Wednesday, September 14, 2011

Web Application Security/Vulnerability Scanner

                      We have been using lot of tools for Finding Vulnerability in Web Application . while Pentesting today we will see how to use Open source Security Scanner , which works without much of the false positives,we will test this tool


List Of Commercial Tools : Web Application Security Scanner


List of Open Source Tools : Web Application Vulnerability Scanner

Tuesday, September 6, 2011

virtualization product - Open Source

 VirtualBox:
                  is a family of powerful x86 virtualization products for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL).

                Presently, VirtualBox runs on Windows, Linux and Macintosh hosts and supports a large number of guest operating systems including but not limited to Windows (NT 4.0, 2000, XP, Server 2003, Vista), DOS/Windows 3.x, Linux (2.4 and 2.6), and OpenBSD.

                           
                              VirtualBox for Linux/UNIX. Within VirtualBox Windows XP is running.
                           

VirtualBox for Mac OS X. Within VirtualBox Windows 7 is running.


                          VirtualBox for Windows. Within VirtualBox Ubuntu 10.10 is running.

Oracle VirtualBox :

  • LsiLogic SAS controller emulation
  • RDP video acceleration
  • NAT engine configuration via API and VBoxManage
  • Enhanced OVF support with custom namespace to preserve settings that are not part of the base OVF standard


Download Link : Click Here

Monday, September 5, 2011

OVALdi - an open-source local vulnerability assessment scanner

OVAL Interpreter is a freely available reference implementation that demonstrates the evaluation of OVAL Definitions. Based on a set of Definitions the interpreter collects system information, evaluates it, and generates detailed OVAL Results.



OVALdi is open-source and still under heavy development, so the results may not always be accurate:

  • The repository of OVAL definitions is not complete yet: Not all vulnerabilities will be detected.
  • Non-English versions of Windows do not seem to be supported as well as English versions: In practice you may encounter more false positives (reported vulnerabilities even when the patch is already installed).
  • Potential bugs

Download Link : Click Here

Best Open Source Information Security Tools

Open Source Security Assessment Tools


Best - Open Source Security Assessment , Vulnerability Auditing, & Penetration Testing Tools:

1
Stockade Virtual Appliance with Snort, BASE, Inprotect, CACTI, NTOP & Others
2

Nessus

Open source vulnerability assessment tool
3
Snort Intrusion Detection (IDS) tool
4
Wireshark TCP/IP Sniffer- AKA Ethereal
5

WebScarab

Analyze applications that communicate using the HTTP and HTTPS protocols
6
Wikto Web server assessment tool
7
BackTrack Penetration Testing live Linux distribution
8
Netcat The network Swiss army knife
9
Metasploit Framework Comprehensive hacking framework
10
Sysinternals Collection of windows utilities
11
Paros proxy Web application proxy
12
Enum Enumerate Windows information
13
P0F v2 Passive OS identification tool
14
IPPersonality Masquerade IP Stack
15
SLAN Freeware VPN utility
16
IKE Crack IKE/IPSEC cracking utility
17
ASLEAP LEAP cracking tool
18
Karma Wireless client assessment tool- dangerous
19
WEPCrack WEP cracking tool
20
Wellenreiter Wireless scanning application
21

SiteDigger

Great Google hacking tool
22
Several DDOS Tools Distributed Denial of Service(DDOS) tools
23
Achilles Web Proxy Tool
24
Firefox Web Developer Tool Manual web assessment
25
Scoopy Virtual Machine Identification tool
26
WebGoat Learning tool for web application pentests
27
FlawFinder Source code security analyzer
28
ITS4 Source code security analyzer
29
Slint

Source code security analyzer

30
PwDump3 Dumps Windows 2000 & NT passwords
31
Loki ICMP covert channel tool
32
Zodiac DNS testing tool
33
Hunt TCP hijacking tool
34
SniffIT Curses-Based sniffing tool
35
CactiEZ Network traffic analysis ISO
36
Inprotect Web-based Nessus administration tool
37
OSSIM Security Information Management (SIM)
38
Nemesis Command-Line network packet manipulation tool
39
NetDude TCPDump manipulation tool
40
TTY Watcher Terminal session hijacking
41
Stegdetect Detects stego-hidden data
42
Hydan Embeds data within x86 applications
43
S-Tools Embeds data within a BMP, GIF, & WAV Files
44
Nushu Passive covert channel tool
45
Ptunnel Transmit data across ICMP
46
Covert_TCP Transmit data over IP Header fields
47
THC-PBX Hacker PBX Hacking/Auditing Utility
48
THC-Scan Wardialer
49
Syslog-NG MySQL Syslog Service
50

WinZapper

Edit WinNT 4 & Win2000 log files
51
Rootkit Detective Rootkit identification tool
52
Rootkit Releaver Rootkit identification tool
53
RootKit Hunter Rootkit identification tool
54

