Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

[Tools update] The Security-Database Watch Newsletter -- v20090905

From: "SD List" <list () security-database com>
Date: Sun, 6 Sep 2009 10:42:11 +0200 (CEST)
Hello

Here is the site's newsletter "Security Database Tools Watch"
(http://www.security-database.com/toolswatch).
This letter summarizes the articles and news items published since 7 days.


          New articles
          --------------------------


** mysqloit v0.1 - SQL Injection Takeover Tool **
by  ToolsTracker
- 5 September 2009

MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache,
MySql, PHP) and WAMP (Linux, Apache, MySql, PHP) platforms. It has the
ability to upload and execute metasploit shellcodes through the MySql SQL
Injection vulnerabilities.

Attackers performing SQL injection on a MySQL-PHP platform must deal with
several limitations and constraints. For example, the lack of multiple
statements in one query makes MySQL an unpopular platform for remote code
execution, compared to (...)

->
http://www.security-database.com/toolswatch/mysqloit-v0-1-SQL-Injection.html


** Jasager - Wifi MitM Tool (faking Access Point) **
by  Tools Tracker Team
- 5 September 2009

Jasager is an implementation of Karma designed to run on OpenWrt on the
Fon. It will probably run on most APs with Atheros wifi cards but it was
designed with the Fon in mind as it is a nice small AP which gives it a lot
of scope for use in penetration tests and other related fun.

 A quick highlight of features:

Web interface showing currently connected clients with their MAC address,
IP address (if assigned) and the SSID they associated with

The web interface allows control of all Karma (...)

->
http://www.security-database.com/toolswatch/Jasager-Wifi-MitM-Tool-faking.html


** Spiceworks 4.1.40098 - Updated **
by  ToolsTracker
- 5 September 2009

Spiceworks is the complete network management & monitoring, helpdesk, PC
inventory & software reporting solution to manage Everything IT in small
and medium businesses.

Spiceworks Lets You...

Inventory Your Network & PCs

Monitor & Manage Your Network

Manage Your IT Assets

Manage Changes & Configurations

Map Your NetworkBETA

Audit Your Software

Troubleshoot Your Network

Run an IT Help Desk

Be an MSP

Talk to IT Pros Like You

Spiceworks IT Desktop is designed for

IT Pros who have (...)

->
http://www.security-database.com/toolswatch/Spiceworks-4-1-40098-Updated.html


** Stoned Bootkit upgraded to v2.0 **
by  Tools Tracker Team
- 3 September 2009

Stoned Bootkit is a new Windows bootkit which attacks all Windows versions
from XP up to 7. It is loaded before Windows starts and is memory resident
up to the Windows kernel. Thus Stoned gains access to the entire system. It
has exciting features like integrated file system drivers, automatic
Windows pwning, plugins, boot applications and much much more. The project
is partly published as open source under the European Union Public License.
Like in 1987, "Your PC is now Stoned! ..again".

A (...)

->
http://www.security-database.com/toolswatch/Stoned-Bootkit-upgraded-to-v2.html


** Burp suite pro updated to v1.2.16 **
by  Tools Tracker Team
- 3 September 2009

Burp Suite is an integrated platform for attacking web applications. It
contains all of the Burp tools with numerous interfaces between them
designed to facilitate and speed up the process of attacking an
application. All tools share the same robust framework for handling HTTP
requests, authentication, downstream proxies, logging, alerting and
extensibility.

Changelog:

Improved handling of AMF messages, to support some data types which were
previously (...)

-> http://www.security-database.com/toolswatch/Nouvel-article.html


** Websecurify v0.3 released **
by  Tools Tracker Team
- 2 September 2009

Websecurify Security Testing Framework identifies web security
vulnerabilities by using advanced browser automation, discovery and fuzzing
technologies. The framework is written in JavaScript and successfully
executes in numerous platforms including modern browsers with support for
HTML5, xulrunner, xpcshell, Java, V8 and others.

->
http://www.security-database.com/toolswatch/Websecurify-v0-3-released.html


** Mobius Forensic Toolkit updated to 0.4.7 **
by  Tools Tracker Team
- 2 September 2009

Mobius Forensic Toolkit is an open-source forensic framework written in
Python/GTK that manages cases and case items, providing an abstract
interface for developing extensions. Cases and item categories are defined
using XML files, for easy integration with other tools

Changes in this release

extension-builder: undo/redo

extension-builder: cut/copy/paste

extension-builder: jump to line

extension-builder: delete

extension-builder: find

extension-builder: find and replace

Extension (...)

->
http://www.security-database.com/toolswatch/Mobius-Forensic-Toolkit-updated-to.html


** The Dude network monitor v3.4 **
by  Tools Tracker Team
- 1 September 2009

The Dude network monitor is a new application by MikroTik which can
dramatically improve the way you manage your network environment. It will
automatically scan all devices within specified subnets, draw and layout a
map of your networks, monitor services of your devices and alert you in
case some service has problems.

Some of it's features:

The Dude is free of charge!

Auto network discovery and layout

Discovers any type or brand of device

Device, Link monitoring, and notifications (...)

->
http://www.security-database.com/toolswatch/The-Dude-network-monitor-v3-4.html


** (IN)Secure Mag issue 22 released **
by  Tools Tracker Team
- 1 September 2009

(IN)SECURE Magazine is a free digital security publication discussing some
of the hottest information security topics.

The covered topics include:

Using real-time events to drive your network scans

Review: Data Locker

The Nmap project: Open source with style

Enterprise effectiveness of digital certificates: Are they ready for
prime-time?

A look at geolocation, URL shortening and top Twitter threats

How "fake stuff" can make you more secure

Making clouds secure

Q&A: Dr. Herbert (...)

->
http://www.security-database.com/toolswatch/IN-Secure-Mag-issue-22-released.html


** SAINT® 7.1.1 Released  **
by  Tools Tracker Team
- 31 August 2009

SAINT is the Security Administrator’s Integrated Network Tool. It is
used to non-intrusively detect security vulnerabilities on any remote
target, including servers, workstations, networking devices, and other
types of nodes. It will also gather information such as operating system
types and open ports. The SAINT graphical user interface provides access to
SAINT’s data management, scan configuration, scan scheduling, and data
analysis capabilities through a web browser. Different aspects of (...)

-> http://www.security-database.com/toolswatch/SAINT-R-7-1-1-Released.html

Regards
N.Ouchn
CEO & Founder
www.Security-Database.com
Keep a vigilant eyes on your defenses



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: