Security Tools

• John the Ripper updated to v1.7.5
  27 February 2010, by Tools Tracker Team

  John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
  Version 1.7.5 Support for the use (...)

• Watcher Web Security Scanning tool v1.3.0 available
  27 February 2010, by Tools Tracker Team

  Watcher (The Open source Web Security Testing Tool and PCI compliancy auditing utility) is a runtime passive-analysis tool for HTTP-based Web applications. It detects Web-application security issues as well as operational configuration issues.
  Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP (...)

• Katana v1.5 (Zatoichi) Multi-Boot Security Suite released
  25 February 2010, by Tools Tracker Team

  Katana is a portable multi-boot security suite designed for all your computer security needs. The idea behind this tool is to bring together all of the best security distributions to run from one USB drive. Katana includes distributions which focus on Penetration Testing, Auditing, Password Cracking, Forensics and Honey Pots.
  Katana comes with over 100 portable Windows applications such as Wireshark, HiJackThis, Unstoppable Copier, and OllyDBG.
  This release has a couple of major changes (...)

• mssqlfp (ENGR SQL FingerprintT) v1.00.0006 released
  25 February 2010, by Tools Tracker Team

  This is a tool that performs version fingerprinting on Microsoft SQL Server 2000, 2005 and 2008, using well known techniques based on several public tools that identifies the SQL Version. Usage:
  ESF -h [-d <ADDRESS>] [<OPTIONS>]
  Options:
  d ADDRESS Define destination IP address.
  D Display detailed module information.
  t TIMEOUT Define timeout for execution (default is 5).
  T TIMEOUT Define timeout for connection (default is 5).
  h Display this help message. (...)

• Mobius Forensic Toolkit v0.5.2 released
  24 February 2010, by Tools Tracker Team

  Mobius Forensic Toolkit is an open-source forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files, for easy integration with other tools.
  Version 0.5.2 Extension config created service config.set created service config.get created extensions use ’config.get/set’ instead of ’app.get/set-config’ service app.get-config eliminated service app.set-config eliminated (...)

• SecTechno article on Security-Database
  24 February 2010, by Tools Tracker Team

  Ensuring security of the modern computer network with a large number of system and devices consumes a big effort. Keeping track all new gaps becomes more and more difficult.Here I wanted to present a very good Infosec source.
  Security-Database.com is an online computer security portal .provide free comprehensive and complete information about product vulnerabilities and tools for penetration testing based on open international standards.
  The most important is that the creator of (...)

• dnsmap v0.30 - Passive DNS network mapper
  24 February 2010, by Tools Tracker Team

  dnsmap (a.k.a. subdomains bruteforcer) was originally released back in 2006 and was inspired by the fictional story "The Thief No One Saw" by Paul Craig, which can be found in the book "Stealing the Network - How to 0wn the Box".
  dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain (...)

• No More and 1=1 v0.3 - repository of SQLi/XSS
  24 February 2010, by Tools Tracker Team

  In order to minimize the time required to type malicious syntax and have a handy repository of it M, this small tool that we hence call No more and 1=1.
  The tool comes in two flavours (so far) the stand alone version (a java app) and the Webscarab Proxy attached version, we may bundle the tool with more proxies in the near future. The tool is simple, its great value comes in the definitions file which is totally customizable.
  Standalone Version
  Requirements A Java Runtime Machine is (...)

• [PDF] Nmap5 cheatsheet
  24 February 2010, by Tools Tracker Team

  Quick reference (also known as cheatsheet) for nmap, incorporating in addition to common parameters, some commands which are specific of the last branch released.
  This cheatsheet also incorporate on the lower section some examples with typical scans which can be performed with this tool.
  Thanks to our friend, Alejandro "dab" Ramos, from Security By Default.

• Xplico v0.5.5 released
  24 February 2010, by Tools Tracker Team

  The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).
  Xplico is released under the GNU General Public License.
  Version 0.5.5 migrating to SQLite3 telnet dissector webmail dissector webmail (...)

... 130 140 150 160 170 180 190 200 210 ...