Archive for the ‘Security Tools’ Category
Posted in Security Tools, Tools on April 26th, 2010 by SecurityDatabase
Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.
Bug Fix:
Fixed: Access violation when the application exits
How to upgrade: On starting up Acunetix WVS, a pop up window will automatically notify (...)
-
Security Tools
/
Vulnerability Scanner,
Application Scanner,
Acunetix
Tags: Tools |
Posted in Security Tools, Tools on April 26th, 2010 by SecurityDatabase
FOCA 2 has a new algorithm which tries to discover as much info related to network infrastructure as possible. In this alpha version FOCA will add to the figured out network-map, all servers than can be found using a recursive algorithm searching in Google, BING, Reverse IP in BING, Well-known servers and DNS records, using an internal PTR-Scaning, et
To configure this algorithm you can use the new DNS Search panel and the info extracted will be showed up in three panels:
Domains
IP (...)
-
Security Tools
/
Enumeration,
Information Gathering,
Data Mining,
Foca
Tags: Tools |
Posted in Security Tools, Tools on April 25th, 2010 by SecurityDatabase
A comprehensive set of
fuzzing patterns for discovery and attack during highly targeted brute force testing of web applications.
Fuzzdb is a comprehensive set of known attack pattern sequences to be utilized for intelligent brute force testing in order to rapidly identify exploitable conditions in new applications.
Primary sources used for attack pattern research:
researching old web exploits for repeatable attack strings
scraping scanner patterns from http logs
various books, (...)
-
Security Tools
/
Fuzzers,
Bruteforcers,
Attack,
Fuzzdb
Tags: Tools |
Posted in Security Tools, Tools on April 25th, 2010 by SecurityDatabase
Marcin Wielgoszewski from Gotham Digital Science gave a keynote at the OWASP NY session (http://www.owasp.org/index.php/NYNJMetro) where he exhibited intrusion techniques on application based on Adobe AIR. Indeed, with the integration of RIA in the client side, we tend to forget that the beauty of things can hide a real threat.
This document details the communication methods used by Adobe Air and some points of failure. The author also shows how with simple security tools, which we already (...)
-
Security Tools
/
Penetration testing & Ethical Hacking,
Methodology,
Blazentoo
Tags: Tools |
Posted in Security Tools, Tools on April 25th, 2010 by SecurityDatabase
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks.
Key Features:
High performance: 500+ requests per second against responsive Internet targets, 2000+ requests per second on LAN / MAN networks, and 7000+ requests against local (...)
-
Security Tools
/
Enumeration,
Information Gathering,
Application Scanner,
Skipfish
Tags: Tools |
Posted in Security Tools, Tools on April 25th, 2010 by SecurityDatabase
stresslinux is a minimal linux distribution running from a bootable cdrom, usb, vmware or via PXE (wip). stresslinux makes use of some utitlities available on the net like: stress, cpuburn, hddtemp, lm_sensors ... stresslinux is dedicated to users who want to test their system(s) entirely on high load and monitoring the health.
Stresslinux is for people (system builders, overclockers) who want to test their hardware under high load and monitor stability and thermal environment.
You should (...)
-
Security Tools
/
Connectivity,
Configurations checks,
Monitoring,
StressLinux
Tags: Tools |
Posted in Security Tools, Tools on April 25th, 2010 by SecurityDatabase
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon.
Process Monitor adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous (...)
-
Security Tools
/
Enumeration,
Forensics,
Process Monitor,
Monitoring
Tags: Tools |
Posted in Security Tools, Tools on April 25th, 2010 by SecurityDatabase
SIP Inspector is a tool written in JAVA to simulate different SIP messages and scenarios. You can create your own SIP signaling scenarios, customize SIP messages and monitor incoming and outgoing messages. The tool can play RTP streams from a pcap file.
Release notes 1.1
Bug fixes:
Call specific variables are lost if multiple concurrent calls created
If Total Calls field set to 0, does not allow infinite number of calls
Outgoing calls with custom value and not generic [call_number] for (...)
-
Security Tools
/
Penetration testing & Ethical Hacking,
VoIP,
Configurations checks,
Sip Inspector
Tags: Tools |
Posted in Security Tools, Tools on April 25th, 2010 by SecurityDatabase
Aircrack-ng is an 802.11
WEP and
WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.
«Aircrack-ng is a set of tools for auditing wireless networks.»
A lot of bug fixes (including the buffer overflow in different tools) and improvements have been (...)
-
Security Tools
/
AirCrack-ng,
Wireless,
Password Cracking
Tags: Tools |
Posted in Security Tools, Tools on April 24th, 2010 by SecurityDatabase
Security Ninja blog : The tool is the result of me thinking about writing a tool to help people conduct security code reviews for over a year. I had conference presentations to prepare, certification exams to sit and of course a lot of conference speaking slots last year which meant the tool idea had to go on the backburner. The benefit of having this idea going around in my head for so long is that I knew exactly what I wanted the tool to look like and how I wanted it to function before I (...)
-
Security Tools
/
Code Auditing
Tags: Tools |
