Tools Update - 3rd week of october
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
Tools Update - 3rd week of october
by SD List
::
Rate this Message:
Dear list,
Here is the site's newsletter "Security Database Tools Watch" (http://www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. New articles -------------------------- ** CeWL v2.2 (Custom Word List generator) - released ** by ToolsTracker - 24 October 2009 CeWL (Custom Word List generator) is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper. CeWL is pronounced "cool". Version 2.2 Added grabbing words from the meta keywords and description tags, from HTML comments and from select HTML attribute tags, currently alt and title. If you want to add more attributes just edit the attribute_names array to (...) -> http://www.security-database.com/toolswatch/CeWL-v2-2-Custom-Word-List.html ** Vicnum v1.3 [OWASP Project] - Released! ** by ToolsTracker - 24 October 2009 A lightweight flexible vulnerable web application written in PERL and PHP. It demonstrates common web application vulnerabilities such as cross site scripting and session management issues. Vicnum is helpful to IT auditors who need to hone web security skills and can also be used by those setting up 'capture the flag' exercises or by those who just want to have some fun with web assessments. Vicnum the basics A vulnerable web app using LAMP Perl PHP Packaged as a Ubuntu (...) -> http://www.security-database.com/toolswatch/Vicnum-v1-3-OWASP-Project-Released.html ** OpenSSH v5.3 - released ** by ToolsTracker - 22 October 2009 OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol (...) -> http://www.security-database.com/toolswatch/OpenSSH-v5-3-released.html ** Acunetix WVS v6.5 build 20091012 released ** by ToolsTracker - 22 October 2009 Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing. Bug Fixes Memory leak when invoking state change handler Item index for an item which has just been inserted fails in the Browserframe Error in (...) -> http://www.security-database.com/toolswatch/Acunetix-WVS-v6-5-build-20091012.html ** GreenSQL-FW v1.1.0 - released ** by ToolsTracker - 22 October 2009 GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy for SQL commands and has built in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). Main Firewall changes in GreenSQL version 1.1: Added support for the MySQL v.5.0 protocol Optimized code Added new patterns Fixed memory leak when adding new (...) -> http://www.security-database.com/toolswatch/GreenSQL-FW-v1-1-released.html ** AutoNessus v1.3.2 released ** by ToolsTracker - 22 October 2009 AutoNessus automates regular Nessus scans and provides delta reporting. The goal is to reduce the analysis time for subsequent scans of the same infrastructure by only reporting delta findings. Version 1.3.2 - Fixing some bugs Ticket [ 2849220 ] - do-scan errors Ticket [ 2849229 ] - Nessus 4 compatibility Ticket [ 2740544 ] - XSS protection in diff kills formatting Ticket [ 2793178 ] - Odd rendering of CVE references Ticket [ 2783580 ] - Missing EMAIL= not handled gracefully Ticket (...) -> http://www.security-database.com/toolswatch/AutoNessus-v1-3-2-released.html ** Rudix release 2009 Unix ports and packages for Mac OS X ** by Tools Tracker Team - 20 October 2009 Rudix features a world class collection of pre-compiled and ready to use Unix compatible software which are not available from a fresh installation of Mac OS X but are popular among other Unix environments. Here you can find utilities, programming languages, libraries and tools delivered as standard Mac OS X packages. Rudix provides for system administrators and developers a powerful and easy to customize port system where you can retrieve, compile and build native Mac OS X software for (...) -> http://www.security-database.com/toolswatch/Rudix-release-2009-Unix-ports-and.html ** VHoster v1.0 - using the API of Live ** by ToolsTracker - 19 October 2009 This tool is to enumerate the online domains that correspond to the same IP. Is very simple and util. Using the service of Live / BING, that maintains an interrelated database can be released. This tool automates the search: IP:[THE IP] -> http://www.security-database.com/toolswatch/VHoster-v1-using-the-API-of-Live.html ** Nikto v2.1.0 - released ** by ToolsTracker - 19 October 2009 Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired). This