Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Tools Update - third week of november 2009

From: "SD List" <list () security-database com>
Date: Sun, 22 Nov 2009 11:04:29 +0100 (CET)
Hello

Here is the site's newsletter "Security Database Tools Watch"
(http://www.security-database.com/toolswatch).
This letter summarizes the articles and news items published since 7 days.


         New articles
         --------------------------


** Process Hacker v1.7 released **
by  ToolsTracker
- 21 November 2009

Process Hacker is a free and open source process viewer and memory editor
with unique features such as powerful process termination and a Regex
memory searcher. It can show services, processes and their threads,
modules, handles and memory regions.

Version 1.7

NEW/IMPROVED

#2873973 - "Columns window improvements"

New settings system - settings can now be saved anywhere

Decreased memory and CPU usage

Process Hacker probably runs on Windows 2000 now

FIXED

#2880368 - "Highlight Option (...)

->
http://www.security-database.com/toolswatch/Process-Hacker-v1-7-released.html


** Hyena v8.0 32-bit & 64-bit released **
by  ToolsTracker
- 21 November 2009

Hyena is a tool for day-to-day administration of Windows NT and Windows
XP/2000/2003 systems. Now Windows 7 too.

Hyena brings together all of the administrative tools from Windows NT such
as User Manager, Server Manager, and File Manager/Explorer, and many of the
MMC components from Windows 2000/2003 into a single, easy-to-use,
centralized program. Hyena arranges all system objects, such as users,
servers, and groups, in a hierarchical tree for easy and logical system
administration. (...)

->
http://www.security-database.com/toolswatch/Hyena-v8-32-bit-64-bit-released.html


** VideoJak v2.0 - IP Video security assessment tool **
by  ToolsTracker
- 20 November 2009

VideoJak is an IP Video security assessment tool that can simulate a proof
of concept video interception or replay test against a targeted,
user-selected video session.

This tool is designed in consideration of todays UC infrastructure
implementions in which QoS requirements dictate the separation of data and
VoIP/Video into discrete networks or VLANs.

VideoJak is a proof of concept security assessment tool that can be used
to test video applications.

VideoJak feature list:

VLAN (...)

->
http://www.security-database.com/toolswatch/VideoJak-v2-IP-Video-security.html


** iWatch v0.2.2 - realtime filesystem monitoring program **
by  ToolsTracker
- 19 November 2009

iWatch is a realtime filesystem monitoring program. Its purpose is to
monitor any changes in a specific directory or file and send email
notification immediately after the change.

This can be very useful to watch a sensible file or directory against any
changes, like files /etc/passwd, /etc/shadow or directory /bin or to
monitor the root directory of a website against any unwanted changes.

Features

run in command line mode as well as in daemon mode

using an easy xml configuration file (...)

->
http://www.security-database.com/toolswatch/iWatch-v0-2-2-realtime-filesystem.html


** Xplico v0.5.3 released **
by  ToolsTracker
- 18 November 2009

The goal of Xplico is extract from an internet traffic capture the
applications data contained. For example, from a pcap file Xplico extracts
each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP
call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol
analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).

Xplico is released under the GNU General Public License.

Version 0.5.3

snoop Packet Capture File Format as input file

DNS (...)

-> http://www.security-database.com/toolswatch/Xplico-v0-5-3-released.html


** inSSIDer v1.2.3.1014 - Wi-Fi network scanner **
by  ToolsTracker
- 18 November 2009

inSSIDer is an award-winning free Wi-Fi network scanner for Windows Vista
and Windows XP. Because NetStumbler doesn't work well with Vista and 64-bit
XP, exits an open-source Wi-Fi network scanner designed for the current
generation of Windows operating systems.

InSSIDer is licensed under the Apache License, Version 2.0.

What's Unique about inSSIDer?

Use Windows Vista and Windows XP 64-bit.

Uses the Native Wi-Fi API.

Group by Mac Address, SSID, Channel, RSSI and "Time Last Seen." (...)

->
http://www.security-database.com/toolswatch/inSSIDer-v1-2-3-1014-Wi-Fi-network.html


** Knock v1.3b - subdomain bruteforcer scan **
by  ToolsTracker
- 18 November 2009

Knock is a python script designed to enumerate subdomains on a target
domain trought a wordlist. This code is released under the GNU / GPL v3.

Knock works on Linux, Windows and MAC OSX with a python version 2.6.x (or
minor).

Usage:

python knock.py [ -url ] [ wordlist ]

View the Demo and the Output

Documentation

Required:

Python version 2.6.x or minor.

A wordlist

Tool Submittted by Gianni Amato, author of this (...)

->
http://www.security-database.com/toolswatch/Knock-v1-3b-subdomain-bruteforcer.html


** MS CAT.NET v1.1.1.9 - Code Analysis Tool .NET **
by  ToolsTracker
- 18 November 2009

CAT.NET is a binary code analysis tool that helps identify common variants
of certain prevailing vulnerabilities that can give rise to common attack
vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath
Injection.

CAT.NET is a snap-in to the Visual Studio IDE that helps you identify
security flaws within a managed code (C#, Visual Basic .NET, J#)
application you are developing. It does so by scanning the binary and/or
assembly of the application, and tracing the data (...)

->
http://www.security-database.com/toolswatch/MS-CAT-NET-v1-1-1-9-Code-Analysis.html


** log2timeline v0.33b - artifact timeline creation and analysis **
by  ToolsTracker
- 18 November 2009

log2timeline is a framework for artifact timeline creation and analysis.
The main purpose is to provide a single tool to parse various log files and
artifacts found on suspect systems (and supporting systems, such as network
equipment) and produce a body file that can be used to create a timeline,
using tools such as mactime from TSK, for forensic investigators.

The tool is written in Perl for Linux but has been tested using Mac OS X
(10.5.7+ and 10.6.+). Parts of it should work (...)

->
http://www.security-database.com/toolswatch/log2timeline-v0-33b-artifact.html


** Metasploit Framework v3.3 released (includes support for Windows 7) **
by  ToolsTracker
- 17 November 2009

The Metasploit Framework is a development platform for creating security
tools and exploits. The framework is used by network security professionals
to perform penetration tests, system administrators to verify patch
installations, product vendors to perform regression testing, and security
researchers world-wide. The framework is written in the Ruby programming
language and includes components written in C and assembler.

Version 3.3 is the latest stable release of the Metasploit (...)

->
http://www.security-database.com/toolswatch/Metasploit-Framework-v3-3-released.html


** PDFResurrect v0.9 released **
by  ToolsTracker
- 17 November 2009

PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format
allows for previous document changes to be retained in a more recent
version of the document, thereby creating a running history of changes for
the document. This tool attempts to extract all previous versions while
also producing a summary of changes between versions.

Version 0.9

This is a bug fix release and addresses the gathering of data (within
limit) for the Creator MetaData at the end of a (...)

->
http://www.security-database.com/toolswatch/PDFResurrect-v0-9-released.html


** Metasploit Framework v3.3 Release Candidate 2 released **
by  ToolsTracker
- 17 November 2009

The Metasploit Framework is a development platform for creating security
tools and exploits. The framework is used by network security professionals
to perform penetration tests, system administrators to verify patch
installations, product vendors to perform regression testing, and security
researchers world-wide. The framework is written in the Ruby programming
language and includes components written in C and assembler.

This 3.3 release candidate is last minute test release of (...)

->
http://www.security-database.com/toolswatch/Metasploit-Framework-v3-3-Release.html


** Offensive-Security released its Exploit Database **
by  Tools Tracker Team
- 16 November 2009

The ultimate archive of exploits and vulnerable software and a great
resource for vulnerability researchers and security addicts alike.
Offensive-Security aim is to collect exploits from submittals and various
mailing lists and concentrate them in one, easy to navigate database. When
possible, we've added the vulnerable software for download. We are still in
the process of organizing the database. You can Download the relevant
exploit by clicking the "D" and when available, download the (...)

->
http://www.security-database.com/toolswatch/Offensive-Security-released-its.html


** (IN)Secure Magazine issue 23 released **
by  ToolsTracker
- 16 November 2009

(IN)SECURE Magazine is a free digital security publication discussing some
of the hottest information security topics.

Issue 23

Microsoft's security patches year in review: A malware researcher's
perspective

A closer look at Red Condor Hosted Service

Report: RSA Conference Europe 2009, London

The U.S. Department of Homeland Security has a vision for stronger
information security

Q&A: Didier Stevens on malicious PDFs

Protecting browsers, endpoints and enterprises against new Web-based (...)


->
http://www.security-database.com/toolswatch/IN-Secure-Magazine-issue-23.html


** PenTester Scripting Logo Competition (Results) **
by  ToolsTracker
- 16 November 2009

PenTester Scripting website is a very handy collection of Scripts (ruby,
shell, perl...) initiated by a group of researchers to make our pentests
journey easier. The scripts are focused into 8 categories (recon, mapping,
discovery, exploitation and so on).


From Security-Database we want to thank to all those that voted for Max's

logo.

Fortunately, Max Soler won the competition!!!

Results

More information: (...)

->
http://www.security-database.com/toolswatch/PenTester-Scripting-Logo,856.html


** Katana v1.0 (Kyuzo) released - multi-boot security suite **
by  ToolsTracker
- 16 November 2009

Katana is a portable multi-boot security suite designed for all your
computer security needs. The idea behind this tool is to bring together all
of the best security distributions to run from one USB drive. Katana
includes distributions which focus on Penetration Testing, Auditing,
Password Cracking, Forensics and Honey Pots.

Katana comes with over 100 portable Windows applications such as
Wireshark, HiJackThis, Unstoppable Copier, and OllyDBG.

Version 1.0

Updated Ophcrack Live, Backtrack (...)

->
http://www.security-database.com/toolswatch/Katana-v1-Kyuzo-released-multi.html

Kind Regards

Nabil OUCHN
CEO & Founder
Security-Database
France

Maximiliano Soler
ToolWatch Leader
Security-Database
Argentina


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: