SQLSentinel v0.1 beta – OpenSource tool for sql injection security testing

SQLSentinel is an opensource tool that automates the process of finding the sql injection on a website. SQLSentinel includes a spider web and sql errors finder. You give in input a site and SQLSentinel crawls and try to exploit parameters validation error for you. When job is finished, it can generate a pdf report which contains the url vuln found and the url crawled.
Please remember that SQLSentinel is not an exploiting tool. It can only finds url Vulnerabilities.

Download latest version : SQLSentinel_v_0.1_beta.zip (1.9 MB) 
find other version |
Read more in here : https://sourceforge.net/p/sqlsentinel

Advertisements

Update Seccubus V2.0 beta3

Tool to automatically fire regular security scans with Nessus. Compare results of the current scan with the previous scan and report on the delta in a web interface. Main objective of the tool is to make repeated scans more efficient. Not affiliated

Platform : Unix/Linux

Features

  • Automated scanning with Nessus, Nikto and OpenVAS
  • Delta reporting
  • Findings are displayed in a web GUI
  • Findings can be filtered by host, port and plugin or any combination thereof

Seccubus V2 will have lots of new features in time: 

  1. • Importing scans (already supported via CLI)
  2. • Manual findings
  3. • Issues that group multiple findings together
  4. • Trouble ticket system integration
  5. • Reporting
  6. • Full audit trail

find other version | read more in here : http://seccubus.com/

Scanner Atomic 1.0 – Website Scanner

Features
[*] Capture Dynamic sites by Dork / Captura de sites Dinâmicos por Dork.

[*] Capture Links following a site / Captura de Links de um seguinte site.

[*] Test SQL injection vulnerability in the sites captured. [*] Detection hash (Encryptions) / Teste da vulnerabilidade Sql injection nos sites capturados. [*]Detecção de hash(Criptografias)..

[*] Brute Force to break Encryptions / Força Bruta para quebra de Criptografias.

[*] Dscriptografia of base64 / Dscriptografia da base64.

Original language Portuguese

Platform : Windows
Download Latest Version : scanner atomic – instala__o.exe (2.0 MB)
Find other version | Read more in here

Update Websploit V1.3 – Open source tool for scan and analysis Vulnerabilitys

WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability

Description :
[+]Autopwn – Used From Metasploit For Scan and Exploit Target Service
[+]wmap – Scan,Crawler Target Used From Metasploit wmap plugin
[+]format infector – inject reverse & bind payload into file format
[+]phpmyadmin – Search Target phpmyadmin login page
[+]lfi – Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF
[+]apache users – search server username directory (if use from apache webserver)
[+]Dir Bruter – brute target directory with wordlist
[+]admin finder – search admin & login page of target
[+]MLITM Attack – Man Left In The Middle, XSS Phishing Attacks
[+]MITM – Man In The Middle Attack


Platform : Unix/Linux

Download V1.3 : websploit-v 1.3.zip (1.1 MB)

Find other Version | Read more in here : http://code.google.com

Update Mutillidae V2.1.16 – Mutillidae Web Pen-Test Practice Application (owasp top 10)

Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. It is already installed on Samurai WTF. Simply replace existing version with latest on Samurai. Mutillidae contains dozens of vulnerabilities and hints to help the user exploit them; providing an easy-to-use web hacking environment deliberately designed to be used as a hack-lab for security enthusiast, classroom labs, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, in corporate web sec training courses, and as an “assess the assessor” target for vulnerability software.

Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools.

Change Log for Mutillidae 2.1.16:

  • Additional hints added to HTML5 Web Storage page to overwrite current web storage
  • Additional hints added to HTML5 Web Storage page concerning reading current web storage. Added code examples for document.write and using Firebug command line.
  • Added several new items to the Easter Egg file Mutillidae-Test-Scripts.txt
  • New vulnerability added. The HTML5 Storage page now has cross site scripting via DOM injection. The “storage key” field is vulnerable.
  • Added hints about DOM injection to the HTML5 Storage page.
  • Added hints to the capture-data.php page about cross site scripting
  • Updated the vulnerabilities listing
Platform : Windows & Linux

Download : LATEST-mutillidae-2.1.16.zip (7.1 MB)

read more In here : http://www.irongeek.com

scanPorts v2.1.0 – Simple remote host’s ports scanner web app.

Features

  • Scans remote host’s ports.
  • Can perform fast scan.
  • Usefull tool for developers and system adminisrators to test connection, easy access if you have public web hosting.

Download Latest Version : scanPorts_v2.1.0.zip (2.5 kB)

Find other Version | read more in here

Update The Mole V0.3 – Automatic SQL Injection Exploitation Tools

Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily. The CLI also provides auto-completion on both commands and command arguments, making the user type as less as possible.

Platform : Windows & linux

ChangeLog v-0.3 :

+ Added integer union sql injection exploitation support.

+ Added early DBMS Detection.

+ Added import command (only XML format supported).

+ Added export command (only XML format supported).

+ Added find_tables command.

+ Added find_tables_like command.

+ Added find_users_table command.

+ Added readfile command (only supported in MySQL).

+ Added xml import and export support.

+ Fixed gathering of schemas, tables and columns in SQL Server.

+ Fixed dumping bugs in Postgres.

+ Fixed other minor bugs.


Download Latest Version :

WindowsThe Mole v0.3 – Win32 executable (5.2 MB)

Linuxthemole-0.3-lin-src.tar.gz

Find Other Version | read more in here : http://themole.nasel.com.ar/