Check out the things we’ve worked on

Black Hills Information Security leads and takes part in a number of different (and awesome) open source projects. Check them out!



Domain Password Audit Tool (DPAT)

This is a python script that will generate password use statistics from password hashes dumped from a domain controller and a password crack file such as oclHashcat.pot generated from the oclHashcat tool during password cracking. The report is an HTML report with clickable links.

Get this tool on GitHub.



Real Intelligence Threat Analysis 

Go to the RITA page to see more



Active Defense Harbinger Distribution

Visit our ADHD page



Recon-ng is a full-featured Web Reconnaissance framework authored by Tim Tomes and written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.

Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance. If you want to exploit, use the Metasploit Framework. If you want to Social Engineer, use the Social Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng!

Get Recon-NG here.


Java Web Attack

This uses a combination of python, Java and shell commands to break out the Java Applet Web Attack method from SET into a standalone tool. It is mainly designed to be used in the Active Defence Harbinger Distribution (ADHD), but can be used in other Ubuntu/Debian variants.

Get Java Web Attack here.


DNS Blacklists

DNS Blacklists is a Python script that uses regular expressions to examine IP addresses and hostnames, comparing them against known blacklists. This is then used to alert the user if there are any in common, indicating communication with unwanted addresses.

Get DNS Blacklists here.



Spidertrap is a Python program which dynamically generates an infinite number of hyper-linked pages in order to trap webcrawlers.

Get Spidertrap here.


Auto Scan with Burp

Auto Scan with Burp contains a Burp Extension and a Python script for invoking the extension to perform automated and authenticated scans against all URLs listed in a configuration file. Authentication is accomplished through Burp State files. Auto Scan comes with an optional Nikto scan function as well.

Get AutoScan with Burp here.



Pushpin-web is a web application which provides a simple interface to keep track of geo-tagged, social media activity. It is adapted from Recon-ng, and is currently capable of aggregating data from Twitter, Flickr, Picasa, Shodan, and Youtube in near real-time.

Get Pushpin-Web here.