Public release : 20/08/2011

Download
https://code.google.com/p/schwarzesonenrat/

http://www.shop.puma.com
Type: XSS
Exploitable:
hxxp://www.shop.puma.com/on/demandware.store/Sites-US-Site/en_US/Search-Show?q=alert(1)

Origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject code into already existing documents.

Download
Origami uses the Mercurial repository that can be accessed with this command:
hg clone https://origami-pdf.googlecode.com/hg/ origami

Source
http://www.noptrix.net/advisories/skype_inject.txt

Public release : 20/08/2011 at 17:35

Download
http://www.darkcomet-rat.com/

Source
http://pastebin.com/Ny3WLPpu

http://www.totalshopuk.com

Exploit:
products/c/index.php/1'

by
Eyüp CELIK

1
http://securityxploit.blogger.de/stories/1859047/
2
http://securityxploit.blogger.de/stories/1864857/
3
http://securityxploit.blogger.de/stories/1857035/
4
http://securityxploit.blogger.de/stories/1846646/
5
http://securityxploit.blogger.de/stories/1854802/

This release contains over 120 bug fixes, 30 new tools and 70 tool updates.
The kernel was updated to 2.6.39.4 and includes the relevant injection patches.

Download
http://www.backtrack-linux.org/downloads/

For the first few days there will be torrent downloads only.
HTTP downloads will be available from Aug 20th.

RAFT is a testing tool for the identification of vulnerabilities in web applications. It is a suite of tools that utilize common shared elements to make testing and analysis easier. It uses markup by means of a built-in WebKit based web browser to create templates for fuzz testing.

Download
RAFT 2011.7.14-alpha
svn checkout http://raft.googlecode.com/svn/trunk/ raft-read-only

Downlpoad app
http://faceniff.ponury.net/

Metasploit 4.0


Metasploit 4.1

1
http://vimeo.com/26638955
2
http://vimeo.com/26943860
3
http://vimeo.com/26639228
4
http://vimeo.com/26652073
5
http://vimeo.com/26639622
6
http://vimeo.com/26677580

by
Raphael Mudge

Kondik is best known as the creator of the CyanogenMod for Android, an after market customised firmware bringing new features and functionality to the Android platform

Blind LDAP Injection Exploitation Tool
Sample application showing practical approach how to exploit Blind LDAP Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only.

Download:
http://code.google.com/p/ldap-blind-explorer/downloads/list

Blind XPath Injection Exploitation Tool
Sample application showing practical approach how to exploit Blind XPath Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only.

Download:
http://code.google.com/p/xpath-blind-explorer/downloads/list

What is persistence?
http://www.linuxliveusb.com/help/guide/step3

1 choose usb key
2 choose iso
3 choose much space you want for persistence
4 klik create
5 wait till done
6 enjoy your persistent usb key

Download
http://www.linuxliveusb.com/

PDF Analyzer allows you to view PDF objects as hex/text, also provides PDF dissector and inspector engines and scanning for known exploits.
http://www.malwaretracker.com/pdf.php

Sunbelt Sandbox is an approach to automatically analyze malware which is based on behavior analysis. Malware samples are executed for a finite time in a simulated environment, where all system calls are closely monitored.
http://mwanalysis.org

GFI’s sunbelt online sandbox engine.
http://www.sunbeltsecurity.com/sandbox/

URLVoid allows users to scan a website address with multiple scanning engines such as Google Diagnostic, McAfee SiteAdvisor, Norton SafeWeb, MyWOT to facilitate the detection of possible dangerous websites.
http://www.urlvoid.com

Symantec’s reputation service Norton Safe Web.
http://safeweb.norton.com

The AVG LinkScanner Drop Zone lets you check the safety of individual web pages you are about to visit, also will examine the web page in real time to see whether it’s hiding any suspicious downloads.
http://www.avg.com.au/resources/web-page-scanner/

Wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, JavaScript, and PDF files.
http://wepawet.iseclab.org

Joebox Sandbox.
http://www.joebox.org/samples.php

With VirusTotal, send a file and see the detection according the AV vendors.
http://www.virustotal.com

Novirusthanks is a ree service that allows users to upload and scan a file with multiple Antivirus engines. Users can also analyze a website url or a remote file with the option Scan Web Address.
http://www.novirusthanks.org/service/multi-engine-antivirus-scanner/

Jotti’s malware scan is a free online service that enables you to scan suspicious files with several anti-virus programs. Scanners used are Linux versions; detection differences with Windows versions of the same scanners may occur due to implementation differences. There is a 20MB limit per file. Keep in mind that no security solution offers 100% protection, not even when it uses several anti-virus engines (for example, this scan service).
http://virusscan.jotti.org/en

Anubis is a service for analyzing malware.
http://anubis.iseclab.org

Comodo’s online file analysis tool.
http://camas.comodo.com

McAfee SiteAdvisor test websites for spyware, spam and scams so you can search, surf and shop more safely.
http://www.siteadvisor.com

Ether provides Malware Analysis via Hardware Virtualization Extensions.
http://ether.gtisc.gatech.edu/web_unpack/

ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode.
http://www.threatexpert.com/submit.aspx

IPVoid allows users to scan an IP Address with multiple scanning services to facilitate the detection of IP Addresses that have committed malicious activity and to check if a website is hosted in a compromised server, used for spam, phishing or to host malicious content.
http://www.ipvoid.com

Netscty’s malware analysis sandbox tool performs cutting edge analysis of the potentially malicious file in our controlled environment. Our free online malicious software (malware) analysis tool provides a fast comprehensive evaluation of a variety of malware such as botnet software, viruses, spyware, trojans, and keyloggers.
http://netscty.com/malware-tool

JSUnpack Online – Online version of the stand-alone tool jsunpack.
http://jsunpack.jeek.org/dec/go

CWSandbox is online service that runs file you submit through automated sandbox analysis.
http://www.rarst.net/web/cwsandbox/

Upload files that you suspect are malicious or infected by malicious components for instant analysis by Norman SandBox.
http://www.norman.com/security_center/security_tools/submit_file

Presentation “A crushing blow at the heart of SAP J2EE Engine” from BlackHat USA 2011
Download
http://erpscan.com/wp-content/uploads/2011/08/A_crushing_blow_at_the_heart_of_SAP_J2EE_Engine.pdf

Whitepaper “Architecture and program vulnerabilities in SAP’s J2EE engine” from BlackHat USA 2011
Download
http://erpscan.com/wp-content/uploads/2011/08/A-crushing-blow-at-the-heart-SAP-J2EE-engine_whitepaper.pdf

SSDownloader is an easy-to-use tool which allows you to download up to 50 major security applications in just a few clicks.

If you're setting up a new PC, for instance, then normally you might visit the websites of your favourite security vendors, locate the tools you need and download each one individually.

Download
http://sourceforge.net/projects/ssdownloader/files/SSDownloader.exe/download