Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

[Tools update] The Security-Database Watch Newsletter -- v20090919

From: "SD List" <list () security-database com>
Date: Sat, 19 Sep 2009 22:18:04 +0200 (CEST)

Dear all,

Here is the site's newsletter "Security Database Tools Watch"
(http://www.security-database.com/toolswatch).
This letter summarizes the articles and news items published since 7 days.


          New articles
          --------------------------


** Graudit source code scanner v1.2 updated **
by  Tools Tracker Team
- 19 September 2009

Graudit is a simple script and signature sets that allows you to find
potential security flaws in source code using the GNU utility grep. It’s
comparable to other static analysis applications like RATS and flaw-finder
while keeping the technical requirements to a minimum and being very
flexible

Changelog

Default signatures aimed at low hanging fruit

Improved documentation

Bug fixes to graudit and (...)

->
http://www.security-database.com/toolswatch/Graudit-source-code-scanner-v1-2.html


** Acunetix Application Scanner Version 6.5 build 20090917 released **
by  Tools Tracker Team
- 17 September 2009

Acunetix Web Vulnerability Scanner (WVS) is an automated web application
security testing tool that audits your web applications by checking for
exploitable hacking vulnerabilities. Automated scans may be supplemented
and cross-checked with the variety of manual tools to allow for
comprehensive web site and web application penetration testing

An updated build for Acunetix Version 6.5 has been released with some
improvements and bug fixes.

New:

Added two new blind SQL injection tests (...)

->
http://www.security-database.com/toolswatch/Acunetix-Application-Scanner.html


** Wireshark 1.2.2, 1.0.9, and 1.3.0 Released **
by  Tools Tracker Team
- 16 September 2009

Wireshark® is the world’s most popular network protocol analyzer. It
has a rich and powerful feature set and runs on most computing platforms
including Windows, OS X, Linux, and UNIX. Network professionals, security
experts, developers, and educators around the world use it regularly. It is
freely available as open source, and is released under the GNU General
Public License version 2

Wireshark 1.2.2 (stable), 1.0.9 (old stable), and 1.3.0 (development) have
been released. Installers for (...)

->
http://www.security-database.com/toolswatch/Wireshark-1-2-2-1-9-and-1-3.html


** Nessus v4.0.2 Released **
by  ToolsTracker
- 16 September 2009

-> http://www.security-database.com/toolswatch/Nessus-v4-2-Released.html


** Origami v1.0.0-beta0 - Parse, Analyze, and Forge PDF documents **
by  ToolsTracker
- 15 September 2009

Origami is a Ruby framework designed to parse, analyze, and forge PDF
documents. This is NOT a PDF rendering library. It aims at providing a
scripting tool to generate and analyze malicious PDF files. As well, it can
be used to create on-the-fly customized PDFs, or to inject (evil) code into
already existing documents.

Features

Create PDF documents from scratch.

Parse existing documents, modify them and recompile them.

Explore documents at the object level, going deep into the (...)

->
http://www.security-database.com/toolswatch/Origami-v1-beta0-Parse-Analyze-and.html


** PDFResurrect v0.8 - PDF Analysis and Scrubbing Utility **
by  ToolsTracker
- 15 September 2009

PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format
allows for previous document changes to be retained in a more recent
version of the document, thereby creating a running history of changes for
the document. This tool attempts to extract all previous versions while
also producing a summary of changes between versions.

This tool can also "scrub" or write data over the original instances of
PDF objects that have been modified or deleted, in an effort to disguise
(...)

->
http://www.security-database.com/toolswatch/PDFResurrect-v0-8-PDF-Analysis-and.html


** Dradis v2.4.0 available **
by  Tools Tracker Team
- 14 September 2009

dradis is an open source tool for sharing information during security
assessments. It provides a centralized repository of information to keep
track of what has been done so far, and what is still ahead.

Changelog :

server:

Plugin improvements

Nmap Upload is now using the Nmap::Parser library.

Featuring the new OSVDB Import plugin to query the largest independent and
open source vulnerability database.

Upload plugins. Better progress feedback. Improved error condition
checking. (...)

-> http://www.security-database.com/toolswatch/Dradis-v2-4-available.html


** N-Stalker Scanner 2009 build 221 released **
by  Tools Tracker Team
- 14 September 2009

N-Stalker Web Application Security Scanner 2009 Free Edition provides a
restricted set of free Web Security Assessment checks to enhance the
overall security of your web server infrastructure, using the most complete
web attack signature database available in the market - "N-Stealth Web
Attack Signature Database".

N-Stalker has made available for automatic update its latest build of
N-Stalker Web Application Security Scanner 2009 (build 221). Version
includes enhancements and fixes, (...)

->
http://www.security-database.com/toolswatch/N-Stalker-Scanner-2009-build-221.html

Kind Regards,

Nabil OUCHN                            Maximiliano Soler
CEO & Founder                          Tools Watch Manager

           http://www.security-database.com
           Keep a vigilant eye on your defenses.



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: