Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

[Tools update] The Friday Security-Database Watch Newsletter -- v20090424

From: "SD List" <list () security-database com>
Date: Fri, 24 Apr 2009 14:08:28 +0200 (CEST)
Dear all,

Here is the site's newsletter "Security Database Tools Watch"
(http://www.security-database.com/toolswatch).
This letter summarizes the articles and news items published since 7 days.

We adopted the title "The Friday Security-Database Watch Newsletter".

Many thanks to Sergio Castro and Tim Eberhard for the "Tools Notification"


New articles - v20090424
--------------------------

** SQLMap 0.7rc1 available **
by  Tools Tracker Team
- 24 April 2009

sqlmap is an open source command-line automatic SQL injection tool
developed in Python.
Its goal is to detect and take advantage of SQL injection vulnerabilities
on web applications.
Once it detects one or more SQL injections on the target host, the user
can choose among a variety
of options to perform an extensive back-end database management system
fingerprint (..)

-> http://www.security-database.com/toolswatch/SQLMap-7rc1-available.html


** BlueMaho (Bluetooth Security Testing Suite) updated to v.090417 **
by  Tools Tracker Team
- 21 April 2009

BlueMaho is GUI-shell (interface) for suite of tools for testing security
of bluetooth devices. It is freeware, opensource, written on python, uses
wxPyhon. It can be used for testing BT-devices for known vulnerabilities
and major thing to do - testing to find unknown vulnerabilities.

Changelog for this release

NEW: statistics (uniq devices by day/hour, vendors, services etc)

NEW: handbook

NEW: opush abuse (prompts flood) DoS attack

NEW: OBEX stress tests

NEW: DoS in OPUSH filename for (...)

->
http://www.security-database.com/toolswatch/BlueMaho-Bluetooth-Security,631.html


** tpcat v1.3 released **
by  Tools Tracker Team
- 20 April 2009

PCAT will analyze two packet captures (taken on each side of the firewall
as an example) and report any packets that were seen on the source capture
but didn’t make it to the destination. It will detect network latency,
injected packets and dropped packets..etc.

This is a very handy utility during a network audit session. TpCat comes
with a "TPCAT README" file. It has a nice easy to use GUI.

Tool submitted by Tim Eberhard (the tool (...)

-> http://www.security-database.com/toolswatch/tpcat-v1-3-released.html


** ViMtruder v1.0 proof of concept virtual machine trojan. **
by  Tools Tracker Team
- 20 April 2009

Normal trojans are a known threat, and we know how to mitigate them. But
what about virtual machine trojans? This is a proof-of-concept Virtual
Machine Trojan Visit www.infosegura.net/vimtruder.html for details

Virtualization technology is such an efficient way of managing IT
resources that there’s no doubt that in a very short time it will become
the only way of doing it. But virtualization is still a new technology, and
security is still lagging behind.

Normal trojans are a known threat, (...)

->
http://www.security-database.com/toolswatch/ViMtruder-v1-proof-of-concept.html


** Sipflanker SIP devices vulnerability scanner v1.5b available **
by  Tools Tracker Team
- 20 April 2009

any (if not most) VoIP devices have available a Web GUI for their
configuration, management, and report generation. These Web GUIs are often
on default, meaning that the moment you install the IP phone or IP PBX, the
Web GUI is immediately available on the network. And unfortunately it is
also common for the username and password to have the default values.

Sipflanker will help you find these SIP devices with potentially
vulnerable Web GUIs in your network.

What the application does is (...)

-> http://www.security-database.com/toolswatch/Sipflanker-SIP-devices.html


** PTF (Penetration Testing Framework) 0.54 released **
by  Tools Tracker Team
- 17 April 2009

The PTF (pentestration tests framework) enumerates the stages one’s
should perform during a test (as described in the OSSTMM manual)

Network footprinting

Discovery & Probing

Enumeration

Vulnerability assessment

Penetration (or exploitation)

Plus other tests as well as physical, wireless assessment....

Change Log:

Major revamp and expansion of Network Reconnaissance Section

Addition of Metadata Online Search and Offline Tools

General Tidy and removal of some duplication within (...)

->
http://www.security-database.com/toolswatch/PTF-Penetration-Testing-Framework,627.html


** SpiceWorks 4.0 on its way for alpha testing **
by  Tools Tracker Team
- 17 April 2009

Designed, tested and used by 500,000 IT pros in 185 countries. Spiceworks
has the everyday IT features:

Inventory and report on your company’s hardware and software assets
automatically.

Monitor and troubleshoot the hardware and software on your network.

Run an IT Help Desk for your company that’s easy to use.

[Do not copy without authorization]

Security-Database team has applied to test the SpiceWork 4.0 and we are
very excited to see the new features of the release. SpiceWork is a magic
(...)

->
http://www.security-database.com/toolswatch/SpiceWorks-4-on-its-way-for-alpha.html

Happy Week End ...

N.OUCHN & B.PICUIRA
Security-Database.com



------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Tired of using other people's tools? Why not learn how to write your own exploits? 
InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for 
Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. 

http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: