“Browser Rider” is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment

Acunetix Web Vulnerability Scanner 6.0

Author: Maksymilian Arciemowicz
http://securityreason.com
Date:
- - Written: 10.11.2008
- - Public: 28.11.2008

Webshellphpgui版

logtamper version1.1
logtamper是一款*修改*linux日志的工具，在修改日志文件的同时，能够保留被修改文件的时间信息(atime没改，觉得没必要)。

漏洞介绍：Yahoo webmail和Outlook web access是使用比较多的webmail，可以通过web界面来收发电子邮件。但是80sec发现在他们处理某些字符集的时候存在漏洞，可能导致Xss脚本攻击。我们发现后及时通知了官方，官方也已经予以修补。

New tool and paper for Oracle forensics

What is WMAP

"WMAP is a general purpose web application scanning framework for Metasploit 3. The architecture is simple and its simplicity is what makes it powerful. It's a different approach compared to other open source alternatives and commercial scanners, as WMAP is not build around any browser or spider for data capture and manipulation."

Thanks to dentonj for pointing out to me their was an Oracle patch for John the Ripper.

Thank MC for this one...

http://metasploit.com/users/mc/oracle9i/brute_login.rb

ike-scan is a command-line tool for discovering, fingerprinting and testing IPsec VPN systems. It constructs and sends IKE Phase-1 packets to the specified hosts, and displays any responses that are received.

Tr4c3注：可以用来注射mssql 2005的工具

今天xKungfoo最后一天，G在上面做了个挂马产业链的议题。有些挂马猥亵技巧没有说详细，这里公开吧。其实有些没什么，就是技巧，有些人也玩过。