|(5 %)||Scanners and utilities to detect Conficker worm|
|(3 %)||Pangolin SQL injection tool build 126.96.36.1990 released|
|(3 %)||Websecurify v0.5 RC 1 released|
|(3 %)||Websecurify v0.5 Final|
|(3 %)||iKat V1.0 Pentest Kiosk terminals|
SIP Inspector is a tool written in JAVA to simulate different SIP messages and scenarios. You can create your own SIP signaling scenarios, customize SIP messages and monitor incoming and outgoing messages. The tool can play RTP streams from a pcap file.
scRUBYt! is a simple but powerful web scraping toolkit written in Ruby. It’s purpose is to free you from the drudgery of web page crawling, looking up HTML tags, attributes, XPaths, form names and other typical low-level web scraping stuff by figuring these out from your examples copy’n’pasted from the Web page or straight from Firebug.
SQLFury is an injection scanner that uses blind SQL injection techniques to extract information from a target database. It targets Air Abobe AIR Runtime
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks.
Secure Network is working on the first security assessment toolkit for virtual infrastructures, VASTO, and Criscione announced today the public beta at the Troopers conference.
VASTO comes as a set of components for Metasploit, one of the most popular frameworks for penetration testing in the security industry.
iWep PRO is an application for the iPhone and iPod touch that allow users check if their routers are exposed to some vulnerabilities.
Main vulnerability is WEP/WPA key calculation. There are some routers that can be easily hacked just in few minutes. This happens ONLY when routerÂ´s factoy settings were not changed. If factory settings were changed, iWep PRO is useless with your router.
XSSploit is a multi-platform Cross-Site Scripting scanner and exploiter written in Python. It has been developed to help discovery and exploitation of XSS vulnerabilities in penetration testing missions.
SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.
fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It’s is currently under heavy development but it’s usable.
SOAPbox is a Web services testing tool, which supports both SOAP-based and REST-based invocation modes. It shares some of its architecture with the Vordel XML Gateway, especially for security features or policy creation.
The OpenSCAP Project was created to provide an open-source framework to the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities.
Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems so you can:
- CLEAN UP RUSTY CONFIGURATIONS that are crudded up with rules that can’t match traffic.
- ERADICATE LATENT SECURITY PROBLEMS lurking in overly-permissive rules
- SANITY CHECK CHANGES to see if new rules create problems.
Flint is absolutely free. There’s no catch. You can download the source from our git repository. This isn’t the "play at home" version; it’s our second product, and we want to do it open source.
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.
DB Audit Expert is a professional database auditing solution for Oracle, Sybase, DB2, MySQL and Microsoft SQL Server. DB Audit Expert enables database and system administrators, security administrators, auditors and operators to track and analyze any database activity including database security, access and usage, data creation, change or deletion. What makes DB Audit really unique is its built-in support for multiple auditing methods giving you the flexibility to choose the best fit for your database security requirements.
Watcher (The Open source Web Security Testing Tool and PCI compliancy auditing utility) is a runtime passive-analysis tool for HTTP-based Web applications. It detects Web-application security issues as well as operational configuration issues.
Harden SSL/TLS allows hardening the SSL/TLS settings of Windows 2000, 2003, 2008, 2008R2, XP, Vista, 7. It allows locally and remotely set SSL policies allowing or denying certain ciphers/hashes or complete ciphersuites.
Browser Rider is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.