FS-NyarL Pentesting & Forensics Framework

P { margin-bottom: 0.08in; }H2 { margin-bottom: 0.08in; }H2.western { font-family: “Liberation Sans”,sans-serif; font-size: 14pt; font-style: italic; }H2.cjk { font-family: “Droid Sans”; font-size: 14pt; font-style: italic; }H2.ctl { font-family: “FreeSans”; font-size: 14pt; font-style: italic; }TD P { margin-bottom: 0in; }

Automatic tools have made the
penetration testing process more efficient and effective, although
the importance of manual test are still there and in most of the
cases manuals checks are required. But in the mean time we cannot
deny the advantages of automatic tool, yes it save a loads of time
and energy off course. You must have heard about the most famous
vulnerability assessment & penetration testing tool like Nessus &
Metasploit but in this article I will discuss FS-NyarL.
NyarL it’s Nyarlathotep, a
mitological chaotic deity of the writer HP. Lovecraft’s
It’s represent Crawling Chaos and FS-NyarL it’s The
Crawling Chaos of Cyber Security 🙂
A network takeover &
forensic analysis tool – useful to advanced PenTest tasks & for
fun and profit – but use it at your own risk!
  • Interactive Console
  • Real Time Passwords Found
  • Real Time Hosts Enumeration
  • Tuned Injections & Client Side
  • ARP Poisoning & SSL Hijacking
  • Automated HTTP Report Generator


  • MITM (Arp Poisoning)
  • Sniffing (With & Without Arp Poisoning)
  • SSL Hijacking (Full SSL/TLS
  • HTTP Session Hijaking (Take &
    Use Session Cookies)
  • Client Browser Takeover (with
    Filter Injection in data stream)
  • Browser AutoPwn (with Filter
    Injection in data steam)
  • Evil Java Applet (with Filter
    Injection in data stream)
  • Port Scanning


  • Passwords extracted from data
  • Pcap file with whole data stream
    for deep analysis
  • Session flows extracted from data
    stream (Xplico & Chaosreader)
  • Files extracted from data stream
  • Hosts enumeration (IP,MAC,OS)
  • URLs extracted from data stream
  • Cookies extracted from data stream
  • Images extracted from data stream
  • List of HTTP files downloaded extracted from URLs

TD P { margin-bottom: 0in; }P { margin-bottom: 0.08in; }

TD P { margin-bottom: 0in; }P { margin-bottom: 0.08in; }

  • Chaosreader (already in bin folder)

  • Xplico

  • Ettercap

  • Arpspoof

  • Arp-scan

  • Mitmproxy

  • Nmap

  • Tcpdump

  • Beef

  • SET

  • Metasploit

  • Dsniff

  • Macchanger

  • Hamster

  • Ferret

  • P0f

  • Foremost

  • SSLStrip

  • SSLSplit

Download & Tutorial
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...