Security-Database Blog

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

BeEF is a browser exploitation framework. This tool will demonstrate the collecting of zombie browsers and browser vulnerabilities in real-time. It provides a command and control interface which facilitates the targeting of individual or groups of zombie browsers.

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools

A small multi-threaded tool that scans for Microsoft SQL Servers. The tool does it’s discovery by using UDP and returns a list of all detected instances with there respective protocols and ports

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications like RATS and flaw-finder while keeping the technical requirements to a minimum and being very flexible

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing

Wireshark® is the world’s most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2

Tenable Network Security has released version 4.0.2 of the Nessus vulnerability scanner.
This release includes several fixes and support for the latest operating systems from Microsoft and Apple. All customers are encouraged to upgrade to the latest version of the Nessus Server and NessusClient.

Origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents.

PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions.

dradis is an open source tool for sharing information during security assessments. It provides a centralized repository of information to keep track of what has been done so far, and what is still ahead.