Security-Database Blog

Nessus is the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world’s largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.
Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.

A passive network sniffer/packet capturing tool for Windows. NetworkMiner can detect OS’s, hostnames, open ports, sessions and extract files without putting any traffic on the network. NetworkMiner can also parse PCAP files for offline forensic analysis

MoocherHunterâ„¢ is a mobile tracking software tool for the real-time on-the-fly geo-location of wireless moochers and hackers.
MoocherHunterâ„¢ identifies the location of an 802.11-based wireless moocher or hacker by the traffic they send across the network

Evidence Collector is a free forensics program used to manage other utilities to collect useful information you may need to investigate on some IT Incidents.

Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux.

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment

The Security Auditor’s Research Assistant (SARA) is a third generation network security analysis tool. It is Based on the SATAN model

Maltego is a program that can be used to determine the relationships and real world links between: People, Groups of people (social networks), Companies, Organizations, Web sites, Internet infrastructure such as:

• Domains
• DNS names
• Netblocks
• and much more

fgdump is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan and NTLM hashes as well as password hash histories.