|
(Page 2 of 68) < Prev 1 2 3 4 5 6 7 8 9 10 11 Next > Category: Auditing » Network netifera Added 2009-03-22 netifera 1.0 released! OSSEC HIDS Added 2009-02-27 OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. Webtunnel Added 2009-02-22 Webtunnel is a network utility that encapsulates arbitrary data in HTTP and transmits it through a web server. In that regard, it is similar to httptunnel, however, it has several key important differences: its server component runs in the context of a web server as a CGI application (with optional FastCGI support) so it does not need its own port, and supports most things that the web server supports, such as authentication, HTTP 1.1, HTTPS, and client certificates; it uses simple requests and responses so it works seamlessly through forward and reverse proxies; it is multi-threaded (actually multi-process using sockets for inter-process communication) to allow multiple parallel connections to multiple destinations simultaneously. netifera Added 2009-02-21 modular open source platform for network security tools. Multi-platform GUI. Tools included: TCP/UDP network information gathering, fingerprinting, service detection, DNS tools, zone transfer, passive information gathering, modular sniffing engine, credential sniffing, geographical information,web crawler. WinFail2Ban Added 2009-01-11 Scans log files like FTP Logs or Event Viewer and bans IP that makes too many password failures. Basic idea is porting the features of Fail2Ban (http://www.fail2ban.org/) from Linux to Windows. XArp Added 2009-01-10 XArp provides advanced and highly customizable ARP spoofing detection. Active and passive mechanisms are available that can be configured per network interface using a GUI for normal users and a GUI for advanced users. XArp gives a complete view of all your network devices and the current state in ARP attacks. D.O.P.E Added 2008-12-26 Dis.Org Penetration Extension for Firefox (D.O.P.E) A User agent Switcher for firefox that supports the following: Search engine Impersonating Operating Systems Impersonation Browser Impersonation Cellular Phones and Mobile Devices Impersonation Game Consoles Impersonation http://www.lostlight.net/tools/blog.html w3af Added 2008-11-03 w3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. 5nmp Added 2008-10-27 Background: SNMP is the Simple Network Management Protocol. It is used by many if not most companies to manage and monitor their infrastructure. It is also often overlooked in terms of security and underestimated as an attack vector. RFC1157. Components: The program is a GUI program, written in c#, so you'll need the .NET framework (3.5) and it will only work in MS Windows (Mono and Windows GUI components are a pain to make compatible for now). It uses 2 DLL's that were written from scratch: the hacking.snmp and hacking.bruteforce.dll. The SNMP dll is not complete yet but whenever the author finds time it will be extended to support bulkget and extended ASN parsing, so enumeration will become possible as well as SET actions. You will also need to provide a dictionary for dictionary attacks. A very small one is included. Generic usage: The interface should be intuitive enough. Use the slider to increase or decrease scanning speed. This is important to get accurate results. On a LAN the slider can be set to maximum speed. Behind a Natted broadband connection, caution is advised. Devices such as ADSL modems aren't capable to deal with the large amount of packets and nat connections they generate. The program uses non-blocking udp sockets and a listener for answers, which makes it quite fast. You can also set the destination port for devices which listen on non-standard ports (not 161) and set the listening port to make sure the packets get back ok in case of firewalls. For optimal speed, turn off verbosity, errors and reverse lookups (only in case of maximum speed on a LAN). Results can be saved in XML for further processing and loaded back. Injector Added 2008-10-12 Injector is an automatic SQL injection tool able to evade signature detection by encoding its payload commands in binary format using the SQL CAST command. It can create automatic web site defacement or OS command execution on the backend database server. Good for testing web site immunity against ASPROX bot-net mass sql injections. Browse by category |
|
|
Privacy Statement |
