A aparut un nou tool, creat chiar de ‘marele’ Google.
Ce ofera acest tool?!

Learn how hackers find security vulnerabilities!
Learn how hackers exploit web applications!
Learn how to stop them!

To get the most out of this lab, you should have some familiarity with how a web application works (e.g., general knowledge of HTML, templates, cookies, AJAX, etc.).

O sa il incerc si eu, dupa licenta, ca deocamdata nu am timp. Daca ati reusit sa il testati voi, va rog dati-va cu parerea, sa stiu daca merita sa il incerc.
Apropo, NU sunt fan Google.

Website: http://jarlsberg.appspot.com/
Download: http://jarlsberg.appspot.com/jarlsberg-code.zip

Metasploit este o unealta open source de testare a vulnerabilitatii unui Server/PC. Are exploit-uri predefinite, si este o unealta de vis pentru orice ‘script-kiddie’.

Mai jos am pus o descriere in engleza.

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

Metasploit v3.3 il puteti gasi aici:

Windows – Metasploit-3.3.exe
Linux – Metasploit-3.3.tar.bz2

Detalii cu functionalitati: Metasploit Release Notes
Homepage: Metasploit.com

Am pus aici o descriere completa luata de pe oxit.it

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of several kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Cain & Abel has been developed in the hope that it will be useful for network administrators, teachers, security consultants/professionals, forensic staff, security software vendors, professional penetration testers and everyone else that plans to use it for ethical reasons. The author will not help or support any illegal activity done with this program.

De ce am adus aminte de Cain & Abel ?

Pai a aparut versiunea noua de Cain & Abel !

Ce s-a schimbat:

[!] Added Windows Firewall status detection on startup.
[!] Added UAC compatibility in Windows Vista/Seven.
[!] Winpcap library upgrade to version 4.1.1.

Download here: Cain & Abel
Homepage : here
Tutoriale Cain & Abel (youtube) : Link

Ce este HIDS?

Samhain este un HIDS open-source ce verifica integritatea fisierelor, monitorizeaza/analizeaza fisierele de log.
Acest tool detecteaza atat rootkit-urile, cat si monitorizeaza porturile.

Este portat atat pe Linux cat si pe Windows(Cygwin).

Features
PCI DSS Compliance
File integrity checks
Host integrity monitoring
Logfile monitoring/analysis
Log facilities
Integration with other systems / Active response

Download:
samhain-current.tar.gz

Ce este Websecurify?

Websecurify este o initiativa de auditare a aplicatiilor web. Acest tool poate fi folosit atat pentru ataca cat si audita o aplicatie web.
Este compatibil atat cu Windows si Linux cat si MAC!(printre primele ce functioneaza si pe Mac).

Cum functioneaza?

JavaScript – Websecurify Security Testing Framework is the first tool of its kind to be written entirely in JavaScript using only standard technologies adopted by the leading browsers.
Multiple Environments – The core technology can run in normal browsers, xulrunner, xpcshell (command line), inside Java or as part of a custom V8 (Chrome’s JavaScript Engine) build. The core is written with extensibility in mind so that more environments can be supported without changing even a single line of code.
Multi-platform – The tool is available and successfully runs on Windows, Mac OS, Linux and other operating systems.
Automatic Updates – Every single piece of the tool is subjected to automatic updates. This means that newer and more advanced versions of the tool can be shipped to your front door without you lifting your finger. This however is completely optional. The automatic update can be turned off if needed.
Extensions – Because the tool comes wrapped in xulrunner by default (keep in mind that we can support any other JavaScript environment) we benefit from all cool features that Firefox has, such as extensions. Extensions are easy to write and maintain and can customize every single aspect of the tool and there are already tones of resources and documentation, including books and what not, out there to teach you exactly how to do that. We will be providing documentation as well.

Download:
Windows – Websecurify 0.3.exe
Linux – Websecurify 0.3.tgz
Mac – Websecurify 0.3.dmg

Cum functioneaza?
Pai aceastea aplicatie decompileza apicatiile facute pe platforma Adobe Falsh, si extrage codul ActionScript si apoi analizeaza codul, cautand bug-uri.

Pe scurt, el face audit aplicatiilor fara a avea nevoie de codul sursa.
Download here:
SwfScan.msi