Penetration Testing mailing list archives
Tools Update - second week of november 2009
From: "SD List" <list () security-database com>
Date: Sun, 15 Nov 2009 10:42:29 +0100 (CET)
Hello Here is the site's newsletter "Security Database Tools Watch" (http://www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. New articles -------------------------- ** Websecurify updated to v0.4 RC2 ** by Tools Tracker Team - 13 November 2009 Websecurify Security Testing Framework identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The framework is written in JavaScript and successfully executes in numerous platforms including modern browsers with support for HTML5, xulrunner, xpcshell, Java, V8 and others. -> http://www.security-database.com/toolswatch/Websecurify-updated-to-v0-4-RC2.html ** fimap alpha v0.6.1 released : RFI/LFI auditing & scanning ** by Tools Tracker Team - 13 November 2009 fimap is a little python tool which can find, prepare, scan, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It's is currently under heavy development but it's usable. Quick News for SVN and upcoming versions * Version 06.1 is live! o Fixed relative path detection on windows systems. o Added additional regex to detect error message. (...) -> http://www.security-database.com/toolswatch/fimap-alpha-v0-6-1-released-RFI.html ** SAINT® 7.2 Released : Now OVAL compatible. ** by Tools Tracker Team - 13 November 2009 SAINT is the Security Administrators Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINTs data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...) -> http://www.security-database.com/toolswatch/SAINT-R-7-2-Released-Now-OVAL.html ** COFEE leakage Affair : May Sun Tzu be with you, always ! ** by Tools Tracker Team - 12 November 2009 As the web is boiling with this COFEE leakage affair, i was deep into reading (again and again) my favorite book Sun Tzu : The principles of warfare - The Art of War-. And i was specially focused into the part about turning the enemy's strength into advantage. With this leakage, Microsoft reveals how the feds and other gov agencies proceed to extract evidence from computers. In fact, if you analyze the COFEE package. I said package because: COFEE is something like 150 command line utilities (...) -> http://www.security-database.com/toolswatch/COFEE-leakage-Affair-May-Sun-Tzu.html ** NetWitness v9.0 released ** by ToolsTracker - 10 November 2009 NetWitness NextGen is a comprehensive network security monitoring solution. Looking for insider threats, data leakage, malware activity, asset misuse, network anomalies, compliance, and network e-discovery. Version 9.0 NetWitness Identity - provides the ability to easily correlate IP addresses in network sessions to end-user directory credentials fusing an organizations Active Directory to offer a real-time 4-1-1 lookup capability. As a result, security staff can link compromised (...) -> http://www.security-database.com/toolswatch/NetWitness-v9-released.html ** RATS v2.3 - Rough Auditing Tool for Security ** by ToolsTracker - 10 November 2009 RATS (Rough Auditing Tool for Security), is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions. RATS scanning tool provides a security analyst with a list of potential trouble spots on which to focus, along with describing the problem, and potentially suggest remedies. It also provides a relative assessment of the potential (...) -> http://www.security-database.com/toolswatch/RATS-v2-3-Rough-Auditing-Tool-for.html ** Origami v1.0.0-beta1b released ** by ToolsTracker - 10 November 2009 Origami is a Ruby framework designed to parse, analyze, and forge PDF documents. This is NOT a PDF rendering library. It aims at providing a scripting tool to generate and analyze malicious PDF files. As well, it can be used to create on-the-fly customized PDFs, or to inject (evil) code into already existing documents. Version 1.0.0-beta1b Fixed a bug in some samples due to internal (...) -> http://www.security-database.com/toolswatch/Origami-v1-beta1b-released.html ** NetworkMiner v0.90 released! ** by ToolsTracker - 10 November 2009 NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files. The purpose of NetworkMiner is to collect data (such as forensic evidence) about (...) -> http://www.security-database.com/toolswatch/NetworkMiner-v0-90-released.html ** PenTBox v1.0.1 - Secure IM Client ** by ToolsTracker - 10 November 2009 PenTBox is a Security Suite with programs like Password Crackers, Denial of Service testing tools (DoS and DDoS), Secure Password Generators, Honeypots and much more. Destined to test security/stability of networks and more. Programmed in Ruby, and oriented to GNU/Linux systems (but compatible with Windows, MacOS and more). A new update for PenTBox, includes a new program, Secure IM Client. With this program, users can create a direct chat room between client and server and with a (...) -> http://www.security-database.com/toolswatch/PenTBox-v1-1-Secure-IM-Client.html ** Metasploit Framework 3.3 Release Candidate 1 released ** by Tools Tracker Team - 9 November 2009 The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler. General: Ruby 1.9.1 is now supported and recommended Windows Vista (...) -> http://www.security-database.com/toolswatch/Metasploit-Framework-3-3-Release.html ** Web Security Dojo v0.2 released ** by Tools Tracker Team - 8 November 2009 An open source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo. For learning and practicing web app security testing techniques. It does not need a network connection since it contains tools, targets, and documentation. Thus making it ideal for training classes and conferences. To install Dojo you can install and run VirtualBox, then "Import Appliance" using the OVF file. Other virtual machine packages (VMware, etc) will (...) -> http://www.security-database.com/toolswatch/Web-Security-Dojo-v0-2-released.html ** WepBuster v1.0 beta0.7 released ** by Tools Tracker Team - 8 November 2009 This small utility was written for Information Security Professionals to aid in conducting Wireless Security Assessment. The program executes various utilities included in the aircrack-ng suite, a set of tools for auditing wireless networks, in order to obtain the WEP encryption key of a wireless access point. aircrack-ng can be obtained from http://www.aircrack-ng.org Changes : added wordlist generator added embedded documentation miscellaneous code (...) -> http://www.security-database.com/toolswatch/WepBuster-v1-beta0-7-released.html ** Websecurify updated to v0.4 RC1 ** by Tools Tracker Team - 8 November 2009 Websecurify Security Testing Framework identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The framework is written in JavaScript and successfully executes in numerous platforms including modern browsers with support for HTML5, xulrunner, xpcshell, Java, V8 and others. -> http://www.security-database.com/toolswatch/Websecurify-updated-to-v0-4-RC1.html ** Lynis updated to version 1.2.7 ** by Tools Tracker Team - 8 November 2009 Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. Changelog : New: Added Kernel Hardening section Sysctl audit support in scan profile and related test [KRNL-6000] SSH option StrictModes test [SSH-7416] Password aging limit check [AUTH-9286] Ubuntu packages check (apt-show-versions) (...) -> http://www.security-database.com/toolswatch/Lynis-updated-to-version-1-2-7.html ** PenTester Scripting Logo Competition ** by Tools Tracker Team - 7 November 2009 PenTester Scripting website is a very handy collection of Scripts (ruby, shell, perl...) initiated by a group of researchers to make our pentests journey easier. The scripts are focused into 8 categories (recon, mapping, discovery, exploitation and so on). More information here http://www.pentesterscripting.com Please help our teammate Maximiliano Soler to win this logo competition. VOTE FOR MAX SOLER (...) -> http://www.security-database.com/toolswatch/PenTester-Scripting-Logo.html Regards Nabil OUCHN CEO & Founder Security-Database France Maximiliano Soler ToolWatch Leader Security-Database Argentina ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Tools Update - second week of november 2009 SD List (Nov 16)