... neuere Einträge
Thursday, 28. July 2011
Firewall Builder - Linux
Am Thursday, 28. Jul 2011 im Topic 'Web Security'
Firewall Builder is a GUI firewall management application for iptables, PF, Cisco ASA/PIX/FWSM, Cisco router ACL and more. Firewall configuration data is stored in a central file that can scale to hundreds of firewalls managed from a single UI.
Download
http://sourceforge.net/projects/fwbuilder/files/
Download
http://sourceforge.net/projects/fwbuilder/files/
ArpON inspectiON - Linux
Am Thursday, 28. Jul 2011 im Topic 'Web Security'
Features of Arpon:
It detects and blocks Man In The Middle through ARP Spoofing/Poisoning attacks in statically, dinamically (DHCP), hybrid configured networks
It detects and blocks derived attacks: DHCP Spoofing, DNS Spoofing WEB Spoofing, Session Hijacking, SSL/TLS Hijacking & co
It detects and blocks unidirectional, bidirectional and distributed attacks
Doesn’t affect the communication efficiency of ARP protocol
Doesn’t affect the race response time from attacks
Multithreading on all OS supported
It manages the network interface into unplug, boot, hibernation and suspension OS features
It works in userspace for OS portability reasons
Easily configurable via command line switches, provided that you have root permissions
Tested against Ettercap, Cain & Abel, dsniff and other tools
Download
http://sourceforge.net/projects/arpon/files/
It detects and blocks Man In The Middle through ARP Spoofing/Poisoning attacks in statically, dinamically (DHCP), hybrid configured networks
It detects and blocks derived attacks: DHCP Spoofing, DNS Spoofing WEB Spoofing, Session Hijacking, SSL/TLS Hijacking & co
It detects and blocks unidirectional, bidirectional and distributed attacks
Doesn’t affect the communication efficiency of ARP protocol
Doesn’t affect the race response time from attacks
Multithreading on all OS supported
It manages the network interface into unplug, boot, hibernation and suspension OS features
It works in userspace for OS portability reasons
Easily configurable via command line switches, provided that you have root permissions
Tested against Ettercap, Cain & Abel, dsniff and other tools
Download
http://sourceforge.net/projects/arpon/files/
Lightweight Portable - Linux
Am Thursday, 28. Jul 2011 im Topic 'Pentest'
Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac).
To get started, download the LPS-Public ISO image and burn it to a CD. Read the Quick Start Guide for more information.
http://spi.dod.mil/docs/LPS-1.2.2_public.iso
http://spi.dod.mil/docs/lps_quick_start.pdf
To get started, download the LPS-Public ISO image and burn it to a CD. Read the Quick Start Guide for more information.
http://spi.dod.mil/docs/LPS-1.2.2_public.iso
http://spi.dod.mil/docs/lps_quick_start.pdf
FileHippo - Iframe Injection
Am Thursday, 28. Jul 2011 im Topic 'Vulnerabilities'
Popular Freeware Software download website "FileHippo" is Vulnerable to Iframe Injection.
Vulnerable Link
http://www.filehippo.com/search?q=%22%3E%3Ciframe%20src=http://www.google.com%20height=500%20width=500%3E
by n3t phir3
Vulnerable Link
http://www.filehippo.com/search?q=%22%3E%3Ciframe%20src=http://www.google.com%20height=500%20width=500%3E
by n3t phir3
Reverse LFI/RFI/SQLI Scanner - Online
Am Thursday, 28. Jul 2011 im Topic 'Pentest'
It auto scans for all the domains in reverse and try to find the LFI/RFI/SQLI in the domain and reports back
LFI
http://scan.subhashdasyam.com/lfi-scanner.php
RFI
http://scan.subhashdasyam.com/rfi-scanner.php
SQLI
http://scan.subhashdasyam.com/sqli-scanner.php
by
Subhash Dasyam
LFI
http://scan.subhashdasyam.com/lfi-scanner.php
RFI
http://scan.subhashdasyam.com/rfi-scanner.php
SQLI
http://scan.subhashdasyam.com/sqli-scanner.php
by
Subhash Dasyam
LulzSec Member Topiary arrested
Am Thursday, 28. Jul 2011 im Topic 'News'
Police arrest 18-year-old man in Shetland Islands who is alleged to be involved in hacker attacks on law enforcement agencies.Officers from the Metropolitan Police Service's Police Central e-Crime Unit (PCeU) arrested the man as part of an international investigation into the activities of the Anonymous and LulzSec hacktivist groups.The man, who was arrested at a residential address in Shetland, is said to have used the online nickname "Topiary"
The arrest of Topiary is the third made in the UK in the search for members of the group, following that of Ryan Cleary, in Essex, in June, and the arrest and release in London last week of a 16-year-old known online as Tflow.
The arrest of Topiary is the third made in the UK in the search for members of the group, following that of Ryan Cleary, in Essex, in June, and the arrest and release in London last week of a 16-year-old known online as Tflow.
Apache Log Extractor - tool
Am Thursday, 28. Jul 2011 im Topic 'Tools'
Apache Log Extractor is a quick script to export URL information from Apache access logs. The thought behind this script was to provide a list of known URL’s on a remote server by analysing the logs. This list could then be used as the input for further testing tools e.g Burp Suite – Intruder . The script accepts an Apache access file as the input and creates an output file containing one URL per line. The list is unique and should only contain the URL without parameters (incomplete directory names are not extracted). It also takes these URLs and creates a wordlist output of all valid directoy names for use with brute-forcing tools. This fingerprinting tool can reduse the realm of password cracking.
Download
https://sites.google.com/a/c22.cc/storage/poc_scripts/apache_log_extractor.py?attredirects=0&d=1
Download
https://sites.google.com/a/c22.cc/storage/poc_scripts/apache_log_extractor.py?attredirects=0&d=1
Beginner SQL tutorial
Am Thursday, 28. Jul 2011 im Topic 'Tutorials'
#1.Finding vulnerable sites
#2.Finding amount of columns
#3.Getting mysql version current user
#4.Getting Databases
#5.Getting Tables
#6.Getting Columns
#7.Getting Usernames and Passwords
Source
http://pastebin.com/bQBnkmXY
#2.Finding amount of columns
#3.Getting mysql version current user
#4.Getting Databases
#5.Getting Tables
#6.Getting Columns
#7.Getting Usernames and Passwords
Source
http://pastebin.com/bQBnkmXY
yara-project
Am Thursday, 28. Jul 2011 im Topic 'Malware Search'
YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic.
Download
http://code.google.com/p/yara-project/downloads/list
Info
Extracting EXE Drop Malware
http://blogs.cisco.com/security/extracting-exe-drop-malware/
Download
http://code.google.com/p/yara-project/downloads/list
Info
Extracting EXE Drop Malware
http://blogs.cisco.com/security/extracting-exe-drop-malware/
html Redirection - Java - incl. Encoder
Am Thursday, 28. Jul 2011 im Topic 'Source Code'
Source
http://pastebin.com/kngbjqQv
http://pastebin.com/kngbjqQv
... ältere Einträge