Rob Fuller yesterday did an excellent guest post on the Zero Day ZDNet blog on the tools released at DEFCON 16. Here is the list of DEFCON 16 tools:

  • Beholder: An open source wireless IDS program by Nelson Murilo and Luis Eduardo
  • The Middler: The end-all be-all of MITM tools by Jay Beale
  • ClientIPS: An open source inline "transparent" client-side IPS by Jay Beale
  • Marathon Tool: A blind SQL injection tool based on heavy queries by Daniel Kachakill
  • The Phantom Protocol: A Tor-like protocol that fixes some of Tor’s major attack vectors by Magnus Brading
  • ModScan: A SCADA modbus network scanner by Mark Bristow
  • Grendel Scan: A web application scanner that searches for logic and design flaws as well as the standard flaw seen in the wild today (SQL injection, XSS, XSRF) by David Byrne
  • iKat – interactive Kiosk Attack Tool: A web site that is dedicated to helping you break out of Kiosk jails by Paul Craig
  • DAVIX: A SLAX based Linux Distro that is geared toward data/log visualization by Jan P. Monsch and Raffael Marty
  • CollabREate: An IDA Pro plugin with a server backend that allows multiple people to collaborate on a single RE (reverse engineering) project by Chris Eagle and Tim Vidas
  • Dradis: A tool for organizing and sharing information during a penetration test by John Fitzpatrick
  • Squirtle: A rouge server with controlling desires that steals NTLM hashes by Kurt Grutzmacher
  • WhiteSpace: A script that can hide other scripts such as CSRF and iframes in spaces and tabs by Kolisar
  • VoIPer: VoIP automated fuzzing tool with support for a large number of VoIP applications and protocols by nnp
  • Barrier: A browser plugin that pen-tests every site that you visit by Errata Security
  • Psyche: An advanced network flow visualization tool that is not soley based on time by Ponte Technologies

Update: Rob’s master DEFCON 16 tools list will be at in a post called DEFCON 16 – The Tools not the Toools. He recently lists a few more tools:

  • PE-Scrambler by Nick Harbour
  • Packet-O-Matic: “A real time packet processor” – It extracts and can reinject packets. This includes VoIP calls in real time, Cable Modem (DOCSIS) traffic, and a whole host of others by Guy Martin
  • SA Exploiter: A GUI SQL Injection tool that creates SQL injection queries and brakes the 64k barrier using MS Debugger by Securestate
  • Fast-Track: A python based tool that automates several different typs of attacks including Metasploit’s Autopwn and SQL Injection by Securestate

Bonus: Michael Brooks of Rook Security posted a goodie bag of web code as a thank you to all the people that attended his two talks.