Projects

Metasploit Framework

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security ... [More] researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler. [Less]

PHPIDS

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in ... [More] exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session. [Less]

Ronin

Ronin is a Ruby platform for exploit development and security research. Ronin allows for the rapid development and distribution of code, exploits or payloads over many common Source-Code-Management (SCM) systems.

Panoptic

Panoptic is an open source penetration testing tool that automates the process of search and retrieval of content for common log and config files through LFI vulnerability.

psecureimage

SecureImage is a image validator that can be used for validating image files on upload systems (such as photo galleries,forums,etc ..) against the threads for XSS issues with IE and LFI attacks. For Internet Explorer; you can succesfully launch XSS attacks with malformed image files because of ... [More] it's mime-type detection algorithm. Also the image files can contain some server-side payloads that can be used on exploiting of LFI vulnerabilities. This image validator class; first checks for if the image is valid, after that it cleans the EXIF section. It uses GD for these image operations and also doesn't leave the GD banner at the EXIF. [Less]

secureimage

It's a small library project for security of image handling on web applications such as photo galleries, forums, upload systems etc. The project links of PHP, JAVA and .NET implementations of secureimage library can be reached from this project site. JAVA SecureImage .NET SecureImage PHP SecureImage

lfiscanner

Local File Inclusion Scanner by cAs-> Searchstring One: $page = $_GET[page]; -> Searchstring Two: include($page); Created September 2k8 Changelog: Beta 1: Searching for: $_GET[var] include($var) Beta 2: Searching for: $var

fimap

fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It's currently under heavy development but it's usable. ... [More] The goal of fimap is to improve the quality and security of your website. Do not use this tool on servers where you don't have permission to pentest! I am dead serious. [Less]

iscanwvs

iScan is a open source Java (therefore portable) web vulnerability scanner, intended to be a valid counterpart of its proprietary competitors .