Penetration Testing mailing list archives
Tools Update - Third week of February 2010
From: "SD List" <list () security-database com>
Date: Sun, 21 Feb 2010 22:56:47 +0100 (CET)
Hello Here is the site's newsletter "Security Database Tools Watch" (http://www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. New articles -------------------------- ** Harden SSL/TLS vBeta ** by ToolsTracker - 19 February 2010 Harden SSL/TLS allows hardening the SSL/TLS settings of Windows 2000, 2003, 2008, 2008R2, XP, Vista, 7. It allows locally and remotely set SSL policies allowing or denying certain ciphers/hashes or complete ciphersuites. This tool specific allows setting policies with regards to what ciphers and protocols are available to applications that use SCHANNEL crypto interface. A lot of windows applications do use this interface, for instance Google Chrome as well as Apple Safari are (...) -> http://www.security-database.com/toolswatch/Harden-SSL-TLS-vBeta.html ** Browser Rider v20090204 released ** by ToolsTracker - 19 February 2010 Browser Rider is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit. Browser Rider is not a new concept. Similar tools such as BeEF or Backframe exploited the same concept. However most of the other existing tools out there are unmainted, not updated and not documented. Browser Rider wants to fill those gaps by providing a better alternative. Features: Easily create (...) -> http://www.security-database.com/toolswatch/Browser-Rider-v20090204-released.html ** Malheur v0.4.5 - Automatic Analysis of Malware Behavior ** by ToolsTracker - 19 February 2010 Malheur is a tool for automatic analysis of program behavior recorded from malicious software (malware). It has been designed to support the regular analysis of malicious software and the development of detection and defense measures. Licensed under GPL v3.0. Malheur allows for identifying novel classes of malware with similar behavior and assigning unknown malware to discovered classes. Analysis of malware behavior? Malheur builds on the concept of dynamic analysis: Malware binaries (...) -> http://www.security-database.com/toolswatch/Malheur-v0-4-5-Automatic-Analysis.html ** Websecurify v0.5 Beta 1 released ** by ToolsTracker - 19 February 2010 Websecurify Security Testing Framework identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The framework is written in JavaScript and successfully executes in numerous platforms including modern browsers with support for HTML5, xulrunner, xpcshell, Java, V8 and others. More information: here -> http://www.security-database.com/toolswatch/Websecurify-v0-5-Beta-1-released.html ** Geoedge v0.2 - IP Location tool ** by ToolsTracker - 16 February 2010 Geoedge, is a little tool to help identify the location of an IP, via services like Maxmind and GeoIpTool. It's simple and can help you when you need to identify the source of an ip fast and from the commandline. Now it provides links to Google Maps and Mapquest, with the IP location. Version 0.2 Links to Google Maps and Mapquest More information: here -> http://www.security-database.com/toolswatch/Geoedge-v0-2-IP-Location-tool.html ** theHarvester v1.5 released ** by ToolsTracker - 16 February 2010 theHarvester is a tool for gathering e-mail accounts from different public sources (search engines, pgp key servers). Is a really simple tool, but very effective. Version 1.5 Fixed Bing search engine Fixed Linkedin The sources supported are: Google - emails Bing search - emails Pgp servers - emails Linkedin - user names Some examples: Searching emails accounts for the domain microsoft.com, it will work with the first 500 google results: ./theharvester.py -d microsoft.com -l 500 -b (...) -> http://www.security-database.com/toolswatch/theHarvester-v1-5-released.html ** Bunkersix v1.0 - personal security control centre ** by ToolsTracker - 16 February 2010 Bunkersix Security Console and Monitoring software provides personal Security Dashboards and Plugin Security Applications for Desktop and Mobile. Security Dashboard Features The Console: The bunkersix web console enables you to monitor your security applications from both your desktop and on the go via your web enabled smart phone. The taskbar application Agent: Security alerts from your servers and workstations are transmitted from the Bunkersix Agent a taskbar application. Add new (...) -> http://www.security-database.com/toolswatch/Bunkersix-v1-personal-security.html ** SAINT v7.2.6 released ** by ToolsTracker - 16 February 2010 SAINT is the Security Administrators Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINTs data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...) -> http://www.security-database.com/toolswatch/SAINT-v7-2-6-released.html ** Medusa Parallel Network Login Auditor v2.0 released ** by ToolsTracker - 16 February 2010 Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application: Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently. Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For (...) -> http://www.security-database.com/toolswatch/Medusa-Parallel-Network-Login,1020.html Regards Nabil OUCHN CEO & Founder Security-Database France Maximiliano Soler ToolsWatch Leader Security-Database Argentina ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Tools Update - Third week of February 2010 SD List (Feb 22)