Security-Database Blog

dradis is an open source tool for sharing information during security assessments. It provides a centralized repository of information to keep track of what has been done so far, and what is still ahead.

RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time precomputation is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables.

Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux

This small utility was written for Information Security Professionals to
aid in conducting Wireless Security Assessment. The program executes
various utilities included in the aircrack-ng suite, a set of tools for
auditing wireless networks, in order to obtain the WEP encryption key of
a wireless access point. aircrack-ng can be obtained from
http://www.aircrack-ng.org

Quttera detects zero-day vulnerability exploits, shellcodes and potentially malicious executable code hidden in computer files such as movies, images, documents and etc. Quttera is not just another antivirus solution. Quttera implements patent pending signatureless algorithm capable of detection "zero day" malicious threats without any prior information (threat signature) identifying detected malware. Quttera’s investigation mechanism does not rely on any signatures database but rather on fully heuristic and signatureless detection method which is able to detect existence of "zero-day" software vulnerability exploits into computer information and media files before they compromise the hosted computer.

SAPYTO is a SAP Penetration Testing Framework. It enables security professionals to perform security assessments of different components of SAP R/3 deployments. Presented at Blackhat Europe 2007, it was shipped with many plugins to analyze the security of the RFC interface implementation of SAP systems. The plugin-based architecture enables users to develop their own plugins, extending functionality and allowing the framework to detect new vulnerabilities.

A passive network sniffer/packet capturing tool for Windows. NetworkMiner can detect OS’s, hostnames, open ports, sessions and extract files without putting any traffic on the network. NetworkMiner can also parse PCAP files for offline forensic analysis

AutoScan-Network is a network discovering and managing application. No configuration is required to scan your network. The main goal is to print the list of connected equipments in your network

The Security Auditor’s Research Assistant (SARA) is a third generation network security analysis tool that is:

• Operates under Unix, Linux, MAC OS/X or Windows (through coLinux) OS’.
• Integrates the National Vulnerability Database (NVD).
• Performs SQL injection tests.
• Performs exhaustive XSS tests
• Can adapt to many firewalled environments.
• Support remote self scan and API facilities.
• Used for CIS benchmark initiatives
• Plug-in facility for third party apps
• CVE standards support
• Enterprise search module
• Standalone or daemon mode
• Free-use open SATAN oriented license
• Updated twice a month (we try)
• User extension support - Based on the SATAN model

FindBugsâ„¢ is a program to find bugs in Java programs. It looks for instances of "bug patterns" --- code instances that are likely to be errors.

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocol.