Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Tools Update - 3rd week of october

From: "SD List" <list () security-database com>
Date: Sun, 25 Oct 2009 10:43:27 +0100 (CET)
Dear list,

Here is the site's newsletter "Security Database Tools Watch"
(http://www.security-database.com/toolswatch).
This letter summarizes the articles and news items published since 7 days.


         New articles
         --------------------------


** CeWL v2.2 (Custom Word List generator) - released **
by  ToolsTracker
- 24 October 2009

CeWL (Custom Word List generator) is a ruby app which spiders a given url
to a specified depth, optionally following external links, and returns a
list of words which can then be used for password crackers such as John the
Ripper. CeWL is pronounced "cool".

Version 2.2

Added grabbing words from the meta keywords and description tags, from
HTML comments and from select HTML attribute tags, currently alt and title.
If you want to add more attributes just edit the attribute_names array to
(...)

->
http://www.security-database.com/toolswatch/CeWL-v2-2-Custom-Word-List.html


** Vicnum v1.3 [OWASP Project] - Released! **
by  ToolsTracker
- 24 October 2009

A lightweight flexible vulnerable web application written in PERL and PHP.
It demonstrates common web application vulnerabilities such as cross site
scripting and session management issues.

Vicnum is helpful to IT auditors who need to hone web security skills and
can also be used by those setting up 'capture the flag' exercises or by
those who just want to have some fun with web assessments.

Vicnum the basics

A vulnerable web app using LAMP

Perl

PHP

Packaged as a Ubuntu (...)

->
http://www.security-database.com/toolswatch/Vicnum-v1-3-OWASP-Project-Released.html


** OpenSSH v5.3 - released **
by  ToolsTracker
- 22 October 2009

OpenSSH is a FREE version of the SSH connectivity tools that technical
users of the Internet rely on. Users of telnet, rlogin, and ftp may not
realize that their password is transmitted across the Internet unencrypted,
but it is.

OpenSSH encrypts all traffic (including passwords) to effectively
eliminate eavesdropping, connection hijacking, and other attacks.
Additionally, OpenSSH provides secure tunneling capabilities and several
authentication methods, and supports all SSH protocol (...)

-> http://www.security-database.com/toolswatch/OpenSSH-v5-3-released.html


** Acunetix WVS v6.5 build 20091012 released **
by  ToolsTracker
- 22 October 2009

Acunetix Web Vulnerability Scanner (WVS) is an automated web application
security testing tool that audits your web applications by checking for
exploitable hacking vulnerabilities. Automated scans may be supplemented
and cross-checked with the variety of manual tools to allow for
comprehensive web site and web application penetration testing.

Bug Fixes

Memory leak when invoking state change handler

Item index for an item which has just been inserted fails in the
Browserframe

Error in (...)

->
http://www.security-database.com/toolswatch/Acunetix-WVS-v6-5-build-20091012.html


** GreenSQL-FW v1.1.0 - released **
by  ToolsTracker
- 22 October 2009

GreenSQL is an Open Source database firewall used to protect databases
from SQL injection attacks. GreenSQL works as a proxy for SQL commands and
has built in support for MySQL.

The logic is based on evaluation of SQL commands using a risk scoring
matrix as well as blocking known db administrative commands (DROP, CREATE,
etc).

Main Firewall changes in GreenSQL version 1.1:

Added support for the MySQL v.5.0 protocol

Optimized code

Added new patterns

Fixed memory leak when adding new (...)

->
http://www.security-database.com/toolswatch/GreenSQL-FW-v1-1-released.html


** AutoNessus v1.3.2 released **
by  ToolsTracker
- 22 October 2009

AutoNessus automates regular Nessus scans and provides delta reporting.
The goal is to reduce the analysis time for subsequent scans of the same
infrastructure by only reporting delta findings.

