Moore, chief security officer at security firm Rapid 7, which had integrated the exploit into its Metasploit penetration testing tool.

FORBES: Oracle Quietly Releases Fix For Serious Java Security Bug--Months After It Was Reported

On Tuesday, Marlinspike launched CloudCracker, an upgrade to the Web-based penetration testing service he formerly called WPACracker, with a major upgrade to the speed and versatility of that password-breaking service.

FORBES: Moxie Marlinspike's CloudCracker Aims For Speedier, Cheaper Password Cracking

Before its Thursday patch, an exploit that took advantage of the Java security flaws had been included in the widely used Blackhole cybercriminal software kit as well as the Metasploit penetration testing toolset.

FORBES: Oracle's Java Security Woes Mount As Researchers Spot A Bug In Its Critical Bug Fix

Moy says that the poor results of the NSS test are particularly surprising given that the vulnerabilities the lab tested were publicly described by government sources like CERT and MITRE, and the exploits they used came from the open-source penetration testing framework Metasploit.

FORBES: Study Shows Programs Designed To Catch Hackers' Exploits Miss Nearly Half

Sqlmap, also free and billed as an off-the-shelf, penetration-testing tool, uses a command-line interface and requires a little more programming experience to use.

FORBES: Now Anyone Can Hack A Website Thanks To Clever, Free Programs