Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

[Tools update] The Security-Database Watch Newsletter -- v20090613

From: "SD List" <list () security-database com>
Date: Sat, 13 Jun 2009 20:10:18 +0200 (CEST)
Hello

Here is the site's newsletter "Security Database Tools Watch"
(http://www.security-database.com/toolswatch).
This letter summarizes the articles and news items published since 7 days.


          New articles
          --------------------------


** Ophcrack 3.3.0 and ophcrack LiveCD 2.3.0 released **
by  Tools Tracker Team
- 8 June 2009

Ophcrack is a Windows password cracker based on rainbow tables. It is a
very efficient implementation of rainbow tables done by the inventors of
the method. It comes with a GTK+ Graphical User Interface and runs on
Windows, Mac OS X (Intel CPU) as well as on Linux

Ophcrack version 3.3.0 includes support for our new tables vista_seven.
These tables crack 99% of passwords of length 7 composed of almost any
character including special characters. This table set will be included in
our (...)

->
http://www.security-database.com/toolswatch/Ophcrack-3-3-and-ophcrack-LiveCD-2.html


** WebBuster v1.0 beta 0.3 Wireless security assessment **
by  Tools Tracker Team
- 8 June 2009

This small utility was written for Information Security Professionals to
aid in conducting Wireless Security Assessment. The program executes
various utilities included in the aircrack-ng suite, a set of tools for
auditing wireless networks, in order to obtain the WEP encryption key of a
wireless access point. aircrack-ng can be obtained from
http://www.aircrack-ng.org

Features:

Cracks all access points within the range in one go!! Supports:

Mac address filtering bypass (via (...)

->
http://www.security-database.com/toolswatch/WebBuster-v1-beta-3-Wireless.html


** Quttera v0.3.1.0.9 available **
by  Tools Tracker Team
- 7 June 2009

Quttera detects zero-day vulnerability exploits, shellcodes and
potentially malicious executable code hidden in computer files such as
movies, images, documents and etc. Quttera is not just another antivirus
solution. Quttera implements patent pending signatureless algorithm capable
of detection "zero day" malicious threats without any prior information
(threat signature) identifying detected malware. Quttera’s investigation
mechanism does not rely on any signatures database but rather on (...)

->
http://www.security-database.com/toolswatch/Quttera-v0-3-1-9-available.html


** (Update) Sapyto SAP pentest version 1.0 available **
by  Tools Tracker Team
- 7 June 2009

SAPYTO is a SAP Penetration Testing Framework. It enables security
professionals to perform security assessments of different components of
SAP R/3 deployments. Presented at Blackhat Europe 2007, it was shipped with
many plugins to analyze the security of the RFC interface implementation of
SAP systems. The plugin-based architecture enables users to develop their
own plugins, extending functionality and allowing the framework to detect
new vulnerabilities.

Changes :

Windows support! Now (...)

->
http://www.security-database.com/toolswatch/Sapyto-SAP-pentest-updated-to-v0,657.html


** NetworkMiner v0.88 released **
by  Tools Tracker Team
- 7 June 2009

A passive network sniffer/packet capturing tool for Windows. NetworkMiner
can detect OS’s, hostnames, open ports, sessions and extract files
without putting any traffic on the network. NetworkMiner can also parse
PCAP files for offline forensic analysis

NetworkMiner performs OS fingerprinting based on TCP SYN and SYN+ACK
packet by using OS fingerprinting databases from p0f (by Michal Zalewski)
and Ettercap (by Alberto Ornaghi and Marco Valleri). NetworkMiner can also
perform OS (...)

->
http://www.security-database.com/toolswatch/NetworkMiner-v0-88-released.html


** AutoScan v1.42 extended to OpenSolaris and BackTrack **
by  Tools Tracker Team
- 7 June 2009

AutoScan-Network is a network discovering and managing application. No
configuration is required to scan your network. The main goal is to print
the list of connected equipments in your network

Features:

Multithreaded Scan

Automatic network discovery

Low surcharge on the network

Simultaneous subnetworks scans without human intervention

Realtime detection of any connected equipment

Supervision of any equipment (router, server, firewall...)

Supervision of any network service (smtp, (...)

