Security Tools News & Tips

Turtle Firewall is a software which allows you to realize a Linux firewall in a simply and fast way. It’s based on Kernel 2.4.x/2.6.x and Iptables. Its way of working is easy to understand: you can define the different firewall elements (zones, hosts, networks) and then set the services you want to enable among the different elements or groups of elements. You can do this simply editing a XML file or using the comfortable web interface Webmin. Turtle Firewall is an Open Source project written using the perl language and realeased under GPL version 2.0 by Andrea Frigido (Frisoft).

• More information or Read user reviews...(1)

McAfee Rootkit Detective 1.0 is a free program designed and developed by McAfee Avert Labs to proactively detect and clean rootkits that are running on the Windows system. This program is not dependent on any signatures and can proactively detect most of the existing and upcoming rootkits and allow the user to clean them. Some of the features of Rootkit Detective:
* Designed to proactively detect the system objects like processes, files and registry that are hidden to the user.
* Provides information about all running processes in the system.
* Provides information about various system hooks like SSDT(System Service Descriptor Table) hooks, user/kernel IAT/EAT(Import/Export Address Table) hooks.
* Allows the user to clean/remove the malicious objects from the system by renaming/deleting the hidden files/registry.
* Allows the user to terminate the malicious processes.
* Users can submit samples using the submission feature present in the tool.
* Users can also collect the samples manually after renaming them and submit to stinger@avertlabs.com for further analysis.

• More information or Write a review...

SQL Power Injector is an application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page. For now it is SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode). Indeed, the normal mode is basically the SQL command that someone will put in the parameter sent to the server.

• More information or Write a review...

The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities. The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for such marked packets. The scripts both write a log file which is in the same form for both scripts. A diff of the two produced files (ftest.log and ftestd.log) shows the packets that were unable to reach the sniffer due to filtering rules if these two scripts are ran on hosts placed on two different sides of a firewall. Stateful inspection firewalls are handled with the ‘connection spoofing’ option. A script called freport is also available for automatically parse the log files.

• More information or Write a review...(0)

Revhosts is a project for Passive information Gathering. It’s written in Python, it help pentesters to find informations (Host, VirtualHost, DNS entry, Directories, mail address, subnet,..), with very less false positive.

• More information or Write a review...(0)

Norton Smartphone Security Premier Edition (Beta) keeps your Windows Mobile 5.0 PocketPC, and Windows Mobile 5.0 Smartphone based smartphones safe. It offers: Antivirus protection: Symantec’s award-winning antivirus technology has been applied to smartphones to protect against mobile malware. AntiSpam for SMS: SMS spam messages are automatically placed in spam folder or deleted. Firewall: Controls inbound and outbound network traffic on the smartphone. Personal Data Protection: Automatically encrypt My Documents on logout. Device Password Protection: Require a password before accessing the smartphone and self-service password reset is done via a challenge question.

• More information or Write a review...(0)

ProxMon is an extensible Python based framework that reduces testing effort, improves consistency and reduces errors. Its use requires limited additional effort as it processes the proxy logs that you’re already generating and reports discovered issues. In addition to penetration testing, ProxMon is useful in QA, developer testing and regression testing scenarios. Key features: automatic value tracing of set cookies, sent cookies, query strings and post parameters across sites; proxy agnostic; included library of vulnerability checks; active testing mode; cross platform; open source license; easy to program extensible python framework.

• More information or Write a review...(0)

BlockSSHD is a Perl script based on BruteForceBlocker v1.2.3 that dynamically adds IPTables rules for Linux and pf firewall rules for BSD that block SSH brute force attacks. It can also detect ProFTPd login failures. BlockSSHD checks a log file you specify, for example /var/log/secure on a Red Hat, for SSH login failure messages. If it detects a failure message it records the source IP address and starts a counter. If messages continue to be detected from the same source IP address the counter is incremented for each message. When the counter reaches a user-specified threshold then the script will add a firewall rule blocking SSH connections from that source IP address. A user-specified time-out is also defined to trigger a reset of the counter. If the counter is incremented but has not yet reached the blocking threshold and a new login failure message arrives then BlockSSHD checks the time-out. If the last increment of the counter occurred earlier than the current time minus the time-out period then the counter is reset rather than incremented. The time-out defaults to 600 seconds (10 minutes).

• More information or Write a review...(0)

Hardscan is a local netstat replacement that scans for open ports the hard way: by binding to each of them and attempting to handshake with itself. It is meant to be useful in a situation where you may have been rooted, rendering the output of netstat and other security tools untrustworthy.

• More information or Write a review...(0)

SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free. SquidGuard is published under GNU Public License. squidGuard can be used to: limit the web access for some users to a list of accepted/well known web servers and/or URLs only; block access to some listed or blacklisted web servers and/or URLs for some users; block access to URLs matching a list of regular expressions or words for some users; enforce the use of domainnames/prohibit the use of IP address in URLs; redirect blocked URLs to an “intelligent” CGI based info page; redirect unregistered user to a registration form; redirect popular downloads like Netscape, MSIE etc. to local copies; redirect banners to an empty GIF; have different access rules based on time of day, day of the week, date etc; have different rules for different user groups; and much more..

• More information or Write a review...(0)