2 3 Next >
Category: Auditing » Network » RPC
Katana: Portable Multi-Boot Security Suite
Katana v1 (Kyuzo) has just been released from www.hackfromacave.com . The Katana: Portable Multi-Boot Security Suite is designed to fulfill many of your computer security needs. The idea behind this tool is to bring together many of the best security distributions and applications to run from one USB Flash Drive. Instead of keeping track of dozens of CDs and DVDs loaded with your favorite security tools, you can keep them all conveniently in your pocket. Katana includes distributions which focus on Penetration Testing, Auditing, Password Cracking, Forensics and Honey Pots. Katana comes with over 100 portable Windows applications, such as Wireshark, HiJackThis, Unstoppable Copier, Firefox, and OllyDBG. It also includes the following distributions: - Backtrack 4 pre - the Ultimate Boot CD - Ophcrack Live - Damn Small Linux - the Ultimate Boot CD for Windows - Got Root? Slax - Organizational Systems Wireless Auditor (OSWA) Assistant - Damn Vulnerable Linux Katana is also highly customizable. You can modify Katana by adding or removing distributions and portable apps with ease. You can add functionality to distributions like the Ultimate Boot CD, Got Root? Slax and UBCD4Win. You can also load your personal scripts and documents to keep them conveniently with you on your flash drive to use in concert with the provided tools. More informations on this can be found at forum.hackfromacave.com
netifera 1.0 released!
modular open source platform for network security tools. Multi-platform GUI. Tools included: TCP/UDP network information gathering, fingerprinting, service detection, DNS tools, zone transfer, passive information gathering, modular sniffing engine, credential sniffing, geographical information,web crawler.
A web services (currently SOAP) pen testing fuzzer. It works off a combination of static attack data as well as dynamic intelligently generated attack vectors. Some of its features are IDS Evasion and some automated WSDL discovery.
Nessus is a remote security scanner for Linux, BSD, Solaris, and other Unices. It is multi-threaded and plug-in-based, has a GTK interface, and performs over 500 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems.
The Leviathan Auditor is an enumeration and penetration testing tool which runs on and against Microsoft machines. It dumps Users, Groups, Services, Shares, Transport devices and MAC addresses over port 139 or 445. It enumerates RPC portmapper entries over port 135 and also tries to exploit MS SQL servers if it is presented. With its built-in SQL Server exploit you can execute remote commands as Local System. Source code is freely available on demand.
Mscan is a collection of programs hacked together to form a fairly broad network auditing tool (scanner). It searches for a variety of problems (and in some cases exploits them) such as a named(8) overflow for Linux X86 hosts, one of the rpc.statd overflows, open Xterms, exported NFS shares, default accounts and several other items.
Statd Overflow Scanner
This is a simple scanner written in C for quickly finding UNIX machines with a vulnerable rpc.statd. Statd is a program commonly associated within the conext of file locking for NFS (Networked File System). In particular it keeps 'state' for locked files in use on the shared filesystems. Statd has had a history of security issues, one of which being a buffer overrun in the portion of Statd which takes information from rpc.lockd (the program which handles the actual file locking). Rpc.lockd is supposed to pass information to the status daemon (statd) in order to notify it for which files it should be keeping state on, the problem is initiated by the fact that statd does not do any authentication on wether this information is actually coming from the lock daemon itself. Because there is improper bounds checking in the status daemon a user can then send data to the status daemon (as if it were from the lock daemon) and execute the buffer overflow in question.
BASS - Bulk Auditing Security Scanner
BASS is a bulk auditing network scanner that features a highly-reliable, fail-safe architecture which efficiently utilizes the available bandwidth. It has a small memory and CPU footprint and can be easily extended.
Browse by category