->
http://www.security-database.com/toolswatch/AutoScan-v1-42-extended-to.html


** SARA project retired. Last release is 7.9.1 **
by  Tools Tracker Team
- 7 June 2009

The Security Auditor’s Research Assistant (SARA) is a third generation
network security analysis tool that is:

Operates under Unix, Linux, MAC OS/X or Windows (through coLinux) OS’.

Integrates the National Vulnerability Database (NVD).

Performs SQL injection tests.

Performs exhaustive XSS tests

Can adapt to many firewalled environments.

Support remote self scan and API facilities.

Used for CIS benchmark initiatives

Plug-in facility for third party apps

CVE standards support (...)

->
http://www.security-database.com/toolswatch/SARA-project-retired-Last-release.html


** Findbugs v1.3.9-dev-20090604 released **
by  Tools Tracker Team
- 7 June 2009

FindBugs™ is a program to find bugs in Java programs. It looks for
instances of "bug patterns" --- code instances that are likely to be
errors.

->
http://www.security-database.com/toolswatch/Findbugs-v1-3-9-dev-20090604.html


** Cain & Abel v4.9.31 released **
by  Tools Tracker Team
- 7 June 2009

Cain & Abel is a password recovery tool for Microsoft Operating Systems.
It allows easy recovery of various kind of passwords by sniffing the
network, cracking encrypted passwords using Dictionary, Brute-Force and
Cryptanalysis attacks, recording VoIP conversations, decoding scrambled
passwords, recovering wireless network keys, revealing password boxes,
uncovering cached passwords and analyzing routing protocol.

Changelog

SIPS Man-in-the-Middle Sniffer (TCP port 5061; successfully (...)

->
http://www.security-database.com/toolswatch/Cain-Abel-v4-9-31-released.html


** Wireshark 1.2.0pre1 Released **
by  Tools Tracker Team
- 7 June 2009

Wireshark® is the world’s most popular network protocol analyzer. It
has a rich and powerful feature set and runs on most computing platforms
including Windows, OS X, Linux, and UNIX. Network professionals, security
experts, developers, and educators around the world use it regularly. It is
freely available as open source, and is released under the GNU General
Public License version 2

The following features are new (or have been significantly updated) since
version 1.0:

Wireshark has a (...)

->
http://www.security-database.com/toolswatch/Wireshark-1-2-0pre1-Released.html


** Saint vulnerability scanner v6.10.8 available **
by  Tools Tracker Team
- 7 June 2009

SAINT is the Security Administrator’s Integrated Network Tool. It is
used to non-intrusively detect security vulnerabilities on any remote
target, including servers, workstations, networking devices, and other
types of nodes. It will also gather information such as operating system
types and open ports. The SAINT graphical user interface provides access to
SAINT’s data management, scan configuration, scan scheduling, and data
analysis capabilities through a web browser. Different aspects of (...)

->
http://www.security-database.com/toolswatch/Saint-vulnerability-scanner-v6-10.html


** Kismet-2009-05-RC2 released **
by  Tools Tracker Team
- 7 June 2009

Kismet is an 802.11 layer2 wireless network detector, sniffer, and
intrusion detection system. Kismet will work with any wireless card which
supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and
802.11g traffic

Kismet identifies networks by passively collecting packets and
detectingstandard named networks, detecting (and given time, decloaking)
hidden networks, and infering the presence of nonbeaconing networks via
data traffic.

These binaries enable native capture for (...)

->
http://www.security-database.com/toolswatch/Kismet-2009-05-RC2-released.html


** Nessus update to v4.0.1 **
by  Tools Tracker Team
- 7 June 2009

Nessus is the world’s most popular vulnerability scanner used in over
75,000 organizations world-wide. Many of the world’s largest
organizations are realizing significant cost savings by using Nessus to
audit business-critical enterprise devices and applications.

Tenable Network Security has released version 4.0.1 of the Nessus
vulnerability scanner. This point release includes a variety of minor bug
fixes as well as support for additional authentication schemes. All
customers are encouraged (...)

-> http://www.security-database.com/toolswatch/Nessus-update-to-v4-1.html

Regards
N.OUCHN
Security-database.com


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: