Friday, May 15, 2009

Tools of the Trade - TGIF Edition

TGIF is an initialism for the phrase Thank (God/Goodness/Gosh) It’s Friday.

----------------------------

On May 15th, Nmap 4.85BETA9 was released. This version has tons of fixes....

On May 11th, TrueCrypt 6.2 was released. TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). Check out the version history for all the details.

On May 10th, HD Moore released WarVOX v1.0.1. WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Check the changelog for all the details.

On May 7th, Moth 0.6.7z was released. Moth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for: Testing Web Application Security Scanners, Testing Static Code Analysis tools (SCA), and giving an introductory course to Web Application Security.

On May 5th, VoIP Hopper 1.0 was released. VoIP Hopper is a GPLv3 licensed security tool, written in C, that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches. VoIP Hopper does this by mimicking the behavior of an IP Phone, in Cisco, Avaya, and Nortel environments. VoIP Hopper is a VLAN Hop test tool but also a tool to test VoIP infrastructure security. Check the new feature list for all the details.

On April 27th, Snort 2.8.4.1 was released. Snort is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. Check out the release notes for the change details.

On April 22nd, SQLMap 0.7 Release Candidate 1 was released. sqlmap is an open source command-line automatic SQL injection tool. This new version includes new features described during my presentation at Black Hat Europe 2009. The presentation whitepaper and slides are also available.

On April 22nd, Complemento v0.7 was released. Complemento is a collection of tools for penetration testing. Major improvements were made in all tools. LetDown now supports Python scripting for multistage protocols. ReverseRaider has many new DNS features. HttSquash has been rewritten.

On April 21st, Cain & Abel v4.9.30 was released. The Winpcap, AirPcap and OpenSSL libariies were updated and several new VoIP sniffer codecs were added.

On April 20th, BlueMaho v.090417 was released. BlueMaho is GUI-shell (interface) for suite of tools for testing security of bluetooth devices. It is freeware, opensource, written on python, uses wxPyhon. It can be used for testing BT-devices for known and unknown vulnerabilities.

On April 17th, Michal Zalewski release Ratproxy 1.57 Beta. A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments. Ratproxy is currently believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.

On April 16th, Stunnel 4.27 was released. Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. This version includes updates in the Win32 DLLs for OpenSSL 0.9.8k, FIPS support was updated for openssl-fips 1.2. A new priority failover strategy was implemented for multiple "connect" targets and pgsql protocol negotiation was added.

No comments:

Post a Comment