Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Tools Update - Third week of February 2010

From: "SD List" <list () security-database com>
Date: Sun, 21 Feb 2010 22:56:47 +0100 (CET)
Hello

Here is the site's newsletter "Security Database Tools Watch"
(http://www.security-database.com/toolswatch).
This letter summarizes the articles and news items published since 7 days.


         New articles
         --------------------------


** Harden SSL/TLS vBeta **
by  ToolsTracker
- 19 February 2010

Harden SSL/TLS allows hardening the SSL/TLS settings of Windows 2000,
2003, 2008, 2008R2, XP, Vista, 7. It allows locally and remotely set SSL
policies allowing or denying certain ciphers/hashes or complete
ciphersuites.

This tool specific allows setting policies with regards to what ciphers
and protocols are available to applications that use SCHANNEL crypto
interface. A lot of windows applications do use this interface, for
instance Google Chrome as well as Apple Safari are (...)

-> http://www.security-database.com/toolswatch/Harden-SSL-TLS-vBeta.html


** Browser Rider v20090204 released **
by  ToolsTracker
- 19 February 2010

Browser Rider is a hacking framework to build payloads that exploit the
browser. The project aims to provide a powerful, simple and flexible
interface to any client side exploit.

Browser Rider is not a new concept. Similar tools such as BeEF or
Backframe exploited the same concept. However most of the other existing
tools out there are unmainted, not updated and not documented. Browser
Rider wants to fill those gaps by providing a better alternative.

Features:

Easily create (...)

->
http://www.security-database.com/toolswatch/Browser-Rider-v20090204-released.html


** Malheur v0.4.5 - Automatic Analysis of Malware Behavior **
by  ToolsTracker
- 19 February 2010

Malheur is a tool for automatic analysis of program behavior recorded from
malicious software (malware). It has been designed to support the regular
analysis of malicious software and the development of detection and defense
measures. Licensed under GPL v3.0.

Malheur allows for identifying novel classes of malware with similar
behavior and assigning unknown malware to discovered classes.

Analysis of malware behavior?

Malheur builds on the concept of dynamic analysis: Malware binaries (...)

->
http://www.security-database.com/toolswatch/Malheur-v0-4-5-Automatic-Analysis.html


** Websecurify v0.5 Beta 1 released **
by  ToolsTracker
- 19 February 2010

Websecurify Security Testing Framework identifies web security
vulnerabilities by using advanced browser automation, discovery and fuzzing
technologies. The framework is written in JavaScript and successfully
executes in numerous platforms including modern browsers with support for
HTML5, xulrunner, xpcshell, Java, V8 and others.

More information: here

->
http://www.security-database.com/toolswatch/Websecurify-v0-5-Beta-1-released.html


** Geoedge v0.2 - IP Location tool **
by  ToolsTracker
- 16 February 2010

Geoedge, is a little tool to help identify the location of an IP, via
services like Maxmind and GeoIpTool.

It's simple and can help you when you need to identify the source of an ip
fast and from the commandline. Now it provides links to Google Maps and
Mapquest, with the IP location.

Version 0.2

Links to Google Maps and Mapquest

More information: here

->
http://www.security-database.com/toolswatch/Geoedge-v0-2-IP-Location-tool.html


** theHarvester v1.5 released **
by  ToolsTracker
- 16 February 2010

theHarvester is a tool for gathering e-mail accounts from different public
sources (search engines, pgp key servers). Is a really simple tool, but
very effective.

Version 1.5

Fixed Bing search engine

Fixed Linkedin

The sources supported are:

Google - emails

Bing search - emails

Pgp servers - emails

Linkedin - user names

Some examples:

Searching emails accounts for the domain microsoft.com, it will work with
the first 500 google results:

./theharvester.py -d microsoft.com -l 500 -b (...)

->
http://www.security-database.com/toolswatch/theHarvester-v1-5-released.html


** Bunkersix v1.0 - personal security control centre **
by  ToolsTracker
- 16 February 2010

Bunkersix Security Console and Monitoring software provides personal
Security Dashboards and Plugin Security Applications for Desktop and
Mobile.

Security Dashboard Features

The Console: The bunkersix web console enables you to monitor your
security applications from both your desktop and on the go via your web
enabled smart phone.

The taskbar application Agent: Security alerts from your servers and
workstations are transmitted from the Bunkersix Agent a taskbar
application.

Add new (...)

->
http://www.security-database.com/toolswatch/Bunkersix-v1-personal-security.html


** SAINT v7.2.6 released **
by  ToolsTracker
- 16 February 2010

SAINT is the Security Administrator’s Integrated Network Tool. It is
used to non-intrusively detect security vulnerabilities on any remote
target, including servers, workstations, networking devices, and other
types of nodes. It will also gather information such as operating system
types and open ports. The SAINT graphical user interface provides access to
SAINT’s data management, scan configuration, scan scheduling, and data
analysis capabilities through a web browser. Different aspects of (...)

-> http://www.security-database.com/toolswatch/SAINT-v7-2-6-released.html


** Medusa Parallel Network Login Auditor v2.0 released **
by  ToolsTracker
- 16 February 2010

Medusa is intended to be a speedy, massively parallel, modular, login
brute-forcer. The goal is to support as many services which allow remote
authentication as possible.

The author considers following items as some of the key features of this
application:

Thread-based parallel testing. Brute-force testing can be performed
against multiple hosts, users or passwords concurrently.

Flexible user input. Target information (host/user/password) can be
specified in a variety of ways. For (...)

->
http://www.security-database.com/toolswatch/Medusa-Parallel-Network-Login,1020.html

Regards

Nabil OUCHN
CEO & Founder
Security-Database
France

Maximiliano Soler
ToolsWatch Leader
Security-Database
Argentina


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: