(Page 1 of 19) 1 2 3 4 5 6 7 8 9 10 11 Next > Category: Authentication BobCat Added 2006-02-04 BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named "Data Thief" that was published as PoC by appsecinc. BobCat can exploit SQL injection bugs/opportunities in web applications, independent of language, but dependent on MS SQL as the back end DB. Windows Permission Identifier Added 2006-01-18 This tool enables administrators and penetration testers to review and audit the permissions of users on a windows machine. Windows Permission Identifier can check; File ACLs Folder ACLs Registry ACLs Services Permissions Shares Installation rights Internet Access and so on. The GUI enables the administrator to create policies that can be saved in XML format. The windows machines permissions are then checked against this policy. This enables administrators to run checks against existing organisational windows security baseline documents. Policies can be saved in XML format and all results can be exported for further use. WARNING: The policy that is included is a sample of the functionality of the tool. It is not a security policy that should be followed. Report Bugs & send your own policy files : nhouse[at]stationx.net It would be very useful to the community if you send me any policies you create. For example, Web server, desktop, domain controller or what ever you create. I will upload your policy files to the site and credit you. KeePass Password Safe Added 2006-01-12 KeePass is a free/open-source password manager or safe which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key-disk. So you only have to remember one single master password or insert the key-disk to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). The best password management software (for a single user) that I've seen. Acunetix Web Vulnerability Scanner Added 2006-01-09 Audit your website security: Acunetix Web Vulnerability Scanner checks your web applications (shopping carts, forms, dynamic content, etc.) for vulnerabilities to SQL injection, Cross site scripting & other web attacks. Hackers are concentrating their efforts on websites: 75% of cyber attacks are launched on web applications! Scan your web site today and find vulnerabilities before hackers do! JProbe Added 2005-12-15 JProbe will check remotely for supported cipher suites on a webserver. It will also check for redirections in case a cipher is supported but the client is then directed to a "not valid cipher" page. JProbe also will export the results to an HTML page. (Additionally you can set cookies) Thor Added 2005-12-02 Thor is Internet Explorer driven tool for manual web application testing. Both security professionals and testers found it useful while testing web applications. You can control (intercept and change) what web forms submit to web servers, see the source code of the page and/or manipulate cookies. It supports frames and, if required, it is possible to use HttpWebRequest instead of IE navigation. Built for .NET Framework 2.0 and, as it uses IE COM control, it requires FullTrust. Sorry, no proper web page or manual yet, but give me a shout if you need more information... pak76 LiLith Added 2005-11-03 LiLith is a tool written in Perl to audit web applications. This tool analyses webpages and looks for html <form> tags , which often refer to dynamic pages that might be subject to sql injection or other flaws. SafeGuard Easy by Utimaco Added 2005-09-14 Total hard disk encryption using AES and Blowfish. Uses Pre-Boot Authentication for complete protection of your system Proactive System Password Recovery Added 2005-07-30 Proactive System Password Recovery is a program to recover all types of Windows passwords: logon password (when user is logged on and has Admin privileges), screensaver password, .NET Passport password, RAS and dial-up passwords, passwords to shared resources, SYSKEY startup password, passwords stored in cached credentials, Wireless (WEP and WPA-PSK) encryption keys etc. The program also shows all users and groups (with their properties), allows to run any programs in other user's context, show password history hashes, read password hashes from SAM and SYSTEM files, read Protected Storage records, decrypt Windows scripts, reveal passwords hidden under the asterisks, enable disabled controls, and run brute-force and dictionary attacks on PWL files (Windows 9x). Finally, it shows product IDs and CD keys for Windows, Microsoft Office and other Microsoft software installed. VForce Added 2005-05-10 V-Force is an instrument with whose help attacks on web server or applications can be simulated and the results logged and analyzed. Browse by category |
|
Privacy Statement |