... neuere Einträge
Monday, 19. March 2012
Mutillidae Born to be Hacked
Am Monday, 19. Mar 2012 im Topic 'Pentest'
Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver.
Features
Installs easily by dropping project files into the "htdocs" folder of XAMPP.
Switches between secure and insecure mode
Secure and insecure source code for each page stored in the same PHP file for easy comparison
Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver.
Has dozen of vulnerablities and challenges. Contains at least one vulnearbility for each of the OWASP Top Ten 2007 and 2010
System can be restored to default with single-click of "Setup" button
Used in graduate security courses, in corporate web sec training courses, and as an "assess the assessor" target for vulnerability software
Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools.
Download
http://sourceforge.net/projects/mutillidae/files/latest/download
Features
Installs easily by dropping project files into the "htdocs" folder of XAMPP.
Switches between secure and insecure mode
Secure and insecure source code for each page stored in the same PHP file for easy comparison
Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver.
Has dozen of vulnerablities and challenges. Contains at least one vulnearbility for each of the OWASP Top Ten 2007 and 2010
System can be restored to default with single-click of "Setup" button
Used in graduate security courses, in corporate web sec training courses, and as an "assess the assessor" target for vulnerability software
Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools.
Download
http://sourceforge.net/projects/mutillidae/files/latest/download
Thursday, 15. March 2012
Anonymous OS Alpha - Linux
Am Thursday, 15. Mar 2012 im Topic 'Pentest'
Here some of preinstalled apps:
- ParolaPass Password Generator
- Find Host IP
- Anonymous HOIC
- Ddosim
- Pyloris
- Slowloris
- TorsHammer
- Sqlmap
- Havij
- Sql Poison
- Admin Finder
- John the Ripper
- Hash Identifier
- Tor
- XChat IRC
- Pidgin
- Vidalia
- Polipo
- JonDo
- i2p
- Wireshark
- Zenmap
…and more
Including Broadcom BCM43xx wireless driver.
Download
http://sourceforge.net/projects/anonymous-os/
- ParolaPass Password Generator
- Find Host IP
- Anonymous HOIC
- Ddosim
- Pyloris
- Slowloris
- TorsHammer
- Sqlmap
- Havij
- Sql Poison
- Admin Finder
- John the Ripper
- Hash Identifier
- Tor
- XChat IRC
- Pidgin
- Vidalia
- Polipo
- JonDo
- i2p
- Wireshark
- Zenmap
…and more
Including Broadcom BCM43xx wireless driver.
Download
http://sourceforge.net/projects/anonymous-os/
Monday, 12. March 2012
Vanguard - Penetration testing tool - Linux
Am Monday, 12. Mar 2012 im Topic 'Pentest'
Vanguard is a comprehensive web penetration testing tool written in Perl that identifies vulnerabilities in web applications. It is an another addition in open source web penetration testing community.
Web penetration tests:
SQL injection (This test is signature free!)
LDAP Injection
XSS
File inclusion
Command Injection
Download
http://www.blackhatacademy.org/releases/vanguard-public.tgz
Web penetration tests:
SQL injection (This test is signature free!)
LDAP Injection
XSS
File inclusion
Command Injection
Download
http://www.blackhatacademy.org/releases/vanguard-public.tgz
Saturday, 10. March 2012
Bugtraq System - Penetration Distro GNU/Linux
Am Saturday, 10. Mar 2012 im Topic 'Pentest'
Bugtraq is a distribution based on the 2.6.38 kernel has a wide range of penetration and forensic tools. Bugtraq can install from a Live DVD or USB drive, the distribution is customized to the last package, configured and updated the kernel and the kernel has been patched for better performance and to recognize a variety of hardware, including wireless injection patches pentesting other distributions do not recognize.
Some of the special features that you can appreciate are:
Administrative improvements of the system for better management of services.
Expanded the range of recognition for injection wireless drivers.
Patching the kernel 2.6.38 to recognize 4 gigs of RAM in 32-bit.
Tools perfectly configured, automated installation scripts and tools like Nessus, OpenVAS, Greenbone, Nod32, Hashcat, Avira, BitDefender, ClamAV, Avast, AVG, etc...
Unique Scripts from Bugtraq-Team (SVN updates tools, delete tracks, backdoors, Spyder-sql, etc.)
Stability and performance optimized: Enhanced performance flash and java and start purging unnecessary services. So that the user can use only the services you really want.
It has incorporated the creation of the user in the installation, which is created with all system configurations.
We are the distribution and Forensic Pentesting with more tools built and functional, well organized menu without repetition of the same to avoid overwhelming the user.
Download
http://bugtraq-team.com/index.php/en/descargas-2
Some of the special features that you can appreciate are:
Administrative improvements of the system for better management of services.
Expanded the range of recognition for injection wireless drivers.
Patching the kernel 2.6.38 to recognize 4 gigs of RAM in 32-bit.
Tools perfectly configured, automated installation scripts and tools like Nessus, OpenVAS, Greenbone, Nod32, Hashcat, Avira, BitDefender, ClamAV, Avast, AVG, etc...
Unique Scripts from Bugtraq-Team (SVN updates tools, delete tracks, backdoors, Spyder-sql, etc.)
Stability and performance optimized: Enhanced performance flash and java and start purging unnecessary services. So that the user can use only the services you really want.
