Security Tools News & Tips » OSX

K9 Web Protection

Niranjan — Mon, 14 Sep 2009 19:39:20 +0000

Blue Coat’s K9 Web Protection is a free Internet and parental controls filter that gives parents control over their family’s use of the Internet. It enables parents to monitor and control what sites their children access and enables them to block offensive or potentially dangerous sites. K9 Web Protection relies on the same enterprise-class Web filtering technology used by Blue Coat enterprise customers around the world, and is wrapped in a simple, easy-to-manage software application that is compatible with both Mac and PC computers. To protect against newly discovered threats, K9 Web Protection is continuously updated by the WebPulse™ service, the Blue Coat cloud-based community watch environment that also updates Blue Coat WebFilter™ and ProxyClient® enterprise products. In this community watch environment, the identification of malware by one member is shared with all to prevent infections or other harm.

K9 Web Protection Homepage

AutoScan-Network

Niranjan — Sat, 22 Aug 2009 16:35:50 +0000

AutoScan-Network is a network discovering and managing application. No configuration is required to scan your network. The main goal is to print the list of connected equipments in your network. It’s a free software and can be installed on Windows, Linux, Mac, Solaris and Maemo 4.

AutoScan-Network Homepage

Wireshark

Niranjan — Thu, 20 Aug 2009 22:33:52 +0000

Wireshark is the world’s foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions. Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998. It started as Ethereal but was later re-branded as Wireshark due to trademark issues.

Wireshark Homepage

FTester

Niranjan — Fri, 20 Jul 2007 08:07:43 +0000

The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities. The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for such marked packets. The scripts both write a log file which is in the same form for both scripts. A diff of the two produced files (ftest.log and ftestd.log) shows the packets that were unable to reach the sniffer due to filtering rules if these two scripts are ran on hosts placed on two different sides of a firewall. Stateful inspection firewalls are handled with the ‘connection spoofing’ option. A script called freport is also available for automatically parse the log files.

FTester Homepage

Revhosts

Niranjan — Mon, 16 Jul 2007 08:13:23 +0000

Revhosts is a project for Passive information Gathering. It’s written in Python, it help pentesters to find informations (Host, VirtualHost, DNS entry, Directories, mail address, subnet,..), with very less false positive.

Revhost Homepage

DirBuster

Niranjan — Thu, 12 Jul 2007 14:26:04 +0000

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these. What DirBuster can do for you? Attempt to find hidden pages/directories and directories with a web application, thus giving a another attack vector (For example. Finding an unlinked to administration page).

Homepage

ISR-sqlget

Niranjan — Sat, 30 Jun 2007 01:26:37 +0000

It’s a blind SQL injection tool developed in Perl. It lets you get databases schemas and tables rows. Using a single GET/POST you can access quietly the database structure and using a single GET/POST you can dump every table row to a csv-like file.

ISR-sqlget Homepage

Nipper

Niranjan — Mon, 25 Jun 2007 03:58:23 +0000

Nipper is an open source tool that performs a security audit of network device configuration files. The report produced by nipper includes; detailed security-related issues with recommendations, a configuration report and various appendices. nipper was previously known as CiscoParse. Nipper currently supports the following devices: Cisco Switches (IOS), Cisco Routers (IOS), Cisco Firewalls (PIX, ASA, FWSM), Cisco Catalysts (NMP, CatOS, IOS), Cisco Content Service Switches (CSS) and Juniper NetScreen Firewalls (ScreenOS).

Nipper Homepage

Sqlninja

Niranjan — Sat, 23 Jun 2007 04:52:33 +0000

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.

Sqlninja Homepage

Sqlninja Flash Demo

Pixy

Niranjan — Thu, 21 Jun 2007 13:03:49 +0000

Pixy is a Java program that performs automatic scans of PHP source code, aimed at the detection of XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.

Pixy Homepage