Attack Tool Kit
the open-source exploiting framework
"It checks for security leaks on your system, which is what everyone should do. This is well done, I particulary like the customization of the program through plugins, etc." - Spector, Developer,
Talk at OpenExpo regarding httprecon
September 30, 2009
This year I have had a talk at OpenExpo in Winterthur, Switzerland. The title of the presentation was "Security Scanner Design - Using the Example of httprecon" and discussed the approach of developing and implementing a security scanner. Besides httprecon other projects as like the ATK project were mentioned. The Powerpoint presentation and the video of the talk is available here.

Added the GATKit by munix
February 02, 2008
Also some time ago munix (Giampaolo Panto) ported the Attack Tool Kit to Gambas. The GATKit (Gambas Attack Tool Kit) is running under Linux and therefore the 3rd Linux port of the Attack Tool Kit known to me. Because this many portations a sub-section "ports" was introduced in the download listing.

Added the ATKCE by Karsten Burger
November 05, 2007
A long time ago Karsten Burger sent me an email and announced his Mono port of the Attack Tool Kit. His release went online as ATKCE (Attack Tool Kit Console Edition). Finally, after re-designing the web site I added the application to the addon section. Thank you very much Karsten, for the great work you have done!

Release of the new web site
August 03, 2007
The new web site has been released. This edition comes with some major changes in layout and structure. Most of the old data is still available. However, some of the documents are not included yet. You can still use the old web site at

Technical details about stolen code published
June 31, 2007
As announced before, a document explaining the issue of stolen code by WEKA Business Information GmbH & Co. KG. has been published yesterday. The paper with the title ATK gegen WEKA - Technische Beweisführung explains the affected parts and why a violation of the General Public License is given. It is available on german only.

Re-Activation of the project
June 30, 2007
After some suspending of the project I am happy to announce the re-activation of it again. There were two reasons why the project was stalled the last two years. First, I was working on a new book about information security. It was published in Mai 2007 as Die Kunst des Penetration Testing at C&L (german only). The Attack Tool Kit 4.1 is discussed in Chapter 12.2.6 (pp. 686) by the way. Second, there was some very nasty action by a German company. As I have documented in my private blog and as it was discussed in the media widely, the company WEKA Business Information GmbH & Co. KG. stole some code of the ATK project for their commercial vulnerability scanner INTEREST Security Scanner. They overtook all plugins within the ATK release 4.x without respect to the General Public License. Because there was no chance to prevent such behavior without an enormous amount of time and money, I decided to ignore their arrogance for GPL'ed work and concentrate on my other projects. Thus, the following weeks some changes and additions will be introduced within the ATK project. I am going to publish the technical details which kind of data was stolen by WEKA. Furthermore, I am going to publish ATK 4.2 which will bring some minor fixes (e.g. the auto-update for plugins does not work anymore) and some new plugins. There will also be published some ports of ATK. And a complete re-design of the website will come.

ATK 4.1 with some minor bugfixes has been released
February 09, 2005
As you can see in the changelog, the ATK 4.1 with some minor bugfixes has been released. You find the binary and source of the releases in the download section as usual.

Updated the changelog finally and added tipps for plugin developers in the FAQ
January 16, 2005
I found the time to update the changelog finally. There you are able to see all the changes that were made in ATK 4.0 and also some bugfixes that will come with ATK 4.1. I have also added a new question "How do I write a new plugin and how should it be published?" in the FAQ. This one should help new plugin developers to create their checks.

Attack Tool Kit 4.0 has been released
January 11, 2005
Due the positive response of the beta testers of ATK 4.0pre1 I finally published the official ATK 4.0 release. It can be downloaded as usual as binary and source code. The main work was done by enhancing and improving the whole reporting. At the moment there are 340 ATK plugins available.

ATK 4.0pre1 ready for testing
December 31, 2004
Yesterday I have sent the ATK 4.0pre1 to some of my beta testers. If you want to join the official beta test, please download the beta and send me some feedback prior February 2005. Most changes have been made within the reporting. It is now possible to generate HTML, text and Nessus NSR reports. Furthermore I did some bigger improvements in the configuration handling. So, the only thing remaining is to wish you all a happy new year!

ATK 4.0 is coming
December 08, 2004
No, I am not in a hurry. But last week I have had the time to invest some hours in the upcoming ATK 4.0 release. Well, the improvement of the reporting should be the major goal for this release. As I have done most of the hard work (e.g. nice html reporting, Nessus NSR export) I began to re-introduce the Nessus NASL plugins compatibelity. I think I will be able to provide a very well compatibelity (not just experimental anymore) for most of the Nessus NASL plugins. See the changelog for all the details and further changes. So stay tuned for the next generation of the vulnerability scanner and exploiting framework. The release should be in February 2005...

ATK 3.1 with some minor bugfixes
November 27, 2004
As I have written in the last news message, there is a bug in the DNS module in ATK prior 3.1. Because I get emails addressing this problem every day, I quickly release the ATK 3.1. The error has been fixed and some other minor bugfixing has been done. Please download the latest software release to get the improved and more stable version of the utility.

DNS error in ATK prior 3.1 and new press releases
November 21, 2004
A few users, especially from China, reported a bug in modDNS.bas which has the task for handling the whole DNS communication and translation. The user is getting an error under some circumstances if an IP address is specified as target. The application reports a run-time error and shuts down. The bug has been fixed by Lijian in the upcoming release 3.1 of the Attack Tool Kit. You can download the pre-release of the affected modDNS.bas, replace it and re-compile the project to get a running version. A pre-compiled version of the ATK 3.x is not available yet. Please be patient a few weeks. I have also added a few new press releases and quotes in the press section.

Release of the Attack Tool Kit 3.0
November 14, 2004
Sooner as I tought I would like to present the brand new Attack Tool Kit 3.0. As you can see in the changelog I did many changes. The most important for the project are perhaps the introduction of a dedicated exploiting routine and the Plugin AutoUpdate. Please feel free to download and re-distribute the software. Thanks to all people who helped me to improve the tool. See the software about for a listing of all developers and beta-testers.

Added the Chip magazine cover in the press section
November 11, 2004
I have added a scan of the Chip magazine cover in the press section (thanks to Simon Zumstein for the scan). As you can see the Attack Tool Kit is listed on the cover and also included on the CD ROM. I am currently finishing some deals with other magazines to write about the project and to publish the tool on a CD ROM. Further infos to come...

Attack Tool Kit Online Help is available
November 06, 2004
A new feature of the upcoming Attack Tool Kit 3.0 is the online help. It will be possible to get help by clicking the F1 button. The user will be redirected to the online help repository that is newly available in the documentation section. Check out the new html help and learn more about the ATK software.

Attack Tool Kit 3.0pre2 official Beta Test
October 31, 2004
Today I did a posting in my forum were I declared the official beta test for the upcoming release of the Attack Tool Kit as opened. Everybody is kindly invited to download the latest beta version and to send me feedback. All changes are documented in the changelog. Please keep in mind that the ATK 3.0 should be published before christmas. So I will not be able to implement all feature requests. This beta testing is just to eliminate the latest serious errors (e.g. crashes).

Work in progress and new press releases
October 23, 2004
As I mentioned before, I am currently working on the final release of the ATK 3.0. It is going very well, I could do some good omptimizations and implement new features. The changelog for the next release is growing more and more. I try to let the official beta test for this version start in the next month. The usual beta testers will receive an email. If you are interessted in beta testing too, please drop me an email. The Attack Tool Kit has also some new press releases to celebrate. First of all we did it on the current issue of the german IT magazine Chip. The software name is printed on the cover and the ATK 2.1 is available on the shipped CD-ROM. We are also winning places on the Google directory in the group Security Scanners. For the last few months the Attack Tool Kit Project was approximiatly on place 20. The link is on place 14 at the moment. Our listing is better than this of SuperScan, GFI LANguard, Firewalk, Cerberus' Internet Scanner, nmapNT, THC-Amap, Nikto, ISS Internet Scanner and N-Stealth. I hope the project can reach the top 10 and beat products as like Saint, Retina Network Security Scanner, Nessus and nmap ;-) !

New presentation of the Attack Tool Kit Project
October 13, 2004
This week I will have the main speech at the SIAP (Security is a Process) conference in Zürich, Switzerland. So I will introduce the Attack Tool Kit project and software to the audience. The german presentation is also available in the documents section.

Added new press released and currently working on ATK 3.0
October 11, 2004
Some days ago I have added some new press releases. This section has been resorted because of the growing content in it. I am also working at the ATK 3.0 which comes with some major improvements as like an automated plugin update function. See the work in progress entry in the changelog. The ATK 3.0 should be published in the next few weeks. The release this year is definetively.

A brief history of the ATK
September 28, 2004
Well, nearly one year ago the Attack Tool Kit project has been started. Weeks of software developement let me start the creation of this project web site. Many things have changed since then. The project has grown and become more and more known. To celebrate this little birthday I wrote down A brief history of the ATK. A short story how everything began and what has changed since then. Very funny to see what design decisions I made and what senseless ideas I had. Thus, enjoy!

Release of the 250th ATK plugin
September 21, 2004
The latest ATK plugin repository comes with over 250 checks (258 to be exactly) - We reached another magic mark! I hope we can create new ATK plugins as fast as like in the last few weeks!

New documentation how to use the ATK
September 18, 2004
Today I wrote a small and expecially for new users usefull documentation how to use the ATK in five steps. It introduces the handling and possibilities of the software.

Web site enhancement and over 200 ATK plugins available
September 13, 2004
I did some enhancements on the project web site. For example I am using everywhere the same style of embedded tables and a smaller font to make it easier readable. I also published the last and latest ATK plugin repository with over 200 plugins. This is a little breaktrought and I hope that some new people want to support the project by writing new plugins. Sometimes I wrote over 20 plugins per day. This is the real proof that creating new plugins is much easier than in other vulnerability scanners.

ATK 2.1 official release with 200 plugins
September 10, 2004
The Attack Tool Kit 2.1 has been released. There are some minor changes and bugfixes made. Especially the handling of the attack editor has been improved. See the changelog for more information about the corrections. This new software release does come with 200 plugins that are also available as download.

The ATK is officially CVE declared
September 7, 2004
CVE declaredThe Attack Tool Kit is the third solution from the german speaking Europe (Germany, Switzerland and Austria) that is officially CVE declared. So it is possible to generate CVE output and to allow searching for CVE entries. Thank you very much Bob Martin at The MITRE Corporation for your kindly co-operation - Keep up the great work!

ATK-Plugin-Creator, new plugins, changelog and ATK 2.1
September 5, 2004
Nico Spicher published his ATK-Plugin-Creator finally. This is an external and independent tool to develop and change ATK plugins. The tool is freeware and written for Windows. There are also some completely new ATK plugin repositories available. Please update your plugins. I hope some poeple going to support the ATK project by writing new plugins and send them to me. I made also a changelog list that can be found in the downloads. There are all changes made during the evolution of the ATK. I am currently working the next release of the ATK. This will include just a few bugfixes - Some of them could be found in the changelog. I think I will publish version 2.1 in a couple of weeks. You find a screenshot of 2.1pre1 in the introduction.

ATK 2.0 official release and shirts available
August 31, 2004
Click here to buy an ATK shirt online!And here it is: Attack Tool Kit 2.0 is released, finally! Yes, I know, it took a long time - But I think it was worth it. If you throw an eye on the new release, you will see that I did an enormous enhancement of the tool. More speed and functionality is given because of the rewrite of nearly 100 % of the source code. The plugin structure provides now a large amount of new fields as like additional source data, there is the new attack visualization frame and a few cool gimmicks are waiting for you. Please feel free to download and use the new version. There are also different shirts available to buy over the Internet.

