'Excess Stool'? The small beginnings of a web application XSS demonstration utility - a stand-alone cross-site scripting tool written in Ruby. Currently it supports various encoding schemes (base64, HTML, URL), dynamic content (e.g. for on-the-fly demonstrations of phishing attacks and trojan login screens) and demonstration of cookie theft. Future plans include XSS proxy functionality for demonstrating 'real time' cross-site scripting attacks. Read a short introduction on how to use it here. Let me know if you want to contribute.

This is a very lightweight monitoring tool. Think "Nagios" without all the bells and whistles. It's public mainly because some friends wanted a quick hack. Feel free to peruse the README (please note that the mailing list mentioned therein is currently not operational). Have a look at the very basic output it produces here, and a sample configuration file can be perused here. Please note that you should download two parts: the engine and the plugins.

A tool I wrote which allows an attacker to perform a man-in-the-middle attack against JetDirect printers (requires that you can impersonate the printer's IP address, either by reconfiguring it or through e.g. an ARP cache poisoning attack). I should probably get around to writing some short documentation for it some day. Essentially, it handles multiple incoming print requests, writes them to file, and sends them to the printer. The attacker may then use 'nc' or similar tools to replay the job.

This tool generates complementing Cisco access-control lists (ACL's) for use in a Cisco IOS or PIX IPSec deployment scenario. You can read more about the problems surrounding IPSec and Cisco (and how this script can save you a headache or two) in the README.txt.