It has incorporated the creation of the user in the installation, which is created with all system configurations.
We are the distribution and Forensic Pentesting with more tools built and functional, well organized menu without repetition of the same to avoid overwhelming the user.
Download
http://bugtraq-team.com/index.php/en/descargas-2
Friday, 2. March 2012
BackTrack 5 R2 - Download Now
Am Friday, 2. Mar 2012 im Topic 'Pentest'
Backtrack 5 R2 finally released with bug fixes, upgrades, and the addition of 42 new tools. With the best custom-built 3.2.6 kernel, the best wireless support available at maximum speed. This release have included Metasploit 4.2.0 Community Edition, version 3.0 of the Social Engineer Toolkit, BeEF 0.4.3.2, and many other tool upgrades.
Download
http://www.backtrack-linux.org/downloads/
Download
http://www.backtrack-linux.org/downloads/
Wednesday, 29. February 2012
Sandcat Browser
Am Wednesday, 29. Feb 2012 im Topic 'Pentest'
Sandcat Browser includes the following pen-test oriented features:
Live HTTP Headers
Request Editor extension
Fuzzer extension with multiple modes and support for filters
JavaScript Executor extension -- allows you to load and run external JavaScript files
Lua Executor extension -- allows you to load and run external Lua scripts
Syhunt Gelo
HTTP Brute Force, CGI Scanner scripts and more.
Download
http://www.syhunt.com/?n=Sandcat.Browser
Live HTTP Headers
Request Editor extension
Fuzzer extension with multiple modes and support for filters
JavaScript Executor extension -- allows you to load and run external JavaScript files
Lua Executor extension -- allows you to load and run external Lua scripts
Syhunt Gelo
HTTP Brute Force, CGI Scanner scripts and more.
Download
http://www.syhunt.com/?n=Sandcat.Browser
Saturday, 25. February 2012
Hardanger - web testing platform
Am Saturday, 25. Feb 2012 im Topic 'Pentest'
Hardanger is an open source web application penetration testing platform for Microsoft Windows operating systems.
Current Features
Native Windows feel via Windows Presentation Foundation
Can run as a Fiddler2 add-on or standalone
ClickOnce installer with automatic updates (standalone version)
Context tab allowing inspection of full HTTP requests
Server fuzzer tab to configure and launch the server fuzzer
Basic random fuzzer generates random strings of UTF8 characters of random lengths
Non HTTP 200 detection engine
Results window keeping track of successful detections
Ability to review requests/responses in the results details window
Download
http://hardanger.codeplex.com/releases/view/81426
Current Features
Native Windows feel via Windows Presentation Foundation
Can run as a Fiddler2 add-on or standalone
ClickOnce installer with automatic updates (standalone version)
Context tab allowing inspection of full HTTP requests
Server fuzzer tab to configure and launch the server fuzzer
Basic random fuzzer generates random strings of UTF8 characters of random lengths
Non HTTP 200 detection engine
Results window keeping track of successful detections
Ability to review requests/responses in the results details window
Download
http://hardanger.codeplex.com/releases/view/81426
Sunday, 19. February 2012
Drupal Security Scanner - Linux
Am Sunday, 19. Feb 2012 im Topic 'Pentest'
This small tool is public and accessible to you for use however you please. It may help other auditors or penetration testers do their job faster, Here is a little demonstration. After downloading the script (in python), you simply type:
> python DPScan.py [website url]
Download
https://github.com/Rorchackh/Blue-Sky-Information-Security/blob/master/DPScan.py
> python DPScan.py [website url]
Download
https://github.com/Rorchackh/Blue-Sky-Information-Security/blob/master/DPScan.py
Friday, 17. February 2012
Nessus VulnerabilitY Scanner
Am Friday, 17. Feb 2012 im Topic 'Pentest'
The Nessus vulnerability scanner is available as a stand-alone network scanner, as a subscription service or as a closely integrated scanning component of SecurityCenter.
Download
http://www.nessus.org/products/nessus/nessus-download-agreement
FAQ
http://www.nessus.org/products/nessus/nessus-faq
Download
http://www.nessus.org/products/nessus/nessus-download-agreement
FAQ
http://www.nessus.org/products/nessus/nessus-faq
Monday, 13. February 2012
DotDotPwn - Directory Traversal Checking and Scanning - Linux
Am Monday, 13. Feb 2012 im Topic 'Pentest'
DotDotPwn is a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module. It’s written in perl programming language and can be run either under *NIX or Windows platforms. Fuzzing modules supported in this version are – HTTP – HTTP URL – FTP – TFTP – Payload (Protocol independent) – STDOUT
Download
http://www.intrudefense.com.mx/dotdotpwn-v3.0.tar.gz
http://www.brainoverflow.org/code/dotdotpwn-v3.0.tar.gz
Sample usage:
HTTP:
perl ddpwn.pl -http website.com
FTP:
perl ddpwn.pl -ftp ftphost.com
Download
http://www.intrudefense.com.mx/dotdotpwn-v3.0.tar.gz
http://www.brainoverflow.org/code/dotdotpwn-v3.0.tar.gz
Sample usage:
HTTP:
perl ddpwn.pl -http website.com
FTP:
perl ddpwn.pl -ftp ftphost.com
... ältere Einträge
