Looking at the tool's Twitter account, he's going after vBulletin sites. Since he sometimes talks about getting control of mod accounts and other times admin accounts, that makes me think that it isn't a vBulletin hack, per se, but instead he's targeting moderators and running password hacks against them, but that's just a guess. I didn't see anything on vBulletin's support forum, so at this time, I don't think it's a vB exploit, but I plan to put in a support ticket with Vb just to be sure.