cyphersec A blog about Web Application Security and .NET development best practices

Nuovi Tools in uscita

Periodo di pentesting estremo questo, se poi ci aggiungiamo la scrittura di un nuovo libro.. ahi ahi.. ho veramente pochissimo tempo per aggiornarmi su gli strumenti in uscita. Riporto i tools che secondo me sono "interessanti".

Tcpflow

Programma che cattura i dati trasmessi su connessioni tcp e le archivia in una forma che ne permetta l'analisi. Utile in ambienti di Intelligence Gathering, tcpflow ha una interessante funzione per il recupero e la ritrasmissione dei pacchetti.

Maggiori Informazioni -  Download

SSA 1.52
SSA (Security System Analyzer) is free non-intrusive OVAL-Compatible software. It provides security testers, auditors with an advanced overview of the security policy level applied.

Features :

• OVAL-compatible product
• SCAP (Security Content Automation Protocol)
• Perform a deep inventory audit on installed softwares and applications
• Scan and map vulnerabilities using non-intrusive techniques based on schemas
• Detect and identify missed patches and hotfixes
• Define a patch management deployment strategy using CVSS scores

Maggiori Informazioni - Download

Medusa 1.4

What is Medusa? Medusa is a speedy, massively parallel, modular, login brute-forcer for network services created by the geeks at Foofus.net.

The Key Features are as follows:

• Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
• Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing.
• Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.

Maggiori Informazioni - Download

Ignuma 0.0.5

Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.

Maggiori Informazioni - Download

About Alessio Marziali

Alessio Marziali (MCTS) is a Security Consultant with 9 years of experience developing secure applications with Microsoft .NET in a variety of sectors in UK and Italy. Published technical author with two ASP.NET books currently available for purchase and OWASP Code Crawler Project Leader.