Security Tools

• Fusil the fuzzer 1.0 beta1 ready
  25 August 2008, by Tools Tracker Team

  Fusil the fuzzer is a Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files. Fusil has many probes to detect program crash: watch process exit code, watch process stdout and syslog for text patterns (eg. "segmentation fault"), watch session duration, watch cpu usage (process and system load), etc.
  Fusil is based on a (...)

• Cain & Abel v4.9.20 released
  22 August 2008, by Tools Tracker Team

  Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocol
  Changes for this release Added PPPoE sniffer filter for PAP, CHAP, (...)

• Grendel v1.0 Web Application Security Testing released
  18 August 2008, by Tools Tracker Team

  Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Windows, Linux and Macintosh builds are available.
  Grendel-Scan is a kind of Paros and Nikto combination tool.
  It acts like proxy and intercepts data stream for analysing. In addition, he uses 10 modules to identify application vulnerabilities (...)

• PorkBind updated to 1.3.
  17 August 2008, by Tools Tracker Team

  PorkBind is a multi-threaded nameserver scanner that can recursively query nameservers of subdomains for version strings. (i.e. sub.host.dom’s nameservers then host.dom’s nameservers) After acquiring the version strings it tests them against version numbers from CERT advisories and reports back to the user. Zone transfer capability is also tested for
  The new release comes with some changes. I’ve exchanged some emails with the tool’s author (Derek Callaway) and made him a request (add CVE Ids). (...)

• Saint 6.8 released
  15 August 2008, by Tools Tracker Team

  SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...)

• Lynis 1.1.9 released
  15 August 2008, by Tools Tracker Team

  Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
  New: New test: AppArmor framework check [MACF-6204] New test: FreeBSD boot loader test [BOOT-5124] New test: PHP option register_globals [PHP-2368] New test: Promiscuous network interfaces (Linux) [NETW-3015] Report option ’bootloader’ (...)

• OpenVAS stable version available
  15 August 2008, by Tools Tracker Team

  OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user fontend. The core is a server component with a set of plugins to test various vulnerabilities in remote systems and applications.
  In July 2008 the OpenVAS developer team finished the update cycle of the 1.0
  release including all four server modules and the client.
  The most work during this update cycle went into cleanups and support for RPM
  and Debian (...)

• Inguma 0.0.9.1 released
  15 August 2008, by Tools Tracker Team

  Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.
  Changes : Fixed bugs in the SMTP, POP3 and IMAP brute forcers. Module "isnated" enhanced (Thanks you Sp0oKeR!). Added module "dnsspoof". Added module "fakearp", a fake ARP server. Added various changes to make Inguma Debian friendly. (...)

• When French Reporters deal with hacking at the BlackHat
  9 August 2008, by Tools Tracker Team

  3 men identified as french reporters for Global Security Mag has been expelled from the Black Hat 2008. The Facts are here : they stole credentials and passwords from eWeek and news.com editors.
  Using basic sniffing techniques with Cain and Abel software, the so-called reporter known as Mauro Israel has accessed illegaly to data and sensitive informations of the CNET editor.
  The truth is neither of Mauro Israel and Jouniot (the other so-called reporter) are real reporters. But they are (...)

• oSpy v.1.9.6 the reverse-engineering software
  31 July 2008, by Tools Tracker Team

  oSpy is a tool which aids in reverse-engineering software running on the Windows platform. With the amount of proprietary systems that exist today (synchronization protocols, instant messaging, etc.), the amount of work required to keep up when developing interoperable solutions will quickly become a big burden when limited to traditional techniques
  However, when the sniffing is done on the API level it allows a much more fine-grained view of what’s going on. Seeing return-addresses for (...)

... 680 690 700 710 720 730 740 750 760 ...