The Glider

Posted in Security Tools, Tools on March 30th, 2010 by SecurityDatabase

pvefindaddr is a PyCommand (plugin) for Immunity Debugger. Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.
Drop the file in the pycommands folder within your Immunity Debugger installation folder. You can get the list of (...) - Security Tools / Exploitation, pvefindaddr

Tags: Tools |

Posted in Security Tools, Tools on March 30th, 2010 by SecurityDatabase

Source - http://www.professionalsecuritytesters.org/
Features:
In-depth Scan: risk-oriented in-depth scanning on web application can access to back-end database information and web application list.
Web Vulnerability Detection: detect all kinds of typical web vulnerabilities deeply (such as SQL injection, Xpath injection, XSS, the form around, form weak password, all kinds of CGL vulnerabilities.)
Web Trojan Detection: analyze a variety of linked Trojan automatically, effectively and (...) - Security Tools / Vulnerability Scanner, Application Scanner, MatriXay

Tags: Tools |

Posted in Security Tools, Tools on March 30th, 2010 by SecurityDatabase

Buck Security is a collection of security checks for Linux. It was designed for Debian and Ubuntu servers, but can be useful for any Linux system. The aim of Buck Security is, to allow you to get a quick overview of the security status of your system. As a linux system administrator - but also as a normal linux user - you often wonder if your system is secure
Features
Searching for worldwriteable files
Searching for worldwriteable directories
Searching for programs where the setuid is (...) - Security Tools / Vulnerability Scanner, Configurations checks, Local auditing, Buck Security

Tags: Tools |

Posted in Security Tools, Tools on March 30th, 2010 by SecurityDatabase

pwnat, pronounced "poe-nat", is a tool that allows any number of clients behind NATs to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other. The server does not need to know anything about the clients trying to connect.
Simply put, this is a proxy server that works behind a NAT, even when the client is behind a NAT, without any 3rd party.
There is no middle man, no proxy, no 3rd party, (...) - Security Tools / Network Discovery, Connectivity, pwnat

Tags: Tools |

Posted in Security Tools, Tools on March 30th, 2010 by SecurityDatabase

Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other (...) - Security Tools / Nmap, Penetration testing & Ethical Hacking, Network Discovery

Tags: Tools |

Posted in Security Tools, Tools on March 29th, 2010 by SecurityDatabase

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.
Changelog
New -sigopt option to the ca, req and x509 (...) - Security Tools / OpenSSL

Tags: Tools |

Posted in Security Tools, Tools on March 29th, 2010 by SecurityDatabase

Mobius Forensic Toolkit is an open-source forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files, for easy integration with other tools.
Version 0.5.3
xml-pickle: serialize dict items as tuples
xml-pickle: do not save 'value' for NoneType's
xml-pickle: do not save 'value' for bools = False
xml-pickle: handle python objects circular references (...) - Security Tools / Forensics, Mobius Forensic Toolkit

Tags: Tools |

Posted in Security Tools, Tools on March 29th, 2010 by SecurityDatabase

PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions.
Version 0.10
main.c: Add additional copyright year
pdf.c: Allow for creation data to be pulled from objects as well as inline
Removed strdup and used (...) - Security Tools / Local auditing, PDFResurrect

Tags: Tools |

Posted in Security Tools, Tools on March 29th, 2010 by SecurityDatabase

A lightweight flexible vulnerable web application written in PERL and PHP. It demonstrates common web application vulnerabilities such as cross site scripting and session management issues.
Vicnum is helpful to IT auditors who need to hone web security skills and can also be used by those setting up 'capture the flag' exercises or by those who just want to have some fun with web assessments.
Vicnum the basics
A vulnerable web app using LAMP
Perl
PHP
Packaged as a Ubuntu (...) - Security Tools / Framework, Exploitation, Attack, Vicnum

Tags: Tools |

Posted in Security Tools, Tools on March 29th, 2010 by SecurityDatabase

Seccubus automates regular vulnerability scans with Nessus and OpenVAS and provides delta reporting.
Why?
Anyone who has ever used Nessus or OpenVAS will be familiar with one of their biggest drawbacks. They a very valuable tools, but unfortunately it is also very noisy. The time needed to report on the findings of a scan will often be two or three times the time needed to do the actual scan. Seccubus was created in order to more effectively analyze the results of regular (...) - Security Tools / Vulnerability Scanner, Application Scanner, Metrics, Seccubus

Tags: Tools |