Most Popular
PorkBind v1.2 : 13 DNS security flaws scanner (including DNS Poisoning)
PorkBind is a multi-threaded nameserver scanner that can recursively query nameservers of subdomains for version strings. (i.e. sub.host.dom’s nameservers then host.dom’s nameservers) After acquiring the version strings it tests them against version numbers from CERT advisories and reports back to the user. Zone transfer capability is also tested for
Lynis updated to 1.1.8 (now supports OSX)
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
Lynis 1.1.7 released
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
Lynis Unix Local Auditing utility updated to 1.1.6
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
New Added Utility : Lynis Unix Audit Tool v1.1.4
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
SIPVicious v0.2.3 released
SIPVicious is a set of utilities for auditing SIP devices. It comes with 4 tools :
- svmap: an active scanner to identify SIP devices on the network
- svwar: scans SIP PBX servers for existing extensions
- svcrack: an online password cracker against SIP PBX servers
- svreport: manages sessions by the other tools + exports to pdf, xml (html), csv and plain text
Findbugs Java Code Analyzer updated to 1.3.4
FindBugsâ„¢ is a program to find bugs in Java programs. It looks for instances of "bug patterns" --- code instances that are likely to be errors.
Focus on : Windows Permission Identifier Version 1.0
This tool enables administrators and penetration testers to review and audit the permissions of users on a windows machine.
SSA 1.6 Beta 2 released
SSA (Security System Analyzer) is free non-intrusive OVAL-Compatible software. It provides security testers, auditors with an advanced overview of the security policy level applied.
Features :
- OVAL-compatible product
- Fully support of open security standards and initiatives (CVE, OVAL, CCE, CPE, CWE, CAPEC, CVSS, CRF)
- Perform a deep inventory audit on installed softwares and applications
- Scan and map vulnerabilities using non-intrusive techniques based on schemas
- Detect and identify missed patches and hotfixes
- Define a patch management deployment strategy using CVSS scores
SSA Security System Analyzer version 1.6 beta 1 released
SSA (Security System Analyzer) is free non-intrusive OVAL-Compatible software. It provides security testers, auditors with an advanced overview of the security policy level applied.
Features :
- OVAL-compatible product
- Fully support of open security standards and initiatives (CVE, OVAL, CCE, CPE, CWE, CAPEC, CVSS, CRF)
- Perform a deep inventory audit on installed softwares and applications
- Scan and map vulnerabilities using non-intrusive techniques based on schemas
- Detect and identify missed patches and hotfixes
- Define a patch management deployment strategy using CVSS scores
Findbugs Java Code Analyzer updated to 1.3.3
FindBugsâ„¢ is a program to find bugs in Java programs. It looks for instances of "bug patterns" --- code instances that are likely to be errors.
Findbugs Java Code Analyzer updated to 1.3.3-rc1
FindBugs which uses static analysis to look for bugs in Java code. It is free software, distributed under the terms of the Lesser GNU Public License. The name FindBugsâ„¢ and the FindBugs logo are trademarked by The University of Maryland. FindBugs is sponsored by Fortify Software and SureLogic
Findbugs Java Code Analyzer updated to 1.3.2
FindBugs which uses static analysis to look for bugs in Java code. It is free software, distributed under the terms of the Lesser GNU Public License. The name FindBugsâ„¢ and the FindBugs logo are trademarked by The University of Maryland. FindBugs is sponsored by Fortify Software and SureLogic
Paglo IT Search and Management released for beta testers
The Paglo Crawler is an open source supersearcher — an agent that probes your network for devices and other IT assets, and discovers everything about them. The Crawler is part of Paglo, the first search engine for IT, a tool that specializes in searching the complex and varied data of IT networks, and in returning intelligent data in both simple text and rich quantitative form. The data that the Crawler finds is visible through a secure Paglo Web account, which is also open source. A single Paglo Crawler can be installed to probe an entire enterprise network.
SIGVI R2 Beta
SIGVI is an Open Source application, under GPL license.
Basically, SIGVI is an application to detect vulnerabilities on our network.
It is not magic (still ...), simply compares the vulnerabilities that it has received from the sources with the software that we have installed on our servers. Those vulnerabilities are stored into the database creating a vulnerability repository.
When finds a software version that is vulnerable, it creates an alert and send notifications to all the administrators of this server.
The SIGVI has been (and is being) developed at UPCnet, from Politechnical University of Catalonia (UPC), Spain.
Findbugs Java code analyzer updated to 1.3.1
FindBugs which uses static analysis to look for bugs in Java code. It is free software, distributed under the terms of the Lesser GNU Public License. The name FindBugsâ„¢ and the FindBugs logo are trademarked by The University of Maryland. FindBugs is sponsored by Fortify Software and SureLogic
Wikto 2.0.2911-20215 released
Wikto provides the same functionality as the Nikto tool. But it goes a little further. There are 3 main sections of the tool. These are : Back-End miner, Nikto-like functionality and google
[New Added] SQLMap V0.5 Automating SQL injection tests
SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.
DB Audit version 4.0 released
DB Audit Expert is a professional database auditing solution for Oracle, Sybase, DB2, MySQL and Microsoft SQL Server. DB Audit Expert enables database and system administrators, security administrators, auditors and operators to track and analyze any database activity including database security, access and usage, data creation, change or deletion. What makes DB Audit really unique is its built-in support for multiple auditing methods giving you the flexibility to choose the best fit for your database security requirements.
DBAudit version 3.2 - Auditing solution for databases -
DB Audit Expert is a professional database auditing solution for Oracle, Sybase, DB2, MySQL and Microsoft SQL Server. DB Audit Expert enables database and system administrators, security administrators, auditors and operators to track and analyze any database activity including database security, access and usage, data creation, change or deletion. What makes DB Audit really unique is its built-in support for multiple auditing methods giving you the flexibility to choose the best fit for your database security requirements.