Posts
DroidSQLi supports the following injection techniques:
- Time based injection
- Blind injection
- Error based injection
- Normal injection
Get it from https://play.google.com/store/apps/details?id=net.edgard.droidsqli
Monday, May 20, 2013
DroidSQLi - MySQL Injection tool for Android
DroidSQLi is the first automated MySQL Injection tool for Android. It
allows you to test your MySQL-based web application against SQL
injection attacks.
DroidSQLi supports the following injection techniques:
- Time based injection
- Blind injection
- Error based injection
- Normal injection
Get it from https://play.google.com/store/apps/details?id=net.edgard.droidsqli
DroidSQLi supports the following injection techniques:
- Time based injection
- Blind injection
- Error based injection
- Normal injection
Get it from https://play.google.com/store/apps/details?id=net.edgard.droidsqli
Sunday, May 12, 2013
Static Analysis Technologies Evaluation Criteria Released
Introduction:
Static code analysis is the analysis of software source or binary code. It aims at automating code analysis to find as many common software security weaknesses as possible. There are several open source and commercial static code analysis tools and services available in the market for organizations to choose from.
Static code analysis is rapidly becoming an essential part of most software organizations' application security assurance program. Mainly because of their ability to analyze large amounts of source code in considerably shorter amount of time than a human could, uncover potential weaknesses, in addition to the ability to automate security knowledge and workflows.
Download PDF: http://projects.webappsec.org/w/file/fetch/66107997/SATEC_Manual-02.pdf
Source: http://projects.webappsec.org
Static code analysis is the analysis of software source or binary code. It aims at automating code analysis to find as many common software security weaknesses as possible. There are several open source and commercial static code analysis tools and services available in the market for organizations to choose from.
Static code analysis is rapidly becoming an essential part of most software organizations' application security assurance program. Mainly because of their ability to analyze large amounts of source code in considerably shorter amount of time than a human could, uncover potential weaknesses, in addition to the ability to automate security knowledge and workflows.
Download PDF: http://projects.webappsec.org/w/file/fetch/66107997/SATEC_Manual-02.pdf
Source: http://projects.webappsec.org
AttackVector Linux
Linux distro for anonymized penetration based on Kali and TAILS
AttackVector Linux is a new distribution for anonymized penetration and security. It is based on Kali and TAILS, which are both based on Debian. While Kali requires a modified kernel for network drivers to use injection and so forth, the Tor Project's TAILS is designed from the bottom up for encryption, and anonymity. Nmap can't UDP via Tor. The intention of AttackVector Linux is to provide the capability to anonymize attacks while warning the user when he or she takes actions that may compromize anonymity. The two projects have different design philosophies that can directly conflict with one another. In spite of this, the goal of AttackVector Linux is to integrate them complementarily into one OS.
Download: https://bitbucket.org/attackvector
More Info: https://github.com/ksoona/attackvector
AttackVector Linux is a new distribution for anonymized penetration and security. It is based on Kali and TAILS, which are both based on Debian. While Kali requires a modified kernel for network drivers to use injection and so forth, the Tor Project's TAILS is designed from the bottom up for encryption, and anonymity. Nmap can't UDP via Tor. The intention of AttackVector Linux is to provide the capability to anonymize attacks while warning the user when he or she takes actions that may compromize anonymity. The two projects have different design philosophies that can directly conflict with one another. In spite of this, the goal of AttackVector Linux is to integrate them complementarily into one OS.
Download: https://bitbucket.org/attackvector
More Info: https://github.com/ksoona/attackvector
Tuesday, May 7, 2013
SpiderFoot v.2.0 Released
Open source Footprinting tool
SpiderFoot is an open source footprinting tool, available for Windows and Linux. It is written in Python and provides an easy-to-use GUI. SpiderFoot obtains a wide range of information about a target, such as web servers, netblocks, e-mail addresses and more.