version has gone through significant rewrites under the hood to how Nikto works, to make it more expandable and usable. Changes (...) -> http://www.security-database.com/toolswatch/Nikto-v2-1-released.html ** Binging beta released - Footprinting and Discovery Tool with Bing - ** by Tools Tracker Team - 18 October 2009 Binging is a simple tool to query Bing search engine. It will use your Bing API key and fetch multiple results. This particular tool can be used for cross domain footprinting for Web 2.0 applications, site discovery, reverse lookup, host enumeration etc. One can use various different directives like site, ip etc. and run queries against the engine. On top of it tool provides filtering capabilities so you can ask for unique URLs or hosts. It is also possible to filter results by applying (...) -> http://www.security-database.com/toolswatch/Binging-beta-released-Footprinting.html ** KrbGuess v0.21 released - Kerberos usernames enumeration ** by Tools Tracker Team - 18 October 2009 KrbGuess is a small and simple tool which can be used during security testing to guess valid usernames against a Kerberos environment. It allows you to do this by studying the response from a TGT request to the KDC server. The tool works against both Microsoft Active Directory, MIT and Heimdal Kerberos implementations. In addition it will detect if an account lacks pre-authentication. The tool is supplied with a file containing a list of usernames and requests a TGT for each user and then (...) -> http://www.security-database.com/toolswatch/KrbGuess-v0-21-released-Kerberos.html ** Cain and Abel updated to v4.9.34 ** by Tools Tracker Team - 18 October 2009 Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocol. Added support for Windows 2008 Terminal Server in APR-RDP sniffer filter. (...) -> http://www.security-database.com/toolswatch/Cain-and-Abel-updated-to-v4-9-34.html N.OUCHN CEO & Founder @ Security-Database ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ |
|
|
Tools Update - last week of october
by SD List
::
Rate this Message:
Hello
Here is the site's newsletter "Security Database Tools Watch" (http://www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. New articles -------------------------- ** Enhanced Mitigation Evaluation Toolkit v1.0.2 released ** by Tools Tracker Team - 30 October 2009 Security mitigation technologies are technologies designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software. The Enhanced Mitigation Evaluation Toolkit (EMET) is a toolkit that allows certain security mitigation technologies to be applied to user specified applications. This utility builds on our current offerings in several key ways: Until now, many of the available mitigations have required for an application to be manually opted in and (...) -> http://www.security-database.com/toolswatch/Enhanced-Mitigation-Evaluation.html ** Focus on HP's Scrawlr SQL injection tool ** by Tools Tracker Team - 30 October 2009 Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr is lightning fast and uses our intelligent engine technology to dynamically craft SQL Injection attacks on the fly. It can even provide proof positive results by displaying the type of backend database in use and a list (...) -> http://www.security-database.com/toolswatch/Focus-on-HP-s-Scrawlr-SQL.html ** SAINT® 7.1.5 Released ** by Tools Tracker Team - 30 October 2009 SAINT is the Security Administrators Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINTs data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...) -> http://www.security-database.com/toolswatch/SAINT-R-7-1-5-Released.html ** Wireshark v1.2.3, v1.0.10, and v1.3.1 Released ** by ToolsTracker - 28 October 2009 Wireshark is the worlds most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2 Wireshark 1.2.3 (stable), 1.0.10 (old stable), and 1.3.1 (development) have been released. (...) -> http://www.security-database.com/toolswatch/Wireshark-v1-2-3-v1-10-and-v1-3-1.html ** OAT v2.0 - OCS Assessment Tool - released ** by ToolsTracker - 28 October 2009 OAT (OCS Assessment Tool) is an Open Source Security tool designed to check the password strength of Microsoft Office Communication Server users. After a password is compromised, OAT demonstrates potential UC attacks that can be performed by legitimate users if proper security controls are not in place. OCS == Microsoft Office Communications Server OAT Modes Internal Network Attack Mode Internal network is a deployment scenario where OCS users have unfiltered network connectivity to the (...) -> http://www.security-database.com/toolswatch/OAT-v2-OCS-Assessment-Tool.html ** YARA v1.3 - A malware identification and classification tool ** by ToolsTracker - 27 October 2009 YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic. YARA is multi-platform, running on Windows, Linux and Mac OS X, and can be used through its command-line interface or from your own Python scripts with the yara-python (...) -> http://www.security-database.com/toolswatch/YARA-v1-3-A-malware-identification.html ** Acunetix WVS v6.5 build 20091027 released ** by ToolsTracker - 27 October 2009 Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing. Bug fixes: Fixed: Redirect on LoginSequenceStep was not followed correctly Fix in URL Rewrite module to remove GetVars before matching (...) -> http://www.security-database.com/toolswatch/Acunetix-WVS-v6-5-build-20091027.html ** NetReconn v1.72 - released ** by ToolsTracker - 27 October 2009 A small set of tools based on previous reference programs and scripts. Currently consists of: tiny network strobe, sniffer and payload decoder. These tools are not meant to replace current tools out there; they are designed to be small, fast and "do one thing well". Version 1.72 fixed ipdump manpage added payload decoder ndecode better input validation (still not perfect though) converted to standard exit codes everywhere nstrobe: Fixed AI_ADDRCONFIG error on NetBSD deleted mini (...) -> http://www.security-database.com/toolswatch/NetReconn-v1-72-released.html ** DirSnatch v2.0 - listing directory ** by ToolsTracker - 26 October 2009 This tool allows for export of directory listings of your web root. The essence of the tool is very basic. If you want a nice and neat directory listing in a format ready to request in an automated fashion this is your tool. This tool was developed with Ruby 1.8.6. License: GNU General Public License v3 More information: here -> http://www.security-database.com/toolswatch/DirSnatch-v2-listing-directory.html ** OpenSCAP v0.5.4 - released ** by ToolsTracker - 26 October 2009 The OpenSCAP Project was created to provide an open-source framework to the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities. It is the goal of OpenSCAP to provide a simple, easy to use set of interfaces to serve as the framework for community use of SCAP. Version 0.5.4 new CPE model evaluation of set objects and system characteristic output implementation of variable model bindings clean up probes tune up, (...) -> http://www.security-database.com/toolswatch/OpenSCAP-v0-5-4-released.html ** Cain & Abel v4.9.35 - released ** by ToolsTracker - 26 October 2009 Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocol. Version v4.9.35 Added Windows Firewall status detection on startup. Added (...) -> http://www.security-database.com/toolswatch/Cain-Abel-v4-9-35-released.html ** CeWL v2.2 (Custom Word List generator) - released ** by ToolsTracker - 24 October 2009 CeWL (Custom Word List generator) is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper. CeWL is pronounced "cool". Version 2.2 Added grabbing words from the meta keywords and description tags, from HTML comments and from select HTML attribute tags, currently alt and title. If you want to add more attributes just edit the attribute_names array to (...) -> http://www.security-database.com/toolswatch/CeWL-v2-2-Custom-Word-List.html ** Vicnum v1.3 [OWASP Project] - Released! ** by ToolsTracker - 24 October 2009 A lightweight flexible vulnerable web application written in PERL and PHP. It demonstrates common web application vulnerabilities such as cross site scripting and session management issues. Vicnum is helpful to IT auditors who need to hone web security skills and can also be used by those setting up 'capture the flag' exercises or by those who just want to have some fun with web assessments. Vicnum the basics A vulnerable web app using LAMP Perl PHP Packaged as a Ubuntu (...) -> http://www.security-database.com/toolswatch/Vicnum-v1-3-OWASP-Project-Released.html Regards Nabil OUCHN CEO & Founder www.security-database.com ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ |
| Free embeddable forum powered by Nabble | Forum Help |
