Thursday, May 31, 2012

Linux IPTables Firewall 1.4.14


What is iptables?

iptables is the userspace command line program used to configure the Linux 2.4.x and 2.6.x IPv4 packet filtering ruleset. It is targeted towards system administrators.
Since Network Address Translation is also configured from the packet filter ruleset, iptables is used for this, too.
The iptables package also includes ip6tablesip6tables is used for configuring the IPv6 packet filter.

Dependencies

iptables requires a kernel that features the ip_tables packet filter. This includes all 2.4.x and 2.6.x kernel releases.

Main Features

  • listing the contents of the packet filter ruleset
  • adding/removing/modifying rules in the packet filter ruleset
  • listing/zeroing per-rule counters of the packet filter ruleset

Git Tree

The current development version of iptables can be accessed at https://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=summary.


iptables Releases

2012-May-26: iptables-1.4.14


ChangeLog
iptables-1.4.14.tar.bz2 GPG signature (key) : md5sum 5ab24ad683f76689cfe7e0c73f44855d
Patch against 1.4.14 GPG signature : md5sum 3662d600d9ed2b18b44a8e18c633a3c8

Operational summary

Xtables allows the system administrator to define tables containing chains of rules for the treatment of packets. Each table is associated with a different kind of packet processing. Packets are processed by sequentially traversing the rules in chains. A rule in a chain can cause a goto or jump to another chain, and this can be repeated to whatever level of nesting is desired. (A jump is like a “call”, i.e. the point that was jumped from is remembered.) Every network packet arriving at or leaving from the computer traverses at least one chain.

Packet flow paths. Packets start at a given box and will flow along a certain path, depending on the circumstances.
The origin of the packet determines which chain it traverses initially. There are five predefined chains (mapping to the five available Netfilter hooks), though a table may not have all chains. Predefined chains have a policy, for example DROP, which is applied to the packet if it reaches the end of the chain. The system administrator can create as many other chains as desired. These chains have no policy; if a packet reaches the end of the chain it is returned to the chain which called it. A chain may be empty.
  • “PREROUTING”: Packets will enter this chain before a routing decision is made.
  • “INPUT”: Packet is going to be locally delivered. (N.B.: It does not have anything to do with processes having a socket open. Local delivery is controlled by the “local-delivery” routing table: `ip route show table local`.)
  • “FORWARD”: All packets that have been routed and were not for local delivery will traverse this chain.
  • “OUTPUT”: Packets sent from the machine itself will be visiting this chain.
  • “POSTROUTING”: Routing decision has been made. Packets enter this chain just before handing them off to the hardware.
Each rule in a chain contains the specification of which packets it matches. It may also contain a target (used for extensions) or verdict(one of the built-in decisions). As a packet traverses a chain, each rule in turn is examined. If a rule does not match the packet, the packet is passed to the next rule. If a rule does match the packet, the rule takes the action indicated by the target/verdict, which may result in the packet being allowed to continue along the chain or it may not. Matches make up the large part of rulesets, as they contain the conditions packets are tested for. These can happen for about any layer in the OSI model, as with e.g. the --mac-source and -p tcp --dport parameters, and there are also protocol-independent matches, such as -m time.
The packet continues to traverse the chain until either
  1. a rule matches the packet and decides the ultimate fate of the packet, for example by calling one of the ACCEPT or DROP, or a module returning such an ultimate fate; or
  2. a rule calls the RETURN verdict, in which case processing returns to the calling chain; or
  3. the end of the chain is reached; traversal either continues in the parent chain (as if RETURN was used), or the base chain policy, which is an ultimate fate, is used.
Targets also return a verdict like ACCEPT (NAT modules will do this) or DROP (e.g. the “REJECT” module), but may also imply CONTINUE (e.g. the "LOG" module; CONTINUE is an internal name) to continue with the next rule as if no target/verdict was specified at all.
Source -
For Detailed Documentation -













at No comments:

Wapiti - Web Application Vulnerability Scanner and Security Auditor

Wapiti - Web application vulnerability scanner and security auditor

Wapiti allows you to audit the security of your web applications.
It performs "black-box" scans, i.e. it does not study the source code of the application but it will scan the webpages of the deployed webapp, looking for scripts and forms where it can inject data.
Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.


