Penetration Testing mailing list archives
Tools Update - last week of october
From: "SD List" <list () security-database com>
Date: Sat, 31 Oct 2009 21:11:39 +0100 (CET)
Hello Here is the site's newsletter "Security Database Tools Watch" (http://www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. New articles -------------------------- ** Enhanced Mitigation Evaluation Toolkit v1.0.2 released ** by Tools Tracker Team - 30 October 2009 Security mitigation technologies are technologies designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software. The Enhanced Mitigation Evaluation Toolkit (EMET) is a toolkit that allows certain security mitigation technologies to be applied to user specified applications. This utility builds on our current offerings in several key ways: Until now, many of the available mitigations have required for an application to be manually opted in and (...) -> http://www.security-database.com/toolswatch/Enhanced-Mitigation-Evaluation.html ** Focus on HP's Scrawlr SQL injection tool ** by Tools Tracker Team - 30 October 2009 Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr is lightning fast and uses our intelligent engine technology to dynamically craft SQL Injection attacks on the fly. It can even provide proof positive results by displaying the type of backend database in use and a list (...) -> http://www.security-database.com/toolswatch/Focus-on-HP-s-Scrawlr-SQL.html ** SAINT® 7.1.5 Released ** by Tools Tracker Team - 30 October 2009 SAINT is the Security Administrators Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINTs data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...) -> http://www.security-database.com/toolswatch/SAINT-R-7-1-5-Released.html ** Wireshark v1.2.3, v1.0.10, and v1.3.1 Released ** by ToolsTracker - 28 October 2009 Wireshark is the worlds most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2 Wireshark 1.2.3 (stable), 1.0.10 (old stable), and 1.3.1 (development) have been released. (...) -> http://www.security-database.com/toolswatch/Wireshark-v1-2-3-v1-10-and-v1-3-1.html ** OAT v2.0 - OCS Assessment Tool - released ** by ToolsTracker - 28 October 2009 OAT (OCS Assessment Tool) is an Open Source Security tool designed to check the password strength of Microsoft Office Communication Server users. After a password is compromised, OAT demonstrates potential UC attacks that can be performed by legitimate users if proper security controls are not in place. OCS == Microsoft Office Communications Server OAT Modes Internal Network Attack Mode Internal network is a deployment scenario where OCS users have unfiltered network connectivity to the (...) -> http://www.security-database.com/toolswatch/OAT-v2-OCS-Assessment-Tool.html ** YARA v1.3 - A malware identification and classification tool ** by ToolsTracker - 27 October 2009 YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic. YARA is multi-platform, running on Windows, Linux and Mac OS X, and can be used through its command-line interface or from your own Python scripts with the yara-python (...) -> http://www.security-database.com/toolswatch/YARA-v1-3-A-malware-identification.html ** Acunetix WVS v6.5 build 20091027 released ** by ToolsTracker - 27 October 2009 Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing. Bug fixes: Fixed: Redirect on LoginSequenceStep was not followed correctly Fix in URL Rewrite module to remove GetVars before matching (...) -> http://www.security-database.com/toolswatch/Acunetix-WVS-v6-5-build-20091027.html ** NetReconn v1.72 - released ** by ToolsTracker - 27 October 2009 A small set of tools based on previous reference programs and scripts. Currently consists of: tiny network strobe, sniffer and payload decoder. These tools are not meant to replace current tools out there; they are designed to be small, fast and "do one thing well". Version 1.72 fixed ipdump manpage added payload decoder ndecode better input validation (still not perfect though) converted to standard exit codes everywhere nstrobe: Fixed AI_ADDRCONFIG error on NetBSD deleted mini (...) -> http://www.security-database.com/toolswatch/NetReconn-v1-72-released.html ** DirSnatch v2.0 - listing directory ** by ToolsTracker - 26 October 2009 This tool allows for export of directory listings of your web root. The essence of the tool is very basic. If you want a nice and neat directory listing in a format ready to request in an automated fashion this is your tool. This tool was developed with Ruby 1.8.6. License: GNU General Public License v3 More information: here -> http://www.security-database.com/toolswatch/DirSnatch-v2-listing-directory.html ** OpenSCAP v0.5.4 - released ** by ToolsTracker - 26 October 2009 The OpenSCAP Project was created to provide an open-source framework to the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities. It is the goal of OpenSCAP to provide a simple, easy to use set of interfaces to serve as the framework for community use of SCAP. Version 0.5.4 new CPE model evaluation of set objects and system characteristic output implementation of variable model bindings clean up probes tune up, (...) -> http://www.security-database.com/toolswatch/OpenSCAP-v0-5-4-released.html ** Cain & Abel v4.9.35 - released ** by ToolsTracker - 26 October 2009 Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocol. Version v4.9.35 Added Windows Firewall status detection on startup. Added (...) -> http://www.security-database.com/toolswatch/Cain-Abel-v4-9-35-released.html ** CeWL v2.2 (Custom Word List generator) - released ** by ToolsTracker - 24 October 2009 CeWL (Custom Word List generator) is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper. CeWL is pronounced "cool". Version 2.2 Added grabbing words from the meta keywords and description tags, from HTML comments and from select HTML attribute tags, currently alt and title. If you want to add more attributes just edit the attribute_names array to (...) -> http://www.security-database.com/toolswatch/CeWL-v2-2-Custom-Word-List.html ** Vicnum v1.3 [OWASP Project] - Released! ** by ToolsTracker - 24 October 2009 A lightweight flexible vulnerable web application written in PERL and PHP. It demonstrates common web application vulnerabilities such as cross site scripting and session management issues. Vicnum is helpful to IT auditors who need to hone web security skills and can also be used by those setting up 'capture the flag' exercises or by those who just want to have some fun with web assessments. Vicnum the basics A vulnerable web app using LAMP Perl PHP Packaged as a Ubuntu (...) -> http://www.security-database.com/toolswatch/Vicnum-v1-3-OWASP-Project-Released.html Regards Nabil OUCHN CEO & Founder www.security-database.com ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Tools Update - last week of october SD List (Nov 02)