Penetration Testing mailing list archives

Tools Update - Last week of March 2010

From: "SD List" <list () security-database com>
Date: Sat, 27 Mar 2010 22:36:31 +0100 (CET)

Hello

Here is the site's newsletter "Security Database Tools Watch"
(http://www.security-database.com/toolswatch).
This letter summarizes the articles and news items published since 7 days.

New articles
--------------------------

** Flint the Firewall Rules Checkup Scanner updated to v1.0.4 **
by Tools Tracker Team
- 26 March 2010

Flint examines firewalls, quickly computes the effect of all the
configuration rules, and then spots problems so you can:

CLEAN UP RUSTY CONFIGURATIONS that are crudded up with rules that cant
match traffic.

ERADICATE LATENT SECURITY PROBLEMS lurking in overly-permissive rules

SANITY CHECK CHANGES to see if new rules create problems.

Flint is absolutely free. Theres no catch. You can download the source
from our git repository. This isnt the "play at home" version; its
our second (...)

->
http://www.security-database.com/toolswatch/Flint-the-Firewall-Rules-Checkup.html

** log2timeline updated to v0.4.2 **
by Tools Tracker Team
- 26 March 2010

The main purpose of log2timeline is to provide a single tool to parse
various log files and artifacts found on suspect systems (and supporting
systems, such as network equipment) and produce a body file that can be
used to create a timeline, using tools such as mactime from TSK, for
forensic investigators.

GUI has been written in Perl-GTK2 for creating the timeline. Since the GUI
is written in GtK2 it will not work on every OS. It has been tested to work
on both Linux (tested on Ubuntu) as (...)

->
http://www.security-database.com/toolswatch/log2timeline-updated-to-v0-4-2.html

** WeaknetLabs announced WeakNet Linux IV **
by Tools Tracker Team
- 26 March 2010

WeakNet Linux is small enough to fit onto a CD current build 600MB and
runs servers directly from the CD including Web / PHP, FTP, SSH, and more.

Source WeaknetLabs

Development has started! Our new Linux will feature more options and more
hacking tools than the last and look 10 times better! So far the details I
can give are: FluxBox is still the default WM, boot time is around 15
seconds on an 800MHz AMD laptop. Broadcom drivers inject at high rates.
Ath9k injects, Ath5k injects, and RT73 (...)

->
http://www.security-database.com/toolswatch/WeaknetLabs-announced-WeakNet.html

** Process Explorer v12 released **
by Tools Tracker Team
- 26 March 2010

Process Explorer is an advanced process management utility that picks up
where Task Manager leaves off. It will show you detailed information about
a process including its icon, command-line, full image path, memory
statistics, user account, security attributes, and more. When you zoom in
on a particular process you can list the DLLs it has loaded or the
operating system resource handles it has open. A search capability enables
you to track down a process that has a resource opened, such as (...)

->
http://www.security-database.com/toolswatch/Process-Explorer-v12-released.html

** SANS Investigative Forensic Toolkit (SIFT) Version 2.0 in the wild **
by Tools Tracker Team
- 26 March 2010

The SANS SIFT Workstation is a VMware Appliance that is pre-configured
with all the necessary tools to perform a detailed digital forensic
examination. It is compatible with Expert Witness Format (E01), Advanced
Forensic Format (AFF), and raw (dd) evidence formats. The brand new version
has been completely rebuilt on an Ubuntu base with many additional tools
and capabilities that can match any modern forensic tool suite.

SANS SIFT Workstation 2.0 Overview

VMware Appliance

Ready to tackle (...)

->
http://www.security-database.com/toolswatch/SANS-Investigative-Forensic.html

** ZeroDayScanner SaaS Free Security Scan Service **
by Tools Tracker Team
- 25 March 2010

ZeroDayScan is a free security web scanning service brought to you by
experienced security experts. The service is provided free of charge.

When security experts talk about zero day bugs and exploits they talk
about a new security bugs and vulnerabilities that are unknown to others.
Zero Day Bug term is derived from the age of the exploit. When a vendor
becomes aware of a security hole, there is a race to close it before
attackers discover it or the vulnerability becomes public. A "zero (...)

->
http://www.security-database.com/toolswatch/ZeroDayScanner-SaaS-Free-Security.html

** OpenScap v0.5.8 released - OVAL API extended **
by Tools Tracker Team
- 25 March 2010

The OpenSCAP Project was created to provide an open-source framework to
the community which enables integration with the Security Content
Automation Protocol (SCAP) suite of standards and capabilities.

It is the goal of OpenSCAP to provide a simple, easy to use set of
interfaces to serve as the framework for community use of SCAP.

Version 0.5.8

new s-expr parser

new probes from unix schema

file probe memory optimization

xccdf test_results implementation

extended OVAL API

documentaion (...)

->
http://www.security-database.com/toolswatch/OpenScap-v0-5-8-released-OVAL-API.html

** Sip Inspector v1.00 released **
by Tools Tracker Team
- 25 March 2010

SIP Inspector is a tool written in JAVA to simulate different SIP messages
and scenarios. You can create your own SIP signaling scenarios, customize
SIP messages and monitor incoming and outgoing messages. The tool can play
RTP streams from a pcap file.

Release notes 1.00

Multiple simultaneous calls fully implemented

Call generation can be set with respect to calls/second, maximum
concurrent calls and total allowed calls

If ran as a call generator, upon completion the tool provides a (...)

->
http://www.security-database.com/toolswatch/Sip-Inspector-v1-00-released.html

** Burp Suite v1.3.01 released **
by Tools Tracker Team
- 25 March 2010

Burp Suite is an integrated platform for attacking web applications. It
contains all of the Burp tools with numerous interfaces between them
designed to facilitate and speed up the process of attacking an
application. All tools share the same robust framework for handling HTTP
requests, persistence, authentication, downstream proxies, logging,
alerting and extensibility.

This beta release introduces a large number of new features and other
enhancements to Burp Intruder. A brief summary (...)

->
http://www.security-database.com/toolswatch/Burp-Suit-v1-3-1-released.html

** PenTBox v1.3.2 FINAL released **
by ToolsTracker
- 25 March 2010

PenTBox is a Security Suite with programs like Password Crackers, Denial
of Service testing tools (DoS and DDoS), Secure Password Generators,
Honeypots and much more. Destined to test security/stability of networks
and more. Programmed in Ruby, and oriented to GNU/Linux systems (but
compatible with Windows, MacOS and more).

Version 1.3.2 FTP fuzzing improved and finished.

Improved CLI.

Improved files working.

Now the Honeypot log have a file by default.

Added a hping3-based (...)

->
http://www.security-database.com/toolswatch/PenTBox-v1-3-2-FINAL-released.html

** SAMHAIN 2.6.4 released **
by Tools Tracker Team
- 23 March 2010

The samhain open source host-based intrusion detection system (HIDS)
provides file integrity checking and logfile monitoring/analysis, as well
as rootkit detection, port monitoring, detection of rogue SUID executables,
and hidden processes.

Samhain v2.6.4

Don't read proc_root_iops in sh_kern.c (Problem report by H. R.)

Logfile check can check output of shell commands

Use data directory as default for logfile checkpoints

Fix broken checkpoint save/restore for logfiles

MD5: (...)

-> http://www.security-database.com/toolswatch/SAMHAIN-2-6-4-released.html

** Focus on scRUBYt! v0.4.11 the powerful web scraping tool **
by Tools Tracker Team
- 23 March 2010

scRUBYt! is a simple but powerful web scraping toolkit written in Ruby.
It's purpose is to free you from the drudgery of web page crawling, looking
up HTML tags, attributes, XPaths, form names and other typical low-level
web scraping stuff by figuring these out from your examples copy'n'pasted
from the Web page or straight from Firebug.

scRUBYt! has only 2 dependencies, hpricot and mechanize (optionally
FireWatir for AJAX scraping).

