Source
http://pastebin.com/GYNVsR1W

by
The Snake

A Comparison of 60 Commercial & Open Source Black Box Web Application Vulnerability Scanners.

By Shay Chen
Security Consultant, Researcher & Instructor
http://sectooladdict.blogspot.com/
sectooladdict-$at$-gmail-$dot$-com
August 2011
Assessment Environments: WAVSEP 1.0 / WAVSEP 1.0.3 (http://code.google.com/p/wavsep/)

As per Google search results, looks like 160,000 site have been compromised recently (Spyeye & Black hole Exploit kit)

Dork:
exero.eu/catalog/jquery.js

Web security testing tool and passive vulnerability scanner

Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.

Download
http://websecuritytool.codeplex.com/releases/view/22212

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ).HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets.

Download
http://code.google.com/p/hexorbase/downloads/list

"It's been a long road to 4.0. The first 3.0 release was almost 5 years ago and the first release under the Rapid7 banner was almost 2 years ago. Since then, Metasploit has really spread its wings. When 3.0 was released, it was under a EULA-like license with specific restrictions against using it in commercial products. Over time, the reasons for that decision became less important and the need for more flexibility came to the fore; in 2008, we released Metasploit 3.2 under a 3-clause BSD license. Licensing is definitely not the only place Metasploit's fexibility has increased. Over the last 5 years, we've added support for myriad exploitation techniques, network protocols, automation capabilities, and even user interfaces. The venerable msfweb is gone along with the old gtk-based msfgui. Taking their place are the newer java-based msfgui and armitage, both of which have improved by leaps and bounds since their respective introductions."

Download

http://updates.metasploit.com/data/releases/framework-4.0.0-windows-mini.exe

http://updates.metasploit.com/data/releases/framework-4.0.0-windows-full.exe

http://updates.metasploit.com/data/releases/framework-4.0.0-linux-mini.run

http://updates.metasploit.com/data/releases/framework-4.0.0-linux-full.run

http://updates.metasploit.com/data/releases/framework-4.0.0.tar.bz2

Metasploit 4.0 And Armitage - What's New?

Source
http://pastebin.com/MFc4SY3S

download complete everything @
http://www.megaupload.com/?d=QKMY6HRW
UPDATE: GITHUB REPO AVAILABLE NOW! https://github.com/opendeveloper/anonware (^)_(^)

LAS VEGAS — The 2011 Black Hat security conference is promising a smorgasbord of (in)security fun. From vulnerabilities in PLCs (programmable logic controllers) to the security design of Apple’s iOS and potential hacker attacks on medical implant devices, the range of presentations this year could be the best ever.

Here’s a list of this year’s can’t-miss presentations:
http://www.zdnet.com/blog/security/black-hat-10-cant-miss-hacks-and-presentations/9132