Mobius Forensic Toolkit v0.5.2 released
Mobius Forensic Toolkit is an open-source forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files, for easy integration with other tools.
SecTechno article on Security-Database
Ensuring security of the modern computer network with a large number of system and devices consumes a big effort. Keeping track all new gaps becomes more and more difficult.Here I wanted to present a very good Infosec source.
dnsmap v0.30 - Passive DNS network mapper
dnsmap (a.k.a. subdomains bruteforcer) was originally released back in 2006 and was inspired by the fictional story "The Thief No One Saw" by Paul Craig, which can be found in the book "Stealing the Network - How to 0wn the Box".
No More and 1=1 v0.3 - repository of SQLi/XSS
In order to minimize the time required to type malicious syntax and have a handy repository of it M, this small tool that we hence call No more and 1=1.
[PDF] Nmap5 cheatsheet
Quick reference (also known as cheatsheet) for nmap, incorporating in addition to common parameters, some commands which are specific of the last branch released.
Xplico v0.5.5 released
The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).
Damn Vulnerable Web App (Live CD) v1.0.6 - released
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Nsploit - Popping boxes with Nmap
Nsploit it allows to pass through nmap to Metasploit and then execute some exploit.
iScanner v0.3 - detect and remove malicious codes
iScanner is free open source tool lets you detect and remove malicious codes and web pages viruses from your Linux/Unix server easily and automatically.
[PAPER] 2010 CWE/SANS Top 25 Most Dangerous Programming Errors (v1.01)
The 2010 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.
Sahi v3.0 - Web Automation and Test Tool
Sahi is an automation tool to test web applications. Sahi injects javascript into web pages using a proxy and the javascript helps automate web applications.