Tools Update - Second week of January 2010

["SD List" <list () security-database com>]

Hello

Here is the site's newsletter "Security Database Tools Watch"
(http://www.security-database.com/toolswatch).
This letter summarizes the articles and news items published since 7 days.


         New articles
         --------------------------


** FileInsight v2.1 - Analyzing files in various formats **
by  ToolsTracker
- 15 January 2010

Secure Computing's FileInsight helps to inspect and edit files of various
formats. It is specifically designed to aid in analysis of potentially
malicious files.

Opening Files

FileInsight allows to open files for analysis both directly from open the
local harddisk, using the Open toolbar button, or by typing a URL into the
Web toolbar and clicking the Get button (see screenshot below to the left).
Files are displayed in either textual or hexadecimal format, which can be
toggled easily via (...)

->
http://www.security-database.com/toolswatch/FileInsight-v2-1-Analizyng-files.html


** Suricata Next Generation IDS release 0.8.0 available **
by  Tools Tracker Team
- 14 January 2010

The Suricata Engine is an Open Source Next Generation Intrusion Detection
and Prevention Engine. This engine is not intended to just replace or
emulate the existing tools in the industry, but will bring new ideas and
technologies to the field.

The Suricata Engine and the HTP Library are available to use under the
GPLv2. The new engine supports “Multi-Threading, Automatic Protocol
Detection (IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB! ), Gzip
Decompression, Fast IP Matching and coming soon (...)

->
http://www.security-database.com/toolswatch/Suricata-Next-Generation-IDS.html


** SandCat v3.9.3 available with support of Nessus NBE **
by  Tools Tracker Team
- 14 January 2010

Sandcat allows web administrators to perform aggressive and comprehensive
scans of an organization’s web server to isolate vulnerabilities and
identify security holes. The Sandcat scanner requires basic inputs such as
host names, start URLs and port numbers to scan a complete web site and
test all the web applications for security vulnerabilitie

New in 3.9

Modern Browser Emulation - Improved support for HTML 5. The new version
also expands the browser emulation feature set by adding new (...)

->
http://www.security-database.com/toolswatch/SandCat-v3-9-3-available-with.html


** WebCruiser - Web Vulnerability Scanner V1.00 released **
by  Tools Tracker Team
- 14 January 2010

A very simple to use Web Security scanner.

Functions:

Crawler(Site Directories And Files);

Vulnerability Scanner(SQL Injection, Cross Site Scripting);

POC(Proof of Concept): SQL Injection and Cross Site Scripting;

GET/Post/Cookie Injection;

SQL Server PlainText/FieldEcho(Union)/Blind Injection;

MySQL FieldEcho(Union)/Blind Injection;

Oracle FieldEcho(Union)/Blind Injection;

DB2 FieldEcho(Union)/Blind Injection;

Password Hash of SQL Server/MySQL/Oracle Administrator;

Time Delay For (...)

->
http://www.security-database.com/toolswatch/WebCruiser-Web-Vulnerability.html


** Kismet-2010-01-R1 available **
by  Tools Tracker Team
- 14 January 2010

Kismet is an 802.11 layer2 wireless network detector, sniffer, and
intrusion detection system. Kismet will work with any wireless card which
supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and
802.11g traffic.

Kismet identifies networks by passively collecting packets and detecting
standard named networks, detecting (and given time, decloaking) hidden
networks, and infering the presence of nonbeaconing networks via data
traffic.

New stuff:

Bluetooth (...)

->
http://www.security-database.com/toolswatch/Kismet-2010-01-R1-available.html


** Saint Vulnerability Scanner v7.2.4 released **
by  Tools Tracker Team
- 14 January 2010

SAINT is the Security Administrator’s Integrated Network Tool. It is
used to non-intrusively detect security vulnerabilities on any remote
target, including servers, workstations, networking devices, and other
types of nodes. It will also gather information such as operating system
types and open ports. The SAINT graphical user interface provides access to
SAINT’s data management, scan configuration, scan scheduling, and data
analysis capabilities through a web browser. Different aspects of (...)

->
http://www.security-database.com/toolswatch/Saint-Vulnerability-Scanner-v7-2-4.html


**  Netsparker New Release v1.1.2.3 **
by  Tools Tracker Team
- 13 January 2010

Netsparker can crawl, attack and identify vulnerabilities in all custom
web applications regardless of the platform and the technology they are
built on, just like an actual attacker.

It can identify web application vulnerabilities like SQL Injection,
Cross-site Scripting (XSS), Remote Code Execution and many more. It has
exploitation built on it, for example you can get a reverse shell out of an
identified SQL Injection or extract data via running custom SQL queries.

Netsparker (...)

->
http://www.security-database.com/toolswatch/Netsparker-New-Release-v1-1-2-3.html


** Happy new year 2960 to Amazighs and Berbers **
by  Tools Tracker Team
- 12 January 2010

The Amazigh which means "free humans" or "free men" are known to the world
as Berbers. They are discontinuously distributed from the Atlantic to the
Siwa oasis, in Egypt, and from the Mediterranean to the Niger River.

Berbers are the indigenous Non-arab peoples of North Africa west of the
Nile Valley. Historically they spoke various Berber languages, which
together form a branch of the Afro-Asiatic language family.

More information here

Assegas Amegaz 2960 (...)

->
http://www.security-database.com/toolswatch/Happy-new-year-2960-to-Amazighs.html


** CANVAS v6.54 released **
by  ToolsTracker
- 12 January 2010

Immunity's CANVAS makes available hundreds of exploits, an automated
exploitation system, and a comprehensive, reliable exploit development
framework to penetration testers and security professionals worldwide.

