Thursday, 28. July 2011
Firewall Builder - Linux
Firewall Builder is a GUI firewall management application for iptables, PF, Cisco ASA/PIX/FWSM, Cisco router ACL and more. Firewall configuration data is stored in a central file that can scale to hundreds of firewalls managed from a single UI.

Download
http://sourceforge.net/projects/fwbuilder/files/

Permalink

 


ArpON inspectiON - Linux
Features of Arpon:

It detects and blocks Man In The Middle through ARP Spoofing/Poisoning attacks in statically, dinamically (DHCP), hybrid configured networks
It detects and blocks derived attacks: DHCP Spoofing, DNS Spoofing WEB Spoofing, Session Hijacking, SSL/TLS Hijacking & co
It detects and blocks unidirectional, bidirectional and distributed attacks
Doesn’t affect the communication efficiency of ARP protocol
Doesn’t affect the race response time from attacks
Multithreading on all OS supported
It manages the network interface into unplug, boot, hibernation and suspension OS features
It works in userspace for OS portability reasons
Easily configurable via command line switches, provided that you have root permissions
Tested against Ettercap, Cain & Abel, dsniff and other tools

Download
http://sourceforge.net/projects/arpon/files/

Permalink

 


Lightweight Portable - Linux
Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac).
To get started, download the LPS-Public ISO image and burn it to a CD. Read the Quick Start Guide for more information.

http://spi.dod.mil/docs/LPS-1.2.2_public.iso
http://spi.dod.mil/docs/lps_quick_start.pdf

Permalink

 


FileHippo - Iframe Injection
Popular Freeware Software download website "FileHippo" is Vulnerable to Iframe Injection.

Vulnerable Link
http://www.filehippo.com/search?q=%22%3E%3Ciframe%20src=http://www.google.com%20height=500%20width=500%3E

by n3t phir3

Permalink

 


Reverse LFI/RFI/SQLI Scanner - Online
It auto scans for all the domains in reverse and try to find the LFI/RFI/SQLI in the domain and reports back

LFI
http://scan.subhashdasyam.com/lfi-scanner.php

RFI
http://scan.subhashdasyam.com/rfi-scanner.php

SQLI
http://scan.subhashdasyam.com/sqli-scanner.php

by
Subhash Dasyam

Permalink

 


LulzSec Member Topiary arrested
Police arrest 18-year-old man in Shetland Islands who is alleged to be involved in hacker attacks on law enforcement agencies.Officers from the Metropolitan Police Service's Police Central e-Crime Unit (PCeU) arrested the man as part of an international investigation into the activities of the Anonymous and LulzSec hacktivist groups.The man, who was arrested at a residential address in Shetland, is said to have used the online nickname "Topiary"

The arrest of Topiary is the third made in the UK in the search for members of the group, following that of Ryan Cleary​, in Essex, in June, and the arrest and release in London last week of a 16-year-old known online as Tflow.

Permalink

 


Apache Log Extractor - tool
Apache Log Extractor is a quick script to export URL information from Apache access logs. The thought behind this script was to provide a list of known URL’s on a remote server by analysing the logs. This list could then be used as the input for further testing tools e.g Burp Suite – Intruder . The script accepts an Apache access file as the input and creates an output file containing one URL per line. The list is unique and should only contain the URL without parameters (incomplete directory names are not extracted). It also takes these URLs and creates a wordlist output of all valid directoy names for use with brute-forcing tools. This fingerprinting tool can reduse the realm of password cracking.

Download
https://sites.google.com/a/c22.cc/storage/poc_scripts/apache_log_extractor.py?attredirects=0&d=1

Permalink

 


Beginner SQL tutorial
#1.Finding vulnerable sites
#2.Finding amount of columns
#3.Getting mysql version current user
#4.Getting Databases
#5.Getting Tables
#6.Getting Columns
#7.Getting Usernames and Passwords

Source
http://pastebin.com/bQBnkmXY

Permalink

 


yara-project
YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic.

Download
http://code.google.com/p/yara-project/downloads/list

Info
Extracting EXE Drop Malware
http://blogs.cisco.com/security/extracting-exe-drop-malware/

Permalink

 


html Redirection - Java - incl. Encoder
Source
http://pastebin.com/kngbjqQv

Permalink