Penetration Testing mailing list archives
[Tools update] The Security-Database Watch Newsletter -- v20090822
From: "SD List" <list () security-database com>
Date: Sun, 23 Aug 2009 11:38:20 +0200 (CEST)
Hello Here is the site's newsletter "Security Database Tools Watch" (http://www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. New articles -------------------------- ** Websecurify updated to v0.3rc1 ** by Tools Tracker Team - 19 August 2009 Websecurify Security Testing Framework identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The framework is written in JavaScript and successfully executes in numerous platforms including modern browsers with support for HTML5, xulrunner, xpcshell, Java, V8 and others. Thanks to the best tools tracker Maximiliano Soler (...) -> http://www.security-database.com/toolswatch/Websecurify-updated-to-v0-3rc1.html ** SAINT® 7.1 Released ** by Tools Tracker Team - 18 August 2009 SAINT is the Security Administrators Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINTs data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...) -> http://www.security-database.com/toolswatch/SAINT-R-7-1-Released.html ** Sandcat version 3.8 released ** by Tools Tracker Team - 18 August 2009 Sandcat allows web administrators to perform aggressive and comprehensive scans of an organizations web server to isolate vulnerabilities and identify security holes. The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilities New features in version 3.8 Improved JavaScript/AJAX Support - Sandcat's JavaScript emulator makes Sandcat behave as both Firefox and IE, (...) -> http://www.security-database.com/toolswatch/Sandcat-version-3-8-released.html ** Acunetix Build v6.5.20090813 available ** by Tools Tracker Team - 18 August 2009 Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing. Changelog for this release : HTML forms settings node was renamed to Input Fields. This node now can also be used to pre-define web services (...) -> http://www.security-database.com/toolswatch/Acunetix-Build-v6-5-20090813.html ** Burp suite v1.2.15 released ** by Tools Tracker Team - 18 August 2009 Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility. Changelog : Burp Scanner now checks for a few new issues: XML external entity injection Server-side XML / SOAP injection (...) -> http://www.security-database.com/toolswatch/Burp-suite-v1-2-15-released.html ** Graudit source code scanner v1.1 released ** by Tools Tracker Team - 18 August 2009 Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like RATS and flaw-finder while keeping the technical requirements to a minimum and being very flexible. Changelog: Improved custom db options Improved signatures for several languages A few minor tweaks Tool submitted by Wireghoul (the tool author i (...) -> http://www.security-database.com/toolswatch/Graudit-source-code-scanner-v1-1.html ** Trafscrambler anti-sniffer v0.2 on the wild ** by Tools Tracker Team - 18 August 2009 Trafscrambler is an anti-sniffer/IDS LKM(Network Kernel Extension) for OSX, licensed under BSD. Features: injection of packets with bogus data and with randomly selected bad TCP cksum or bad TCP sequences userland binary(tsctrl) for controlling trafscrambler NKE SYN decoy - sends out number of SYN pkts before the original SYN pkt TCP reset attack - sends out RST/FIN pkt with bad sequence Pre-connection SYN - sends out SYN with wrong TCP-checksum Post-connection SYN - sends out fake (...) -> http://www.security-database.com/toolswatch/Trafscrambler-anti-sniffer-v0-2-on.html ** Haraldscan The bluetooth discovery scanner updated to version 0.3 ** by Tools Tracker Team - 18 August 2009 The scanner will be able to determine Major and Minor device class of device, as well as attempt to resolve the devices MAC address to the largest known Bluetooth MAC address Vendor list The goal of this project is to obtain as many MAC addresses mapped to device vendors as possible. Tool Submitted by Maximiliano Soler -> http://www.security-database.com/toolswatch/Haraldscan-The-bluetooth-discovery.html ** SAMHAIN v.2.5.8 available ** by Tools Tracker Team - 18 August 2009 The samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. It has been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host. Samhain is a multiplatform application (...) -> http://www.security-database.com/toolswatch/SAMHAIN-v-2-5-8-available.html Cheerz N.OUCHN CEO & Founder Security-Database.com ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- [Tools update] The Security-Database Watch Newsletter -- v20090822 SD List (Aug 24)