
Penetration Testing mailing list archives
Tools Update - Xmas 2009
From: "SD List" <list () security-database com>
Date: Sat, 26 Dec 2009 21:53:10 +0100 (CET)
Hello Here is the site's newsletter "Security Database Tools Watch" (http://www.security-database.com/toolswatch). This letter summarizes the articles and news items published since 7 days. Security-Database Team wishes you a Merry XMAS & a Happy New Year. New articles -------------------------- ** SAINT® v7.2.3 updates - now SCAP support - ** by Tools Tracker Team - 26 December 2009 SAINT is the Security Administrators Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINTs data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...) -> http://www.security-database.com/toolswatch/SAINT-R-v7-2-3-updates-now-SCAP.html ** Nmap 5.10BETA2 released : Citrix scanning & xmas greetings ** by Tools Tracker Team - 26 December 2009 Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other (...) -> http://www.security-database.com/toolswatch/Nmap-5-10BETA2-released-Citrix.html ** Yasat v1.70a - Yet Another Stupid Audit Tool ** by ToolsTracker - 24 December 2009 YASAT (Yet Another Stupid Audit Tool) is a simple stupid audit tool. Its goal is to be as simple as possible with minimum binary dependencies (only sed, grep and cut). It do many tests for checking security configuration issue or others good practice. It checks many software configurations like: Apache PHP kernel mysql openvpn Packages update snmpd tomcat user accounting vsftpd xinetd YASAT is licensed under GPLv3 MD5SUM 9dd26de0ab213ded1a1a59cb7afabd07 SHA1SUM (...) -> http://www.security-database.com/toolswatch/Yasat-v1-70a-Yet-Another-Stupid.html ** Process Hacker just updated to v1.9 ** by Tools Tracker Team - 24 December 2009 Process Hacker is a free and open source process viewer and memory editor with unique features such as powerful process termination and a Regex memory searcher. It can show services, processes and their threads, modules, handles and memory regions. Thanks to Barry Irwin for this update Version 1.9 NEW/IMPROVED: Dump/view process information Added useful tooltips to the module list The "-elevate" command line option propagates other arguments FIXED: #2911938 - "The given key was not (...) -> http://www.security-database.com/toolswatch/Process-Hacker-just-updated-to-v1.html ** WinScanX v1.0 - Windows auditing tool ** by ToolsTracker - 24 December 2009 WinScanX is a state-of-the-art Windows auditing tool designed to help you get your Windows audit done quickly. It's easy to use and no installation is required. WinScanX Pro can potentially scan thousands of hosts in a matter of minutes while WinScanX Basic can only scan one host at a time. WinScanX Options and Input Files WinScanX has over 20 options that allow a user to gather various types of information, check for easy-to-guess passwords, etc. There are also several input files that (...) -> http://www.security-database.com/toolswatch/WinScanX-v1-Windows-auditing-tool.html ** Process Hacker v1.8 released ** by ToolsTracker - 24 December 2009 Process Hacker is a free and open source process viewer and memory editor with unique features such as powerful process termination and a Regex memory searcher. It can show services, processes and their threads, modules, handles and memory regions. Version 1.8 NEW/IMPROVED: Ability to set I/O priority for processes and threads No more separate Assistant.exe executable required Signature verification now works on x64 Now shows signer names (plus a Verified Signer column) Added proper (...) -> http://www.security-database.com/toolswatch/Process-Hacker-v1-8-released.html ** PenTBox v1.0.1 - looking for phrases ** by ToolsTracker - 24 December 2009 PenTBox is a Security Suite with programs like Password Crackers, Denial of Service testing tools (DoS and DDoS), Secure Password Generators, Honeypots and much more. Destined to test security/stability of networks and more. Programmed in Ruby, and oriented to GNU/Linux systems (but compatible with Windows, MacOS and more). A new version of PenTBox is being developed, probably it will be published in January 2010. Alberto Ortega Llamas, our friend, is looking for phrases to print (...) -> http://www.security-database.com/toolswatch/PenTBox-v1-1-looking-for-phrases.html ** OpenVAS 3.0 released ** by ToolsTracker - 24 December 2009 OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user fontend. The core is a server component with a set of plugins to test various vulnerabilities in remote systems and applications The release introduces new features and a new architecture which forms the basis for turning the vulnerability scanner into a vulnerability management solution. The GPL-licensed Open Vulnerability Assessment System (OpenVAS) has (...) -> http://www.security-database.com/toolswatch/OpenVAS-3-released.html ** SAINT v7.2.2 released ** by ToolsTracker - 23 December 2009 SAINT is the Security Administrators Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINTs data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...) -> http://www.security-database.com/toolswatch/SAINT-v7-2-2-released.html ** Metasploit Framework updated to v3.3.3 ** by Tools Tracker Team - 23 December 2009 The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler. Metasploit Framework v3.3.3 All exploits now contain a (...) -> http://www.security-database.com/toolswatch/Metasploit-Framework-updated-to-v3.html ** fimap v0.7a released ** by ToolsTracker - 22 December 2009 fimap is a little python tool which can find, prepare, audit, exploit and even google automaticly for local and remote file inclusion bugs in webapps. fimap should be something like sqlmap just for LFI/RFI bugs instead of sql injection. It's is currently under heavy development but it's usable. Version 0.7 Alpha: All commands will now be send base64 encoded. So you can use quotes as much as you want. php://input detection is now 100% reliable. (it produced some false positives (...) -> http://www.security-database.com/toolswatch/fimap-v0-7a-released.html ** FindDomains v0.1.1 released - search engine discovery tool ** by ToolsTracker - 22 December 2009 The fastest search engine discovery tool that retrieves domains which are located at specified ip address/hostname. FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses. Provides a console interface so you can easily integrate this tool to your pentest automation system. It retrieves domain names/web sites which are located on (...) -> http://www.security-database.com/toolswatch/FindDomains-v0-1-1-released-search.html ** Samhain v2.6.1 released ** by ToolsTracker - 21 December 2009 The samhain open source host-based intrusion detection system (HIDS) provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. It has been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host. Version 2.6.1 (Dec 21, 2009) On (...) -> http://www.security-database.com/toolswatch/Samhain-v2-6-1-released.html Regards Nabil OUCHN CEO & Founder Security-Database France Maximiliano Soler ToolWatch Leader Security-Database Argentina ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Tools Update - Xmas 2009 SD List (Dec 29)