Security Database Tools Watch

MS CAT.NET v2.0 Beta - Code Analysis Tool .NET

ToolsTracker — 2010-02-10T04:04:42Z

CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection.
This beta includes an integrated user experience with Visual Studio 2010 and FxCop command prompt. Version 2.0 beta contains tainted data flow analysis and a configuration analysis engine, that identifies insecure configuration files. In all there are 46 new (...) - Security Tools / Code Auditing, Application Scanner, CAT.NET

TCPJunk v2.8.21 - protocols testing

ToolsTracker — 2010-02-10T03:38:34Z

TCPJunk is a general TCP protocols testing and hacking utility.
Main features:
Supports IPv4/IPv6
Automatically send/receive data according to predefined session setup
Client/Server mode
Supports SSL
Dynamic data insertion and manipulation using tags
Traffic generation
GUI mode
Version 2.8.21
Fixed issue with initial session timeout
Added long options.
Help and man page updated.
Requirements:
Updated GNU/Linux based system
GTK+ 2 Toolkit
OpenSSL Toolkit (...) - Security Tools / Network Monitoring, Monitoring, TCPJunk

Dradis v2.5.0 released

ToolsTracker — 2010-02-09T00:31:41Z

Dradis is an open source framework to enable effective information sharing. Dradis is a self-contained web application that provides a centralised repository of information to keep track of what has been done so far, and what is still ahead.
Features include:
Easy report generation.
Support for attachments.
Integration with existing systems and tools through server plugins.
Platform independent.
Version 2.5.0
Improved Note editor: bigger, easier to use and supports formatting!
New (...) - Security Tools / Vulnerability Management, Dradis

Acunetix WVS v6.5 build 20100203 released

ToolsTracker — 2010-02-03T12:05:42Z

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.
New security checks:
8.3 DOS filename source code disclosure
Apache Tomcat Directory Host Appbase authentication bypass vulnerability
Apache (...) - Security Tools / Vulnerability Scanner, Application Scanner, Acunetix

Nikto v2.1.1 released

ToolsTracker — 2010-02-03T01:49:49Z

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).
Version 2.1.1 (2010-01-20)

Ticket 117: Fixed SKIPPORTS

Ticket 116: Moved User-Agent string to nikto.conf
Ticket 116: Added dynamic (...) - Security Tools / Vulnerability Scanner, Network Discovery, Application Scanner, Nikto

(IN)SECURE Magazine Issue 24 released

ToolsTracker — 2010-02-03T01:24:27Z

(IN)SECURE Magazine is a freely available digital security magazine discussing some of the hottest information security topics.
Issue 24
Writing a secure SOAP client with PHP: Field report from a real-world project
How virtualized browsing shields against web-based attacks
Review: 1Password 3
Preparing a strategy for application vulnerability detection
Threats 2.0: A glimpse into the near future
Preventing malicious documents from compromising Windows machines
Balancing (...) - Security Tools

PenTBox v1.3 Beta released

ToolsTracker — 2010-02-03T00:14:21Z

PenTBox is a Security Suite with programs like Password Crackers, Denial of Service testing tools (DoS and DDoS), Secure Password Generators, Honeypots and much more. Destined to test security/stability of networks and more. Programmed in Ruby, and oriented to GNU/Linux systems (but compatible with Windows, MacOS and more).
Version 1.3 Beta

Added Crypt Ruby and RubyRc4 libraries.

Added GOST, ARC4 and Rijndael (aka AES) 256 bits ciphers to Secure IM.
Improvements in error (...) - Security Tools / Vulnerability Scanner, Password Cracking, Framework, PenTBox

ProcNetMonitor v2.5 – Process Network Port Monitoring Tool - released

Tools Tracker Team — 2010-02-01T16:51:19Z

ProcNetMonitor is the free tool to monitor the network activity of all running process in the system. It displays all open network ports (TCP/UDP) and active network connections for each process. It has advanced color based auto analysis system to make it easy to distinguish network oriented processes from others with just one glance at the list. Newer version also presents unique 'Port Finder' feature which makes it easy to search for particular port in all running process with just one (...) - Security Tools / Configurations checks, Local auditing, ProcNetMonitor

Unhide Processes Forensics v20100201 released

Tools Tracker Team — 2010-02-01T16:45:00Z

Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.
// Unhide (ps)
Detecting hidden processes. Implements three techniques
Compare /proc vs /bin/ps output
Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning)
Full PIDs space ocupation (PIDs bruteforcing)
// Unhide-TCP
Identify TCP/UDP ports that are listening but not listed in /bin/netstat doing brute forcing of all TCP/UDP ports (...) - Security Tools / Configurations checks, Forensics, Rootkits, Unhide

Security-Database Vulnerability Dashboard v2.0 beta released

Tools Tracker Team — 2010-02-01T14:26:04Z

Security-Database provides a continuous IT vulnerability XML feed based on open security standards for classification, scoring, enumeration and exploitation. It also provides a well maintained repository for latest security and auditing tools and utilities. Security-database promotes Open Standards by supplying vulnerability alerts based on the following :
CVE identifier number
Brief description of the security vulnerability or exposure.
Any pertinent references (i.e., vulnerability (...) - Security Tools / Vulnerability Management