|(1 %)||Watcher Web Security Scanning tool v1.3.0 available|
|(1 %)||Scanners and utilities to detect Conficker worm|
|(1 %)||Paglo IT Search and Management released for beta testers|
|(1 %)||OWASP Code Crawler v2.7 released|
|(1 %)||SQLmap version 0.7 in the wild|
Sip Inspector v1.00 released
SIP Inspector is a tool written in JAVA to simulate different SIP messages and scenarios. You can create your own SIP signaling scenarios, customize SIP messages and monitor incoming and outgoing messages. The tool can play RTP streams from a pcap file.
Focus on scRUBYt! v0.4.11 the powerful web scraping tool
scRUBYt! is a simple but powerful web scraping toolkit written in Ruby. It’s purpose is to free you from the drudgery of web page crawling, looking up HTML tags, attributes, XPaths, form names and other typical low-level web scraping stuff by figuring these out from your examples copy’n’pasted from the Web page or straight from Firebug.
SQLFury SQL Injection for Adobe Air runtime v1.1.6 availabe
SQLFury is an injection scanner that uses blind SQL injection techniques to extract information from a target database. It targets Air Abobe AIR Runtime
(Update) Skipfish Active web application scanner v1.08 beta just released
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks.
VASTO The First Virtualization Assessment Toolkit released
Secure Network is working on the first security assessment toolkit for virtual infrastructures, VASTO, and Criscione announced today the public beta at the Troopers conference.
VASTO comes as a set of components for Metasploit, one of the most popular frameworks for penetration testing in the security industry.
iWep Pro Auditor wifi security v1.1.3 on the wild
iWep PRO is an application for the iPhone and iPod touch that allow users check if their routers are exposed to some vulnerabilities.
Main vulnerability is WEP/WPA key calculation. There are some routers that can be easily hacked just in few minutes. This happens ONLY when routerÂ´s factoy settings were not changed. If factory settings were changed, iWep PRO is useless with your router.
XSSploit XSS scanner multiplatfom v0.5 available
XSSploit is a multi-platform Cross-Site Scripting scanner and exploiter written in Python. It has been developed to help discovery and exploitation of XSS vulnerabilities in penetration testing missions.
SQLMap v0.8 released
SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.
fimap v0.8a released
fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It’s is currently under heavy development but it’s usable.
Vordel SOAPbox for analyzing Webservices Security
SOAPbox is a Web services testing tool, which supports both SOAP-based and REST-based invocation modes. It shares some of its architecture with the Vordel XML Gateway, especially for security features or policy creation.
OpenSCAP v0.5.7 released
The OpenSCAP Project was created to provide an open-source framework to the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities.
Flint v1.0 the Firewall Rules Checkup Scanner
Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems so you can:
- CLEAN UP RUSTY CONFIGURATIONS that are crudded up with rules that can’t match traffic.
- ERADICATE LATENT SECURITY PROBLEMS lurking in overly-permissive rules
- SANITY CHECK CHANGES to see if new rules create problems.
Flint is absolutely free. There’s no catch. You can download the source from our git repository. This isn’t the "play at home" version; it’s our second product, and we want to do it open source.
DirBuster v1.0 RC 1 - released
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.
DB Audit v4.2.25 released
DB Audit Expert is a professional database auditing solution for Oracle, Sybase, DB2, MySQL and Microsoft SQL Server. DB Audit Expert enables database and system administrators, security administrators, auditors and operators to track and analyze any database activity including database security, access and usage, data creation, change or deletion. What makes DB Audit really unique is its built-in support for multiple auditing methods giving you the flexibility to choose the best fit for your database security requirements.
Websecurify v0.5 Final
Websecurify v0.5 RC 1 released
Pangolin SQL injection tool build 188.8.131.520 released
Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications.
Watcher Web Security Scanning tool v1.3.0 available
Watcher (The Open source Web Security Testing Tool and PCI compliancy auditing utility) is a runtime passive-analysis tool for HTTP-based Web applications. It detects Web-application security issues as well as operational configuration issues.
Harden SSL/TLS vBeta
Harden SSL/TLS allows hardening the SSL/TLS settings of Windows 2000, 2003, 2008, 2008R2, XP, Vista, 7. It allows locally and remotely set SSL policies allowing or denying certain ciphers/hashes or complete ciphersuites.
Browser Rider v20090204 released
Browser Rider is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.