL DB for results you can revisit and map. A must have in any toolkit!


Active Filter Detection is one step, according to the Open Source Security Testing Methodology Manual, that security auditors should perform to identify the presence of Intrusion Prevention Systems and other technologies that would directly impact the quality of a security assessment.

A PERL script which supplements the DNS connect scanning task under the Port Scanning Module. Uses DNS connections on a class C to find live hosts through a firewall.

an IDS evasion tool from Efrain Torres for assisting in system enumeration, port scanning, and vulnerability testing.

A JAVA tool which supplements the Document Grinding Module for electronic dumpster diving. Supports GET and POST requests.

A tool developed by Simon Biles to add the Open Protocol Resource Database as an extended functionality to NMAP. This will show all known protocols for discovered ports which greatly extends the nmap_services file of one service per port. For this to work, NMAP must be installed and you should include the current version of the oprp.dump should be in the same directory.

This is a Java-based tool from Sacha Faust for finding the competitive intelligence weight of a web server and assists in satisfying the CI Scouting portion of the OSSTMM. Webpage:

A less stupid web scanner from Efrain Torres. This brute-forces the known directories to uncover variations in structure for better vulnerability scanning. Also includes Spanish file and directory names in the search.

A tool developed in PERL by Andrea Barisani for testing ACLs on routers and firewalls. Special scripts allow for meeting OSSTMM testing requirements with or without having access to both sides of the firewall.