The Glider

Posted in Security Tools, Tools on April 2nd, 2010 by SecurityDatabase

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks.
Key Features:
High performance: 500+ requests per second against responsive Internet targets, 2000+ requests per second on LAN / MAN networks, and 7000+ requests against local (...) - Security Tools / Enumeration, Information Gathering, Application Scanner, Skipfish

Tags: Tools |

Posted in Security Tools, Tools on April 2nd, 2010 by SecurityDatabase

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active respons
The following is the changelog for OSSEC version 2.4.
Changelog:
Added more options to filter by user and srcip on reportd.
Fixed init script for gentoo that was failing if (...) - Security Tools / IDS, Data Mining, Network Monitoring, OSSEC

Tags: Tools |

Posted in Security Tools, Tools on April 2nd, 2010 by SecurityDatabase

Kon-Boot is an prototype piece of software which allows to change contents of a Linux kernel (and now Windows kernel also!!!) on the fly (while booting). In the current compilation state it allows to log into a linux system as 'root' user without typing the correct password or to elevate privileges from current user to root.
Our first article on kon-boot
For Windows systems it allows to enter any password protected profile without any knowledge of the password. It was acctually started as (...) - Security Tools / Penetration testing & Ethical Hacking, LiveCD, Kon-Boot

Tags: Tools |

Posted in Security Tools, Tools on April 2nd, 2010 by SecurityDatabase

CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
Additionally, CMS Explorer can be used to aid in security testing. While it performs no direct security checks, the "explore" option can be used to reveal hidden/library files which are not typically accessed by web clients but are nonetheless accessible. This is done by retrieving the module's current source tree and then requesting those file names (...) - Security Tools / Footprinting, Information Gathering, Application Scanner, Configurations checks, CMS Explorer

Tags: Tools |

Posted in Security Tools, Tools on April 1st, 2010 by SecurityDatabase

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
The latest release of the Metasploit Cyber Warfare (...) - Security Tools / Metasploit, Penetration testing & Ethical Hacking

Tags: Tools |

Posted in Security Tools, Tools on April 1st, 2010 by SecurityDatabase

Wireshark is the world's most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2
Wireshark 1.2.7 (stable) has been released. Installers for Windows, Mac OS X 10.5.5 and above (...) - Security Tools / Data Sniffer, WireShark - Ethereal

Tags: Tools |

Posted in Security Tools, Tools on April 1st, 2010 by SecurityDatabase

SAINT is the Security Administrator's Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT's data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...) - Security Tools / Saint, Penetration testing & Ethical Hacking, Vulnerability Management

Tags: Tools |

Posted in Security Tools, Tools on April 1st, 2010 by SecurityDatabase

CWE (Common Weakness Enumeration) is a community-developed formal list of common software weaknesses. It serves as a common language for describing software security weaknesses, a standard measuring stick for software security tools targeting these vulnerabilities, and as a baseline standard for weakness identification, mitigation, and prevention efforts.
As an effort to be fully compliant, we've integrated the latest CWE release.
You can browse the CWE list at (...) - Security Tools

Tags: Tools |

Posted in Security Tools, Tools on March 31st, 2010 by SecurityDatabase

Jolicloud "pre-final", a new oriented OS netbooks based on Ubuntu, has just been released after a number of important updates and improvements, including a new platform HTML 5 ready for Web applications and also manager of new 3G + network with over 100 models of supported cards.
Jolicloud Express, the Windows installer has been translated into French, English, German and many other additional languages are in progress.
Jolicloud is no more in beta stage, one's can safely install the (...) - Security Tools / Jolicloud

Tags: Tools |

Posted in Security Tools, Tools on March 31st, 2010 by SecurityDatabase

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development.
Dependencies (...) - Security Tools

Tags: Tools |