Changements :

[NEW] possibility to use FireWatir as the (...)

->
http://www.security-database.com/toolswatch/Focus-scRUBYt-v0-4-11-the-powerful.html

** SQLFury SQL Injection for Adobe Air runtime v1.1.6 availabe **
by Tools Tracker Team
- 23 March 2010

SQLFury is an injection scanner that uses blind SQL injection techniques
to extract information from a target database. It targets Air Abobe AIR
Runtime

Database Support:

MySQL

PostgreSQL

Oracle

Microsoft SQL Server

Extract from database:

Database version.

Current database user.

All database users.

Database name.

All database names.

All table names.

All columns names.

Entire columns.

Version:

SQLFury 1.1.6 ( size : 517K )

Runs on Windows XP/Vista or MacOS X (...)

->
http://www.security-database.com/toolswatch/SQLFury-SQL-Injection-for-Adobe.html

** Burp Intruder Botox announces many improvements **
by Tools Tracker Team
- 23 March 2010

The new beta version of Burp Intruder, which contains a bunch of
frequently-requested enhancements:

You can now (...)

->
http://www.security-database.com/toolswatch/Burp-Intruder-Botox-announces-many.html

** Netsparker author released Freakin' Simple Fuzzer v0.7.3.5 **
by Tools Tracker Team
- 23 March 2010

FSF is a plug-in based freakin' simple fuzzer for fuzzing web applications
and scraping data. It supports some basic stuff and missing some features
however it has got some advanced RegEx capturing features for scraping data
out of web applications.

Why bring yet another fuzzer into this cruel world?

Yeah, I know there are so many of them hanging around. Basically I was
trying to fuzz something and after spending about 2-3 hours about 3-4
different terribly designed fuzzers I thought (...)

->
http://www.security-database.com/toolswatch/Netsparker-author-released-Freakin.html

** Netsparker 1.3.0.0 in the wild **
by Tools Tracker Team
- 23 March 2010

Netsparker can crawl, attack and identify vulnerabilities in all custom
web applications regardless of the platform and the technology they are
built on, just like an actual attacker.

It can identify web application vulnerabilities like SQL Injection,
Cross-site Scripting (XSS), Remote Code Execution and many more. It has
exploitation built on it, for example you can get a reverse shell out of an
identified SQL Injection or extract data via running custom SQL queries.

Netsparker (...)

->
http://www.security-database.com/toolswatch/Netsparker-1-3-in-the-wild.html

** iExploder v1.5 - Web Browser Quality Assurance Tester **
by ToolsTracker
- 22 March 2010

iExploder is like a fire hydrant full of bad HTML and CSS code to test the
stability and security of web browsers. Available as a standalone webserver
or CGI script, it continuously feeds browsers bad data in the hope that
they will eventually crash. It is designed to run for hours, or even days
until the browser crashes.

iExploder was initially written as a QA tool for the Mozilla Project to
test the Firefox 1.0 release, and is now included and used by Apple's
Webkit (...)

->
http://www.security-database.com/toolswatch/iExploder-v1-5-Web-Browser-Quality.html

** pvefindaddr v1.25 released **
by Tools Tracker Team
- 21 March 2010

pvefindaddr is a PyCommand (plugin) for Immunity Debugger. Immunity
Debugger is a powerful new way to write exploits, analyze malware, and
reverse engineer binary files. It builds on a solid user interface with
function graphing, the industry's first heap analysis tool built
specifically for heap creation, and a large and well supported Python API
for easy extensibility.

Drop the file in the pycommands folder within your Immunity Debugger
installation folder. You can get the list of (...)

->
http://www.security-database.com/toolswatch/pvefindaddr-v1-25-released.html

Regards

Security-Database team
www.security-database.com

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Tools Update - Last week of March 2010 SD List (Mar 29)