Most Popular
DAVTest v1.0 - WebDAV Application
DAVTest tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which allow for command execution or other actions directly on the target. It is meant for penetration testers to quickly and easily determine if enabled DAV services are exploitable.
x5s Beta released - Automated XSS security testing assistant
x5s is a Fiddler addon which aims to assist penetration testers in finding cross-site scripting vulnerabilities. It’s main goal is to help you identify the hotspots where XSS might occur by:
- Detecting where safe encodings were not applied to emitted user-inputs
- Detecting where Unicode character transformations might bypass security filters
- Detecting where non-shortest UTF-8 encodings might bypass security filters
Windows Autopwn (winAUTOPWN) v2.2 released
winAUTOPWN is an auto (hacking) shell gaining tool. It can also be used to test IDS, IPS and other monitoring sensors/softwares.
pvefindaddr v1.30 released
pvefindaddr is a PyCommand (plugin) for Immunity Debugger. Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry’s first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.
pvefindaddr updated to v1.27
pvefindaddr is a PyCommand (plugin) for Immunity Debugger. Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry’s first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.
Vicnum v1.4 released
A lightweight flexible vulnerable web application written in PERL and PHP. It demonstrates common web application vulnerabilities such as cross site scripting and session management issues.
Keykeriki release v2 in the wild : exploiting the wireless devices
Remote-Exploit is proud to present the universal wireless keyboard sniffer: Keykeriki. This opensource hardware and software project enables every person to verify the security level of their own keyboard transmissions, and/or demonstrate the sniffing attacks (for educational purpose only). The hardware itself is designed to be small and versatile, it can be extended to currently undetected/unknown keyboard traffic, and/or hardware extensions, for example, a repeating module or amplifier
pvefindaddr v1.25 released
pvefindaddr is a PyCommand (plugin) for Immunity Debugger. Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry’s first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.
fimap v0.8a released
fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It’s is currently under heavy development but it’s usable.
Imposter v0.9 - Browser Phishing Tool
Imposter is a flexible framework to perform Browser Phishing attacks. Once the system running Imposter is configured as the DNS server to the victims, the internal DNS server of Imposter resolves all DNS queries to itself.
SubSeven v2.3.2010 released
SubSeven 2.3 is a simple, easy to use remote administration tool (RAT) designed to work on all current Windows platforms, both 32bit and 64bit. This tool is aimed at people who want that little bit more power and control over remote computer management. Please use this tool responsibly and read and accept the disclaimer prior to use. If you do not agree with the disclaimer, please do not use the tool. You accept full liability and responsibility for your actions when using SubSeven. Do not use this tool on computers you are not authorized to control.
SpiderLabs Toolset for Pentesting
SpiderLabs has developed dozens of tools over the years. Most of them end up as internal-only tools since they eventually make their way into one of Trustwave’s product offerings. Recently, we have decided to showcase some of these tools and provide them as Open Source to the information security community. The tools have been made available without warranty and are available under the GNU General Public License as published by the Free Software Foundation.
CANVAS v6.56 released
Immunity’s CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide.
WebRaider v0.2.3.8 - One Click Ownage
WebRaider is a plugin based automated web application exploitation tool which focuses to get a shell from multiple targets or injection point.
Windows Autopwn (winAUTOPWN) v2.1 released
winAUTOPWN is an auto (hacking) shell gaining tool. It can also be used to test IDS, IPS and other monitoring sensors/softwares.
Pangolin SQL injection tool build 3.2.1.1020 released
Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications.
Katana v1.5 (Zatoichi) Multi-Boot Security Suite released
Katana is a portable multi-boot security suite designed for all your computer security needs. The idea behind this tool is to bring together all of the best security distributions to run from one USB drive. Katana includes distributions which focus on Penetration Testing, Auditing, Password Cracking, Forensics and Honey Pots.
No More and 1=1 v0.3 - repository of SQLi/XSS
In order to minimize the time required to type malicious syntax and have a handy repository of it M, this small tool that we hence call No more and 1=1.
Damn Vulnerable Web App (Live CD) v1.0.6 - released
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Nsploit - Popping boxes with Nmap
Nsploit it allows to pass through nmap to Metasploit and then execute some exploit.