Here you will find various security software tools released by VSR and its consultants.
Security Testing Tools
- FuzzDiff -- A simple tool designed to help out with crash analysis during fuzz testing. It selectively "un-fuzzes" portions of a fuzzed file that is known to cause a crash, re-launches the targeted application, and sees if it still crashes. Eventually, this will yield a file that still causes the crash, but contains a minimum set of changes from the original un-fuzzed file.
- Forms-based HTTP Authentication Proof of Concept -- A self-contained web server and application implemented in Python to demonstrate how forms-based HTTP authentication is possible with combination of AJAX and clever use of HTTP response codes. See this paper for more details on the reasons why this is interesting.
- WebLogicPlugin-HRS-PoC.sh -- A simple script to demonstrate the exploitation of the HTTP Request Smuggling vulnerability (CVE-2010-2375) in the WebLogic web server plugin. This script can be used to steal other users HTTP responses when used against a vulnerable web server. See the original advisory for more details.
- WebsenseBypassProxy.java -- A tool for bypassing WebSense filtering proxies when used in conjunction with certain Cisco devices. See the original advisory for more details.