Penetration Testing mailing list archives
Tools Update - second week of december 2009
From: "SD List" <list () security-database com>
Date: Sat, 12 Dec 2009 21:34:19 +0100 (CET)
Hello Here is the site's newsletter "Security Database Tools Watch" (http://www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. New articles -------------------------- ** OSWA-Assistant v0.9.0.6h released ** by Tools Tracker Team - 12 December 2009 The OSWA-Assistant is a no-Operating-System-required standalone toolkit which is solely focused on wireless auditing. As a result, in addition to the usual WiFi (802.11) auditing tools, it also covers Bluetooth and RFID auditing. Using the toolkit is as easy as popping it into your computers CDROM and making your computer boot from it! This is a maintenance release with more Ralink cards supported (due to changes in vendor IDs reported by certified OSWAs & various other people) and (...) -> http://www.security-database.com/toolswatch/OSWA-Assistant-v0-9-6h-released.html ** WAFW00F beta released : Auditing Web Application Firewall ** by Tools Tracker Team - 11 December 2009 WAFW00F allows one to identify and fingerprint WAF products protecting a website This set of tools is available from svn. Grab it from this location svn checkout http://waffit.googlecode.com/svn/trunk/ waffit-read-only Tool Submitted by Sebastien Gioria (OWASP French Chapter Leader) -> http://www.security-database.com/toolswatch/WAFW00F-beta-released-Auditing-Web.html ** Graudit v1.5 released ** by Tools Tracker Team - 11 December 2009 Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible. Version 1.5 New features for server wide install Source distro file for package maintainers Signature bug fixes New php, python and perl signatures Deprecating the rough signature set (...) -> http://www.security-database.com/toolswatch/Graudit-v1-5-released.html ** Halberd v0.2.3 available : Load balancer configuration auditing ** by Tools Tracker Team - 11 December 2009 To cope with heavy traffic loads, web site administrators often install load balancer devices. These machines hide (possibly) many real web servers behind a virtual IP. They receive HTTP requests and redirect them to the real web servers in order to share the traffic between them. Halberd is a tool aimed at discovering real servers behind virtual IPs Halberd should work in any system with Python version 2.4 or above. It has been successfully built and tested under GNU/Linux, Windows 2000 (...) -> http://www.security-database.com/toolswatch/Halberd-v0-2-3-available-Load.html ** JBroFuzz v1.8 released ** by Tools Tracker Team - 11 December 2009 JBroFuzz is a web application fuzzer for requests being made over HTTP and/or HTTPS. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities. The components of JBroFuzz are all integrated into a single window and can be accessed through individual tabs. These tabs are: Fuzzing The fuzzing tab is the main tab of JBroFuzz, responsible for all fuzzing operations performed over the network. Depending on the fuzzer payloads (...) -> http://www.security-database.com/toolswatch/JBroFuzz-v1-8-released.html ** Groundspeed v1.0.1 in the wild ** by Tools Tracker Team - 11 December 2009 Groundspeed is an open-source Firefox add-on that allows you to modify the web application interface during a penetration test by manipulating the forms and form elements loaded in the browser page, eliminating annoying limitations and client-side controls. Some of the practical uses of groundspeed include changing hidden fields, select drop down lists and other fields into text fields, removing size and length limitations on input fields and modifying JavaScript event handlers to bypass (...) -> http://www.security-database.com/toolswatch/Groundspeed-v1-1-in-the-wild.html ** Lynis v1.2.8 released ** by ToolsTracker - 9 December 2009 Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. Version 1.2.8 (2009-12-08) New: Squid support added Squid daemon detection [SQD-3602] Squid configuration file search [SQD-3604] Squid version detection [SQD-3606] Check /etc/motd banner [BANN-7122] Check /etc/issue.net file (...) -> http://www.security-database.com/toolswatch/Lynis-v1-2-8-released.html ** WPA Cracker Service - cloud cracking service ** by ToolsTracker - 9 December 2009 WPA Cracker is a cloud cracking service for penetration testers and network auditors who need to check the security of WPA-PSK protected wireless networks. WPA-PSK networks are vulnerable to dictionary attacks, but running a respectable-sized dictionary over a WPA network handshake can take days or weeks. WPA Cracker gives you access to a 400CPU cluster that will run your network capture against a 135 million word dictionary created specifically for WPA passwords. While this job would (...) -> http://www.security-database.com/toolswatch/WPA-Cracker-Service-cloud-cracking.html ** Matriux v0.9.4 Build 091127 released ** by ToolsTracker - 9 December 2009 The Matriux is a phenomenon that was waiting to happen. It is a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used (...) -> http://www.security-database.com/toolswatch/Matriux-v0-9-4-Build-091127.html Regards Nabil OUCHN CEO & Founder Security-Database France Maximiliano Soler ToolWatch Leader Security-Database Argentina ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Tools Update - second week of december 2009 SD List (Dec 15)