Durzosploit v0.1 – JavaScript Exploit Generation Framework


Durzosploit is a JavaScript exploit generation framework that works through the console. This goal of that project is to quickly and easily generate working exploits for cross-site scripting vulnerabilities in popular web applications or web sites.

Please note that Durzosploit does not find browser vulnerabilities, it only is an framework containing exploits you can use.

At present there aren’t many exploits:


  • twitter.com/update_status – Updates a target’s status
  • twitter.com/update_settings – Updates your target’s settings
  • facebook.com/what_is_on_your_mind – Write your message in your target’s mind
  • drupal/edit_user_profile – Drupal 6.x – edit the profile of the user
  • drupal/logout – Drupal 6.x – makes target logout

So far the author’s focus has been on the framework itself; allowing people to quickly write their exploits and adding some automated obfuscators.

Durzosploit provides some obfuscators to automatically pack/minify your generated exploit.

You can download the latest version from the Durzosploit SVN here:

Or read more here.

Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking

, , , , ,


Latest Posts:


Memhunter - Automated Memory Resident Malware Detection Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.
Sandcastle - AWS S3 Bucket Enumeration Tool Sandcastle – AWS S3 Bucket Enumeration Tool
Astra - API Automated Security Testing For REST Astra – API Automated Security Testing For REST
Astra is a Python-based tool for API Automated Security Testing, REST API penetration testing is complex due to continuous changes in existing APIs.
Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network
OWASP Amass - DNS Enumeration, Attack Surface Mapping & External Asset Discovery OWASP Amass – DNS Enumeration, Attack Surface Mapping & External Asset Discovery
The OWASP Amass Project is a DNS Enumeration, Attack Surface Mapping & External Asset Discovery tool to help information security professionals perform network mapping of attack surfaces.


One Response to Durzosploit v0.1 – JavaScript Exploit Generation Framework

  1. Rob Reid May 13, 2009 at 3:53 am #

    Cool code but if you ever need to unpack an obfuscated piece of Javascript you can use this tool to reverse engineer it.

    http://www.strictly-software.com/unpacker.asp

    One click and its done.