This is the project website of Inguma, a penetration testing and vulnerability research toolkit. Here you will find documentation, links, notes about the project, news, etc...
While the current exploitation capabilities in Inguma may be limited, this program provides numerous tools for information gathering and target auditing. Inguma is still being heavily developed so be sure to stay current and check back for news and updates.
Don't forget our development blog!
Helping with the project¶
We benefit from any help you can put in Inguma: documentation, bug reports, patches, everything. In order to start, please click in the "Register" link in the upper right corner, and create a Redmine account. With it you'll be able to create issues, and if you're involved with the project, eventually modify the wiki, issues and have commit access. See Development just below.
We use Mercurial at Inguma. In order to get a read-only access to the Mercurial repository, where all the development happens, just type:
hg clone https://inguma.eu/repos/inguma
We strongly recommend that prospective developers use this method for writing code against current HEAD/trunk/tip/latest code.
Inguma actually maintains two mailing lists:
inguma-announce (at) inguma.eu: This is a list for important announcements, like new software releases.
inguma-devel (at) inguma.eu: This is the list where all the development happens. Every developer is subscribed. It will act as the user support list for the time being.
Becoming a developer¶If you want to become a developer, please start by sending patches for:
- adding new features, preferably if they are from the Roadmap.
- fixing bugs that have been already reported.
- lack of documentation.
After a few patches, please contact us at redmine--AT--inguma.eu for a restricted shell account. You will need a checkout through SSH, so type:
hg clone ssh://inguma.eu//repos/inguma (yes, the two slashes are on purpose).
And you're done!
The above link links to a page for future enhancements in Inguma. Please use it as a deposit for all those nice ideas that you can have during a brainstorming session or while in the shower!
If programs like Inguma are new to you, be sure to check out the project's documentation for installation instructions, syntax examples and usage.
- Getting Started Guide
- Installation Guide
- Modules documentation
- Coding Style Guide for developers
Quick start¶So you don't want to read the full documentation and prefer to go directly to the action?
References to Inguma¶Browsing the web I found the following interesting Inguma related posts in blogs. Take a look if you want to know what others says about the project.
- Inguma. Free Oracle Penetration Toolkit from Joxean Koret
- Running Inguma PL/SQL Fuzzer against 10.2.0.3 with October 2007 CPU
- Inguma - Penetration testing toolkit
- Inguma 101
Inguma comes with many modules, non-integrated tools, libraries and so on. The project can be divided in 5 components:
- The Inguma tool. It's the main part.
- The Inguma GUI tool. Based on Gtk.
- The Krash token based fuzzer.
- The OpenDis assembler clarifying tool.
- The PyShellcodeLib.
If your question is not answered in the documentation or want to know more about Inguma, try the project FAQ.
As Inguma is an open source project, it can only be as good as the community wants. Please feel free to assist not only the developers but also the community and lend your expertise by reporting bugs and contributing to the mailing list.
Follow Inguma's latest development news at the project's Blog