UCSniff is an exciting new VoIP Security Assessment tool that leverages existing open source software into several useful features, allowing VoIP owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping. Written in C, and initially released for Linux systems, the software is freely available for anyone to download, [...]
Through the use of the Flex programming model and the ActionScript language, Flash Remoting was born. Flash applications can make request to a remote server to call server side functions, such as looking up accounts, retrieving additional data and graphics, and performing complex business operations. However, the ability to call remote methods also increases the [...]
In April last year we wrote about ProxyStrike, recently the developer has released a couple of new versions – the latest being v2.1.
ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that [...]
sqlsus is an open source MySQL injection and takeover tool, written in perl.
Via a command line interface that mimics a mysql console, you can retrieve the database structure, inject a SQL query, download files from the web server, upload and control a backdoor, and much more…
It is designed to maximize the amount of data gathered [...]
As you might know if you’ve been reading for some time, I do occasionally review commercial software if it’s interesting and relevant – the last one I remember doing was back in 2007 “Outpost Security Suite PRO Review“.
This time it’s for a much more relevant piece of software IMHO, and one which I actually like [...]
You may remember some time back we did a fairly exhaustive post on Password Cracking Wordlists and Tools for Brute Forcing.
Wyd the Password Profiling Tool also does something similar to AWLG but it’s a PERL script rather than being based online.
I’d prefer if AWLG let us download an offline version too personally.
About AWLG
The Associative Word [...]
sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back end database management system [...]
This tool has been around for a LONG time in some form or another, some of you old-skool guys may remember a package called SATAN, this was the best semi-automatic security analysis tool around back then. From SATAN and it’s development came SARA, which is now in it’s 3rd generation.
Advanced Research’s philosophy relies heavily on [...]
Whilst reading an article the other day I saw this mentioned and realised I haven’t written about this yet either, although I have written about the similar tool Goolag.
What is Gooscan?
Gooscan is a tool that automates queries against Google search appliances, but with a twist. These particular queries are designed to find potential vulnerabilities on [...]
Sam Spade is one of the oldest network security tools around in terms of a neat package containing a lot of stuff you need, it’s one of the first things I used when I got into information security and I was on a crusade against spammers and scammers.
It has all kinds of useful tools in [...]
