Archive | Programming


09 April 2012 | 2,393 views

Carbylamine – A PHP Script Encoder to ‘Obfuscate/Encode’ PHP Files

Carbylamine is a PHP Encoder project, which can bypass all leading anti-virus detection against PHP Shells (C99, R57 etc) easily. It can be a very efficient tool for pen-testers when carrying out a black box test which involves inserting malicious code via PHP. Usage

You can download Carbylamine here: carbylamine.php Or read more here.

Continue Reading


16 March 2012 | 5,241 views

backfuzz – Multi-Protocol Fuzzing Toolkit (Supports HTTP/FTP/IMAP etc)

backfuzz is a fuzzing tool for different protocols (FTP, HTTP, IMAP, etc) but also has no-protocol plug-ins (Example: File Fuzzer). The general idea is that this script has several functions already predefined in the file “functions.py”, so whoever wants to write their own plugin’s (for another protocol) you can do so in a few lines [...]

Continue Reading


03 November 2011 | 13,261 views

Rec Studio 4 – Reverse Engineering Compiler & Decompiler

REC Studio is an interactive decompiler. It reads a Windows, Linux, Mac OS X or raw executable file, and attempts to produce a C-like representation of the code and data used to build the executable file. It has been designed to read files produced for many different targets, and it has been compiled on several [...]

Continue Reading


10 August 2011 | 11,471 views

Agnitio v2.0 Released – Code Security Review Tool

It’s been a while since we’ve mentioned Agnitio, it was earlier this year in March: Agnitio v1.2 – Manual Security Code Review Tool. The author notified me of a new version that was recently released with quite a few additions. For those not familiar with it, Agnitio is a tool to help developers and security [...]

Continue Reading


28 June 2011 | 22,230 views

Metasploitable – Test Your Metasploit Against A Vulnerable Host

Ok so you’ve got Metasploit loaded up, you’ve read the Metasploit Tutorials & Watched the Videos – but you’ve still got no idea what to do next and don’t have anything to test against. It’s not exactly new, but I guess a lot of people still don’t know about it. Basically if you don’t know [...]

Continue Reading


23 June 2011 | 6,824 views

ksymhunter – Routines For Hunting Down Kernel Symbols

Routines for hunting down kernel symbols from from kallsyms, System.map, vmlinux, vmlinuz, and remote symbol servers. Examples:

And..

You can download ksymhunter v1.0 here: ksymhunter.tar.gz Or read more here.

Continue Reading


23 May 2011 | 9,577 views

Malware Analyser v3.0 – A Static & Dynamic Malware Analysis Tool

Malware Analyser is freeware tool to perform static and dynamic analysis on malware executables, it can be used to identify potential traces of anti-debug, keyboard hooks, system hooks and DEP setting change calls in the malware. This is a stepping release since for the first time the Dynamic Analysis has been included for file creations [...]

Continue Reading


19 April 2011 | 10,946 views

BodgeIt Store – Vulnerable Web Application For Penetration Testing

There are various vulnerable web applications such as Jarlsberg, WackoPicko, Damn Vulnerable Web Application (DVWA), Vicnum, etc. Now we have another application that is vulnerable and ready to be exploited! The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to penetration testing. Features Easy to install – [...]

Continue Reading


24 March 2011 | 8,938 views

CAT – Web Application Security Test & Assessment Tool

CAT is designed to facilitate manual web application penetration testing for more complex, demanding application testing tasks. It removes some of the more repetitive elements of the testing process, allowing the tester to focus on individual applications, thus enabling them to conduct a much more thorough test. Conceptually it is similar to other proxies available [...]

Continue Reading


11 March 2011 | 7,278 views

Agnitio v1.2 – Manual Security Code Review Tool

Agnitio is a tool to help developers and security professionals conduct manual security code reviews in a consistent and repeatable way. Agnitio aims to replace the adhoc nature of manual security code review documentation, create an audit trail and reporting. v1.2 of Agnitio includes a new application metrics section to give better visibility of the [...]

Continue Reading