Time and Attack Mapper - Time/Effort Estimator Tool For Blackbox Security Assessment @ 09-01-2009 22:44
Time and Attack Mapper (alternatively known as TA-Mapper) is an effort estimator tool for blackbox security assessment (or Penetration Testing) of applications. This tool provides more accurate estimation when compared to rough estimation. Penetration testers who always has hard time explaining/justifying the efforts charged (or quoted) to their customers can find this tool handy by [...]
WITOOL v0.1 - GUI Based SQL Injection Tool in .NET @ 07-01-2009 16:04
WITOOL is an graphical based SQL Injection Tool written in dotNET. - For SQL Server, Oracle - Error Base and Union Base Interface Features Retrieve schema : DB/TableSpace, Table, Column, other object Retrieve data : retrive paging, dump xml file Log : View the raw data HTTP log Environment OS: Windows 2000/XP/VISTA Requirement: Microsoft .NET(2.0) Library (Download Here). You can download WITOOL [...]
Burp Suite v1.2 - Web Application Security Testing & Attack Platform @ 30-12-2008 15:27
Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, downstream proxies, logging, alerting and extensibility. Burp Suite allows [...]
MultiInjector v0.3 - Automatic SQL Injection and Defacement Tool @ 23-12-2008 00:45
Features Receives a list of URLs as input Recognizes the parameterized URLs from the list Fuzzes all URL parameters to concatenate the desired payload once an injection is successful Automatic defacement - you decide on the defacement content, be it a hidden script, or just pure old “cyber graffiti” fun OS command execution - remote enabling of XP_CMDSHELL on SQL [...]
sqlmap 0.6.3 - Automatic SQL Injection Tool @ 19-12-2008 07:05
sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back end database management system [...]
Complemento - LetDown TCP Flooder, ReverseRaider Subdomain Scanner & Httsquash HTTP Server Scanner Tool @ 17-12-2008 03:12
Complemento is a collection of tools that the author originally created for his own personal toolchain for solving some problems or just for fun. Now he has decided to release it to the public. The Tools LetDown is a TCP flooder written after the author read the article by fyodor entitled article “TCP Resource Exhaustion and Botched [...]
sapyto v0.98 - SAP Penetration Testing Framework Tool @ 12-12-2008 16:53
sapyto is the first SAP Penetration Testing Framework, sapyto provides support to information security professionals in SAP platform discovery, investigation and exploitation activities. sapyto is periodically updated with the outcome of the deep research on the various security aspects in SAP systems. Although sapyto is a versatile and powerful tool, it is of major importance for it [...]
Secunia Personal Software Inspector 1.0 @ 10-12-2008 04:00
There’s now 3 versions though PSI (Personal), OSI (Online) and NSI (Network). There was an update to the Personal Software Inspector recently (25th Nov. 2008) and it’s now final grade software version 1.0.0.1.Statistics from the Secunia PSI shows that 98 out of 100 PCs have 1 or more insecure programs installed! Download the free Secunia [...]
BarsWF - Fastest MD5 Cracker @ 07-12-2008 04:00
BarsWF is basically an MD5 cracking tool and at the moment, is currently the fastest. Right now on nVidia 9600GT/C2D 3Ghz CUDA version does 350 M keys/sec, SSE2 version does 108 M keys/sec. You may check benchmarks of all known good MD5 bruteforcers here. Changes in 0.8 Added checks for errors when calling [...]
FireCAT 1.4 Released - Firefox Catalog of Auditing Extensions @ 28-11-2008 15:34
FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment You can find an online map of Firecat v1.4 here. Changes for version 1.4 Information Gathering (Enumeration and Fingerprinting) Passive Recon : PassiveRecon allows Information Security professionals the ability to perform “packetless” discovery of target [...]
