log2timeline is a framework for artifact timeline creation and analysis. The main purpose is to provide a single tool to parse various log files and artifacts found on suspect systems (and supporting systems, such as network equipment) and produce a body file that can be used to create a timeline, using tools such as mactime from TSK, for forensic investigators.
GUI has been written in Perl-GTK2 for creating the timeline. Since the GUI is written in GtK2 it will not work on every OS. It (...)
Home > Security Tools
Security Tools
-
log2timeline updated to v0.43
8 April 2010, by Tools Tracker Team -
PyLoris Denial of Service Web Testing v3.0 in the wild
8 April 2010, by Tools Tracker TeamPyLoris is a tool for testing a web server’s vulnerability to a particular class of Denial of Service (DoS) attacks. It uses the Slowloris method; by using all available connections, web servers cannot complete valid requests.
PyLoris is a scriptable tool for testing a web server’s vulnerability to Denial of Service (DoS) attacks which supports SOCKS, SSL, and all HTTP request methods. It uses the Slowloris method.
Changes Tkinter based GUI for attacks Multiple concurrent attack support (...) -
Acunetix WVS v6.5 build 20100407 released
7 April 2010, by Tools Tracker TeamAcunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.
Bug Fixes: Fixed: Login Sequence Recorder was not using client certificates when recording a login sequence Fixed: Login Sequence Recorder was not (...) -
(IN)SECURE Magazine Issue 25 released
7 April 2010, by Tools Tracker Team(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics.
Issue 25 The changing face of penetration testing: Evolve or die! Review: SmartSwipe Unusual SQL injection vulnerabilities and how to exploit them Take note of new data notification rules RSA Conference 2010 coverage Corporate monitoring: Addressing security, privacy, and temptation in the workplace Cloud computing and recovery, not just backup EJBCA: Make your (...) -
Netsparker® Free Community Edition released
7 April 2010, by Tools Tracker TeamNetsparker Community Edition is False Positive Free and can detect both SQL Injection and Cross-site Scripting issues better than many other scanners.
Netsparker Community Edition also detects many other vulnerabilities such as finding and reporting backup files, source code disclosures, Crossdomain.xml issues, SVN/CVS disclosures, internal path disclosures, error messages and many more.
Netsparker® Community Edition shares many features with Netsparker® Professional and just like Netsparker (...) -
Splunk the IT Log Management Software v4.1 released
7 April 2010, by Tools Tracker TeamSplunk is software that provides unique visibility across your entire IT infrastructure from one place in real time. Only Splunk enables you to search, report, monitor and analyze streaming and historical data from any source.
Splunk was the winner of our annual survey in category "Data mining / Log Management"
Splunk indexes any kind of IT data from any source in real time. Point your servers’ or network devices’ syslog at Splunk, set up WMI polling, monitor live logfiles, enable change (...) -
CWE/SANS Top 25 list updated to v1.0.3
7 April 2010, by Tools Tracker TeamThe 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most significant programming errors that can lead to serious software vulnerabilities. They occur frequently, are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at al
The list is the result of collaboration between the SANS Institute, MITRE, and many top software security (...) -
SFX-SQLi v1.1.3.2 available
7 April 2010, by Tools Tracker TeamSFX-SQLi (Select For XML SQL injection) is a new SQL injection technique which allows to extract the whole information of a Microsoft SQL Server 2005/2008 database in an extremely fast and efficient way.
In addition to a new web application for testing, a new revision of the tool is published with some minor fixes and changes, including new functionality like access to other databases in the same server or support for user defined (...) -
bing-ip2hosts v0.2 released - Enumerate hostnames from Bing
7 April 2010, by Tools Tracker TeamBing.com is a search engine owned by Microsoft formerly known as MSN Search and Live Search. It has a unique feature to search for websites hosted on a specific IP address. This feature is can be used with the IP: parameter in the search query as shown in the image above.
Bing-ip2hosts uses this feature to enumerate all hostnames which Bing has indexed for a specific IP address. This technique is considered best practice during the reconnaissance phase of a penetration test in order to (...) -
TCPDump v4.1.1 and LIBPCap v1.1.1 released
7 April 2010, by Tools Tracker Teamtcpdump is a common computer network debugging tool that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
Changes TCPDump v4.1.1 Fix build on systems with PF, such as FreeBSD and OpenBSD. Don’t blow up if a zero-length link-layer address is passed to linkaddr_string(). LIBPCap v1.1.1 Update CHANGES to reflect more of the changes in 1.1.0. Fix build on RHEL5. Fix (...)