Penetration Testing mailing list archives
Tools Update - Third week of January 2010
From: "SD List" <list () security-database com>
Date: Mon, 25 Jan 2010 14:51:21 +0100 (CET)
Hello Here is the site's newsletter "Security Database Tools Watch" (http://www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. New articles -------------------------- ** NeXpose vulnerability checks updated - IE 0day included- ** by Tools Tracker Team - 22 January 2010 NeXpose is a unified vulnerability solution that scans networks to identify the devices running on them and to probe these devices for vulnerabilities. It analyzes the scan data and processes it for reports. You can use these reports to help you assess your network security at various levels of detail and remediate any vulnerabilities quickly. The vulnerability checks in NeXpose identify security weaknesses in all layers of a network computing environment, including operating systems, (...) -> http://www.security-database.com/toolswatch/NeXpose-vulnerability-updated-IE.html ** Vulnerability Manager v20100115 in the wild ** by Tools Tracker Team - 22 January 2010 Denim Group's Vulnerability Manager allows security teams to import and consolidate application-level vulnerabilities, automatically generate virtual patches, monitor attack attempts, communicate with defect tracking systems, and evaluate team maturity. Because this is done in a centralized system, application security managers have greatly increased visibility into and control of these processes, and they are collecting data that can be used to support sophisticated conversations with (...) -> http://www.security-database.com/toolswatch/Vulnerability-Manager-v20100115-in.html ** OWASP TOP 10 2010 French version released ** by Tools Tracker Team - 21 January 2010 The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. OWASP French leader Sebastien Gioria has just released the French version of the "must-have" document OWASP Top 10 2010 (rc1). Please get your "French" copy from (...) -> http://www.security-database.com/toolswatch/OWASP-TOP-10-2010-French-version.html ** John the ripper updated to v.1.7.4.2 ** by Tools Tracker Team - 21 January 2010 John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches. Changes: Major performance (...) -> http://www.security-database.com/toolswatch/John-the-ripper-updated-to-v-1-7-4.html ** Nmap v5.20 released ** by Tools Tracker Team - 20 January 2010 Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other (...) -> http://www.security-database.com/toolswatch/Nmap-v5-20-released.html ** NetReconn v1.75 released ** by Tools Tracker Team - 19 January 2010 A small set of tools based on previous reference programs and scripts. Currently consists of: tiny network strobe, sniffer and payload decoder. These tools are not meant to replace current tools out there; they are designed to be small, fast and "do one thing well". Since our last covered released: version 1.75 Fixed a segv when host-part is used Added the nlist wrapper Trimmed output for pingonly scans version 1.74 Fixed ntrace savelog for nstrobe data Added pingonly to ntrace (-P (...) -> http://www.security-database.com/toolswatch/NetReconn-v1-75-released.html ** Browser Fuzzer v3 released ** by Tools Tracker Team - 19 January 2010 Browser Fuzzer 3 (bf3) is a comprehensive web browser fuzzer that fuzzes CSS, DOM, HTML and JavaScript. Browser Fuzzer 3 is designed as a hybrid framework/standalone fuzzer; the modules it uses are extendable but also highly integrated into the core. bf3 can be used via command line to set all necessary flags for each fuzzing operation. After initialization, bf3 creates test cases in a numbered system. Fuzzing is automated through the browser using the refresh method. If error is detected, (...) -> http://www.security-database.com/toolswatch/Browser-Fuzzer-v3-released.html ** (Info) SQLmap v0.8 stable soon to be released ** by Tools Tracker Team - 19 January 2010 SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities. -> http://www.security-database.com/toolswatch/Info-SQLmap-v0-8-stable-soon-to-be.html Regards Nabil OUCHN CEO & Founder Security-Database France Maximiliano Soler ToolsWatch Leader Security-Database Argentina ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Tools Update - Second week of January 2010 SD List (Jan 18)
- Tools Update - Third week of January 2010 SD List (Jan 25)