Archive for the ‘Security Tools’ Category

Complemento v0.7.6 – Collection of Tools

|
Comments Off

Posted in Security Tools, Tools on May 12th, 2010 by SecurityDatabase

A collection of tools, just for fun. It includes LetDown, ReverseRaider and Httsquash.
LetDown is a tcp flooder I have programmed after reading Fyodor article "TCP Resource Exhaustion and Botched Disclosure" (you can read it at http://insecure.org/stf/tcp-dos-attack-explained.html). It has an (experimental) userland TCP/IP stack, and supports multistage payloads for complex protocols, fragmentation of packets and variable tcp window.
NOTE: LetDown is based on Fyodor NDos, it's not about (...) - Security Tools / , ,

Tags: |

MetaGoofil v1.4b released

|
Comments Off

Posted in Security Tools, Tools on May 12th, 2010 by SecurityDatabase

Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) availables in the target/victim websites.
It will generate a html page with the results of the metadata extracted, plus a list of potential usernames very useful for preparing a bruteforce attack on open services like ftp, pop3,web applications, vpn, etc. Also it will extract a list of disclosed PATHs in the metadata, with this information you can guess OS, network (...) - Security Tools / , ,

Tags: |

Suricata v0.9 RC1 released

|
Comments Off

Posted in Security Tools, Tools on May 12th, 2010 by SecurityDatabase

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.
Version 0.9 RC1
New Features
Support for the http_headers keyword was added
libhtp was updated to version 0.2.3
Privilege dropping using libcap-ng is now supported
Proper support for "pass" rules was added
Inline mode for Windows was added (...) - Security Tools / ,

Tags: |

Xplico v0.5.7 released

|
Comments Off

Posted in Security Tools, Tools on May 12th, 2010 by SecurityDatabase

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn't a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).
Xplico is released under the GNU General Public License.
Version 0.5.7
RTCP dissector
RTP dissector improvement
SIP dissector (...) - Security Tools / , ,

Tags: |

iScanner v0.5 released – Malicious codes scanner

|
Comments Off

Posted in Security Tools, Tools on May 10th, 2010 by SecurityDatabase

iScanner is free open source tool lets you detect and remove malicious codes and web pages viruses from your Linux/Unix server easily and automatically.
This tool is programmed by iSecur1ty using Ruby programming language and it's released under the terms of GNU Affero General Public License 3.0.
Features
Detect malicious codes in web pages, this include hidden iframe tags, javascript, vbscript and activex objects.
Extensive log shows the infected files and the malicious code. (...) - Security Tools / , , ,

Tags: |

WebTest 1.2.1 – Testing Web Application with Python

|
Comments Off

Posted in Security Tools, Tools on May 10th, 2010 by SecurityDatabase

WebTest helps you test your WSGI-based web applications. This can be any application that has a WSGI interface, including an application written in a framework that supports WSGI (which includes most actively developed Python web frameworks – almost anything that even nominally supports WSGI should be testable).
With this you can test your web applications without starting an HTTP server, and without poking into the web framework shortcutting pieces of your application that need to (...) - Security Tools / , ,

Tags: |

SQLNinja v0.2.5 released!

|
Comments Off

Posted in Security Tools, Tools on May 10th, 2010 by SecurityDatabase

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.
Version 0.2.5
Upload mode is not limited to files of 64k bytes anymore
Uploading (...) - Security Tools / , , , ,

Tags: |

WireShark 1.2.8 released

|
Comments Off

Posted in Security Tools, Tools on May 7th, 2010 by SecurityDatabase

Wireshark is the world's most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2
Version 1.2.8
Bug Fixes
The following vulnerabilities have been fixed. See the security advisory (...) - Security Tools / ,

Tags: |

fuu v0.1 Beta – [F]aster [U]niversal [U]npacker

|
Comments Off

Posted in Security Tools, Tools on May 7th, 2010 by SecurityDatabase

FUU (Faster Universal Unpacker) is a GUI Windows Tool with a set of tools (plugins) to help you to unpack, decompress and decrypt most of the programs packed, compressed or encrypted with the very well knowns software protection programs like UPX, ASPack, FSG, ACProtect, etc.
The GUI was designed using RadASM and MASM. Every plugin included in the official release was written in ASM using MASM.
The core of every plugin use TitanEngine SDK from ReversingLabs under the hood, this (...) - Security Tools / , ,

Tags: |

Lansweeper v4.0 released

|
Comments Off

Posted in Security Tools, Tools on May 1st, 2010 by SecurityDatabase

Lansweeper is an automated network discovery and asset management tool which scans all your computers and devices and displays them in an easy accessible web interface. There is no need to install any agents on the computers, all scanning is done by standard build-in functionality.
Version 4.0 updates and bug fixes:
Service version 4.0.0.24
Scheduled adsi or computer scanning keeps on running after the specified schedule.
If you enable "refresh active directory users at night" you can (...) - Security Tools / , , ,

Tags: |