MacNikto is an AppleScript GUI shell script wrapper built in Apple’s Xcode and Interface Builder, released under the terms of the GPL. It provides easy access to a subset of the features available in the Open Source, command-line driven Nikto web security scanner, installed along with the MacNikto application.
Nikto performs comprehensive tests against web servers for multiple items, including over 6100 potentially dangerous files/CGIs, versions on over 950 servers, and version specific (...)
Home > Security Tools
Security Tools
-
Focus on MacNikto v1.1.1
19 March 2010, by Tools Tracker Team -
VASTO The First Virtualization Assessment Toolkit released
19 March 2010, by Tools Tracker TeamSecure Network is working on the first security assessment toolkit for virtual infrastructures, VASTO, and Criscione announced today the public beta at the Troopers conference.
VASTO comes as a set of components for Metasploit, one of the most popular frameworks for penetration testing in the security industry.
VASTO comes as a set of components for Metasploit, one of the most popular frameworks for penetration testing in the security industry. The framework consists of tools, libraries, (...) -
W3AF ported to FreeBSD
18 March 2010, by Tools Tracker Teamw3af, is a Web Application Attack and Audit Framework. The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much
Sofian Brabez, our FreeBSD expert, has updated the FreeBSD port of w3af to the 1.0-rc2 version and commited it to FreeBSD ports sources tree. If you’re using FreeBSD, now you have one more reason to use w3af and make your life easier when (...) -
iWep Pro Auditor wifi security v1.1.3 on the wild
18 March 2010, by Tools Tracker TeamiWep PRO is an application for the iPhone and iPod touch that allow users check if their routers are exposed to some vulnerabilities.
Main vulnerability is WEP/WPA key calculation. There are some routers that can be easily hacked just in few minutes. This happens ONLY when router´s factoy settings were not changed. If factory settings were changed, iWep PRO is useless with your router.
iWep PRO is based in WEP/WPA calcualtion methods found in internet. You can find them on your own, and (...) -
FireCAT v1.6.2 updated with Framework Detector
18 March 2010, by Tools Tracker TeamNew extensions added: Framework Detector added (Category Information Gathering -> Enumeration and footprinting)
Framework Detector can automatically detect JavaScript framework/s used in current page. Can detect more than 70 popular JavaScript frameworks, libraries and components, including: Backbase, Dojo/Dijit, Echo, ExtJS, GWT, ICEfaces, jQuery, MooTools, Nitobi, Prototype, qooXdoo, Rialto, Rico, script.aculo.us, SmartClient, Spry, TinyMCE, YUI and many others. Based on WTFramework (...) -
XSSploit XSS scanner multiplatfom v0.5 available
18 March 2010, by Tools Tracker TeamXSSploit is a multi-platform Cross-Site Scripting scanner and exploiter written in Python. It has been developed to help discovery and exploitation of XSS vulnerabilities in penetration testing missions.
When used against a website, XSSploit first crawls the whole website and identifies encountered forms. It then analyses these forms to automatically detect existing XSS vulnerabilities as well as their main characteristics.
The vulnerabilities that have been discovered can then be (...) -
FireCAT v1.6.2 updated with BackendInfo
17 March 2010, by Tools Tracker TeamNew extensions added: BackendInfo extension added (Category Information Gathering -> Enumeration and footprinting)
BackendInfo is a lightweight Firefox extension that detects name and version of backends behind websites.
Detecting 15 different backends / 130+ versions Drupal 6.x, 5.x, Wordpress 2.x phpBB 2.x, 3.x, Django, DokuWiki MediaWiki, MoinMoin, Reddit, Blogger Joomla 1.5.x, 1.0.x more…
Now FireCAT supports 92 (...) -
Digital Forensics Framework v0.5 released
17 March 2010, by Tools Tracker TeamDFF (Digital Forensics Framework) is a simple but powerfull open source tool with a flexible module system which will help you in your digital forensics works, including files recovery due to error or crash, evidence research and analysis, etc. The source code is written in C++ and Python, allowing performances and great extensibility
This project follows three main goals: Modularity. In contrary to the monolithic model, the modular model is based on an a host and many modules. This (...) -
JBroFuzz v2.0 released
16 March 2010, by Tools Tracker TeamJBroFuzz is a web application fuzzer for requests being made over HTTP and/or HTTPS. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities.
Version 2.0 User basic authentication supported and updated headers to show 2.0 release Fixed preferences bug. Added Authorization header option in UI, under URL Encoding Created a Verifier for .jbrf files Fixed a small mistake in EncoderHashFrame.java Implemented a Cross Product Fuzzer within (...) -
Saint Vulnerability Scanner v7.3 on the wild
16 March 2010, by Tools Tracker TeamSAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...)