Version 1.3.2 - Fixing some bugs

Ticket [ 2849220 ] - do-scan errors

Ticket [ 2849229 ] - Nessus 4 compatibility

Ticket [ 2740544 ] - XSS protection in diff kills formatting

Ticket [ 2793178 ] - Odd rendering of CVE references

Ticket [ 2783580 ] - Missing EMAIL= not handled gracefully

Ticket (...)

->
http://www.security-database.com/toolswatch/AutoNessus-v1-3-2-released.html


** Rudix release 2009 Unix ports and packages for Mac OS X **
by  Tools Tracker Team
- 20 October 2009

Rudix features a world class collection of pre-compiled and ready to use
Unix compatible software which are not available from a fresh installation
of Mac OS X but are popular among other Unix environments. Here you can
find utilities, programming languages, libraries and tools delivered as
standard Mac OS X packages.

Rudix provides for system administrators and developers a powerful and
easy to customize port system where you can retrieve, compile and build
native Mac OS X software for (...)

->
http://www.security-database.com/toolswatch/Rudix-release-2009-Unix-ports-and.html


** VHoster v1.0 - using the API of Live **
by  ToolsTracker
- 19 October 2009

This tool is to enumerate the online domains that correspond to the same
IP.

Is very simple and util. Using the service of Live / BING, that maintains
an interrelated database can be released.

This tool automates the search: IP:[THE IP]

->
http://www.security-database.com/toolswatch/VHoster-v1-using-the-API-of-Live.html


** Nikto v2.1.0 - released **
by  ToolsTracker
- 19 October 2009

Nikto is an Open Source (GPL) web server scanner which performs
comprehensive tests against web servers for multiple items, including over
3500 potentially dangerous files/CGIs, versions on over 900 servers, and
version specific problems on over 250 servers. Scan items and plugins are
frequently updated and can be automatically updated (if desired).

This version has gone through significant rewrites under the hood to how
Nikto works, to make it more expandable and usable. Changes (...)

-> http://www.security-database.com/toolswatch/Nikto-v2-1-released.html


** Binging beta released - Footprinting and Discovery Tool with Bing - **
by  Tools Tracker Team
- 18 October 2009

Binging is a simple tool to query Bing search engine. It will use your
Bing API key and fetch multiple results. This particular tool can be used
for cross domain footprinting for Web 2.0 applications, site discovery,
reverse lookup, host enumeration etc.

One can use various different directives like site, ip etc. and run
queries against the engine. On top of it tool provides filtering
capabilities so you can ask for unique URLs or hosts.

It is also possible to filter results by applying (...)

->
http://www.security-database.com/toolswatch/Binging-beta-released-Footprinting.html


** KrbGuess v0.21 released - Kerberos usernames enumeration **
by  Tools Tracker Team
- 18 October 2009

KrbGuess is a small and simple tool which can be used during security
testing to guess valid usernames against a Kerberos environment. It allows
you to do this by studying the response from a TGT request to the KDC
server. The tool works against both Microsoft Active Directory, MIT and
Heimdal Kerberos implementations. In addition it will detect if an account
lacks pre-authentication.

The tool is supplied with a file containing a list of usernames and
requests a TGT for each user and then (...)

->
http://www.security-database.com/toolswatch/KrbGuess-v0-21-released-Kerberos.html


** Cain and Abel updated to v4.9.34 **
by  Tools Tracker Team
- 18 October 2009

Cain & Abel is a password recovery tool for Microsoft Operating Systems.
It allows easy recovery of various kind of passwords by sniffing the
network, cracking encrypted passwords using Dictionary, Brute-Force and
Cryptanalysis attacks, recording VoIP conversations, decoding scrambled
passwords, recovering wireless network keys, revealing password boxes,
uncovering cached passwords and analyzing routing protocol.

Added support for Windows 2008 Terminal Server in APR-RDP sniffer filter.
(...)

->
http://www.security-database.com/toolswatch/Cain-and-Abel-updated-to-v4-9-34.html

N.OUCHN
CEO & Founder @ Security-Database


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: