Penetration Testing mailing list archives
Tools Update - Fist week of February 2010
From: "SD List" <list () security-database com>
Date: Sun, 7 Feb 2010 11:39:20 +0100 (CET)
Hello Here is the site's newsletter "Security Database Tools Watch" (http://www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. New articles -------------------------- ** Acunetix WVS v6.5 build 20100203 released ** by ToolsTracker - 3 February 2010 Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing. New security checks: 8.3 DOS filename source code disclosure Apache Tomcat Directory Host Appbase authentication bypass vulnerability Apache (...) -> http://www.security-database.com/toolswatch/Acunetix-WVS-v6-5-build-20100203.html ** Nikto v2.1.1 released ** by ToolsTracker - 3 February 2010 Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired). Version 2.1.1 (2010-01-20) Ticket 117: Fixed SKIPPORTS Ticket 116: Moved User-Agent string to nikto.conf Ticket 116: Added dynamic (...) -> http://www.security-database.com/toolswatch/Nikto-v2-1-1-released.html ** (IN)SECURE Magazine Issue 24 released ** by ToolsTracker - 3 February 2010 (IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics. Issue 24 Writing a secure SOAP client with PHP: Field report from a real-world project How virtualized browsing shields against web-based attacks Review: 1Password 3 Preparing a strategy for application vulnerability detection Threats 2.0: A glimpse into the near future Preventing malicious documents from compromising Windows machines Balancing (...) -> http://www.security-database.com/toolswatch/IN-SECURE-Magazine-Issue-24.html ** PenTBox v1.3 Beta released ** by ToolsTracker - 3 February 2010 PenTBox is a Security Suite with programs like Password Crackers, Denial of Service testing tools (DoS and DDoS), Secure Password Generators, Honeypots and much more. Destined to test security/stability of networks and more. Programmed in Ruby, and oriented to GNU/Linux systems (but compatible with Windows, MacOS and more). Version 1.3 Beta Added Crypt Ruby and RubyRc4 libraries. Added GOST, ARC4 and Rijndael (aka AES) 256 bits ciphers to Secure IM. Improvements in error (...) -> http://www.security-database.com/toolswatch/PenTBox-v1-3-Beta-released.html ** ProcNetMonitor v2.5 Process Network Port Monitoring Tool - released ** by Tools Tracker Team - 1 February 2010 ProcNetMonitor is the free tool to monitor the network activity of all running process in the system. It displays all open network ports (TCP/UDP) and active network connections for each process. It has advanced color based auto analysis system to make it easy to distinguish network oriented processes from others with just one glance at the list. Newer version also presents unique 'Port Finder' feature which makes it easy to search for particular port in all running process with just one (...) -> http://www.security-database.com/toolswatch/ProcNetMonitor-v2-5-Process.html ** Unhide Processes Forensics v20100201 released ** by Tools Tracker Team - 1 February 2010 Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. // Unhide (ps) Detecting hidden processes. Implements three techniques Compare /proc vs /bin/ps output Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning) Full PIDs space ocupation (PIDs bruteforcing) // Unhide-TCP Identify TCP/UDP ports that are listening but not listed in /bin/netstat doing brute forcing of all TCP/UDP ports (...) -> http://www.security-database.com/toolswatch/Unhide-Processes-Forensics.html ** Security-Database Vulnerability Dashboard v2.0 beta released ** by Tools Tracker Team - 1 February 2010 Security-Database provides a continuous IT vulnerability XML feed based on open security standards for classification, scoring, enumeration and exploitation. It also provides a well maintained repository for latest security and auditing tools and utilities. Security-database promotes Open Standards by supplying vulnerability alerts based on the following : CVE identifier number Brief description of the security vulnerability or exposure. Any pertinent references (i.e., vulnerability (...) -> http://www.security-database.com/toolswatch/Security-Database-Vulnerability.html ** log2timeline v0.41 released - Logs Forensics ** by Tools Tracker Team - 1 February 2010 The main purpose of log2timeline is to provide a single tool to parse various log files and artifacts found on suspect systems (and supporting systems, such as network equipment) and produce a body file that can be used to create a timeline, using tools such as mactime from TSK, for forensic investigators. GUI has been written in Perl-GTK2 for creating the timeline. Since the GUI is written in GtK2 it will not work on every OS. It has been tested to work on both Linux (tested on Ubuntu) as (...) -> http://www.security-database.com/toolswatch/log2timeline-v0-41-released-Logs.html ** ISO/IEC 31010:2009 published ** by Tools Tracker Team - 31 January 2010 IEC 31010:2009 is a dual logo IEC/ISO, single prefix IEC, supporting standard for ISO 31000 and provides guidance on selection and application of systematic techniques for risk assessment. This standard is not intended for certification, regulatory or contractual use. NOTE: This standard does not deal specifically with safety. It is a generic risk management standard and any references to safety are purely of an informative nature. Guidance on the introduction of safety aspects into IEC (...) -> http://www.security-database.com/toolswatch/ISO-IEC-31010-2009-published.html ** ISO/IEC 27004:2009 published ** by Tools Tracker Team - 31 January 2010 ISO/IEC 27004:2009 provides guidance on the development and use of measures and measurement in order to assess the effectiveness of an implemented information security management system (ISMS) and controls or groups of controls, as specified in ISO/IEC 27001. See it online -> http://www.security-database.com/toolswatch/ISO-IEC-27004-2009-published.html ** OWASP Code Crawler updated to v2.5.1 ** by Tools Tracker Team - 31 January 2010 A tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. The aim of the tool is to accompany the OWASP Code review Guide and to implement a total code review solution for "everyone". Bug Fixed : Unhandled exception while opening a visual studio solution -> http://www.security-database.com/toolswatch/OWASP-Code-Crawler-updated-to-v2-5.html ** Samhain updated to v2.6.2 ** by Tools Tracker Team - 31 January 2010 The samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. It has been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host. Samhain is a multiplatform (...) -> http://www.security-database.com/toolswatch/Samhain-updated-to-v2-6-2.html New news items -------------------------- * Security-Database Vulnerability Dashboard v2.0 beta released * - 2 February 2010 We are exciting to announce to release of the new Security-Database Vulnerability Dashboard v2.0 in beta. New changes : Added Dashboard Global information. Number of CVE. Vendors sources. OVAL IDs in database. SaintExploit IDs. OSVDB IDs in database. Versions of Engines. CWE version. (...) -> http://www.security-database.com/toolswatch/+Security-Database-Vulnerability+.html Regards Nabil OUCHN CEO & Founder Security-Database France Maximiliano Soler ToolsWatch Leader Security-Database Argentina ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Tools Update - Fist week of February 2010 SD List (Feb 07)