Security Tools

• W3af Framework for Web Application Auditing.
  13 June 2007, by Tools Tracker Team

  W3af is a fully automated auditing and exploiting framework for the web. It is based upon plugins integration using known GPL tools as well as pytko, Hmap and google utilities .... W3af is written in Python.
  Known features :
  Audit SQL injection detection XSS detection SSI detection Local file include detection Remote file include detection Buffer Overflow detection Format String bugs detection OS Commanding detection Response Splitting detection LDAP Injection detection Basic (...)

• Nessj Version 0.7 : Java Nessus Client
  7 June 2007, by Tools Tracker Team

  Nessj is an application/network security scanner client for Nessus and Nessus compatible (OpenVAS etc.) servers. In addition to an improved user interface, it provides session management with templates, report generation using XSLT including charts/graphs, and vulnerability trending. It is cross-platform, with platform specific releases available for Linux, OSX, and Windows, written in Java using SWT for a native experience, and it is open-source. It’s provided by Intekras, Inc. under the (...)

• Nessus 3.1.4 Beta released
  7 June 2007, by Tools Tracker Team

  Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.
  Here are the main changes 64 bits builds (for Debian 4 and Red Hat ES 5 only at this time) Fedora Core 7 build Better support for IPv6. In particular, the functions get_local_mac_addr() / get_gw_mac_addr() work when dealing with an (...)

• RevHosts 2.0 for Pentest Information Gathering
  6 June 2007, by Tools Tracker Team

  Revhosts is a project for Passive information Gathering, it help
  pentesters to find informations (Host, VirtualHost, DNS entry,
  Directories, mail address, subnet,..).
  What’s new in 2.0
  New : New plugins for the module virtual host hacking. The project DNSBruteforce is now available in revhosts
  (Multithreading / Multi nameserver) Findsubdomains is using search engines (google, gigablast, msn ,... )
  to find hosts. Getdirectories is using search engines to find directories of a
  website. (...)

• THC-Orakel : Cracking Oracle Password within seconds
  6 June 2007, by Tools Tracker Team

  THC further releases practical tools to sniff and crack the
  password of an oracle database within seconds.
  One of the network authentication modes used by Oracle databases uses a weak key exchange mechanism. This mechanism is still used on the newest database versions using Oracle’s JAVA drivers.
  Also, for native Oracle drivers an attack is known to downgrade the authentication mode to the vulnerable version. The orakelsniffert article documents the mechanism used by the weak (...)

• Network Security Toolkit: NST v1.5.0 released
  6 June 2007, by Tools Tracker Team

  The Network Security Toolkit is a bootable ISO live CD is based on Fedora Core 6. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86 platforms.
  List of updates.
  Latest note :
  A new stable update (05-30-2007) for the NST WUI management interface is now available for the NST v1.5.0 release. This updates include many enhancements to the Network Packet Capture Interface and bug fixes to the NST WUI. See the (...)

• Oval version 5.3 2nd Canditate available
  5 June 2007, by Tools Tracker Team

  Open Vulnerability and Assessment Language (OVALâ„¢) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community.
  Version 5.3 of the Official OVAL Language is a direct result of feedback from the (...)

• Evolution Web utility [New Updates]
  3 June 2007, by Tools Tracker Team

  Folks at vulnerabilityassessment.co.uk pointed us to a new really good software for footprinting just released by Roelof Temmingh, ex-SensePost founder (sensepost released some beautiful tools as well as bidiblah, suru and wikto)
  Here is the updates as it came from Roelof’s mail. Progress reporting - you can now see how far in the process you are as well as which transform is running at the moment. The original query is always shown in the left hand top. This gives you something to look at (...)

• Cain and Abel version 4.9.3 released
  2 June 2007, by Tools Tracker Team

  Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols
  Changes for this release Added Windows Mail (Vista) Password Decoder for (...)

• Saint scanner updated to version 6.4.7
  27 May 2007, by Tools Tracker Team

  SAINT, or the Security Administrator’s Integrated Network Tool, uncovers areas of weakness and recommends fixes. With SAINT® vulnerability assessment tool, you can: Detect and fix possible weaknesses in your network’s security before they can be exploited by intruders. Anticipate and prevent common system vulnerabilities. Demonstrate compliance with current government regulations such as FISMA, Sarbanes Oxley, GLBA, HIPAA, and COPPA
  New vulnerability checks in version 6.4.7: Samba (...)

... 950 960 970 980 990 1000 1010 1020 1030 ...