Penetration Testing mailing list archives
[Tools Updates] - Security Database Tools Latest updates
From: "SD List" <list () security-database com>
Date: Thu, 9 Apr 2009 15:47:11 +0200 (CEST)
Find these news live from http://www.security-database.com/toolswatch/ [+] Nessus version 4.0 released Nessus is the worlds most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the worlds largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications. [+] Lynis updated to v1.2.6 Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. [+] Ophcrack updated to v3.2.1 Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux. [+] Autoscan v1.42 now supports OSX AutoScan-Network is a network discovering and managing application. No configuration is required to scan your network. The main goal is to print the list of connected equipments in your network [+] OAT Office Communication Server Tool Assessment released OAT is a free VoIP security assessment tool designed to test the security configuration of Microsoft OCS SIP infrastructures, for deployment/implementation issues. Its the first OCS SIP validation tool written in windows. OAT is the first security assessment tool for Office Communication Server 2007 (Including R2) [+] winAUTOPWN v1.7.0 released The aim of creating winAUTOPWN is not to compete with already existing commercial frameworks like Core Impact (Pro), Immunity Canvas, Metasploit Framework (freeware), etc. which offer autohacks, but to create a free, quick, standalone application which is easy to use and doesnt require a lot of support of other dependencies. Also not forgetting that winAUTOPWN unlike other frameworks maintains the original exploit writers source code intact just as it was and uses it. This way the exploit writers credit and originality is maintained. The source is modified only when required to enable a missing feature or to remove hard-coded limitations. Under these circumstances also, the exploit writers credits remain intact. [+] AutoNessus v1.3.0 supports OpenVAS AutoNessus automates regular Nessus scans and provides delta reporting. The goal is to reduce the analysis time for subsequent scans of the same infrastructure by only reporting delta findings. [+] VisualRoute v13.1a available VisualRoute is a free IP tracer analyzes network connectivity, identifies IP address locations. It analyzes your Internet connection to determine precisely where and how data traffic is flowing, identifying where any bottlenecks occur. A trace report details the performance of each portion of the connection route, including any dropped data packets and network latency, along with the IP address, node name and network provider. [+] Scanners and utilities to detect Conficker worm Conficker, also known as Downup, Downadup and Kido, is a computer worm that surfaced in October 2008 and targets the Microsoft Windows operating system. The worm exploits a previously patched vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta. The worm has been unusually difficult for network operators and law enforcement to counter because of its combined use of advanced malware techniques. [+] Sara vulnerability scanner updated to v7.8.4 The Security Auditors Research Assistant (SARA) is a third generation network security analysis tool that is: - Operates under Unix, Linux, MAC OS/X or Windows (through coLinux) OS. - Integrates the National Vulnerability Database (NVD). - Performs SQL injection tests. - Performs exhaustive XSS tests - Can adapt to many firewalled environments. - Support remote self scan and API facilities. - Used for CIS benchmark initiatives - Plug-in facility for third party apps - CVE standards support - Enterprise search module - Standalone or daemon mode - Free-use open SATAN oriented license - Updated twice a month (we try) - User extension support - Based on the SATAN model Source:security-database.com Best regards Nabil Ouchn Co-founder security-database.com ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- OSSTMM 3 Sample released Pete Herzog (Apr 07)
- [Tools Updates] - Security Database Tools Latest updates SD List (Apr 09)