Penetration Testing mailing list archives
Tools Update - third week of december 2009
From: "SD List" <list () security-database com>
Date: Sun, 20 Dec 2009 09:48:12 +0100 (CET)
Hello Here is the site's newsletter "Security Database Tools Watch" (http://www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. New articles -------------------------- ** Pentoo 2009.0 final is there ** by Tools Tracker Team - 18 December 2009 Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based on Gentoo Linux, Pentoo includes Nessus and Metasploit for penetration testing and security assessment. The user interface is the Enlightenment window manager. Pentoo is optimized for Pentium III architecture. Pentoo supports package modularity in the same fashion that Slax does. The most notable changes: New kernel 3.6.31.6 with aufs and squashfs-lzma New wifi stack 2.6.32_rc7 with injection (...) -> http://www.security-database.com/toolswatch/Pentoo-2009-final-is-there.html ** hostmap v0.2 - hostname discovery tool ** by ToolsTracker - 18 December 2009 hostmap is a free, automatic, hostnames and virtual hosts discovery tool written in Ruby, licensed under GNU General Public License version 3 (GPLv3). It's goal is to enumerate all hostnames and configured virtual hosts on an IP address. The primary users of hostmap are professionals performing vulnerability assessments and penetration tests. hostmap helps you using several techniques to enumerate all the hostnames associated with an IP address. The major features are: DNS names and (...) -> http://www.security-database.com/toolswatch/hostmap-v0-2-hostname-discovery.html ** CAT the manual web application penetration testing application released ** by Tools Tracker Team - 18 December 2009 CAT is an application to facilitate manual web application penetration testing. It was designed to cope with a more demanding level of application testing, taking away some of the more repetitive nature of testing and allowing the tester to focus their time instead on the individual application, enabling them to conduct a much more thorough test. There are a number of features which CAT has to enable a wide variety of testing to be conducted: Request Repeater Used for repeating a single (...) -> http://www.security-database.com/toolswatch/CAT-the-manual-web-application.html ** Kismac v0.3 released : The OSX Wireless Sniffer ** by Tools Tracker Team - 18 December 2009 KisMAC is an open-source and free sniffer/scanner application for Mac OS X. It has an advantage over MacStumbler / iStumbler / NetStumbler in that it uses monitor mode and passive scanning. KisMAC supports several third party PCMCIA cards: Orinoco, PrismII, Cisco Aironet, Atheros and PrismGT. USB devices with Intersil Prism2, Ralink rt2570 and rt73, and Realtek rtl8187 chipsets are in progress towards full support as well. All of the internal AirPort hardware is supported for scanning. (...) -> http://www.security-database.com/toolswatch/Kismac-v0-3-released-The-OSX.html ** Focus on Airoscript NG version 1.0 ** by Tools Tracker Team - 18 December 2009 Airoscript is a text-user-interface (TUI) for aircrack-ng. A great companion to make your life easier on wifi pentesting. Various attacks are available, such as chopchop, fragmentation attack, fakeauth, deauth, dictionary attacks and WPA cracking. Fixed client selection menu External functions now works Fixed regex that breaked iw2200 F@@@ dos line endings in makefiles. Lots of minor changes Cosmetics on non-existant unstable functions Splitted some functions from menu here (...) -> http://www.security-database.com/toolswatch/Focus-on-Airoscript-NG-version-1.html ** SpiceWorks v4.5 available ** by Tools Tracker Team - 18 December 2009 Spiceworks is the complete network management & monitoring, helpdesk, PC inventory & software reporting solution to manage Everything IT in small and medium businesses. Spiceworks Lets You... Inventory Your Network & PCs Monitor & Manage Your Network Manage Your IT Assets Manage Changes & Configurations Map Your NetworkBETA Audit Your Software Troubleshoot Your Network Run an IT Help Desk Be an MSP Talk to IT Pros Like You Spiceworks IT Desktop is designed for IT Pros who have (...) -> http://www.security-database.com/toolswatch/SpiceWorks-v4-5-available.html ** Wireshark v1.2.5 released ** by ToolsTracker - 18 December 2009 Wireshark is the worlds most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2 Version 1.2.5 Bug Fixes The following vulnerabilities have been fixed. See the security advisory (...) -> http://www.security-database.com/toolswatch/Wireshark-v1-2-5-released.html ** Samhain v2.6.0 released ** by ToolsTracker - 16 December 2009 The samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. It has been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host. Samhain