The Glider

Posted in SD Papers, Tools on February 4th, 2012 by SecurityDatabase

Call for Beta tester - SD Papers

Tags: Tools |

Posted in Security Tools, Tools on May 12th, 2010 by SecurityDatabase

A collection of tools, just for fun. It includes LetDown, ReverseRaider and Httsquash.
LetDown is a tcp flooder I have programmed after reading Fyodor article "TCP Resource Exhaustion and Botched Disclosure" (you can read it at http://insecure.org/stf/tcp-dos-attack-explained.html). It has an (experimental) userland TCP/IP stack, and supports multistage payloads for complex protocols, fragmentation of packets and variable tcp window.
NOTE: LetDown is based on Fyodor NDos, it's not about (...) - Security Tools / Vulnerability Scanner, Network Discovery, Complemento

Tags: Tools |

Posted in Security Tools, Tools on May 12th, 2010 by SecurityDatabase

Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) availables in the target/victim websites.
It will generate a html page with the results of the metadata extracted, plus a list of potential usernames very useful for preparing a bruteforce attack on open services like ftp, pop3,web applications, vpn, etc. Also it will extract a list of disclosed PATHs in the metadata, with this information you can guess OS, network (...) - Security Tools / Information Gathering, Data Mining, MetaGooFil

Tags: Tools |

Posted in Security Tools, Tools on May 12th, 2010 by SecurityDatabase

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.
Version 0.9 RC1
New Features
Support for the http_headers keyword was added
libhtp was updated to version 0.2.3
Privilege dropping using libcap-ng is now supported
Proper support for "pass" rules was added
Inline mode for Windows was added (...) - Security Tools / IDS, Suricata

Tags: Tools |

Posted in Security Tools, Tools on May 12th, 2010 by SecurityDatabase

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn't a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).
Xplico is released under the GNU General Public License.
Version 0.5.7
RTCP dissector
RTP dissector improvement
SIP dissector (...) - Security Tools / Network Monitoring, Forensics, Xplico

Tags: Tools |

Posted in Security Tools, Tools on May 10th, 2010 by SecurityDatabase

iScanner is free open source tool lets you detect and remove malicious codes and web pages viruses from your Linux/Unix server easily and automatically.
This tool is programmed by iSecur1ty using Ruby programming language and it's released under the terms of GNU Affero General Public License 3.0.
Features
Detect malicious codes in web pages, this include hidden iframe tags, javascript, vbscript and activex objects.
Extensive log shows the infected files and the malicious code. (...) - Security Tools / Local auditing, Defense, Malware Scanner, iScanner

Tags: Tools |

Posted in Security Tools, Tools on May 10th, 2010 by SecurityDatabase

WebTest helps you test your WSGI-based web applications. This can be any application that has a WSGI interface, including an application written in a framework that supports WSGI (which includes most actively developed Python web frameworks – almost anything that even nominally supports WSGI should be testable).
With this you can test your web applications without starting an HTTP server, and without poking into the web framework shortcutting pieces of your application that need to (...) - Security Tools / Code Auditing, Configurations checks, WebTest

Tags: Tools |

Posted in Security Tools, Tools on May 10th, 2010 by SecurityDatabase

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.
Version 0.2.5
Upload mode is not limited to files of 64k bytes anymore
Uploading (...) - Security Tools / Vulnerability Scanner, Penetration testing & Ethical Hacking, Application Scanner, Database, SqlNinja

Tags: Tools |

Posted in Security Tools, Tools on May 7th, 2010 by SecurityDatabase

Wireshark is the world's most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2
Version 1.2.8
Bug Fixes
The following vulnerabilities have been fixed. See the security advisory (...) - Security Tools / Data Sniffer, WireShark - Ethereal

Tags: Tools |

Posted in Security Tools, Tools on May 7th, 2010 by SecurityDatabase

FUU (Faster Universal Unpacker) is a GUI Windows Tool with a set of tools (plugins) to help you to unpack, decompress and decrypt most of the programs packed, compressed or encrypted with the very well knowns software protection programs like UPX, ASPack, FSG, ACProtect, etc.
The GUI was designed using RadASM and MASM. Every plugin included in the official release was written in ASM using MASM.
The core of every plugin use TitanEngine SDK from ReversingLabs under the hood, this (...) - Security Tools / Code Auditing, Reverse Engineering, FUU

Tags: Tools |