Project Schedule

Release Date

Project Mayhem

July 2013

Large Projects

Description

Additional Information

Release Date

Termineter

Termineter is a framework that allows users to assess the security of Smart Meter utility meters over the optical interface. This is the first framework designed to give authorized individuals access to manipulate and test the security of smart meters.

00/19/2012

EAPeak

EAPeak is a Python toolkit for footprinting 802.1x wireless networks. It gathers useful information for wireless penetration testers such as supported EAP types for both clients and networks as well as identity strings and MSChap challenges when LEAP is in use. More features are still to come.

EAPeak Blog

6/4/2011

Exploits

Description

Additional Information

Release Date

LifeSize Room

Multiple vulnerabilities within the LifeSize Room appliance. Vulnerability Summaries: Login page can be bypassed, granting administrative access to the web interface. Unauthenticated OS command injection is possible through the web interface. The easiest way to perform these attacks is using a web proxy.

LifeSize Room Advisory

8/29/2011

SiteScape TCL
Injection Sploit

Confirmation that SiteScape servers are vulnerable to TCL injection allowing remote code execution through TCL payloads. SecureState has released proof of concept exploit code for this vulnerability.

TCL Advisory TCL Whitepaper TCL Blog

1/10/2011

Metasploit Related

Description

Additional Information

Release Date

MSFmap

MSFMap provides a port scanner for Meterpreter using a NMap-like syntax. It's primary benefits are speed and ease of use while not writing anything to disk. MSFMap allows penetration testers to rapidly utilize a compromised host to scan internal networks.

Msfmap

1/20/2012

Proxy Config Server

This Metasploit Framework Module facilitates serving up a preconfigured WPAD.DAT file.

Proxy Config Server Blog

6/25/2012

Liferay XSL Command Execution

This module exploits a vulnerability in the XSL parser of the XSL Content Portlet. When Tomcat is present, arbitrary code can be executed via java calls in the data fed to the Xalan XSLT processor.

Liferay Blog

4/9/2012

Page Collector

Page Collector is a module for the Metasploit Framework used for rapidly footprinting webservers in a visual manner.

Page Collector Blog

7/25/2011

CDP

Cisco Discovery Protocol Metasploit Framework Module Allows Users to Take Advantage of an Interface for Forging Raw CDP Frames -- Version 2

CDP Blog

7/11/2011

OWA Login Tool

This is a module for the Metasploit framework that enables attackers to brute force Microsoft OWA 2003 and 2007 servers. It is useful to discover passwords of known users using dictionary attacks. It uses a blend of GET and POST requests to simulate users logging into the web interface before verifying proper authentication and returning the plaintext credentials to the attacker. -- Updated

OWA Blog

2/24/2011

Standalone Utilities

Description

Additional Information

Release Date

Syringe

Syringe is a general purpose injection utility for the windows platform. It supports injection of DLLs, and shellcode into remote processes as well execution of shellcode (via the same method of shellcodeexec). It can be very useful for executing Metasploit payloads while bypassing many popular anti-virus implementations as well as executing custom made DLLs (not included).

Syringe Blog

6/21/2011