Identifying content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. Licensed under GPLv3.
Version 0.4.1 Removed dependency on rubygems and libxslt by modifying and locally including the Anemone gem. This also simplified installation Fixed a bug which didn’t send URL parameters. eg. would send /index.php instead of /index.php?q=foo Improved installation instructions. Henri Salo contacted me to say ruby-dev is required for (...)
Home > Security Tools
Security Tools
-
WhatWeb v0.4.1 - released
29 April 2010, by Tools Tracker Team -
NSIA (Network System Integrity Analysis) v0.8.99 released
28 April 2010, by Tools Tracker TeamThe ThreatFactor NSIA is a website scanner that monitors websites in realtime in order to detect defacements, compliance violations, exploits, sensitive information disclosure and other issues. ThreatFactor detects issues remotely and therefore requires no software to install, does not introduce any latency and will not interrupt business operations.
At it’s core, ThreatFactor uses an advanced analysis engine that is capable of detecting a wide variety of issues and can be modified with (...) -
Nessus Parsing Tools v1.3.1
28 April 2010, by Tools Tracker TeamA set of tools to parsing the results of a report.
Code: nbesql.py report_auto.py report_manual_review.py report_ports.py report_unsorted.py sql2html.py
Single use syntax:
nbe2sql.py -i <nessus.nbe>
Windows batch for /f %a in (’dir /b *.nbe’) do nbe2sql.py -i %a
for /f %a in (’dir /b *.dat’) do report_helper_manual_review.py -i %a
More information: here
Thanks to Garrett Gee - Project Leader, from WestCoastHackers.net - for sharing this tool with (...) -
Bruter v1.0 - parallel network login brute-forcer
26 April 2010, by Tools Tracker TeamBruter is a parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.
Version 1.0 Re-licensed to new-BSD license Added proxy support (CONNECT, SOCKS4, SOCKS5) Allowed more delimiter in combo file Added password length filtered in combo and dictionary mode Fixed miscellaneous bugs Updated openssl library to 0.9.8n
SMB: Implemented (...) -
Acunetix WVS v6.5 build 20100419 released
26 April 2010, by Tools Tracker TeamAcunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.
Bug Fix: Fixed: Access violation when the application exits
How to upgrade: On starting up Acunetix WVS, a pop up window will automatically notify (...) -
(update) Foca v2.0.1: in the wild
26 April 2010, by Tools Tracker TeamFOCA 2 has a new algorithm which tries to discover as much info related to network infrastructure as possible. In this alpha version FOCA will add to the figured out network-map, all servers than can be found using a recursive algorithm searching in Google, BING, Reverse IP in BING, Well-known servers and DNS records, using an internal PTR-Scaning, et
To configure this algorithm you can use the new DNS Search panel and the info extracted will be showed up in three panels: Domains IP (...) -
Fuzzdb updated to v1.06
25 April 2010, by Tools Tracker TeamA comprehensive set of fuzzing patterns for discovery and attack during highly targeted brute force testing of web applications.
Fuzzdb is a comprehensive set of known attack pattern sequences to be utilized for intelligent brute force testing in order to rapidly identify exploitable conditions in new applications.
Primary sources used for attack pattern research: researching old web exploits for repeatable attack strings scraping scanner patterns from http logs various books, articles, (...) -
(Paper) Pentesting Adobe Flex Applications (introducing new tool Blazentoo)
25 April 2010, by Tools Tracker TeamMarcin Wielgoszewski from Gotham Digital Science gave a keynote at the OWASP NY session (http://www.owasp.org/index.php/NYNJMetro) where he exhibited intrusion techniques on application based on Adobe AIR. Indeed, with the integration of RIA in the client side, we tend to forget that the beauty of things can hide a real threat.
This document details the communication methods used by Adobe Air and some points of failure. The author also shows how with simple security tools, which we already (...) -
Skipfish v1.33b released
25 April 2010, by Tools Tracker TeamSkipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks.
Key Features: High performance: 500+ requests per second against responsive Internet targets, 2000+ requests per second on LAN / MAN networks, and 7000+ requests against local (...) -
Testing the systems highload with StressLinux v0.5.111
25 April 2010, by Tools Tracker Teamstresslinux is a minimal linux distribution running from a bootable cdrom, usb, vmware or via PXE (wip).
stresslinux makes use of some utitlities available on the net like: stress, cpuburn, hddtemp, lm_sensors ...
stresslinux is dedicated to users who want to test their system(s) entirely on high load and monitoring the health.
Stresslinux is for people (system builders, overclockers) who want to test their hardware under high load and monitor stability and thermal environment.
You should (...)