Wapiti can detect the following vulnerabilities :
  • File Handling Errors (Local and remote include/require, fopen, readfile...)
  • Database Injections (PHP/JSP/ASP SQL Injections and XPath Injections)
  • XSS (Cross Site Scripting) Injection
  • LDAP Injection
  • Command Execution detection (eval(), system(), passtru()...)
  • CRLF Injection (HTTP Response Splitting, session fixation...)
Wapiti is able to differentiate punctual and permanent XSS vulnerabilities.
Wapiti prints a warning everytime it founds a script allowing HTTP uploads.
A warning is also issued when a HTTP 500 code is returned (useful for ASP/IIS)
Wapiti does not rely on a vulnerability database like Nikto do, although it integrates its database as a type of attack since the version 2.2.1
Wapiti aims to discover unknown vulnerabilities in web applications.
It does not provide a GUI for the moment and you must use it from a terminal.
Wapiti is able to create complete reports that include all the found vulnerabilities and related information in order to help to fix them. Take a look at the README file.



Usage

Wapiti-2.2.1 - A web application vulnerability scanner

Usage: python wapiti.py http://server.com/base/url/ [options]

Supported options are:
-s 
--start 
To specify an url to start with

-x 
--exclude 
To exclude an url from the scan (for example logout scripts)
You can also use a wildcard (*)
Example : -x "http://server/base/?page=*&module=test"
or -x http://server/base/admin/* to exclude a directory

-p 
--proxy 
To specify a proxy
Exemple: -p http://proxy:port/

-c 
--cookie 
To use a cookie

-t 
--timeout 
To fix the timeout (in seconds)

-a 
--auth 
Set credentials for HTTP authentication
Doesn't work with Python 2.4

-r 
--remove 
Remove a parameter from URLs

-n 
--nice 
  Define a limit of urls to read with the same pattern
  Use this option to prevent endless loops
  Must be greater than 0

-m 
--module 
  Set the modules and HTTP methods to use for attacks.
  Example: -m "-all,xss:get,exec:post"

-u
--underline
Use color to highlight vulnerables parameters in output

-v 
--verbose 
Set the verbosity level
0: quiet (default), 1: print each url, 2: print every attack

-f 
--reportType 
Set the type of the report
xml: Report in XML format
html: Report in HTML format

-o 
--output 
Set the name of the report file
If the selected report type is "html", this parameter must be a directory

-i 
--continue 
This parameter indicates Wapiti to continue with the scan from the specified
  file, this file should contain data from a previous scan.
The file is optional, if it is not specified, Wapiti takes the default file
  from \"scans\" folder.

-k 
--attack 
This parameter indicates Wapiti to perform attacks without scanning again the
  website and following the data of this file.
The file is optional, if it is not specified, Wapiti takes the default file
  from \"scans\" folder.

-h
--help
To print this usage message

More Details on Features -
For More Information on Wapiti -

at No comments:

OWASP Broken Web Applications Project



Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost VMware Player and VMware Server products (along with their commercial products).

Led by Chuck Willis (chuck (at) securityfoundry (dot) com) and sponsored by Mandiant (www.mandiant.com).

This project now has a Google Group available at http://groups.google.com/group/owaspbwa/. Feel free to post any questions or comments on the project to that group.

Note - This project is a collection of open source software from various sources, along with some custom modifications and pieces to make it all work together. The license for each component may vary. The GPLv2 license for this project is only for any custom modifications and code created for this project.

Version 1.0rc1 of the VM was released on April 4, 2012.
See the Downloads page for details and links.
For more information on the project, see the Project Summary Wiki page.

