The Glider

Posted in Security Tools, Tools on February 24th, 2010 by SecurityDatabase

This is a tool that performs version fingerprinting on Microsoft SQL Server 2000, 2005 and 2008, using well known techniques based on several public tools that identifies the SQL Version.
Usage:
ESF -h [-d ] []
Options:
d ADDRESS Define destination IP address.
D Display detailed module information.
t TIMEOUT Define timeout for execution (default is 5).
T TIMEOUT Define timeout for connection (default is 5).
h Display this help message.
More information: (...) - Security Tools / Enumeration, Information Gathering, mssqlfp

Tags: Tools |

Posted in Security Tools, Tools on February 24th, 2010 by SecurityDatabase

Mobius Forensic Toolkit is an open-source forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files, for easy integration with other tools.
Version 0.5.2
Extension config created
service config.set created
service config.get created
extensions use 'config.get/set' instead of 'app.get/set-config'
service app.get-config eliminated
service (...) - Security Tools / Forensics, Mobius Forensic Toolkit

Tags: Tools |

Posted in Security Tools, Tools on February 24th, 2010 by SecurityDatabase

Ensuring security of the modern computer network with a large number of system and devices consumes a big effort. Keeping track all new gaps becomes more and more difficult.Here I wanted to present a very good Infosec source.
Security-Database.com is an online computer security portal .provide free comprehensive and complete information about product vulnerabilities and tools for penetration testing based on open international standards.
The most important is that the creator of (...) - Security Tools

Tags: Tools |

Posted in Security Tools, Tools on February 24th, 2010 by SecurityDatabase

dnsmap (a.k.a. subdomains bruteforcer) was originally released back in 2006 and was inspired by the fictional story "The Thief No One Saw" by Paul Craig, which can be found in the book "Stealing the Network - How to 0wn the Box".
dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company's IP netblocks, domain (...) - Security Tools / Enumeration, Information Gathering, Network Discovery, dnsmap

Tags: Tools |

Posted in Security Tools, Tools on February 24th, 2010 by SecurityDatabase

In order to minimize the time required to type malicious syntax and have a handy repository of it M, this small tool that we hence call No more and 1=1.
The tool comes in two flavours (so far) the stand alone version (a java app) and the Webscarab Proxy attached version, we may bundle the tool with more proxies in the near future. The tool is simple, its great value comes in the definitions file which is totally customizable.
Standalone Version
Requirements
A Java Runtime Machine is (...) - Security Tools / Local auditing, Exploitation, Attack, No More and 1=1

Tags: Tools |

Posted in Security Tools, Tools on February 24th, 2010 by SecurityDatabase

Quick reference (also known as cheatsheet) for nmap, incorporating in addition to common parameters, some commands which are specific of the last branch released.
This cheatsheet also incorporate on the lower section some examples with typical scans which can be performed with this tool.
Thanks to our friend, Alejandro "dab" Ramos, from Security By Default. - Security Tools

Tags: Tools |

Posted in Security Tools, Tools on February 24th, 2010 by SecurityDatabase

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn't a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).
Xplico is released under the GNU General Public License.
Version 0.5.5
migrating to SQLite3
telnet dissector
webmail dissector (...) - Security Tools / Network Monitoring, Forensics, Xplico

Tags: Tools |

Posted in Security Tools, Tools on February 24th, 2010 by SecurityDatabase

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Damn Vulnerable Web App (DVWA) is free software: you can redistribute it and/or modify it under the terms of the (...) - Security Tools / Framework, Exploitation, Attack, DVWA

Tags: Tools |

Posted in Security Tools, Tools on February 23rd, 2010 by SecurityDatabase

Nsploit it allows to pass through nmap to Metasploit and then execute some exploit.
Nsploit consists of 3 parts:
Library- It facilitates all the communication.
Triggers-Triggers fire when something is detected.
Config-Helps us set the options for the attack.
How to Install
Video
View slides, presented on SecTor. (PDF)
More information: here - Security Tools / Penetration testing & Ethical Hacking, Exploitation, Attack, Nsploit

Tags: Tools |

Posted in Security Tools, Tools on February 23rd, 2010 by SecurityDatabase

iScanner is free open source tool lets you detect and remove malicious codes and web pages viruses from your Linux/Unix server easily and automatically.
This tool is programmed by iSecur1ty using Ruby programming language and it's released under the terms of GNU Affero General Public License 3.0.
Features
Detect malicious codes in web pages, this include hidden iframe tags, javascript, vbscript and activex objects.
Extensive log shows the infected files and the malicious code. (...) - Security Tools / Local auditing, Defense, Malware Scanner, iScanner

Tags: Tools |