Security Database

Home > Security Tools

Security Tools

  • iKat Pentest Kiosk terminals v2.0 available
    7 August 2009, by Tools Tracker Team

    iKAT was designed to aid security consultants with the task of auditing the security of internet Kiosk software and deployed Kiosk terminals.
    iKAT is designed to provide access to the underlying operating system of a Kiosk terminal by invoking native OS functionalit
    Now it comes with a newiKat Firefox extension.

  • Findbugs v1.3.9-rc1 released
    7 August 2009, by Tools Tracker Team

    FindBugsâ„¢ is a program to find bugs in Java programs. It looks for instances of "bug patterns" --- code instances that are likely to be errors.

  • FakeIKEd v0.0.5 MitM Tool for Cisco PSK+XAUTH VPN
    7 August 2009, by Tools Tracker Team

    FakeIKEd, or fiked for short, is a fake IKE daemon supporting just enough of the standards and Cisco extensions to attack commonly found insecure Cisco PSK+XAUTH VPN setups in what could be described as a semi MitM attack. Fiked can impersonate a VPN gateway’s IKE responder in order to capture XAUTH login credentials; it doesn’t currently do the client part of full MitM.
    Fiked is partially based on vpnc and uses libgcrypt and optionally libnet.
    Fiked supports IKEv1 in aggressive mode, (...)

  • websecurify Web2.0 Application Security Testing Tool v0.2 released
    7 August 2009, by Tools Tracker Team

    Websecurify is a web and web2.0 security initiative specializing in researching security issues and building the next generation of tools to defeat and protect web technologies.
    Tool Submitted by Maximiliano Soler

  • ippon-mitm the Software Update MITM Attack Tool released
    6 August 2009, by Tools Tracker Team

    Software updates apply patches or introduce new features to an application. In most cases, the update procedure is conducted in an insecure manner, exposing the updater to execution of malicious code or to manipulation of application data such as anti-virus signatures
    This tool uses several techniques of update-exploitation attacks which leverages a man-in-the-middle technique, to build and inject a fake update reply or hijack an on-going update session.
    Information about (...)

  • Xplico Internet Traffic decoder version 0.5.2 available
    6 August 2009, by Tools Tracker Team

    The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT). Xplico is released under the GNU General Public License (see License for more details).
    Xplico Features Protocols supported: HTTP, SIP, (...)

  • [Updated] Stoned Bootkit released
    5 August 2009, by Tools Tracker Team

    Stoned Bootkit is a new Windows bootkit which attacks all Windows versions from XP up to 7. It is loaded before Windows starts and is memory resident up to the Windows kernel. Thus Stoned gains access to the entire system. It has exciting features like integrated file system drivers, automatic Windows pwning, plugins, boot applications and much much more. The project is partly published as open source under the European Union Public License. Like in 1987, "Your PC is now Stoned! ..again". (...)

  • sslsniff v0.6 released
    5 August 2009, by Tools Tracker Team

    This tool was originally written to demonstrate and exploit IE’s vulnerability to a specific "basicConstraints" man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes.
    It is designed to MITM all SSL connections on a LAN and dynamically generates certs for the domains that are being accessed on the fly. The new certificates are constructed in a (...)

  • UCSniff v2.4 in the wild
    5 August 2009, by Tools Tracker Team

    UCSniff is an exciting new VoIP Security Assessment tool that leverages existing open source software into several useful features, allowing VoIP owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping. Written in C, and initially released for Linux systems, the software is freely available for anyone to download, under the GPLv3 license
    UCSniff was created as a Proof of Concept demonstration tool and a method of creating awareness (...)

  • New Version of Samurai Web Testing Framework 0.7 released
    5 August 2009, by Tools Tracker Team

    The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
    Starting with reconnaissance, we have included tools such as the Fierce (...)

... 450 460 470 480 490 500 510 520 530 ...

2006 - 2025 Security Database
Site Map | | Contact | RSS 2.0

SPIP