Features :-
  • OWASP
  • Virtual Machine
  • Vulnerable Web Apps
OWASP Broken Web Applications Project Web Site>>

The Broken Web Applications Project (BWA) is an effort to provide a wealth of applications with known vulnerabilities for those interested in :-
  • learning about web application security
  • testing manual assessment techniques
  • testing automated tools
  • testing source code analysis tools
  • observing web attacks
  • testing WAFs and similar code technologies
all the while saving people interested in doing either learning or testing the pain of having to compile, configure, and catalog all of the things normally involved in doing this process from scratch.

For More Information visit
http://sourceforge.net/projects/owaspbwa/
https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
http://code.google.com/p/owaspbwa/ OWASP Broken Web Applications – Excelent Learning Tool










at No comments:

Safe3si - The most powerful and easy usage SQL injection penetration testing tool

Safe3SI is one of the most powerful and easy usage penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database,to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Screenshot :-

Features:
  • Full support for http, https website.
  • Full support for Basic, Digest, NTLM http authentications.
  • Full support for GET, Post, Cookie sql injection.
  • Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase andSAP MaxDB database management systems.
  • Full support for four SQL injection techniques: blind, error-based, UNION query and force guess.
  • Powerful AI engine to automatic recognite injection type, database type, sql injection best way.
  • Support to enumerate databases, tables, columns and data.
  • Support to read,list and write any file from the database server underlying file system when the database software is MySQL or Microsoft SQL Server.
  • Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is Oracle or Microsoft SQL Server.
  • Support to ip domain query,web path guess,md5 crack etc.
  • Support for sql injection scan.
Download :-

Safe3SI need to download and install:
.NET Framework 2.0 or above needed to install
Safe3SI Free Version v9.0

For latest business version v13.2,please contact :

Site:http://safe3.com.cn/

Email:safe3q@gmail.com
at No comments:

Webvulscan - Web Application Vulnerability Scanner

WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found.

After a scan is complete, a detailed PDF report is emailed to the user. The report includes descriptions of the vulnerabilities found, recommendations and details of where and how each vulnerability was exploited.

The vulnerabilities tested by WebVulScan are :-
  • Reflected Cross-Site Scripting
  • Stored Cross-Site Scripting
  • Standard SQL Injection
  • Broken Authentication using SQL Injection
  • Autocomplete Enabled on Password Fields
  • Potentially Insecure Direct Object References
  • Directory Listing Enabled
  • HTTP Banner Disclosure
  • SSL Certificate not Trusted
  • Unvalidated Redirects
Features :-
  • Crawler: Crawls a website to identify and display all URLs belonging to the website.
  • Scanner: Crawls a website and scans all URLs found for vulnerabilities.
  • Scan History: Allows a user to view or download PDF reports of previous scans that they performed.
  • Register: Allows a user to register with the web application.
  • Login: Allows a user to login to the web application.
  • Options: Allows a user to select which vulnerabilities they wish to test for (all are enabled by default).
  • PDF Generation: Dynamically generates a detailed PDF report.
  • Report Delivery: The PDF report is emailed to the user as an attachment.
This software was developed, and should only be used, entirely for ethical purposes. Running security testing tools such as this on a website (web application) could damage it. In order to stay ethical, you must ensure you have permission of the owners before testing a website (web application). Testing the security of a website (web application) without authorisation is unethical and against the law in many countries.

Download WebVulScan 0.11

at No comments:

Google Drive

After much hype, Google has finally unwrapped the brand new Google Drive. And as expected, it is equipped with many features. Basically, it is an online file-storage service, where you can upload your important files for sharing and safekeeping. Like Microsoft's SkyDrive, it offers an online storage space of 5GB for free! Now admittedly, Google has been slow in introducing such a service, considering that it a The Internet Giant. Don't let this be the deciding factor here though. As they say, slow and steady wins the race. Or does it? I mean, sure, Google has been introducing many new services and improving on existing ones, but is Google Drive any better than other storage services?

A quick glance at the features shows that it may be. Aside from giving you free space on its server, Google Drive includes many exciting features like smart tagging, and image recognition. Let's see if it actually is better than others,or not.

