Security Tools

• Building your own malware lab (Part 1 & 2) - SecTechno
  7 March 2010, by Tools Tracker Team

  Malicious software pieces like viruses, worms and bots are currently one of the largest threats to the security of the Internet. Antivirus Labs have invested great Money for analyzing and reversing viruses, but for our case we can perform the analysis using some useful tools on our PC.
  Let’s start with www.virustotal.com , if I feel that I have a suspicious file. First what I will do is to upload it to VirusTotal. VirusTotal gives the user the ability to analyze any file with more than 40 (...)

• SpiderLabs Toolset for Pentesting
  7 March 2010, by Tools Tracker Team

  SpiderLabs has developed dozens of tools over the years. Most of them end up as internal-only tools since they eventually make their way into one of Trustwave’s product offerings. Recently, we have decided to showcase some of these tools and provide them as Open Source to the information security community. The tools have been made available without warranty and are available under the GNU General Public License as published by the Free Software Foundation. ackack : A program to monitor (...)

• FireCAT v1.6 updated with 2 new extensions
  7 March 2010, by Tools Tracker Team

  FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment. FireCAT is not a remplacement of other security utilities and softwares as well as fuzzers, proxies and application vulnerabilities scanners.
  New extensions: Category Network utilities -> Passwords: Fireforce - The bruteforce attacks firefox extension ( http://www.scrt.ch/pages_en/fireforce.html) Category IT (...)

• NeoPwn : The first network auditing distribution for mobile phone released
  7 March 2010, by Tools Tracker Team

  The NeoPwn Mobile Pentesting project is proud to announce that it is merging with BackTrack, to produce the first ever BackTrack Mobile suite!
  The migration of the NeoPwn project will give way to a sharp development team, focused on fully supporting the Nokia N900 mobile phone. Future plans of the project will extend support for other mobile devices as they become compatible.
  This is an exciting leap from the original project, as there are incredible improvements in hardware, usability (...)

• Samurai Web Testing Framework 0.8 available
  7 March 2010, by Tools Tracker Team

  The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
  Starting with reconnaissance, we have included tools such as the Fierce (...)

• Airtun-ng available with AirCrack-ng package
  7 March 2010, by Tools Tracker Team

  Airtun-ng is a virtual tunnel interface creator. There are two basic functions: Allow all encrypted traffic to be monitored for wireless Intrusion Detection System (wIDS) purposes. Inject arbitrary traffic into a network.
  In order to perform wIDS data gathering, you must have the encryption key and the bssid for the network you wish to monitor. Airtun-ng decrypts all the traffic for the specific network and passes it to a traditional IDS system such as snort.
  Traffic injection can be (...)

• DB Audit v4.2.25 released
  7 March 2010, by Tools Tracker Team

  DB Audit Expert is a professional database auditing solution for Oracle, Sybase, DB2, MySQL and Microsoft SQL Server. DB Audit Expert enables database and system administrators, security administrators, auditors and operators to track and analyze any database activity including database security, access and usage, data creation, change or deletion. What makes DB Audit really unique is its built-in support for multiple auditing methods giving you the flexibility to choose the best fit for (...)

• Websecurify v0.5 Final
  6 March 2010, by Tools Tracker Team

  Websecurify Security Testing Framework identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The framework is written in JavaScript and successfully executes in numerous platforms including modern browsers with support for HTML5, xulrunner, xpcshell, Java, V8 and others.
  More information: here
  Changelog Improved user interface. The workspace window now has an Issue view which provides detailed information on each finding. (...)

• [PDF] hping cheatsheet
  3 March 2010, by Tools Tracker Team

  hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, [?]UDP], ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
  More information about hping
  Thanks to our friend, Alejandro "dab" Ramos, from Security By (...)

• Acunetix WVS v6.5 build 20100303 released
  3 March 2010, by Tools Tracker Team

  Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.
  New Feature: Added new option to export results to HTTP Fuzzer
  New Security Checks: Test for XML External Entity Injection Test for XML Injection (...)

... 110 120 130 140 150 160 170 180 190 ...