Most Popular
CANVAS v6.51 released
Immunity’s CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide.
Katana v1.0 Beta - portable multi-boot security suite
Katana is a portable multi-boot security suite designed for all your computer security needs. The idea behind this tool is to bring together all of the best security distributions to run from one USB drive. Katana includes distributions which focus on Penetration Testing, Auditing, Password Cracking, Forensics and Honey Pots.
BeEF v0.4 - The Browser Exploitation Framework
BeEF is a browser exploitation framework. This tool will demonstrate the collecting of zombie browsers and browser vulnerabilities in real-time. It provides a command and control interface which facilitates the targeting of individual or groups of zombie browsers.
(0day) Windows Vista/7 SMB2.0 Remote B.S.O.D PoC
SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionnality.
The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it’s used to identify the SMB dialect that will be used for futher communication.
The vulnerability was discovered by Laurent Gaffié
mysqloit v0.1 - SQL Injection Takeover Tool
MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache, MySql, PHP) and WAMP (Linux, Apache, MySql, PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities.
Jasager - Wifi MitM Tool (faking Access Point)
Jasager is an implementation of Karma designed to run on OpenWrt on the Fon. It will probably run on most APs with Atheros wifi cards but it was designed with the Fon in mind as it is a nice small AP which gives it a lot of scope for use in penetration tests and other related fun.
Stoned Bootkit upgraded to v2.0
Stoned Bootkit is a new Windows bootkit which attacks all Windows versions from XP up to 7. It is loaded before Windows starts and is memory resident up to the Windows kernel. Thus Stoned gains access to the entire system. It has exciting features like integrated file system drivers, automatic Windows pwning, plugins, boot applications and much much more. The project is partly published as open source under the European Union Public License. Like in 1987, "Your PC is now Stoned! ..again".
Sub7 (SubSeven) is back with a new release 2.3
Sub7, or SubSeven or Sub7Server, is the name of a popular backdoor program. It is mainly used for causing mischief, such as hiding the computer cursor, changing system settings or loading up pornographic websites. However, it can also be used for more serious criminal applications, such as stealing passwords and credit card details. Its name was derived by spelling NetBus backwards ("suBteN") and swapping "ten" with "seven".
SAINT® 7.1 Released
SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and save
Advanced Mac OS X Rootkits released
At BlackHat USA 2009, Dino Zovi presented “Advanced Mac OS X Rootkits†covering a number of Mach-based rootkit techniques and some tools that he has developed to demonstrate them. While the majority of Mac OS X rootkits employ known and traditional Unix-based rootkit techniques, these Mach-based techniques show what else is possible using the powerful Mach abstractions in Mac OS X.
iKat Pentest Kiosk terminals v2.0 available
iKAT was designed to aid security consultants with the task of auditing the security of internet Kiosk software and deployed Kiosk terminals.
iKAT is designed to provide access to the underlying operating system of a Kiosk terminal by invoking native OS functionalit
FakeIKEd v0.0.5 MitM Tool for Cisco PSK+XAUTH VPN
FakeIKEd, or fiked for short, is a fake IKE daemon supporting just enough of the standards and Cisco extensions to attack commonly found insecure Cisco PSK+XAUTH VPN setups in what could be described as a semi MitM attack. Fiked can impersonate a VPN gateway’s IKE responder in order to capture XAUTH login credentials; it doesn’t currently do the client part of full MitM.
ippon-mitm the Software Update MITM Attack Tool released
Software updates apply patches or introduce new features to an application. In most cases, the update procedure is conducted in an insecure manner, exposing the updater to execution of malicious code or to manipulation of application data such as anti-virus signatures
[Updated] Stoned Bootkit released
Stoned Bootkit is a new Windows bootkit which attacks all Windows versions from XP up to 7. It is loaded before Windows starts and is memory resident up to the Windows kernel. Thus Stoned gains access to the entire system. It has exciting features like integrated file system drivers, automatic Windows pwning, plugins, boot applications and much much more. The project is partly published as open source under the European Union Public License. Like in 1987, "Your PC is now Stoned! ..again".