Security Tools

• SQLMap v0.8 released
  15 March 2010, by Tools Tracker Team

  SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.
  New features : Support to enumerate and dump all databases’ tables containing user provided column(s) by (...)

• WhatWeb v0.4 - released
  15 March 2010, by Tools Tracker Team

  Identifying content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. Licensed under GPLv3.
  Version 0.4 Added HTTPS support Improved installation instructions Improved documentation Better compatibility with ruby 1.9. Changed a case statement syntax, changed when 0: to when 0 then. Removed UTF-8 characters in plugins that were causing crashes Added php-nuke plugin, passively recognises modules Added Fluxbb plugin, can identify (...)

• fimap v0.8a released
  14 March 2010, by Tools Tracker Team

  fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It’s is currently under heavy development but it’s usable.
  Version 0.8 (Enemy Unknown) Complete new engine which uses XML files inside the config folder. Added a tiny but powerful exploit-mode plugin interface. Can scan and exploit windows servers! Can scan (...)

• Sniff-n-Spit v1.0 - intercepting communications
  13 March 2010, by Tools Tracker Team

  During Penetration testing it can be seen that thick-clients sometimes communicate with a server whose IP address is hardcoded in to it.The HTTP communication between such client and server is harder to intercept and test. Sniff-n-Snip is a very useful utility in such scenarios. It sniffs for HTTP packets from the client to server and forwards them to your favorite proxy (Burp, WebScarab, Paros etc).
  User Input:
  The tool expects the following user input: Number of the listening interface. (...)

• Imposter v0.9 - Browser Phishing Tool
  13 March 2010, by Tools Tracker Team

  Imposter is a flexible framework to perform Browser Phishing attacks. Once the system running Imposter is configured as the DNS server to the victims, the internal DNS server of Imposter resolves all DNS queries to itself.
  When the victim tries to access any website the domain resolves to the system running Imposter and Imposter’s internal web server serves content to the victim. Depending on the configuration appropriate payloads are sent to the victim. Data stolen from the victim is sent (...)

• iScanner v0.4 released - Malicious codes scanner
  12 March 2010, by Tools Tracker Team

  iScanner is free open source tool lets you detect and remove malicious codes and web pages viruses from your Linux/Unix server easily and automatically.
  This tool is programmed by iSecur1ty using Ruby programming language and it’s released under the terms of GNU Affero General Public License 3.0.
  Features Detect malicious codes in web pages, this include hidden iframe tags, javascript, vbscript and activex objects. Extensive log shows the infected files and the malicious code. Send email (...)

• KNOPPIX 6.2.1 LiveCD available
  12 March 2010, by Tools Tracker Team

  KNOPPIX is a bootable Live system on CD or DVD, consisting of a representative collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux system for the desktop, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk. Due to on-the-fly decompression, (...)

• Samhain v2.6.3 & Beltane v2.3.19 released
  11 March 2010, by Tools Tracker Team

  The samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.
  Samhain v2.6.3 A regression in the email code has been fixed. This regression would cause messages of highest priority to get queued along with other messages, instead of getting mailed immediately
  MD5: 0a10af903c87017fbc27d5248fcd6029
  Beltane v2.3.19 (...)

• Social-Engineering Ninja v0.1 Beta - PHP scripts
  11 March 2010, by Tools Tracker Team

  S-E Ninja is a Social Engineering tool, with 20-25 popular sites fake pages and anonymous mailer via mail() function in PHP.
  Available Sites: amazon.com digg.com ebuddy.com facebook.com gmail.com hotmail.com msn.com (hotmail)myspace.com onecard.com (AR,EN Langs) paypal.com travian.com (AR,EN Langs) twitter.com yahoo.com youtube.com
  Features: Fakepages. IP, malicious page gives you the ip address of victim. Mailer.
  You can send an anonymous message using PHP mail() Function (...)

• plecost v0.2.2-7 Beta (Update!)
  11 March 2010, by Tools Tracker Team

  Wordpress finger printer tool search and retrieve information about the plugins versions installed in Wordpress systems.
  It can analyze a single URL or perform an analysis based on the results indexed by Google. Additionally displays CVE code associated with each plugin, if there.
  Version 0.2.2-7 Beta Fixed some execition errors.
  Libraries xgoogle
  Plecost works in two modes. On the one hand by analyzing a single URL and the other analyzing the results of Google searches (-G). (...)

... 90 100 110 120 130 140 150 160 170 ...