Penetration Testing mailing list archives
Tools Update - first week of december 2009
From: "SD List" <list () security-database com>
Date: Sun, 6 Dec 2009 18:19:40 +0100 (CET)
Hello Here is the site's newsletter "Security Database Tools Watch" (http://www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. New articles -------------------------- ** WhatWeb v0.3 - Next generation Web Scanner ** by ToolsTracker - 4 December 2009 Identifying content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. Licensed under GPLv3. WhatWeb has over 60 plugins and needs community support to develop more. Plugins can identify systems with obvious signs removed by looking for subtle clues. Example: A WordPress site might remove the tag but the WordPress plugin also looks for "wp-content" which is less easy to disguise. Plugins are flexible and can return any datatype, (...) -> http://www.security-database.com/toolswatch/WhatWeb-v0-3-Next-generation-Web.html ** Kismet v2009-11-R1 released ** by ToolsTracker - 4 December 2009 Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic. Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic. Version 2009-11-R1 Release (...) -> http://www.security-database.com/toolswatch/Kismet-v2009-11-R1-released.html ** Slitaz Aircrack-ng Distribution v20091124 released ** by ToolsTracker - 4 December 2009 The Slitaz Aircrack-ng Distribution is the base Slitaz cooking version plus the latest Aircrack-ng SVN version, wireless drivers patched for injection and other related tools. The custom distribution is especially tuned for the Acer Aspire One netbooks but will work well on virtually all desktops, notebooks and netbooks. Version November 24/2009 Fixed missing compat-wireless modules bug. More information: http://www.slitaz.org (...) -> http://www.security-database.com/toolswatch/Slitaz-Aircrack-ng-Distribution,900.html ** Matriux NEW Security Distro (Next 05 Dec @ Club Hack 2009) ** by ToolsTracker - 3 December 2009 The Matriux is a phenomenon that was waiting to happen. It is a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used (...) -> http://www.security-database.com/toolswatch/Matriux-NEW-Security-Distro-Next.html ** sambascan2 v0.4.2 released - scanning por SMB Shares ** by ToolsTracker - 3 December 2009 Sambascan2 allows you to search an entire network or a number of hosts for SMB shares. It will also list the contents of all public shares that it finds. More information: here -> http://www.security-database.com/toolswatch/sambascan2-v0-4-2-released.html ** Nipper v1.1 released ** by ToolsTracker - 3 December 2009 Nipper performs security audits of network device configuration files. The report produced by Nipper includes; detailed security-related issues with recommendations, a configuration report and various appendices. Nipper currently supports Cisco IOS, PIX, ASA, FWSM, NMP, CatOS and Juniper NetScreen devices. Just like with the previous releases too many new features have been added to list them all (over 150 new features with this release), so here are a few of our favourites: (...) -> http://www.security-database.com/toolswatch/Nipper-v1-1-released.html ** Lynis v1.2.7 released (updated) ** by ToolsTracker - 3 December 2009 Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This new release includes several new tests, minor bugfixes and improvements. Lynis should also work correctly on AIX now, due to the help of Michael Smerdka and Florian Roth. Lynis updated to version 1.2.7 More information: (...) -> http://www.security-database.com/toolswatch/Lynis-v1-2-7-released-updated.html ** HaraldScan v0.401 released ** by ToolsTracker - 3 December 2009 The scanner will be able to determine Major and Minor device class of device, as well as attempt to resolve the device's MAC address to the largest known Bluetooth MAC address Vendor list. The goal of this project is to obtain as many MAC addresses mapped to device vendors as possible. Version 0.401 There is no difference between 0.401 and 0.4 except it has been packaged properly. Distribution Harald Scan is now distributed in either source code or dist Harald Scan is still (...) -> http://www.security-database.com/toolswatch/HaraldScan-v0-401-released.html ** Burp Suite Professional v1.3Beta released ** by ToolsTracker - 3 December 2009 Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, downstream proxies, logging, alerting and extensibility. Version 1.3 Beta Improved search, with regex, scope restrictions, dynamically updating results, etc. Request (...) -> http://www.security-database.com/toolswatch/Burp-Suite-Professional-v1-3Beta.html ** Acunetix WVS v6.5 Build 20091130 released ** by ToolsTracker - 3 December 2009 Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing. Bug Fixes: Fixed: crash in TM_MultiRequest_Parameter_Manipulation module Fixed: bug in crawler related with GetVar (...) -> http://www.security-database.com/toolswatch/Acunetix-WVS-v6-5-Build-20091130.html ** GreenSQL-FW v1.2.0 released ** by ToolsTracker - 3 December 2009 GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy for SQL commands and has built in support for MySQL. GreenSQL 1.2 includes many new features and enhancements. In this version, GreenSQL provides native support for PostgreSQL databases for the very first time. In fact, GreenSQL is the only database firewall (Open or Closed Source) available for the protection of the many PostgreSQL databases currently in use. (...) -> http://www.security-database.com/toolswatch/GreenSQL-FW-v1-2-released.html ** Metasploit Framework v3.3.1 released ** by ToolsTracker - 3 December 2009 The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler. Version 3.3.1 Metasploit now has 453 exploit modules and (...) -> http://www.security-database.com/toolswatch/Metasploit-Framework-v3-3-1.html ** Nessus v4.2.0 released ** by ToolsTracker - 3 December 2009 Nessus is the world's most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world's largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications. Nessus 4.2 features a brand new web-based user interface and other performance improvements. Version 4.2.0 Reporting When a service is identified against a given port, the port name is now set to the service name. An updated (...) -> http://www.security-database.com/toolswatch/Nessus-v4-2-released,890.html ** Eclipse HTTP Client (HTTP4e) v2.0 available ** by Tools Tracker Team - 28 November 2009 Eclipse HTTP Client (HTTP4e) is an Eclipse plugin formaking HTTP and RESTful calls. Build with user experience in mind, it simplifies the developer/QA job of testing Web Services, REST, JSON and HTTP. It is a useful tool for your daily job of HTTP header tampering and hacking. Features: Making/Replaying an HTTP call directly from Eclipse IDE Visual Editor Panels for headers, parameters and http packet body Tabbed browsing (allowing replaying different RESTful, HTTP calls on separate (...) -> http://www.security-database.com/toolswatch/Eclipse-HTTP-Client-HTTP4e-v2.html ** History of Hacking - Part 1 ** by Tools Tracker Team - 28 November 2009 Every culture has its beginning somewhere, Computer hacking is no exception. The History of Hacking video series is a 5 part documentary which runs down memory lane and presents important figures, facts and personalities of the Hacking culture. In History of Hacking Part 1, we will look at Phone Phreaking and John Draper a.k.a Captain Crunch and try and understand the string of events which molded the Phone Phreaking culture. Those of you who have not heard of John, he is the guy who (...) -> http://www.security-database.com/toolswatch/History-of-Hacking-Part-1.html Regards Nabil OUCHN CEO & Founder Security-Database France Maximiliano Soler ToolsWatch Leader Security-Database Argentina ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Tools Update - first week of december 2009 SD List (Dec 08)