SpiderFoot is designed from the ground-up to be modular. This means you can easily add your own modules that consume data from other modules to perform whatever task you desire.
As a simple example, you could create a module that automatically attempts to brute-force usernames and passwords any time a password-handling webpage is identified by the spidering module.
Download: https://github.com/smicallef/spiderfoot
http://sourceforge.net/projects/spiderfoot/
More Info: http://www.spiderfoot.net
Tuesday, April 30, 2013
Arachni v0.4.2 Released
Web Application Security Scanner Framework
Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives. It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.
The change-log is quite sizeable but the gist is:
* Brand new web interface -- allowing for team collaboration.
* Significant decreases in memory usage.
* Issue remarks – Providing extra context to logged issues.
* Improved payloads for Windows machines for path traversal and OS command injection.
* RPC API updates allowing for much easier remote scan management.
* Much improved profiling and detection of custom 404 responses.
* The ability to exclude pages from the scan based on content.
For more details and Download visit: http://www.arachni-scanner.com
Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives. It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.
The change-log is quite sizeable but the gist is:
* Brand new web interface -- allowing for team collaboration.
* Significant decreases in memory usage.
* Issue remarks – Providing extra context to logged issues.
* Improved payloads for Windows machines for path traversal and OS command injection.
* RPC API updates allowing for much easier remote scan management.
* Much improved profiling and detection of custom 404 responses.
* The ability to exclude pages from the scan based on content.
For more details and Download visit: http://www.arachni-scanner.com
Monday, April 15, 2013
Canari Framework
Canari - Maltego Rapid Transform Development Framework
Canari is a rapid transform development framework for Maltego written in Python. The original focus of Canari was to provide a set of transforms that would aid in the execution of penetration tests, and vulnerability assessments. Ever since it's first prototype, it has become evident that the framework can be used for much more than that. Canari is perfect for anyone wishing to graphically represent their data in Maltego without the hassle of learning a whole bunch of unnecessary stuff. It has generated interest from digital forensics analysts to pen-testers, and even psychologists.
Canari's core features include:
- An easily extensible and configurable framework that promotes maximum reusability;
- A set of powerful and easy-to-use scripts for debugging, configuring, and installing transforms;
-Finally, a great number of community provided transforms.
More info and Download: http://www.canariproject.com
Video demo: http://www.youtube.com/allfro
Canari is a rapid transform development framework for Maltego written in Python. The original focus of Canari was to provide a set of transforms that would aid in the execution of penetration tests, and vulnerability assessments. Ever since it's first prototype, it has become evident that the framework can be used for much more than that. Canari is perfect for anyone wishing to graphically represent their data in Maltego without the hassle of learning a whole bunch of unnecessary stuff. It has generated interest from digital forensics analysts to pen-testers, and even psychologists.
Canari's core features include:
- An easily extensible and configurable framework that promotes maximum reusability;
- A set of powerful and easy-to-use scripts for debugging, configuring, and installing transforms;
-Finally, a great number of community provided transforms.
More info and Download: http://www.canariproject.com
Video demo: http://www.youtube.com/allfro
Wednesday, April 3, 2013
AppUse - Android Pentest Platform Unified Standalone Environment
AppSec Labs recently developed the AppUse Virtual Machine. This system
is a unique, free, platform for mobile application security testing in
the android environment, and it includes unique custom-made tools
created by AppSec Labs.
There is no need for installation of
simulators and testing tools, no need for SSL certificates of the proxy
software, everything comes straight out of the box pre-installed and
configured for an ideal user experience.Security experts who have seen the
machine were very excited, calling it the next ‘BackTrack’ (a famous
system for testing security problems), specifically adjusted for android
application security testing.
AppUse VM closes gaps
in the world of security, now there is a special and customized testing
environment for android applications.
This machine is intended for the daily
use of security testers everywhere for Android applications, and is a
must-have tool for any security person.
Download: http://sourceforge.net
Subscribe to:
Posts (Atom)