New Modules

client_side_report

hplaserjet_connect

acrobat_newplayer

test_safemode_bypass

Changes

Massive improvements in js_recon and SploitD reporting engine

Full Win64 MOSDEF Node functionality

Wifi Key Dumper bug fixes

New SploitD features:

Spam feeder allows feeding new (...)

-> http://www.security-database.com/toolswatch/CANVAS-v6-54-released.html


** BackTrack v4 Final Release **
by  ToolsTracker
- 11 January 2010

BackTrack is the result of the merging of two Innovative Penetration
Testing live Linux distributions - Whax and Auditor.

BackTrack has been dubbed as the best Security Live CD today, and has been
rated 1st in its category, and 32nd overall in Insecure.org. Based on
Ubuntu, BackTrack provides user modularity. This means the distribution can
be easily customised by the user to include personal scripts, additional
tools, customised kernels, etc.

Image Download

Name:: bt4-final.iso

Size: (...)

->
http://www.security-database.com/toolswatch/BackTrack-v4-Final-Release.html


** Acunetix WVS v6.5 build 20100111 released **
by  ToolsTracker
- 11 January 2010

Acunetix Web Vulnerability Scanner (WVS) is an automated web application
security testing tool that audits your web applications by checking for
exploitable hacking vulnerabilities. Automated scans may be supplemented
and cross-checked with the variety of manual tools to allow for
comprehensive web site and web application penetration testing.

An updated build for Acunetix WVS Version 6.5 has been released with a
number of improvements, bug fixes, and a number of new security checks.

New (...)

->
http://www.security-database.com/toolswatch/Acunetix-WVS-Version-6-5-build,965.html


** HITB Ezine 'Reloaded' - Issue #001 **
by  ToolsTracker
- 11 January 2010

Released HITB Magazine. Vol. 1, Issue 1, January 2010.

The people of Hack In the Box, decided to make the ezine available for
free in the continued spirit of HITB in “Keeping Knowledge Free”. In
addition to the freely available PDF downloads, combined editions of the
magazine will be printed in limited quantities for distribution at the
various HITBSecConf’s around the world - Dubai, Amsterdam and Malaysia.
We aim to only print somewhere between 100 or 200 copies (maybe less) per
conference so (...)

->
http://www.security-database.com/toolswatch/HITB-Ezine-Reloaded-Issue-001.html


** Haraldscan v0.41 released **
by  ToolsTracker
- 9 January 2010

The scanner will be able to determine Major and Minor device class of
device, as well as attempt to resolve the device's MAC address to the
largest known Bluetooth MAC address Vendor list.

The goal of this project is to obtain as many MAC addresses mapped to
device vendors as possible.

Version 0.41

Distribution

32 bit binary will be used for distribution

Source code will be labeled as such

Interface

Added a coloured title

Fixed some displaying issues

MACLIST

Updated to 310 (...)

->
http://www.security-database.com/toolswatch/Haraldscan-v0-41-released.html


** mssqlfp (Microsoft SQL Server Fingerprint Tool) Beta 4 released  **
by  ToolsTracker
- 9 January 2010

This is a tool that performs version fingerprinting on Microsoft SQL
Server 2000, 2005 and 2008, using well known techniques based on several
public tools that identifies the SQL Version.

The strength of this tool is that it uses probabilistic algorithm to
identify the version of the Microsoft SQL Server. The Microsoft SQL Server
Fingerprint Tool can also be used to identify vulnerable versions of
Microsoft SQL Server - it is based on some techniques used by Exploit Next
Generation to (...)

->
http://www.security-database.com/toolswatch/mssqlfp-Microsoft-SQL-Server.html


** Process Hacker v1.10 released **
by  ToolsTracker
- 9 January 2010

Process Hacker is a free and open source process viewer and memory editor
with unique features such as powerful process termination and a Regex
memory searcher. It can show services, processes and their threads,
modules, handles and memory regions.

Version 1.10

NEW/IMPROVED

.NET tab in process properties - exact copy of Process Explorer's tab

Small performance improvements

FIXED:

#2920711 - "Value was either too large or too small for an Int32."

#2920734 - "Found a reproducible bug : (...)

->
http://www.security-database.com/toolswatch/Process-Hacker-v1-10-released.html


** OVAL Interpreter v5.6.4 released **
by  ToolsTracker
- 9 January 2010

Open Vulnerability and Assessment Language (OVAL) is an international,
information security, community standard to promote open and publicly
available security content, and to standardize the transfer of this
information across the entire spectrum of security tools and services.

The OVAL Interpreter is a freely available reference implementation that
demonstrates the evaluation of OVAL Definitions. Based on a set of
Definitions the interpreter collects system information, evaluates it, and
(...)

->
http://www.security-database.com/toolswatch/OVAL-Interpreter-v5-6-4-released.html


** PenTBox v1.2 Beta released **
by  ToolsTracker
- 9 January 2010

PenTBox is a Security Suite with programs like Password Crackers, Denial
of Service testing tools (DoS and DDoS), Secure Password Generators,
Honeypots and much more. Destined to test security/stability of networks
and more. Programmed in Ruby, and oriented to GNU/Linux systems (but
compatible with Windows, MacOS and more).

Version 1.2 Beta Added “beep() when intrusion” option in Honeypot.

Added save log option in Honeypot.

Fixed minor bugs.

Updated GNU/GPLv3 License to 2010. (...)

->
http://www.security-database.com/toolswatch/PenTBox-v1-2-Beta-released.html

Regards

 Nabil OUCHN
 CEO & Founder
 Security-Database
 France

 Maximiliano Soler
 ToolsWatch Leader
 Security-Database
 Argentina




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------