Most Popular
OVAL interpreter release 5.5.25 available
Open Vulnerability and Assessment Language (OVALâ„¢) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community.
iKat Pentest Kiosk terminals v2.0 available
iKAT was designed to aid security consultants with the task of auditing the security of internet Kiosk software and deployed Kiosk terminals.
iKAT is designed to provide access to the underlying operating system of a Kiosk terminal by invoking native OS functionalit
Findbugs v1.3.9-rc1 released
FindBugsâ„¢ is a program to find bugs in Java programs. It looks for instances of "bug patterns" --- code instances that are likely to be errors.
websecurify Web2.0 Application Security Testing Tool v0.2 released
Websecurify is a web and web2.0 security initiative specializing in researching security issues and building the next generation of tools to defeat and protect web technologies.
SQLmap version 0.7 in the wild
SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.
Hyena v7.7 available
Using the built-in Windows administration tools to manage a medium to large Windows NT or Windows 2000/2003 network can be a challenge
Hyena uses an Explorer-style interface for all operations, including right mouse click pop-up context menus for all objects. Management of users, groups (both local and global), shares, domains, computers, services, devices, events, files, printers and print jobs, sessions, open files, disk space, user rights, messaging, exporting, job scheduling, processes, and printing are all supported. For an example of a typical enterprise-wide view in Hyen
QueryParam Scanner v0.71
qpScanner is a simple tool that scans your codebase looking for queries. For every query it finds, it will check if there are any CFML variables in that query that are not contained within a cfqueryparam tag.
Once complete, it will display a list of files with queries to be checked, listing the line numbers and showing the contents of the query
VoIPScanner.com the First VoIP Assessment As A Service
VOIPSCANNER.COM makes scanning your public facing IP PBX for security holes easier than ever. No need for desktop applications or any software installation, just enter the IP address of your IP PBX and you will receive a report of what attackers out there might find about your IP PBX.
RedWolf Security Threat Generator version 149
RedWolf is a security threat simulator that tests security
system effectiveness. Its threat generation capabilities include email,
IM, malware, P2P, social networking, VoIP, DDoS, and many more. RedWolf’s guiding philosophy is that by generating realistic scenarios in a wide variety of categories, an auditor or organization can assess the
effectiveness of network defenses.
Quttera v0.3.1.0.9 available
Quttera detects zero-day vulnerability exploits, shellcodes and potentially malicious executable code hidden in computer files such as movies, images, documents and etc. Quttera is not just another antivirus solution. Quttera implements patent pending signatureless algorithm capable of detection "zero day" malicious threats without any prior information (threat signature) identifying detected malware. Quttera’s investigation mechanism does not rely on any signatures database but rather on fully heuristic and signatureless detection method which is able to detect existence of "zero-day" software vulnerability exploits into computer information and media files before they compromise the hosted computer.
Findbugs v1.3.9-dev-20090604 released
FindBugsâ„¢ is a program to find bugs in Java programs. It looks for instances of "bug patterns" --- code instances that are likely to be errors.
Quttera zero-day vulnerability exploits tool v0.3.1.0.0
Quttera detects zero-day vulnerability exploits, shellcodes and potentially malicious executable code hidden in computer files such as movies, images, documents and etc.
Quttera is not just another antivirus solution. Quttera implements patent pending signatureless algorithm capable of detection "zero day" malicious threats without any prior information (threat signature) identifying detected malware. Quttera’s investigation mechanism does not rely on any signatures database but rather on fully heuristic and signatureless detection method which is able to detect existence of "zero-day" software vulnerability exploits into computer information and media files before they compromise the hosted computer.
SQLMap 0.7rc1 available
sqlmap is an open source command-line automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.
WebSecurityTool Watcher v1.1.0 available on CodePlex
Watcher (The Open source Web Security Testing Tool and PCI compliancy auditing utility) is a runtime passive-analysis tool for HTTP-based Web applications. It detects Web-application security issues as well as operational configuration issues.
Lynis updated to v1.2.6
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
OAT Office Communication Server Tool Assessment released
OAT is a free VoIP security assessment tool designed to test the security configuration of Microsoft OCS SIP infrastructures, for deployment/implementation issues. It’s the first OCS SIP validation tool written in windows. OAT is the first security assessment tool for Office Communication Server 2007 (Including R2)
Scanners and utilities to detect Conficker worm
Conficker, also known as Downup, Downadup and Kido, is a computer worm that surfaced in October 2008 and targets the Microsoft Windows operating system. The worm exploits a previously patched vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta. The worm has been unusually difficult for network operators and law enforcement to counter because of its combined use of advanced malware techniques.
Lynis v1.2.5 released
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
Lansweeper v3.5 Freeware network inventory
Lansweeper is a powerful freeware solution without any embedded ads to make a complete software, hardware, asset inventory of your windows network.
OWASP Scrubbr v1.0 for XSS scanning
Scrubbr is a BSD-licensed database scanning tool that checks numerous database technologies for the presence of possible stored cross-site scripting attacks. The tool was partially inspired by "Scrawlr", a trimmed-down version of HP’s WebInspect which was released for free after the so-called "asprox" mass-SQL injection bot exploited hundreds of thousands of insecure ASP sites.