... neuere Einträge
Saturday, 27. August 2011
update: INSECT Pro 2.7
Am Saturday, 27. Aug 2011 im Topic 'Pentest'
This is a partial list of the major changes implented in version 2.7
- Available targets now has a submenu under right-click button
- Check update function added in order to verify current version
- Threading support for GET request
- Module log added and functional
- Sniffer support added
- 50 Remote exploits added
- Project saved on userland - Application Data special folder
- Executed module windows added and functionality for it
- AgentConnect now use telnetlib
Download
http://www.insecurityresearch.com
- Available targets now has a submenu under right-click button
- Check update function added in order to verify current version
- Threading support for GET request
- Module log added and functional
- Sniffer support added
- 50 Remote exploits added
- Project saved on userland - Application Data special folder
- Executed module windows added and functionality for it
- AgentConnect now use telnetlib
Download
http://www.insecurityresearch.com
Friday, 26. August 2011
SSL Server Testing - Online
Am Friday, 26. Aug 2011 im Topic 'Pentest'
This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet. Please note that the information you submit here is used only to provide you the service. We don't use the domain names or the test results, and we never will.
Source
https://www.ssllabs.com/ssldb/analyze.html
Source
https://www.ssllabs.com/ssldb/analyze.html
Wednesday, 24. August 2011
Uniscan vulnerability scanner - Linux
Am Wednesday, 24. Aug 2011 im Topic 'Pentest'
The Uniscan vulnerability scanner is aimed at information security, which aims at finding vulnerabilities in Web systems. The Uniscan was developed using the Perl programming language to be easier to work with text, has an easy to use regular expressions and is also multi-threaded.
It is dedicated for web application security find vulnerabilities before other do. Can easliy find known vulnerabilities gets regularly updated and bugs and news features are added on regular intervals.
Tutorials to create plug-ins:
http://www.uniscan.com.br/tutorial1.php
http://www.uniscan.com.br/tutorial2.php
http://www.uniscan.com.br/tutorial3.php
Download
http://www.uniscan.com.br/download.html
It is dedicated for web application security find vulnerabilities before other do. Can easliy find known vulnerabilities gets regularly updated and bugs and news features are added on regular intervals.
Tutorials to create plug-ins:
http://www.uniscan.com.br/tutorial1.php
http://www.uniscan.com.br/tutorial2.php
http://www.uniscan.com.br/tutorial3.php
Download
http://www.uniscan.com.br/download.html
INSECT Pro 2.6.1
Am Wednesday, 24. Aug 2011 im Topic 'Pentest'
INSECT can help to build a strong security posture that is easy to use so both professional penetration testers and less experienced security pros will have all the tools they need to reduce costs, proactively find vulnerabilities, assess risk, and check the effectiveness of security defenses.
The latest version includes more than 100 native exploits, 300 metasploit modules and web vulnerability scanner.
Download
http://www.insecurityresearch.com/files/download
The latest version includes more than 100 native exploits, 300 metasploit modules and web vulnerability scanner.
Download
http://www.insecurityresearch.com/files/download
Tuesday, 23. August 2011
Uniscan 4.0 vulnerability scanner
Am Tuesday, 23. Aug 2011 im Topic 'Pentest'
Uniscan Features
Identification of system pages through a Web Crawler.
Use of threads in the crawler.
Control the maximum number of requests the crawler.
Control of variation of system pages identified by Web Crawler.
Control of file extensions that are ignored.
Test of pages found via the GET method.
Test the forms found via the POST method.
Support for SSL requests (HTTPS).
Proxy support.
Download
http://sourceforge.net/projects/uniscan/files/4.0/uniscan.tar/download
Identification of system pages through a Web Crawler.
Use of threads in the crawler.
Control the maximum number of requests the crawler.
Control of variation of system pages identified by Web Crawler.
Control of file extensions that are ignored.
Test of pages found via the GET method.
Test the forms found via the POST method.
Support for SSL requests (HTTPS).
Proxy support.
Download
http://sourceforge.net/projects/uniscan/files/4.0/uniscan.tar/download
update: OWASP Zed Attack Proxy v.1.3.2 Released
Am Tuesday, 23. Aug 2011 im Topic 'Pentest'
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
Download
http://code.google.com/p/zaproxy/downloads/list
Download
http://code.google.com/p/zaproxy/downloads/list
Friday, 19. August 2011
BackTrack 5 R1 Released
Am Friday, 19. Aug 2011 im Topic 'Pentest'
This release contains over 120 bug fixes, 30 new tools and 70 tool updates.
The kernel was updated to 2.6.39.4 and includes the relevant injection patches.
Download
http://www.backtrack-linux.org/downloads/
For the first few days there will be torrent downloads only.
HTTP downloads will be available from Aug 20th.
The kernel was updated to 2.6.39.4 and includes the relevant injection patches.
Download
http://www.backtrack-linux.org/downloads/
For the first few days there will be torrent downloads only.
HTTP downloads will be available from Aug 20th.
Thursday, 18. August 2011
RAFT - Linux
Am Thursday, 18. Aug 2011 im Topic 'Pentest'
RAFT is a testing tool for the identification of vulnerabilities in web applications. It is a suite of tools that utilize common shared elements to make testing and analysis easier. It uses markup by means of a built-in WebKit based web browser to create templates for fuzz testing.
Download
RAFT 2011.7.14-alpha
svn checkout http://raft.googlecode.com/svn/trunk/ raft-read-only
Download
RAFT 2011.7.14-alpha
svn checkout http://raft.googlecode.com/svn/trunk/ raft-read-only
Wednesday, 17. August 2011
LDAP & XPATH
Am Wednesday, 17. Aug 2011 im Topic 'Pentest'
Blind LDAP Injection Exploitation Tool
Sample application showing practical approach how to exploit Blind LDAP Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only.
Download:
http://code.google.com/p/ldap-blind-explorer/downloads/list
Blind XPath Injection Exploitation Tool
Sample application showing practical approach how to exploit Blind XPath Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only.
Download:
http://code.google.com/p/xpath-blind-explorer/downloads/list
Sample application showing practical approach how to exploit Blind LDAP Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only.
Download:
http://code.google.com/p/ldap-blind-explorer/downloads/list
Blind XPath Injection Exploitation Tool
Sample application showing practical approach how to exploit Blind XPath Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only.
Download:
http://code.google.com/p/xpath-blind-explorer/downloads/list
Monday, 15. August 2011
Matriux Krypton
Am Monday, 15. Aug 2011 im Topic 'Pentest'
With Matriux, you can turn any system into a powerful penetration testing toolkit, without having to install any software into your hardisk. Matriux is designed to run from a Live environment like a CD / DVD or USB stick or it can easily be installed to your hard disk in a few steps. Matriux also includes a set of computer forensics and data recovery tools that can be used for forensic analysis and investigations and data retrieval.
Download
http://www.matriux.com/index.php?page=download
Download
http://www.matriux.com/index.php?page=download
... ältere Einträge