Joomscan Security Scanner – Detect more than 550 Joomla vulnerabilities

Joomscan Security Scanner – Detect more than 550 Joomla vulnerabilities

Joomscan Security Scanner updated recently with new database have 550 vulnerabilities. Detects file inclusion, sql injection, command execution vulnerabilities of a target Joomla web site. Last update for this tool was in August, 2009 with 466 vulnerabilities.

HOW TO USE :

In joomscan you can check for new updates with command: ./joomscan.pl check or ./joomscan.pl update.

Download For Windows : http://web-center.si size (141 kb)

Download For Linux : http://web-center.si size (150 kb)

Resources : http://security.web-center.si/

hwk Beta – hwk is a tool used for wireless lan pentests

hwk is an easy-to-use application used to attack and discover wireless networks. It’s providing various modes such as authentication/deauthentication flood, beacon and probe response fuzzing.

Platform : Unix/linux
Features

  • probe resonse fuzzing
  • authentication flood
  • deauthentication flood
  • antenna alignment
  • deauthentication flood agains all data connections
  • stress testing
  • beacon injection
  • injection testing
  • wlan
  • wireless hacking

Downloadhwk_0.3.2.tar.gz (257.5 kB)

Find Other version | Read more in here

Tripwire 2.4.2 released

   Tripwire 2.4.2 released

Tripwire is a very popular system integrity checker, a utility that compares properties of designated files and directories against information stored in a previously generated database. Any changes to these files are flagged and logged, including those that were added or deleted, with optional email and pager reporting. Support files (databases, reports, etc.) are cryptographically signed.
Changes:This release updates version revision in reports and all, adds experimental policy creation (see policy/policy_generator_readme.txt), fixes report formatting and sendmail issues, adds Debian patches for crypto and hostnames, fixes a compiling issue on recent GCC compilers (-fpermissive), and adds an experimental policy generator file which should become standard once it has been tested properly.

Download  : http://sourceforge.net

WAFP : Web Application Finger Printer Tool

WAFP : Web Application Finger Printer Tool

WAFP is a Web Application Finger Printer written in ruby using a SQLite3 DB. WAFP fetches the files given by the Finger Prints from a webserver andchecks if the checksums of those files are matching to the given checksums from theFinger Prints. This way it is able to detect the detailed version andeven the build number of a Web Application.

Sample Scan Result:

 wafp.rb –verbose -p phpmyadmin https://phpmyadmin.site.com
   VERBOSE: loading the fingerprint database to the ram…
   Collecting the files we need to fetch …
   Fetching needed files (#432), calculating checksums and storing the results to the database:
   ………………………………………………………………………………..
   VERBOSE: request for “/themes/darkblue_orange/img/b_info.png” produced “Connection refused – connect(2)” for 1 times – retrying…
   ………………………………………………………………………………..
   Checking gathered/stored checksums (#432) against the selected product (phpmyadmin) versions (#87) checksums:
   ……………………………………………………………………………
                                                                                          
    found the following matches (limited to 10):
   +————————————————————-+
    phpmyadmin-2.11.9.1                 296 / 299  (98.99%)
    phpmyadmin-2.11.9.2                 295 / 299  (98.66%)
    phpmyadmin-2.11.9.4                 295 / 299  (98.66%)
   phpmyadmin-2.11.4                   294 / 299  (98.33%)
    phpmyadmin-2.11.5.2                 294 / 299  (98.33%)
   +————————————————————-+
    WAFP 0.01-26c3  – – – – – – – – –  http://mytty.org/wafp/
                                                                 
   VERBOSE: Returncode stats:
   VERBOSE: Ret-Code 200 #302
   VERBOSE: Ret-Code 404 #130
   VERBOSE: deleting the temporary database entries for scan “472312620367191262036719_httpsphpmyadmin.site.com”

download:
 *current release*

 - version 0.01-26c3
   * tar lzma
     - direct download  -> wafp-0.01-26c3.tar.lzma
   * tar bzip2
     - direct download  -> wafp-0.01-26c3.tar.bz2
   * tar gzip
     - direct download  -> wafp-0.01-26c3.tar.gz

RESOURCES : http://mytty.org