Security Tools News & Tips

It’s a blind SQL injection tool developed in Perl. It lets you get databases schemas and tables rows. Using a single GET/POST you can access quietly the database structure and using a single GET/POST you can dump every table row to a csv-like file.

• More information or Write a review...(1)

The Kcpentrix Project was founded in May 2005 , KCPentrix 1.0 was liveCD designed to be a standalone Penetration testing toolkit for pentesters, security analysts and System administrators. Now release 2.0 is a liveDVD, It features a lot of new or up to date tools for auditing and testing a network, from scanning and discovering to exploiting vulnerabilities. Kcpentrix is based on SLAX 5, a Slackware live Dvd. The Powerful modularity which Kcpentrix uses, allow us to easily customize our version, and include whichever modules we need. KCPENTRIX 2.0 is the most inovative and promising KCPENTRIX ever. It switched to 2.6 kernel line. Zisofs compression was replaced by SquashFS, which provides better compression ratio and higher read speed.

• More information or Write a review...(0)

SpyBye is a tool to help web masters determine if their web pages are hosting browser exploits that can infect visiting users with malware. It functions as an HTTP proxy server and intercepts all browser requests. SpyBye uses a few simple rules to determine if embedded links on your web page are harmlesss, unknown or maybe even dangerous. SpyBye operates as a proxy server and gets to see all the web fetches that your browser makes. It applies very simple rules to each URL that is fetched as a result of loading a web page. These rules allows us to classify a URL into three categories: harmless, unknown or dangerous. Although, there is great margin of error, the categories allow a web master to look at the URLs and determine if they should be there or not. If you see that a URL is being fetched that you would not expect, it’s a good indication you have been copromised.

• More information or Write a review...(0)

Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, has features such as Bluetooth address spoofing, an AT and a RFCOMM socket shell and implements tools like carwhisperer, bss, L2CAP packetgenerator, L2CAP connection resetter, RFCOMM scanner and greenplaque scanning mode (using more than one hci device).

• More information or Write a review...(0)

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.

• More information or Write a review...(0)

Pixy is a Java program that performs automatic scans of PHP source code, aimed at the detection of XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.

• More information or Write a review...(1)

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.

• More information or Read user reviews...(1)

Nessj is an application/network security scanner client for Nessus and Nessus compatible (OpenVAS etc.) servers. In addition to an improved user interface, it provides session management with templates, report generation using XSLT including charts/graphs, and vulnerability trending. It is cross-platform, with platform specific releases available for Linux, OSX, and Windows, written in Java using SWT for a native experience, and it is open-source. It’s provided by Intekras, Inc. under the Clarified Artistic License.

• More information or Write a review...(0)

X-Scan is a general scanner for scanning network vulnerabilities for specific IP address scope or stand-alone computer by multi-threading method, plug-ins are supportable. Which X-Scan feature include in the following: service type, remote OS type and version detection, weak user/password pair, and all of the nessus attack scripts combination.

• More information or Write a review...(0)

SecurityForest Exploitation Framework is an opensource and free Exploitation Framework that leverages the massive amount of exploits available in the ExploitTree. These exploits are publically available and do not have to be re-written to be used in the framework (no matter what language and sometimes no matter what OS). It basically acts as a Graphical User Interface to the ExploitTree which is dynamically updated at the same time as the ExploitTree.

• More information or Write a review...(0)