... neuere Einträge
Wednesday, 13. July 2011
Bokken - Linux
Am Wednesday, 13. Jul 2011 im Topic 'Pentest'
Bokken was recently introduced in Inguma penetration toolkit (version 0.3 to be precise!). Now, it has also been released as a stand-alone tool for malware analysis. In actuality, Bokken is a GUI for the pyew tool. So, you know that it can do all that pyew can, with a nice user interface.
Download
http://bokken.inguma.eu/projects/bokken/files
Download
http://bokken.inguma.eu/projects/bokken/files
Inguma 0.4 - Linux
Am Wednesday, 13. Jul 2011 im Topic 'Pentest'
Inguma is a penetration testing toolkit entirely written in python. The framework includes modules to discover hosts, gather information about, fuzz targets, brute force user names and passwords and, of course, exploits.
While the current exploitation capabilities in Inguma may be limited, this program provides numerous tools for information gathering and target auditing. Inguma is still being heavily developed so be sure to stay current and check back for news and updates.
Download
http://inguma.eu/projects/inguma/files
While the current exploitation capabilities in Inguma may be limited, this program provides numerous tools for information gathering and target auditing. Inguma is still being heavily developed so be sure to stay current and check back for news and updates.
Download
http://inguma.eu/projects/inguma/files
WPSCAN - WordPress Security & vulnerability Scanner Linux
Am Wednesday, 13. Jul 2011 im Topic 'Pentest'
Details
Username enumeration (from author querystring and location header)
Weak password cracking (multithreaded)
Version enumeration (from generator meta tag)
Vulnerability enumeration (based on version)
Plugin enumeration (2220 most popular by default)
Plugin vulnerability enumeration (based on version) (todo)
Plugin enumeration list generation
Other misc WordPress checks (theme name, dir listing, ...)
Download
http://code.google.com/p/wpscan/
http://wpscan.googlecode.com/svn/trunk/
Username enumeration (from author querystring and location header)
Weak password cracking (multithreaded)
Version enumeration (from generator meta tag)
Vulnerability enumeration (based on version)
Plugin enumeration (2220 most popular by default)
Plugin vulnerability enumeration (based on version) (todo)
Plugin enumeration list generation
Other misc WordPress checks (theme name, dir listing, ...)
Download
http://code.google.com/p/wpscan/
http://wpscan.googlecode.com/svn/trunk/
Sunday, 10. July 2011
AutoDiff - Online
Am Sunday, 10. Jul 2011 im Topic 'Pentest'
AutoDiff is a project which performs automated binary differential analysis between two executable files. This is especially useful for reverse engineering vulnerability patches and spotting other additional code updates. AutoDiff allows to find executable code similarities and differences among two executable files. Additionally it also includes some heuristics methods for matching variables (objects) between two executable files. AutoDiff is ultra fast, standalone tool. It was especially designed to diff Portable Executable files released by Microsoft every time in the security bulletin.
http://autodiff.piotrbania.com/
http://autodiff.piotrbania.com/
BeEF v0.4.2.7-alpha Linux
Am Sunday, 10. Jul 2011 im Topic 'Pentest'
“BeEF, the Browser Exploitation Framework is a professional security tool provided for lawful research and testing purposes. It allows the experienced penetration tester or system administrator additional attack vectors when assessing the posture of a target. The user of BeEF will control which browser will launch which exploit and at which target.
BeEF hooks one or more web browsers as beachheads for the launching of directed exploits in real-time. Each browser is likely to be within a different security context. This provides additional vectors that can be exploited by security professionals.BeEF provides an easily integratable framework that demonstrates the impact of browser and Cross-site Scripting issues in real-time. Development has focused on creating a modular framework. This has made module development a very quick and simple process. Current modules include Metasploit, port scanning, keylogging, TOR detection and more.
Download:
http://code.google.com/p/beef/downloads/list
BeEF hooks one or more web browsers as beachheads for the launching of directed exploits in real-time. Each browser is likely to be within a different security context. This provides additional vectors that can be exploited by security professionals.BeEF provides an easily integratable framework that demonstrates the impact of browser and Cross-site Scripting issues in real-time. Development has focused on creating a modular framework. This has made module development a very quick and simple process. Current modules include Metasploit, port scanning, keylogging, TOR detection and more.
