Security Tools

• OpenVAS 3.0 BETA released
  10 October 2009, by Tools Tracker Team

  OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user fontend. The core is a server component with a set of plugins to test various vulnerabilities in remote systems and applications

• IMA v0.2 Beta: Identity Management Auditor Project
  10 October 2009, by Tools Tracker Team

  IMA provides a simple way to audit Identity Management, is composed of several dedicated modules (MS Windows, Linux, HP-UX, IBM AIX, MS SQL Server, Oracle).
  Each module allows you to retrieve users list, group members, password hashes... and others specific information.
  Features: Users and Groups lists can be correlated in order to identified Administrators profiles Password hashes can be audited in order to identified NULL or Trivial password. All results can be exported in a single XLS (...)

• Netsparker Final Beta (v0.9.9.9935) - Web App Security Scanner
  9 October 2009, by Tools Tracker Team

  Netsparker, web application security scanner can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology it’s built on, just like an actual attacker.
  It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting (XSS), Remote Code Execution and many more. It has exploitation built on it, for example you can get a reverse shell out of an identified SQL Injection or extract data via running custom SQL (...)

• METASM - Assembly Manipulation Suite
  9 October 2009, by Tools Tracker Team

  Metasm is a cross-architecture assembler, disassembler, compiler, linker and debugger. It is written in pure Ruby.
  It has some advanced features such as remote process manipulation, GCC-compatible preprocessor, automatic backtracking in the disassembler ("slicing"), C headers shrinking, linux/windows debugging API interface, a C compiler, a gdb-server compatible debugger, and various advanced features.
  Metasm has been integrated into Metasploit, however the Metasploit trunk is not (...)

• Damn Vulnerable Web App (DVWA) v1.0.6 released
  8 October 2009, by Tools Tracker Team

  Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
  Damn Vulnerable Web App (DVWA) is free software: you can redistribute it and/or modify it under the terms of the GNU (...)

• Origami v1.0.0-beta1 released
  8 October 2009, by Tools Tracker Team

  Origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.
  This version 1.0.0-beta1 while at HITB comes up with the ability to forge documents with more graphical contents (such as shapes, colors, gradients...).
  Version 1.0.0-beta1 (...)

• CANVAS v6.51 released
  8 October 2009, by Tools Tracker Team

  Immunity’s CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide.
  New Modules SMBv2 local execution (CVE-2009-3103 & MS KB975497) SMBv2 remote execution (CVE-2009-3103 & MS KB975497) Word Press Sniplets 1.1.2 & 1.2.2 remote file include (CVE-2008-1059) Strawberry 1.1.1 local file include (CVE-2009-1774) SiteX <= 0.7.4.418 local file (...)

• VAST v2.70 Beta - VIPER Assessment Security Tools (VOIP)
  6 October 2009, by Tools Tracker Team

  VAST is a VIPER Lab live distribution that contains VIPER developed tools such as UCsniff, videojak, videosnarf and more. Along with VIPER tools and other essential VoIP security tools, it also contains tools penetration testers utilize such as Metasploit, nmap, and Hydra.
  Tool List tools dir /tools UCsniff VideoSnarf Videojak Metasploit SecurLogix Tools Hydra Nmap tshark Sipvicious SIPp Netcat Warvox Hping2
  Features size 900MB Built on Ubuntu 9.04 Full language pack git,apt-get,svn (...)

• Code Crawler v2.4 Beta - OWASP Code Review Tool
  6 October 2009, by Tools Tracker Team

  A tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. The aim of the tool is to accompany the OWASP Code review Guide and to implement a total code review solution for "everyone".
  Currently supports .NET (specifically C#) Java
  Requirements .NET Framework 3.5 (Service Pack 1) Visual Studio 2008 Windows Platform
  This is a preliminary release of OWASP Code Crawler. It contains many, but not all, (...)

• MAPDAV v1.0p5 - proving passwords combinations
  2 October 2009, by Tools Tracker Team

  MAPDAV (More Accurate Password Dictionary Attack Vector) is designed to use what is known about a user or users (ex, username, first name, middle name, last name, etc) on a unix/linux system from a /etc/passwd file and tries to come up with probable combinations that could be the user’s password.
  An administrator could run the output through a cracker and see if their user’s passwords are anything easy to guess.
  Version 1.0p5 Added the THC-Hydra colon separated file support.
  Using mapdav: (...)

... 370 380 390 400 410 420 430 440 450 ...