Security-Database Blog

PHP Security Scanner is a tool written in PHP intended to search PHP code for vulnarabilities. MySQL DB stores patterns to search for as well as the results from the search. The tool can scan any directory on the file system.

Gerald Combs, the creator of Ethereal®, has initiated the Wireshark network protocol analyzer project, a successor to Ethereal®. The Ethereal® core developer team has moved with Gerald to the Wireshark project

Pixy is an Open-Source Vulnerability Scanner that identifies SQL, XSS problems in PHP applications.

SAINT, or the Security Administrator’s Integrated Network Tool, uncovers areas of weakness and recommends fixes. With SAINT® vulnerability assessment tool, you can:

• Detect and fix possible weaknesses in your network’s security before they can be exploited by intruders.
• Anticipate and prevent common system vulnerabilities.
• Demonstrate compliance with current government regulations such as FISMA, Sarbanes Oxley, GLBA, HIPAA, and COPPA

Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source (license).

Using the built-in Windows administration tools to manage a medium to large Windows NT or Windows 2000/2003 network can be a challenge

This is a security-database’s review of the latest release of GFI’s software LANguard Network Security Scanner 8.0. It comes with a bunch of new professional features that make vulnerability mapping and patch management easier and faster.

Folks at vulnerabilityassessment.co.uk pointed us to a new really good software for footprinting just released by Roelof Temmingh, ex-SensePost founder (sensepost released some beautiful tools as well as bidiblah, suru and wikto)

Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

NessusClient is the XWindow GUI for Nessus 2.x and 3.x.