Since last release in October, Metasploit added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads.

Release Note
https://community.rapid7.com/docs/DOC-1701

Download
http://www.rapid7.com/downloads/metasploit.jsp

SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It currently consists of four tools:

svmap - this is a sip scanner. Lists SIP devices found on an IP range
svwar - identifies active extensions on a PBX
svcrack - an online password cracker for SIP PBX
svreport - manages sessions and exports reports to various formats
svcrash - attempts to stop unauthorized svwar and svcrack scans

Download
http://code.google.com/p/sipvicious/downloads/list

Hardanger is an open source web application penetration testing platform for Microsoft Windows operating systems.
Current Features

Native Windows feel via Windows Presentation Foundation
Can run as a Fiddler2 add-on or standalone
ClickOnce installer with automatic updates (standalone version)
Context tab allowing inspection of full HTTP requests
Server fuzzer tab to configure and launch the server fuzzer
Basic random fuzzer generates random strings of UTF8 characters of random lengths
Non HTTP 200 detection engine
Results window keeping track of successful detections
Ability to review requests/responses in the results details window

Download
http://hardanger.codeplex.com/releases/view/81426

The PacketFence development team has published version 3.2.0 of its open source network access control (NAC) system. PacketFence allows organisations to increase control over their network by enforcing authentication and registration for newly connected devices. It also enables abnormal network activity detection and the isolation of troublesome devices.

Download
http://www.packetfence.org/download/releases.html

Things you will need:

1. OllyDbg v1.10
2. Notepad.exe

Info
http://pastebin.com/n0fgJ1YL

by
Huxley

*How to Claim Your Share of The Multi-Billion Dollar AdSense Pie
*Ways to Build An Adsense Ready Website Without a Domain or Hosting
*Secrets to Tweaking and Optimizing your Ads for Maximum Revenue
*How to use Google's Custom Search engine to Catch Fickle Visitors
*Special Code to Influence Your Ads with Section Targeting and Keywords
*How to Understand your AdSense Stats, Channels and Split Testing


Download PDF
http://depositfiles.com/files/rq4xjhc37
http://www.filesonic.com/file/958307384/G00gle_adsen5.rar

by
Amarjit Singh

SecToolMarket currently supports the following features:

1- A clear and simple presentation of the 2011 benchmark of 60 web application scanners, with a "click to get anywhere" interface.
2- Product specific, Test specific and Vendor specific unified information.
3- Comparison tables for product information, general features, authentication features, input vector support (new!), coverage (new!), audit features and complimentary audit features (data reflects the results published in the *08/2011* benchmark).
4- Detailed comparison of SQL Injection and Reflected Cross Site Scripting detection accuracy (data reflects the results published in the *08/2011* benchmark).
5- Glossaries for many of the terms & features implemented in the various products.
6- Statistics for many of the benchmark's results (how many scanners support a certain feature, implement a certain vulnerability check, etc).
7- Built-in filters for comparing unified lists of products, commercial products or open source products.
8- Additional content that wasn't published in the 2011 benchmark.
9- Notifications on SVN activities and upcoming features.
10- A framework for presenting updated & new results more frequently.

Notice that the information that is currently presented in the website reflects information from august 2011, and that the two new benchmark categories (input vector support and coverage) still require modifications and updates, but according to the author, this information will be updated more often, and will enable us to track the research progress.

Info
http://www.sectoolmarket.com/

Jean-Pierre aka DarkCoderSc and Fred De Vries Develop and Release the second version of Another great security tool named "Mirage Anti-Bot 2.0". Zeus and SpyEye were the two main families of botnet software. These types of malware are spread mainly through drive-by downloads and phishing schemes.

Download
http://unremote.org/downloads/Mirage2/Setup.exe

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

Currently it supports the following modules:
* ftp_login : Brute-force FTP
* ssh_login : Brute-force SSH
* telnet_login : Brute-force Telnet
* smtp_login : Brute-force SMTP
* smtp_vrfy : Enumerate valid users using the SMTP VRFY command
* smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command
* http_fuzz : Brute-force HTTP/HTTPS
* pop_passd : Brute-force poppassd (not POP3)
* ldap_login : Brute-force LDAP
* smb_login : Brute-force SMB
* mssql_login : Brute-force MSSQL
* oracle_login : Brute-force Oracle
* mysql_login : Brute-force MySQL
* pgsql_login : Brute-force PostgreSQL
* vnc_login : Brute-force VNC
* dns_forward : Forward lookup subdomains
* dns_reverse : Reverse lookup subnets
* snmp_login : Brute-force SNMPv1/2 and SNMPv3
* unzip_pass : Brute-force the password of encrypted ZIP files
* keystore_pass : Brute-force the password of Java keystore files

Download
http://code.google.com/p/patator/downloads/list

This small tool is public and accessible to you for use however you please. It may help other auditors or penetration testers do their job faster, Here is a little demonstration. After downloading the script (in python), you simply type:

> python DPScan.py [website url]

Download
https://github.com/Rorchackh/Blue-Sky-Information-Security/blob/master/DPScan.py

At the core of the term "rootkit" are two words- "root" and "kit". Root refers to the all-powerful, "Administrator" account on Unix and Linux systems, and kit refers to a set of programs or utilities that allow someone to maintain root-level access to a computer. However, one other aspect of a rootkit, beyond maintaining root-level access, is that the presence of the rootkit should be undetectable.

Dowload BootRoot
http://www.eeye.com/Resources/Security-Center/Research/Tools/BootRoot

Download Jynx
http://www.blackhatacademy.org/security101/index.php?title=Jynx

Intersect 2.0 is a Python script written to perform automated Post-Exploitation information gathering and reporting.
The general idea is that after you have exploited a target, you run this script and it performs a variety of tasks
that you would normally need to perform manually. Intersect will collect password files, copy SSH keys, enumerate
processes and installed applications, gather detailed network information, map the hosts internal network (for pivoting),
locate and identify common anti-virus and firewall applications and much more.

Download
https://github.com/ohdae/Intersect-2.0/