Live CD - OWASP - Open Web Application Security Project

OWASP :

Open Web Application Security Project is a worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. 

 OWASP Live CD project was originally started to update the previous OWASP Live CD 2007.

OWASP Live CD installed to a physical or virtual hard drive (VMware) is available and work continues on making other versions of the project available including a bootable USB, portable VM installation, an installation for the Asus Eee PC. These are either downloadable files or instructions on how to create the alternate delivery mechanisms.

OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories:

• PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws.
• DETECT - These are tools and documents that can be used to find security-related design and implementation flaws.
• LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).

Video Tutorial : http://www.youtube.com/user/AppsecTutorialSeries

OWASP Live CD Download Link : Web Testing Environment (WTE) ISO

Username : owasp / Password  : owasp

OWASP Live CD VMWare Image Download Link : OWASP-livecd.vmx

Thanks to RRN Technologies Team

Backtrack 5 R3 released - Penetration Testing Tool

BackTrack 5 :

BackTrack is an Ubuntu-based distribution with a collection of security and forensics tools. It was created by merging Auditor Security Linux with WHAX (formerly Whoppix)..

The BackTrack Development team will be releasing an R3 revision of our Penetration Testing distribution in 2 weeks. This release focuses on bugfixes and over 50 new tool additions ΓÇô making it the most potent revision yet. We have released a BT5 R3 preview in BlackHat Vegas for the enjoyment of conference attendees, which can be found in their delegate bags.  The DVD contains a BT5 R3 Gnome, 32 bit edition ΓÇô burnt as an ISO (as opposed to an image). We will be taking in our last bug reports and tool suggestions from the BH / Defcon crowds for our upcoming official release, which will be on August 13th, 2012. Current BT5 users can simply upgrade to the latest release using the regular update commands. More details will be released along with the full listing of new tools on the 13th of August. We hope you enjoy this fine release as much as we do!

You Tube : http://www.youtube.com/watch?v=Qb0orNRte9E

     Home Page          http://www.backtrack-linux.org/

Documentation http://www.backtrack-linux.org/wiki/ http://www.backtrack-linux.org/tutorials/ Download Mirrors http://www.backtrack-linux.org/downloads/

Download BackTrack 5 R3 release via torrent

BT5R3-GNOME-64.torrent (md5: 8cd98b693ce542b671edecaed48ab06d)
BT5R3-GNOME-32.torrent (md5: aafff8ff5b71fdb6fccdded49a6541a0)
BT5R3-KDE-64.torrent (md5: 981b897b7fdf34fb1431ba84fe93249f)
BT5R3-KDE-32.torrent (md5: d324687fb891e695089745d461268576)
BT5R3-GNOME-32-VM.torrent (md5: bca6d3862c661b615a374d7ef61252c5)
 
Thanks To RRN Information Security Team.

Ostinato - Open source Packet/Traffic Generator and Analyzer

Ostinato:
              is a network packet and traffic generator and analyzer with a friendly GUI. It aims to be “Wireshark in Reverse” and thus become complementary to Wireshark. It features custom packet crafting with editing of any field for several protocols: Ethernet, 802.3, LLC SNAP, VLAN (with Q-in-Q), ARP, IPv4, IPv6, IP-in-IP a.k.a IP Tunneling, TCP, UDP, ICMP,HTTP, SIP, RTSP, NNTP, etc. It is useful for both functional and performance testing.

Ostinato is an open-source, cross-platform network packet crafter/traffic generator and analyzer with a friendly GUI. Craft and send packets of several streams with different protocols at different rates.

Ostinato aims to be "Wireshark in Reverse" and become complementary to Wireshark.

Features

• Runs on Windows, Linux, BSD and Mac OS X (Will probably run on other platforms also with little or no modification but this hasn't been tested)
• Open, edit, replay and save PCAP files
• Support for the most common standard protocols
• Ethernet/802.3/LLC SNAP
• VLAN (with QinQ)
• ARP, IPv4, IPv6, IP-in-IP a.k.a IP Tunnelling (6over4, 4over6, 4over4, 6over6)
• TCP, UDP, ICMPv4, ICMPv6, IGMP, MLD
• Any text based protocol (HTTP, SIP, RTSP, NNTP etc.)
• More protocols in the works ...
• Modify any field of any protocol (some protocols allow changing packet fields with every packet at run time e.g. changing IP/MAC addresses)
• User provided Hex Dump - specify some or all bytes in a packet
• User defined script to substitute for an unimplemented protocol (EXPERIMENTAL)
• Stack protocols in any arbitrary order
• Create and configure multiple streams
• Configure stream rates, bursts, no. of packets
• Single client can control and configure multiple ports on multiple computers generating traffic
• Exclusive control of a port to prevent the OS from sending stray packets provides a controlled testing environment
• Statistics Window shows realtime port receive/transmit statistics and rates
• Capture packets and view them (needs Wireshark to view the captured packets)
• Framework to add new protocol builders easily 

Download Link : Click Here 

Malware Classifier - Open Source Tool by Abobe

Malware Classifier:

                                is a command-line tool that lets antivirus analysts, IT administrators, and security researchers quickly and easily determine if a binary file contains malware, so they can develop malware detection signatures faster, reducing the time in which users' systems are vulnerable.

                              Malware Classifier uses machine learning algorithms to classify Win32 binaries – EXEs and DLLs – into three classes: 0 for “clean,” 1 for “malicious,” or “UNKNOWN.”

                              The tool was developed using models resultant from running the J48, J48 Graft, PART, and Ridor machine-learning algorithms on a dataset of approximately 100,000 malicious programs and 16,000 clean programs.

                               The tool extracts seven key features from an unknown binary, feeds them to one of the four classifiers or all of them, and presents its classification of the unknown binary.

Note:  Quick & easy classification of binaries for malware analysis.

Download Link : Click here

Armitage - Network Penetration Testing Tool

Armitage Tool:

                             makes Network penetration testing easy by GUI of Metasploit Framework.

                                         It was developed by Raphael Mudge. This tool helps to reduce the time and also gives a good understanding of Metasploit to various security professionals. The major advantages of using this tool are that it recommends the exploits, has advanced post-exploitation features, and is a very good visualization of the targets.



                                          We can scan a particular target or import data from other security scanners, which can then be used in Armitage for further attacks. The following is a list of a few security scanners file formats which are supported currently for adding the hosts to Armitage:

• Acunetix XML
• Amap Log
• Amap Log -m
• Appscan XML
• Burp Session XML
• Foundstone XML
• IP360 ASPL
• IP360 XML v3
• Microsoft Baseline Security Analyzer
• Nessus NBE
• Nessus XML (v1 and v2)
• NetSparker XML
• NeXpose Simple XML
• NeXpose XML Report
• Nmap XML
• OpenVAS Report
• Qualys Asset XML
• Qualys Scan XML
• Retina XML

Armitage Document Manual : Click Here

Armitage Tutorial Video's & Snapshots: Click Here

Armitage Download : Click Here

Mobisec - Mobile Application Security Scanning Testing

MobiSec:

             makes mobile application penetration testing more streamlined for the tester, allowing more time to focus on the test objectives and progress, and less on the tools or the testing environment.

                               MobiSec - Live Environment Mobile Testing Framework project is a live environment for testing mobile environments, including devices, applications, and supporting infrastructure. The purpose is to provide attackers and defenders the ability to test their mobile environments to identify design weaknesses and vulnerabilities. The MobiSec Live Environment provides a single environment for testers to leverage the best of all available open source mobile testing tools, as well as the ability to install additional tools and platforms, that will aid the penetration tester through the testing process as the environment is structured and organized based on an industry­‐proven testing framework.
                                       Using a live environment provides penetration testers the  Ability to boot the MobiSec Live Environment on any Intel-­based system from a DVD or USB flash drive, or run the test environment within a virtual machine.


Features:

- Upgraded Ruby to 1.9.2p318 and installed for root account 
- Installed Ubuntu updates via Update Manager 
- Updated Metasploit to rev 15158 - Updated SET to rev 1262 
- Added SecurityCompass AndroidLabs apk to emulators 
- Added SecurityCompass LabServer 
- Updated Android SDK Manager to rev 17 
- Updated Eclipse and Android plugin 
- Updated android-emu.sh script to specify emulator to launch 
- Added Ettercap with GUI - Added SQLMap 
- Added pptpd, tcpick, tshark 
- Added SSLStrip
 - Added DroidBox with Android 2.1 emulator
 - Added iSniff SSL MitM tool for iPhone
 - Added dsniff 
- Added SQLiteSpy 
- Fixed Ruby install 
- Updated BeEF (from github) 
- Fixed install script on desktop 
- Added support for Lorcon2 msf module
 - Added Aircrack-ng and Airgraph-ng 
- Fixed Kismet install 
- Added Firefox plugins: - Cookies Manager+ - Greasemonkey - HackBar - HttpFox - JSView - MitM Me - Tamper Data - User Agent Quick Switch - XSS Me - Disabled login sound - Changed default user account lockout to 30 mins - Updated desktop background image.

 

Project Research Document : Click here

 

Installation Instruction : Doc click 

 

Download Link (iso) : MobiSec

Read more in here : https://www.owasp.org/index.php/OWASP_Mobile_Security_Project

 

Thanks for Visiting my Blog ...

 

WebSploit - Scan And Analysis Remote System From Vulnerability

WebSploit:
                is an open source project which is used to scan and analysis remote system
in order to find various type of vulnerabilites. This tool is very powerful and support multiple vulnerabilities

[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin
[+]format infector - inject reverse & bind payload into file format
[+]phpmyadmin - Search Target phpmyadmin login page
[+]lfi - Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF
[+]apache users - search server username directory (if use from apache webserver)
[+]Dir Bruter - brute target directory with wordlist
[+]admin finder - search admin & login page of target
[+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+]MITM - Man In The Middle Attack
[+]Java Applet Attack - Java Signed Applet Attack
[+]MFOD Attack Vector - Middle Finger Of Doom Attack Vector
[+]USB Infection Attack - Create Executable Backdoor For Infect USB For Windows

With New Features : Website Attack Vector : Scanner, crawler For WebsiteNetwork Attack Vestor : Network Attack ToolsAutomatic Exploits : Automatic Exploit VulnerabilityFormat Infector : Inject Custom Payload Into File FrmatDownload V1.4 : WebSploit Toolkit V.1.4.zip (1.1 MB)find Other version | read more in hereSecurity List Network™ Present.

Download Link : Websploit