(Page 6 of 17)   < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >

Category: Auditing » Host

Added 2002-02-04
WebSleuth is an early Alpha release of what will be the first tool of the black-box testing toolkit, and is built to help a user manually understand various security issues of his / her system. It is not intended to replace or compete with commercial tools, and there is certainly no shiny red-button automating attacks. However it is an investigative learning tool that with some patience and knowledge, helps you to find and learn about issues you may have in your web applications. It is written to allow people to code plug-ins for specific issues and this release has a form validation plug-in as a demonstration. We currently have plug-ins for SQL Injection being developed by Chip Andrews from SQLSecurity.com, and Session ID prediction being developed by Dave Endler from iDefense.com.

Leviathan Auditor
Added 2002-01-25
by Egemen Tas < egemen@kutbil.com>
The Leviathan Auditor is an enumeration and penetration testing tool which runs on and against Microsoft machines. It dumps Users, Groups, Services, Shares, Transport devices and MAC addresses over port 139 or 445. It enumerates RPC portmapper entries over port 135 and also tries to exploit MS SQL servers if it is presented. With its built-in SQL Server exploit you can execute remote commands as Local System. Source code is freely available on demand.

Oracle Auditing Tools
Added 2002-01-16
by Patrik Karlsson
The Oracle Auditing Tools are to be run against Oracle servers on the Microsoft Windows platform. The OAT use CREATE LIBRARY to be able to access the WinExec function in the kernel32.dll. Having access to this function makes it possible to execute anything on the server with same permissions as the user who has started the Oracle Service. So basicaly all accounts with default passwords, or easy guessable password, having this privelege can do this The OAT have a builtin TFTP server for making file transfers easy. The tftp server is based on the server source from www.gordian.com. The Tools are Java based and were tested on both Windows and Linux. They should hopefully also run on any other Java platform.

Added 2001-12-20
by Internet Security Alliance
pcAudit is a security evaluation program, for personal computers, developed by Internet Security Alliance, to allow any PC user to determine whether their personal computer is vulnerable to outside intruders. This might be the case even if you are behind a corporate or a personal firewall.

Added 2001-12-13
by Wojciech Purczynski, wp@elzabsoft.pl
capsel is a Linux kernel 2.2.x module designed to increase system security. It works with Linux capabilities and decreases number of suid binaries and daemons working with root privileges. It prevents breaking the chroot jail even for privileges processes. It also does additional security checks before executing new binaries to prevent users from taking control of their execution.

SQL Auditing Tools
Added 2001-12-10
by Patrik Karlsson
SQLAT is a suite of tools which could be usefull for pentesting a MS SQL Server. The tools are still in development but tend to be quite stable. The tools do dictionary attacks, upload files, read registry and dump the SAM. They do this by wrapping extended stored procedures. There is also a tool for doing a minimal analysis of a SQL Server with output as HTML. You need to be 'sa' to run some of the tools, but this usually isn't a problem. The tool temporarily restores the xp_cmdshell if it is removed and the dll is still left on the system. SQLAT works over port 1433, it doesn't do named pipes. It doesn't do integrated security either. This because it is based on the FreeTDS driver from www.freetds.org.

Added 2001-12-07
by Michael Vogt
The purpose of this app is to illustrate inconsistencies in the MS implementation of the RestrictAnonymous registry setting.

Userinfo MultiThread
Added 2001-11-28
by michael vogt
userinfo, scan netbios informations (accounts, bf password check, scan c-subnets etc..)

Form Scalpel
Added 2001-10-22
by curryman
"Form Scalpel" is designed to aid security professionals to assess the resilience of a web sites forms to various forms of attack. Supports HTTP/HTTPS, Proxy servers, Cookies, Java/javascript/vbscript/XML pages and forms - GUI interface. Detailed analysis of certificates and real-time manipulation of HTML data.

Added 2001-10-22
by KSR[T]
Instructor is a 32 bit instruction set auditor. By sequentially executing every 32 Bit OpCode, one can find instructions that might have adverse effects on operating environments. For example, Instructor was used to find the non-privileged halt instruction . For a description on how this program differs from the 'crashme' program, please read the comments at the top of the source file.

Search Tools
Browse by category
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Libraries, Applications
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Secure Deletion
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


Privacy Statement
Copyright 2010, SecurityFocus