Security-Database Blog

RATS (Rough Auditing Tool for Security), is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions.

Origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network.

PenTBox is a Security Suite with programs like Password Crackers, Denial of Service testing tools (DoS and DDoS), Secure Password Generators, Honeypots and much more. Destined to test security/stability of networks and more.
Programmed in Ruby, and oriented to GNU/Linux systems (but compatible with Windows, MacOS and more).

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

An open source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo. For learning and practicing web app security testing techniques. It does
not need a network connection since it contains tools, targets, and
documentation. Thus making it ideal for training classes and conferences.

This small utility was written for Information Security Professionals to aid in conducting Wireless Security Assessment. The program executes various utilities included in the aircrack-ng suite, a set of tools for auditing wireless networks, in order to obtain the WEP encryption key of a wireless access point. aircrack-ng can be obtained from http://www.aircrack-ng.org

Websecurify Security Testing Framework identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The framework is written in JavaScript and successfully executes in numerous platforms including modern browsers with support for HTML5, xulrunner, xpcshell, Java, V8 and others.

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.

PenTester Scripting website is a very handy collection of Scripts (ruby, shell, perl...) initiated by a group of researchers to make our pentests journey easier. The scripts are focused into 8 categories (recon, mapping, discovery, exploitation and so on).

Security-database team is very happy to announce news changes and one great feature to its SD Vulnerability Cross Linker.