Security-Database Blog

PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions.

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

The ultimate archive of exploits and vulnerable software and a great resource for vulnerability researchers and security addicts alike. Offensive-Security aim is to collect exploits from submittals and various mailing lists and concentrate them in one, easy to navigate database. When possible, we’ve added the vulnerable software for download. We are still in the process of organizing the database. You can Download the relevant exploit by clicking the "D" and when available, download the Vulnerable Application using the "A" link.".

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics.

PenTester Scripting website is a very handy collection of Scripts (ruby, shell, perl...) initiated by a group of researchers to make our pentests journey easier. The scripts are focused into 8 categories (recon, mapping, discovery, exploitation and so on).

Katana is a portable multi-boot security suite designed for all your computer security needs. The idea behind this tool is to bring together all of the best security distributions to run from one USB drive. Katana includes distributions which focus on Penetration Testing, Auditing, Password Cracking, Forensics and Honey Pots.

Websecurify Security Testing Framework identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The framework is written in JavaScript and successfully executes in numerous platforms including modern browsers with support for HTML5, xulrunner, xpcshell, Java, V8 and others.

fimap is a little python tool which can find, prepare, scan, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It’s is currently under heavy development but it’s usable.

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and save

As the web is boiling with this COFEE leakage affair, i was deep into reading (again and again) my favorite book Sun Tzu : The principles of warfare - The Art of War-. And i was specially focused into the part about turning the enemy’s strength into advantage.

NetWitness NextGen is a comprehensive network security monitoring solution. Looking for insider threats, data leakage, malware activity, asset misuse, network anomalies, compliance, and network e-discovery.