The Glider

Posted in Security Tools, Tools on March 23rd, 2010 by SecurityDatabase

SQLFury is an injection scanner that uses blind SQL injection techniques to extract information from a target database. It targets Air Abobe AIR Runtime
Database Support:
MySQL
PostgreSQL
Oracle
Microsoft SQL Server
Extract from database:
Database version.
Current database user.
All database users.
Database name.
All database names.
All table names.
All columns names.
Entire columns.
Version:
SQLFury 1.1.6 ( size : 517K )
Runs on Windows XP/Vista or MacOS X (...) - Security Tools / Application Scanner, Configurations checks, Database, SQLFury

Tags: Tools |

Posted in Security Tools, Tools on March 23rd, 2010 by SecurityDatabase

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, downstream proxies, logging, alerting and extensibility.
The new beta version of Burp Intruder, which contains a bunch of frequently-requested enhancements:
You can now (...) - Security Tools / Application Scanner, Burp

Tags: Tools |

Posted in Security Tools, Tools on March 23rd, 2010 by SecurityDatabase

FSF is a plug-in based freakin' simple fuzzer for fuzzing web applications and scraping data. It supports some basic stuff and missing some features however it has got some advanced RegEx capturing features for scraping data out of web applications.
Why bring yet another fuzzer into this cruel world?
Yeah, I know there are so many of them hanging around. Basically I was trying to fuzz something and after spending about 2-3 hours about 3-4 different terribly designed fuzzers I thought (...) - Security Tools / Fuzzers, Freakin' Simple Fuzzer

Tags: Tools |

Posted in Security Tools, Tools on March 23rd, 2010 by SecurityDatabase

Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker.
It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting (XSS), Remote Code Execution and many more. It has exploitation built on it, for example you can get a reverse shell out of an identified SQL Injection or extract data via running custom SQL queries.
Netsparker (...) - Security Tools / Vulnerability Scanner, Application Scanner, Netsparker

Tags: Tools |

Posted in Security Tools, Tools on March 22nd, 2010 by SecurityDatabase

iExploder is like a fire hydrant full of bad HTML and CSS code to test the stability and security of web browsers. Available as a standalone webserver or CGI script, it continuously feeds browsers bad data in the hope that they will eventually crash. It is designed to run for hours, or even days until the browser crashes.
iExploder was initially written as a QA tool for the Mozilla Project to test the Firefox 1.0 release, and is now included and used by Apple's Webkit (...) - Security Tools / Code Auditing, Fuzzers, Framework, iExploder

Tags: Tools |

Posted in Security Tools, Tools on March 21st, 2010 by SecurityDatabase

pvefindaddr is a PyCommand (plugin) for Immunity Debugger. Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.
Drop the file in the pycommands folder within your Immunity Debugger installation folder. You can get the list of (...) - Security Tools / Exploitation, pvefindaddr

Tags: Tools |

Posted in Security Tools, Tools on March 19th, 2010 by SecurityDatabase

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks.
Key Features:
High performance: 500+ requests per second against responsive Internet targets, 2000+ requests per second on LAN / MAN networks, and 7000+ requests against local (...) - Security Tools / Enumeration, Information Gathering, Application Scanner, Configurations checks, Skipfish

Tags: Tools |

Posted in Security Tools, Tools on March 19th, 2010 by SecurityDatabase

MacNikto is an AppleScript GUI shell script wrapper built in Apple's Xcode and Interface Builder, released under the terms of the GPL. It provides easy access to a subset of the features available in the Open Source, command-line driven Nikto web security scanner, installed along with the MacNikto application.
Nikto performs comprehensive tests against web servers for multiple items, including over 6100 potentially dangerous files/CGIs, versions on over 950 servers, and version specific (...) - Security Tools / Vulnerability Scanner, Application Scanner, Nikto, MacNikto

Tags: Tools |

Posted in Security Tools, Tools on March 19th, 2010 by SecurityDatabase

Secure Network is working on the first security assessment toolkit for virtual infrastructures, VASTO, and Criscione announced today the public beta at the Troopers conference.
VASTO comes as a set of components for Metasploit, one of the most popular frameworks for penetration testing in the security industry.
VASTO comes as a set of components for Metasploit, one of the most popular frameworks for penetration testing in the security industry. The framework consists of tools, libraries, (...) - Security Tools / Penetration testing & Ethical Hacking, Configurations checks, VASTO, Virtualization

Tags: Tools |

Posted in Security Tools, Tools on March 18th, 2010 by SecurityDatabase

w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much
Sofian Brabez, our FreeBSD expert, has updated the FreeBSD port of w3af to the 1.0-rc2 version and commited it to FreeBSD ports sources tree. If you're using FreeBSD, now you have one more reason to use w3af and make your life easier when (...) - Security Tools / Penetration testing & Ethical Hacking, Application Scanner, w3af

Tags: Tools |