Websecurify 0.6 - powerful web application security testing
Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.
http://code.google.com/p/websecurify/
w3af 1.0-rc3 Available For Download – Web Application Attack & Audit Framework
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.
http://w3af.sourceforge.net/
OpenSCAP – Framework For Implementing SCAP (Security Content Automation Protocol)
The OpenSCAP Project was created to provide an open-source framework to the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities. It is the goal of OpenSCAP to provide a simple, easy to use set of interfaces to serve as the framework for community use of SCAP.
http://www.open-scap.org/page/Main_Page
Onapsis Bizploit – ERP Penetration Testing Framework
Bizploit is the first Opensource ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests.
http://www.onapsis.com/research.html#bizploit
Samurai Web Testing Framework v0.8 Released – Pen Testing Security LiveCD
The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites.
http://samurai.inguardians.com/
Knock v1.3b – Subdomain Enumeration/Brute-Forcing Tool
Knock is a python script designed to enumerate sub-domains on a target domain through a wordlist.
http://knock.gianniamato.it/download.php
sectool – Security Audit Tool and IDS
sectool is a security tool that can be used both as a security audit as well as a part of an intrusion detection system. It consists of set of tests, library and textual/graphical frontend. Tests are sorted into groups and security levels. Administrators can run selected tests, groups or whole security levels.
https://fedorahosted.org/sectool/
Saturday, June 26, 2010
Monday, June 21, 2010
Anti-virus revisited...
I remember writing a short post (read here) about why Ubuntu users don't need an anti-virus. However, over the past few months, my opinion on this has changed.
For starters, linux (unix in general) is more secure by design unless you are the village idiot who insist on logging into your Ubuntu setup as root (you actually need to hack this as Ubuntu by default prevents users from logging is as the root user). What few viruses/worms that do exist can only affect the user as per his/her access rights to the system.
However (I did say I've changed my opinion on this), Ubuntu users do receive a lot of files from other users who (gasp!) use Windoze (and Macs) and these platforms do have viruses/worms. What we do not want to be is a carrier for those malware. So installing an anti-virus should be done only for the occasional health scan and to maybe scan new files as you get them.
I have Googled around for a decent, free, linux based anti-virus and have found the following:
You can also check the Ubuntu page on anti-viruses here.
For starters, linux (unix in general) is more secure by design unless you are the village idiot who insist on logging into your Ubuntu setup as root (you actually need to hack this as Ubuntu by default prevents users from logging is as the root user). What few viruses/worms that do exist can only affect the user as per his/her access rights to the system.
However (I did say I've changed my opinion on this), Ubuntu users do receive a lot of files from other users who (gasp!) use Windoze (and Macs) and these platforms do have viruses/worms. What we do not want to be is a carrier for those malware. So installing an anti-virus should be done only for the occasional health scan and to maybe scan new files as you get them.
I have Googled around for a decent, free, linux based anti-virus and have found the following:
- ClamAV (URL http://www.clamav.net/lang/en/) or check with Synaptics
- avast! (URL http://www.avast.com/linux-home-edition)
- AVG (URL http://free.avg.com/gb-en/download.prd-afl)
- F-Prot (URL http://www.f-prot.com/products/home_use/linux/)
You can also check the Ubuntu page on anti-viruses here.
Tuesday, June 15, 2010
Eee-control is still alive!
Grigori Goronzy, the developer of eee-control has just release version 0.9.6 of the utility for Lucid Lynx (URL http://greg.geekmind.org/eee-control/). I strongly suggest all Asus EeePC users install this fantastic utility into their Ubuntu setups. Will test this myself when I get home. :)
Subscribe to:
Posts (Atom)