Most Popular
Windows Autopwn (winAUTOPWN) v2.2 released
winAUTOPWN is an auto (hacking) shell gaining tool. It can also be used to test IDS, IPS and other monitoring sensors/softwares.
W3AF v1.0-rc3 released
w3af, is a Web Application Attack and Audit Framework. The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much
Vicnum v1.4 released
A lightweight flexible vulnerable web application written in PERL and PHP. It demonstrates common web application vulnerabilities such as cross site scripting and session management issues.
Zenamics released BinCrowd the First collaborative reverse engineering tool
BinCrowd is a collaborative reverse engineering tool that can be used by reverse engineers to keep a repository of reverse engineered information and share this information with friends and colleagues.
OWASP Broken Web Applications v0.91rc1 available
The Open Web Application Security Project (OWASP) Broken Web Applications Project is distributed as a Virtual Machine in VMware format compatible with their no-cost VMware Player and VMware Server products (along with their commercial products).
SANS Investigative Forensic Toolkit (SIFT) Version 2.0 in the wild
The SANS SIFT Workstation is a VMware Appliance that is pre-configured with all the necessary tools to perform a detailed digital forensic examination. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The brand new version has been completely rebuilt on an Ubuntu base with many additional tools and capabilities that can match any modern forensic tool suite.
PenTBox v1.3.2 FINAL released
PenTBox is a Security Suite with programs like Password Crackers, Denial of Service testing tools (DoS and DDoS), Secure Password Generators, Honeypots and much more. Destined to test security/stability of networks and more.
Programmed in Ruby, and oriented to GNU/Linux systems (but compatible with Windows, MacOS and more).
iExploder v1.5 - Web Browser Quality Assurance Tester
iExploder is like a fire hydrant full of bad HTML and CSS code to test the stability and security of web browsers. Available as a standalone webserver or CGI script, it continuously feeds browsers bad data in the hope that they will eventually crash. It is designed to run for hours, or even days until the browser crashes.
Imposter v0.9 - Browser Phishing Tool
Imposter is a flexible framework to perform Browser Phishing attacks. Once the system running Imposter is configured as the DNS server to the victims, the internal DNS server of Imposter resolves all DNS queries to itself.
FireCAT v1.6 updated with 4 Firebug add-ons
FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment. FireCAT is not a remplacement of other security utilities and softwares as well as fuzzers, proxies and application vulnerabilities scanners.
FireCAT v1.6 updated with 2 new extensions
FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment. FireCAT is not a remplacement of other security utilities and softwares as well as fuzzers, proxies and application vulnerabilities scanners.
Windows Autopwn (winAUTOPWN) v2.1 released
winAUTOPWN is an auto (hacking) shell gaining tool. It can also be used to test IDS, IPS and other monitoring sensors/softwares.
Katana v1.5 (Zatoichi) Multi-Boot Security Suite released
Katana is a portable multi-boot security suite designed for all your computer security needs. The idea behind this tool is to bring together all of the best security distributions to run from one USB drive. Katana includes distributions which focus on Penetration Testing, Auditing, Password Cracking, Forensics and Honey Pots.
Damn Vulnerable Web App (Live CD) v1.0.6 - released
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Sahi v3.0 - Web Automation and Test Tool
Sahi is an automation tool to test web applications. Sahi injects javascript into web pages using a proxy and the javascript helps automate web applications.
Browser Rider v20090204 released
Browser Rider is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.
OWASP Broken Web Applications v0.9 (Virtual Machine)
The Open Web Application Security Project (OWASP) Broken Web Applications Project is distributed as a Virtual Machine in VMware format compatible with their no-cost VMware Player and VMware Server products (along with their commercial products).
PenTBox v1.3 Beta released
PenTBox is a Security Suite with programs like Password Crackers, Denial of Service testing tools (DoS and DDoS), Secure Password Generators, Honeypots and much more. Destined to test security/stability of networks and more.
Programmed in Ruby, and oriented to GNU/Linux systems (but compatible with Windows, MacOS and more).
PenTBox v1.2 Beta released
PenTBox is a Security Suite with programs like Password Crackers, Denial of Service testing tools (DoS and DDoS), Secure Password Generators, Honeypots and much more. Destined to test security/stability of networks and more.
Programmed in Ruby, and oriented to GNU/Linux systems (but compatible with Windows, MacOS and more).