Chkrootkit

Rootkit identification tool
55
LKM Linux Kernal Rootkit
56
TCPView Network traffic monitoring tool
57
NMAP Network mapping tool
58
Ollydbg Windows unpacker
59
UPX Windows packing application
60
Burneye Linux ELF encryption tool
61

SilkRpoe 2000

GUI-Based packer/wrapper
62
EliteWrap Backdoor wrapper tool
63
SubSeven

Remote-Control backdoor tool

64
MegaSecurity Site stores thousands of trojan horse backdoors
65
Netbus

Backdoor for Windows

66
Back Orfice 2000 Windows network administration tool
67
Tini Backdoor listener similar to Netcat
68

MBSA

Microsoft Baseline Security Analyzer
69
OpenVPN SSL VPN solution
70
Sguil An Analyst Console for network security/log Monitoring
71
Honeyd Create your own honeypot
72
Brutus Brute-force authentication cracker
73
cheops / cheops-ng Maps local or remote networks and identifies OS of machines
74
ClamAV A GPL anti-virus toolkit for UNIX
75
Fragroute/Fragrouter Intrusion detection evasion toolkit
76
Arpwatch Monitor ethernet/IP address pairings and can detect ARP Spoofing
77
Angry IP Scanner Windows port scanner
78
Firewalk Advanced traceroute
79
RainbowCrack Password Hash Cracker
80
EtherApe EtherApe is a graphical network monitor for Unix
81
WebInspect Web application scanner
82
Tripwire File integrity checker
83
Ntop Network traffic usage monitor
84
Sam Spade Windows network query tool
85
Scapy Interactive packet manipulation tool
86
Superscan A Windows-only port scanner
87
Airsnort 802.11 WEP Encryption Cracking Tool
88
Aircrack WEP/WPA cracking tool
89
NetStumbler Windows 802.11 Sniffer
90
Dsniff A suite of powerful network auditing and penetration-testing tools
91
John the Ripper Multi-platform password hash cracker
92
BASE The Basic Analysis and Security Engine- used to manage IDS data
93
Kismet Wireless sniffing tool
94

THC Hydra

Network authentication cracker
95
Nikto Web scanner
96
Tcpdump TCP/IP analysis tool
97

L0phtcrack

Windows password auditing and recovery application
98

Reverse WWW Shell

Shell access across port 80
99
THC-SecureDelete Ensure deleted files are unrecoverable
100
THC-AMAP Application mapping tool

Top 5 VPN Software

ProXPN:

ProXPN is a free VPN software that creates a secure VPN connection between the internet and your PC under a highly secured environment. With secure browsing software ProXPN you can easily hide your online activity and identity. It also helps you to surf blocked websites by hiding the real IP address.

Create a ProXPN account, download, install and run the software, then you can connect the VPN service with your username and password.

Free accounts are rate-limited to 1000 kbps, and do not include PPTP VPN access.

Download Link : Click Here

---------------------------------------------------------------------------------------------------

MicroVPN:

This program is developed by a company that has various servers in the United States, and basically offers the connection to a VPN (Virtual Private Net) by means of which all the users connected will exit the VPN through their servers. This means that even if you are connected in your own country, your connection will indicate that your are in USA.

MicroVPN offers you various American IPs, protection by means of 168-bit L2TP/IPsec encryption, and various other protection elements that joined to the ease with which the software connects and how easy it is to configure, make MicroVPN one of the programs that changes our IP in the easiest way.

Download Link : Click here

**************************************************************************************

Loki VPN Client:

Free VPN software of Loki Network Project, it is workable for Windows computer only, but offers unlimited data traffic with a 30-minute connection limit per time.

You just need to download and install the software, then run and connect it, no registration needed, but sometimes it maybe fail to connect the VPN server, and the speed is a little slow.

Download Link : Click Here

====================================================================

ExpatShield:

It is true that we have several free vpn services to bypass such restrictions, but Expat Shield is a new vpn service from AnchorFree, maker of the popular HotSpot Shield, that enables users to create VPN connection to servers located in the United Kingdom, and thereby access all services which are region locked to the UK, such as BBC iPlayer, ITV player, Channel 4, Spotify and others.
Expat Shield also enables user to remain anonymous, and offers protection from packet sniffers, such as Firesheep, by way of encrypted (HTTPS) connection.

Download Link : Click Here

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Hotspot Shield:


Hotspot Shield offers a free VPN solution with unlimited bandwidth for Windows and Mac.

Just download and install the software, then you can run and connect the VPN service. There will be ads on the top of the webpages you visit.


Besides English, French and Chinese, Hotspot Shield also supports Arabic, Persian, Russian and Vietnamese.


shield logo

Hotspot Shield

Ensure you are private, secure, and anonymous online!

  • Secure your web session, data, online shopping, and personal information online with HTTPS encryption.
  • Protect yourself from identity theft online.

Download Link : Click Here

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++