Security-Database Blog

The Security Auditor’s Research Assistant (SARA) is a third generation network security analysis tool that is:

• Operates under Unix, Linux, MAC OS/X or Windows (through coLinux) OS’.
• Integrates the National Vulnerability Database (NVD).
• Performs SQL injection tests.
• Performs exhaustive XSS tests
• Can adapt to many firewalled environments.
• Support remote self scan and API facilities.
• Used for CIS benchmark initiatives
• Plug-in facility for third party apps
• CVE standards support
• Enterprise search module
• Standalone or daemon mode
• Free-use open SATAN oriented license
• Updated twice a month (we try)
• User extension support - Based on the SATAN model

Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux.

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.

Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).

Charles can act as a man-in-the-middle for HTTP/SSL communication, enabling you to debug the content of your HTTPS sessions.

EnableSecurity VoIPPack for CANVAS is a set of tools that are designed to work with Immunity CANVAS software. The tools target VoIP systems such as PBX servers, IP Phones and SIP gateways

Sandcat allows web administrators to perform aggressive and comprehensive scans of an organization’s web server to isolate vulnerabilities and identify security holes. The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilities

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The resources provided by SAMM will aid in:

• Evaluating an organization’s existing software security practices
• Building a balanced software security assurance program in well-defined iterations
• Demonstrating concrete improvements to a security assurance program
• Defining and measuring security-related activities throughout an organization

Angry IP Scanner (or simply ipscan) is an open-source and cross-platform network scanner designed to be fast and simple to use. It scans IP addresses and ports as well as has many other features.

It is widely used by network administrators and just curious users around the world, including large and small enterprises, banks, and government agencies.

It runs on Linux, Windows, and Mac OS X, possibly supporting other platforms as well.

Wireshark® is the world’s most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freel

Netifera is a new modular open source platform (OSX and Linux supported) for creating network security tools. This project provides many advantages for both security developers and researchers who want to implement new tools as well as the community of users of these tools.

Lansweeper is a powerful freeware solution without any embedded ads to make a complete software, hardware, asset inventory of your windows network.