7350wu.c is a Wu-ftpd v2.6.0 remote root exploit which does it the proper way. Works on Linux/x86 and FreeBSD.
33f1db59facbfa0648cc1b9e7fac8958fdfbe6056b000bfbd7ca175b8b29af23
German speech given at the CCC - "exploiting format string vulnerabilities". Including examples.
fb6f4bbc3e3270eb0fdf54421051b06b4537b3129ca000b5f781fac055d4b629
The SSL client stress tool is a small program which is capable of stress testing any SSL-based server. It has been tested with Apache+mod_ssl and IIS. It can be easily modified to stress test any custom SSL implementation, and can also stress test static-page HTTP servers.
688bde5e911922669bcf69ea6c926cdf387f615721ea14b6b29290958febf4ec
Logtool is a syslog file parser, report generator, and monitoring utility. It takes syslog (and syslog compatible) logfiles as input from stdin, and depending on command line switches and/or config file settings, will parse and filter out unwanted messages from the logfile accordingly, and generate output in ANSI color, formatted ASCII, CSV (for spreadsheets), or HTML format. It is very handy for use in automated nightly reports, and online monitoring of logfile activity. It comes with some simple example scripts and documentation.
52da48299fdc9fef7e589153e5385e54faf30c4c17e7212f7418061057c04869
tcpinject allows you to send a wide variety of TCP/IP-packets to a given host. It is possible to specify source and destination IP address/port, packet size, payload, TCP control flag, TCP window size, and a few other things. Based on Libnet by Mike Schiffman, tcpinject is a nice tool to test your ipchains/netfilter packet-filtering settings.
e83a34af8faba87e1a85e62d4f7689e56b64001bda38ad30f47076421ab71640
The Anomy mail sanitizer is a filter designed to block email-based attacks such as trojans and viruses. It reads an RFC822 or MIME message and removes or renames attachments, truncate unusually long MIME header fields and sanitizes HTML by disabling Javascript and Java. It uses a single-pass pure Perl MIME parser, which can make it both more efficient and more precise than other similar programs and has built-in support for third-party virus scanners.
2afd9fec0749cfc1288b7e3161a38854552fc3560ebe67a6fdcef84b0ddda4e1
motion uses a video4linux device as a motion detector. It will make snapshots of the movement it sees, making it usable as an observation or security system. It can send out email, SMS messages, or invoke an external command when detecting motion.
3a8f40c9f0df2a5343a84373b9413223e93f4e39c9ea67762d5db15eba083ed8
LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it presently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available here.
f787b36002ce4d2d6001b47c3533437f755824dcd4b4080972e60e7a3672c773
Authforce is an HTTP authentication brute forcer. Using various methods, it attempts brute force username and password pairs for a site. It has the ability to try common usernames and passwords, username derivations, and common username/password pairs. It is used both to test the security of your site and to highlight the insecurity of HTTP authentication due to the fact that users just don't pick good passwords.
fbb53acabdaa213d7add08cf749f4a4920bfa411ceae2c8b7b0612ebb94897a8
CGI:IRC is a Perl/CGI program that allows you to use IRC from a Web browser without having to have access to an IRC port. It does not use Java, but it does need a browser capable of rendering frames. It can be used on a Web page to allow users to chat, or it can be used to access chat from behind a firewall.
11261e3cd8bd45a4178f07d974e5a2b91e9e20a0c77d5fba11f521db6774ee11
sslwrap is a simple unix daemon that sits over any simple TCP service such as POP3, IMAP, SMTP, and encrypts all of the data on the connection using TLS/SSL. It uses ssleay to support SSL version 2 and 3. It can run from inetd and encrypt data for services located on another computer. It works with the servers you already have, and does not require any modifications to your existing servers.
596a1bf61a457662e754b9fcfec6b3df7fb2f6c88498bd76ef8027f08c3af336
floppyfw is a router and simple packet filtering firewall on one single floppy. It uses Linux ipchains firewall capabilities and includes a simple packaging system. It is perfect for masquerading and securing networks on ADSL and cable lines using both static IP and DHCP. It is simple to install, you only need to edit one file on the floppy.
8eef7dec66866fbb51e3d4a786e888d91c32c455b3812033fc9956532f594443
SAINT (Security Administrator's Integrated Network Tool) is an updated version of SATAN, designed to assess the remote security of computer networks. Features include scanning through a firewall, frequently updated security checks, 4 levels of vulnerability severity, and a feature rich HTML interface.
92a1d1b8da20e2e2479fa4f55c5551193f52cd93e75659de99f6f70fd42510c0
Lpr-ng v3.6.24 and below remote root exploit for Linux/x86 which exploits the syslog() format string vulnerability. Tested against RedHat 7.0. Includes the ability to brute force the offset.
45ca5a83e4e3b2935bbcc030e7aa7274b856c0e76c603e32c6c7565d8a05ad2a
This little utility will use a public service (netcraft) to check the web server version and operating system of a remote host.
9daeb72af38ace3ab3f9e5d03f959dc534f506d19b3bca2a347b14881c7f11c5
Shellcode which plays audio (knock knock) vi /dev/dsp and setreuid(0,0) + execve shellcode for Linux/x86.
a45331428e22c886119ae7325c4e640708d51d8be28eb45a5a5c17f3fa5b13a9
Expect v5.31.8 and v5.28.1 contains local buffer overflows. It is possible to exploit any suid/sgid expect application.
8a69e04abc43d9ebdcd6198de5a7b5431ff007a5dca07c47115be8df48b6e33d
GnomeScott local buffer overflow which provides a gid=40 (game) shell on SuSE 6.4 and 7.0.
b91af559b80952154115640a2ad71c7a3af251836cff99bde6dad6259ee95e28
Expect (/usr/bin/expect) v5.31.8 and v5.28.1 local buffer overflow exploit. Tested on Slackware 7.x. Advisory available here.
763a21a0317bfb6f2998e4af7bd10b8c567fd24381ff2cea8e0f004f377ce176
Gnomehack local buffer overflow exploit which provides a gid=60 (games) shell on Debian 2.2.
5ccc4924acae3a7b73ecd24a19febb73d31ccc8e7ed7d704614e4dcbd8d4550a
Kwintv local buffer overflow exploit which provides a gid=33 (video) shell on SuSE 7.0.
d44863b348783f75efca589a0a0b99b6a150e833cd2e1dd95d32999361050380
Fancylogin v0.99.7 local root exploit. Tested on Red Hat 6.1.
6a6d636b942d55b3a7cd1edceb5b8ba35821afd8196ce14ad6e2f04d65c3d913
Generic ELF .dtors exploit.
7e4fcc9e325b71ea4dd0f30de481f4eb9dcb0403da041f927b6e200a7a9d57d4
Ipchains firewall frontend - Prompts enabled.
79f4d5c6dd2281fff7d8406580199d4e0cd4abdc137d8e7af428569d2d60ced3
Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated twice a month to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins, open shares, and much more.
db15b26c1ef17181b646ad4699d10da1c66d99a828057522c686f9f47a7d82c1