Download:
http://code.google.com/p/beef/downloads/list
Friday, 8. July 2011
Web Security Dojo v.1.2
Am Friday, 8. Jul 2011 im Topic 'Pentest'
Web Security Dojo is a free open-source self-contained training environment for Web Application Security penetration testing. Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v9.10. The Web Security Dojo is for learning and practicing web app security testing techniques. It is ideal for training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started - tools, targets, and documentation.
Info:
http://www.mavensecurity.com/web_security_dojo/
Look for Dojo videos on YouTube channel at http://www.youtube.com/user/MavenSecurity
Download:
http://sourceforge.net/projects/websecuritydojo/files/Version_1.2/
Info:
http://www.mavensecurity.com/web_security_dojo/
Look for Dojo videos on YouTube channel at http://www.youtube.com/user/MavenSecurity
Download:
http://sourceforge.net/projects/websecuritydojo/files/Version_1.2/
Friday, 8. July 2011
The Samurai Web Testing Framework Linux
Am Friday, 8. Jul 2011 im Topic 'Pentest'
The Samurai Web Testing Framework is a LiveCD
The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.
Download :
http://sourceforge.net/projects/samurai/
The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.
Starting with reconnaissance, we have included tools such as the Fierce domain scanner and Maltego. For mapping, we have included tools such WebScarab and ratproxy. We then chose tools for discovery. These would include w3af and burp. For exploitation, the final stage, we included BeEF, AJAXShell and much more. This CD also includes a pre-configured wiki, set up to be the central information store during your pen-test.
Download :
http://sourceforge.net/projects/samurai/
Vega
Am Thursday, 7. Jul 2011 im Topic 'Pentest'
Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.
Download
http://subgraph.com/vega_download.php
Modules
Cross Site Scripting (XSS)
SQL Injection
Directory Traversal
URL Injection
Error Detection
File Uploads
Sensitive Data Discovery
Download
http://subgraph.com/vega_download.php
Modules
Cross Site Scripting (XSS)
SQL Injection
Directory Traversal
URL Injection
Error Detection
File Uploads
Sensitive Data Discovery
WebSurgery
Am Thursday, 7. Jul 2011 im Topic 'Pentest'
WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and stable Web Crawler, File/Dir Bruteforcer and Fuzzer for advanced exploitation of known and unusual vulnerabilities such as SQL Injections, Cross site scripting (XSS), brute-force for login forms, identification of firewall-filtered rules etc.
Download Setup
http://www.surgeonix.com/blog/downloads/websurgery/setup.msi
Download Portable
http://www.surgeonix.com/blog/downloads/websurgery/websurgery.zip
Download Setup
http://www.surgeonix.com/blog/downloads/websurgery/setup.msi
Download Portable
http://www.surgeonix.com/blog/downloads/websurgery/websurgery.zip
Pangolin Free 3.2.3
Am Thursday, 7. Jul 2011 im Topic 'Pentest'
Pangolin is an automatic SQL injection penetration testing (Pen-testing) tool for Website manager or IT Security analyst. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or users specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.
Test many types of databases
Your web applications using Access,DB2,Informix,Microsoft SQL Server 2000,Microsoft SQL Server 2005,Microsoft SQL Server 2008,MySQL,Oracle,PostgreSQL,Sqlite3,Sybase?
Pangolin supports all of them.
Features: Auto-analyzing keyword, HTTPS support, Pre-Login, Bypass firewall setting, Injection Digger, Data dumper, etc.
Download
http://down3.nosec.org/pangolin_free_edition_3.2.3.1105.zip
Test many types of databases
Your web applications using Access,DB2,Informix,Microsoft SQL Server 2000,Microsoft SQL Server 2005,Microsoft SQL Server 2008,MySQL,Oracle,PostgreSQL,Sqlite3,Sybase?
Pangolin supports all of them.
Features: Auto-analyzing keyword, HTTPS support, Pre-Login, Bypass firewall setting, Injection Digger, Data dumper, etc.
Download
http://down3.nosec.org/pangolin_free_edition_3.2.3.1105.zip
... ältere Einträge