Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Tools Update - Xmas 2009

From: "SD List" <list () security-database com>
Date: Sat, 26 Dec 2009 21:53:10 +0100 (CET)

Hello

Here is the site's newsletter "Security Database Tools Watch"
(http://www.security-database.com/toolswatch).
This letter summarizes the articles and news items published since 7 days.

Security-Database Team wishes you a Merry XMAS & a Happy New Year.


         New articles
         --------------------------


** SAINT® v7.2.3 updates - now SCAP support - **
by  Tools Tracker Team
- 26 December 2009

SAINT is the Security Administrator’s Integrated Network Tool. It is
used to non-intrusively detect security vulnerabilities on any remote
target, including servers, workstations, networking devices, and other
types of nodes. It will also gather information such as operating system
types and open ports. The SAINT graphical user interface provides access to
SAINT’s data management, scan configuration, scan scheduling, and data
analysis capabilities through a web browser. Different aspects of (...)

->
http://www.security-database.com/toolswatch/SAINT-R-v7-2-3-updates-now-SCAP.html


** Nmap 5.10BETA2 released : Citrix scanning & xmas greetings **
by  Tools Tracker Team
- 26 December 2009

Nmap ("Network Mapper") is a free open source utility for network
exploration or security auditing. It was designed to rapidly scan large
networks, although it works fine against single hosts. Nmap uses raw IP
packets in novel ways to determine what hosts are available on the network,
what services (application name and version) those hosts are offering, what
operating systems (and OS versions) they are running, what type of packet
filters/firewalls are in use, and dozens of other (...)

->
http://www.security-database.com/toolswatch/Nmap-5-10BETA2-released-Citrix.html


** Yasat v1.70a - Yet Another Stupid Audit Tool **
by  ToolsTracker
- 24 December 2009

YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool. Its
goal is to be as simple as possible with minimum binary dependencies (only
sed, grep and cut).

It do many tests for checking security configuration issue or others good
practice.

It checks many software configurations like:

Apache

PHP

kernel

mysql

openvpn

Packages update

snmpd

tomcat

user accounting

vsftpd

xinetd

YASAT is licensed under GPLv3

MD5SUM 9dd26de0ab213ded1a1a59cb7afabd07

SHA1SUM (...)

->
http://www.security-database.com/toolswatch/Yasat-v1-70a-Yet-Another-Stupid.html


** Process Hacker just updated to v1.9 **
by  Tools Tracker Team
- 24 December 2009

Process Hacker is a free and open source process viewer and memory editor
with unique features such as powerful process termination and a Regex
memory searcher. It can show services, processes and their threads,
modules, handles and memory regions.

Thanks to Barry Irwin for this update

Version 1.9

NEW/IMPROVED:

Dump/view process information

Added useful tooltips to the module list

The "-elevate" command line option propagates other arguments

FIXED:

#2911938 - "The given key was not (...)

->
http://www.security-database.com/toolswatch/Process-Hacker-just-updated-to-v1.html


** WinScanX v1.0 - Windows auditing tool **
by  ToolsTracker
- 24 December 2009

WinScanX is a state-of-the-art Windows auditing tool designed to help you
get your Windows audit done quickly. It's easy to use and no installation
is required.

WinScanX Pro can potentially scan thousands of hosts in a matter of
minutes while WinScanX Basic can only scan one host at a time.

WinScanX Options and Input Files

WinScanX has over 20 options that allow a user to gather various types of
information, check for easy-to-guess passwords, etc. There are also several
input files that (...)

->
http://www.security-database.com/toolswatch/WinScanX-v1-Windows-auditing-tool.html


** Process Hacker v1.8 released **
by  ToolsTracker
- 24 December 2009

Process Hacker is a free and open source process viewer and memory editor
with unique features such as powerful process termination and a Regex
memory searcher. It can show services, processes and their threads,
modules, handles and memory regions.

Version 1.8

NEW/IMPROVED:

Ability to set I/O priority for processes and threads

No more separate Assistant.exe executable required

Signature verification now works on x64

Now shows signer names (plus a Verified Signer column)

Added proper (...)

