Saturday, 27. August 2011
update: INSECT Pro 2.7
This is a partial list of the major changes implented in version 2.7

- Available targets now has a submenu under right-click button
- Check update function added in order to verify current version
- Threading support for GET request
- Module log added and functional
- Sniffer support added
- 50 Remote exploits added
- Project saved on userland - Application Data special folder
- Executed module windows added and functionality for it
- AgentConnect now use telnetlib

Download
http://www.insecurityresearch.com

Permalink

 


Friday, 26. August 2011
SSL Server Testing - Online
This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet. Please note that the information you submit here is used only to provide you the service. We don't use the domain names or the test results, and we never will.

Source
https://www.ssllabs.com/ssldb/analyze.html

Permalink

 


Wednesday, 24. August 2011
Uniscan vulnerability scanner - Linux
The Uniscan vulnerability scanner is aimed at information security, which aims at finding vulnerabilities in Web systems. The Uniscan was developed using the Perl programming language to be easier to work with text, has an easy to use regular expressions and is also multi-threaded.

It is dedicated for web application security find vulnerabilities before other do. Can easliy find known vulnerabilities gets regularly updated and bugs and news features are added on regular intervals.

Tutorials to create plug-ins:
http://www.uniscan.com.br/tutorial1.php
http://www.uniscan.com.br/tutorial2.php
http://www.uniscan.com.br/tutorial3.php


Download
http://www.uniscan.com.br/download.html

Permalink

 


INSECT Pro 2.6.1
INSECT can help to build a strong security posture that is easy to use so both professional penetration testers and less experienced security pros will have all the tools they need to reduce costs, proactively find vulnerabilities, assess risk, and check the effectiveness of security defenses.

The latest version includes more than 100 native exploits, 300 metasploit modules and web vulnerability scanner.

Download
http://www.insecurityresearch.com/files/download

Permalink

 


Tuesday, 23. August 2011
Uniscan 4.0 vulnerability scanner
Uniscan Features

Identification of system pages through a Web Crawler.
Use of threads in the crawler.
Control the maximum number of requests the crawler.
Control of variation of system pages identified by Web Crawler.
Control of file extensions that are ignored.
Test of pages found via the GET method.
Test the forms found via the POST method.
Support for SSL requests (HTTPS).
Proxy support.

Download
http://sourceforge.net/projects/uniscan/files/4.0/uniscan.tar/download

Permalink

 


update: OWASP Zed Attack Proxy v.1.3.2 Released
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.

Download
http://code.google.com/p/zaproxy/downloads/list

Permalink

 


Friday, 19. August 2011
BackTrack 5 R1 Released
This release contains over 120 bug fixes, 30 new tools and 70 tool updates.
The kernel was updated to 2.6.39.4 and includes the relevant injection patches.

Download
http://www.backtrack-linux.org/downloads/

For the first few days there will be torrent downloads only.
HTTP downloads will be available from Aug 20th.

Permalink

 


Thursday, 18. August 2011
RAFT - Linux
RAFT is a testing tool for the identification of vulnerabilities in web applications. It is a suite of tools that utilize common shared elements to make testing and analysis easier. It uses markup by means of a built-in WebKit based web browser to create templates for fuzz testing.

Download
RAFT 2011.7.14-alpha
svn checkout http://raft.googlecode.com/svn/trunk/ raft-read-only

Permalink

 


Wednesday, 17. August 2011
LDAP & XPATH
Blind LDAP Injection Exploitation Tool
Sample application showing practical approach how to exploit Blind LDAP Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only.

Download:
http://code.google.com/p/ldap-blind-explorer/downloads/list

Blind XPath Injection Exploitation Tool
Sample application showing practical approach how to exploit Blind XPath Injection flaw. The tool is intended to be used by IT security researchers and pentesters for educational purposes only.

Download:
http://code.google.com/p/xpath-blind-explorer/downloads/list

Permalink

 


Monday, 15. August 2011
Matriux Krypton
With Matriux, you can turn any system into a powerful penetration testing toolkit, without having to install any software into your hardisk. Matriux is designed to run from a Live environment like a CD / DVD or USB stick or it can easily be installed to your hard disk in a few steps. Matriux also includes a set of computer forensics and data recovery tools that can be used for forensic analysis and investigations and data retrieval.

Download
http://www.matriux.com/index.php?page=download

Permalink