fm-fsf is a new fuzzer/data scraper that works under OSX, Linux (with Mono) and Windows (.NET Framework). Fuzzing tools are always useful if you are looking at discovering some new flaws in a software or web service.
Quick Info
FSF is a plug-in based freakin’ simple fuzzer for fuzzing web applications and scraping data.
It supports some [...]
Secure programming is a huge issue and it’s the lack of it that causes all the problems we have with vulnerabilities and the exploits associated with them. If everywhere developers followed secure programming practices we wouldn’t have buffer overflow issues or unsanitized parameters leading to SQL Injection.
The NSA (National Security Agency), working with MITRE, SANS, [...]
Now this is an oldskool topic, wardialling! Some people still ask me about wardialling tools though, so here’s one I found recently written in Python.
PAW / PAWS is a wardialing software in python. It is designed to scan for ISDN (PAWS only) and “modern” analog modems (running at 9.6kbit/s or higher). Wardialing tools are – [...]
rtpbreak 1.3a has been released, we initially brought you news of this tool back in August 2007 with the first announcement of rtpbreak.
With rtpbreak you can detect, reconstruct and analyze any RTP session. It doesn’t require the presence of RTCP packets and works independently form the used signaling protocol (SIP, H.323, SCCP etc). The input [...]
As you will have noticed we’ve posted quite a number of Fuzzing Tools built around different frameworks and in different languages..most for difference targets/purposes too.
Fuzzing has definitely exploded in the last year or so as more people try and understand it and code tools to automate the process. There are tools for Web Services Fuzzing, [...]
It seems like some recently patched flaws in Adobe Reader are actively being exploited in the wild, mostly via malicious banners from various sites.
Nothing particularly nasty is happening, but a trojan is being installed which can intercept search engine results. It’s definitely recommended to update to the latest version (8.1.2).
Personally I don’t have such a [...]
Ah Metasploit development cycle seems to be picking up, I guess with greater community support the bugs get ironed out and the new features introduced faster.
Good to see an update so soon after Metasploit Framework v3.0 was released.
I keep closely up to date with Metasploit as it’s pretty much the best free tool out there [...]
rtpBreak detects, reconstructs and analyzes any RTP [rfc1889] session through heuristics over the UDP network traffic. It works well with SIP, H.323, SCCP and any other signaling protocol. In particular, it doesn’t require the presence of RTCP packets (voipong needs them) that aren’t always transmitted from the recent VoIP clients.
The RTP sessions are composed by [...]
The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities.
The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for [...]
Some cool free tools made by folks from the French Honeynet Project.
FakeNetBIOS is a family of tools designed to simulate Windows hosts on a LAN. The individual tools are:
FakeNetbiosDGM (NetBIOS Datagram)
FakeNetbiosNS (NetBIOS Name Service)
Each tool can be used as a standalone tool or as a honeyd responder or subsystem.
FakeNetbiosDGM sends NetBIOS Datagram service packets on [...]
