The Glider

Posted in Security Tools, Tools on March 18th, 2010 by SecurityDatabase

iWep PRO is an application for the iPhone and iPod touch that allow users check if their routers are exposed to some vulnerabilities.
Main vulnerability is WEP/WPA key calculation. There are some routers that can be easily hacked just in few minutes. This happens ONLY when router´s factoy settings were not changed. If factory settings were changed, iWep PRO is useless with your router.
iWep PRO is based in WEP/WPA calcualtion methods found in internet. You can find them on your own, and (...) - Security Tools / Vulnerability Scanner, Wireless, Configurations checks, iWep Pro

Tags: Tools |

Posted in Security Tools, Tools on March 18th, 2010 by SecurityDatabase

New extensions added:
Framework Detector added (Category Information Gathering -> Enumeration and footprinting)
Framework Detector can automatically detect JavaScript framework/s used in current page. Can detect more than 70 popular JavaScript frameworks, libraries and components, including: Backbase, Dojo/Dijit, Echo, ExtJS, GWT, ICEfaces, jQuery, MooTools, Nitobi, Prototype, qooXdoo, Rialto, Rico, script.aculo.us, SmartClient, Spry, TinyMCE, YUI and many others. Based on WTFramework (...) - Security Tools / Firefox, Application Scanner, Framework, FireCAT

Tags: Tools |

Posted in Security Tools, Tools on March 18th, 2010 by SecurityDatabase

XSSploit is a multi-platform Cross-Site Scripting scanner and exploiter written in Python. It has been developed to help discovery and exploitation of XSS vulnerabilities in penetration testing missions.
When used against a website, XSSploit first crawls the whole website and identifies encountered forms. It then analyses these forms to automatically detect existing XSS vulnerabilities as well as their main characteristics.
The vulnerabilities that have been discovered can then be exploited (...) - Security Tools / Penetration testing & Ethical Hacking, Application Scanner, Configurations checks, XSSploit

Tags: Tools |

Posted in Security Tools, Tools on March 17th, 2010 by SecurityDatabase

New extensions added:
BackendInfo extension added (Category Information Gathering -> Enumeration and footprinting)
BackendInfo is a lightweight Firefox extension that detects name and version of backends behind websites.
Detecting 15 different backends / 130+ versions
Drupal 6.x, 5.x, Wordpress 2.x
phpBB 2.x, 3.x, Django, DokuWiki
MediaWiki, MoinMoin, Reddit, Blogger
Joomla 1.5.x, 1.0.x
more…
Now FireCAT supports 92 (...) - Security Tools / Firefox, FireCAT

Tags: Tools |

Posted in Security Tools, Tools on March 17th, 2010 by SecurityDatabase

DFF (Digital Forensics Framework) is a simple but powerfull open source tool with a flexible module system which will help you in your digital forensics works, including files recovery due to error or crash, evidence research and analysis, etc. The source code is written in C++ and Python, allowing performances and great extensibility
This project follows three main goals:
Modularity. In contrary to the monolithic model, the modular model is based on an a host and many modules. This (...) - Security Tools / Local auditing, Forensics, Digital Forensics Framework

Tags: Tools |

Posted in Security Tools, Tools on March 16th, 2010 by SecurityDatabase

JBroFuzz is a web application fuzzer for requests being made over HTTP and/or HTTPS. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities.
Version 2.0
User basic authentication supported and updated headers to show 2.0 release
Fixed preferences bug.
Added Authorization header option in UI, under URL Encoding
Created a Verifier for .jbrf files
Fixed a small mistake in EncoderHashFrame.java
Implemented a Cross Product (...) - Security Tools / JBroFuzz, Fuzzers

Tags: Tools |

Posted in Security Tools, Tools on March 16th, 2010 by SecurityDatabase

SAINT is the Security Administrator's Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT's data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...) - Security Tools / Saint, Vulnerability Scanner, Penetration testing & Ethical Hacking

Tags: Tools |

Posted in Security Tools, Tools on March 15th, 2010 by SecurityDatabase

SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.
New features :
Support to enumerate and dump all databases' tables containing user provided column(s) by (...) - Security Tools / Vulnerability Scanner, Penetration testing & Ethical Hacking, Configurations checks, SQLmap, Database

Tags: Tools |

Posted in Security Tools, Tools on March 15th, 2010 by SecurityDatabase

Identifying content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. Licensed under GPLv3.
Version 0.4
Added HTTPS support
Improved installation instructions
Improved documentation
Better compatibility with ruby 1.9. Changed a case statement syntax, changed when 0: to when 0 then.
Removed UTF-8 characters in plugins that were causing crashes
Added php-nuke plugin, passively recognises modules
Added Fluxbb plugin, can (...) - Security Tools / Enumeration, Information Gathering, Application Scanner, WhatWeb

Tags: Tools |

Posted in Security Tools, Tools on March 14th, 2010 by SecurityDatabase

fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It's is currently under heavy development but it's usable.
Version 0.8 (Enemy Unknown)
Complete new engine which uses XML files inside the config folder.
Added a tiny but powerful exploit-mode plugin interface.
Can scan and exploit windows (...) - Security Tools / Vulnerability Scanner, Penetration testing & Ethical Hacking, Application Scanner, Configurations checks, Exploitation, fimap

Tags: Tools |