is a multiplatform (...) -> http://www.security-database.com/toolswatch/Samhain-v2-6-released.html ** Lynis version 1.2.9 just released ** by Tools Tracker Team - 16 December 2009 Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. New: Support for Squid3 Added Squid unsafe ports check [SQD-3624] Added Squid configuration file permission check [SQD-3613] Added Squid test: reply_body_max_size option [SQD-3630] Added /etc/init.d/rc and /etc/init.d/rcS to umask (...) -> http://www.security-database.com/toolswatch/Lynis-version-1-2-9-just-released.html ** Mobius Forensic Toolkit v0.5 released ** by ToolsTracker - 16 December 2009 Mobius Forensic Toolkit is an open-source forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files, for easy integration with other tools. Version 0.5 module mobius.model.extension renamed to mobius.extension mobius.extension.Compiler compiles .xml extensions to .py extensions now have callbacks part-model: uses callbacks date-code: uses callbacks (...) -> http://www.security-database.com/toolswatch/Mobius-Forensic-Toolkit-v0-5.html ** Dradis v2.4.1 released ** by ToolsTracker - 16 December 2009 Dradis is an open source framework to enable effective information sharing. Dradis is a self-contained web application that provides a centralised repository of information to keep track of what has been done so far, and what is still ahead. Features include: Easy report generation. Support for attachments. Integration with existing systems and tools through server plugins. Platform independent. Version 2.4.1 SERVER: Plugin improvements Nmap Upload is now using the Nmap::Parser (...) -> http://www.security-database.com/toolswatch/Dradis-v2-4-1-released.html ** Ninja v0.1.3 - privilege escalation detection and prevention ** by ToolsTracker - 16 December 2009 Ninja is a privilege escalation detection and prevention system for GNU/Linux hosts. While running, it will monitor process activity on the local host, and keep track of all processes running as root. If a process is spawned with UID or GID zero (root), ninja will log necessary information about this process, and optionally kill the process if it was spawned by an unauthorized user. Version 0.1.3 (03-12-2009) general: bumped version to 0.1.3 log.c do va_start() before writing to (...) -> http://www.security-database.com/toolswatch/Ninja-v0-1-3-privilege-escalation.html ** Metasploit Framework v3.3.2 released ** by ToolsTracker - 16 December 2009 The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler. Metasploit Framework v3.3.2 Metasploit now has 463 exploit (...) -> http://www.security-database.com/toolswatch/Metasploit-Framework-v3-3-2.html ** SSHatter v1.0 - Password brute forcer for SSH ** by ToolsTracker - 16 December 2009 Password brute forcer for SSH. Version 1.0 Fixed minor bug where command succeeds but there is no output Added dumb mode (-d), where SSHatter will check password equals password, username and blank. Cheers Mylestro Added sudo mode (-0), where SSHatter will echo the password to STDIN Added rudimentry file transfer modes (-P/-G), these also work interactively via "put" and "get" Improved usage message SSHatter makes use of a number of standard Perl libraries: Parallel::ForkManager (...) -> http://www.security-database.com/toolswatch/SSHatter-v1-Password-brute-forcer.html ** Acunetix WVS v6.5 build 20091215 released ** by ToolsTracker - 15 December 2009 Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing. An updated build for Acunetix WVS Version 6.5 has been released with a number of improvements, bug fixes, and a number of new security checks. New (...) -> http://www.security-database.com/toolswatch/Acunetix-WVS-v6-5-build-20091215.html ** Scapy version 2.1.0 available ** by Tools Tracker Team - 15 December 2009 Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and (...) -> http://www.security-database.com/toolswatch/Scapy-version-2-1-available.html ** OSWA-Assistant v0.9.0.6h released ** by Tools Tracker Team - 12 December 2009 The OSWA-Assistant is a no-Operating-System-required standalone toolkit which is solely focused on wireless auditing. As a result, in addition to the usual WiFi (802.11) auditing tools, it also covers Bluetooth and RFID auditing. Using the toolkit is as easy as popping it into your computers CDROM and making your computer boot from it! This is a maintenance release with more Ralink cards supported (due to changes in vendor IDs reported by certified OSWAs & various other people) and (...) -> http://www.security-database.com/toolswatch/OSWA-Assistant-v0-9-6h-released.html Regards Nabil OUCHN CEO & Founder Security-Database France Maximiliano Soler ToolWatch Leader Security-Database Argentina ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Tools Update - third week of december 2009 SD List (Dec 21)