Penetration Testing mailing list archives
Tools Update - third week of november 2009
From: "SD List" <list () security-database com>
Date: Sun, 22 Nov 2009 11:04:29 +0100 (CET)
Hello Here is the site's newsletter "Security Database Tools Watch" (http://www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. New articles -------------------------- ** Process Hacker v1.7 released ** by ToolsTracker - 21 November 2009 Process Hacker is a free and open source process viewer and memory editor with unique features such as powerful process termination and a Regex memory searcher. It can show services, processes and their threads, modules, handles and memory regions. Version 1.7 NEW/IMPROVED #2873973 - "Columns window improvements" New settings system - settings can now be saved anywhere Decreased memory and CPU usage Process Hacker probably runs on Windows 2000 now FIXED #2880368 - "Highlight Option (...) -> http://www.security-database.com/toolswatch/Process-Hacker-v1-7-released.html ** Hyena v8.0 32-bit & 64-bit released ** by ToolsTracker - 21 November 2009 Hyena is a tool for day-to-day administration of Windows NT and Windows XP/2000/2003 systems. Now Windows 7 too. Hyena brings together all of the administrative tools from Windows NT such as User Manager, Server Manager, and File Manager/Explorer, and many of the MMC components from Windows 2000/2003 into a single, easy-to-use, centralized program. Hyena arranges all system objects, such as users, servers, and groups, in a hierarchical tree for easy and logical system administration. (...) -> http://www.security-database.com/toolswatch/Hyena-v8-32-bit-64-bit-released.html ** VideoJak v2.0 - IP Video security assessment tool ** by ToolsTracker - 20 November 2009 VideoJak is an IP Video security assessment tool that can simulate a proof of concept video interception or replay test against a targeted, user-selected video session. This tool is designed in consideration of todays UC infrastructure implementions in which QoS requirements dictate the separation of data and VoIP/Video into discrete networks or VLANs. VideoJak is a proof of concept security assessment tool that can be used to test video applications. VideoJak feature list: VLAN (...) -> http://www.security-database.com/toolswatch/VideoJak-v2-IP-Video-security.html ** iWatch v0.2.2 - realtime filesystem monitoring program ** by ToolsTracker - 19 November 2009 iWatch is a realtime filesystem monitoring program. Its purpose is to monitor any changes in a specific directory or file and send email notification immediately after the change. This can be very useful to watch a sensible file or directory against any changes, like files /etc/passwd, /etc/shadow or directory /bin or to monitor the root directory of a website against any unwanted changes. Features run in command line mode as well as in daemon mode using an easy xml configuration file (...) -> http://www.security-database.com/toolswatch/iWatch-v0-2-2-realtime-filesystem.html ** Xplico v0.5.3 released ** by ToolsTracker - 18 November 2009 The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isnt a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT). Xplico is released under the GNU General Public License. Version 0.5.3 snoop Packet Capture File Format as input file DNS (...) -> http://www.security-database.com/toolswatch/Xplico-v0-5-3-released.html ** inSSIDer v1.2.3.1014 - Wi-Fi network scanner ** by ToolsTracker - 18 November 2009 inSSIDer is an award-winning free Wi-Fi network scanner for Windows Vista and Windows XP. Because NetStumbler doesn't work well with Vista and 64-bit XP, exits an open-source Wi-Fi network scanner designed for the current generation of Windows operating systems. InSSIDer is licensed under the Apache License, Version 2.0. What's Unique about inSSIDer? Use Windows Vista and Windows XP 64-bit. Uses the Native Wi-Fi API. Group by Mac Address, SSID, Channel, RSSI and "Time Last Seen." (...) -> http://www.security-database.com/toolswatch/inSSIDer-v1-2-3-1014-Wi-Fi-network.html ** Knock v1.3b - subdomain bruteforcer scan ** by ToolsTracker - 18 November 2009 Knock is a python script designed to enumerate subdomains on a target domain trought a wordlist. This code is released under the GNU / GPL v3. Knock works on Linux, Windows and MAC OSX with a python version 2.6.x (or minor). Usage: python knock.py [ -url ] [ wordlist ] View the Demo and the Output Documentation Required: Python version 2.6.x or minor. A wordlist Tool Submittted by Gianni Amato, author of this (...) -> http://www.security-database.com/toolswatch/Knock-v1-3b-subdomain-bruteforcer.html ** MS CAT.NET v1.1.1.9 - Code Analysis Tool .NET ** by ToolsTracker - 18 November 2009 CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection. CAT.NET