The Glider

Posted in Security Tools, Tools on April 15th, 2010 by SecurityDatabase

SAINT is the Security Administrator's Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT's data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...) - Security Tools / Saint, Vulnerability Management

Tags: Tools |

Posted in Security Tools, Tools on April 15th, 2010 by SecurityDatabase

Nessus is the world's most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world's largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.
This release contains the following fixes:
Nessus-fetch:
Proxy issues have been resolved
NASL:
Fixed a memory leak in the NASL xmlparse() function
Networking:
Fixed IPv6 routing when talking to a remote host (FreeBSD, Mac OS X) (...) - Security Tools / Nessus, Vulnerability Scanner, Vulnerability Management

Tags: Tools |

Posted in Security Tools, Tools on April 13th, 2010 by SecurityDatabase

x5s is a Fiddler addon which aims to assist penetration testers in finding cross-site scripting vulnerabilities. It's main goal is to help you identify the hotspots where XSS might occur by:
Detecting where safe encodings were not applied to emitted user-inputs
Detecting where Unicode character transformations might bypass security filters
Detecting where non-shortest UTF-8 encodings might bypass security filters
It injects ASCII to find traditional encoding issues, and it injects (...) - Security Tools / Configurations checks, Exploitation, x5s

Tags: Tools |

Posted in Security Tools, Tools on April 13th, 2010 by SecurityDatabase

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, downstream proxies, logging, alerting and extensibility.
This release fixes a few minor bugs arising from version v1.3.01.
It also adds a facility to customise the preset payload (...) - Security Tools / Application Scanner, Burp

Tags: Tools |

Posted in Security Tools, Tools on April 13th, 2010 by SecurityDatabase

JBroFuzz is a web application fuzzer for requests being made over HTTP and/or HTTPS. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities.
Release Notes (2.1):
Ctrl + M to load your own fuzzers from a .jbrf file
Removed the default addition of line feeds at the end of each request, make sure you know what you are fuzzing!
On The Wire: Right-click, clear & also option to select to see requests and/or responses
Added ASCII (...) - Security Tools / JBroFuzz, Fuzzers

Tags: Tools |

Posted in Security Tools, Tools on April 12th, 2010 by SecurityDatabase

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.
New features:
the engine will now detect the number of cpu's/core's and setup the engine to use them fully
libhtp is now included in the source
experimental CUDA support for NVIDIA GPU accelerated pattern matching
initial support for Win32 (using (...) - Security Tools / Data Sniffer, IDS, Suricata

Tags: Tools |

Posted in Security Tools, Tools on April 12th, 2010 by SecurityDatabase

winAUTOPWN is an auto (hacking) shell gaining tool. It can also be used to test IDS, IPS and other monitoring sensors/softwares.
Autohack your targets with least possible interaction.
Features:
Contains already custom-compiled executables of famous and effective exploits alongwith a few original exploits.
No need to debug, script or compile the source codes.
Scans all ports 1 -* 65535 after taking the IP address and tries all possible exploits according to the list of discovered (...) - Security Tools / Framework, winAUTOPWN, Exploitation, Attack

Tags: Tools |

Posted in Security Tools, Tools on April 10th, 2010 by SecurityDatabase

Peach is a cross-platform fuzzing framework. Its main goals include short development time, code reuse, ease of use, and flexibility. It can fuzz just about anything, including COM/ActiveX, SQL, shared libraries and DLLs, network applications, and the Web. Tags
Peach is a SmartFuzzer that is capable of performing both generation and mutation based fuzzing.
Peach requires the creation of PeachPit files that define the structure, type information, and relationships in the data to be fuzzed. (...) - Security Tools / Fuzzers, Peach

Tags: Tools |

Posted in Security Tools, Tools on April 10th, 2010 by SecurityDatabase

pvefindaddr is a PyCommand (plugin) for Immunity Debugger. Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.
Drop the file in the pycommands folder within your Immunity Debugger installation folder. You can get the list of (...) - Security Tools / Exploitation, pvefindaddr

Tags: Tools |

Posted in Security Tools, Tools on April 10th, 2010 by SecurityDatabase

Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions).
Scapy also performs very well on (...) - Security Tools / Network Discovery, Scapy

Tags: Tools |