The Glider

Posted in Security Tools, Tools on March 7th, 2010 by SecurityDatabase

SpiderLabs has developed dozens of tools over the years. Most of them end up as internal-only tools since they eventually make their way into one of Trustwave's product offerings. Recently, we have decided to showcase some of these tools and provide them as Open Source to the information security community. The tools have been made available without warranty and are available under the GNU General Public License as published by the Free Software Foundation.
ackack : A program to monitor (...) - Security Tools / Penetration testing & Ethical Hacking, Network Discovery, Exploitation, Attack

Tags: Tools |

Posted in Security Tools, Tools on March 7th, 2010 by SecurityDatabase

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment. FireCAT is not a remplacement of other security utilities and softwares as well as fuzzers, proxies and application vulnerabilities scanners.
New extensions:
Category Network utilities -> Passwords: Fireforce - The bruteforce attacks firefox extension ( http://www.scrt.ch/pages_en/fireforce.html)
Category IT (...) - Security Tools / Firefox, Methodology, Framework, FireCAT

Tags: Tools |

Posted in Security Tools, Tools on March 7th, 2010 by SecurityDatabase

The NeoPwn Mobile Pentesting project is proud to announce that it is merging with BackTrack, to produce the first ever BackTrack Mobile suite!
The migration of the NeoPwn project will give way to a sharp development team, focused on fully supporting the Nokia N900 mobile phone. Future plans of the project will extend support for other mobile devices as they become compatible.
This is an exciting leap from the original project, as there are incredible improvements in hardware, usability and (...) - Security Tools / Penetration testing & Ethical Hacking, Handhelds, NeoPwn

Tags: Tools |

Posted in Security Tools, Tools on March 7th, 2010 by SecurityDatabase

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
Starting with reconnaissance, we have included tools such as the Fierce (...) - Security Tools / LiveCD, Application Scanner, Vulnerability Management, Samurai

Tags: Tools |

Posted in Security Tools, Tools on March 7th, 2010 by SecurityDatabase

Airtun-ng is a virtual tunnel interface creator. There are two basic functions:
Allow all encrypted traffic to be monitored for wireless Intrusion Detection System (wIDS) purposes.
Inject arbitrary traffic into a network.
In order to perform wIDS data gathering, you must have the encryption key and the bssid for the network you wish to monitor. Airtun-ng decrypts all the traffic for the specific network and passes it to a traditional IDS system such as snort.
Traffic injection can be (...) - Security Tools / AirCrack-ng, Data Sniffer, Wireless

Tags: Tools |

Posted in Security Tools, Tools on March 7th, 2010 by SecurityDatabase

DB Audit Expert is a professional database auditing solution for Oracle, Sybase, DB2, MySQL and Microsoft SQL Server. DB Audit Expert enables database and system administrators, security administrators, auditors and operators to track and analyze any database activity including database security, access and usage, data creation, change or deletion. What makes DB Audit really unique is its built-in support for multiple auditing methods giving you the flexibility to choose the best fit for (...) - Security Tools / Configurations checks, Local auditing, DB Audit, Database

Tags: Tools |

Posted in Security Tools, Tools on March 6th, 2010 by SecurityDatabase

Websecurify Security Testing Framework identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The framework is written in JavaScript and successfully executes in numerous platforms including modern browsers with support for HTML5, xulrunner, xpcshell, Java, V8 and others.
More information: here
Changelog
Improved user interface.
The workspace window now has an Issue view which provides detailed information on each finding. (...) - Security Tools / Vulnerability Scanner, Application Scanner, Configurations checks, websecurify

Tags: Tools |

Posted in Security Tools, Tools on March 3rd, 2010 by SecurityDatabase

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, [?]UDP], ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
More information about hping
Thanks to our friend, Alejandro "dab" Ramos, from Security By (...) - Security Tools

Tags: Tools |

Posted in Security Tools, Tools on March 3rd, 2010 by SecurityDatabase

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.
New Feature:
Added new option to export results to HTTP Fuzzer
New Security Checks:
Test for XML External Entity Injection
Test for XML Injection (...) - Security Tools / Vulnerability Scanner, Application Scanner, Acunetix

Tags: Tools |

Posted in Security Tools, Tools on March 2nd, 2010 by SecurityDatabase

Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide.
Version 6.56 - 09/03/2010
New Modules
GetLocale - gets the locale of a Win32 MOSDEF Node.
disable_windows_firewall - Turns the Firewall off on a Windows machine useful for bouncing.
brightstor_cmdexec - CVE-2008-4397 (automatically runs a MOSDEF callback using the CANVAS TFTP (...) - Security Tools / Penetration testing & Ethical Hacking, Commercial, Exploitation, CANVAS

Tags: Tools |