Category Exploitation

DAVTest v1.0 - WebDAV Application

DAVTest tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which allow for command execution or other actions directly on the target. It is meant for penetration testers to quickly and easily determine if enabled DAV services are exploitable.

Read More

x5s Beta released - Automated XSS security testing assistant

x5s is a Fiddler addon which aims to assist penetration testers in finding cross-site scripting vulnerabilities. It’s main goal is to help you identify the hotspots where XSS might occur by:

  • Detecting where safe encodings were not applied to emitted user-inputs
  • Detecting where Unicode character transformations might bypass security filters
  • Detecting where non-shortest UTF-8 encodings might bypass security filters
Read More

Windows Autopwn (winAUTOPWN) v2.2 released

winAUTOPWN is an auto (hacking) shell gaining tool. It can also be used to test IDS, IPS and other monitoring sensors/softwares.

Read More

pvefindaddr v1.30 released

pvefindaddr is a PyCommand (plugin) for Immunity Debugger. Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry’s first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.

Read More

pvefindaddr updated to v1.27

pvefindaddr is a PyCommand (plugin) for Immunity Debugger. Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry’s first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.

Read More

Vicnum v1.4 released

A lightweight flexible vulnerable web application written in PERL and PHP. It demonstrates common web application vulnerabilities such as cross site scripting and session management issues.

Read More

Keykeriki release v2 in the wild : exploiting the wireless devices

Remote-Exploit is proud to present the universal wireless keyboard sniffer: Keykeriki. This opensource hardware and software project enables every person to verify the security level of their own keyboard transmissions, and/or demonstrate the sniffing attacks (for educational purpose only). The hardware itself is designed to be small and versatile, it can be extended to currently undetected/unknown keyboard traffic, and/or hardware extensions, for example, a repeating module or amplifier

Read More

pvefindaddr v1.25 released

pvefindaddr is a PyCommand (plugin) for Immunity Debugger. Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry’s first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.

Read More

fimap v0.8a released

fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It’s is currently under heavy development but it’s usable.

Read More

Imposter v0.9 - Browser Phishing Tool

Imposter is a flexible framework to perform Browser Phishing attacks. Once the system running Imposter is configured as the DNS server to the victims, the internal DNS server of Imposter resolves all DNS queries to itself.

Read More

SubSeven v2.3.2010 released

SubSeven 2.3 is a simple, easy to use remote administration tool (RAT) designed to work on all current Windows platforms, both 32bit and 64bit. This tool is aimed at people who want that little bit more power and control over remote computer management. Please use this tool responsibly and read and accept the disclaimer prior to use. If you do not agree with the disclaimer, please do not use the tool. You accept full liability and responsibility for your actions when using SubSeven. Do not use this tool on computers you are not authorized to control.

Read More

SpiderLabs Toolset for Pentesting

SpiderLabs has developed dozens of tools over the years. Most of them end up as internal-only tools since they eventually make their way into one of Trustwave’s product offerings. Recently, we have decided to showcase some of these tools and provide them as Open Source to the information security community. The tools have been made available without warranty and are available under the GNU General Public License as published by the Free Software Foundation.

Read More

CANVAS v6.56 released

Immunity’s CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide.

Read More

WebRaider v0.2.3.8 - One Click Ownage

WebRaider is a plugin based automated web application exploitation tool which focuses to get a shell from multiple targets or injection point.

Read More

Windows Autopwn (winAUTOPWN) v2.1 released

winAUTOPWN is an auto (hacking) shell gaining tool. It can also be used to test IDS, IPS and other monitoring sensors/softwares.

Read More

Pangolin SQL injection tool build 3.2.1.1020 released

Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications.

Read More

Katana v1.5 (Zatoichi) Multi-Boot Security Suite released

Katana is a portable multi-boot security suite designed for all your computer security needs. The idea behind this tool is to bring together all of the best security distributions to run from one USB drive. Katana includes distributions which focus on Penetration Testing, Auditing, Password Cracking, Forensics and Honey Pots.

Read More

No More and 1=1 v0.3 - repository of SQLi/XSS

In order to minimize the time required to type malicious syntax and have a handy repository of it M, this small tool that we hence call No more and 1=1.

Read More

Damn Vulnerable Web App (Live CD) v1.0.6 - released

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

Read More

Nsploit - Popping boxes with Nmap

Nsploit it allows to pass through nmap to Metasploit and then execute some exploit.

Read More