Collaborative RCE Tool Library - Categorized by Target Type (including sub-categories)

Tool Added: DotNetasploit

Tue, 17 Aug 2010 01:40:27 GMT

Listed in categories: .NET Code Injection Tools

Most recent version:
2.5

Most recent release date:
August 2010

Description:
DotNetasploit is a very capable code injector, making it possible to inject and edit code and GUI controls into .NET applications in an interactive fashion.

Tool Added: Jsunpack

Sun, 25 Jul 2010 23:06:39 GMT

Listed in categories: Javascript Unpackers

Most recent version:
0.3.2c

Most recent release date:
June 2, 2010

Description:
A Generic JavaScript Unpacker.

jsunpack emulates browser functionality when visiting a URL. It's purpose is to detect exploits that target browser and browser plug-in vulnerabilities.

It accepts many different types of input:

* PDF files - samples/sample-pdf.file
* Packet Captures - samples/sample-http-exploit.pcap
* HTML files
* JavaScript files
* SWF files

Tool Added: Unsign

Mon, 19 Jul 2010 19:30:26 GMT

Listed in categories: IPhone Tools, Needs New Category

Most recent version:

Most recent release date:
July 18, 2010

Description:
Remove code signing from Mach-O and Universal Binary files.

This program removes the LC_CODE_SIGNATURE load command and
zeroes out the signature in the __LINKEDIT section.

----

This needs the new category Apple / Mac / OS X or similar (iPhone is a specialized OS X version).

Tool Added: .NET Methods Parser

Sun, 18 Jul 2010 22:27:24 GMT

Listed in categories: .NET Deobfuscation Tools

Most recent version:
0.2

Most recent release date:
July 19, 2010

Description:
A simple tool to analyze the "Methods" metadata table.
It has a good error and invalid data handling code so it will open most weird files.

Tool Added: Javassist

Tue, 13 Jul 2010 19:33:16 GMT

Listed in categories: Java Code Injection Tools, Java Executable Editors & Patchers

Most recent version:
3.12.0.GA

Most recent release date:
April 16, 2010

Description:
Javassist (Java Programming Assistant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java; it enables Java programs to define a new class at runtime and to modify a class file when the JVM loads it. Unlike other similar bytecode editors, Javassist provides two levels of API: source level and bytecode level. If the users use the source-level API, they can edit a class file without knowledge of the specifications of the Java bytecode. The whole API is designed with only the vocabulary of the Java language. You can even specify inserted bytecode in the form of source text; Javassist compiles it on the fly. On the other hand, the bytecode-level API allows the users to directly edit a class file as other editors.

Aspect Oriented Programming: Javassist can be a good tool for adding new methods into a class and for inserting before/after/around advice at the both caller and callee sides.

Reflection: One of applications of Javassist is runtime reflection; Javassist enables Java programs to use a metaobject that controls method calls on base-level objects. No specialized compiler or virtual machine are needed.

Tool Updated: Java Decompiler

Tue, 13 Jul 2010 19:23:49 GMT

Listed in categories: Java Decompilers

Most recent version:
0.3.2

Most recent release date:
March 20, 2010

Description:
The “Java Decompiler project” aims to develop tools in order to decompile and analyze Java 5 “byte code” and the later versions.

JD-Core is a freeware library that reconstructs Java source code from one or more “.class” files. JD-Core may be used to recover lost source code and explore the source of Java runtime libraries. New features of Java 5, such as annotations, generics or type “enum”, are supported. JD-GUI and JD-Eclipse include JD-Core library.

JD-GUI is a standalone graphical utility that displays Java source codes of “.class” files. You can browse the reconstructed source code with the JD-GUI for instant access to methods and fields.

JD-Eclipse is a plug-in for the Eclipse platform. It allows you to display all the Java sources during your debugging process, even if you do not have them all.

JD-Core, JD-GUI and JD-Eclipse are free for non-commercial use. This means that JD-Core, JD-GUI and JD-Eclipse shall not be included or embedded into commercial software products. Nevertheless, these projects may be freely used for personal needs in a commercial or non-commercial environments.

Tool Updated: WinApiOverride

Tue, 13 Jul 2010 18:55:31 GMT

Listed in categories: .NET Tracers, API Monitoring Tools, COM Monitoring Tools

Most recent version:
5.4.4

Most recent release date:
July 7, 2010

Description:
WinAPIOverride32 is an advanced api monitoring software.
You can monitor and/or override any function of a process.
This can be done for API functions or executable internal functions.

