Most Popular
CAINE (Computer Aided INvestigative Environment) 0.5 available
CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface.
The main design objectives that CAINE aims to guarantee are the following:
- an interoperable environment that supports the digital investigator during the four phases of the digital investigation
- a user friendly graphical interface
- a semi-automated compilation of the final report
SQLMap 0.6.4 released
sqlmap is an open source command-line automatic SQL injection tool
developed in Python. Its goal is to detect and take advantage of SQL
injection vulnerabilities on web applications. Once it detects one or
more SQL injections on the target host, the user can choose among a
variety of options to perform an extensive back-end database
management system fingerprint, retrieve DBMS session user and
database, enumerate users, password hashes, privileges, databases,
dump entire or user’s specific DBMS tables/columns, run his own SQL
statement, read specific files on the file system and more.
Browser Rider v20081124 : Framework for hacking browsers
“Browser Rider†is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.
WITOOL V0.13 released
WITOOL is an graphical based SQL Injection Tool written in .NET. It is suitable for auditing SQL and ORACLE servers
Findbugs 1.3.7 released
FindBugsâ„¢ is a program to find bugs in Java programs. It looks for instances of "bug patterns" --- code instances that are likely to be errors.
SSA 1.6 Beta 2 fix released
SSA (Security System Analyzer) is a non-intrusive OVAL-Compatible policy compliance and vulnerability assessment software. It provides auditors and security officers a comprehensive solution to keep pace with security compliance requirements (patch management, vulnerability management, software inventories...)
Wikto 2.1.0.0 (XMAS edition) released
Wikto is a tool that checks for flaws in webservers. It provides much the same functionality as Nikto but adds various interesting pieces of functionality, such as a Back-End miner and close Google integration.
Miranda tool: Auditing the UPNP devices
Miranda is a Python-based Universal Plug-N-Play client application designed to discover, query and interact with UPNP devices, particularly Internet Gateway Devices (aka, routers). It can be used to audit UPNP-enabled devices on a network for possible vulnerabilities
DB Audit 4.2 available
DB Audit Expert is a professional database auditing solution for Oracle, Sybase, DB2, MySQL and Microsoft SQL Server. DB Audit Expert enables database and system administrators, security administrators, auditors and operators to track and analyze any database activity including database security, access and usage, data creation, change or deletion. What makes DB Audit really unique is its built-in support for multiple auditing methods giving you the flexibility to choose the best fit for your database security requirements.
SQLAudit 2.0.1.0 released
T-SQL Script Generator for SQL Server 2000/2005 to Allow Auditing on Database Tables using Triggers and Additional tables for Auditing. SQL Audit is made up of two .NET 2.0 Assemblies: SqlAudit.dll and SqlAuditGenerator.exe
SQLMap 0.6.1 released
SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.
GFI LANguard 9 BETA is available
GFI LANguard Network Security Scanner (N.S.S.) checks your network for all potential methods that a hacker might use to attack it. By analyzing the operating system and the applications running on your network, GFI LANguard N.S.S. identifies possible security holes. In other words, it plays the devil’s advocate and alerts you to weaknesses before a hacker can find them, enabling you to deal with these issues before a hacker can exploit them.
iKat V1.0 Pentest Kiosk terminals
iKAT was designed to aid security consultants with the task of auditing the security of internet Kiosk software and deployed Kiosk terminals.
iKAT is designed to provide access to the underlying operating system of a Kiosk terminal by invoking native OS functionality.
New SysInternals Utility : CoreInfo v1.0 released
Coreinfo is a new command-line utility that shows you the mapping between logical processors and the physical processor, NUMA node, and socket on which they reside, as well as the cache’s assigned to each logical processor.
Tiger Unix Security tool updated to 3.2.3
TIGER is a set of Bourne shell scripts, C programs, and data files which are used to perform a security audit of Unix systems. The security audit results are useful both for system analysis (security auditing) and for real-time, host-based intrusion detection.
Lynis updated v1.2.1
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
SQLMap 0.6 available
SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.
Lynis 1.2.0 in the wild
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
PorkBind updated to 1.3.
PorkBind is a multi-threaded nameserver scanner that can recursively query nameservers of subdomains for version strings. (i.e. sub.host.dom’s nameservers then host.dom’s nameservers) After acquiring the version strings it tests them against version numbers from CERT advisories and reports back to the user. Zone transfer capability is also tested for
Lynis 1.1.9 released
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.