Category Configurations checks

Sip Inspector v1.00 released

SIP Inspector is a tool written in JAVA to simulate different SIP messages and scenarios. You can create your own SIP signaling scenarios, customize SIP messages and monitor incoming and outgoing messages. The tool can play RTP streams from a pcap file.

Read More

Focus on scRUBYt! v0.4.11 the powerful web scraping tool

scRUBYt! is a simple but powerful web scraping toolkit written in Ruby. It’s purpose is to free you from the drudgery of web page crawling, looking up HTML tags, attributes, XPaths, form names and other typical low-level web scraping stuff by figuring these out from your examples copy’n’pasted from the Web page or straight from Firebug.

Read More

SQLFury SQL Injection for Adobe Air runtime v1.1.6 availabe

SQLFury is an injection scanner that uses blind SQL injection techniques to extract information from a target database. It targets Air Abobe AIR Runtime

Read More

(Update) Skipfish Active web application scanner v1.08 beta just released

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks.

Read More

VASTO The First Virtualization Assessment Toolkit released

Secure Network is working on the first security assessment toolkit for virtual infrastructures, VASTO, and Criscione announced today the public beta at the Troopers conference.

VASTO comes as a set of components for Metasploit, one of the most popular frameworks for penetration testing in the security industry.

Read More

iWep Pro Auditor wifi security v1.1.3 on the wild

iWep PRO is an application for the iPhone and iPod touch that allow users check if their routers are exposed to some vulnerabilities.

Main vulnerability is WEP/WPA key calculation. There are some routers that can be easily hacked just in few minutes. This happens ONLY when router´s factoy settings were not changed. If factory settings were changed, iWep PRO is useless with your router.

Read More

XSSploit XSS scanner multiplatfom v0.5 available

XSSploit is a multi-platform Cross-Site Scripting scanner and exploiter written in Python. It has been developed to help discovery and exploitation of XSS vulnerabilities in penetration testing missions.

Read More

SQLMap v0.8 released

SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

Read More

fimap v0.8a released

fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It’s is currently under heavy development but it’s usable.

Read More

Vordel SOAPbox for analyzing Webservices Security

SOAPbox is a Web services testing tool, which supports both SOAP-based and REST-based invocation modes. It shares some of its architecture with the Vordel XML Gateway, especially for security features or policy creation.

Read More

OpenSCAP v0.5.7 released

The OpenSCAP Project was created to provide an open-source framework to the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities.

Read More

Flint v1.0 the Firewall Rules Checkup Scanner

Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems so you can:

  • CLEAN UP RUSTY CONFIGURATIONS that are crudded up with rules that can’t match traffic.
  • ERADICATE LATENT SECURITY PROBLEMS lurking in overly-permissive rules
  • SANITY CHECK CHANGES to see if new rules create problems.

Flint is absolutely free. There’s no catch. You can download the source from our git repository. This isn’t the "play at home" version; it’s our second product, and we want to do it open source.

Read More

DirBuster v1.0 RC 1 - released

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

Read More

DB Audit v4.2.25 released

DB Audit Expert is a professional database auditing solution for Oracle, Sybase, DB2, MySQL and Microsoft SQL Server. DB Audit Expert enables database and system administrators, security administrators, auditors and operators to track and analyze any database activity including database security, access and usage, data creation, change or deletion. What makes DB Audit really unique is its built-in support for multiple auditing methods giving you the flexibility to choose the best fit for your database security requirements.

Read More

Websecurify v0.5 Final

Websecurify Security Testing Framework identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The framework is written in JavaScript and successfully executes in numerous platforms including modern browsers with support for HTML5, xulrunner, xpcshell, Java, V8 and others.

Read More

Websecurify v0.5 RC 1 released

Websecurify Security Testing Framework identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The framework is written in JavaScript and successfully executes in numerous platforms including modern browsers with support for HTML5, xulrunner, xpcshell, Java, V8 and others.

Read More

Pangolin SQL injection tool build 3.2.1.1020 released

Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications.

Read More

Watcher Web Security Scanning tool v1.3.0 available

Watcher (The Open source Web Security Testing Tool and PCI compliancy auditing utility) is a runtime passive-analysis tool for HTTP-based Web applications. It detects Web-application security issues as well as operational configuration issues.

Read More

Harden SSL/TLS vBeta

Harden SSL/TLS allows hardening the SSL/TLS settings of Windows 2000, 2003, 2008, 2008R2, XP, Vista, 7. It allows locally and remotely set SSL policies allowing or denying certain ciphers/hashes or complete ciphersuites.

Read More

Browser Rider v20090204 released

Browser Rider is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.

Read More
1 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8

SSA 1.6 Beta 2 released

Read More

SSA Security System Analyzer version 1.6 beta 1 released

Read More
1