It tries to fill the gap between classical API monitoring softwares and debuggers.
It can break targeted application before or after a function call, allowing memory or registers changes; and it can directly call functions of the targeted application.
Main differences between other API monitoring softwares :
- You can define filters on parameters or function result
- You can define filters on dll to discard calls from windows system dll
- You can hook functions inside the target process not only API
- You can hook asm functions with parameters passed through registers
- Double and float results are logged
- Preserve registers, floating stack and LastError
- You can easily override any API or any process internal function
- You can break process before or/and after function call to change memory or registers
- You can call functions which are inside the remote processes
- Can hook COM OLE and ActiveX interfaces
- All is is done like modules : you can log or override independently for any function

Tool Updated: DotNET Tracer

Sun, 13 Jun 2010 12:52:02 GMT

Listed in categories: .NET Tracers

Most recent version:
0.9

Most recent release date:
May 15, 2010

Description:
This is a simple tool that has a similar functionality to RegMon or FileMon but it's designed to trace events in .NET assemblies in runtime, many events can be reported so you can understand what's going on in the background.

1- Select the assembly you want to analyze
2- Set the Events Mask, i.e Events you want to catch
3- Click "Start"

I hope it's useful and as always bug reports are welcome.

Tool Updated: IDR - Interactive Delphi Reconstructor

Mon, 07 Jun 2010 16:56:28 GMT

Listed in categories: Delphi Decompilers

Most recent version:
2.1.1.33

Most recent release date:
June 5, 2010

Description:
IDR (Interactive Delphi Reconstructor) – a decompiler of executable files (EXE) and dynamic libraries (DLL), written in Delphi and executed in Windows32 environment.

The program firstly is intended for the companies, engaged by development of anti-virus software. It can also help programmers to recover lost source code of programs appreciably.

The current version of the program can process files (GUI and console applications), compiled by Delphi compilers of versions Delphi2 – Delphi2009. Working on support version Delphi2010 is conducted.

Final project goal is development of the program capable to restore the most part of initial Delphi source codes from the compiled file but IDR, as well as others Delphi decompilers, cannot do it yet. Nevertheless, IDR is in a status considerably to facilitate such process. In comparison with other well known Delphi decompilers the result of IDR analysis has the greatest completeness and reliability. Moreover interactivity does work with the program comfortable and (we shall not be afraid of this word) pleasant.

IDR make static analysis (analyzed file is not loaded to memory and executed) that allows to safely investigate viruses, trojans and other malware applications, those executing is dangerous or is not desirable.

The program does not demand installation and does not do any records in Windows register.

Tool Added: COM VfTable Dumper

Fri, 04 Jun 2010 06:04:56 GMT

Listed in categories: COM Tools

Most recent version:
1.0

Most recent release date:
February 2, 2010

Description:
This parses the TLB info and gets method addresses in the registered interfaces of the COM component.

Tool Updated: JClazzME

Fri, 04 Jun 2010 05:51:44 GMT

Listed in categories: Mobile Platform Tools

Most recent version:
1.2.3

Most recent release date:
June 8, 2009

Description:
jClazzME is a tool for decompiling Java class file.

jClazzME is a J2ME application . Therefore it would work for any mobile phone that support J2ME with JSR-75.

jClazzME is also a Java disassembler.

Tool Updated: EDB Linux Debugger

Fri, 28 May 2010 16:11:57 GMT

Listed in categories: Debuggers, Linux Debuggers, Ring 3 Debuggers

Most recent version:
0.9.14

Most recent release date:
May 28, 2010

Description:
Features
* Intuitive GUI interface
* The usual debugging operations (step-into/step-over/run/break)
* Conditional breakpoints
* Debugging core is implemented as a plugin so people can have drop in replacements. Of course if a given platform has several debugging APIs available, then you may have a plugin that implements any of them.
* Basic instruction analysis
* View/Dump memory regions
* Effective address inspection
* The data dump view is tabbed, allowing you to have several views of memory open at the same time and quickly switch between them.
* Importing of symbol maps
* Plugins
o Search for binary strings
o Code Bookmarks
o Breakpoint management
o Check for updates
o Environment variable viewer
o Heap block enumeration
o Opcode search engine plugin has basic functionality (similar to msfelfscan/msfpescan)
o Open file enumeration
o Reference finder
o String searching (like strings command in *nix)

One of the main goals of this debugger is isolation of the debugger core from the display you see. The interface is written in QT4 and thus source portable to many platforms. The debugger core is actually a plugin and the platform specific code is isolated to just a few files, porting to a new OS would require porting these few files and implementing a plugin which implements the "DebuggerCoreInterface" interface. Also, because the plugins are based on the QPlugin API, and do their work through the DebuggerCoreInterface object, they are almost always portable with just a simple recompile. So far, the only plugin I have written which would not port with just a recompile is the heap analysis plugin, due to it's highly system specific nature.

Tool Updated: SandboxDiff

Thu, 13 May 2010 11:49:54 GMT

Listed in categories: File Monitoring Tools, File System Diff Tools, Install Monitoring Tools, Monitoring Tools, Registry Diff Tools, Registry Monitoring Tools

Most recent version:
2.0

Most recent release date:
May 13, 2010

Description:
'SandboxDiff' allows tracking changes in Registry and Files when using 'Sandboxie' (an amazing application created by Ronen Tzur).

All Registry entries and File system created/modified by a program sandboxed (or any action sandboxed) are monitored and listed with SandboxDiff.

Very useful when users want (before to install an application) to know all changes made by the installer in Registry and File system.

