A Managed Code Rootkit (MCR) is a special type of malicious code that is deployed inside an application level virtual machine such as those employed in managed code environment frameworks – Java, .NET, Dalvik, Python, etc.
Having the full control of the managed code VM allows the MCR to lie to the upper level application running on top of it, and manipulate the application behavior to perform tasks not indented originally by the software developer.
ReFrameworker is a general purpose (...)
Home > Security Tools
Security Tools
-
ReFrameworker v1.1 (Managed Code Rootkit) - released
19 April 2010, by Tools Tracker Team -
[PDF] OWASP Top 10 for 2010 Final Version
19 April 2010, by Tools Tracker TeamThe OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.
The OWASP Top 10 Web Application Security Risks for 2010 are: A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: (...) -
Ubuntu Pentest Edition v2.03 released
15 April 2010, by Tools Tracker TeamUbuntu Pentest Edition is a gnome based linux designed as a complete system which can also be used for penetration testing. Ubuntu Pentest Edition has a big repository of software (Ubuntu repositories) and high customization possibilities. The system is made in a way that you can configure it to suite your needs.
With Ubuntu Pentest Edition comes around 300 tools for penetration testing and set of basic services which are needed in penetration testing. Also we are preparing a repository of (...) -
SAINT® 7.3.3 Released
15 April 2010, by Tools Tracker TeamSAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...)
-
Nessus v4.2.2 released
15 April 2010, by Tools Tracker TeamNessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.
This release contains the following fixes:
Nessus-fetch: Proxy issues have been resolved
NASL: Fixed a memory leak in the NASL xmlparse() function
Networking: Fixed IPv6 routing when talking to a remote host (FreeBSD, Mac OS (...) -
x5s Beta released - Automated XSS security testing assistant
13 April 2010, by Tools Tracker Teamx5s is a Fiddler addon which aims to assist penetration testers in finding cross-site scripting vulnerabilities. It’s main goal is to help you identify the hotspots where XSS might occur by: Detecting where safe encodings were not applied to emitted user-inputs Detecting where Unicode character transformations might bypass security filters Detecting where non-shortest UTF-8 encodings might bypass security filters
It injects ASCII to find traditional encoding issues, and it injects special (...) -
Burp Suite Pro v1.3.02 released
13 April 2010, by Tools Tracker TeamBurp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, downstream proxies, logging, alerting and extensibility.
This release fixes a few minor bugs arising from version v1.3.01.
It also adds a facility to customise the preset (...) -
JBroFuzz v2.1 released
13 April 2010, by Tools Tracker TeamJBroFuzz is a web application fuzzer for requests being made over HTTP and/or HTTPS. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities.
Release Notes (2.1): Ctrl + M to load your own fuzzers from a .jbrf file Removed the default addition of line feeds at the end of each request, make sure you know what you are fuzzing! On The Wire: Right-click, clear & also option to select to see requests and/or responses Added ASCII 85 (...) -
Suricata v0.8.1 released
12 April 2010, by Tools Tracker TeamThe Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field.
New features: the engine will now detect the number of cpu’s/core’s and setup the engine to use them fully libhtp is now included in the source experimental CUDA support for NVIDIA GPU accelerated pattern matching initial support for Win32 (using (...) -
Windows Autopwn (winAUTOPWN) v2.2 released
12 April 2010, by Tools Tracker TeamwinAUTOPWN is an auto (hacking) shell gaining tool. It can also be used to test IDS, IPS and other monitoring sensors/softwares.
Autohack your targets with least possible interaction.
Features: Contains already custom-compiled executables of famous and effective exploits alongwith a few original exploits. No need to debug, script or compile the source codes. Scans all ports 1 -* 65535 after taking the IP address and tries all possible exploits according to the list of discovered open (...)