InfoSec Diary 101

Vulnerability Assessment Tools
Nessus
GFI LANguard
NStalker
Dante Security Scanner
X-Scan
Attack Tool Kit
eEye Digital Security Retina
Symantec NetRecon
SARA
SAINT
WebInspect
Core Impact
Canvas
Acunetix

Port Scanners
WUPS
IPeye
NmaP
SuperScan
MingSweeper
7th Sphere

Fingerprint:

httprint
hmap
smtpscan

SMB Enumeration
nbtscan
nbtenum
enum
enum(plus)
dumpsec
nltest
sid2user
user2sid
getmac
epdump
browmon

DNS Enumeration:

dnszone.pl
dnsenum
dnsdigger
ghba

Firewall Penetration Testing:
http://www.wittys.com/files/mab/fwpentesting.html

[Tools]
traceroute -S -p53 (modified version)
firewalk
hping
icmpenum
isic
nmap

Enumeration
Catwalk
mac2ip
NBTscan
Fport
GetAcct
UserDump
UserInfo
Nete
Enum
User2sid/sid2user
Legion
DumpSec
netcat
icmpquery
icmpenum
Pinger
SamSpade

Web Application Assessment Tools :

Paros Proxy

Absinthe

Achilles

SpikeProxy

SWAAT

WebSleuth

WebScarab

Security Compass Web Application Analysis Tool - SWAAT
http://www.securitycompass.com/swaat/swaat.zip

Oedipus - Open Source Web Application Security Analysis
http://oedipus.rubyforge.org/downloads.html

eEye Binary Diffing Suite (EBDS)
http://research.eeye.com/html/Tools/download/DiffingSuiteSetup.exe

SpikeSource Spike PHP Security Audit Tool
http://developer.spikesource.com/projects/phpsecaudit

Sprajax - An Open Source AJAX Security Scanner
http://www.denimgroup.com/Sprajax/Sprajax_Version_0_03.zip

Wapiti - Web Application Scanner / Black-box testing
http://wapiti.sourceforge.net/

[Ref:]
Academic Papers in Web Application Security
http://suif.stanford.edu/~livshits/work/griffin/lit.html

SQL Tools

SQL Power Injector v1.1 Released
http://www.sqlpowerinjector.com/

bsqlbf 1.1 - Blind SQL Injection Tool
http://www.514.es/html/2006/04/05

sqlninja 0.1.0alpha - MS-SQL Injection Tool
http://sqlninja.sourceforge.net/

SQLRecon

NGSSQLCrack

NGSSQuirreL

SQLdict

SQLpoke

forceSQL

SQLCrawl

SQLExec

SQLScan

THCsql

WPoison (wpoison.sourceforge.net)
This tool is to find any potential SQL-Injection vulnerabilities

[Ref:]
http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf
http://www.ngssoftware.com/papers/advanced_sql_injection.pdf

RealVNC remote administration unauthroized access

Published: 08.08.2006
Source: http://www.security.nnov.ru/source/FULL-DISCLOSURE.html
Type: remote
Level: 7/10
Description: Server doesn't check authentication type choosen by client is allowed.
Affected: REALVNC:RealVNC 4.1, LIBVNCSERVER:LibVNCServer 0.7, X11VNC:x11vnc 0.8

Files:
http://www.security.nnov.ru/files/VNC_bypauth-win32.rar
http://www.security.nnov.ru/files/VNC_bypauth-linux.tar.gz
http://www.security.nnov.ru/files/realvncscan.pl

Security Live CD Distributions

01. BackTrack (My Favorite)
http://www.remote-exploit.org/index.php/BackTrack
02. Operator
http://www.ussysadmin.com/operator/
03. PHLAK
http://www.phlak.org/modules/mydownloads/
04. Auditor (Good One)
http://www.remote-exploit.org/index.php/Auditor_mirrors
05. L.A.S Linux
http://www.localareasecurity.com/download
06. Knoppix-STD
http://www.knoppix-std.org/download.html
07. Helix (Forensic)
http://www.e-fense.com/helix/
08. F.I.R.E (another Forensic)
http://fire.dmzs.com/
09. nUbuntu
http://www.nubuntu.org/downloads.php
10. INSERT
http://www.inside-security.de/insert_en.html

Somebody has already wrote the details about them. So, I will not bother writing here again.
Visit:
http://www.darknet.org.uk/2006/03/10-best-security-live-cd-distros-pen-test-forensics-recovery/

InfoSec Diary 101

Monday, October 02, 2006

Friday, September 29, 2006

About Me

Links

Previous Posts

Archives