FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses. Provides a console interface so you can easily integrate this tool to your pentest automation system.
It retrieves domain names/web sites which are located on [...]
hostmap is a free, automatic, hostnames and virtual hosts discovery tool written in Ruby, licensed under GNU General Public License version 3 (GPLv3). Its goal is to enumerate all hostnames and configured virtual hosts on an IP address. The primary users of hostmap are professionals performing vulnerability assessments and penetration tests.
hostmap helps you using several [...]
The Katana: Portable Multi-Boot Security Suite is designed to fulfill many of your computer security needs. The idea behind this tool is to bring together many of the best security distributions and applications to run from one USB Flash Drive. Instead of keeping track of dozens of CDs and DVDs loaded with your favorite [...]
It’s been a while since I’ve seen a tool of this type, back in the heydays of Google Hacking (which became the generic term for information gathering via search engines) there were multiple tools such as Gooscan and Goolag.
Binging is a simple tool to query Bing search engine. It will use your Bing API key [...]
FRHACK OS is an updated/modified version of the latest BackTrack 4 ISO with many updated tools and fixes.
This means it’s a fully fledged linux pen-testing/security environment.
Some included tools & Updates
gcc-4.2
sun-java6-jre sun-java6-plugin
spoonwep-wpa-rc3.deb
airsnort-0.2.7e.tar.gz
wepbuster-1.0_beta_0.6
jbrofuzz-jar-15
wfuzz-1.4
tor-0.2.1.19
privoxy-3.0.8-stable-src
ophcrack-3.3.1
vncrack_src-1.21
fuzzgrind_090622
A new version (coming with bug fixes, included rainbow tables, wordlists, extras etc.) will be available for FRHACK 01, [...]
You may remember a while back we did a Review of Acunetix Web Vulnerability Scanner 6 – the very full featured web vulnerability scanning software.
Well the latest version has been released recently with some updates, bug fixes and improvements on the web application security front.
I’m hoping to try out the AcuSensor on a PHP install [...]
You may remember we wrote about Samurai being released back in November 2008, it’s been quite a while since the last update.
The authors have updated and fixed a number of issues with the environment as well as improved performance of the java based tools. They have also included a virtual machine of the environment. [...]
What is ScreenStamp!
ScreenStamp! is basically a screen grabbing application for pen-testing and people working in forensics. The app will ask you for a location to save your screen shots to, along with a name that the program will number, allowing the user to concentrate on the job at hand as opposed to saving screen shots.
ScreenStamp! [...]
The latest big buzz is Fast-Track released recently at ShmooCon by Securestate, basically Fast-Track is an automated penetration suite for penetration testers.
For those of you new to Fast-Track, Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally conceived [...]
Secure programming is a huge issue and it’s the lack of it that causes all the problems we have with vulnerabilities and the exploits associated with them. If everywhere developers followed secure programming practices we wouldn’t have buffer overflow issues or unsanitized parameters leading to SQL Injection.
The NSA (National Security Agency), working with MITRE, SANS, [...]
