Security Database Tools Watch

OSWA-Assistant v0.9.0.6h released

Tools Tracker Team — 2009-12-12T10:29:12Z

The OSWA™-Assistant is a no-Operating-System-required standalone toolkit which is solely focused on wireless auditing. As a result, in addition to the usual WiFi (802.11) auditing tools, it also covers Bluetooth and RFID auditing. Using the toolkit is as easy as popping it into your computer's CDROM and making your computer boot from it!
This is a maintenance release with more Ralink cards supported (due to changes in vendor IDs reported by certified OSWAs & various other people) and (...) - Security Tools / LiveCD, Wireless, OSWA

WAFW00F beta released : Auditing Web Application Firewall

Tools Tracker Team — 2009-12-11T17:54:35Z

WAFW00F allows one to identify and fingerprint WAF products protecting a website
This set of tools is available from svn. Grab it from this location
svn checkout http://waffit.googlecode.com/svn/trunk/ waffit-read-only
Tool Submitted by Sebastien Gioria (OWASP French Chapter Leader) - Security Tools / Application Scanner, WAFW00F

Graudit v1.5 released

Tools Tracker Team — 2009-12-11T17:49:24Z

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
Version 1.5
New features for server wide install
Source distro file for package maintainers
Signature bug fixes
New php, python and perl signatures
Deprecating the rough signature set (...) - Security Tools / Vulnerability Scanner, Code Auditing, Local auditing, Graudit

Halberd v0.2.3 available : Load balancer configuration auditing

Tools Tracker Team — 2009-12-11T17:49:08Z

To cope with heavy traffic loads, web site administrators often install load balancer devices. These machines hide (possibly) many real web servers behind a virtual IP. They receive HTTP requests and redirect them to the real web servers in order to share the traffic between them.
Halberd is a tool aimed at discovering real servers behind virtual IPs
Halberd should work in any system with Python version 2.4 or above. It has been successfully built and tested under GNU/Linux, Windows 2000 (...) - Security Tools / Network Discovery, Halberd

JBroFuzz v1.8 released

Tools Tracker Team — 2009-12-11T17:37:17Z

JBroFuzz is a web application fuzzer for requests being made over HTTP and/or HTTPS. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities.
The components of JBroFuzz are all integrated into a single window and can be accessed through individual tabs. These tabs are:
Fuzzing
The fuzzing tab is the main tab of JBroFuzz, responsible for all fuzzing operations performed over the network. Depending on the fuzzer payloads (...) - Security Tools / JBroFuzz, Fuzzers

Groundspeed v1.0.1 in the wild

Tools Tracker Team — 2009-12-11T17:33:00Z

Groundspeed is an open-source Firefox add-on that allows you to modify the web application interface during a penetration test by manipulating the forms and form elements loaded in the browser page, eliminating annoying limitations and client-side controls.
Some of the practical uses of groundspeed include changing hidden fields, select drop down lists and other fields into text fields, removing size and length limitations on input fields and modifying JavaScript event handlers to bypass (...) - Security Tools / Penetration testing & Ethical Hacking, Groundspeed

Lynis v1.2.8 released

ToolsTracker — 2009-12-09T01:54:02Z

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
Version 1.2.8 (2009-12-08) New:
Squid support added
Squid daemon detection [SQD-3602]
Squid configuration file search [SQD-3604]
Squid version detection [SQD-3606]
Check /etc/motd banner [BANN-7122]
Check /etc/issue.net file (...) - Security Tools / Vulnerability Scanner, Configurations checks, Local auditing, Lynis

WPA Cracker Service - cloud cracking service

ToolsTracker — 2009-12-09T01:45:28Z

WPA Cracker is a cloud cracking service for penetration testers and network auditors who need to check the security of WPA-PSK protected wireless networks.
WPA-PSK networks are vulnerable to dictionary attacks, but running a respectable-sized dictionary over a WPA network handshake can take days or weeks. WPA Cracker gives you access to a 400CPU cluster that will run your network capture against a 135 million word dictionary created specifically for WPA passwords. While this job would (...) - Security Tools / Wireless, Password Cracking, Bruteforcers, Commercial, WPA Cracker

Matriux v0.9.4 Build 091127 released

ToolsTracker — 2009-12-09T01:33:56Z

The Matriux is a phenomenon that was waiting to happen. It is a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used (...) - Security Tools / Penetration testing & Ethical Hacking, LiveCD, Framework, Matriux

WhatWeb v0.3 - Next generation Web Scanner

ToolsTracker — 2009-12-04T03:37:14Z

Identifying content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. Licensed under GPLv3.
WhatWeb has over 60 plugins and needs community support to develop more. Plugins can identify systems with obvious signs removed by looking for subtle clues.
Example:
A WordPress site might remove the tag but the WordPress plugin also looks for "wp-content" which is less easy to disguise. Plugins are flexible and can return any datatype, (...) - Security Tools / Enumeration, Information Gathering, Application Scanner, WhatWeb