Wednesday, 10. August 2011
5 SQLi Scanners - Online
http://www.be007.gigfa.com/scanner/scanner.php
http://www.sunmagazin.com/tools/hack/SQLI-Scan
http://scanner.drie88.tk
http://localvn.biz/Tools/tools/Hack-Shop/SQLI-Scan
http://wolfscps.com/gscanner.php

Permalink

 


Thursday, 4. August 2011
The Social-Engineer Toolkit
The Social Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed.

Download
http://www.secmaniac.com/download/


The Social-Engineer Toolkit v3.0 Codename "#WeThrowBaseballs" from David Kennedy on Vimeo.

Permalink

 


Tuesday, 2. August 2011
Web Application Scanners
A Comparison of 60 Commercial & Open Source Black Box Web Application Vulnerability Scanners.

By Shay Chen
Security Consultant, Researcher & Instructor
http://sectooladdict.blogspot.com/
sectooladdict-$at$-gmail-$dot$-com
August 2011
Assessment Environments: WAVSEP 1.0 / WAVSEP 1.0.3 (http://code.google.com/p/wavsep/)

Permalink

 


Released Watcher v.1.5.3
Web security testing tool and passive vulnerability scanner

Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.

Download
http://websecuritytool.codeplex.com/releases/view/22212

Permalink

 


HexorBase v.1.0
HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ).HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets.

Download
http://code.google.com/p/hexorbase/downloads/list

Permalink

 


Metasploit 4.0
"It's been a long road to 4.0. The first 3.0 release was almost 5 years ago and the first release under the Rapid7 banner was almost 2 years ago. Since then, Metasploit has really spread its wings. When 3.0 was released, it was under a EULA-like license with specific restrictions against using it in commercial products. Over time, the reasons for that decision became less important and the need for more flexibility came to the fore; in 2008, we released Metasploit 3.2 under a 3-clause BSD license. Licensing is definitely not the only place Metasploit's fexibility has increased. Over the last 5 years, we've added support for myriad exploitation techniques, network protocols, automation capabilities, and even user interfaces. The venerable msfweb is gone along with the old gtk-based msfgui. Taking their place are the newer java-based msfgui and armitage, both of which have improved by leaps and bounds since their respective introductions."

Download

http://updates.metasploit.com/data/releases/framework-4.0.0-windows-mini.exe

http://updates.metasploit.com/data/releases/framework-4.0.0-windows-full.exe

http://updates.metasploit.com/data/releases/framework-4.0.0-linux-mini.run

http://updates.metasploit.com/data/releases/framework-4.0.0-linux-full.run

http://updates.metasploit.com/data/releases/framework-4.0.0.tar.bz2

Metasploit 4.0 And Armitage - What's New?

Permalink

 


Thursday, 28. July 2011
Lightweight Portable - Linux
Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac).
To get started, download the LPS-Public ISO image and burn it to a CD. Read the Quick Start Guide for more information.

http://spi.dod.mil/docs/LPS-1.2.2_public.iso
http://spi.dod.mil/docs/lps_quick_start.pdf

Permalink

 


Reverse LFI/RFI/SQLI Scanner - Online
It auto scans for all the domains in reverse and try to find the LFI/RFI/SQLI in the domain and reports back

LFI
http://scan.subhashdasyam.com/lfi-scanner.php

RFI
http://scan.subhashdasyam.com/rfi-scanner.php

SQLI
http://scan.subhashdasyam.com/sqli-scanner.php

by
Subhash Dasyam

Permalink

 


Wednesday, 27. July 2011
Miasm
Miasm is a a free and open source (GPLv2) reverse engineering framework. Miasm aims at analyzing/modifying/generating binary programs.

Download
http://code.google.com/p/smiasm/

Permalink

 


Monday, 25. July 2011
Clickjacking Defense - Declarative Sec Detector
The X-FRAME-OPTIONS sets a restriction on the framing of a web page for a particular domain. It uses the value DENY and SAMEORIGIN for rendering the contents into a child frame.It is possible to stop the rendering completely in a child frame using DENY as a parameter. The SAMEORIGIN parameter declares that the content can only come
from the parent site and that no third party content rendering is allowed.This addon scans all the HTTP response headers that accompany with the web page and raises a notification in the status bar showing whether the declarative security for Clickjacking is applied on the respective domain or not.

Download - Firefox Addon
https://addons.mozilla.org/en-US/firefox/addon/clickjacking-defense-declar/

Permalink