Setting up Google Drive 

Setting up Google Drive is very easy. You will need a Google Account for this. If you have one, simply start using Google Drive here. You will be guided through simple steps. Since this is a brand new service, you might be put on a waiting list for those whose Drive isn't ready yet. Give them your email so that they can notify you when your Drive is ready.

What's cool about it? 

There are lots of cool features that come with Google Drive. Watch the video below for a preview of Google Drive.

Store and share! 

As already mentioned, Google Drive lets you use up to 5GB of free space. Which means you can upload any document, image or video of a large size (though uploading HD videos over a 3G network might not be a very good idea :P). Aside from storage, Google also gives you sharing options. With this, you can share file for something, say a group project, and then, all your group members can access and work on those files at the same time!

Google Integration 

Recently, we have been seeing a change in Google's business model. It has introduced services and features that are aimed at keeping visitors on its own websites. Google+ is a good example. And so is Google Drive. It has integration for all Google Product an average internet user uses, such as Google Docs, Google+, Gmail, Android etc, which is aimed at providing users with a seamless 'Google' experience. Now, you no longer have to attach bulky files with emails. Just upload them on your Drive, and send links to any emails you want.

Google Docs 

In addition to Gmail and Google+, Google Drives is also integrated with your Google Docs. This means that you will be able to work on your word documents, presentations, or spread sheets right on your Drive.

Text and image recognition
This one is my favorite by far. It can search text within image files! So if I want to look for some text in a document that I scanned, I can easily do that. Amazing huh? Google Drive also has an image recognition system that lets you search for an image. But the text recognition has made life really very simple for me.
Smart Tagging 

If you 'tag' your files, you can later search them based on the tagged keywords. This is a very smart way of organizing your files.

Support for many file types 

Google Drives gives you the option of viewing more than 30 most commonly used file types. Be it PDF, or JPEG image, an or mp4 video, you can view and edit them (mostly docs) right on your browser.

Mobile Apps! 

Google Drive has apps for both Windows and Mac OS. But what's more useful is the mobile apps for Android devices. You can access your Drive right through your phone! Note; the iPhone app is being worked upon and is expected to come out in the coming weeks.

Extending Storage 

Generally, a 5GB storage space is enough for my basic needs. But if you are not satisfied, you can buy more storage from Google at a certain cost. The packages are as shown below.
25GB = $2.49 / month
100GB = $4.99 / month
1TB = $24.99 / month

Note; When you buy a package plan, the storage limit extends to your Gmail storage as well. So essentially, you are buying twice the space for the same amount.

In many areas, Google Drive might look no different than other such storage services. But Google is working with third party services to provide more features such as editing videos, sending faxes, etc. Even through services like DropBox provide some similar features, personally, I'd pick Google Drive over SkyDrive or DropBox, mainly due to the integration, the text recognition, and the ease of use. But really, it all comes down to personal preferences. So try out Google Drive, and tell us whether you like it or not!

Video Url
http://www.youtube.com/watch?v=wKJ9KzGQq0w&feature=player_embedded


For More Information visit -
http://googleblog.blogspot.in/2012/04/introducing-google-drive-yes-really.html
https://drive.google.com/start?authuser=0#home
at No comments:

LuninuX OS - Debian/Ubuntu based Linux distribution

LuninuX OS is a Debian/Ubuntu based Linux distribution designed to be beautiful, clean, simply, fast, and stable. it was previously known as Sn0wl1nuX. It is super-fast, great-looking, secure, intuitive operating system that powers desktops and laptops. LuninuX OS is absolutely free, and comes with a selection of the best applications designed to meet most of your daily needs. It can be run directly from a CD/DVD/USBStick and optionally be installed to a HDD, including IDE, SCSI, SATA, PATA and USB drives.

Features
  • AbiWord
  • Adobe Flash
  • Audacity
  • Audio CD Extractor
  • Banshee Media Player
  • Brasero Disk Burner
  • Cheese Webcam Booth
  • Compiz
  • Dasher
  • Déjà Dup Backup Utility
  • Devede DVD/CD Video Creator
  • Dia Diagram Editor
  • Dictionary
  • Docky
  • Eclipse
  • Ekiga Softphone
  • Empathy
  • Evolution Mail and Calendar
  • FileZilla
  • Firefox Web Browser
  • Geany
  • Gimp Image Editor
  • Glade Interface Designer
  • Gloobus Preview
  • Gnome
  • Gnome Do
  • Gwibber Chat
  • Java
  • Kernel
  • Libre Office
  • Mahjongg
  • Moonlight
  • Moovida Media Center
  • MonoDevelop
  • Nautilus
  • On-Screen Keyboard
  • Parcellite
  • Pitivi Video Editor
  • PlayOnLinux
  • Shotwell Photo Manager
  • Simple Scan
  • Skype
  • Sudoku
  • Tomboy Notes
  • Transmission BitTorrent Client
  • Ubuntu Tweak
  • VirtualBox OSE
  • Wine
  • X-Chat

For More information 

Screenshot of LuninuX OS Laptop



at No comments:

Knoppix Version 7.0.1 released


KNOPPIX is a bootable Live system on CD or DVD, consisting of a representative collection ofGNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux system for the desktop, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk. Due to on-the-fly decompression, the CD can have up to 2 GB of executable software installed on it (over 8GB on the DVD "Maxi" edition).

Klaus Knopper, creator of Knoppix officially declared the general availability of its popular Live Linux distribution Knoppix 7.0.1.
  • Version 7.0.1 of Knoppix is based on the usual picks from Debian stable (squeeze) and newer Desktop packages from Debian/testing and Debian/unstable (wheezy). It uses kernel 3.3.7 and xorg 7.6 (core 1.12.1.902) for supporting current computer hardware.
  • Optional 64-bit Kernel via boot option "knoppix64", supporting systems with more than 4GB of RAM and chroot to 64-bit installations for system rescue tasks (DVD version only).
  • LibreOffice 3.5.3,
  • Chromium 18.0.1025.168 and Firefox/Iceweasel 10.0 Web Browser,
  • LXDE (Default), KDE 4.7.4 (boot option knoppix desktop=kde, DVD version only), GNOME 3.4 (boot option knoppix desktop=gnome, DVD version only).
  • ADRIANE: Version 1.4 of the audio desktop for blind computer users.
  • Viacam for controlling the mouse cursor by movement of head or hand using the builtin webcam.
  • Wine version 1.5.4 for integration of Windows (TM) based programs.
  • Virtualbox version 4.1.14 (DVD version only) and qemu-kvm 1.0 for (para-)virtualization.
  • zram "RAM-Compression", especially useful for older computers with low ram: Up to 75% of main memory will be compressed if running out of ram. This way, it is possible to start large programs without needing a swap area on disk. With this feature, the system can use up to twice as much "virtual" ram (for averagely compressible data).
  • New experimental autodetection of graphics cards with composite 3D extensions for the compiz windowmanager. Alternately, boot options "knoppix no3d" and "knoppix 3d" can be used for disabling and enabling compiz on slow graphics chipsets.
  • Support for broadcom wifi whipsets has been moved from broadcom-sta towards kernel-supported wifi modules. More broadcom chipset models should be supported now than with the monolithic driver.
  • The "Knoppix"-submenu inside the start menu is back: Knoppix-specific extensions can be fund there now instead of the "preferences" menu.
  • In the flash-installer, desired overlay size and encryption can now be specified immediately.-> complete software list DVD (over 3000 software packages, total of 9GB uncompressed size, cloop-compressed to 4GB).
  • A full list of changes and new features can be found in the release notes.
Complete software list DVD (over 3000 software packages, total of 9GB uncompressed size, cloop-compressed to 4GB).

To Download Knoppix 7.0.1 Click Here

Visit Knoppix Website -
Detailed Information about version 7.0.1
at No comments:

Apache HTTP Server - The most popular web server on the Internet.

Hi Friends,Today's post about Apache HTTP Server.
Apache is very well known Most Popular Web Server in the World as compared to Microsoft IIS (Internet Information Server) & Other Web Servers flavors like Lighthttpd,Sun Java System Web Server,Jigsaw Server. 
It's Open Source,Robust,free & Stable web server.


The Apache HTTP Server Project is a collaborative software development effort aimed at creating a robust, commercial-grade, featureful, and freely-available source code implementation of an HTTP (Web) server. The project is jointly managed by a group of volunteers located around the world, using the Internet and the Web to communicate, plan, and develop the server and its related documentation. This project is part of the Apache Software Foundation. In addition, hundreds of users have contributed ideas, code, and documentation to the project.

Features :-

  • Modular to enable easy addition of features. 
  • A vast community of users and developers. 
  • Similar performance to other "high performance" servers. 
  • Virtual hosting, enabling a single physical machine to serve multiple separate websites. 
  • Configurable error messages. 
  • DBMS-based authentication databases. 
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.

Apache httpd has been the most popular web server on the Internet since April 1996, and celebrated its 17th birthday as a project this February.

The Apache HTTP Server ("httpd") is a project of The Apache Software Foundation.

Apache httpd 2.4.2 Released 2012-04-17

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.4.2 of the Apache HTTP Server ("Apache"). This version of Apache is our 2nd GA release of the new generation 2.4.x branch of Apache HTTPD and represents fifteen years of innovation by the project, and is recommended over all previous releases. This version of Apache is principally a security and bug fix release.

This version of httpd is a major release of the 2.4 stable branch, and represents the best available version of Apache HTTP Server. New features include Loadable MPMs, major improvements to OSCP support, mod_lua, Dynamic Reverse Proxy configuration, Improved Authentication/Authorization, FastCGI Proxy, New Expression Parser, and a Small Object Caching API.

Download | New Features in httpd 2.4 | Complete ChangeLog for 2.4 | ChangeLog for just 2.4.2Apache HTTP Server Web Site -
For Documentation -
http://httpd.apache.org/docs/
For More Information - 
at No comments:

Popular Types of Web Servers

Hi Friends, 

Every Web site runs on a Computer/Server known as a Web Server.

This server is always connected to the internet. Every Web server is connected to the Internet through a unique address called IP address.
IP address made up of a series of four numbers between 0 and 256 separated by periods. 
for example, 203.170.15.132 or 203.122.85.127.

The most common use of web servers is to host websites, but there are other uses such as gaming, data storage or running enterprise applications.

When you register a Web address, also known as a domain name, such as tutorialspoint.com you have to specify the IP address of the Web server that will host the site. You can load up with Dedicated Servers that can support your web-based operations.

There are four leading web browsers: Apache, IIS, lighttpd and Jagsaw. Now we will see these servers in bit more detail.

 Apache HTTP Server
This is the most popular web server in the world developed by the Apache Software Foundation. Apache web server is an open source software and can be installed on almost all operating systems including Linux, Unix, Windows, FreeBSD, Mac OS X and more. About 60% of the web server machines run the Apache Web Server. You can have Apache with tomcat module to have JSP and J2EE related support.
You can have detailed information about this server at Apache HTTP Server

 Internet Information Services
The Internet Information Server (IIS) is a high performance Web Server from Microsoft. This web server runs on Windows NT/2000 and 2003 platforms ( and may be on upcoming new Windows version also). IIS comes bundled with Windows NT/2000 and 2003; Because IIS is tightly integrated with the operating system so it is relatively easy to administer it. You can have detailed information about this server at Miscrosoft IIS

 Lighttpd
The lighttpd, pronounced lighty is also a free web server that is distributed with the FreeBSD operating system. This open source web server is fast, secure and consumes much less CPU power. Lighttpd can also run on Windows, Mac OS X, Linux and Solaris operating systems. You can have detailed information about this server at lighttpd 

