Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Tools Update - first week of december 2009

From: "SD List" <list () security-database com>
Date: Sun, 6 Dec 2009 18:19:40 +0100 (CET)
Hello

Here is the site's newsletter "Security Database Tools Watch"
(http://www.security-database.com/toolswatch).
This letter summarizes the articles and news items published since 7 days.


         New articles
         --------------------------


** WhatWeb v0.3 - Next generation Web Scanner **
by  ToolsTracker
- 4 December 2009

Identifying content management systems (CMS), blogging platforms,
stats/analytics packages, javascript libraries, servers and more. Licensed
under GPLv3.

WhatWeb has over 60 plugins and needs community support to develop more.
Plugins can identify systems with obvious signs removed by looking for
subtle clues.

Example:

A WordPress site might remove the tag but the WordPress plugin also looks
for "wp-content" which is less easy to disguise. Plugins are flexible and
can return any datatype, (...)

->
http://www.security-database.com/toolswatch/WhatWeb-v0-3-Next-generation-Web.html


** Kismet v2009-11-R1 released **
by  ToolsTracker
- 4 December 2009

Kismet is an 802.11 layer2 wireless network detector, sniffer, and
intrusion detection system. Kismet will work with any wireless card which
supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and
802.11g traffic.

Kismet identifies networks by passively collecting packets and detecting
standard named networks, detecting (and given time, decloaking) hidden
networks, and infering the presence of nonbeaconing networks via data
traffic.

Version 2009-11-R1

Release (...)

->
http://www.security-database.com/toolswatch/Kismet-v2009-11-R1-released.html


** Slitaz Aircrack-ng Distribution v20091124 released **
by  ToolsTracker
- 4 December 2009

The “Slitaz Aircrack-ng Distribution” is the base Slitaz cooking
version plus the latest Aircrack-ng SVN version, wireless drivers patched
for injection and other related tools. The custom distribution is
especially tuned for the Acer Aspire One netbooks but will work well on
virtually all desktops, notebooks and netbooks.

Version November 24/2009

Fixed missing compat-wireless modules bug.

More information:

http://www.slitaz.org (...)

->
http://www.security-database.com/toolswatch/Slitaz-Aircrack-ng-Distribution,900.html


** Matriux NEW Security Distro (Next 05 Dec @ Club Hack 2009) **
by  ToolsTracker
- 3 December 2009

The Matriux is a phenomenon that was waiting to happen. It is a fully
featured security distribution consisting of a bunch of powerful, open
source and free tools that can be used for various purposes including, but
not limited to, penetration testing, ethical hacking, system and network
administration, cyber forensics investigations, security testing,
vulnerability analysis, and much more. It is a distribution designed for
security enthusiasts and professionals, although it can be used (...)

->
http://www.security-database.com/toolswatch/Matriux-NEW-Security-Distro-Next.html


** sambascan2 v0.4.2 released - scanning por SMB Shares **
by  ToolsTracker
- 3 December 2009

Sambascan2 allows you to search an entire network or a number of hosts for
SMB shares. It will also list the contents of all public shares that it
finds.

More information: here

->
http://www.security-database.com/toolswatch/sambascan2-v0-4-2-released.html


** Nipper v1.1 released **
by  ToolsTracker
- 3 December 2009

Nipper performs security audits of network device configuration files. The
report produced by Nipper includes; detailed security-related issues with
recommendations, a configuration report and various appendices. Nipper
currently supports Cisco IOS, PIX, ASA, FWSM, NMP, CatOS and Juniper
NetScreen devices.

Just like with the previous releases too many new features have been added
to list them all (over 150 new features with this release), so here are a
few of our favourites: (...)

-> http://www.security-database.com/toolswatch/Nipper-v1-1-released.html


** Lynis v1.2.7 released (updated) **
by  ToolsTracker
- 3 December 2009

Lynis is an auditing tool for Unix (specialists). It scans the system and
available software, to detect security issues. Beside security related
information it will also scan for general system information, installed
packages and configuration mistakes.

This new release includes several new tests, minor bugfixes and
improvements. Lynis should also work correctly on AIX now, due to the help
of Michael Smerdka and Florian Roth.

Lynis updated to version 1.2.7

More information: (...)

->
http://www.security-database.com/toolswatch/Lynis-v1-2-7-released-updated.html


** HaraldScan v0.401 released **
by  ToolsTracker
- 3 December 2009

The scanner will be able to determine Major and Minor device class of
device, as well as attempt to resolve the device's MAC address to the
largest known Bluetooth MAC address Vendor list.

The goal of this project is to obtain as many MAC addresses mapped to
device vendors as possible.

Version 0.401

There is no difference between 0.401 and 0.4 except it has been packaged
properly.

