|
(Page 1 of 3) 1 2 3 Next > Category: Auditing » Network » RPC WSFuzzer Added 2006-05-17 A web services (currently SOAP) pen testing fuzzer. It works off a combination of static attack data as well as dynamic intelligently generated attack vectors. Some of its features are IDS Evasion and some automated WSDL discovery. Nessus Added 2003-11-06 Nessus is a remote security scanner for Linux, BSD, Solaris, and other Unices. It is multi-threaded and plug-in-based, has a GTK interface, and performs over 500 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems. Leviathan Auditor Added 2002-01-25 The Leviathan Auditor is an enumeration and penetration testing tool which runs on and against Microsoft machines. It dumps Users, Groups, Services, Shares, Transport devices and MAC addresses over port 139 or 445. It enumerates RPC portmapper entries over port 135 and also tries to exploit MS SQL servers if it is presented. With its built-in SQL Server exploit you can execute remote commands as Local System. Source code is freely available on demand. pscan Added 2001-10-22 TCP/UDP/NIS/RPC scanner. Mscan Added 2001-10-22 Mscan is a collection of programs hacked together to form a fairly broad network auditing tool (scanner). It searches for a variety of problems (and in some cases exploits them) such as a named(8) overflow for Linux X86 hosts, one of the rpc.statd overflows, open Xterms, exported NFS shares, default accounts and several other items. Statd Overflow Scanner Added 2001-10-22 This is a simple scanner written in C for quickly finding UNIX machines with a vulnerable rpc.statd. Statd is a program commonly associated within the conext of file locking for NFS (Networked File System). In particular it keeps 'state' for locked files in use on the shared filesystems. Statd has had a history of security issues, one of which being a buffer overrun in the portion of Statd which takes information from rpc.lockd (the program which handles the actual file locking). Rpc.lockd is supposed to pass information to the status daemon (statd) in order to notify it for which files it should be keeping state on, the problem is initiated by the fact that statd does not do any authentication on wether this information is actually coming from the lock daemon itself. Because there is improper bounds checking in the status daemon a user can then send data to the status daemon (as if it were from the lock daemon) and execute the buffer overflow in question. BASS - Bulk Auditing Security Scanner Added 2001-10-22 BASS is a bulk auditing network scanner that features a highly-reliable, fail-safe architecture which efficiently utilizes the available bandwidth. It has a small memory and CPU footprint and can be easily extended. rpcs Added 2001-10-22 rpcs is a RPC service scanner. It uses rpcinfo -p to collect rpcinfo for a range of hosts, and outputs the results to the console. ISS Added 2001-10-22 Internet Security Scanner was one of the first network security assessment tools available to the public. It was designed to be flexible and easily portable to a number of UNIX operating systems. This freeware version of the Internet Security Scanner is the precursor to the commercial product offering by Internet Security Systems. ISS FreeBSD patch Added 2001-10-22 This is a patch to the freeware ISS utility which allows compilation under the FreeBSD operating system. Browse by category |
|
|
Privacy Statement |
