Durzosploit v0.1 alpha

To: "pen-test@xxxxxxxxxxxxxxxxx" <pen-test@xxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>, <webappsec@xxxxxxxxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Durzosploit v0.1 alpha
From: Benjilenoob <benjilenoob@xxxxxxxxxxx>
Date: Fri, 1 May 2009 10:05:41 +0000
Importance: Normal
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hi all readers,

Just releasing a very small tool I wrote called Durzosploit.

Durzosploit is a javascript exploits generator framework that works through the 
console. This goal of that project is to quickly and
easily generate working exploits for cross-site scripting vulnerabilities in 
popular web applications or web sites.

Please note that Durzosploit does not find browser vulnerabilities, it only is 
an framework containing exploits you can use.

More info can be found here: 
http://engineeringforfun.com/wiki/index.php/Durzosploit_Introduction
You can get it through the SVN: 
http://engineeringforfun.com/wiki/index.php/Durzosploit_SVN

At present there isn't many exploits:
(dz)> search exploits
twitter.com/update_status               -       Updates a target's status
twitter.com/update_settings             -       Updates your target's settings
facebook.com/what_is_on_your_mind       -       Write your message in your 
target's mind
drupal/edit_user_profile                -       Drupal 6.x - edit the profile 
of the user
drupal/logout                           -       Drupal 6.x - makes target logout
(dz)>

My focus has been on the framework itself; allowing people to quickly write 
their exploits and adding some automated obfuscators (Deanedwards is in there).

I'll also use that email as a chance to give a quick update on Browser Rider. I 
am currently working on its API, a ruby client and a small firefox extension. I 
think Durzosploit will be a good addition to all of that.

Please email to benjilenoob(_at_)gmail.com if you have any questions, issues, 
bugs, ideas, contributions. I'll be happy to answer you ASAP.

have fun!

Benjilenoob

_________________________________________________________________
Téléphonez gratuitement à tous vos proches avec Windows Live Messenger  !  
Téléchargez-le maintenant !
http://www.windowslive.fr/messenger/1.asp

Prev by Date: BLIND SQL INJECTION--Leap CMS 0.1.4-->
Next by Date: New WebApp security paper: Anti-fraud Image Solutions
Previous by thread: BLIND SQL INJECTION--Leap CMS 0.1.4-->
Next by thread: New WebApp security paper: Anti-fraud Image Solutions
Index(es):
- Date
- Thread