Security-Database Blog

SIP Inspector is a tool written in JAVA to simulate different SIP messages and scenarios. You can create your own SIP signaling scenarios, customize SIP messages and monitor incoming and outgoing messages. The tool can play RTP streams from a pcap file.

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.

Security Ninja blog : The tool is the result of me thinking about writing a tool to help people conduct security code reviews for over a year. I had conference presentations to prepare, certification exams to sit and of course a lot of conference speaking slots last year which meant the tool idea had to go on the backburner. The benefit of having this idea going around in my head for so long is that I knew exactly what I wanted the tool to look like and how I wanted it to function before I wrote a single line of code.

Released HITB Magazine. Vol. 1, Issue 2, April 2010.

The people of Hack In the Box, decided to make the ezine available for free in the continued spirit of HITB in “Keeping Knowledge Free†. In addition to the freely available PDF downloads, combined editions of the magazine will be printed in limited quantities for distribution at the various HITBSecConf’s around the world - Dubai, Amsterdam and Malaysia. We aim to only print somewhere between 100 or 200 copies (maybe less) per conference so be sure to grab a copy when they come out!

A tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. The aim of the tool is to accompany the OWASP Code review Guide and to implement a total code review solution for "everyone".

The OpenSCAP Project was created to provide an open-source framework to the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities.

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).

Sandcat allows web administrators to perform aggressive and comprehensive scans of an organization’s web server to isolate vulnerabilities and identify security holes. The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilities.

A comprehensive set of fuzzing patterns for discovery and attack during highly targeted brute force testing of web applications.

A Managed Code Rootkit (MCR) is a special type of malicious code that is deployed inside an application level virtual machine such as those employed in managed code environment frameworks – Java, .NET, Dalvik, Python, etc.

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.