Security Database Tools Watch

Web Security Dojo v0.2 released

Tools Tracker Team — 2009-11-08T20:58:08Z

An open source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo. For learning and practicing web app security testing techniques. It does not need a network connection since it contains tools, targets, and documentation. Thus making it ideal for training classes and conferences.
To install Dojo you can install and run VirtualBox, then "Import Appliance" using the OVF file. Other virtual machine packages (VMware, etc) will (...) - Security Tools / LiveCD, Application Scanner, Local auditing, Attack, Web Security Dojo

WepBuster v1.0 beta0.7 released

Tools Tracker Team — 2009-11-08T11:14:14Z

This small utility was written for Information Security Professionals to aid in conducting Wireless Security Assessment. The program executes various utilities included in the aircrack-ng suite, a set of tools for auditing wireless networks, in order to obtain the WEP encryption key of a wireless access point. aircrack-ng can be obtained from http://www.aircrack-ng.org
Changes :
added wordlist generator
added embedded documentation
miscellaneous code (...) - Security Tools / AirCrack-ng, Wireless, Password Cracking, Bruteforcers, WebBuster

Websecurify updated to v0.4 RC1

Tools Tracker Team — 2009-11-08T11:09:21Z

Websecurify Security Testing Framework identifies web security vulnerabilities by using advanced browser automation, discovery and fuzzing technologies. The framework is written in JavaScript and successfully executes in numerous platforms including modern browsers with support for HTML5, xulrunner, xpcshell, Java, V8 and others. - Security Tools / Vulnerability Scanner, Application Scanner, Websecurity

Lynis updated to version 1.2.7

Tools Tracker Team — 2009-11-08T11:05:09Z

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
Changelog :
New:
Added Kernel Hardening section
Sysctl audit support in scan profile and related test [KRNL-6000]
SSH option StrictModes test [SSH-7416]
Password aging limit check [AUTH-9286]
Ubuntu packages check (apt-show-versions) (...) - Security Tools / Vulnerability Scanner, Configurations checks, Local auditing, Lynis

PenTester Scripting Logo Competition

Tools Tracker Team — 2009-11-07T21:06:44Z

PenTester Scripting website is a very handy collection of Scripts (ruby, shell, perl...) initiated by a group of researchers to make our pentests journey easier. The scripts are focused into 8 categories (recon, mapping, discovery, exploitation and so on).
More information here http://www.pentesterscripting.com
Please help our teammate Maximiliano Soler to win this logo competition.
VOTE FOR MAX SOLER (...) - Security Tools

Security-Database new updates (Saint Exploit mapping feature)

Tools Tracker Team — 2009-11-06T12:41:35Z

Security-database team is very happy to announce news changes and one great feature to its SD Vulnerability Cross Linker.
New Feature :
Vulnerability Dashboard is now linking to SAINT Corporation Exploits. When available, the CVE comes now with CVSS, CPE, CWE, OVAL and Saint ID. Here is an example for CVE-2009-3023. The mapping works also with vendors entries (MS, Gentoo, Sun..
Major changes :
As an effort to be compliant with the latest CWE (Common Weakness Enumeration) (...) - Security Tools

RIP str0ke (milw0rm) ... appears to be a Hoax

Tools Tracker Team — 2009-11-04T14:23:25Z

Updated :
Followers has just received a tweet from str0ke's twitter. @str0ke: I'm not dead yet, just being trolled.
This means someone has hacked into Edward's profile and spread a fake and loosy hoax. After all, we are very happy to see him up and running.
News about his "fake" death:
Security-Database must notify a sad information.
Lamentably a great friend and companion have passed away, early this morning.
str0ke (1974-04-29 - 2009-11-03) from Milw0rm, the bad news arrived and surprises (...) - Security Tools

Graudit v1.3 released

ToolsTracker — 2009-11-03T13:07:08Z

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
Version 1.3
Some signatures addes to existing databases
Signature improvements to existing databases
Added JSP ruleset
Added ASP ruleset
Improved testing
USAGE Graudit supports several (...) - Security Tools / Code Auditing, Local auditing, Graudit

UCSniff v3.0 Released

ToolsTracker — 2009-11-03T12:23:32Z

UCSniff is a VoIP & IP Video Security Assessment tool that integrates existing open source software into several useful features, allowing VoIP and IP Video owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping. Written in C/C++, and available on Linux and Windows, the software is free and available for anyone to download, under the GPLv3 license.
Version 3.0
Real time VoIP and Video monitoring. [as presented at ToorCon 11, San (...) - Security Tools / Automated Exploiter, Data Sniffer, VoIP, UCsniff

Enhanced Mitigation Evaluation Toolkit v1.0.2 released

Tools Tracker Team — 2009-10-30T09:24:40Z

Security mitigation technologies are technologies designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software. The Enhanced Mitigation Evaluation Toolkit (EMET) is a toolkit that allows certain security mitigation technologies to be applied to user specified applications.
This utility builds on our current offerings in several key ways:
Until now, many of the available mitigations have required for an application to be manually opted in and (...) - Security Tools / Security Solutions, Configurations checks, Forensics, Exploitation, EMET