|
IIS Lockdown 2.1
|
|
Hits: 18 |
|
Date added: 03/16/2007 |
|
IIS Lockdown Wizard version 2.1 works by turning off unnecessary features, thus reducing attack surface available to attackers. To provide multiple layers of protection against attackers, URLscan, with customized templates for each supported server role, is integrated into the IIS Lockdown Wizard. |
|
|
|
|
|
InetCrack v1.39
hot!
|
|
Hits: 92 |
|
Date added: 12/23/2005 |
|
InetCrack it is intended for sending a server HTTP packages and get the answer of a server. Initial HTTP the package is set in a text kind. The program allows to enter any values practically all parameters of inquiry. Commands GET and POST are supported. Command POST supports any MIME formats of transferred data. The program allows to set or modify the following inquiry: URL (CGI), Referer, Host, Content-Type, Accept-Encoding, User-Agent, Cookie and Authorization. The program contains the coder/decoder for correct coding and data in URL a format. The answer of a server also is displayed in a text kind that allows to see initial texts HTML and JavaScript. Dynamic display of acting data from a server allows to trace the received information from the CGI-scripts working in so-called stream a mode. The program allows to send also series of packages with automatically changeable parameters that can will be applied to testing loading ability of a server. |
|
|
|
|
|
|
Jikto
hot!
|
|
Hits: 366 |
|
Date added: 04/07/2007 |
|
Jikto works by exploiting a XSS flaw on a given Web site and then silently installing itself on a user's PC. It can then operate in one of two modes. In one mode, Jikto crawls a specific Web site in much the same way that a Web application scanner would, looking for common vulnerabilities, such as XSS or SQL injection. It then reports the results to whatever machine is controlling it. In the other mode Jikto calls home to the controlling PC and tells it that it has installed itself on a new machine, and then awaits further instructions from the controller. |
|
|
|
|
|
|
Leptons Crack
|
|
Hits: 37 |
|
Date added: 02/25/2007 |
|
Leptons Crack is a generic password cracker. It is easily-customizable with a simple plugin system and allows system administrators to review the quality of the passwords being used on their systems. It can perform a dictionary-based (wordlist) attack as well as a brute force (incremental) password scan. It supports standard MD4 hash, standard MD5 hash, NT MD4/Unicode, Lotus Domino HTTP password (R4), and SHA-1 hash formats. LM (LAN Manager) plus appending and prepending |
|
|
|
|
|
mod_evasive
|
|
Hits: 28 |
|
Date added: 02/09/2007 |
|
mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.
Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:
* Requesting the same page more than a few times per second
* Making more than 50 concurrent requests on the same child per second
* Making any requests while temporarily blacklisted (on a blocking list)
This method has worked well in both single-server script attacks as well as distributed attacks, but just like other evasive tools, is only as useful to the point of bandwidth and processor consumption (e.g. the amount of bandwidth and processor required to receive/process/respond to invalid requests), which is why it's a good idea to integrate this with your firewalls and routers for maximum protection.
This module instantiates for each listener individually, and therefore has a built-in cleanup mechanism and scaling capabilities. Because of this per-child design, legitimate requests are never compromised (even from proxies and NAT addresses) but only scripted attacks. Even a user repeatedly clicking on 'reload' should not be affected unless they do it maliciously. mod_evasive is fully tweakable through the Apache configuration file, easy to incorporate into your web server, and easy to use. |
|
|
|
