Archive | Exploits/Vulnerabilities


11 March 2008 | 6,600 views

Fusil Fuzzer 0.7 – Fuzzing Functions in Python

Fusil is a fuzzing framework written in Python and distributed under GNU GPLv2 license. Fusil allows you to easily write “Fuzzing Projects” from a set of functions such as: Create a process Compile a C program Watch a process Watch syslog and so on Fusil uses small “agents” which exchange messages to launch actions. e.g. […]

Continue Reading

29 February 2008 | 5,455 views

SCARE – Source Code Analysis Risk Evaluation Tool

The Source Code Analysis Risk Evaluation project is a study to create a security complexity metric that will analyze source code and provide a realistic and factual representation of the potential of that source code to create a problematic binary. This metric will not say that the binary will be exploited nor does it do […]

Continue Reading

25 February 2008 | 7,494 views

Nessconnect 1.0.1 Released – GUI, CLI & API Client for Nessus

Nessconnect is an open-source software package that can connect to a Nessus or Nessus compatible server and provides an advanced graphical user interface. It also provides a command line interface, and an application programming interface in Java. Users can create custom scan profiles, generate extensive reports, and perform differential scans and analysis. Nessconnect was previously […]

Continue Reading

18 February 2008 | 10,771 views

Apple iPhone Unlocked Again – 1.1.2 and 1.1.3 Firmware

Once again Apple iPhone has been unlocked by a determined youngster, the same who was amongst the first to unlock it last year winning himself a rather nice car and a few 8gb iPhones. It just shows nothing is infallible, all he needed to find was a writable memory address and he was pretty much […]

Continue Reading

11 February 2008 | 13,193 views

Adobe Reader Vulnerability Being Actively Exploited

It seems like some recently patched flaws in Adobe Reader are actively being exploited in the wild, mostly via malicious banners from various sites. Nothing particularly nasty is happening, but a trojan is being installed which can intercept search engine results. It’s definitely recommended to update to the latest version (8.1.2). Personally I don’t have […]

Continue Reading

29 January 2008 | 45,988 views

Metasploit Framework v3.1 Released for Download

Ah Metasploit development cycle seems to be picking up, I guess with greater community support the bugs get ironed out and the new features introduced faster. Good to see an update so soon after Metasploit Framework v3.0 was released. I keep closely up to date with Metasploit as it’s pretty much the best free tool […]

Continue Reading

28 January 2008 | 5,171 views

Data Leakage Bug in Mozilla Firefox Confirmed

It seems a data leakage bug has struck Firefox recently and has been confirmed by Window Snyder the security bod at Mozilla. It’s basically a Chrome directory traversal bug (It seems a lot of the Firefox issues have had to do with chrome?). It’s rated as low risk, but it can give away the existence […]

Continue Reading

31 December 2007 | 10,208 views

wsScanner – Web Services Footprinting, Discovery, Enumeration, Scanning and Fuzzing tool

wsScanner is a toolkit for Web Services scanning and vulnerability detection. This tool has the following functions: Discovery tool By leveraging search engine this tool helps in discovering Web Services running on any particular domain or with certain name pattern. Vulnerability detection It is possible to enumerate and profile Web Services using this tool and […]

Continue Reading

24 December 2007 | 9,545 views

Nikto 2 Released – Web Server Scanning Tool

Another one that has been a long time coming, but finally here it is! Nikto 2. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan […]

Continue Reading

19 December 2007 | 14,255 views

Inguma 0.0.6 Released for Download – Free Pen-testing Framework

Quite a few people seem to be interested in this tool, so here is the latest revision – Inguma 0.0.6. For those that don’t know, Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, […]

Continue Reading