The Glider

Posted in Security Tools, Tools on March 13th, 2010 by SecurityDatabase

During Penetration testing it can be seen that thick-clients sometimes communicate with a server whose IP address is hardcoded in to it.The HTTP communication between such client and server is harder to intercept and test. Sniff-n-Snip is a very useful utility in such scenarios. It sniffs for HTTP packets from the client to server and forwards them to your favorite proxy (Burp, WebScarab, Paros etc).
User Input:
The tool expects the following user input:
Number of the listening (...) - Security Tools / Data Sniffer, Connectivity, Sniff-n-Spit

Tags: Tools |

Posted in Security Tools, Tools on March 13th, 2010 by SecurityDatabase

Imposter is a flexible framework to perform Browser Phishing attacks. Once the system running Imposter is configured as the DNS server to the victims, the internal DNS server of Imposter resolves all DNS queries to itself.
When the victim tries to access any website the domain resolves to the system running Imposter and Imposter's internal web server serves content to the victim. Depending on the configuration appropriate payloads are sent to the victim. Data stolen from the victim is sent (...) - Security Tools / Penetration testing & Ethical Hacking, Information Gathering, Framework, Exploitation, Imposter

Tags: Tools |

Posted in Security Tools, Tools on March 12th, 2010 by SecurityDatabase

iScanner is free open source tool lets you detect and remove malicious codes and web pages viruses from your Linux/Unix server easily and automatically.
This tool is programmed by iSecur1ty using Ruby programming language and it's released under the terms of GNU Affero General Public License 3.0.
Features
Detect malicious codes in web pages, this include hidden iframe tags, javascript, vbscript and activex objects.
Extensive log shows the infected files and the malicious code. (...) - Security Tools / Local auditing, Defense, Malware Scanner, iScanner

Tags: Tools |

Posted in Security Tools, Tools on March 12th, 2010 by SecurityDatabase

KNOPPIX is a bootable Live system on CD or DVD, consisting of a representative collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux system for the desktop, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk. Due to on-the-fly decompression, (...) - Security Tools / LiveCD, Knoppix

Tags: Tools |

Posted in Security Tools, Tools on March 11th, 2010 by SecurityDatabase

The samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.
Samhain v2.6.3
A regression in the email code has been fixed. This regression would cause messages of highest priority to get queued along with other messages, instead of getting mailed immediately
MD5: 0a10af903c87017fbc27d5248fcd6029
Beltane (...) - Security Tools / IDS, Network Monitoring, Samhain

Tags: Tools |

Posted in Security Tools, Tools on March 11th, 2010 by SecurityDatabase

S-E Ninja is a Social Engineering tool, with 20-25 popular sites fake pages and anonymous mailer via mail() function in PHP.
Available Sites:
amazon.com
digg.com
ebuddy.com
facebook.com
gmail.com
hotmail.com
msn.com (hotmail)
myspace.com
onecard.com (AR,EN Langs)
paypal.com
travian.com (AR,EN Langs)
twitter.com
yahoo.com
youtube.com
Features:
Fakepages.
IP, malicious page gives you the ip address of victim.
Mailer.
You can send an anonymous message using PHP mail() (...) - Security Tools / Attack, Stupidity, S-E Ninja

Tags: Tools |

Posted in Security Tools, Tools on March 11th, 2010 by SecurityDatabase

Wordpress finger printer tool search and retrieve information about the plugins versions installed in Wordpress systems.
It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin, if there.
Version 0.2.2-7 Beta
Fixed some execition errors.
Libraries
xgoogle
Plecost works in two modes. On the one hand by analyzing a single URL and the other analyzing the results of Google searches (-G). (...) - Security Tools / Enumeration, Information Gathering, plecost

Tags: Tools |

Posted in Security Tools, Tools on March 11th, 2010 by SecurityDatabase

SOAPbox is a Web services testing tool, which supports both SOAP-based and REST-based invocation modes. It shares some of its architecture with the Vordel XML Gateway, especially for security features or policy creation.
Using SOAPbox, you can:
Test Web services residing in your internal network, or provided from the Web, or in a cloud environment. SOAP-style and REST-style services and SOAP attachments are supported.
Test Web services that require encrypted input.
Test Web services (...) - Security Tools / Application Scanner, Connectivity, Configurations checks, SOAPbox

Tags: Tools |

Posted in Security Tools, Tools on March 10th, 2010 by SecurityDatabase

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment. FireCAT is not a remplacement of other security utilities and softwares as well as fuzzers, proxies and application vulnerabilities scanners.
New extensions added:
Firebug add-ons added (Category Editors -> FireBug) :
Flashbug: A Firebug extension for Flash. Displays all the running .SWF file trace output. (...) - Security Tools / Firefox, Application Scanner, Framework, FireCAT

Tags: Tools |

Posted in Security Tools, Tools on March 10th, 2010 by SecurityDatabase

Eclipse HTTP Client (HTTP4e) is an Eclipse plugin formaking HTTP and RESTful calls. Build with user experience in mind, it simplifies the developer/QA job of testing Web Services, REST, JSON and HTTP. It is a useful tool for your daily job of HTTP header tampering and hacking.
Features:
Making/Replaying an HTTP call directly from Eclipse IDE
Visual Editors for HTTP headers, parameters and body
Tabbed browsing (allowing replaying different RESTful, HTTP calls on separate tabs)
History (...) - Security Tools / Enumeration, Application Scanner, Fuzzers, HTTP4e

Tags: Tools |