is a snap-in to the Visual Studio IDE that helps you identify security flaws within a managed code (C#, Visual Basic .NET, J#) application you are developing. It does so by scanning the binary and/or assembly of the application, and tracing the data (...) -> http://www.security-database.com/toolswatch/MS-CAT-NET-v1-1-1-9-Code-Analysis.html ** log2timeline v0.33b - artifact timeline creation and analysis ** by ToolsTracker - 18 November 2009 log2timeline is a framework for artifact timeline creation and analysis. The main purpose is to provide a single tool to parse various log files and artifacts found on suspect systems (and supporting systems, such as network equipment) and produce a body file that can be used to create a timeline, using tools such as mactime from TSK, for forensic investigators. The tool is written in Perl for Linux but has been tested using Mac OS X (10.5.7+ and 10.6.+). Parts of it should work (...) -> http://www.security-database.com/toolswatch/log2timeline-v0-33b-artifact.html ** Metasploit Framework v3.3 released (includes support for Windows 7) ** by ToolsTracker - 17 November 2009 The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler. Version 3.3 is the latest stable release of the Metasploit (...) -> http://www.security-database.com/toolswatch/Metasploit-Framework-v3-3-released.html ** PDFResurrect v0.9 released ** by ToolsTracker - 17 November 2009 PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. Version 0.9 This is a bug fix release and addresses the gathering of data (within limit) for the Creator MetaData at the end of a (...) -> http://www.security-database.com/toolswatch/PDFResurrect-v0-9-released.html ** Metasploit Framework v3.3 Release Candidate 2 released ** by ToolsTracker - 17 November 2009 The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler. This 3.3 release candidate is last minute test release of (...) -> http://www.security-database.com/toolswatch/Metasploit-Framework-v3-3-Release.html ** Offensive-Security released its Exploit Database ** by Tools Tracker Team - 16 November 2009 The ultimate archive of exploits and vulnerable software and a great resource for vulnerability researchers and security addicts alike. Offensive-Security aim is to collect exploits from submittals and various mailing lists and concentrate them in one, easy to navigate database. When possible, we've added the vulnerable software for download. We are still in the process of organizing the database. You can Download the relevant exploit by clicking the "D" and when available, download the (...) -> http://www.security-database.com/toolswatch/Offensive-Security-released-its.html ** (IN)Secure Magazine issue 23 released ** by ToolsTracker - 16 November 2009 (IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 23 Microsoft's security patches year in review: A malware researcher's perspective A closer look at Red Condor Hosted Service Report: RSA Conference Europe 2009, London The U.S. Department of Homeland Security has a vision for stronger information security Q&A: Didier Stevens on malicious PDFs Protecting browsers, endpoints and enterprises against new Web-based (...) -> http://www.security-database.com/toolswatch/IN-Secure-Magazine-issue-23.html ** PenTester Scripting Logo Competition (Results) ** by ToolsTracker - 16 November 2009 PenTester Scripting website is a very handy collection of Scripts (ruby, shell, perl...) initiated by a group of researchers to make our pentests journey easier. The scripts are focused into 8 categories (recon, mapping, discovery, exploitation and so on).
From Security-Database we want to thank to all those that voted for Max's
logo. Fortunately, Max Soler won the competition!!! Results More information: (...) -> http://www.security-database.com/toolswatch/PenTester-Scripting-Logo,856.html ** Katana v1.0 (Kyuzo) released - multi-boot security suite ** by ToolsTracker - 16 November 2009 Katana is a portable multi-boot security suite designed for all your computer security needs. The idea behind this tool is to bring together all of the best security distributions to run from one USB drive. Katana includes distributions which focus on Penetration Testing, Auditing, Password Cracking, Forensics and Honey Pots. Katana comes with over 100 portable Windows applications such as Wireshark, HiJackThis, Unstoppable Copier, and OllyDBG. Version 1.0 Updated Ophcrack Live, Backtrack (...) -> http://www.security-database.com/toolswatch/Katana-v1-Kyuzo-released-multi.html Kind Regards Nabil OUCHN CEO & Founder Security-Database France Maximiliano Soler ToolWatch Leader Security-Database Argentina ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Tools Update - third week of november 2009 SD List (Nov 23)