The Glider

Posted in Security Tools, Tools on April 3rd, 2010 by SecurityDatabase

Zero Wine Tryouts is an open source malware analysis tool. Just upload your suspicious file (e.g. Windows executable file, PDF file) through the web interface and let it analyze.
Changes for 20100325
Version Alpha 2
Update Wine. (1.1.41)
Update TrIDDefs.TRD. (3911 file types, 25/03/10)
Improvement view/download function.
Partial rewrite of the calls.py. Makes the signature more readable.
Refactoring some code.
Some minor change.
Fix dump download problem. (Regression)
Some minor (...) - Security Tools / Forensics, Defense, Malware Scanner, Zero Wine Tryouts

Tags: Tools |

Posted in Security Tools, Tools on April 3rd, 2010 by SecurityDatabase

People spend a lot of time preparing for effective dictionary attack. Common User Passwords Profiler (CUPP) is made to simplify this attack method that is often used as last resort in penetration testing and forensic crime investigations. A weak password might be very short or only use alphanumeric characters, making decryption simple. A weak password can also be one that is easily guessed by someone profiling the user, such as a birthday, nickname, address, name of a pet or relative, or a (...) - Security Tools / Penetration testing & Ethical Hacking, Password Cracking, Cupp

Tags: Tools |

Posted in Security Tools, Tools on April 2nd, 2010 by SecurityDatabase

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks.
Key Features:
High performance: 500+ requests per second against responsive Internet targets, 2000+ requests per second on LAN / MAN networks, and 7000+ requests against local (...) - Security Tools / Enumeration, Information Gathering, Application Scanner, Skipfish

Tags: Tools |

Posted in Security Tools, Tools on April 2nd, 2010 by SecurityDatabase

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active respons
The following is the changelog for OSSEC version 2.4.
Changelog:
Added more options to filter by user and srcip on reportd.
Fixed init script for gentoo that was failing if (...) - Security Tools / IDS, Data Mining, Network Monitoring, OSSEC

Tags: Tools |

Posted in Security Tools, Tools on April 2nd, 2010 by SecurityDatabase

Kon-Boot is an prototype piece of software which allows to change contents of a Linux kernel (and now Windows kernel also!!!) on the fly (while booting). In the current compilation state it allows to log into a linux system as 'root' user without typing the correct password or to elevate privileges from current user to root.
Our first article on kon-boot
For Windows systems it allows to enter any password protected profile without any knowledge of the password. It was acctually started as (...) - Security Tools / Penetration testing & Ethical Hacking, LiveCD, Kon-Boot

Tags: Tools |

Posted in Security Tools, Tools on April 2nd, 2010 by SecurityDatabase

CMS Explorer is designed to reveal the the specific modules, plugins, components and themes that various CMS driven web sites are running.
Additionally, CMS Explorer can be used to aid in security testing. While it performs no direct security checks, the "explore" option can be used to reveal hidden/library files which are not typically accessed by web clients but are nonetheless accessible. This is done by retrieving the module's current source tree and then requesting those file names (...) - Security Tools / Footprinting, Information Gathering, Application Scanner, Configurations checks, CMS Explorer

Tags: Tools |

Posted in Security Tools, Tools on April 1st, 2010 by SecurityDatabase

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
The latest release of the Metasploit Cyber Warfare (...) - Security Tools / Metasploit, Penetration testing & Ethical Hacking

Tags: Tools |

Posted in Security Tools, Tools on April 1st, 2010 by SecurityDatabase

Wireshark is the world's most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2
Wireshark 1.2.7 (stable) has been released. Installers for Windows, Mac OS X 10.5.5 and above (...) - Security Tools / Data Sniffer, WireShark - Ethereal

Tags: Tools |

Posted in Security Tools, Tools on April 1st, 2010 by SecurityDatabase

SAINT is the Security Administrator's Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT's data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...) - Security Tools / Saint, Penetration testing & Ethical Hacking, Vulnerability Management

Tags: Tools |

Posted in Security Tools, Tools on April 1st, 2010 by SecurityDatabase

CWE (Common Weakness Enumeration) is a community-developed formal list of common software weaknesses. It serves as a common language for describing software security weaknesses, a standard measuring stick for software security tools targeting these vulnerabilities, and as a baseline standard for weakness identification, mitigation, and prevention efforts.
As an effort to be fully compliant, we've integrated the latest CWE release.
You can browse the CWE list at (...) - Security Tools

Tags: Tools |