Penetration Testing mailing list archives
[Tools update] The Security-Database Watch Newsletter -- v20090905
From: "SD List" <list () security-database com>
Date: Sun, 6 Sep 2009 10:42:11 +0200 (CEST)
Hello Here is the site's newsletter "Security Database Tools Watch" (http://www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. New articles -------------------------- ** mysqloit v0.1 - SQL Injection Takeover Tool ** by ToolsTracker - 5 September 2009 MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache, MySql, PHP) and WAMP (Linux, Apache, MySql, PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities. Attackers performing SQL injection on a MySQL-PHP platform must deal with several limitations and constraints. For example, the lack of multiple statements in one query makes MySQL an unpopular platform for remote code execution, compared to (...) -> http://www.security-database.com/toolswatch/mysqloit-v0-1-SQL-Injection.html ** Jasager - Wifi MitM Tool (faking Access Point) ** by Tools Tracker Team - 5 September 2009 Jasager is an implementation of Karma designed to run on OpenWrt on the Fon. It will probably run on most APs with Atheros wifi cards but it was designed with the Fon in mind as it is a nice small AP which gives it a lot of scope for use in penetration tests and other related fun. A quick highlight of features: Web interface showing currently connected clients with their MAC address, IP address (if assigned) and the SSID they associated with The web interface allows control of all Karma (...) -> http://www.security-database.com/toolswatch/Jasager-Wifi-MitM-Tool-faking.html ** Spiceworks 4.1.40098 - Updated ** by ToolsTracker - 5 September 2009 Spiceworks is the complete network management & monitoring, helpdesk, PC inventory & software reporting solution to manage Everything IT in small and medium businesses. Spiceworks Lets You... Inventory Your Network & PCs Monitor & Manage Your Network Manage Your IT Assets Manage Changes & Configurations Map Your NetworkBETA Audit Your Software Troubleshoot Your Network Run an IT Help Desk Be an MSP Talk to IT Pros Like You Spiceworks IT Desktop is designed for IT Pros who have (...) -> http://www.security-database.com/toolswatch/Spiceworks-4-1-40098-Updated.html ** Stoned Bootkit upgraded to v2.0 ** by Tools Tracker Team - 3 September 2009 Stoned Bootkit is a new Windows bootkit which attacks all Windows versions from XP up to 7. It is loaded before Windows starts and is memory resident up to the Windows kernel. Thus Stoned gains access to the entire system. It has exciting features like integrated file system drivers, automatic Windows pwning, plugins, boot applications and much much more. The project is partly published as open source under the European Union Public License. Like in 1987, "Your PC is now Stoned! ..again". A (...) -> http://www.security-database.com/toolswatch/Stoned-Bootkit-upgraded-to-v2.html ** Burp suite pro updated to v1.2.16 ** by Tools Tracker Team - 3 September 2009 Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility. Changelog: Improved handling of AMF messages, to support some data types which were previously (...) -> http://www.security-database.com/toolswatch/Nouvel-article.html ** Websecurify v0.3 released ** by Tools Tracker Team - 2 September 2009 Websecurify Security Testing Framework identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The framework is written in JavaScript and successfully executes in numerous platforms including modern browsers with support for HTML5, xulrunner, xpcshell, Java, V8 and others. -> http://www.security-database.com/toolswatch/Websecurify-v0-3-released.html ** Mobius Forensic Toolkit updated to 0.4.7 ** by Tools Tracker Team - 2 September 2009 Mobius Forensic Toolkit is an open-source forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files, for easy integration with other tools Changes in this release extension-builder: undo/redo extension-builder: cut/copy/paste extension-builder: jump to line extension-builder: delete extension-builder: find extension-builder: find and replace Extension (...) -> http://www.security-database.com/toolswatch/Mobius-Forensic-Toolkit-updated-to.html ** The Dude network monitor v3.4 ** by Tools Tracker Team - 1 September 2009 The Dude network monitor is a new application by MikroTik which can dramatically improve the way you manage your network environment. It will automatically scan all devices within specified subnets, draw and layout a map of your networks, monitor services of your devices and alert you in case some service has problems. Some of it's features: The Dude is free of charge! Auto network discovery and layout Discovers any type or brand of device Device, Link monitoring, and notifications (...) -> http://www.security-database.com/toolswatch/The-Dude-network-monitor-v3-4.html ** (IN)Secure Mag issue 22 released ** by Tools Tracker Team - 1 September 2009 (IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. The covered topics include: Using real-time events to drive your network scans Review: Data Locker The Nmap project: Open source with style Enterprise effectiveness of digital certificates: Are they ready for prime-time? A look at geolocation, URL shortening and top Twitter threats How "fake stuff" can make you more secure Making clouds secure Q&A: Dr. Herbert (...) -> http://www.security-database.com/toolswatch/IN-Secure-Mag-issue-22-released.html ** SAINT® 7.1.1 Released ** by Tools Tracker Team - 31 August 2009 SAINT is the Security Administrators Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINTs data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...) -> http://www.security-database.com/toolswatch/SAINT-R-7-1-1-Released.html Regards N.Ouchn CEO & Founder www.Security-Database.com Keep a vigilant eyes on your defenses ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- [Tools update] The Security-Database Watch Newsletter -- v20090905 SD List (Sep 08)