All other tools

 wordpress-securityWPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach.

Details
Username enumeration (from author querystring and location header)
Weak password cracking (multithreaded)
Version enumeration (from generator meta tag)
Vulnerability enumeration (based on version)
Plugin enumeration (2220 most popular by default)
Plugin vulnerability enumeration (based on version) (todo)
Plugin enumeration list generation
Other misc WordPress checks (theme name, dir listing, ...)

Download Here:
http://code.google.com

 

Download desktop version:

WPScan

vega_smallVega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.

Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. Vega can be extended using a powerful API in the language of the web: Javascript.

john the ripperEr is een nieuwe versie van de populaire wachtwoordkraker John the Ripper verschenen, die met sponsoring van beveiligingsbedrijf Rapid7 nog sneller wachtwoorden kan kraken. Rapid7 nam vorig jaar Metasploit over en is van plan om John the Ripper nauwer binnen de hackertool te integreren. Versie 1.7.8 van de wachtwoordkraker gebruikt nieuwe, geoptimaliseerde code, waardoor de tool 17% effectiever presteert, zo blijkt uit deze berekeningen.

"Organisaties die John the Ripper gebruiken, zijn in staat om de wachtwoorden van hun gebruikers te auditen en kunnen op dit soort resultaten reageren voordat de wachtwoordhashes zouden lekken. De toegenomen snelheid is in dit geval erg handig", zegt Jen Ellis van Rapid7.

Erkenning
John the Ripper is ontwikkeld door opensource dienstverlener Openwall en is zowel in een gratis als betaalde 'pro' versie verkrijgbaar.

Volgens Metasploit-ontwikkelaar H.D. Moore verdienen de onderzoekers van Openwall erkenning voor de prestatieverbetering en ontdekking in het verwerken van S-box expressies, die ze gratis via John the Ripper beschikbaar maken.
bron: security.nl

THC-HYDRA v6.1 brute force tool ReleasedTHC-HYDRA is a very fast network logon cracker which support many different services. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system. It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD and OSX.

Changelog for thc-hydra v6.4
Update SIP module to extract and use external IP addr return from server error to bypass NAT
Update SIP module to use SASL lib
Update email modules to check clear mode when TLS mode failed
Update Oracle Listener module to work with Oracle DB 9.2
Update LDAP module to support Windows 2008 active directory simple auth
Fix to the connection adaptation engine which would loose planned attempts
Fix make script for CentOS, reported by ya0wei
Print error when a service limits connections and few pairs have to be tested
Improved Mysql module to only init/close when needed
Added patch from the FreeBSD maintainers
Module usage help does not need a target to be specified anymore
configure script now honors /etc/ld.so.conf.d/ directory

Download THC-HYDRA v6.4

emetEnhanced Mitigation Experience Toolkit v2.1-  for deploying and configuring security mitigation technology The enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent hackers from gaining access to your system. 

Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before the latest updates have been applied or who get attacked before an update is even available, the results can be devastating: malware, loss of PII, etc. 

Security mitigation technologies are designed to make it more difficult for an attacker to exploit vulnerabilities in a given piece of software. EMET allows users to manage these technologies on their system and provides several unique benefits:

More Articles …

  1. ratproxy - passive web application security assessment tool
  2. Backtrack 5 is released and available to download
  3. Google Dorks To Find Targets For SQL Injection
  4. Hackertool Metasploit verbetert Windows-aanval
Page 14 of 19