< Prev 1 2 3 4 5 6 7 8 9 10 11 Next >
Category: Auditing » Network
Background: SNMP is the Simple Network Management Protocol. It is used by many if not most companies to manage and monitor their infrastructure. It is also often overlooked in terms of security and underestimated as an attack vector. RFC1157. Components: The program is a GUI program, written in c#, so you'll need the .NET framework (3.5) and it will only work in MS Windows (Mono and Windows GUI components are a pain to make compatible for now). It uses 2 DLL's that were written from scratch: the hacking.snmp and hacking.bruteforce.dll. The SNMP dll is not complete yet but whenever the author finds time it will be extended to support bulkget and extended ASN parsing, so enumeration will become possible as well as SET actions. You will also need to provide a dictionary for dictionary attacks. A very small one is included. Generic usage: The interface should be intuitive enough. Use the slider to increase or decrease scanning speed. This is important to get accurate results. On a LAN the slider can be set to maximum speed. Behind a Natted broadband connection, caution is advised. Devices such as ADSL modems aren't capable to deal with the large amount of packets and nat connections they generate. The program uses non-blocking udp sockets and a listener for answers, which makes it quite fast. You can also set the destination port for devices which listen on non-standard ports (not 161) and set the listening port to make sure the packets get back ok in case of firewalls. For optimal speed, turn off verbosity, errors and reverse lookups (only in case of maximum speed on a LAN). Results can be saved in XML for further processing and loaded back.
Injector is an automatic SQL injection tool able to evade signature detection by encoding its payload commands in binary format using the SQL CAST command. It can create automatic web site defacement or OS command execution on the backend database server. Good for testing web site immunity against ASPROX bot-net mass sql injections.
Grendel-Scan is an open source web application security tool. It has a number of automated testing modules for finding common vulnerabilities such as SQL injection, cross-site scripting, or session fixation. There are also a number of features to aid in manual application penetration testing, such as a intercepting proxy.
LogManager is a self running appliance that collects and stores the massive amounts of log data generated from applications and network devices found in large enterprise-class infrastructures. It provides a quick and cost-effective solution for organizations trying to achieve regulatory compliance today while enabling a simple upgrade to full-featured Event Management functionality tomorrow.
Solsoft ChangeManager is the only centralized, Intelligent Multivendor platform that streamlines the end to end Design and Generation of Network Security rules for Firewalls, Router, VPN, IPSs. ChangeManager acts as a central Network Security Rule repository. Its visual policy interface designs, generates, implements, tracks and audits your security rules for multi-vendor networks consisting of firewalls, routers, switches, VPNs and IPs. ChangeManager's Topology or Tabular interface streamlines the change management process during firewall migration and other complex security update configuration changes. Users can simply drag-and-drop a new service across their network and ChangeManager will translate this high level, business policy change request into device-level instructions providing a simple, scalable model that can represent the most complex policies. ChangeManagers Rules Engine automatically optimizes, orders, inserts, checks rules for conflicts and applies these generated security configurations on the network devices effected by the rule change. Thus providing true end-to-end security rule design and auditing capability. After the acquisition of Solsoft by Exaprotect, Solsoft Policy Server, Firewall Manager and NetFilterOne were integrated into the Exaprotect security product line as Solsoft ChangeManager. Exaprotect provides centralized Configuration Management, Log Management, and Event Monitoring and Correlation solutions for enterprises and service providers with large-scale, heterogeneous network infrastructures.
Exploit-Me is a set of Firefox plugins to test for reflected Cross-Site Scripting and SQL Injection vulnerabilities in web applications. The tools are designed to be lightweight, extensible and easy to use.
Converts a BINARY file to TEXT Supports files bigger than 64KB and control for bytes perl line also read this-> http://surgeon.gotdns.org/tutos/srgn-pentest-02.txt
XSS Scanner that can find hosts using a google query or search one site. If XSS is found it attempts to collect email addresses to further your attack or warn the target of the flaw. When the scan is complete it will print out the XSS's found and or write to file, it will find false positives so manually check before getting to excited. It also has verbose mode and you can change the alert pop-up message, check options!!
Scuba by Imperva
Scuba by Imperva is a free, lightweight Java tool that scans Oracle, DB2, MS-SQL, and Sybase databases for hundreds of software vulnerabilities. It also detects configuration flaws like insecure passwords, unsafe processes, unrestricted permission levels, and more. Furthermore, it generates HTML and Java reports that show overall security risk level and detailed information about each vulnerability so you can pinpoint configuration risks within minutes. Scuba by Imperva detects hundreds of database vulnerabilities and configuration issues. And better yet it helps you meet industry-leading best practices standards for database configuration and management.
Technitium MAC Address Changer v4
Technitium MAC Address Changer allows you to change Machine Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample of information regarding each NIC in the machine. Every NIC has an MAC address hard coded in its circuit by its manufacturer. This hard coded MAC address is used by windows drivers to access Ethernet Networks (LAN). This tool can set a new MAC address to your NIC, bypassing the original hard coded MAC address. Technitium MAC Address Changer is a must tool in every security professionals tool box. Technitium MAC Address Changer v4.0 is coded in Visual Basic 6.0.
Browse by category