Security-Database Blog

We have put online an easy-to-fill-form for submitting new tools, software, utilities you may like and we don’t monitor. You can also warn us about a software new update or upgrade. This will help us to better provide you with the best information you need.

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

Airoscript is a shell script designed to ease the use of aircrack-ng. It allows you to: scan, select and attack any detected access point. This is done by detecting encryption type and proposing attacks accordingly.

Various attacks are available, such as: chopchop, fragmentation attack, fakeauth, deauth, dictionnary attacks and WPA cracking.

Ramiro Valdes a veteran revolutionary from the old days, he fought alongside with Fidel Castro againt the "Moncada Barracks". He also took part of the "Sierra Maestra" guerrila, with Che and Cienfuegos, that led to the final victory.

Maltego is a program that can be used to determine the relationships and real world links between: People, Groups of people (social networks), Companies, Organizations, Web sites, Internet infrastructure such as:

• Domains
• DNS names
• Netblocks
• and much more

Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.

Medusa is a speedy, massively parallel, modular, login brute-forcer for network services created by the geeks at Foofus.net. It currently has modules for the following services: CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), NNTP, PcAnywhere, POP3, PostgreSQL, rexec,rlogin, rsh, SMB, SMTP (AUTH/VRFY), SNMP, SSHv2, SVN, Telnet, VmAuthd, VNC. It also includes a basic web form module and a generic wrapper module for external script

BT4 is now based on Debian core packages and utilizing the Ubuntu software repositories, BackTrack 4 can be used both as a Live CD, or installed on hard disk as a full distribution. By syncing with the BackTrack repositories, you will regularly get security tool updates soon after they are released.

sqlmap is an open source command-line automatic SQL injection tool
developed in Python. Its goal is to detect and take advantage of SQL
injection vulnerabilities on web applications. Once it detects one or
more SQL injections on the target host, the user can choose among a
variety of options to perform an extensive back-end database
management system fingerprint, retrieve DBMS session user and
database, enumerate users, password hashes, privileges, databases,
dump entire or user’s specific DBMS tables/columns, run his own SQL
statement, read specific files on the file system and more.

HPPE intercepts attacker activity in the targeting stage and gives Admins the capability to quickly shut them down before they can do serious damage. HPPE simply turns attacker targets into security sensors!

Fusil the fuzzer is a Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files. Fusil has many probes to detect program crash: watch process exit code, watch process stdout and syslog for text patterns (eg. "segmentation fault"), watch session duration, watch cpu usage (process and system load), etc.