This tool has three purposes :

1. SQL injection :

a)Error based: it scans for vulnerable websites based on common SQL errors for variety of databases.

b)Difference (true/false) scan: it scans for sites that do not display SQL errors but yet are vulnerable , the concept behind this scan is true / false query to the database which will give different answers which will then be scanned and in case of difference in length and content site will be considered vulnerable.

2.XSS scanner : it encrypts XSS vector and tries to scan result from web server , if XSS vector is found inside source than site is vulnerable. It only uses GET request to web server. NOTE: It will scan for XSS vector but it will not test if alert or any other event really happened.

3. Admin scanner : it scans for admin login locations , based on default list or any other that you have supplied.Response code 200 and 306 is considered success.

4. Shared hosting scanner : it send request to sameip.org and then parses html for pages

Download
http://code.google.com/p/maxisploit-scanner/downloads/list

"The BackBox team is proud to announce the release 2.05 of BackBox Linux. The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. The ISO images (32bit & 64bit)"

Download
http://www.backbox.org/downloads

BackBox is a GNU/Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools.

This is a tool for directory discovery of web applications, by default it uses a dictionary
based approach which is in data/fdirs.txt it can also use the crawler module to find links
up to 1 level of depth.

Info
https://github.com/matugm/dirfuzz/#readme

Download
https://github.com/matugm/dirfuzz/tarball/master

Some 100,000 routers of type Speedport W921V, W504V and W723V are affected in Germany alone. What makes things worse is the fact that in order to exploit the backdoor, no button has to be pushed on the device itself and on some of the affected routers, the backdoor PIN ("12345670") is still working even after WPS has been disabled by the user. The only currently known remedy for those models is to disable Wi-Fi altogether. Since all Arcadyan routers share the same software platform, more models might be affected.

The social networking giant, Facebook announced its partnership with a number of security vendors to protect its users from spam and malicious content.
Facebook teams up with Microsoft, McAfee, TrendMicro, Sophos, and Symantec and launched the Antivirus Marketplace where facebook users can download Antivirus softwares for free.

Download
http://on.fb.me/FBAVMarketplace

URL: http://www.spiegel.de/artikelversand/online/a-823270-de.html

POST: f.emailempfang=alert(navigator.userAgent)

by
watt

The free Svchost Process Analyzer lists all svchost instances and checks the services they contain. This makes it easy to uncover Svchost worms like the infamous Conficker worm.
Svchost Process Analyzer is a 100% freeware program from www.neuber.com. There is absolutely no installation required. Simply download and run the software.

Download
http://www.neuber.com/free/svchost-analyzer/SvchostAnalyzer.exe

App Permission Watcher is an App (application) for smartphones with the Android operating system. It helps you to monitor the permissions used by installed non-system Apps.
The App warns you about suspicious permission combinations that can be used to compromise privacy or to cause unwanted costs.

Download
http://www.apewatch.de/download_en.html

Scan your PHP/Perl code for security flaws using PHP Security Scanner. This is an important part of web application testing process.

Info
http://evuln.com/tools/php-security/