Scylla – Framework for Penetration Testing

Scylla is another tool that you can use for penetration testing protocols used by different applications. Scylla works with three basic stages, the pre-hack stage where the tool can readily obtain information about the remote application without resorting to brute-force attacks (something like enumeration). Here is where anti-anti-Brute Force techniques are implemented, such as getting information on password policies, latency times, etc. Scylla is also obtaining extra information to make the attack: searching for protocol and service versions, verify null sessions, and system enumeration among other things.



The second stage is the brute force attack to audit accounts in use and break any available ones. compared to hydra Scylla works 3 times faster which will make the test runs faster and allows to have a faster attack on remote systems. For example when hydra makes 7.000 tries/min, Scylla makes over 22.000 tries/min over MSFTPd.

Final stage is the post hack where pentester will use gathered information to PoC the attack on remote systems.the benefit from this tool is that you have User, password list based Brute force , tools support multiple hosts , tools allow to use multiple session simultaneously, Nmap integration,  Ability to restore sessions, Session auto-saving (based on SQL Server CE), Hacker oriented, Open source.

You can download scylla on the following link:

Notify of
Inline Feedbacks
View all comments