Please note that Durzosploit does not find browser vulnerabilities, it only is an framework containing exploits you can use.
At present there aren’t many exploits:
- twitter.com/update_status – Updates a target’s status
- twitter.com/update_settings – Updates your target’s settings
- facebook.com/what_is_on_your_mind – Write your message in your target’s mind
- drupal/edit_user_profile – Drupal 6.x – edit the profile of the user
- drupal/logout – Drupal 6.x – makes target logout
So far the author’s focus has been on the framework itself; allowing people to quickly write their exploits and adding some automated obfuscators.
Durzosploit provides some obfuscators to automatically pack/minify your generated exploit.
You can download the latest version from the Durzosploit SVN here:
svn co svn://www.engineeringforfun.com/svn/durzosploit/trunk
Or read more here.