Security Dashboard
Integrating OVAL Interpreter into BackTrack 3.0
Monday 23 June 2008 - 512 read - ( Keywords : BackTrack
,
OVAL )
Open Vulnerability and Assessment Language (OVAL) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community
FireCAT 1.4 released
Monday 12 May 2008 - 7076 read - ( Keywords : FireCAT
,
Firefox
,
Framework )
FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment
SQLMap 0.6 available
Wednesday 3 September 2008 - 89 read - ( Keywords : Application Scanner
,
Configurations checks
,
SQLmap
,
Vulnerability Scanner )
SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.
Nikto updated to v2.03
Monday 1 September 2008 - 136 read - ( Keywords : Application Scanner
,
Nikto
,
Vulnerability Scanner )
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated
Nipper 0.12.0 released (featuring library and command line based)
Sunday 31 August 2008 - 119 read - ( Keywords : Configurations checks
,
Local auditing
,
Nipper )
Nipper is a Network Infrastructure Parser (with an extra P for good measure). It takes it’s input from a network devices configuration file(s), processes it/them and generates a nice friendly report. Nipper is platform independent, supports a range of network devices from different manufacturers and the report output can be in a variety of formats.
Lynis 1.2.0 in the wild
Wednesday 27 August 2008 - 137 read - ( Keywords : Configurations checks
,
Local auditing
,
Lynis
,
Vulnerability Scanner )
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
Fusil the fuzzer 1.0 beta1 ready
Monday 25 August 2008 - 120 read - ( Keywords : Fusil
,
Fuzzers )
Fusil the fuzzer is a Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files. Fusil has many probes to detect program crash: watch process exit code, watch process stdout and syslog for text patterns (eg. "segmentation fault"), watch session duration, watch cpu usage (process and system load), etc.
Cain & Abel v4.9.20 released
Friday 22 August 2008 - 362 read - ( Keywords : Bruteforcers
,
Cain and Abel
,
Data Sniffer
,
Password Cracking
,
VoIP )
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocol
Grendel v1.0 Web Application Security Testing released
Monday 18 August 2008 - 421 read - ( Keywords : Application Scanner
,
Bruteforcers
,
Fuzzers
,
Grendel
,
Vulnerability Scanner )
Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Windows, Linux and Macintosh builds are available.
Nipper 0.11.10 released
Sunday 17 August 2008 - 167 read - ( Keywords : Configurations checks
,
Local auditing
,
Nipper )
Nipper performs security audits of network device configuration files. The report produced by Nipper includes; detailed security-related issues with recommendations, a configuration report and various appendices. Nipper currently supports Cisco IOS, PIX, ASA, FWSM, NMP, CatOS and Juniper NetScreen devices.
PorkBind updated to 1.3.
Sunday 17 August 2008 - 203 read - ( Keywords : Configurations checks
,
PorkBind
,
Vulnerability Scanner )
PorkBind is a multi-threaded nameserver scanner that can recursively query nameservers of subdomains for version strings. (i.e. sub.host.dom’s nameservers then host.dom’s nameservers) After acquiring the version strings it tests them against version numbers from CERT advisories and reports back to the user. Zone transfer capability is also tested for
Saint 6.8 released
Friday 15 August 2008 - 152 read - ( Keywords : Saint
,
Vulnerability Management
,
Vulnerability Scanner )
SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved
