Penetration Testing mailing list archives
[Tools update] The Security-Database Watch Newsletter -- v20090613
From: "SD List" <list () security-database com>
Date: Sat, 13 Jun 2009 20:10:18 +0200 (CEST)
Hello Here is the site's newsletter "Security Database Tools Watch" (http://www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. New articles -------------------------- ** Ophcrack 3.3.0 and ophcrack LiveCD 2.3.0 released ** by Tools Tracker Team - 8 June 2009 Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux Ophcrack version 3.3.0 includes support for our new tables vista_seven. These tables crack 99% of passwords of length 7 composed of almost any character including special characters. This table set will be included in our (...) -> http://www.security-database.com/toolswatch/Ophcrack-3-3-and-ophcrack-LiveCD-2.html ** WebBuster v1.0 beta 0.3 Wireless security assessment ** by Tools Tracker Team - 8 June 2009 This small utility was written for Information Security Professionals to aid in conducting Wireless Security Assessment. The program executes various utilities included in the aircrack-ng suite, a set of tools for auditing wireless networks, in order to obtain the WEP encryption key of a wireless access point. aircrack-ng can be obtained from http://www.aircrack-ng.org Features: Cracks all access points within the range in one go!! Supports: Mac address filtering bypass (via (...) -> http://www.security-database.com/toolswatch/WebBuster-v1-beta-3-Wireless.html ** Quttera v0.3.1.0.9 available ** by Tools Tracker Team - 7 June 2009 Quttera detects zero-day vulnerability exploits, shellcodes and potentially malicious executable code hidden in computer files such as movies, images, documents and etc. Quttera is not just another antivirus solution. Quttera implements patent pending signatureless algorithm capable of detection "zero day" malicious threats without any prior information (threat signature) identifying detected malware. Qutteras investigation mechanism does not rely on any signatures database but rather on (...) -> http://www.security-database.com/toolswatch/Quttera-v0-3-1-9-available.html ** (Update) Sapyto SAP pentest version 1.0 available ** by Tools Tracker Team - 7 June 2009 SAPYTO is a SAP Penetration Testing Framework. It enables security professionals to perform security assessments of different components of SAP R/3 deployments. Presented at Blackhat Europe 2007, it was shipped with many plugins to analyze the security of the RFC interface implementation of SAP systems. The plugin-based architecture enables users to develop their own plugins, extending functionality and allowing the framework to detect new vulnerabilities. Changes : Windows support! Now (...) -> http://www.security-database.com/toolswatch/Sapyto-SAP-pentest-updated-to-v0,657.html ** NetworkMiner v0.88 released ** by Tools Tracker Team - 7 June 2009 A passive network sniffer/packet capturing tool for Windows. NetworkMiner can detect OSs, hostnames, open ports, sessions and extract files without putting any traffic on the network. NetworkMiner can also parse PCAP files for offline forensic analysis NetworkMiner performs OS fingerprinting based on TCP SYN and SYN+ACK packet by using OS fingerprinting databases from p0f (by Michal Zalewski) and Ettercap (by Alberto Ornaghi and Marco Valleri). NetworkMiner can also perform OS (...) -> http://www.security-database.com/toolswatch/NetworkMiner-v0-88-released.html ** AutoScan v1.42 extended to OpenSolaris and BackTrack ** by Tools Tracker Team - 7 June 2009 AutoScan-Network is a network discovering and managing application. No configuration is required to scan your network. The main goal is to print the list of connected equipments in your network Features: Multithreaded Scan Automatic network discovery Low surcharge on the network Simultaneous subnetworks scans without human intervention Realtime detection of any connected equipment Supervision of any equipment (router, server, firewall...) Supervision of any network service (smtp, (...) -> http://www.security-database.com/toolswatch/AutoScan-v1-42-extended-to.html ** SARA project retired. Last release is 7.9.1 ** by Tools Tracker Team - 7 June 2009 The Security Auditors Research Assistant (SARA) is a third generation network security analysis tool that is: Operates under Unix, Linux, MAC OS/X or Windows (through coLinux) OS. Integrates the National Vulnerability Database (NVD). Performs SQL injection tests. Performs exhaustive XSS tests Can adapt to many firewalled environments. Support remote self scan and API facilities. Used for CIS benchmark initiatives Plug-in facility for third party apps CVE standards support (...) -> http://www.security-database.com/toolswatch/SARA-project-retired-Last-release.html ** Findbugs v1.3.9-dev-20090604 released ** by Tools Tracker Team - 7 June 2009 FindBugs is a program to find bugs in Java programs. It looks for instances of "bug patterns" --- code instances that are likely to be errors. -> http://www.security-database.com/toolswatch/Findbugs-v1-3-9-dev-20090604.html ** Cain & Abel v4.9.31 released ** by Tools Tracker Team - 7 June 2009 Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocol. Changelog SIPS Man-in-the-Middle Sniffer (TCP port 5061; successfully (...) -> http://www.security-database.com/toolswatch/Cain-Abel-v4-9-31-released.html ** Wireshark 1.2.0pre1 Released ** by Tools Tracker Team - 7 June 2009 Wireshark® is the worlds most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2 The following features are new (or have been significantly updated) since version 1.0: Wireshark has a (...) -> http://www.security-database.com/toolswatch/Wireshark-1-2-0pre1-Released.html ** Saint vulnerability scanner v6.10.8 available ** by Tools Tracker Team - 7 June 2009 SAINT is the Security Administrators Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINTs data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...) -> http://www.security-database.com/toolswatch/Saint-vulnerability-scanner-v6-10.html ** Kismet-2009-05-RC2 released ** by Tools Tracker Team - 7 June 2009 Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic Kismet identifies networks by passively collecting packets and detectingstandard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic. These binaries enable native capture for (...) -> http://www.security-database.com/toolswatch/Kismet-2009-05-RC2-released.html ** Nessus update to v4.0.1 ** by Tools Tracker Team - 7 June 2009 Nessus is the worlds most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the worlds largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications. Tenable Network Security has released version 4.0.1 of the Nessus vulnerability scanner. This point release includes a variety of minor bug fixes as well as support for additional authentication schemes. All customers are encouraged (...) -> http://www.security-database.com/toolswatch/Nessus-update-to-v4-1.html Regards N.OUCHN Security-database.com ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- [Tools update] The Security-Database Watch Newsletter -- v20090613 SD List (Jun 15)