The Neosploit toolkit is an advanced exploit framework to compromise web site visitors. It was written by "grabarz". It is unknown if this is a group or an individual. There's some information which suggests it is an individual.
It's not as popular as the Mpack toolkit but is gaining popularity steadily. It was written in the C language and is used as a CGI script. It can support multiple users from the same script. The exploit code will be the same from all users but the delivered executables can be different.
Similar to other toolkits this one provide various statistics too. Instead of using a database as the means to store them Neosploit uses several files with specific internal structures. The following information about the visitor is logged: Operating System, Web browser and its version, IP address, and the Referer.
Toolkit's URL scheme is designed in such a way which will prohibit thecurious of obtaining the executables even if the same one is used from previous exploits.
Perhaps the reason for its slow adoption is its high price. It ranges, depending on version, from $1500 to $3000. Common version seen today in the wild is 1.5.x, with 2.0.x in beta mode. First detected version was 1.0.x early this year.
More in-depth analysis will follow.