Skip Ribbon Commands
Skip to main content
Home > R&I > Tools


Research & Innovation Tools Page...submit a project idea!

Project Schedule

Release Date

Project Mayhem

July 2013

Large Projects


Additional Information

Release Date


Termineter is a framework that allows users to assess the security of Smart Meter utility meters over the optical interface. This is the first framework designed to give authorized individuals access to manipulate and test the security of smart meters.



EAPeak is a Python toolkit for footprinting 802.1x wireless networks. It gathers useful information for wireless penetration testers such as supported EAP types for both clients and networks as well as identity strings and MSChap challenges when LEAP is in use. More features are still to come.

EAPeak Blog




Additional Information

Release Date

LifeSize Room

Multiple vulnerabilities within the LifeSize Room appliance. Vulnerability Summaries: Login page can be bypassed, granting administrative access to the web interface. Unauthenticated OS command injection is possible through the web interface. The easiest way to perform these attacks is using a web proxy.

LifeSize Room Advisory


SiteScape TCL
Injection Sploit

Confirmation that SiteScape servers are vulnerable to TCL injection allowing remote code execution through TCL payloads. SecureState has released proof of concept exploit code for this vulnerability.

TCL Advisory TCL Whitepaper TCL Blog


Metasploit Related


Additional Information

Release Date


MSFMap provides a port scanner for Meterpreter using a NMap-like syntax. It's primary benefits are speed and ease of use while not writing anything to disk. MSFMap allows penetration testers to rapidly utilize a compromised host to scan internal networks.



Proxy Config Server

This Metasploit Framework Module facilitates serving up a preconfigured WPAD.DAT file.

Proxy Config Server Blog


Liferay XSL Command Execution

This module exploits a vulnerability in the XSL parser of the XSL Content Portlet. When Tomcat is present, arbitrary code can be executed via java calls in the data fed to the Xalan XSLT processor.

Liferay Blog


Page Collector

Page Collector is a module for the Metasploit Framework used for rapidly footprinting webservers in a visual manner.

Page Collector Blog



Cisco Discovery Protocol Metasploit Framework Module Allows Users to Take Advantage of an Interface for Forging Raw CDP Frames -- Version 2

CDP Blog


OWA Login Tool

This is a module for the Metasploit framework that enables attackers to brute force Microsoft OWA 2003 and 2007 servers. It is useful to discover passwords of known users using dictionary attacks. It uses a blend of GET and POST requests to simulate users logging into the web interface before verifying proper authentication and returning the plaintext credentials to the attacker. -- Updated

OWA Blog


Standalone Utilities


Additional Information

Release Date


Syringe is a general purpose injection utility for the windows platform. It supports injection of DLLs, and shellcode into remote processes as well execution of shellcode (via the same method of shellcodeexec). It can be very useful for executing Metasploit payloads while bypassing many popular anti-virus implementations as well as executing custom made DLLs (not included).

Syringe Blog