|
NessusWX v1.4.5d
hot!
|
|
Hits: 54 |
|
Date added: 12/29/2005 |
|
Nessus is the world's most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the world's largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.
NessusWX is a client program for Nessus security scanner which is designed specially for Windows platform. NessusWX has Windows look'n'feel and, in addition, some features that in my opinion was missed in standard Nessus client for Windows. |
|
|
|
|
|
Network Fuzzer :: JBroFuzz 0.2
hot!
|
|
Hits: 58 |
|
Date added: 11/12/2006 |
|
JBroFuzz is a java based (exe currently part of this message) stateless network protocol fuzzer for penetration tests. It allows for the identification of certain classes of security bugs, by means of creating malformed data and having the network protocol in question consume the data.
Fuzzing can take place on any part of a socket request by means of specifying one or more generators. These generators can be hexadecimal, octal, decimal as well as binary. A version of a protocol sniffer acting as a TCP reflector is also included within the current implementation.
The current version supports a more robust set of generations, including basic cross site scripting checks (XSS) as well as basic SQL injection. A number of tests involving buffer overflows (BFO), format string errors (FSE) as well as integer overflows (INT) have been added. Also, a separate panel is present showing the definitions for each and actually what a generator performs. |
|
|
|
|
|
Nikto v1.36
hot!
|
|
Hits: 103 |
|
Date added: 04/11/2007 |
|
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).
Nikto is not designed as an overly stealthy tool. It will test a web server in the shortest timespan possible, and it's fairly obvious in log files. However, there is support for LibWhisker's anti-IDS methods in case you want to give it a try (or test your IDS system).
Not every check is a security problem, though most are. There are some items that are info only type checks that look for items that may not have a security flaw, but the webmaster or security engineer may not know are present on the server. These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.
Features
# Uses rfp's LibWhisker as a base for all network funtionality
# Main scan database in CSV format for easy updates
# Determines OK vs NOT FOUND responses for each server, if possible
# Determines CGI directories for each server, if possible
# Switch HTTP versions as needed so that the server understands requests properly
# SSL Support (Unix with OpenSSL or maybe Windows with ActiveState's Perl/NetSSL)
# Output to file in plain text, HTML or CSV
# Generic and server type specific checks
# Plugin support (standard PERL)
# Checks for outdated server software
# Proxy support (with authentication)
# Host authentication (Basic)
# Watches for bogus OK responses
# Attempts to perform educated guesses for Authentication realms
# Captures/prints any Cookies received
# Mutate mode to go fishing on web servers for odd items
# Builds Mutate checks based on robots.txt entries (if present)
# Scan multiple ports on a target to find web servers (can integrate nmap for speed, if available)
# Multiple IDS evasion techniques
# Users can add a custom scan database
# Supports automatic code/check updates (with web access)
# Multiple host/port scanning (scan list files)
# Username guessing plugin via the cgiwrap program and Apache ~user methods |
|
|
|
|
|
|
OS Detection
hot!
|
|
Hits: 72 |
|
Date added: 02/27/2006 |
|
This is one of the best OS detectior Iv ever seen. Must have. |
|
|
|
|
|
p0f v2.0
|
|
Hits: 47 |
|
Date added: 09/06/2006 |
|
P0f v2 is a versatile passive OS fingerprinting tool. P0f can identify the operating system on:
- machines that connect to your box (SYN mode),
- machines you connect to (SYN+ACK mode),
- machine you cannot connect to (RST+ mode),
- machines whose communications you can observe.
P0f can also do many other tricks, and can detect or measure the following:
- firewall presence, NAT use (useful for policy enforcement),
- existence of a load balancer setup,
- the distance to the remote system and its uptime,
- other guy's network hookup (DSL, OC3, avian carriers) and his ISP.
All this even when the device in question is behind an overzealous packet firewall, when our favourite active scanner can't do much. P0f does not generate ANY additional network traffic, direct or indirect. No name lookups, no mysterious probes, no ARIN queries, nothing. How? It's simple: magic. Find out more by reading the README file. |
|
|
|
