Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Tools Update - second week of december 2009

From: "SD List" <list () security-database com>
Date: Sat, 12 Dec 2009 21:34:19 +0100 (CET)

Hello

Here is the site's newsletter "Security Database Tools Watch"
(http://www.security-database.com/toolswatch).
This letter summarizes the articles and news items published since 7 days.


         New articles
         --------------------------


** OSWA-Assistant v0.9.0.6h released **
by  Tools Tracker Team
- 12 December 2009

The OSWA™-Assistant is a no-Operating-System-required standalone toolkit
which is solely focused on wireless auditing. As a result, in addition to
the usual WiFi (802.11) auditing tools, it also covers Bluetooth and RFID
auditing. Using the toolkit is as easy as popping it into your computer’s
CDROM and making your computer boot from it!

This is a maintenance release with more Ralink cards supported (due to
changes in vendor IDs reported by certified OSWAs & various other people)
and (...)

->
http://www.security-database.com/toolswatch/OSWA-Assistant-v0-9-6h-released.html


** WAFW00F beta released : Auditing Web Application Firewall **
by  Tools Tracker Team
- 11 December 2009

WAFW00F allows one to identify and fingerprint WAF products protecting a
website

This set of tools is available from svn. Grab it from this location

svn checkout http://waffit.googlecode.com/svn/trunk/ waffit-read-only

Tool Submitted by Sebastien Gioria (OWASP French Chapter Leader)

->
http://www.security-database.com/toolswatch/WAFW00F-beta-released-Auditing-Web.html


** Graudit v1.5 released **
by  Tools Tracker Team
- 11 December 2009

Graudit is a simple script and signature sets that allows you to find
potential security flaws in source code using the GNU utility grep. It's
comparable to other static analysis applications like RATS, SWAAT and
flaw-finder while keeping the technical requirements to a minimum and being
very flexible.

Version 1.5

New features for server wide install

Source distro file for package maintainers

Signature bug fixes

New php, python and perl signatures

Deprecating the rough signature set (...)

-> http://www.security-database.com/toolswatch/Graudit-v1-5-released.html


** Halberd v0.2.3 available : Load balancer configuration auditing **
by  Tools Tracker Team
- 11 December 2009

To cope with heavy traffic loads, web site administrators often install
load balancer devices. These machines hide (possibly) many real web servers
behind a virtual IP. They receive HTTP requests and redirect them to the
real web servers in order to share the traffic between them.

Halberd is a tool aimed at discovering real servers behind virtual IPs

Halberd should work in any system with Python version 2.4 or above. It has
been successfully built and tested under GNU/Linux, Windows 2000 (...)

->
http://www.security-database.com/toolswatch/Halberd-v0-2-3-available-Load.html


** JBroFuzz v1.8 released **
by  Tools Tracker Team
- 11 December 2009

JBroFuzz is a web application fuzzer for requests being made over HTTP
and/or HTTPS. Its purpose is to provide a single, portable application that
offers stable web protocol fuzzing capabilities.

The components of JBroFuzz are all integrated into a single window and can
be accessed through individual tabs. These tabs are:

Fuzzing

The fuzzing tab is the main tab of JBroFuzz, responsible for all fuzzing
operations performed over the network. Depending on the fuzzer payloads
(...)

-> http://www.security-database.com/toolswatch/JBroFuzz-v1-8-released.html


** Groundspeed v1.0.1 in the wild **
by  Tools Tracker Team
- 11 December 2009

Groundspeed is an open-source Firefox add-on that allows you to modify the
web application interface during a penetration test by manipulating the
forms and form elements loaded in the browser page, eliminating annoying
limitations and client-side controls.

Some of the practical uses of groundspeed include changing hidden fields,
select drop down lists and other fields into text fields, removing size and
length limitations on input fields and modifying JavaScript event handlers
to bypass (...)

->
http://www.security-database.com/toolswatch/Groundspeed-v1-1-in-the-wild.html


** Lynis v1.2.8 released **
by  ToolsTracker
- 9 December 2009

Lynis is an auditing tool for Unix (specialists). It scans the system and
available software, to detect security issues. Beside security related
information it will also scan for general system information, installed
packages and configuration mistakes.

Version 1.2.8 (2009-12-08) New:

Squid support added

Squid daemon detection [SQD-3602]

Squid configuration file search [SQD-3604]

Squid version detection [SQD-3606]

Check /etc/motd banner [BANN-7122]

Check /etc/issue.net file (...)

-> http://www.security-database.com/toolswatch/Lynis-v1-2-8-released.html


** WPA Cracker Service - cloud cracking service **
by  ToolsTracker
- 9 December 2009

WPA Cracker is a cloud cracking service for penetration testers and
network auditors who need to check the security of WPA-PSK protected
wireless networks.

WPA-PSK networks are vulnerable to dictionary attacks, but running a
respectable-sized dictionary over a WPA network handshake can take days or
weeks. WPA Cracker gives you access to a 400CPU cluster that will run your
network capture against a 135 million word dictionary created specifically
for WPA passwords. While this job would (...)

->
http://www.security-database.com/toolswatch/WPA-Cracker-Service-cloud-cracking.html


** Matriux v0.9.4 Build 091127 released **
by  ToolsTracker
- 9 December 2009

The Matriux is a phenomenon that was waiting to happen. It is a fully
featured security distribution consisting of a bunch of powerful, open
source and free tools that can be used for various purposes including, but
not limited to, penetration testing, ethical hacking, system and network
administration, cyber forensics investigations, security testing,
vulnerability analysis, and much more. It is a distribution designed for
security enthusiasts and professionals, although it can be used (...)

->
http://www.security-database.com/toolswatch/Matriux-v0-9-4-Build-091127.html

Regards

Nabil OUCHN
CEO & Founder
Security-Database
France

Maximiliano Soler
ToolWatch Leader
Security-Database
Argentina


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: