Archive for the ‘Tools’ Category

OWASP Broken Web Applications v0.91rc1 available

|
Comments Off
The Open Web Application Security Project (OWASP) Broken Web Applications Project is distributed as a Virtual Machine in VMware format compatible with their no-cost VMware Player and VMware Server products (along with their commercial products).
The Open Web Application Security Project (OWASP) Broken Web Applications Project is distributed as a Virtual Machine in VMware format compatible with their no-cost VMware Player and VMware Server products (along with their commercial (...) - Security Tools / , , , ,

pwnat tool v0.1-beta bypassing NAT

|
Comments Off
pwnat, pronounced "poe-nat", is a tool that allows any number of clients behind NATs to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other. The server does not need to know anything about the clients trying to connect.
Simply put, this is a proxy server that works behind a NAT, even when the client is behind a NAT, without any 3rd party.
There is no middle man, no proxy, no 3rd party, (...) - Security Tools / , ,

Flint the Firewall Rules Checkup Scanner updated to v1.0.4

|
Comments Off
Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems so you can:
CLEAN UP RUSTY CONFIGURATIONS that are crudded up with rules that can't match traffic.
ERADICATE LATENT SECURITY PROBLEMS lurking in overly-permissive rules
SANITY CHECK CHANGES to see if new rules create problems.
Flint is absolutely free. There's no catch. You can download the source from our git repository. This isn't the "play at home" version; it's our second (...) - Security Tools / , ,

log2timeline updated to v0.4.2

|
Comments Off
log2timeline is a framework for artifact timeline creation and analysis. The main purpose is to provide a single tool to parse various log files and artifacts found on suspect systems (and supporting systems, such as network equipment) and produce a body file that can be used to create a timeline, using tools such as mactime from TSK, for forensic investigators.
GUI has been written in Perl-GTK2 for creating the timeline. Since the GUI is written in GtK2 it will not work on every OS. It has (...) - Security Tools / ,

WeaknetLabs announced WeakNet Linux IV

|
Comments Off
WeakNet Linux is small enough to fit onto a CD current build 600MB and runs servers directly from the CD including Web / PHP, FTP, SSH, and more.
Source WeaknetLabs
Development has started! Our new Linux will feature more options and more hacking tools than the last and look 10 times better! So far the details I can give are: FluxBox is still the default WM, boot time is around 15 seconds on an 800MHz AMD laptop. Broadcom drivers' inject at high rates. Ath9k injects, Ath5k injects, and RT73 (...) - Security Tools / , ,

Process Explorer v12 released

|
Comments Off
Process Explorer is an advanced process management utility that picks up where Task Manager leaves off. It will show you detailed information about a process including its icon, command-line, full image path, memory statistics, user account, security attributes, and more. When you zoom in on a particular process you can list the DLLs it has loaded or the operating system resource handles it has open. A search capability enables you to track down a process that has a resource opened, such as (...) - Security Tools / , , ,

SANS Investigative Forensic Toolkit (SIFT) Version 2.0 in the wild

|
Comments Off
The SANS SIFT Workstation is a VMware Appliance that is pre-configured with all the necessary tools to perform a detailed digital forensic examination. It is compatible with Expert Witness Format (E01), Advanced Forensic Format (AFF), and raw (dd) evidence formats. The brand new version has been completely rebuilt on an Ubuntu base with many additional tools and capabilities that can match any modern forensic tool suite.
SANS SIFT Workstation 2.0 Overview
VMware Appliance
Ready to tackle (...) - Security Tools / , ,

ZeroDayScanner SaaS Free Security Scan Service

|
Comments Off
ZeroDayScan is a free security web scanning service brought to you by experienced security experts. The service is provided free of charge.
When security experts talk about zero day bugs and exploits they talk about a new security bugs and vulnerabilities that are unknown to others. Zero Day Bug term is derived from the age of the exploit. When a vendor becomes aware of a security hole, there is a race to close it before attackers discover it or the vulnerability becomes public. A "zero (...) - Security Tools / , ,

OpenScap v0.5.8 released – OVAL API extended

|
Comments Off
The OpenSCAP Project was created to provide an open-source framework to the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities.
It is the goal of OpenSCAP to provide a simple, easy to use set of interfaces to serve as the framework for community use of SCAP.
Version 0.5.8
new s-expr parser
new probes from unix schema
file probe memory optimization
xccdf test_results implementation
extended OVAL API
documentaion (...) - Security Tools / , , ,

Sip Inspector v1.00 released

|
Comments Off
SIP Inspector is a tool written in JAVA to simulate different SIP messages and scenarios. You can create your own SIP signaling scenarios, customize SIP messages and monitor incoming and outgoing messages. The tool can play RTP streams from a pcap file.
Release notes 1.00
Multiple simultaneous calls fully implemented
Call generation can be set with respect to calls/second, maximum concurrent calls and total allowed calls
If ran as a call generator, upon completion the tool provides a (...) - Security Tools / , , ,