Security-Database Blog

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment. FireCAT is not a remplacement of other security utilities and softwares as well as fuzzers, proxies and application vulnerabilities scanners.

The NeoPwn Mobile Pentesting project is proud to announce that it is merging with BackTrack, to produce the first ever BackTrack Mobile suite!

The migration of the NeoPwn project will give way to a sharp development team, focused on fully supporting the Nokia N900 mobile phone. Future plans of the project will extend support for other mobile devices as they become compatible.

This is an exciting leap from the original project, as there are incredible improvements in hardware, usability and its open source nature. Community support will be provided and users will be encouraged to take part once the project is released.

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

Airtun-ng is a virtual tunnel interface creator. There are two basic functions:

• Allow all encrypted traffic to be monitored for wireless Intrusion Detection System (wIDS) purposes.
• Inject arbitrary traffic into a network.

DB Audit Expert is a professional database auditing solution for Oracle, Sybase, DB2, MySQL and Microsoft SQL Server. DB Audit Expert enables database and system administrators, security administrators, auditors and operators to track and analyze any database activity including database security, access and usage, data creation, change or deletion. What makes DB Audit really unique is its built-in support for multiple auditing methods giving you the flexibility to choose the best fit for your database security requirements.

Websecurify Security Testing Framework identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The framework is written in JavaScript and successfully executes in numerous platforms including modern browsers with support for HTML5, xulrunner, xpcshell, Java, V8 and others.

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, [?]UDP], ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.

Immunity’s CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide.

Our America, with a capital A as used to say ’Che’, is bereaved by the disaster that hits Chile these days. So, all our thoughts and condolences are with the families of the disappeared. We recommend Chile Ayuda

WebRaider is a plugin based automated web application exploitation tool which focuses to get a shell from multiple targets or injection point.