"The tool, called Jikto, can make an unsuspecting Web user's PC silently crawl and audit public Web sites, and send the results to a third party, Hoffman said.
But, in a change of plans, Hoffman did not publicly release Jikto. "The higher-ups first say we can, and then they change their mind," he said after his presentation. "We decided to focus on the educational message and show people the danger."
Another SPI Dynamics representative at ShmooCon said the company had decided not to release Jikto because that could play into the hands of cybercrooks. "We do not want to release anything that could be used for malicious purposes," said Michael Sutton, a security evangelist for the company, which sells Web security tools.
Hoffman said he demonstrated Jikto to raise awareness." - CNET
On a related note before I get any emails in regards to my XUL spoofed browser demo, while this was released it is crippled allowing the point to be proven without handing over script kiddie friendly code.