The Glider

Posted in Security Tools, Tools on April 7th, 2010 by SecurityDatabase

(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics.
Issue 25
The changing face of penetration testing: Evolve or die!
Review: SmartSwipe
Unusual SQL injection vulnerabilities and how to exploit them
Take note of new data notification rules
RSA Conference 2010 coverage
Corporate monitoring: Addressing security, privacy, and temptation in the workplace
Cloud computing and recovery, not just backup
EJBCA: Make (...) - Security Tools

Tags: Tools |

Posted in Security Tools, Tools on April 7th, 2010 by SecurityDatabase

Netsparker Community Edition is False Positive Free and can detect both SQL Injection and Cross-site Scripting issues better than many other scanners. Netsparker Community Edition also detects many other vulnerabilities such as finding and reporting backup files, source code disclosures, Crossdomain.xml issues, SVN/CVS disclosures, internal path disclosures, error messages and many more.
Netsparker® Community Edition shares many features with Netsparker® Professional and just like Netsparker (...) - Security Tools / Vulnerability Scanner, Application Scanner, Netsparker

Tags: Tools |

Posted in Security Tools, Tools on April 7th, 2010 by SecurityDatabase

Splunk is software that provides unique visibility across your entire IT infrastructure from one place in real time. Only Splunk enables you to search, report, monitor and analyze streaming and historical data from any source.
Splunk was the winner of our annual survey in category "Data mining / Log Management"
Splunk indexes any kind of IT data from any source in real time. Point your servers' or network devices' syslog at Splunk, set up WMI polling, monitor live logfiles, enable change (...) - Security Tools / Configurations checks, Data Mining, Splunk

Tags: Tools |

Posted in Security Tools, Tools on April 7th, 2010 by SecurityDatabase

The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most significant programming errors that can lead to serious software vulnerabilities. They occur frequently, are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at al
The list is the result of collaboration between the SANS Institute, MITRE, and many top software security (...) - Security Tools / Code Auditing, Methodology, Metrics

Tags: Tools |

Posted in Security Tools, Tools on April 7th, 2010 by SecurityDatabase

SFX-SQLi (Select For XML SQL injection) is a new SQL injection technique which allows to extract the whole information of a Microsoft SQL Server 2005/2008 database in an extremely fast and efficient way.
In addition to a new web application for testing, a new revision of the tool is published with some minor fixes and changes, including new functionality like access to other databases in the same server or support for user defined (...) - Security Tools / Penetration testing & Ethical Hacking, Database, SFX-SQLi

Tags: Tools |

Posted in Security Tools, Tools on April 7th, 2010 by SecurityDatabase

Bing.com is a search engine owned by Microsoft formerly known as MSN Search and Live Search. It has a unique feature to search for websites hosted on a specific IP address. This feature is can be used with the IP: parameter in the search query as shown in the image above.
Bing-ip2hosts uses this feature to enumerate all hostnames which Bing has indexed for a specific IP address. This technique is considered best practice during the reconnaissance phase of a penetration test in (...) - Security Tools / Enumeration, Information Gathering, Bing-ip2hosts

Tags: Tools |

Posted in Security Tools, Tools on April 7th, 2010 by SecurityDatabase

tcpdump is a common computer network debugging tool that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
Changes
TCPDump v4.1.1
Fix build on systems with PF, such as FreeBSD and OpenBSD.
Don't blow up if a zero-length link-layer address is passed to linkaddr_string().
LIBPCap v1.1.1
Update CHANGES to reflect more of the changes in 1.1.0.
Fix build on (...) - Security Tools / Data Sniffer, Tcpdump, Libpcap

Tags: Tools |

Posted in Security Tools, Tools on April 7th, 2010 by SecurityDatabase

This program intends to detect a malicious file in two ways; online and offline. It calculates the md5 hash of a specified file and searches it in its current hash set (offline) or on virustotal site (online) and show the result.
It has http proxy support and update (for hash set) feature.
Note: For http proxy support you have to edit malware_check.py and modify the required fields as shown below.
proxy_info = 'user' : 'username', # proxy username 'pass' : 'password', # proxy (...) - Security Tools / Defense, Malware Scanner, Malware Check Tool

Tags: Tools |

Posted in Security Tools, Tools on April 3rd, 2010 by SecurityDatabase

Zero Wine Tryouts is an open source malware analysis tool. Just upload your suspicious file (e.g. Windows executable file, PDF file) through the web interface and let it analyze.
Changes for 20100325
Version Alpha 2
Update Wine. (1.1.41)
Update TrIDDefs.TRD. (3911 file types, 25/03/10)
Improvement view/download function.
Partial rewrite of the calls.py. Makes the signature more readable.
Refactoring some code.
Some minor change.
Fix dump download problem. (Regression)
Some minor (...) - Security Tools / Forensics, Defense, Malware Scanner, Zero Wine Tryouts

Tags: Tools |

Posted in Security Tools, Tools on April 3rd, 2010 by SecurityDatabase

People spend a lot of time preparing for effective dictionary attack. Common User Passwords Profiler (CUPP) is made to simplify this attack method that is often used as last resort in penetration testing and forensic crime investigations. A weak password might be very short or only use alphanumeric characters, making decryption simple. A weak password can also be one that is easily guessed by someone profiling the user, such as a birthday, nickname, address, name of a pet or relative, or a (...) - Security Tools / Penetration testing & Ethical Hacking, Password Cracking, Cupp

Tags: Tools |