|
(Page 1 of 66) 1 2 3 4 5 6 7 8 9 10 11 Next > Category: Auditing » Network D.O.P.E Added 2008-12-26 Dis.Org Penetration Extension for Firefox (D.O.P.E) A User agent Switcher for firefox that supports the following: Search engine Impersonating Operating Systems Impersonation Browser Impersonation Cellular Phones and Mobile Devices Impersonation Game Consoles Impersonation http://www.lostlight.net/tools/blog.html w3af Added 2008-11-03 w3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. 5nmp Added 2008-10-27 Background: SNMP is the Simple Network Management Protocol. It is used by many if not most companies to manage and monitor their infrastructure. It is also often overlooked in terms of security and underestimated as an attack vector. RFC1157. Components: The program is a GUI program, written in c#, so you'll need the .NET framework (3.5) and it will only work in MS Windows (Mono and Windows GUI components are a pain to make compatible for now). It uses 2 DLL's that were written from scratch: the hacking.snmp and hacking.bruteforce.dll. The SNMP dll is not complete yet but whenever the author finds time it will be extended to support bulkget and extended ASN parsing, so enumeration will become possible as well as SET actions. You will also need to provide a dictionary for dictionary attacks. A very small one is included. Generic usage: The interface should be intuitive enough. Use the slider to increase or decrease scanning speed. This is important to get accurate results. On a LAN the slider can be set to maximum speed. Behind a Natted broadband connection, caution is advised. Devices such as ADSL modems aren't capable to deal with the large amount of packets and nat connections they generate. The program uses non-blocking udp sockets and a listener for answers, which makes it quite fast. You can also set the destination port for devices which listen on non-standard ports (not 161) and set the listening port to make sure the packets get back ok in case of firewalls. For optimal speed, turn off verbosity, errors and reverse lookups (only in case of maximum speed on a LAN). Results can be saved in XML for further processing and loaded back. Injector Added 2008-10-12 Injector is an automatic SQL injection tool able to evade signature detection by encoding its payload commands in binary format using the SQL CAST command. It can create automatic web site defacement or OS command execution on the backend database server. Good for testing web site immunity against ASPROX bot-net mass sql injections. Grendel-Scan Added 2008-08-24 Grendel-Scan is an open source web application security tool. It has a number of automated testing modules for finding common vulnerabilities such as SQL injection, cross-site scripting, or session fixation. There are also a number of features to aid in manual application penetration testing, such as a intercepting proxy. LogManager Added 2008-08-20 LogManager is a self running appliance that collects and stores the massive amounts of log data generated from applications and network devices found in large enterprise-class infrastructures. It provides a quick and cost-effective solution for organizations trying to achieve regulatory compliance today while enabling a simple upgrade to full-featured Event Management functionality tomorrow. Solsoft ChangeManager Added 2008-08-20 Solsoft ChangeManager is the only centralized, Intelligent Multivendor platform that streamlines the end to end Design and Generation of Network Security rules for Firewalls, Router, VPN, IPS’s. ChangeManager acts as a central Network Security Rule repository. It’s visual policy interface designs, generates, implements, tracks and audits your security rules for multi-vendor networks consisting of firewalls, routers, switches, VPNs and IPs. ChangeManager's Topology or Tabular interface streamlines the change management process during firewall migration and other complex security update configuration changes. Users can simply drag-and-drop a new service across their network and ChangeManager will translate this high level, business policy change request into device-level instructions providing a simple, scalable model that can represent the most complex policies. ChangeManager’s “Rules Engine” automatically optimizes, orders, inserts, checks rules for conflicts and applies these generated security configurations on the network devices effected by the rule change. Thus providing true end-to-end security rule design and auditing capability. After the acquisition of Solsoft by Exaprotect, Solsoft Policy Server, Firewall Manager and NetFilterOne were integrated into the Exaprotect security product line as Solsoft ChangeManager. Exaprotect provides centralized Configuration Management, Log Management, and Event Monitoring and Correlation solutions for enterprises and service providers with large-scale, heterogeneous network infrastructures. Exploit-Me Added 2007-11-27 Exploit-Me is a set of Firefox plugins to test for reflected Cross-Site Scripting and SQL Injection vulnerabilities in web applications. The tools are designed to be lightweight, extensible and easy to use. srgn-file2text Added 2007-07-15 Converts a BINARY file to TEXT Supports files bigger than 64KB and control for bytes perl line also read this-> http://surgeon.gotdns.org/tutos/srgn-pentest-02.txt XSS Scanner Added 2007-06-25 XSS Scanner that can find hosts using a google query or search one site. If XSS is found it attempts to collect email addresses to further your attack or warn the target of the flaw. When the scan is complete it will print out the XSS's found and or write to file, it will find false positives so manually check before getting to excited. It also has verbose mode and you can change the alert pop-up message, check options!! Browse by category |
|
 Privacy Statement |
