Category Framework

PenTBox is a Security Suite with programs like Password Crackers, Denial of Service testing tools (DoS and DDoS), Secure Password Generators, Honeypots and much more. Destined to test security/stability of networks and more.
Programmed in Ruby, and oriented to GNU/Linux systems (but compatible with Windows, MacOS and more).

BeEF is a browser exploitation framework. This tool will demonstrate the collecting of zombie browsers and browser vulnerabilities in real-time. It provides a command and control interface which facilitates the targeting of individual or groups of zombie browsers.

Origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.

PenTBox is a Security Suite with programs like Password Crackers, Denial of Service testing tools (DoS and DDoS), Secure Password Generators, Honeypots and much more. Destined to test security and stability of networks.

Michael Schearer is a security consultant for Booz Allen Hamilton in Central Maryland and an active member of many forums as well as Netstumbler, DEFCON and Remote Exploit. Michael goes by the handle of The Prez98. And it has posted many good stuffs.

The PTF (pentestration tests framework) enumerates the stages one’s should perform during a test (as described in the OSSTMM manual)

• Network footprinting
• Discovery & Probing
• Enumeration
• Vulnerability assessment
• Penetration (or exploitation)
• Plus other tests as well as physical, wireless assessment....

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The resources provided by SAMM will aid in:

• Evaluating an organization’s existing software security practices
• Building a balanced software security assurance program in well-defined iterations
• Demonstrating concrete improvements to a security assurance program
• Defining and measuring security-related activities throughout an organization

eParapher is a end user security software that digitally sign files and manage keystores content’s.

3 standards of digital signature are supported : PDF, PDF/A, CMS and XML. It aims to be easy for the end user : secure by default and "one click" oriented. Advanced users can use wizards for advanced signature and cryptography settings.

The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most significant programming errors that can lead to serious software vulnerabilities. They occur frequently, are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks.

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment

“Browser Rider†is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.

A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.

Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.

FireCAT is a mapmind collection of the "most" useful firefox plugins that could be used for web security assessment. This means that you can turn your FireFox to an hacking / auditing environment.

BSQL (Blind SQL) Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.

As a part of the awful PTF (pentesting framework), Kevin Orrey did it (again). The citrix section has finally seen the day. A must read for Citrix security testers.

iKAT was designed to aid security consultants with the task of auditing the security of internet Kiosk software and deployed Kiosk terminals.

iKAT is designed to provide access to the underlying operating system of a Kiosk terminal by invoking native OS functionality.

Evilgrade is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates. It works with modules, each module implements the structure needed to emulate a false update of specific applications/systems. Evilgrade needs the manipulation of the victim dns traffic.