[Tools Updates] - Security Database Tools Latest updates

["SD List" <list () security-database com>]

Find these news live from http://www.security-database.com/toolswatch/

[+] Nessus version 4.0 released

Nessus is the world’s most popular vulnerability scanner used in over
75,000 organizations world-wide. Many of the world’s largest organizations
are realizing significant cost savings by using Nessus to audit
business-critical enterprise devices and applications.

[+] Lynis updated to v1.2.6

Lynis is an auditing tool for Unix (specialists). It scans the system and
available software, to detect security issues. Beside security related
information it will also scan for general system information, installed
packages and configuration mistakes.

[+] Ophcrack updated to v3.2.1

Ophcrack is a Windows password cracker based on rainbow tables. It is a
very efficient implementation of rainbow tables done by the inventors of
the method. It comes with a GTK+ Graphical User Interface and runs on
Windows, Mac OS X (Intel CPU) as well as on Linux.

[+] Autoscan v1.42 now supports OSX

AutoScan-Network is a network discovering and managing application. No
configuration is required to scan your network. The main goal is to print
the list of connected equipments in your network

[+] OAT Office Communication Server Tool Assessment released

OAT is a free VoIP security assessment tool designed to test the security
configuration of Microsoft OCS SIP infrastructures, for
deployment/implementation issues. It’s the first OCS SIP validation tool
written in windows. OAT is the first security assessment tool for Office
Communication Server 2007 (Including R2)

[+] winAUTOPWN v1.7.0 released

The aim of creating winAUTOPWN is not to compete with already existing
commercial frameworks like Core Impact (Pro), Immunity Canvas, Metasploit
Framework (freeware), etc. which offer autohacks, but to create a free,
quick, standalone application which is easy to use and doesn’t require a
lot of support of other dependencies. Also not forgetting that winAUTOPWN
unlike other frameworks maintains the original exploit writer’s source
code intact just as it was and uses it. This way the exploit writer’s
credit and originality is maintained. The source is modified only when
required to enable a missing feature or to remove hard-coded limitations.
Under these circumstances also, the exploit writers credits remain intact.

[+] AutoNessus v1.3.0 supports OpenVAS

AutoNessus automates regular Nessus scans and provides delta reporting.
The goal is to reduce the analysis time for subsequent scans of the same
infrastructure by only reporting delta findings.

[+] VisualRoute v13.1a available

VisualRoute is a free IP tracer analyzes network connectivity, identifies
IP address locations. It analyzes your Internet connection to determine
precisely where and how data traffic is flowing, identifying where any
bottlenecks occur. A trace report details the performance of each portion
of the connection route, including any dropped data packets and network
latency, along with the IP address, node name and network provider.

[+] Scanners and utilities to detect Conficker worm

Conficker, also known as Downup, Downadup and Kido, is a computer worm
that surfaced in October 2008 and targets the Microsoft Windows operating
system. The worm exploits a previously patched vulnerability in the
Windows Server service used by Windows 2000, Windows XP, Windows Vista,
Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows
Server 2008 R2 Beta. The worm has been unusually difficult for network
operators and law enforcement to counter because of its combined use of
advanced malware techniques.

[+] Sara vulnerability scanner updated to v7.8.4

The Security Auditor’s Research Assistant (SARA) is a third generation
network security analysis tool that is:
- Operates under Unix, Linux, MAC OS/X or Windows (through coLinux) OS’.
- Integrates the National Vulnerability Database (NVD).
- Performs SQL injection tests.
- Performs exhaustive XSS tests
- Can adapt to many firewalled environments.
- Support remote self scan and API facilities.
- Used for CIS benchmark initiatives
- Plug-in facility for third party apps
- CVE standards support
- Enterprise search module
- Standalone or daemon mode
- Free-use open SATAN oriented license
- Updated twice a month (we try)
- User extension support - Based on the SATAN model

Source:security-database.com

Best regards
Nabil Ouchn
Co-founder security-database.com


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------