... neuere Einträge
Wednesday, 10. August 2011
5 SQLi Scanners - Online
Am Wednesday, 10. Aug 2011 im Topic 'Pentest'
http://www.be007.gigfa.com/scanner/scanner.php
http://www.sunmagazin.com/tools/hack/SQLI-Scan
http://scanner.drie88.tk
http://localvn.biz/Tools/tools/Hack-Shop/SQLI-Scan
http://wolfscps.com/gscanner.php
http://www.sunmagazin.com/tools/hack/SQLI-Scan
http://scanner.drie88.tk
http://localvn.biz/Tools/tools/Hack-Shop/SQLI-Scan
http://wolfscps.com/gscanner.php
Thursday, 4. August 2011
The Social-Engineer Toolkit
Am Thursday, 4. Aug 2011 im Topic 'Pentest'
The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.
Download
http://www.secmaniac.com/download/
Download
http://www.secmaniac.com/download/
The Social-Engineer Toolkit v3.0 Codename "#WeThrowBaseballs" from David Kennedy on Vimeo.
Tuesday, 2. August 2011
Web Application Scanners
Am Tuesday, 2. Aug 2011 im Topic 'Pentest'
A Comparison of 60 Commercial & Open Source Black Box Web Application Vulnerability Scanners.
By Shay Chen
Security Consultant, Researcher & Instructor
http://sectooladdict.blogspot.com/
sectooladdict-$at$-gmail-$dot$-com
August 2011
Assessment Environments: WAVSEP 1.0 / WAVSEP 1.0.3 (http://code.google.com/p/wavsep/)
By Shay Chen
Security Consultant, Researcher & Instructor
http://sectooladdict.blogspot.com/
sectooladdict-$at$-gmail-$dot$-com
August 2011
Assessment Environments: WAVSEP 1.0 / WAVSEP 1.0.3 (http://code.google.com/p/wavsep/)
Released Watcher v.1.5.3
Am Tuesday, 2. Aug 2011 im Topic 'Pentest'
Web security testing tool and passive vulnerability scanner
Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.
Download
http://websecuritytool.codeplex.com/releases/view/22212
Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.
Download
http://websecuritytool.codeplex.com/releases/view/22212
HexorBase v.1.0
Am Tuesday, 2. Aug 2011 im Topic 'Pentest'
HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ).HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets.
Download
http://code.google.com/p/hexorbase/downloads/list
Download
http://code.google.com/p/hexorbase/downloads/list
Metasploit 4.0
Am Tuesday, 2. Aug 2011 im Topic 'Pentest'
"It's been a long road to 4.0. The first 3.0 release was almost 5 years ago and the first release under the Rapid7 banner was almost 2 years ago. Since then, Metasploit has really spread its wings. When 3.0 was released, it was under a EULA-like license with specific restrictions against using it in commercial products. Over time, the reasons for that decision became less important and the need for more flexibility came to the fore; in 2008, we released Metasploit 3.2 under a 3-clause BSD license. Licensing is definitely not the only place Metasploit's fexibility has increased. Over the last 5 years, we've added support for myriad exploitation techniques, network protocols, automation capabilities, and even user interfaces. The venerable msfweb is gone along with the old gtk-based msfgui. Taking their place are the newer java-based msfgui and armitage, both of which have improved by leaps and bounds since their respective introductions."
Download
http://updates.metasploit.com/data/releases/framework-4.0.0-windows-mini.exe
http://updates.metasploit.com/data/releases/framework-4.0.0-windows-full.exe
http://updates.metasploit.com/data/releases/framework-4.0.0-linux-mini.run
http://updates.metasploit.com/data/releases/framework-4.0.0-linux-full.run
http://updates.metasploit.com/data/releases/framework-4.0.0.tar.bz2
Metasploit 4.0 And Armitage - What's New?
Download
http://updates.metasploit.com/data/releases/framework-4.0.0-windows-mini.exe
http://updates.metasploit.com/data/releases/framework-4.0.0-windows-full.exe
http://updates.metasploit.com/data/releases/framework-4.0.0-linux-mini.run
http://updates.metasploit.com/data/releases/framework-4.0.0-linux-full.run
http://updates.metasploit.com/data/releases/framework-4.0.0.tar.bz2
Metasploit 4.0 And Armitage - What's New?
Thursday, 28. July 2011
Lightweight Portable - Linux
Am Thursday, 28. Jul 2011 im Topic 'Pentest'
Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac).
To get started, download the LPS-Public ISO image and burn it to a CD. Read the Quick Start Guide for more information.
http://spi.dod.mil/docs/LPS-1.2.2_public.iso
http://spi.dod.mil/docs/lps_quick_start.pdf
To get started, download the LPS-Public ISO image and burn it to a CD. Read the Quick Start Guide for more information.
http://spi.dod.mil/docs/LPS-1.2.2_public.iso
http://spi.dod.mil/docs/lps_quick_start.pdf
Reverse LFI/RFI/SQLI Scanner - Online
Am Thursday, 28. Jul 2011 im Topic 'Pentest'
It auto scans for all the domains in reverse and try to find the LFI/RFI/SQLI in the domain and reports back
LFI
http://scan.subhashdasyam.com/lfi-scanner.php
RFI
http://scan.subhashdasyam.com/rfi-scanner.php
SQLI
http://scan.subhashdasyam.com/sqli-scanner.php
by
Subhash Dasyam
LFI
http://scan.subhashdasyam.com/lfi-scanner.php
RFI
http://scan.subhashdasyam.com/rfi-scanner.php
SQLI
http://scan.subhashdasyam.com/sqli-scanner.php
by
Subhash Dasyam
Wednesday, 27. July 2011
Miasm
Am Wednesday, 27. Jul 2011 im Topic 'Pentest'
Miasm is a a free and open source (GPLv2) reverse engineering framework. Miasm aims at analyzing/modifying/generating binary programs.
Download
http://code.google.com/p/smiasm/
Download
http://code.google.com/p/smiasm/
Monday, 25. July 2011
Clickjacking Defense - Declarative Sec Detector
Am Monday, 25. Jul 2011 im Topic 'Pentest'
The X-FRAME-OPTIONS sets a restriction on the framing of a web page for a particular domain. It uses the value DENY and SAMEORIGIN for rendering the contents into a child frame.It is possible to stop the rendering completely in a child frame using DENY as a parameter. The SAMEORIGIN parameter declares that the content can only come
from the parent site and that no third party content rendering is allowed.This addon scans all the HTTP response headers that accompany with the web page and raises a notification in the status bar showing whether the declarative security for Clickjacking is applied on the respective domain or not.
Download - Firefox Addon
https://addons.mozilla.org/en-US/firefox/addon/clickjacking-defense-declar/
from the parent site and that no third party content rendering is allowed.This addon scans all the HTTP response headers that accompany with the web page and raises a notification in the status bar showing whether the declarative security for Clickjacking is applied on the respective domain or not.
Download - Firefox Addon
https://addons.mozilla.org/en-US/firefox/addon/clickjacking-defense-declar/
... ältere Einträge