Tool Updated: SentinelLM Dongle C/C++ library IDA Signatures

Sat, 10 Apr 2010 12:13:22 GMT

Listed in categories: Dongle IDA Signatures, Sentinel Dongle Tools

Most recent version:
rev2

Most recent release date:
June 14, 2007

Description:
IDA Signature: SentinelLM C/C++ library
version: rev2

2007.06.14
Add SentinelLM v8.0
Add SentinelLM v8.0.2
Fixed some obfuscated functions.

2004.12.30 rev1:
inculde:
SentinelLM v7.0
SentinelLM v7.0 SP2
SentinelLM v7.1
SentinelLM v7.1.1
SentinelLM v7.1.2
SentinelLM v7.2
SentinelLM v7.2.0.1
SentinelLM v7.2.0.3
SentinelLM v7.2.0.4
SentinelLM v7.2.0.5
SentinelLM v7.2.0.6
SentinelLM v7.2.0.8
SentinelLM v7.2.0.9
SentinelLM v7.2.0.12
SentinelLM v7.2.0.18
SentinelLM v7.3.0

Tool Updated: Sentinel SuperPro 6.x Dongle C/C++ library IDA Signatures

Sat, 10 Apr 2010 12:13:12 GMT

Listed in categories: Dongle IDA Signatures, Sentinel Dongle Tools

Most recent version:
rev7

Most recent release date:
April 17, 2007

Description:
IDA Signature: Sentinel SuperPro v6.x C/C++ library
version: rev7

2007.04.11 rev7:
Fixed some Sentinel obfuscated functions. (Thanks to Meteo)

2007.03.01 rev6:
Fixed Sentinel obfuscated functions. (Thanks to Meteo)

2006.10.27 rev5:
Add Sentinel SuperPro v6.4.4
Add Sentinel SuperPro v6.4.3

2006.03.11 rev4:
Add Sentinel SuperPro v6.4.2
Add Sentinel SuperPro v6.4.1

2005.05.07 rev3:
Add Sentinel SuperPro v6.4

2004.12.31 rev2:
Add Sentinel SuperPro v6.3.1.9
Add Sentinel SuperPro v6.3.1.8
Add Sentinel SuperPro v6.3.1.2
Add Sentinel SuperPro v6.3.1.1

2004.12.09 rev1:
Add Sentinel SuperPro v6.3.1.10
Add Sentinel SuperPro v6.3.1.4
Add Sentinel SuperPro v6.3.1
Add Sentinel SuperPro v6.3
Add Sentinel SuperPro v6.2.1
Add Sentinel SuperPro v6.2
Add Sentinel SuperPro v6.1
Add Sentinel SuperPro v6.0

Tool Updated: Safenet Sentinel Hardware Keys 1.x C++ library IDA Signatures

Sat, 10 Apr 2010 12:13:04 GMT

Listed in categories: Dongle IDA Signatures, Sentinel Dongle Tools

Most recent version:
rev1

Most recent release date:
November 15, 2006

Description:
New sentinel dongle:
http://www.safenet-inc.com/products/sentinel/hardware_keys.asp

IDA Signature: Safenet Sentinel Hardware Keys v1.x C++ library
version: rev1

2006.11.15 rev1:
Sentinel Hardware Keys v1.0.2

Tool Updated: Rockey4ND 1.x Dongle C++ library IDA Signatures

Sat, 10 Apr 2010 12:12:55 GMT

Listed in categories: Dongle IDA Signatures, Rockey Dongle Tools

Most recent version:
rev2

Most recent release date:
October 11, 2007

Description:
IDA Signatures: Rockey4ND v1.x C++ library

2007.07.05 rev1:
Add Rockey4ND v1.20

2007.10.11 rev2:
Add Rockey4ND v1.15
Add Rockey4ND v1.16

Tool Updated: Rockey4 2.x Dongle C++ library IDA Signatures

Sat, 10 Apr 2010 12:12:45 GMT

Listed in categories: Dongle IDA Signatures, Rockey Dongle Tools

Most recent version:
rev1

Most recent release date:
July 5, 2007

Description:
IDA Signature: Rockey4 v2.x C++ library
version: rev1

2007.07.05 rev1:
Add Rockey4 v2.05
Add Rockey4 v2.06

Tool Updated: Matrix Dongle C++ library IDA Signatures

Sat, 10 Apr 2010 12:12:36 GMT

Listed in categories: Dongle IDA Signatures, Matrix Dongle Tools

Most recent version:
rev1

Most recent release date:
August 5, 2007

Description:
IDA Signature: Matrix Dongle C++ library
version: rev1

2007.08.05 rev1:
Matrix SDK v2.60

Tool Updated: Key-lok II C++ library IDA Signatures

Sat, 10 Apr 2010 12:12:25 GMT

Listed in categories: Dongle IDA Signatures, KEYLOK Dongle Tools

Most recent version:
rev1

Most recent release date:
July 5, 2007

Description:
IDA Signature: Key-lok II C++ library
version: rev1