Penetration Testing mailing list archives
(Tools Updates) - Tools Watch latest releases
From: "SD List" <list () security-database com>
Date: Fri, 17 Apr 2009 21:47:01 +0200 (CEST)
Dear all, Here is the site's newsletter "Security Database Tools Watch" (http://www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. Greetings We'd like to thank Maximiliano Soler (http://maximilianosoler.com.ar/) and Kevin Orrey (http://www.vulnerabilityassessment.co.uk/) for new tools notifications. New articles -------------------------- ** SpiceWorks 4.0 on its way for alpha testing ** by Tools Tracker Team - 17 April 2009 Designed, tested and used by 500,000 IT pros in 185 countries. Spiceworks has the everyday IT features: Inventory and report on your companys hardware and software assets automatically. Monitor and troubleshoot the hardware and software on your network. Run an IT Help Desk for your company thats easy to use. [Do not copy without authorization] Security-Database team has applied to test the SpiceWork 4.0 and we are very excited to see the new features of the release. SpiceWork is a magic (...) -> http://www.security-database.com/toolswatch/SpiceWorks-4-on-its-way-for-alpha.html ** Security-Database news reported without quoting "the source" ** by Tools Tracker Team - 16 April 2009 Since months, we discovered that many security blogs (security-sh3ll.blogspot.com among others) are using our "news and postings" without quoting the source. Please feel free to READ CAREFULLY THE CC Licence !!!! Creative Common : Attribution. You must attribute the work in the manner specified by the author or licensor (but not in any way that suggests that they endorse you or your use of the work). If this continues, we will be forced to suspend this service and made it available only "on (...) -> http://www.security-database.com/toolswatch/Security-Database-news-reported.html ** WebShag 1.10 available ** by Tools Tracker Team - 16 April 2009 Webshag (the Free Web Server Audit Tool) is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing. Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication (Basic and Digest). In addition to that it proposes innovative IDS evasion functionalities aimed at making correlation between request more (...) -> http://www.security-database.com/toolswatch/WebShag-1-10-available.html ** WebSecurityTool Watcher v1.1.0 available on CodePlex ** by Tools Tracker Team - 16 April 2009 Watcher (The Open source Web Security Testing Tool and PCI compliancy auditing utility) is a runtime passive-analysis tool for HTTP-based Web applications. It detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP (...) -> http://www.security-database.com/toolswatch/WebSecurityTool-Watcher-v1-1.html ** Nikto updated to 2.03 ** by Tools Tracker Team - 16 April 2009 Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated Changes Fix for Jetty to latest version, fixes ticket #49 New export of the manual from the docbook Updated versions in nikto.pl Added various new (...) -> http://www.security-database.com/toolswatch/Nikto-updated-to-2-03.html ** SQLPlus v0.3 available ** by Tools Tracker Team - 16 April 2009 sqlsus is an open source MySQL injection and takeover tool, written in perl. Using a command line interface that mimics a mysql console, you can retrieve the databases structure, inject SQL queries, download files from the web server, upload and control a backdoor, clone the databases, and much more... It is designed to maximize the amount of data gathered per server hit, making the best use (I can think of) of MySQL functions to optimise the available injection space. sqlsus is focused on (...) -> http://www.security-database.com/toolswatch/SQLPlus-v0-3-available.html ** winAUTOPWN v1.9 released ** by Tools Tracker Team - 14 April 2009 The aim of creating winAUTOPWN is not to compete with already existing commercial frameworks like Core Impact (Pro), Immunity Canvas, Metasploit Framework (freeware), etc. which offer autohacks, but to create a free, quick, standalone application which is easy to use and doesnt require a lot of support of other dependencies. Also not forgetting that winAUTOPWN unlike other frameworks maintains the original exploit writers source code intact just as it was and uses it. This way the exploit (...) -> http://www.security-database.com/toolswatch/winAUTOPWN-v1-8-released.html ** Process Hacker v1.3.6.5 available ** by Tools Tracker Team - 14 April 2009 Process Hacker is a feature-packed tool for manipulating processes and services on your computer. It can show you the threads (with symbols), modules, memory regions, handles and token of processes. It has detailed graphs that show CPU usage, memory usage and I/O activity. It can even change the DEP status of some processes and protect/unprotect them! Process Hacker can read/write memory using a built-in hex editor and search through memory. It has a powerful run-as tool that can run (...) -> http://www.security-database.com/toolswatch/Process-Hacker-v1-3-6-5-available.html ** Technitium MAC Address Changer v5.0 available ** by Tools Tracker Team - 10 April 2009 Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine. Every NIC has a MAC address hard coded in its circuit by the manufacturer. This hard coded MAC address is used by windows drivers to access Ethernet Network (LAN). This tool can set a new MAC address to your NIC, (...) -> http://www.security-database.com/toolswatch/Technitium-MAC-Address-Changer-v5.html ** GreenSQL-FW v1.0.0 released ** by Tools Tracker Team - 10 April 2009 GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy and has built in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL is distributed under the GPL license. This is a major application release geared towards application stability, ease of use, performance increase and elimination of bugs. (...) -> http://www.security-database.com/toolswatch/GreenSQL-FW-v1-released.html N.OUCHN & B.PICUIRA security-database.com http://www.security-database.com ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Vulnerability Research M.D.Mufambisi (Apr 16)
- (Tools Updates) - Tools Watch latest releases SD List (Apr 17)