Archive | Security Software


08 October 2015 | 1,258 views

Amazon AWS Web Application Firewall (WAF ) Launched

So Amazon is stepping up its security game again, this time with an AWS Web Application Firewall or WAF as they are commonly known. Generally a WAF is designed to protect you against common web threats such as XSS (Cross Site Scripting), SQL Injection, and other common patterns (LFI, RFI etc). We have written about […]

Continue Reading

12 September 2015 | 2,947 views

AIDE – Advanced Intrusion Detection Environment

AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker, it was initially developed as a free replacement for Tripwire licensed under the terms of the GNU General Public License (GPL). How it Works Aide takes a “snapshot” of the state of the system, register hashes, modification times, and other data regarding the […]

Continue Reading

31 August 2015 | 3,987 views

Tiger – Unix Security Audit & Intrusion Detection Tool

Tiger is a Unix security audit tool that can be use both for auditing and as an intrusion detection system. It supports multiple Unix platforms and it is free and provided under a GPL license. Unlike other tools, Tiger needs only POSIX tools and is written entirely in shell language. Tiger has some interesting features […]

Continue Reading

14 July 2015 | 1,568 views

Egress-Assess – Test Network Egress Data Detection

Egress-Assess is a tool used to test network egress data detection capabilities, it works over FTP, HTTP and HTTPS. It can generate various data-types to test detection, credit card details, social security numbers (SSN) and name/address combos. This tool is designed to be an easy way to test exfiltrating data from the network you are […]

Continue Reading

23 June 2015 | 2,256 views

unix-privesc-check – Unix/Linux User Privilege Escalation Scanner

Unix-privesc-checker is a Unix/Linux User privilege escalation scanner that runs on Unix systems (tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2). It tries to find misconfigurations that could allow local unprivileged users to escalate privileges to other users or to access local apps (e.g. databases). It’s similar in some ways to – LinEnum […]

Continue Reading

14 June 2015 | 2,625 views

Just-Metadata – Gathers & Analyse IP Address Metadata

Just-Metadata is a tool that can be used to gather IP address metadata passively about a large number of IP addresses, and attempt to extrapolate relationships that might not otherwise be seen. Just-Metadata has “gather” modules which are used to gather metadata about IPs loaded into the framework across multiple resources on the internet. Just-Metadata […]

Continue Reading

06 June 2015 | 2,464 views

Shadow Daemon – Web Application Firewall

Shadow Daemon is a collection of tools to detect, protocol and prevent attacks on web applications. Technically speaking, Shadow Daemon is a web application firewall that intercepts requests and filters out malicious parameters. It is a modular system that separates web application, analysis and interface to increase security, flexibility and expandability. Shadow Daemon is easy […]

Continue Reading

02 May 2015 | 1,887 views

Graudit v1.9 Download – Grep Source Code Auditing Tool

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It’s comparable to other static analysis applications and source code auditing tool sets like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very flexible. You […]

Continue Reading

24 March 2015 | 1,575 views

Yasca – Multi-Language Static Analysis Toolset

Yasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It’s basically a tool-kit for multi-language static analysis. Yasca can scan source code written in Java, C/C++, HTML, JavaScript, ASP, ColdFusion, PHP, COBOL, .NET, and other languages It leverages on external open source […]

Continue Reading

24 February 2015 | 4,007 views

VScan – Open Source Vulnerability Management System

VScan is an open source Vulnerability Management System designed to make it easier for an organization to track vulnerability resolution and ensure anything found in their infrastructure is fixed. VScan was created as after a vulnerability assessment it can sometimes be difficult to track the implementation of a security improvement program, so this tool can […]

Continue Reading