Distribution

Harald Scan is now distributed in either source code or dist

Harald Scan is still (...)

->
http://www.security-database.com/toolswatch/HaraldScan-v0-401-released.html


** Burp Suite Professional v1.3Beta released **
by  ToolsTracker
- 3 December 2009

Burp Suite is an integrated platform for attacking web applications. It
contains all of the Burp tools with numerous interfaces between them
designed to facilitate and speed up the process of attacking an
application. All tools share the same robust framework for handling HTTP
requests, persistence, authentication, downstream proxies, logging,
alerting and extensibility.

Version 1.3 Beta

Improved search, with regex, scope restrictions, dynamically updating
results, etc.

Request (...)

->
http://www.security-database.com/toolswatch/Burp-Suite-Professional-v1-3Beta.html


** Acunetix WVS v6.5 Build 20091130 released **
by  ToolsTracker
- 3 December 2009

Acunetix Web Vulnerability Scanner (WVS) is an automated web application
security testing tool that audits your web applications by checking for
exploitable hacking vulnerabilities. Automated scans may be supplemented
and cross-checked with the variety of manual tools to allow for
comprehensive web site and web application penetration testing.

Bug Fixes:

Fixed: crash in TM_MultiRequest_Parameter_Manipulation module

Fixed: bug in crawler related with GetVar (...)

->
http://www.security-database.com/toolswatch/Acunetix-WVS-v6-5-Build-20091130.html


** GreenSQL-FW v1.2.0 released **
by  ToolsTracker
- 3 December 2009

GreenSQL is an Open Source database firewall used to protect databases
from SQL injection attacks. GreenSQL works as a proxy for SQL commands and
has built in support for MySQL.

GreenSQL 1.2 includes many new features and enhancements. In this version,
GreenSQL provides native support for PostgreSQL databases for the very
first time. In fact, GreenSQL is the only database firewall (Open or Closed
Source) available for the protection of the many PostgreSQL databases
currently in use. (...)

->
http://www.security-database.com/toolswatch/GreenSQL-FW-v1-2-released.html


** Metasploit Framework v3.3.1 released **
by  ToolsTracker
- 3 December 2009

The Metasploit Framework is a development platform for creating security
tools and exploits. The framework is used by network security professionals
to perform penetration tests, system administrators to verify patch
installations, product vendors to perform regression testing, and security
researchers world-wide. The framework is written in the Ruby programming
language and includes components written in C and assembler.

Version 3.3.1

Metasploit now has 453 exploit modules and (...)

->
http://www.security-database.com/toolswatch/Metasploit-Framework-v3-3-1.html


** Nessus v4.2.0 released **
by  ToolsTracker
- 3 December 2009

Nessus is the world's most popular vulnerability scanner used in over
75,000 organizations world-wide. Many of the world's largest organizations
are realizing significant cost savings by using Nessus to audit
business-critical enterprise devices and applications.

Nessus 4.2 features a brand new web-based user interface and other
performance improvements.

Version 4.2.0

Reporting When a service is identified against a given port, the port name
is now set to the service name.

An updated (...)

->
http://www.security-database.com/toolswatch/Nessus-v4-2-released,890.html


** Eclipse HTTP Client (HTTP4e) v2.0 available **
by  Tools Tracker Team
- 28 November 2009

Eclipse HTTP Client (HTTP4e) is an Eclipse plugin formaking HTTP and
RESTful calls. Build with user experience in mind, it simplifies the
developer/QA job of testing Web Services, REST, JSON and HTTP. It is a
useful tool for your daily job of HTTP header tampering and hacking.

Features:

Making/Replaying an HTTP call directly from Eclipse IDE

Visual Editor Panels for headers, parameters and http packet body

Tabbed browsing (allowing replaying different RESTful, HTTP calls on
separate (...)

->
http://www.security-database.com/toolswatch/Eclipse-HTTP-Client-HTTP4e-v2.html


** History of Hacking - Part 1 **
by  Tools Tracker Team
- 28 November 2009

Every culture has its beginning somewhere, Computer hacking is no
exception. The History of Hacking video series is a 5 part documentary
which runs down memory lane and presents important figures, facts and
personalities of the Hacking culture. In History of Hacking Part 1, we will
look at Phone Phreaking and John Draper a.k.a Captain Crunch and try and
understand the string of events which molded the Phone Phreaking culture.

Those of you who have not heard of John, he is the guy who (...)

->
http://www.security-database.com/toolswatch/History-of-Hacking-Part-1.html

Regards

Nabil OUCHN
CEO & Founder
Security-Database
France

Maximiliano Soler
ToolsWatch Leader
Security-Database
Argentina


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: