Security Database Tools Watch

WSFuzzer 1.9.3 released

Tools Tracker Team — 2008-07-22T09:45:34Z

WSFuzzer is a fuzzing penetration testing tool used against HTTP SOAP based web services. It tests numerous aspects (input validation, XML Parser, etc) of the SOAP target. It is only to be used against targets that have granted permission to be tested.
Features
Pen tests an HTTP SOAP web service based on either valid WSDL, known good XML payload, or a valid endpoint & namespace.
It can try to intelligently detect WSDL for a given target.
Includes a simple TCP port scanner.
WSFuzzer has (...) - Security Tools / Application Scanner, Fuzzers, Wsfuzzer

John the Ripper updated to 1.7.3.1

Tools Tracker Team — 2008-07-19T07:39:30Z

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.
Changes for this release : (...) - Security Tools / Password Cracking, John the Ripper

Cain & Abel v4.9.19 released

Tools Tracker Team — 2008-07-17T20:52:04Z

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocol
Update:
Added UserField and PassField columns in HTTP sniffer (...) - Security Tools / Cain and Abel, Data Sniffer, Wireless, VoIP, Password Cracking, Bruteforcers

Sara vulnerability scanner updated to 7.8.1

Tools Tracker Team — 2008-07-17T03:54:44Z

The Security Auditor's Research Assistant (SARA) is a third generation network security analysis tool that is:
Operates under Unix, Linux, MAC OS/X or Windows (through coLinux) OS'.
Integrates the National Vulnerability Database (NVD).
Performs SQL injection tests.
Performs exhaustive XSS tests
Can adapt to many firewalled environments.
Support remote self scan and API facilities.
Used for CIS benchmark initiatives
Plug-in facility for third party apps
CVE standards support (...) - Security Tools / SARA, Vulnerability Scanner, Vulnerability Management

Saint Scanner 6.7.13 released

Tools Tracker Team — 2008-07-17T03:49:07Z

SAINT is the Security Administrator's Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT's data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of (...) - Security Tools / Saint, Automated Exploiter, Vulnerability Management

Lynis updated to 1.1.8 (now supports OSX)

Tools Tracker Team — 2008-07-17T03:42:30Z

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
New:
Mac OS X support extended and new options added
Changes:
Extended default profile
Improved several screen output lines
User ID check improved, so it works better with older Solaris versions
Hostname in output and reports will (...) - Security Tools / Vulnerability Scanner, Configurations checks, Local auditing, Lynis

Oracle password cracker woraauthbf updated to 0.22

Tools Tracker Team — 2008-07-12T22:28:01Z

The Oracle password cracker woraauthbf with the following features :
Oracle password hash attack
Oracle password hash attack for 11g. It tries to crack the old hash and checks the case sensitivity with the new algorithm.
8i authentication attack without oracle dlls
9i and 10g authentication attack with oracle dlls
Dictionary attack
Incremental brute force attack
Multithreaded
The 0.22 has some speed advancement because of the prehash implementation and has some usefull changes: (...) - Security Tools / Password Cracking, Bruteforcers, woraauthbf

Fusil the fuzzer 0.9 available

Tools Tracker Team — 2008-07-12T08:06:36Z

Fusil the fuzzer is a Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files. Fusil has many probes to detect program crash: watch process exit code, watch process stdout and syslog for text patterns (eg. "segmentation fault"), watch session duration, watch cpu usage (process and system load), etc.
Fusil is based on a (...) - Security Tools / Fuzzers, Fusil

WireShark 1.0.2 releasd

Tools Tracker Team — 2008-07-12T07:59:24Z

Wireshark® is the world's most popular network protocol analyzer. It has a rich and powerful feature set and runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2
See here the full changelog for this release (...) - Security Tools / Data Sniffer, WireShark - Ethereal

OphCrack 3.0.1 released : now supports OSX

Tools Tracker Team — 2008-07-12T07:50:05Z

Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux.
Ophcrack 3.0.1 includes some fixes to make it easier to compile on Mac OS X either on little endian or big endian platforms. It also includes a fix in the configure script for Qt version detection. No changes in the win32 (...) - Security Tools / Password Cracking, OPHCrack