Penetration Testing mailing list archives
Tools Update - Second week of January 2010
From: "SD List" <list () security-database com>
Date: Sun, 17 Jan 2010 19:29:16 +0100 (CET)
Hello Here is the site's newsletter "Security Database Tools Watch" (http://www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. New articles -------------------------- ** FileInsight v2.1 - Analyzing files in various formats ** by ToolsTracker - 15 January 2010 Secure Computing's FileInsight helps to inspect and edit files of various formats. It is specifically designed to aid in analysis of potentially malicious files. Opening Files FileInsight allows to open files for analysis both directly from open the local harddisk, using the Open toolbar button, or by typing a URL into the Web toolbar and clicking the Get button (see screenshot below to the left). Files are displayed in either textual or hexadecimal format, which can be toggled easily via (...) -> http://www.security-database.com/toolswatch/FileInsight-v2-1-Analizyng-files.html ** Suricata Next Generation IDS release 0.8.0 available ** by Tools Tracker Team - 14 January 2010 The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. The Suricata Engine and the HTP Library are available to use under the GPLv2. The new engine supports Multi-Threading, Automatic Protocol Detection (IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip Decompression, Fast IP Matching and coming soon (...) -> http://www.security-database.com/toolswatch/Suricata-Next-Generation-IDS.html ** SandCat v3.9.3 available with support of Nessus NBE ** by Tools Tracker Team - 14 January 2010 Sandcat allows web administrators to perform aggressive and comprehensive scans of an organizations web server to isolate vulnerabilities and identify security holes. The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilitie New in 3.9 Modern Browser Emulation - Improved support for HTML 5. The new version also expands the browser emulation feature set by adding new (...) -> http://www.security-database.com/toolswatch/SandCat-v3-9-3-available-with.html ** WebCruiser - Web Vulnerability Scanner V1.00 released ** by Tools Tracker Team - 14 January 2010 A very simple to use Web Security scanner. Functions: Crawler(Site Directories And Files); Vulnerability Scanner(SQL Injection, Cross Site Scripting); POC(Proof of Concept): SQL Injection and Cross Site Scripting; GET/Post/Cookie Injection; SQL Server PlainText/FieldEcho(Union)/Blind Injection; MySQL FieldEcho(Union)/Blind Injection; Oracle FieldEcho(Union)/Blind Injection; DB2 FieldEcho(Union)/Blind Injection; Password Hash of SQL Server/MySQL/Oracle Administrator; Time Delay For (...) -> http://www.security-database.com/toolswatch/WebCruiser-Web-Vulnerability.html ** Kismet-2010-01-R1 available ** by Tools Tracker Team - 14 January 2010 Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic. Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic. New stuff: Bluetooth (...) -> http://www.security-database.com/toolswatch/Kismet-2010-01-R1-available.html ** Saint Vulnerability Scanner v7.2.4 released ** by Tools Tracker Team - 14 January 2010 SAINT is the Security Administrators Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINTs data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...) -> http://www.security-database.com/toolswatch/Saint-Vulnerability-Scanner-v7-2-4.html ** Netsparker New Release v1.1.2.3 ** by Tools Tracker Team - 13 January 2010 Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker. It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting (XSS), Remote Code Execution and many more. It has exploitation built on it, for example you can get a reverse shell out of an identified SQL Injection or extract data via running custom SQL queries. Netsparker (...) -> http://www.security-database.com/toolswatch/Netsparker-New-Release-v1-1-2-3.html ** Happy new year 2960 to Amazighs and Berbers ** by Tools Tracker Team - 12 January 2010 The Amazigh which means "free humans" or "free men" are known to the world as Berbers. They are discontinuously distributed from the Atlantic to the Siwa oasis, in Egypt, and from the Mediterranean to the Niger River. Berbers are the indigenous Non-arab peoples of North Africa west of the Nile Valley. Historically they spoke various Berber languages, which together form a branch of the Afro-Asiatic language family. More information here Assegas Amegaz 2960 (...) -> http://www.security-database.com/toolswatch/Happy-new-year-2960-to-Amazighs.html ** CANVAS v6.54 released ** by ToolsTracker - 12 January 2010 Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide. New Modules client_side_report hplaserjet_connect acrobat_newplayer test_safemode_bypass Changes Massive improvements in js_recon and SploitD reporting engine Full Win64 MOSDEF Node functionality Wifi Key Dumper bug fixes New SploitD features: Spam feeder allows feeding new (...) -> http://www.security-database.com/toolswatch/CANVAS-v6-54-released.html ** BackTrack v4 Final Release ** by ToolsTracker - 11 January 2010 BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions - Whax and Auditor. BackTrack has been dubbed as the best Security Live CD today, and has been rated 1st in its category, and 32nd overall in Insecure.org. Based on Ubuntu, BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customised kernels, etc. Image Download Name:: bt4-final.iso Size: (...) -> http://www.security-database.com/toolswatch/BackTrack-v4-Final-Release.html ** Acunetix WVS v6.5 build 20100111 released ** by ToolsTracker - 11 January 2010 Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing. An updated build for Acunetix WVS Version 6.5 has been released with a number of improvements, bug fixes, and a number of new security checks. New (...) -> http://www.security-database.com/toolswatch/Acunetix-WVS-Version-6-5-build,965.html ** HITB Ezine 'Reloaded' - Issue #001 ** by ToolsTracker - 11 January 2010 Released HITB Magazine. Vol. 1, Issue 1, January 2010. The people of Hack In the Box, decided to make the ezine available for free in the continued spirit of HITB in Keeping Knowledge Free. In addition to the freely available PDF downloads, combined editions of the magazine will be printed in limited quantities for distribution at the various HITBSecConfs around the world - Dubai, Amsterdam and Malaysia. We aim to only print somewhere between 100 or 200 copies (maybe less) per conference so (...) -> http://www.security-database.com/toolswatch/HITB-Ezine-Reloaded-Issue-001.html ** Haraldscan v0.41 released ** by ToolsTracker - 9 January 2010 The scanner will be able to determine Major and Minor device class of device, as well as attempt to resolve the device's MAC address to the largest known Bluetooth MAC address Vendor list. The goal of this project is to obtain as many MAC addresses mapped to device vendors as possible. Version 0.41 Distribution 32 bit binary will be used for distribution Source code will be labeled as such Interface Added a coloured title Fixed some displaying issues MACLIST Updated to 310 (...) -> http://www.security-database.com/toolswatch/Haraldscan-v0-41-released.html ** mssqlfp (Microsoft SQL Server Fingerprint Tool) Beta 4 released ** by ToolsTracker - 9 January 2010 This is a tool that performs version fingerprinting on Microsoft SQL Server 2000, 2005 and 2008, using well known techniques based on several public tools that identifies the SQL Version. The strength of this tool is that it uses probabilistic algorithm to identify the version of the Microsoft SQL Server. The Microsoft SQL Server Fingerprint Tool can also be used to identify vulnerable versions of Microsoft SQL Server - it is based on some techniques used by Exploit Next Generation to (...) -> http://www.security-database.com/toolswatch/mssqlfp-Microsoft-SQL-Server.html ** Process Hacker v1.10 released ** by ToolsTracker - 9 January 2010 Process Hacker is a free and open source process viewer and memory editor with unique features such as powerful process termination and a Regex memory searcher. It can show services, processes and their threads, modules, handles and memory regions. Version 1.10 NEW/IMPROVED .NET tab in process properties - exact copy of Process Explorer's tab Small performance improvements FIXED: #2920711 - "Value was either too large or too small for an Int32." #2920734 - "Found a reproducible bug : (...) -> http://www.security-database.com/toolswatch/Process-Hacker-v1-10-released.html ** OVAL Interpreter v5.6.4 released ** by ToolsTracker - 9 January 2010 Open Vulnerability and Assessment Language (OVAL) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. The OVAL Interpreter is a freely available reference implementation that demonstrates the evaluation of OVAL Definitions. Based on a set of Definitions the interpreter collects system information, evaluates it, and (...) -> http://www.security-database.com/toolswatch/OVAL-Interpreter-v5-6-4-released.html ** PenTBox v1.2 Beta released ** by ToolsTracker - 9 January 2010 PenTBox is a Security Suite with programs like Password Crackers, Denial of Service testing tools (DoS and DDoS), Secure Password Generators, Honeypots and much more. Destined to test security/stability of networks and more. Programmed in Ruby, and oriented to GNU/Linux systems (but compatible with Windows, MacOS and more). Version 1.2 Beta Added beep() when intrusion option in Honeypot. Added save log option in Honeypot. Fixed minor bugs. Updated GNU/GPLv3 License to 2010. (...) -> http://www.security-database.com/toolswatch/PenTBox-v1-2-Beta-released.html Regards Nabil OUCHN CEO & Founder Security-Database France Maximiliano Soler ToolsWatch Leader Security-Database Argentina ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Tools Update - Second week of January 2010 SD List (Jan 18)
- Tools Update - Third week of January 2010 SD List (Jan 25)