ATK 1.0 seems to be "detected" by anti virus solutions
August 28, 2004
Some users of ATK 1.0 wrote me an email and told me that their anti virus solution detects a virus in the EXE binary. I did an investigation and it seems that G-Data AntiVirusKit detects ATK 1.0 as HackTool.Win32.AttKit.a - A warning message for using an hacking utility or exploit. So I updated the FAQ with the questions "My anti virus solution says there is a virus in the ATK. What is this all about?" and "What anti virus solutions detect the ATK as hacking tool or exploit?". Please take a look if your anti virus software also spots malicous code in a file of the ATK project. Because I don't have access to an updated version of G-Data AntiVirusKit I am not able to verify the detection of the upcoming ATK 2.0 release.

ATK 2.0 pre-release screenshot and hot news
June 6, 2004
Sorry for not updating the project, the web site and the Attack Tool Kit software. The last few months were really exhausting for me; but I am still coding the new release 2.0. Many things will change and you can take a first look on the pre-release screenshot. There you can see that many new plugin fields were introduced and you will be able to visualize the attack in real-time. Nico Spicher is coding an external freeware named ATK-Plugin-Creator to create ATK plugins very easy and fast. Eric D. is coding an open-source software that will let you very easy convert Nessus plugins into ATK plugins. Those two solutions will probably presented at the same time with the ATK 2.0 release. Also the german vulnerability database by scip AG introduced a field where the ATK plugin ID of a flaw can be found.

New plugin repository
March 23, 2004
Once more a new plugin repository is ready to download. A couple of old tests were corrected and enhanced. And there are some brand new checks. I'll try to keep to plugin repository up to date and publish new downloads on a regulary basis (approx. every two weeks).

New plugin repository and infos about ATK 1.1 release
March 22, 2004
A new plugin repository is ready to download. This is a little milestone because the old plugins were enormous optimized and enhanced. The checks are approximiatly twice as fast as before. There were also 11 new checks included. I am also working on ATK 1.1. Some old minor bugs will be fixed. As main feature provides the attack editor many wizards and templates. So it will be very easy to modify a check or create new plugins. ATK 1.1 will be released in April 2004.

Attack Tool Kit published on buha-Files
March 21, 2004
buha-security is a german web site about IT security and related stuff. The ATK 1.0 is listed as security scanner on their file server. This one will listed as additional download mirror. You are also able to vote for the tool and post some comments.

Attack Tool Kit Visual Basic source code on
March 10, 2004
To increase to populatity of the open-source project I published the source code on the well-known web site. Many people downloaded it (over 300 a day) and gave some excellent feedbacks. This new source can also be seen as a little download mirror. But please prefer to download new software versions from the official project web site.

Added link and screenshot from in press
March 3, 2004
I have added the description of the Attack Tool Kit project in the wikipedia project. The new entry can be found linked in the press section. A screen shot is also available. Feeld free to change or enhance the wikipedia entry.

Added the press section
February 20, 2004
I have added a press section on the web site. There I will publish articles and other press releases about the ATK software and projekt. If you have something to add to this section, please drop me an email.

Added an online plugins archive
February 18, 2004
Official beta test started - The release candidate of Attack Tool Kit 1.0 is ready to download. I hope you enjoy it and send me a lot of feedback.

Added an online plugins archive
February 15, 2004
I have added an online plugins archive. You will be able to see a list of the official plugins, you can display their content and download them. This is very useful for investigation, analysis and archiving of an penetration test.

Beta test delayed for some weeks
February 2, 2004
The internal beta test was announced for the end of January 2004. Due private problems and time conflicts I was not able to fix the existing major bugs in the alpha. The beta test will be delayed for approximiatly about one month. Further information will be published.

Internal alpha test has started
December 29, 2003
The internal alpha test has started. A few of my long-term friends have received the first alpha version. They have to test it and send me a feedback (bug reports and feature requests) in the upcoming weeks. Reasons why the alpha and beta test is closed are listed in the FAQ. See the bugs for found, potential and solved bugs and feature requests. The internal beta test will start approximiatly at the end of January 2004 and the official release is set to approximiatly mid February 2004.