Reaver is a WPA attack tool developed by Tactical Network Solutions that exploits a protocol design flaw in WiFi Protected Setup (WPS). This vulnerability exposes a side-channel attack against Wi-Fi Protected Access (WPA) versions 1 and 2 allowing the extraction of the Pre-Shared Key (PSK) used to secure the network. With a well-chosen PSK, the WPA and WPA2 security protocols are assumed to be secure by a majority of the 802.11 security community.

Download
http://code.google.com/p/reaver-wps/downloads/list

Usage is simple just specify the target BSSID and the monitor mode interface to use:

# reaver -i mon0 -b 00:01:02:03:04:05

Info
http://securityxploit.blogger.de/stories/1970771/

Bluelog is a simple Bluetooth scanner designed to tell you how many discoverable devices there are in an area as quickly as possible. It is written in C. That so eliminating compatibility issues in most platforms.

Download
ftp://ftp.digifail.com/downloads/software/bluelog/bluelog-1.0.0.tar.gz

Infections are shows on .com, .de, & .uk as the most affected regions.
If you want to find out if you have a problem just google for



by
Kumar

There is a newly discovered vulnerability in the WiFi Protected Setup standard that reduces the number of attempts it would take an attacker to brute-force the PIN for a wireless router's setup process. The flaw results in too much information about the PIN being returned to an attacker and makes the PIN quite weak, affecting the security of millions of WiFi routers and access points. Security researcher Stefan Viehbock discovered the vulnerability (PDF)

Download PDF
http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf

This utility scans the passwords stored by popular Windows applications (Microsoft Outlook, Internet Explorer, Mozilla Firefox, and more...)
Supported Applications

Internet Explorer 4.0 - 6.0
Internet Explorer 7.0 - 9.0
Mozilla Firefox (All Versions)
Dialup/VPN passwords of Windows
MSN/Windows Messenger
Microsoft Outlook
Windows Live Mail


Download
http://www.nirsoft.net/utils/password_security_scanner.html

CANAPE is a network testing tool for arbitrary protocols, but specifically designed for binary ones. It contains code to implement standard network proxies and provide the user the ability to capture and modify traffic to and from a server.The core can be extended through multiple .NET programming languages to parse protocols as required and implement custom proxies.Canape was released during Blackhat Europe 2012 where Context presented Canape with a worked example against Citrix ICA.

Download
http://www.contextis.co.uk/research/tools/canape/download/Canape%20Version%201.msi

Thanks for following SecurityXploit events along with us in 2011. We look forward to continuing to bring you the latest SecurityXploit security-related news and analysis in January 2012.

All the best to you and yours this holiday.

Yours sincerely
Xploit

7974 (Including 4203 in SQL Injection)
Generate google vulnerability queries with your site.
Find out if you are litsed in google with vulnerabilities.

Download
http://www.secpoint.com/freetools/google-hack-db-tool-1.5.zip

Chapter 1: Bug Hunting
Chapter 2: Back to the 90s
Chapter 3: Escape from the WWW Zone
Chapter 4: NULL Pointer FTW
Chapter 5: Browse and You’re Owned
Chapter 6: One Kernel to Rule Them All
Chapter 7: A Bug Older Than 4.4BSD
Chapter 8: The Ringtone Massacre
Appendix A: Hints for Hunting
Appendix B: Debugging
Appendix C: Mitigation of Exploitation

Title:A Bug Hunter’s Diary
Author: Tobias Klein
Publisher: No Starch Press
Pages: 208
Release Date: November 11, 2011

Visit
http://nostarch.com/bughunter.htm

Download Chapter 2: "Back to the 90s"
http://nostarch.com/download/bughunter_ch2.pdf

New attack and defense techniques
Vulnerability discovery
Small tactics and techniques; Big attacks and impact
Mobile hacking
Professional exploit development
Security and hacking events around the world
Technical book reviews
Security and hacking threats
Security tools
Expert interviews

Download PDF
http://news.thehackernews.com/THN-dec2011.pdf

RaptorVPN is the worlds only FREE VPN service.

Unlimited Bandwidth
- No Disconnect Times
- No Ads
- PPTP and OpenVPN
- Always FREE
Register Here:http://www.raptorvpn.com/api/form.php


Download
http://www.raptorvpn.com/whmcs/downloads.php

This is a video showing you howto effecitvely audit your website with aidsql



by
Lynxsec

This issue of CHMag is dedicated Mobile/Telecom Hacking and Security.

Download PDF
http://chmag.in/issue/dec2011.pdf

FindBugs is an open source program created by Bill Pugh and David Hovemeyer which looks for bugs in Java code.It uses static analysis to identify hundreds of different potential types of errors in Java programs.FindBugs operates on Java bytecode,rather than source code.The software is distributed as a stand-alone GUI application. There are also plug-ins available for Eclipse,Netbeans,IntelliJ IDEA,and Hudson.

Download
http://findbugs.sourceforge.net/index.html

Source by Astr0baby
http://pastebin.com/PDJdHbRz

Edit by Vanish3r
http://pastebin.com/7xmvGnks
In order to be able to compile the generated payload we must install the following packages ; Mingw32 gcc which you can install by :
root@bt:~# apt-get install mingw32-runtime mingw-w64 mingw gcc-mingw32 mingw32-binutils

After the installation we must move our shell-script - Vanish.sh - to default Metasploit folder (/pentest/exploits/framework) and execute it. Recommended Seed Number = 7000 and Number of Encode = 14 .