- SET – Social-Engineer Toolkit
- LUCY – social engineering VM
- EvilGrade – Update exploitation framework – injection exploit into an update
- A research that checked which programs updates are signed and which are are not, can be used to decide which program update to inject using evilgrade https://www.usenix.org/legacy/event/hotsec06/tech/full_papers/bellissimo/bellissimo.pdf
- PhishMe Simulator – “PhishMe is a spear phishing simulator that raises awareness of the strategies and sophisticated tactics utilized today by hackers looking to compromise your firm’s data and systems.”
- A website to check password strength can be used for stealing passwords. I checked the client side code of the following website and it seems that its OK and it doesn’t send the password to the server, however with a small change you can turn it into a password stealing website. The function triggering the checks via observer pattern is called “passwordChange”. It got an array called “commonPasswords” containing common passwords.