ACL2 is a mathematical logic, programming language, and mechanical theorem prover based on the applicative subset of Common Lisp. It is an "industrial-strength" version of the NQTHM or Boyer/Moore theorem prover, and has been used for the formal verification of commercial microprocessors, the Java Virtual Machine, interesting algorithms, and so forth.
BFBTester is good for doing quick, proactive security checks of binary programs. BFBTester will perform checks of single and multiple argument command line overflows and environment variable overflows. It can also watch for tempfile creation activity to alert the user of any programs using unsafe tempfile names.
Bunny the Fuzzer is a closed loop, high-performance, general purpose protocol-blind fuzzer for C programs. It uses compiler-level integration to seamlessly inject precise and reliable instrumentation hooks into the traced program. These hooks enable the fuzzer to receive real-time feedback on changes to the function call path, call parameters, and return values in response to variations in input data.
Burp intruder is a tool that facilitates automated attacks against Web-enabled applications. It is highly configurable and can test for common Web application vulnerabilities such as SQL injection, cross-site scripting, buffer overflows, and directory traversal as well as performing brute force attacks against authentication schemes, enumeration, parameter manipulation, trawling for hidden content and functionality, session token sequencing and session hijacking, data mining, concurrency attacks, and application-layer denial-of-service attacks.
Burp proxy is an interactive HTTP/S proxy server for attacking Web-enabled applications. It operates as a man-in-the-middle between the end browser and the target Web server, and allows the attacker to intercept, inspect, and modify the raw traffic passing in both directions. Text and hex editing may be performed on intercepted traffic. Downstream proxies are supported. Authentication may be done to downstream proxy and Web servers, using basic, NTLM, or digest authentication types.
Burp suite allows an attacker to combine manual and automated techniques to enumerate, analyse, attack, and exploit Web applications. The various burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another. Numerous interfaces are implemented between the different tools, designed to facilitate and speed up the process of attacking a Web application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting, and extensibility. Burp suite is extensible via the IBurpExtender interface.
Fenris is a multipurpose tracer, debugger, and code analysis tool that detects and documents high-level language constructions, can recover symbols, graph program execution flow, detect internal functions, recover symbol tables, and deal with anti-debugging protection. It features a command-line interface as well as a SoftICE-alike GUI and Web frontend.
Groovy is an agile, dynamic language for the JVM which combines many features from languages like Python, Ruby, and Smalltalk and makes them available to Java developers using a Java-like syntax. It is designed to help get things done on the Java platform in a quicker, more concise, and fun way. It can be used as an alternative compiler to javac to generate standard Java bytecode to be used by any Java project or it can be used dynamically as an alternative language, such as for scripting Java objects, templating, or writing unit test cases.
NTMF is a C++ framework for developing software that requires the manipulation of packets traversing a system. The main application areas are protocol testing, protocol implementation testing, network emulation, and network monitoring. It has support for link level packet capturing (using libpcap), link level packet injection, and network level packet injection for IPv4 packets (using lipnet). It supports multi-threaded execution, provides thread-safe packet queues, and provides a dynamic Finite State Machine representation.