FakeNet – Beta – Windows Network Simulation tool for Malware Analysis.

FakeNet is Windows network simulation tool designed for malware analysis. It redirects all traffic leaving a machine to the localhost (including hard-coded IP traffic and DNS traffic) and implements several protocols to ensure that malicious code continues to execute and can be observed by a malware analyst.

The tool supports DNS, HTTP, and SSL protocols and provides a python extension interface for implementing new or custom protocols. It also the capability to listen for traffic to any port as well as create packet capture on the localhost.

Right now the tool only support WinXP Service Pack 3. The tool runs fine on Windows Vista/7 although certain features will be automatically disabled.

Features

  • Supports DNS, HTTP, and SSL
  • HTTP server always serves a file and tries to serve a meaningful file; if the malware request a .jpg then a properly formatted .jpg is served, etc. The files being served are user configurable.
  • Ability to redirect all traffic to the localhost, including traffic destined for a hard-coded IP address.
  • Python extensions, including a sample extension that implements SMTP and SMTP over SSL.
  • Built in ability to create a capture file (.pcap) for packets on localhost.
  • Dummy listener that will listen and display traffic destined for any port.

Platform : Windows

Download Latest Version : FakeNet0.9.exe (8.3 MB)

Find Other Version |

Read more in here : http://practicalmalwareanalysis.com/

websploit – Is a open source tool for scan and analysis cms’s

WebSploit :

  • Scan All Sql Injection Vulnerability In Plugin’s Of WordPress , DataLife , Joomla , Drupal
  • Scan All Local File Inclusion Vulnerability In Plugin’s Of WordPress , DataLife , Joomla , Drupal
  • Scan All Remote File Include & Remote Code Execution Vulnerability In All Themes And Plugin’s Of WordPress , DataLife , Joomla , Drupal

Download Latest version : websploit-v.1.2.zip (1.1 MB)

Find Other Version | Read more in here : http://code.google.com/

SuStorID – Alpha

SuStorID is an advanced Intrusion Detection System (IDS) for web services, based on machine learning. Its name comes from the term “Su Stori”, which in Sardinian language means “The Falcon”. It’s version is experimental, but demonstrates a number of interesting features, that can be readily exploited to detect and act against web attacks. SuStorID can be coupled with modsecurity, the well known web application firewall, to gather training data and provide for real-time counteractions. So, SuStorID is a host-based Intrusion Detection System, and by means of modsecurity can access internal web server’s data (i.e. http request/response fields) exactly as Apache does.

How to Installation :

Download Latest Version :

– SuStorID_alpha.zip (1.1 MB)

– modsecurity-apache_2.6.2_for_sustorid.zip

find other version |

read more in here : http://comsec.diee.unica.it/sustorid/

iSkim – Skim mobile devices on the go

open source project for using forensic tools to help analyze devices for potential privacy and security vulnerabilities

The iSkim tool is a small script to help forensic peeps to quickly dump all “sqlit”,”log” and “db” files.
The tool is a BETA at this moment and covers only non-jailbroken devices.

Requirements
————
– ubuntu 11.10
– libimobiledevice and all supporting libs.

Running it
———-
run ‘python iSkim.py’

Download latest Version : iSkim_test.py (4.5 kB)

Find Other Version | Read more in here : iSkim

dbSQWare – shell scripts for RDBMS exploitation (Oracle, Sybase, SqlServer, …)

– open source shell scripts for RDBMS exploitation

– dbSQWare™ is designed for DBAs to facilitate the daily operation of all databases to which they are responsible

– dbSQWare™ can federate operation on databases Oracle, Sybase, SqlServer, MySql and Ingres through a common and homogeneous socle. The design of this toolkit provides great flexibility and customization

– Repositories management of DBMS park (CMDB) in a database.

– Current and advanced operations on DBMSs Oracle, Sybase, MSSQL, MySql and Ingres: (Backups, Restore, Restorations, Reorganizations, Statistics, …)

– Collection of indicators and capacity planning with recovery in a database. Check these indicators (collection, volumes, backups, …) and send alert mails.

– Central management of instances (access, scripts execution and automatic controls, …)


Features

  • Backups scripts for Oracle (RMAN), Sybase (dump), MySql (mysqldump), MsSql (backup) and Ingres (ckpdb)
  • Gather indicators and web site for dbas and end users to display indicators
  • Statistics scripts for Sybase, Oracle, MySql, MsSql and Ingres
  • Reorganization scripts for Sybase (reorg), Oracle (shrink), MySql (optimize), MsSql and Ingres
  • And others exploitation scripts for Sybase, Oracle, MySql, MsSql and Ingres.

Download Latest Version : dbSQWare_full_latest.tgz (1.9 MB)

Find Other version | Read more in here : http://www.dbsqware.com/

Network Security Toolkit (NST)

Network Security Toolkit (NST) is a bootable ISO image (Live DVD) based on Fedora 16 providing easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x86_64 platforms.

The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 125 Security Tools by INSECURE.ORG are available in the toolkit. An advanced Web User Interface (WUI) is provided for system/network administration, navigation, automation, geolocation and configuration of many network and security applications found within the NST distribution. In the virtual world, NST can be used as a network security analysis, validation and monitoring tool on enterprise virtual servers hosting virtual machines.


Features

  • Multi-Tap Network Packet Capture
  • Web-Based Network Security Tools Management
  • Host/IPv4 Address Geolocation
  • Network/System Monitoring
  • Network Intrusion Detection
  • Multi-Port Terminal Server
  • VNC Session Management
  • Network Interface Bandwidth Monitor

Download latest version : nst-2.16.0-3170.i686.iso (1.5 GB)

find other version |

read more in here : http://www.networksecuritytoolkit.org/

Matriux – Krypton

Matriux is a GNU/Linux, Debian based security distribution designed for penetration testing and cyber forensic investigations. It is a distribution designed for security enthusiasts and professionals, can also be used normally as your default OS.


Features

  • Faster interface
  • More than 300 tools powerful for penetration testing and forensics
  • Kernel 2.6.39-krypton

Download Latest Version : Matriux-Krypton-v1.2.iso (2.2 GB)

Find Other Version | Read More In Here : http://matriux.sf.net/