Exploit :
Vulnn type : Blind SQL injection
vuln script : frm_cards_edit.php
Affected version : ALL
May use any botnet from : https://spyeyetracker.abuse.ch/monitor.php

Download
http://pastebin.com/F46U8zwK

by
S4(uR4

Worlds fastest md5crypt, phpass, mscash2 and WPA/WPA2 cracker

oclHashcat-plus faster than every other WPA cracker. The highly anticipated v0.06 of the Graphics Processing Unit accelerated password cracker tool oclHashcat-plus was released today. What makes it so special about this release is that it now has support for captured Wi-Fi Protected Access handshake cracking on top of all the other algorithms currently supported (MD5, MD5 Crypt, DES Crypt, NTLM, Domain Cached Credentials etc). It cracks WPA at an estimated rate of 0-300% faster than rivals, namely the python WPA cracker pyrit. It is coded in OpenCL so both NVIDIA and AMD devices are supported, however this improvement is more noticeable on AMD GPU devices as well as Multi-GPU system

Download
http://hashcat.net/oclhashcat-plus/

Project WAVSEP currently includes the following test cases:
Vulnerabilities:

Reflected XSS: 66 test cases, implemented in 64 jsp pages (GET & POST)
Error Based SQL Injection: 80 test cases, implemented in 76 jsp pages (GET & POST )
Blind SQL Injection: 46 test cases, implemented in 44 jsp pages (GET & POST )
Time Based SQL Injection: 10 test cases, implemented in 10 jsp pages (GET & POST )


False Positives:

7 different categories of false positive Reflected XSS vulnerabilities (GET & POST )
10 different categories of false positive SQL Injection vulnerabilities (GET & POST)


Download
http://code.google.com/p/wavsep/downloads/list

Leo Impact Launch World first Antivirus scanning software which protects your PC from viruses, trojans, spyware, rootkits and other malicious programs (zero day exploits) by using 32+ antivirus on cloud. Most of time you can install and use only 2 to 3 antivirus in one system, not more so virus author bypass top antivirus but Balajiplus is Free service by Leo impact Security for Corporate Social Responsibility to protect your digital life using multiple antivirus scanners on cloud. Collective Intelligence, Balaji Antivirus Plus proprietary cloud-scanning technology that automatically collects and processes millions of malware samples, lies at the core of Balaji Cloud Antivirus. In recent comparative tests conducted by both AV-Test.org and AV-Comparatives.org, Balaji Antivirus Security's detection and protection scores rank consistently amongst the top security solutions.

Download
http://balajiplus.com/

Google Dork: intitle:"webadmin.php"
Download: http://wacker-welt.de/webadmin/webadmin.php.gz

by
Caddy-Dz

http://pastebin.com/6YbK7STU

Even though touted as a Beginner's Guide, this book has something for everyone - from the kiddies to the Ninjas. You can purchase the book from:
Global: http://www.amazon.com/BackTrack-Wireless-Penetration-Testing-Beginners/dp/1849515581/
India: http://www.packtpub.com/backtrack-5-wireless-penetration-testing-beginners-guide/book

Sample Chapter can be downloaded here:
http://www.packtpub.com/sites/default/files/5580OS-Chapter-6-Attacking-the-Client_0.pdf

Download DVD
http://www.securitytube.net/downloads

The Security Onion LiveDVD is a bootable DVD that contains software used for installing, configuring, and testing Intrusion Detection Systems. It is based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, Xplico, nmap, metasploit, Armitage, scapy, hping, netcat, tcpreplay, and many other security tools.

Download
http://sourceforge.net/projects/security-onion/files/20110913/

Hook analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. The tool can hook to an API in a process and can do following tasks.

Download
http://www.multiupload.com/WA9AJVQQYS

You should always know where a link takes you before clicking on it. Services like TinyURL.com make that difficult. LongURL Mobile Expander uses the LongURL.org web services to let you know where shortened links *really* go.

Source
https://addons.mozilla.org/en-US/firefox/addon/longurl-mobile-expander/

Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files

Download
http://sourceforge.net/projects/rkhunter/

AddVictimFriends: Request to add some or all friends of Bob to increase the chance of Bob accepting any future requests, after he finds that you have common friends.
ProfileCloner: A list of all Bob’s friends is displayed, you choose one of them (we’ll call him Andy). FBPwn will change Mallory’s display picture, and basic info to match Andy’s. This will generate more chance that Bob accepts requests from Mallory as he thinks he is accepting from Andy. Eventually Bob will realize this is not Andy’s account, but probably it would be too late as all his info are already saved for offline checking by Mallory.
CheckFriendRequest: Check if mallory is already friend of Bob, then just end execution. If not, the module tries to add bob as as a friend and poll waiting for him to accept. The module will not stop executing until the friend request is accepted.
DumpFriends: Accessable friends of Bob is saved for offline viewing. The output of the module depends on other modues, if mallory is not a friend of Bob yet, the data might not be accessable and nothing will be dumped.
DumpImages: Accessable images (tagged and albums) are saved for offline viewing. Same limitations of dump friends applies.
DumpInfo: Accessable basic info are saved for offline viewing. Same limitations of dump friends applies.


Download
http://code.google.com/p/fbpwn/downloads/list

http://www.adobe.com/cfusion/tdrc/modal/download_suite.cfm?product=XSS

http://www.adobe.com/cfusion/tdrc/modal/signin.cfm?product=XSS

http://www.adobe.com/cfusion/type/search.cfm?category_type=All&term=XSS

http://groups.adobe.com/index.cfm?event=people.login&redirect=XSS

https://tv.adobe.com/login/login?redirect=XSS

http://www.adobe.com/products/creativesuite/mastercollection/buying-guide.html/XSS

by
Josh

safego is a bitdefender product as most of are aware of bitdefenter anti virus capabilities. As per many serves the most popular social networking sites are Facebook and twitter.

Source
http://safego.bitdefender.com/

“OSSIM stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools which, when working together, grant network/security administrators with a detailed view over each and every aspect of his or her networks, hosts, physical access devices, server, etc.

Besides getting the most out of well known open source tools, some of which are briefly described below, OSSIM provides a strong correlation engine, detailed low, medium and high level visualization interfaces, and reporting and incident management tools, based on a set of defined assets such as hosts, networks, groups and services.

All of this information can be restricted by network or sensor in order to provide only the required information to specific users; allowing for a fine grained multi–user security environment. Finally, the ability to perform as an IPS (Intrusion Prevention System), using correlated information from virtually any source, will be a useful addition to any security professional’s arsenal.“

Download
http://data.alienvault.com/alienvault_open_source_siem_3.0_64bits.iso

PasteLert is a simple system to search pastebin.com and set up alerts (like google alerts) for pastebin.com entries. This means you will automatically recieve email whenever your term(s) is/are found in new pastebin entries!

PasteLert at:
http://www.andrewmohawk.com/pasteLert/index.php

Features

Crawl website
Detect forms and URLs with parameters
Fill in forms, alter parameters to include control characters
Scan web server response for our input

Download
http://www.sven.de/xsss/xsss-0.40b.tar.gz

Google Dork:

- intitle: Ajex.FileManager
- inurl: /plugins/editors/AjexFileManager/
*Think it again

Exploit:
- http://[localhost]/patch/plugins/editors/ajexfilemanager/index.html

Live Target:
- http://fiesta-kurkino.ru/scripts/AjexFileManager/
- http://demphest.ru/demo/AjexFileManager/AjexFileManager/index.html

by
Setelah Membaca, Ayo Berbagi

OWADE is in alpha version and is only available by checking out the code directly as we update it very frequently. Note that the current version has only been tested on ubuntu 10.10 against Windows XP drives. When we reach a stable version we will release a tgz.

Download
https://bitbucket.org/Elie/owade/downloads

Digital forensics deals with the analysis of artifacts on all types of digital devices. One of the most prevalent analysis techniques performed is that of the registry hives contained in Microsoft Windows operating systems. Registry Decoder was developed with the purpose of providing a single tool for the acquisition, analysis, and reporting of registry contents.

Download
http://code.google.com/p/registrydecoder/downloads/list

Download
http://www.4shared.com/file/0Q2SpWG4/DDos_Tracer.html