Security-Database Blog

N-Stalker Web Application Security Scanner 2009 Free Edition provides a restricted set of free Web Security Assessment checks to enhance the overall security of your web server infrastructure, using the most complete web attack signature database available in the market - "N-Stealth Web Attack Signature Database".

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

Open Vulnerability and Assessment Language (OVALâ„¢) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community.

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network.

This is a simple utility which runs against target site and look for external references and cross domain malicious injections.

The scanner will be able to determine Major and Minor device class of device, as well as attempt to resolve the device’s MAC address to the largest known Bluetooth MAC address Vendor list.

The goal of this project is to obtain as many MAC addresses mapped to device vendors as possible.

PenTBox is a Security Suite with programs like Password Crackers, Denial of Service testing tools (DoS and DDoS), Secure Password Generators, Honeypots and much more. Destined to test security and stability of networks.

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.

SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionnality.
The NEGOTIATE PROTOCOL REQUEST is the first SMB query a client send to a SMB server, and it’s used to identify the SMB dialect that will be used for futher communication.
The vulnerability was discovered by Laurent Gaffié

Visualize computer networks in real-time using graph and treemap layouts

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active respons