Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

[Tools update] The Security-Database Watch Newsletter -- v20090822

From: "SD List" <list () security-database com>
Date: Sun, 23 Aug 2009 11:38:20 +0200 (CEST)
Hello

Here is the site's newsletter "Security Database Tools Watch"
(http://www.security-database.com/toolswatch).
This letter summarizes the articles and news items published since 7 days.


          New articles
          --------------------------


** Websecurify updated to v0.3rc1 **
by  Tools Tracker Team
- 19 August 2009

Websecurify Security Testing Framework identifies web security
vulnerabilities by using advanced browser automation, discovery and fuzzing
technologies. The framework is written in JavaScript and successfully
executes in numerous platforms including modern browsers with support for
HTML5, xulrunner, xpcshell, Java, V8 and others.

Thanks to the best tools tracker Maximiliano Soler (...)

->
http://www.security-database.com/toolswatch/Websecurify-updated-to-v0-3rc1.html


** SAINT® 7.1 Released **
by  Tools Tracker Team
- 18 August 2009

SAINT is the Security Administrator’s Integrated Network Tool. It is
used to non-intrusively detect security vulnerabilities on any remote
target, including servers, workstations, networking devices, and other
types of nodes. It will also gather information such as operating system
types and open ports. The SAINT graphical user interface provides access to
SAINT’s data management, scan configuration, scan scheduling, and data
analysis capabilities through a web browser. Different aspects of (...)

-> http://www.security-database.com/toolswatch/SAINT-R-7-1-Released.html


** Sandcat version 3.8 released **
by  Tools Tracker Team
- 18 August 2009

Sandcat allows web administrators to perform aggressive and comprehensive
scans of an organization’s web server to isolate vulnerabilities and
identify security holes. The Sandcat scanner requires basic inputs such as
host names, start URLs and port numbers to scan a complete web site and
test all the web applications for security vulnerabilities

New features in version 3.8

Improved JavaScript/AJAX Support - Sandcat's JavaScript emulator makes
Sandcat behave as both Firefox and IE, (...)

->
http://www.security-database.com/toolswatch/Sandcat-version-3-8-released.html


** Acunetix Build v6.5.20090813 available **
by  Tools Tracker Team
- 18 August 2009

Acunetix Web Vulnerability Scanner (WVS) is an automated web application
security testing tool that audits your web applications by checking for
exploitable hacking vulnerabilities. Automated scans may be supplemented
and cross-checked with the variety of manual tools to allow for
comprehensive web site and web application penetration testing.

Changelog for this release :

HTML forms settings node was renamed to Input Fields. This node now can
also be used to pre-define web services (...)

->
http://www.security-database.com/toolswatch/Acunetix-Build-v6-5-20090813.html


** Burp suite v1.2.15 released **
by  Tools Tracker Team
- 18 August 2009

Burp Suite is an integrated platform for attacking web applications. It
contains all of the Burp tools with numerous interfaces between them
designed to facilitate and speed up the process of attacking an
application. All tools share the same robust framework for handling HTTP
requests, authentication, downstream proxies, logging, alerting and
extensibility.

Changelog :

Burp Scanner now checks for a few new issues:

XML external entity injection

Server-side XML / SOAP injection (...)

->
http://www.security-database.com/toolswatch/Burp-suite-v1-2-15-released.html


** Graudit source code scanner v1.1 released **
by  Tools Tracker Team
- 18 August 2009

Graudit is a simple script and signature sets that allows you to find
potential security flaws in source code using the GNU utility grep. It's
comparable to other static analysis applications like RATS and flaw-finder
while keeping the technical requirements to a minimum and being very
flexible.

Changelog:

Improved custom db options

Improved signatures for several languages

A few minor tweaks

Tool submitted by Wireghoul (the tool author i (...)

->
http://www.security-database.com/toolswatch/Graudit-source-code-scanner-v1-1.html


** Trafscrambler anti-sniffer v0.2 on the wild **
by  Tools Tracker Team
- 18 August 2009

Trafscrambler is an anti-sniffer/IDS LKM(Network Kernel Extension) for
OSX, licensed under BSD.

Features:

injection of packets with bogus data and with randomly selected bad TCP
cksum or bad TCP sequences

userland binary(tsctrl) for controlling trafscrambler NKE

SYN decoy - sends out number of SYN pkts before the original SYN pkt

TCP reset attack - sends out RST/FIN pkt with bad sequence

Pre-connection SYN - sends out SYN with wrong TCP-checksum

Post-connection SYN - sends out fake (...)

->
http://www.security-database.com/toolswatch/Trafscrambler-anti-sniffer-v0-2-on.html


** Haraldscan The bluetooth discovery scanner updated to version 0.3 **
by  Tools Tracker Team
- 18 August 2009

The scanner will be able to determine Major and Minor device class of
device, as well as attempt to resolve the device’s MAC address to the
largest known Bluetooth MAC address Vendor list

The goal of this project is to obtain as many MAC addresses mapped to
device vendors as possible.

Tool Submitted by Maximiliano Soler

->
http://www.security-database.com/toolswatch/Haraldscan-The-bluetooth-discovery.html


** SAMHAIN v.2.5.8 available **
by  Tools Tracker Team
- 18 August 2009

The samhain open source host-based intrusion detection system (HIDS)
provides file integrity checking and logfile monitoring/analysis, as well
as rootkit detection, port monitoring, detection of rogue SUID executables,
and hidden processes.

It has been designed to monitor multiple hosts with potentially different
operating systems, providing centralized logging and maintenance, although
it can also be used as standalone application on a single host.

Samhain is a multiplatform application (...)

->
http://www.security-database.com/toolswatch/SAMHAIN-v-2-5-8-available.html

Cheerz

N.OUCHN
CEO & Founder
Security-Database.com


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: