The Glider

Posted in Security Tools, Tools on May 12th, 2010 by SecurityDatabase

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn't a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).
Xplico is released under the GNU General Public License.
Version 0.5.7
RTCP dissector
RTP dissector improvement
SIP dissector (...) - Security Tools / Network Monitoring, Forensics, Xplico

Tags: Tools |

Posted in Security Tools, Tools on May 10th, 2010 by SecurityDatabase

iScanner is free open source tool lets you detect and remove malicious codes and web pages viruses from your Linux/Unix server easily and automatically.
This tool is programmed by iSecur1ty using Ruby programming language and it's released under the terms of GNU Affero General Public License 3.0.
Features
Detect malicious codes in web pages, this include hidden iframe tags, javascript, vbscript and activex objects.
Extensive log shows the infected files and the malicious code. (...) - Security Tools / Local auditing, Defense, Malware Scanner, iScanner

Tags: Tools |

Posted in Security Tools, Tools on May 10th, 2010 by SecurityDatabase

WebTest helps you test your WSGI-based web applications. This can be any application that has a WSGI interface, including an application written in a framework that supports WSGI (which includes most actively developed Python web frameworks – almost anything that even nominally supports WSGI should be testable).
With this you can test your web applications without starting an HTTP server, and without poking into the web framework shortcutting pieces of your application that need to (...) - Security Tools / Code Auditing, Configurations checks, WebTest

Tags: Tools |

Posted in Security Tools, Tools on May 10th, 2010 by SecurityDatabase

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.
Version 0.2.5
Upload mode is not limited to files of 64k bytes anymore
Uploading (...) - Security Tools / Vulnerability Scanner, Penetration testing & Ethical Hacking, Application Scanner, Database, SqlNinja

Tags: Tools |

Posted in Security Tools, Tools on May 7th, 2010 by SecurityDatabase

Wireshark is the world's most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2
Version 1.2.8
Bug Fixes
The following vulnerabilities have been fixed. See the security advisory (...) - Security Tools / Data Sniffer, WireShark - Ethereal

Tags: Tools |

Posted in Security Tools, Tools on May 7th, 2010 by SecurityDatabase

FUU (Faster Universal Unpacker) is a GUI Windows Tool with a set of tools (plugins) to help you to unpack, decompress and decrypt most of the programs packed, compressed or encrypted with the very well knowns software protection programs like UPX, ASPack, FSG, ACProtect, etc.
The GUI was designed using RadASM and MASM. Every plugin included in the official release was written in ASM using MASM.
The core of every plugin use TitanEngine SDK from ReversingLabs under the hood, this (...) - Security Tools / Code Auditing, Reverse Engineering, FUU

Tags: Tools |

Posted in Security Tools, Tools on May 1st, 2010 by SecurityDatabase

Lansweeper is an automated network discovery and asset management tool which scans all your computers and devices and displays them in an easy accessible web interface. There is no need to install any agents on the computers, all scanning is done by standard build-in functionality.
Version 4.0 updates and bug fixes:
Service version 4.0.0.24
Scheduled adsi or computer scanning keeps on running after the specified schedule.
If you enable "refresh active directory users at night" you can (...) - Security Tools / Information Gathering, Configurations checks, Network Monitoring, Lansweeper

Tags: Tools |

Posted in Security Tools, Tools on May 1st, 2010 by SecurityDatabase

The samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.
Samhain v2.6.4 x; Don't read proc_root_iops in sh_kern.c (Problem report by H. R.)
Logfile check can check output of shell commands
Use data directory as default for logfile checkpoints
Fix broken checkpoint save/restore for logfiles
MD5: (...) - Security Tools / IDS, Network Monitoring, Samhain

Tags: Tools |

Posted in Security Tools, Tools on May 1st, 2010 by SecurityDatabase

DAVTest tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which allow for command execution or other actions directly on the target. It is meant for penetration testers to quickly and easily determine if enabled DAV services are exploitable.
DAVTest supports:
Automatically send exploit files
Automatic randomization of directory to help hide files
Send text files and try MOVE to executable name
Basic and Digest authorization (...) - Security Tools / Penetration testing & Ethical Hacking, Exploitation, Attack, DAVTest

Tags: Tools |

Posted in Security Tools, Tools on May 1st, 2010 by SecurityDatabase

Getting OS Access Using Lotus Domino Application Server Vulnerabilities.
This whitepaper continues a series of publications made by DSecRG researchers describing various ways of obtaining access to the server operating system, using vulnerabilities in popular business applications which meet in the corporate environment.
This whitepaper continues a series of publications made by DSecRG researchers describing various ways of obtaining access to the server operating system, using (...) - Security Tools

Tags: Tools |