Most Popular
OVAL Interpreter v5.6.3 released
Open Vulnerability and Assessment Language (OVAL) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services.
MiniFuzz File Fuzzer v0.1
MiniFuzz is a basic testing tool designed to help detect code flaws that may expose security vulnerabilities in file-handling code.
Digital Forensics Framework v0.4.3 available
DFF (Digital Forensics Framework) is a simple but powerfull open source tool with a flexible module system which will help you in your digital forensics works, including files recovery due to error or crash, evidence research and analysis, etc. The source code is written in C++ and Python, allowing performances and great extensibility
Graudit source code scanner v1.2 updated
Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS and flaw-finder while keeping the technical requirements to a minimum and being very flexible
Origami v1.0.0-beta0 - Parse, Analyze, and Forge PDF documents
Origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.
PDFResurrect v0.8 - PDF Analysis and Scrubbing Utility
PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions.
OVAL interpreter v5.6.1 released
Open Vulnerability and Assessment Language (OVALâ„¢) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community.
Graudit source code scanner v1.1 released
Graudit is a simple script and signature sets that allows you to find potential
security flaws in source code using the GNU utility grep. It’s comparable to
other static analysis applications like RATS and flaw-finder while keeping the
technical requirements to a minimum and being very flexible.
OVAL interpreter release 5.5.25 available
Open Vulnerability and Assessment Language (OVALâ„¢) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community.
Hyena v7.7 available
Using the built-in Windows administration tools to manage a medium to large Windows NT or Windows 2000/2003 network can be a challenge
Hyena uses an Explorer-style interface for all operations, including right mouse click pop-up context menus for all objects. Management of users, groups (both local and global), shares, domains, computers, services, devices, events, files, printers and print jobs, sessions, open files, disk space, user rights, messaging, exporting, job scheduling, processes, and printing are all supported. For an example of a typical enterprise-wide view in Hyen
RedWolf Security Threat Generator version 149
RedWolf is a security threat simulator that tests security
system effectiveness. Its threat generation capabilities include email,
IM, malware, P2P, social networking, VoIP, DDoS, and many more. RedWolf’s guiding philosophy is that by generating realistic scenarios in a wide variety of categories, an auditor or organization can assess the
effectiveness of network defenses.
Quttera v0.3.1.0.9 available
Quttera detects zero-day vulnerability exploits, shellcodes and potentially malicious executable code hidden in computer files such as movies, images, documents and etc. Quttera is not just another antivirus solution. Quttera implements patent pending signatureless algorithm capable of detection "zero day" malicious threats without any prior information (threat signature) identifying detected malware. Quttera’s investigation mechanism does not rely on any signatures database but rather on fully heuristic and signatureless detection method which is able to detect existence of "zero-day" software vulnerability exploits into computer information and media files before they compromise the hosted computer.
Quttera zero-day vulnerability exploits tool v0.3.1.0.0
Quttera detects zero-day vulnerability exploits, shellcodes and potentially malicious executable code hidden in computer files such as movies, images, documents and etc.
Quttera is not just another antivirus solution. Quttera implements patent pending signatureless algorithm capable of detection "zero day" malicious threats without any prior information (threat signature) identifying detected malware. Quttera’s investigation mechanism does not rely on any signatures database but rather on fully heuristic and signatureless detection method which is able to detect existence of "zero-day" software vulnerability exploits into computer information and media files before they compromise the hosted computer.
Lynis updated to v1.2.6
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
OAT Office Communication Server Tool Assessment released
OAT is a free VoIP security assessment tool designed to test the security configuration of Microsoft OCS SIP infrastructures, for deployment/implementation issues. It’s the first OCS SIP validation tool written in windows. OAT is the first security assessment tool for Office Communication Server 2007 (Including R2)
Scanners and utilities to detect Conficker worm
Conficker, also known as Downup, Downadup and Kido, is a computer worm that surfaced in October 2008 and targets the Microsoft Windows operating system. The worm exploits a previously patched vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta. The worm has been unusually difficult for network operators and law enforcement to counter because of its combined use of advanced malware techniques.
Lynis v1.2.5 released
Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
OWASP Scrubbr v1.0 for XSS scanning
Scrubbr is a BSD-licensed database scanning tool that checks numerous database technologies for the presence of possible stored cross-site scripting attacks. The tool was partially inspired by "Scrawlr", a trimmed-down version of HP’s WebInspect which was released for free after the so-called "asprox" mass-SQL injection bot exploited hundreds of thousands of insecure ASP sites.
Rootkit Hunter v1.3.4 in the wild
Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits
SSA 1.6 Beta 2 fix released
SSA (Security System Analyzer) is a non-intrusive OVAL-Compatible policy compliance and vulnerability assessment software. It provides auditors and security officers a comprehensive solution to keep pace with security compliance requirements (patch management, vulnerability management, software inventories...)