The Glider

Posted in Security Tools, Tools on March 7th, 2010 by SecurityDatabase

The NeoPwn Mobile Pentesting project is proud to announce that it is merging with BackTrack, to produce the first ever BackTrack Mobile suite!
The migration of the NeoPwn project will give way to a sharp development team, focused on fully supporting the Nokia N900 mobile phone. Future plans of the project will extend support for other mobile devices as they become compatible.
This is an exciting leap from the original project, as there are incredible improvements in hardware, usability and (...) - Security Tools / Penetration testing & Ethical Hacking, Handhelds, NeoPwn

Tags: Tools |

Posted in Security Tools, Tools on March 7th, 2010 by SecurityDatabase

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
Starting with reconnaissance, we have included tools such as the Fierce (...) - Security Tools / LiveCD, Application Scanner, Vulnerability Management, Samurai

Tags: Tools |

Posted in Security Tools, Tools on March 7th, 2010 by SecurityDatabase

Airtun-ng is a virtual tunnel interface creator. There are two basic functions:
Allow all encrypted traffic to be monitored for wireless Intrusion Detection System (wIDS) purposes.
Inject arbitrary traffic into a network.
In order to perform wIDS data gathering, you must have the encryption key and the bssid for the network you wish to monitor. Airtun-ng decrypts all the traffic for the specific network and passes it to a traditional IDS system such as snort.
Traffic injection can be (...) - Security Tools / AirCrack-ng, Data Sniffer, Wireless

Tags: Tools |

Posted in Security Tools, Tools on March 7th, 2010 by SecurityDatabase

DB Audit Expert is a professional database auditing solution for Oracle, Sybase, DB2, MySQL and Microsoft SQL Server. DB Audit Expert enables database and system administrators, security administrators, auditors and operators to track and analyze any database activity including database security, access and usage, data creation, change or deletion. What makes DB Audit really unique is its built-in support for multiple auditing methods giving you the flexibility to choose the best fit for (...) - Security Tools / Configurations checks, Local auditing, DB Audit, Database

Tags: Tools |

Posted in Security Tools, Tools on March 6th, 2010 by SecurityDatabase

Websecurify Security Testing Framework identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The framework is written in JavaScript and successfully executes in numerous platforms including modern browsers with support for HTML5, xulrunner, xpcshell, Java, V8 and others.
More information: here
Changelog
Improved user interface.
The workspace window now has an Issue view which provides detailed information on each finding. (...) - Security Tools / Vulnerability Scanner, Application Scanner, Configurations checks, websecurify

Tags: Tools |

Posted in Security Tools, Tools on March 3rd, 2010 by SecurityDatabase

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, [?]UDP], ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
More information about hping
Thanks to our friend, Alejandro "dab" Ramos, from Security By (...) - Security Tools

Tags: Tools |

Posted in Security Tools, Tools on March 3rd, 2010 by SecurityDatabase

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.
New Feature:
Added new option to export results to HTTP Fuzzer
New Security Checks:
Test for XML External Entity Injection
Test for XML Injection (...) - Security Tools / Vulnerability Scanner, Application Scanner, Acunetix

Tags: Tools |

Posted in Security Tools, Tools on March 2nd, 2010 by SecurityDatabase

Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide.
Version 6.56 - 09/03/2010
New Modules
GetLocale - gets the locale of a Win32 MOSDEF Node.
disable_windows_firewall - Turns the Firewall off on a Windows machine useful for bouncing.
brightstor_cmdexec - CVE-2008-4397 (automatically runs a MOSDEF callback using the CANVAS TFTP (...) - Security Tools / Penetration testing & Ethical Hacking, Commercial, Exploitation, CANVAS

Tags: Tools |

Posted in Security Tools, Tools on March 1st, 2010 by SecurityDatabase

Our America, with a capital A as used to say 'Che', is bereaved by the disaster that hits Chile these days. So, all our thoughts and condolences are with the families of the disappeared. We recommend Chile Ayuda
Spanish Version
Nuestra Mayúscula América, como decía "Che", está siendo afligida por el desastre ocurrido días atras en Chile. Queremos extender nuestro apoyo y condolencias para las familias de los desaparecidos.
Recomendamos Chile (...) - Security Tools

Tags: Tools |

Posted in Security Tools, Tools on March 1st, 2010 by SecurityDatabase

WebRaider is a plugin based automated web application exploitation tool which focuses to get a shell from multiple targets or injection point.
One Click Ownage
Idea of this attack is very simple. Getting a reverse shell from an SQL Injection with one request without using an extra channel such as TFTP, FTP to upload the initial payload.
It's only one request therefore faster,
Simple, you don't need a tool you can do it manually by using your browser or a simple MITM proxy, (...) - Security Tools / Penetration testing & Ethical Hacking, Exploitation, Attack, WebRaider

Tags: Tools |