skip to main content

DEF CON Hacking Conference

Tools Released

This page is a repository for the great and innovative tools that have accompanied DEF CON talks over the years. DEF CON 16 content was graciously collected and brought to you by Rob Fuller, (aka Mubix) of If you know of a newer version of the tools or have a correction, send them to neil [at] defcon ]dot[ org.

Tools Released at DEF CON 18


by Jeff Bryner



  • Description FOCA is a tool for Windows Systems that allows pentester to perform a tactical fingerprinting using metadata, DNS information, search engines and public files.
  • Homepage Link:
  • Email Address: amigosdelafoca [at] informatica64 ]dot[ com


by James Shewmaker

Search Diggity

by Francis Brown and Rob Ragan

DotNetasploit - Gray Dragon - Visual Studio xMe - Beta

by Jon McCoy

FOE (Feed Over Email)

by Sho Ho

  • Description: Users in Internet censored countries often find themselves unable to access foreign news websites or RSS feeds such as the ones from Voice of America, CNN, BBC, etc. Until now, the only way users in censored countries can access these websites is to use a proxy server or install a proxy software on their computer. FOE (Feed Over Email) is a new tool that allows users to receive RSS feeds from foreign websites without the need to find a working proxy server or install any proxy software. Technically, FOE is built on top of SMTP and work on most email servers as long as the user has access to POP3 and SMTP.
  • Homepage Link:


by Patrick Thomas

  • Description: The BlindElephant Web Application Fingerprinter attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatable.
  • Homepage Link:
  • Email: pst [at] coffeetocode ]dot[ net

Exploiting WebSphere Application Server's JSP Engine

by Ed Schaller


Francisco Amato and Federico Kirschbaum

Tools from: Training the Next Generation of Hardware Hackers

by Andrew Kongs and Dr. Gerald Kane

  • Description: Hardware hacking can be lots of fun but can be very intimidating getting started. Andrew Kongs and Dr. Gerald Kane wanted to spread the hardware hacking culture to others and saw incoming college engineering freshman as the perfect crowd to indoctrinate. They developed a set of hardware and software tools to help their incoming students play with low-level software and embedded systems.

    After sharing the tools with their student audience, they want to share the tools they built with everyone so that those interested can get their feet wet. Want to learn more about the nitty gritty of how microcontrollers and how embedded systems tick (and how to break them) without diving in eyeballs deep? So do many people and the guys from the University of Tulsa are here to help.
  • Homepage Link:


by Wayne Huang


by Monta Elkins

  • Description: Do you check every USB plug on your computer before you log-in? Didn't think so... URFUKED is used to take over the user's keyboard input and quickly execute preprogrammed attacks with the user's privileges.
  • Homepage Link:


by FX


by Frank Breedjik

Tools from: Breaking Bluetooth

by JP Dunning


by Patrick Mullen and Ryan Pentney

Tools Released at DEF CON 16


by Nick Harbour


by Guy Martin

SA Exploiter

by Securestate


by Securestate


by Nelson Murilo and Luis Eduardo


by Joe Grand (Kingpin) and Zoz

  • Description: A gadget that interfaces between a computer and a VGA monitor and flashes a fake BSOD (Blue Screen of Death) at random time intervals or when triggered by an infrared remote control.
  • Homepage Link:
  • Email Address: kp [at] kingpinempire ]dot[ com

The Middler

by Jay Beale


by Jay Beale

  • Description: An open source inline "transparent" client-side IPS
  • Homepage Link: (Online?)

Marathon Tool

by Daniel Kachakill

The Phantom Protocol

by Magnus Brading

  • Description: A Tor-like protocol that fixes some of Tor's major attack vectors
  • Homepage Link:
  • Email Address: brading [at] fortego ]dot[ se


by Mark Bristow

Grendel Scan

by David Byrne

  • Description: Web Application scanner that searches for logic and design flaws as well as the standard flaw seen in the wild today (SQL Injection, XSS, CSRF)
  • Homepage Link:

iKatinteractive Kiosk Attack Tool

by Paul Craig
(This site has an image as a banner that is definitely not safe for work! You have been warned)

  • Description: A web site that is dedicated to helping you break out of Kiosk jails
  • Homepage Link:
  • Email Address: paul.craig [at] security-assessment ]dot[ com


by Jan P. Monsch and Raffael Marty


by Chris Eagle and Tim Vidas

  • Description: An IDA Pro plugin with a server backend that allows multiple people to collaborate on a single RE (reverse engineering) project.
  • Homepage Link:
  • Email Addresses: cseagle [at] gmail ]dot[ com and tvidas [at] gmail ]dot[ com

VMware Pen-Testing Framework

by John Fitzpatrick

  • Description: A collection of tools created to pen-test VMware environments
  • Homepage:
  • Email Address: john.fitzpatrick [at] mwrinfosecurity ]dot[ com


by etd


by Kurt Grutzmacher


by Kolisar

  • Description: A script that can hide other scripts such as CSRF and iframes in spaces and tabs
  • Download Link: DEF CON 16 CD


by nnp


by Errata Security

  • Description: A browser plugin that pen-tests every site that you visit.
  • Homepage Link:
  • Email Address: sales [at] erratasec ]dot[ com


by Ponte Technologies