Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

(Tools Updates) - Tools Watch latest releases

From: "SD List" <list () security-database com>
Date: Fri, 17 Apr 2009 21:47:01 +0200 (CEST)
Dear all,

Here is the site's newsletter "Security Database Tools Watch"
(http://www.security-database.com/toolswatch). This letter summarizes the
articles and news items published since 7 days.

Greetings
We'd like to thank Maximiliano Soler (http://maximilianosoler.com.ar/) and
Kevin Orrey (http://www.vulnerabilityassessment.co.uk/) for new tools
notifications.

         New articles
         --------------------------


** SpiceWorks 4.0 on its way for alpha testing **
by  Tools Tracker Team
- 17 April 2009

Designed, tested and used by 500,000 IT pros in 185 countries. Spiceworks
has the everyday IT features:

Inventory and report on your company’s hardware and software assets
automatically.

Monitor and troubleshoot the hardware and software on your network.

Run an IT Help Desk for your company that’s easy to use.

[Do not copy without authorization]

Security-Database team has applied to test the SpiceWork 4.0 and we are
very excited to see the new features of the release. SpiceWork is a magic
(...)

->
http://www.security-database.com/toolswatch/SpiceWorks-4-on-its-way-for-alpha.html


** Security-Database news reported without quoting "the source" **
by  Tools Tracker Team
- 16 April 2009

Since months, we discovered that many security blogs
(security-sh3ll.blogspot.com among others) are using our "news and
postings" without quoting the source. Please feel free to READ CAREFULLY
THE CC Licence !!!!

Creative Common : “Attribution. You must attribute the work in the
manner specified by the author or licensor (but not in any way that
suggests that they endorse you or your use of the work).”

If this continues, we will be forced to suspend this service and made it
available only "on (...)

->
http://www.security-database.com/toolswatch/Security-Database-news-reported.html


** WebShag 1.10 available **
by  Tools Tracker Team
- 16 April 2009

Webshag (the Free Web Server Audit Tool) is a multi-threaded,
multi-platform web server audit tool. Written in Python, it gathers
commonly useful functionalities for web server auditing like website
crawling, URL scanning or file fuzzing.

Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy
and using HTTP authentication (Basic and Digest). In addition to that it
proposes innovative IDS evasion functionalities aimed at making correlation
between request more (...)

-> http://www.security-database.com/toolswatch/WebShag-1-10-available.html


** WebSecurityTool Watcher v1.1.0 available on CodePlex **
by  Tools Tracker Team
- 16 April 2009

Watcher (The Open source Web Security Testing Tool and PCI compliancy
auditing utility) is a runtime passive-analysis tool for HTTP-based Web
applications. It detects Web-application security issues as well as
operational configuration issues.

Watcher provides pen-testers hot-spot detection for vulnerabilities,
developers quick sanity checks, and auditors PCI compliance auditing. It
looks for issues related to mashups, user-controlled payloads (potential
XSS), cookies, comments, HTTP (...)

->
http://www.security-database.com/toolswatch/WebSecurityTool-Watcher-v1-1.html


** Nikto updated to 2.03 **
by  Tools Tracker Team
- 16 April 2009

Nikto is an Open Source (GPL) web server scanner which performs
comprehensive tests against web servers for multiple items, including over
3300 potentially dangerous files/CGIs, versions on over 625 servers, and
version specific problems on over 230 servers. Scan items and plugins are
frequently updated and can be automatically updated

Changes

Fix for Jetty to latest version, fixes ticket #49

New export of the manual from the docbook

Updated versions in nikto.pl

Added various new (...)

-> http://www.security-database.com/toolswatch/Nikto-updated-to-2-03.html


** SQLPlus v0.3 available **
by  Tools Tracker Team
- 16 April 2009

sqlsus is an open source MySQL injection and takeover tool, written in
perl. Using a command line interface that mimics a mysql console, you can
retrieve the databases structure, inject SQL queries, download files from
the web server, upload and control a backdoor, clone the databases, and
much more...

It is designed to maximize the amount of data gathered per server hit,
making the best use (I can think of) of MySQL functions to optimise the
available injection space.

sqlsus is focused on (...)

-> http://www.security-database.com/toolswatch/SQLPlus-v0-3-available.html


** winAUTOPWN v1.9 released **
by  Tools Tracker Team
- 14 April 2009

The aim of creating winAUTOPWN is not to compete with already existing
commercial frameworks like Core Impact (Pro), Immunity Canvas, Metasploit
Framework (freeware), etc. which offer autohacks, but to create a free,
quick, standalone application which is easy to use and doesn’t require a
lot of support of other dependencies. Also not forgetting that winAUTOPWN
unlike other frameworks maintains the original exploit writer’s source
code intact just as it was and uses it. This way the exploit (...)

->
http://www.security-database.com/toolswatch/winAUTOPWN-v1-8-released.html


** Process Hacker v1.3.6.5 available **
by  Tools Tracker Team
- 14 April 2009

Process Hacker is a feature-packed tool for manipulating processes and
services on your computer. It can show you the threads (with symbols),
modules, memory regions, handles and token of processes. It has detailed
graphs that show CPU usage, memory usage and I/O activity. It can even
change the DEP status of some processes and protect/unprotect them!

Process Hacker can read/write memory using a built-in hex editor and
search through memory. It has a powerful run-as tool that can run (...)

->
http://www.security-database.com/toolswatch/Process-Hacker-v1-3-6-5-available.html


** Technitium MAC Address Changer v5.0 available **
by  Tools Tracker Team
- 10 April 2009

Technitium MAC Address Changer allows you to change Media Access Control
(MAC) Address of your Network Interface Card (NIC) irrespective to your NIC
manufacturer or its driver. It has a very simple user interface and
provides ample information regarding each NIC in the machine. Every NIC has
a MAC address hard coded in its circuit by the manufacturer. This hard
coded MAC address is used by windows drivers to access Ethernet Network
(LAN).

This tool can set a new MAC address to your NIC, (...)

->
http://www.security-database.com/toolswatch/Technitium-MAC-Address-Changer-v5.html


** GreenSQL-FW v1.0.0 released **
by  Tools Tracker Team
- 10 April 2009

GreenSQL is an Open Source database firewall used to protect databases
from SQL injection attacks. GreenSQL works as a proxy and has built in
support for MySQL. The logic is based on evaluation of SQL commands using a
risk scoring matrix as well as blocking known db administrative commands
(DROP, CREATE, etc). GreenSQL is distributed under the GPL license.

This is a major application release geared towards application stability,
ease of use, performance increase and elimination of bugs. (...)

->
http://www.security-database.com/toolswatch/GreenSQL-FW-v1-released.html

N.OUCHN & B.PICUIRA
security-database.com
http://www.security-database.com


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: