Free Software

These tools have been released under the GNU Public License by Immunity. By releasing tools, such as these, we hope to demonstrate our knowledge leadership, and give back to the security community as a whole.


pyREtic
Reverse Engineer Obfuscated Python Bytecode
This toolkit allows you to take a object in memory back to source code, without needing access to the bytecode directly on disk. This can be useful if the applictions pyc's on disk are obfuscated in one of many ways.
Presentation from blackhat here:
Download Current Zip

TCIS 1.0
The Clash of the Internet Superher0es
TCIS is the Next Generation of Internet Superhero conflict resolution in the form of a fun 2D fighting game. TCIS is a mod of the M.U.G.E.N. framework, and the all star cast includes some of the most well-known characters of the information security community. If you've ever wanted to see Dave Aitel deliver a spinning backfist to Brad Spengler, then this is the game for you!.
More Info

MOSDEF 2.0
A C-like compiler suite originally built for and designed for Immunity's CANVAS attack framework written completely in Python.
Download Current Tarball
Download PDF

VAASeline 1.03
Download Tarball (depends on pyvnc2swf)

DR RootKit
An IA32 Debug Register based rootkit (last updated: 9/4/2008 SHA1: 2048f537ab3459b21150c2d0b09a042737758d39)

Download Current Tarball

Ply 1.4 C
A modified version of ply version 1.4 (current is 2.2) used internally by MOSDEF.

Download current source tree

Unmidl
A Python utility for recovering typelib data, similar to Matthew Chapman's "muddle" program. Especially useful when a contractor has delivered a server but forgotten to include the interface file.

Download Current Tarball

libdisassemble
A Python library that will disassemble X86.

Download Current Tarball

SPIKE
When you need to analyze a new network protocol for buffer overflows or similar weaknesses, the SPIKE is the tool of choice for professionals. While it requires a strong knowledge of C to use, it produces results second to none in the field. SPIKE is available for the Linux platform only.
Download Current Tarball    |    Papers on SPIKE    |    Access SPIKE Mailing List

SPIKE Proxy
Not all web applications are built in the same ways, and hence, many must be analyzed individually. SPIKE Proxy is a professional-grade tool for looking for application-level vulnerabilities in web applications. SPIKE Proxy covers the basics, such as SQL Injection and cross-site-scripting, but it's completely open Python infrastructure allows advanced users to customize it for web applications that other tools fall apart on. SPIKE Proxy is available for Linux and Windows.

Note: that SPIKE Proxy requires a working install of Python and pyOpenSSL on Linux. This is included in the Windows distribution
Download for Linux    |    Download for Windows    |    Access SPIKE Mailing List

Unmask
Unmask was released in 2002 as a demonstration of how to fingerprint users based only on their emails or IRC postings.
Download

MOSDEF
MOSDEF is a next generation exploitation tool. As a pure-Python C compiler, it offers advantages other techniques don't.
Download    |    Papers    |    Mailing List

Sharefuzz
The original environment variable fuzzer for Unixes that support loading a shared library. (AUTHOR: Dave Aitel. License: GPL)
Download