Security Tools News & Tips

Revhosts is a project for Passive information Gathering. It’s written in Python, it help pentesters to find informations (Host, VirtualHost, DNS entry, Directories, mail address, subnet,..), with very less false positive.

• More information or Write a review...(0)

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these. What DirBuster can do for you? Attempt to find hidden pages/directories and directories with a web application, thus giving a another attack vector (For example. Finding an unlinked to administration page).

• More information or Write a review...(0)

ProxMon is an extensible Python based framework that reduces testing effort, improves consistency and reduces errors. Its use requires limited additional effort as it processes the proxy logs that you’re already generating and reports discovered issues. In addition to penetration testing, ProxMon is useful in QA, developer testing and regression testing scenarios. Key features: automatic value tracing of set cookies, sent cookies, query strings and post parameters across sites; proxy agnostic; included library of vulnerability checks; active testing mode; cross platform; open source license; easy to program extensible python framework.

• More information or Write a review...(0)

BlockSSHD is a Perl script based on BruteForceBlocker v1.2.3 that dynamically adds IPTables rules for Linux and pf firewall rules for BSD that block SSH brute force attacks. It can also detect ProFTPd login failures. BlockSSHD checks a log file you specify, for example /var/log/secure on a Red Hat, for SSH login failure messages. If it detects a failure message it records the source IP address and starts a counter. If messages continue to be detected from the same source IP address the counter is incremented for each message. When the counter reaches a user-specified threshold then the script will add a firewall rule blocking SSH connections from that source IP address. A user-specified time-out is also defined to trigger a reset of the counter. If the counter is incremented but has not yet reached the blocking threshold and a new login failure message arrives then BlockSSHD checks the time-out. If the last increment of the counter occurred earlier than the current time minus the time-out period then the counter is reset rather than incremented. The time-out defaults to 600 seconds (10 minutes).

• More information or Write a review...(0)

Hardscan is a local netstat replacement that scans for open ports the hard way: by binding to each of them and attempting to handshake with itself. It is meant to be useful in a situation where you may have been rooted, rendering the output of netstat and other security tools untrustworthy.

• More information or Write a review...(0)

SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free. SquidGuard is published under GNU Public License. squidGuard can be used to: limit the web access for some users to a list of accepted/well known web servers and/or URLs only; block access to some listed or blacklisted web servers and/or URLs for some users; block access to URLs matching a list of regular expressions or words for some users; enforce the use of domainnames/prohibit the use of IP address in URLs; redirect blocked URLs to an “intelligent” CGI based info page; redirect unregistered user to a registration form; redirect popular downloads like Netscape, MSIE etc. to local copies; redirect banners to an empty GIF; have different access rules based on time of day, day of the week, date etc; have different rules for different user groups; and much more..

• More information or Write a review...(1)

Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address. These rules can be defined by the user. Fail2ban can read multiple log files such as sshd or Apache web server ones. Fail2ban is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation.

• More information or Write a review...(0)

It’s a blind SQL injection tool developed in Perl. It lets you get databases schemas and tables rows. Using a single GET/POST you can access quietly the database structure and using a single GET/POST you can dump every table row to a csv-like file.

• More information or Write a review...(1)

The Kcpentrix Project was founded in May 2005 , KCPentrix 1.0 was liveCD designed to be a standalone Penetration testing toolkit for pentesters, security analysts and System administrators. Now release 2.0 is a liveDVD, It features a lot of new or up to date tools for auditing and testing a network, from scanning and discovering to exploiting vulnerabilities. Kcpentrix is based on SLAX 5, a Slackware live Dvd. The Powerful modularity which Kcpentrix uses, allow us to easily customize our version, and include whichever modules we need. KCPENTRIX 2.0 is the most inovative and promising KCPENTRIX ever. It switched to 2.6 kernel line. Zisofs compression was replaced by SquashFS, which provides better compression ratio and higher read speed.

• More information or Write a review...(0)

SpyBye is a tool to help web masters determine if their web pages are hosting browser exploits that can infect visiting users with malware. It functions as an HTTP proxy server and intercepts all browser requests. SpyBye uses a few simple rules to determine if embedded links on your web page are harmlesss, unknown or maybe even dangerous. SpyBye operates as a proxy server and gets to see all the web fetches that your browser makes. It applies very simple rules to each URL that is fetched as a result of loading a web page. These rules allows us to classify a URL into three categories: harmless, unknown or dangerous. Although, there is great margin of error, the categories allow a web master to look at the URLs and determine if they should be there or not. If you see that a URL is being fetched that you would not expect, it’s a good indication you have been copromised.

• More information or Write a review...(0)