The Security Auditor’s Research Assistant (SARA) is a third generation network security analysis tool that is:
Operates under Unix, Linux, MAC OS/X or Windows (through coLinux) OS’. Integrates the National Vulnerability Database (NVD). Can adapt to many firewalled environments. Support remote self scan and API facilities. Used for CIS benchmark initiatives Plug-in facility for third party apps CVE standards support (20040901) Enterprise search module Standalone or daemon mode Free-use open (...)
Home > Security Tools
Security Tools
-
Sara scanner updated from 7.1.1a to 7.1.1b
14 February 2007, by Tools Tracker Team -
Nikto 1.36 released
14 February 2007, by Tools Tracker TeamNikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).
Tracked by SD Tools Watch
Changes (new this version) Added -404 option to specify a "404 string" on the command line Added plugin to chek (...) -
Penetration Tests Framework update 0.23 available
12 February 2007, by Tools Tracker TeamPeople from vulnerabilityassessment.co.uk a good security resource website have released a complete security map called "Penetration Testing Framework"
Tracked by SD Tools Watch
The PTF (pentestration tests framework) enumerates the stages one’s should perform during a test (as described in the OSSTMM manual) Network footprinting Discovery & Probing Enumeration Vulnerability assessment Penetration (or exploitation) Plus other tests as well as physical, wireless assessment....
PTF has (...) -
Sara scanner version 7.1.1 is out
12 February 2007, by Tools Tracker TeamThe Security Auditor’s Research Assistant (SARA) is a third generation network security analysis tool that is:
Tracked by SD Tools Watch
Operates under Unix, Linux, MAC OS/X or Windows (through coLinux) OS’. Integrates the National Vulnerability Database (NVD). Can adapt to many firewalled environments. Support remote self scan and API facilities. Used for CIS benchmark initiatives Plug-in facility for third party apps CVE standards support (20040901) Enterprise search module Standalone or (...) -
KCPentrix 1.0 : Good platform for pentesters
10 February 2007, by Tools Tracker TeamKCPentrix is a liveCD designed to be a standalone Penetration testing toolkit for pentesters and security analysts.
Tracked by SD Tools Watch
KCPenTrix based on SLAX, a Slackware live cd and gentoo,auditor and whoppix. The Powerful modularity which KCPenTrix uses, allow us easily customize our version, and include whichever modules we like from any Slax distribution.
[Info] : We got a special good news from the former author (Frederico Frazão) about a new coming release. Keep watching (...) -
Cain and Abel 4.3 is available
10 February 2007, by Tools Tracker TeamCain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols
Tracked by SD Tools Watch
New features: Cain’s MitM NTLM Challenge (...) -
SandCat 3.0.5 released
9 February 2007, by Tools Tracker TeamSandcat allows web administrators to perform aggressive and comprehensive scans of an organization’s web server to isolate vulnerabilities and identify security holes. The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilities.
Tracked by SD Tools Watch
Provides more than 30,000 security checks for all leading web server platforms a target server can be local or remote (...) -
Wireshark 0.99.5 released
6 February 2007, by Tools Tracker TeamGerald Combs, the creator of Ethereal®, has initiated the Wireshark network protocol analyzer project, a successor to Ethereal®. The Ethereal® core developer team has moved with Gerald to the Wireshark project
What’s New Bug Fixes The following vulnerabilities have been fixed. See the security advisory for details and a workaround. The TCP dissector could hang or crash while reassembling HTTP packets. (Bug 1200) Versions affected: 0.99.2 to 0.99.4 CVE-2007-0459 The HTTP dissector could (...) -
Spike PHP security audit tool 0.23 beta available
6 February 2007, by Tools Tracker TeamNew Tool that intends to analyze PHP files for security holes.
Change Log:
- Modified to be PHP 4 friendly. Added a few functions to the knowledge-base: extract, shell_exec, pcntl_exec, exec. Slightly improved the organization of the knowledge-base file (vuln_db.xml).
Known issues: [Unverified], _getAllPhpFiles function may miss a few. Tokenizer needs to be able to differentiate between a native function
call and class method call of the same name, i.e. mail() and (...) -
OWASP JbroFuzz 0.4 added to SD security tools watch
6 February 2007, by Tools Tracker TeamJBroFuzz is a stateless network protocol fuzzer that emerged from the needs of penetration testing. Written in Java, it allows for the identification of certain classess of security vulnerabilities, by means of creating malformed data and having the network protocol in question consume the data.
The purpose of this application is to provide a single, portable application that offers stable network protocol fuzzing capabilities. A number of frameworks as well as APIs exist for fuzzing; (...)