Skip Ribbon Commands
Skip to main content
Home > R&I > Tools

Research & Innovation

Resources & Tools



More Info

Wireless Reconnaissance in Penetration Testing

Stopping attacks means thinking like an attacker, and understanding all the ways that attackers gather information on specific targets. With information from what equipment to use and how to find frequency information, to tips for reducing radio information leakage, to actual case studies describing how this information can be used to attack computer systems, this book is the go-to resource for penetration testing and radio profiling.

Buy Now

Facebook & Twitter Privacy & Security Guides

Social networking websites can be hazardous if you don’t change your default settings!


Cash is King: Who's Wearing Your Crown?

If hackers were able to manipulate the world’s accounting systems, governments and corporations would be in a frenzy. Guess what? Hackers can and will.

Read More



More Info


SecureState has developed a custom scanning tool that retailers can use to detect BlackPOS Malware. It is also easily expandable to include new modules to detect new malware that comes out of other similar strains.  BlackPOS is the reported culprit behind recent retail data breaches, and is also known as KAPTOXA; a more advanced version of the original malware.

BlackPOS Scanning Tool Blog


King Phisher

SecureState’s newest open source project designed to run email-based social engineering campaigns. SecureState set out to create a Phishing tool that would meet the highly specialized demands of their clients.

King Phisher Blog



Kraken is a tool used for rapidly foot printing the external presence of an organization. It features the ability to gather information from multiple sources and provide it to the user in a way that can easily be processed or presented, particularly for the purposes of scoping penetration tests.

Unleash the Kraken Blog


Project Mayhem

A proof of concept tool that makes accounting fraud easy and potentially undetectable.

Zip file MD5: 42d4f85a7385d6e0fb501fbf1bccd51b

Project Mayhem Blog

Project Mayhem Whitepaper



Termineter is a framework that allows users to assess the security of Smart Meter utility meters over the optical interface. This is the first framework designed to give authorized individuals access to manipulate and test the security of smart meters.

Termineter Blog



EAPeak is a Python toolkit for foot printing 802.1x wireless networks. It gathers useful information for wireless penetration testers such as supported EAP types for both clients and networks as well as identity strings and MSChap challenges when LEAP is in use. More features are still to come.

EAPeak Blog


Research & Innovation Tools Page...submit a project idea!



More Info

Firebird CNCT Group Number Overflow

This module exploits a vulnerability in Firebird SQL Server. A specially crafted packet can be sent which will overwrite a pointer allowing the attacker to control where data is read from. Shortly following the controlled read, the pointer is called resulting in code execution.

Firebird SQL Stack Buffer Overflow (CVE-2013-2492) Blog


Surge FTP Command Injection

The SurgeFTP servers web-based administrative console is vulnerable to remote command injection. A specially crafted request can be sent to /cgi/surgeftpmgr.cgi to execute arbitrary commands within the context of the user running the application. An authenticated session is required to exploit this vulnerability.

Zip file MD5: 2319947afe302fdeb264cedc6c3d6369

Surge FTP Authenticated Command Execution Blog



This module exploits a flaw in the AfdJoinLeaf function of the afd.sys driver to overwrite data in kernel space. An address within the HalDispatchTable is overwritten and when triggered with a call to NtQueryIntervalProfile will execute shellcode.

Blog: MS11-080 Revisited - Returning to Ring 0


LifeSize Room

Multiple vulnerabilities within the LifeSize Room appliance. Vulnerability Summaries: Login page can be bypassed, granting administrative access to the web interface. Unauthenticated OS command injection is possible through the web interface. The easiest way to perform these attacks is using a web proxy.

LifeSize Room Advisory


SiteScape TCL
Injection Sploit

Confirmation that SiteScape servers are vulnerable to TCL injection allowing remote code execution through TCL payloads. SecureState has released proof of concept exploit code for this vulnerability.

TCL Advisory TCL Whitepaper TCL Blog


Metasploit Related


More Info

Elevation of Privileges Exploit

SecureState has released a module for the Metasploit Framework that exploits CVE-2013-3881. This module works on Windows 7 SP0 and SP1 systems which are not patched against the vulnerability. Using this module, a penetration tester with a meterpreter session running as an underprivileged user can elevate themselves to the SYSTEM account.

Elevation of Privileges Blog



MSFMap provides a port scanner for Meterpreter using a NMap-like syntax. It's primary benefits are speed and ease of use while not writing anything to disk. MSFMap allows penetration testers to rapidly utilize a compromised host to scan internal networks.



Proxy Config Server

This Metasploit Framework Module facilitates serving up a preconfigured WPAD.DAT file.

Proxy Config Server Blog


Liferay XSL Command Execution

This module exploits a vulnerability in the XSL parser of the XSL Content Portlet. When Tomcat is present, arbitrary code can be executed via java calls in the data fed to the Xalan XSLT processor.

Liferay Blog


Page Collector

Page Collector is a module for the Metasploit Framework used for rapidly foot printing webservers in a visual manner.

Page Collector Blog



Cisco Discovery Protocol Metasploit Framework Module Allows Users to Take Advantage of an Interface for Forging Raw CDP Frames -- Version 2

CDP Blog


OWA Login Tool

This is a module for the Metasploit framework that enables attackers to brute force Microsoft OWA 2003 and 2007 servers. It is useful to discover passwords of known users using dictionary attacks. It uses a blend of GET and POST requests to simulate users logging into the web interface before verifying proper authentication and returning the plaintext credentials to the attacker. -- Updated

OWA Blog


Standalone Utilities


More Info


CAMScan is an automated tool used to compare a known-good list of CAMs to the current CAM table residing on a switch.

Zip file MD5: 3c018e68699875dd67a1477109050948

CAMScan Blog



Syringe is a general purpose injection utility for the windows platform. It supports injection of DLLs, and shellcode into remote processes as well execution of shellcode (via the same method of shellcodeexec). It can be very useful for executing Metasploit payloads while bypassing many popular anti-virus implementations as well as executing custom made DLLs (not included).

Syringe Blog


SA Exploiter

A GUI SQL Injection tool that creates SQL injection queries and breaks the 64k barrier using MS Debugger.

Zip file MD5: 84263fceb7d042ccd7e28ae07cf8f051