free security tools by me
for download

my CV
and pgp key

cv-marc_heuse-en.pdf
my CV in english

cv-marc_heuse-en.pdf
my CV in german

mh_at_mh-sec_de.asc
my public pgp key

mh-iso9001.pdf iso 9001:2015 certificate

marc_heuse-tisax-summary.pdf tisax 5.0 high protection level (certificate may sadly not be made public. please contact me.)

security advisories

normally I do not publish security announcements and leave this up to the vendors. in the rare case a vendor however doesn't want to fix a security problem or purposely put a backdoor in his product, I release a security advisory.

mh-ra_flooding_cve-2010-multiple
local LAN denial-of-service affecting all windows, cisco ios/asa, netscreen and freebsd systems by flooding the network with ICMPv6 router advertisements

bsc-qnap_crypto_backdoor-cve-2009-3200
the network storage (NAS) products from QNAP contain a crypto backdoor which allows access to the encrypted partitions

open and free

I believe in open source software, where everyone can read the source, learn and improve it. Therefore I publish my software with source code for free for over 20 years. currently I use the Affero Gnu Public License (AGP-3) for most of my code.

software by me at thc

hydra-9.5.tar.gz
innovative, the first, best and most-used network password tester, for over 40 services, on rank 15 of the 100 best security tools, is mentioned and recommended in many security books (all operating systems)

thc-ipv6-3.8.tar.gz
innovative, the first and still only toolkit for security testing ipv6 networks (linux)

amap-5.4.tar.gz
innovative, the first exsting tool for service fingerprinting, although obsolete it is still rank 19 of the 100 best security tools (all operating systems, obsolete) - better is currently nmap

thc-scan-2.01.zip
for many years the best wardialer in the world - maybe still today (all operating systems with dos/windows emulation, no further development)

secure_delete-3.1.tar.gz
one of the first tools for secure data deletion on hard disks and ram, with todays hard disk technology however putting too much effort in there (all operating systems, no further development)

rwwwshell-2.0.pl.gz
proof-of-concept too show how to reverse tunnel a connection from the internet through firewalls and proxies to an internal machine - from 1999 (platform independant, no further development)

keyfinder.c
identifies encrypted areas in a file (eg. AES keys) by calculating the entropy of area (all operating systems)

manipulate_data-1.3.tar.gz
read and write data directly to the harddisk level, which circumvents rootkits (linux, no further development)

flood-connect-1.5.tar.gz
tests the protection of services against massive connections (linux, BSD, cygwin, no further development)

parasite-1.2.tar.gz
this was once one of the first arp spoofer, which allows sniffing and man-in-the-middle on local networks (linux, obsolete)

grenzgaenger-alpha.tar.gz
proof-of-concept tool to tunnel TCP/UDP connections transparently via multiple jump points (linux, no further development)

software directly by me

afl++
the best afl version and the best overall fuzzer out there - according to Google's fuzzbench.

afl-dyninst
blackbox fuzzing of programs with afl through dyninst

afl patches
a collection of afl patches that improve performance, coverage, features and fixes bugs

afl-dynamorio
blackbox fuzzing of programs with afl through dynamorio

afl-pin
blackbox fuzzing of programs with afl through pintool

afl-simulate
simulates afl-fuzz for benchmarking of afl-pin, afl-dyninst, afl-dynamorio, etc.

audit scripts
audit scripts collect all necessary configuration data for offline analysis. they are used by some of the big five auditing companies (windows, linux, solaris, hp-ux, aix)

easyfuzzer-3.6.tar.gz
a flexible fuzzer, not only for web, has a CSV output for efficient output analysis (platform independant)

shooter.c
an efficient dumb file fuzzer with many options (C, platform independant)

wakeup.pl
starts systems that are shutdown if the wake-up-on-lan feature is active. also systems which are turned off can be attacked, this is from 1998 ;-) (plattform independant, no further development)

sapcrack
cracks SAP passwords in the usr02 table, integrated in the password cracking tool from red database security gmbh

oracle sql code checker
analysis of oracle sql code on sql injection, cross-site-scripting etc. - this is the only commercial tool of mine and is sold via red database security gmbh (windows)

beside these tools, there are several other powerful program for automotive, network & webapp pentests and reverse engineering which I do not publish however - yet

software by me
at suse linux

susefirewall2
the firewall script which comes with all OpenSuSE/SLES Linux installations

compartment-1.3.tar.gz
runs programs in a secure environment/compartment (chroot, capabilities, fd-security, etc.) (no further development)

seccheck-2.1.tar.gz
security check scripts which evaluate daily, weekly and monthly various security parameters (no further development)

suseauditdisk-0.6-pre.tar.gz
creates a boot disk(!) which contains integrity information. When booting, it checks the system for manipulations (obviously depricated)

harden_suse.pl
script to harden old SuSE Linux servers (obsolete) (recommended in the BSI study on Apache Security)