The Glider

Posted in Security Tools, Tools on May 1st, 2010 by SecurityDatabase

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.
New features
Support for the following keywords: detection_filter, http_client_body
The HTTP parser can now set server personalities
threshold.config support
The experimental CUDA code now also works on x86_64
IP address only rules for IPv6 are (...) - Security Tools / IDS, Suricata

Tags: Tools |

Posted in Security Tools, Tools on May 1st, 2010 by SecurityDatabase

WhatWeb is a next generation web scanner that identifies what websites are running. Flexible plugin architecture with over 80 plugins so far. Passive plugins use information in the headers, cookies, HTML body and URL. Aggressive plugins can identify versions of Joomla, phpBB, etc by making extra requests to the webserver
Version 0.4.2
Added header-hash plugin. Makes a hash of the first 500 characters. This is useful to identify unknown systems
Added footer-hash plugin. Makes a hash of (...) - Security Tools / Enumeration, Information Gathering, Application Scanner, WhatWeb

Tags: Tools |

Posted in Security Tools, Tools on May 1st, 2010 by SecurityDatabase

AccessChk, a command-line tool for viewing the effective permissions on files, registry keys, services, processes, kernel objects, and more.
As a part of ensuring that they've created a secure environment Windows administrators often need to know what kind of accesses specific users or groups have to resources including files, directories, Registry keys, global objects and Windows services. AccessChk quickly answers these questions with an intuitive interface and output.
Changes :
A a new (...) - Security Tools / Configurations checks, Local auditing, AccessChk

Tags: Tools |

Posted in Security Tools, Tools on May 1st, 2010 by SecurityDatabase

Spiceworks is the complete network management & monitoring, helpdesk, PC inventory & software reporting solution to manage Everything IT in small and medium businesses.
Spiceworks Lets You...
Inventory Your Network & PCs
Monitor & Manage Your Network
Manage Your IT Assets
Manage Changes & Configurations
Map Your NetworkBETA
Audit Your Software
Troubleshoot Your Network
Run an IT Help Desk
Be an MSP
Talk to IT Pros Like You
Spiceworks IT Desktop is designed for
IT Pros who have (...) - Security Tools / Security Solutions, Configurations checks, SpiceWorks, Network Monitoring

Tags: Tools |

Posted in Security Tools, Tools on May 1st, 2010 by SecurityDatabase

OpenDLP is a free and open source, agent-based, centrally-managed, massively distributable data loss prevention tool released under the GPL. Given appropriate Windows domain credentials, OpenDLP can simultaneously identify sensitive data at rest on hundreds or thousands of Microsoft Windows systems from a centralized web application. OpenDLP has two components: a web application and an agent.
Web Application
Automatically deploy and start agents over Netbios
When done, automatically stop, (...) - Security Tools / Information Gathering, Data Mining, OpenDLP

Tags: Tools |

Posted in Security Tools, Tools on April 30th, 2010 by SecurityDatabase

Hakin9 magazine is now a FREE, ONLINE, MONTHLY magazine! All you need to do to get a new issue each month is subscribe to the newsletter.
Inside:
Writing WIN32 shellcode with a C-compiler
Flash memory mobile forensic
Threat Modeling Basics
Pwning Embedded ADSL Routers
Firewalls for Beginners
Regulars:
ID Fraud Expert Says by Julian Evans: Identity Theft Protection Services – a new industry is born
Tool reviews: NTFS Mechanic, Active@ Undelete Professional, KonBoot v1.1
Interview (...) - Security Tools / Hakin9

Tags: Tools |

Posted in Security Tools, Tools on April 29th, 2010 by SecurityDatabase

A comprehensive set of fuzzing patterns for discovery and attack during highly targeted brute force testing of web applications.
Fuzzdb is a comprehensive set of known attack pattern sequences to be utilized for intelligent brute force testing in order to rapidly identify exploitable conditions in new applications.
Primary sources used for attack pattern research:
researching old web exploits for repeatable attack strings
scraping scanner patterns from http logs
various books, (...) - Security Tools / Fuzzers, Bruteforcers, Attack, Fuzzdb

Tags: Tools |

Posted in Security Tools, Tools on April 28th, 2010 by SecurityDatabase

Identifying content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. Licensed under GPLv3.
Version 0.4.1
Removed dependency on rubygems and libxslt by modifying and locally including the Anemone gem. This also simplified installation
Fixed a bug which didn't send URL parameters. eg. would send /index.php instead of /index.php?q=foo
Improved installation instructions. Henri Salo contacted me to say ruby-dev is required for (...) - Security Tools / Enumeration, Information Gathering, Application Scanner, WhatWeb

Tags: Tools |

Posted in Security Tools, Tools on April 28th, 2010 by SecurityDatabase

The ThreatFactor NSIA is a website scanner that monitors websites in realtime in order to detect defacements, compliance violations, exploits, sensitive information disclosure and other issues. ThreatFactor detects issues remotely and therefore requires no software to install, does not introduce any latency and will not interrupt business operations.
At it's core, ThreatFactor uses an advanced analysis engine that is capable of detecting a wide variety of issues and can be modified with (...) - Security Tools / Application Scanner, Configurations checks, Monitoring, NSIA

Tags: Tools |

Posted in Security Tools, Tools on April 28th, 2010 by SecurityDatabase

A set of tools to parsing the results of a report.
Code:
nbesql.py
report_auto.py
report_manual_review.py
report_ports.py
report_unsorted.py
sql2html.py
Single use syntax: nbe2sql.py -i
Windows batch for /f %a in ('dir /b *.nbe') do nbe2sql.py -i %a for /f %a in ('dir /b *.dat') do report_helper_manual_review.py -i %a
More information: here
Thanks to Garrett Gee - Project Leader, from WestCoastHackers.net - for sharing this tool with (...) - Security Tools / Nessus, Vulnerability Management, Nessus Parsing Tools

Tags: Tools |