Security Tools

• Origami v1.0.0-beta1b released
  10 November 2009, by Tools Tracker Team

  Origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.
  Version 1.0.0-beta1b Fixed a bug in some samples due to internal (...)

• NetworkMiner v0.90 released!
  10 November 2009, by Tools Tracker Team

  NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network.
  NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.
  The purpose of NetworkMiner is to collect data (such as forensic evidence) about hosts (...)

• PenTBox v1.0.1 - Secure IM Client
  10 November 2009, by Tools Tracker Team

  PenTBox is a Security Suite with programs like Password Crackers, Denial of Service testing tools (DoS and DDoS), Secure Password Generators, Honeypots and much more. Destined to test security/stability of networks and more.
  Programmed in Ruby, and oriented to GNU/Linux systems (but compatible with Windows, MacOS and more).
  A new update for PenTBox, includes a new program, Secure IM Client. With this program, users can create a direct chat room between client and server and with a mode of (...)

• Metasploit Framework 3.3 Release Candidate 1 released
  9 November 2009, by Tools Tracker Team

  The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
  General: Ruby 1.9.1 is now supported and recommended Windows Vista (...)

• Web Security Dojo v0.2 released
  8 November 2009, by Tools Tracker Team

  An open source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo. For learning and practicing web app security testing techniques. It does
  not need a network connection since it contains tools, targets, and
  documentation. Thus making it ideal for training classes and conferences.
  To install Dojo you can install and run VirtualBox, then "Import Appliance" using the OVF file. Other virtual machine packages (VMware, etc) will (...)

• WepBuster v1.0 beta0.7 released
  8 November 2009, by Tools Tracker Team

  This small utility was written for Information Security Professionals to aid in conducting Wireless Security Assessment. The program executes various utilities included in the aircrack-ng suite, a set of tools for auditing wireless networks, in order to obtain the WEP encryption key of a wireless access point. aircrack-ng can be obtained from http://www.aircrack-ng.org
  Changes : added wordlist generator added embedded documentation miscellaneous code (...)

• Websecurify updated to v0.4 RC1
  8 November 2009, by Tools Tracker Team

  Websecurify Security Testing Framework identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The framework is written in JavaScript and successfully executes in numerous platforms including modern browsers with support for HTML5, xulrunner, xpcshell, Java, V8 and others.

• Lynis updated to version 1.2.7
  8 November 2009, by Tools Tracker Team

  Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
  Changelog :
  New: Added Kernel Hardening section Sysctl audit support in scan profile and related test [KRNL-6000] SSH option StrictModes test [SSH-7416] Password aging limit check [AUTH-9286] Ubuntu packages check (apt-show-versions) (...)

• PenTester Scripting Logo Competition
  7 November 2009, by Tools Tracker Team

  PenTester Scripting website is a very handy collection of Scripts (ruby, shell, perl...) initiated by a group of researchers to make our pentests journey easier. The scripts are focused into 8 categories (recon, mapping, discovery, exploitation and so on).
  More information here http://www.pentesterscripting.com
  Please help our teammate Maximiliano Soler to win this logo competition.
  VOTE FOR MAX SOLER (...)

• Security-Database new updates (Saint Exploit mapping feature)
  6 November 2009, by Tools Tracker Team

  Security-database team is very happy to announce news changes and one great feature to its SD Vulnerability Cross Linker.
  New Feature :
  Vulnerability Dashboard is now linking to SAINT Corporation Exploits. When available, the CVE comes now with CVSS, CPE, CWE, OVAL and Saint ID. Here is an example for CVE-2009-3023. The mapping works also with vendors entries (MS, Gentoo, Sun..
  Major changes :
  As an effort to be compliant with the latest CWE (Common Weakness Enumeration) (...)

... 320 330 340 350 360 370 380 390 400 ...