->
http://www.security-database.com/toolswatch/Process-Hacker-v1-8-released.html


** PenTBox v1.0.1 - looking for phrases **
by  ToolsTracker
- 24 December 2009

PenTBox is a Security Suite with programs like Password Crackers, Denial
of Service testing tools (DoS and DDoS), Secure Password Generators,
Honeypots and much more. Destined to test security/stability of networks
and more. Programmed in Ruby, and oriented to GNU/Linux systems (but
compatible with Windows, MacOS and more).

A new version of PenTBox is being developed, probably it will be published
in January 2010.

Alberto Ortega Llamas, our friend, is looking for phrases to print (...)

->
http://www.security-database.com/toolswatch/PenTBox-v1-1-looking-for-phrases.html


** OpenVAS 3.0 released **
by  ToolsTracker
- 24 December 2009

OpenVAS stands for Open Vulnerability Assessment System and is a network
security scanner with associated tools like a graphical user fontend. The
core is a server component with a set of plugins to test various
vulnerabilities in remote systems and applications

The release introduces new features and a new architecture which forms the
basis for turning the vulnerability scanner into a vulnerability management
solution.

The GPL-licensed Open Vulnerability Assessment System (OpenVAS) has (...)

-> http://www.security-database.com/toolswatch/OpenVAS-3-released.html


** SAINT v7.2.2 released **
by  ToolsTracker
- 23 December 2009

SAINT is the Security Administrator’s Integrated Network Tool. It is
used to non-intrusively detect security vulnerabilities on any remote
target, including servers, workstations, networking devices, and other
types of nodes. It will also gather information such as operating system
types and open ports. The SAINT graphical user interface provides access to
SAINT’s data management, scan configuration, scan scheduling, and data
analysis capabilities through a web browser. Different aspects of (...)

-> http://www.security-database.com/toolswatch/SAINT-v7-2-2-released.html


** Metasploit Framework updated to v3.3.3 **
by  Tools Tracker Team
- 23 December 2009

The Metasploit Framework is a development platform for creating security
tools and exploits. The framework is used by network security professionals
to perform penetration tests, system administrators to verify patch
installations, product vendors to perform regression testing, and security
researchers world-wide. The framework is written in the Ruby programming
language and includes components written in C and assembler.

Metasploit Framework v3.3.3

All exploits now contain a (...)

->
http://www.security-database.com/toolswatch/Metasploit-Framework-updated-to-v3.html


** fimap v0.7a released **
by  ToolsTracker
- 22 December 2009

fimap is a little python tool which can find, prepare, audit, exploit and
even google automaticly for local and remote file inclusion bugs in
webapps. fimap should be something like sqlmap just for LFI/RFI bugs
instead of sql injection. It's is currently under heavy development but
it's usable.

Version 0.7 Alpha:

All commands will now be send base64 encoded. So you can use quotes as
much as you want.

php://input detection is now 100% reliable. (it produced some false
positives (...)

-> http://www.security-database.com/toolswatch/fimap-v0-7a-released.html


** FindDomains v0.1.1 released - search engine discovery tool **
by  ToolsTracker
- 22 December 2009

The fastest search engine discovery tool that retrieves domains which are
located at specified ip address/hostname.

FindDomains is a multithreaded search engine discovery tool that will be
very useful for penetration testers dealing with discovering domain
names/web sites/virtual hosts which are located on too many IP addresses.
Provides a console interface so you can easily integrate this tool to your
pentest automation system.

It retrieves domain names/web sites which are located on (...)

->
http://www.security-database.com/toolswatch/FindDomains-v0-1-1-released-search.html


** Samhain v2.6.1 released **
by  ToolsTracker
- 21 December 2009

The samhain open source host-based intrusion detection system (HIDS)
provides file integrity checking and logfile monitoring/analysis, as well
as rootkit detection, port monitoring, detection of rogue SUID executables,
and hidden processes.

It has been designed to monitor multiple hosts with potentially different
operating systems, providing centralized logging and maintenance, although
it can also be used as standalone application on a single host.

Version 2.6.1 (Dec 21, 2009)

On (...)

->
http://www.security-database.com/toolswatch/Samhain-v2-6-1-released.html

Regards

Nabil OUCHN
CEO & Founder
Security-Database
France

Maximiliano Soler
ToolWatch Leader
Security-Database
Argentina


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: