Thursday, July 29, 2010

XSSer v0.6 - "XSSer Storm"


SSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications.
It contains several options to try to bypass certain filters, and various special techniques of code injection.

XSSer v0.6a aka "XSSer Storm!" supports this new features:
-g DORK Process search engine dork results as target urls
(ex:inurl:vulnerable.asp?id=)
--Ge=DORK_ENGINE Search engine to use for dorking (scroogle,
duck, altavista, bing)
-c CRAWLING Crawl target hierarchy parameters (can be slow!)
--Cw=CRAWLING_WIDTH Number of urls to visit when crawling
--Dfo Encodes fuzzing IP addresses in DWORD format

Download: http://xsser.sourceforge.net

Thursday, July 22, 2010

"Backup" Tools For Mysql Administration

mysqldumper

MySQLDumper is a script for backing up MySQL databases written in PHP and Perl. It uses a proprietary technique to avoid execution interruption by reading and saving a certain amount of commands, then calling itself via JavaScript to memorize how far in the process it was. Finally, the script resumes its action from last standby.

Download:
Code:http://forum.mysqldumper.de/downloads.php?cat=2[Image]

phpMyBackupPro

phpMyBackup Pro is a very easy to use, free, web-based MySQL backup script, licensed under the GNU GPL. Script allows a lot of operations such: backup of one or several databases with or without data, table structure; backup directly onto FTP server and sending of backups by email; manage, restore and schedule backups and others. phpMyBackup Pro is platform independent: it requires only a web-server and PHP.

Download:
Code:http://www.phpmybackuppro.net/download.php[Image]

AutoMySQLBackup
A shell script to take daily, weekly and monthly backups of MySQL databases using mysqldump. It's features includes: backing up mutiple databases, create a backup into a single backup file or to a separate file for each DB, backup files compression, backup to remote server, e-mail user when backup is completed and others.

Download
Code:http://sourceforge.net/projects/automysqlbackup/files/

Backup2Mail

Backup2Mail is a PHP script that creates regular backups of MySQL databases and sends them to configurable e-mail address. The whole process can be scheduled with a help of Cron (for Unix/Linux) or with Task Scheduler (for Windows).

Download
Code:http://www.backup2mail.com/download/backup2mail.zip

mylvmbackup

mylvmbackup is utility for creating MySQL backups via LVM snapshots. To perform this, mylvmbackup obtains a read lock on all tables, flushes all server caches to disk, creates a snapshot of the volume containing the MySQL data directory and unlocks the tables again. The LVM snapshot is mounted to a temporary directory and all data is backed up using the tar or rsync program. Script requires Perl5 and LVM utilities.

Download
Code:http://www.lenzg.net/mylvmbackup/#Downloads

MyPHPdumpTool (mpdt)

MyPHPdumpTool is a PHP (CLI) based MySQL backup tool that can be configured to automatically archive and upload any database-dump file to any FTP server. The backup process can be scheduled with a help of Cron (for Unix/Linux) or with Task Scheduler (for Windows).

Download:
Code:http://sourceforge.net/projects/myphpdumptool/files/

mysqlblasy (MySQL backup for lazy sysadmins)

mysqlblasy is a Perl script for automating MySQL database backups. The main feature of this script is automatic backups rotation to avoid that the backup disk gets full when the administrator is on vacation (or is lazy). Each database gets dumped into a separate file, after which all the dumps get tarred/compressed and placed into the specified backup directory. Old files in the backup directory get deleted, and the number of newest files that is specified in configuration file is kept.

Download:
Code:http://pol.spurious.biz/projects/scripting/mysqlblasy.php#downloadSypex Dumper Lite

Sypex Dumper Lite is developed by specialists of Ukrainian company and it is a PHP script for quick and easy MySQL database backup. The script is very fast with all types of databases (small or large), because it uses special technique for dumping: the backup file is not stored entirely in memory.

Download:
Code:http://sypex.net/products/dumper/downloads/

Monday, July 12, 2010

Safe3 SQL Injector


Safe3 SQL Injector is one of the most powerful penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers.

Features:
Full support for GET/Post/Cookie Injection;
Full support for HTTP Basic, Digest, NTLM and Certificate authentications
Full support for MySQL, Oracle, PostgreSQL,MSSQL,ACESS,DB2,Sybase,Sqlite
Full support for Error/Union/Blind/Force SQL injection
Support for file acess,command execute,ip domain reverse,web path guess,md5 crack,etc.
Super bypass WAF

Download: http://sourceforge.net

Thursday, July 8, 2010

THC-Hydra

 
A very fast network logon cracker which support many different services
Currently this tool supports:

TELNET, FTP, Firebird, HTTP-GET, HTTP-HEAD, HTTPS-GET, HTTP-HEAD, HTTP-PROXY,HTTP-PROXY-NTLM,HTTP-FORM-GET HTTP-FORM-POST, HTTPS-FORM-GET,HTTPS-FORM-POSTLDAP2, LADP3, SMB, SMBNT, MS-SQL, MYSQL,POSTGRES,POP3-NTLM, IMAP, IMAP-NTLM, NCP, NNTP, PCNFS, ICQ, SAP/R3, Cisco auth,Cisco enable, SMTP-AUTH, SMTP-AUTH-NTLM, SSH2, SNMP, CVS, Cisco AAA,REXEC, SOCKS5, VNC, POP3 and VMware Auth.

Changelog for 5.7:

* Added ncp support plus minor fixes (by David Maciejak @ GMAIL dot com)
* Added an old patch to fix a memory from SSL and speed it up too from kan(at)dcit.cz
* Removed unnecessary compiler warnings
* Enhanced the SSH2 module based on an old patch from aris(at)0xbadc0de.be
* Fixed small local defined overflow in the teamspeak module. Does it still work anyway??

Download: http://freeworld.thc.org

Wednesday, July 7, 2010

Maltego version 3


Maltego is an open source intelligence and forensics application. It will offer you timous mining and gathering of information as well as the representation of this information in a easy to understand format.

Maltego can be used for the information gathering phase of all security related work. It will save you time and will allow you to work more accurately and smarter.
Maltego aids you in your thinking process by visually demonstrating interconnected links between searched items.
Maltego provide you with a much more powerful search, giving you smarter results.
If access to "hidden" information determines your success, Maltego can help you discover it.

Download and more info: http://www.paterva.com

Monday, July 5, 2010

NetworkMiner


NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows that can detect the OS, hostname and open ports of network hosts through packet sniffing or by parsing a PCAP file. NetworkMiner can also extract transmitted files from network traffic including common image file formats = fun !

Download: http://sourceforge.net

Thursday, July 1, 2010

SSLCertScanner : New Tool to Scan for SSL Certificates on Network

 
SSLCertScanner is the FREE network based SSL certificate scanner software. It can remotely scan SSL certificate on any host which may present on the intranet or internet. It can also scan single host or multiple hosts at a time. Once the SSL certificate is discovered, SSLCertScanner automatically validates it by checking for expiry date.
SSLCertScanner supports HTTPS as well as LDAPS based SSL services for certificate scanning. During the scanning it displays detailed status message of current operation for each host.

Download: http://securityxploded.com
Certified Ethical Hacker Network Security Internet Security Computer Security Wireless Network Security