Sun Java System Web Server
This web server from Sun Microsystems is suited for medium and large web sites. Though the server is free it is not open source. It however, runs on Windows, Linux and Unix platforms. The Sun Java System web server supports various languages, scripts and technologies required for Web 2.0 such as JSP, Java Servlets, PHP, Perl, Python, Ruby on Rails, ASP and Coldfusion etc.You can have detailed information about this server at Sun Java System Web Server

 Jigsaw Server
Jigsaw (W3C's Server) comes from the World Wide Web Consortium. It is open source and free and can run on various platforms like Linux, Unix, Windows, Mac OS X Free BSD etc. Jigsaw has been written in Java and can run CGI scripts and PHP programs.You can have detailed information about this server at Jigsaw Server 

Apart from these web servers, you can find tons of other options in the market, and various hosting companies support different kinds of servers; hence, it’s important to make the server selection based on your personal needs. For instance, if you want to host ASP.Net web apps, then you should definitely consider only IIS at the first place. On the other hand, if you want to run WordPress, and other apps that primarily run on Linux, IIS may not be the right choice! 

there are other Web Servers also available in the market but they are very expansive. Major ones are Netscape's iPlanet, Bea's Web Logic and IBM's WebSphere

Source -
More Information on HTTP (Hypertext Transport Protocol)
Various Server Types 



at No comments:

XAMPP - Local Web Server

XAMPP is a very easy to install Apache Distribution for Linux, Solaris, Windows and Mac OS X. The package includes the Apache web server, MySQL, PHP, Perl, a FTP server and phpMyAdmin.

It's not easy to install an Apache web server and it gets harder if you want to add MySQL, PHP and Perl.

XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really very easy to install and to use - just download, extract and start.

At the moment there are four XAMPP distributions:


XAMPP for Linux
The distribution for Linux systems (tested for SuSE, RedHat, Mandrake and Debian) contains: Apache, MySQL, PHP & PEAR, Perl, ProFTPD, phpMyAdmin, OpenSSL, GD, Freetype2, libjpeg, libpng, gdbm, zlib, expat, Sablotron, libxml, Ming, Webalizer, pdf class, ncurses, mod_perl, FreeTDS, gettext, mcrypt, mhash, eAccelerator, SQLite and IMAP C-Client.
The distribution for Windows 2000, 2003, XP, Vista, and 7. This version contains: Apache, MySQL, PHP + PEAR, Perl, mod_php, mod_perl, mod_ssl, OpenSSL, phpMyAdmin, Webalizer, Mercury Mail Transport System for Win32 and NetWare Systems v3.32, Ming, FileZilla FTP Server, mcrypt, eAccelerator, SQLite, and WEB-DAV + mod_auth_mysql.
The distribution for Mac OS X contains: Apache, MySQL, PHP & PEAR, SQLite, Perl, ProFTPD, phpMyAdmin, OpenSSL, GD, Freetype2, libjpeg, libpng, zlib, Ming, Webalizer, mod_perl.
The distribution for Solaris (developed and tested with Solaris 8, tested with Solaris 9) contains: Apache, MySQL, PHP & PEAR, Perl, ProFTPD, phpMyAdmin, OpenSSL, Freetype2, libjpeg, libpng, zlib, expat, Ming, Webalizer, pdf class.
XAMPP is free of chargeXampp is not like overpriced commercial software and XAMPP is attempt to do something that shows free software doesn't have to be bad.

Easy installation and deinstallation
To install XAMPP you only need to download and extract XAMPP, that's all. There are no changes to the Windows registry (not true if you use the Windows installer version of XAMPP) and it's not necessary to edit any configuration files. It couldn't be easier!

To check that XAMPP is working some sample programs are included, there is a small CD collection program (written in PHP using MySQL) and a small guest book software (written in Perl) and several other demonstration utilities.

If you decide that XAMPP isn't needed any more just delete the XAMPP directory and it's completely removed from your system.

However if you use the Windows installer version of XAMPP it's recommended to use the uninstall feature. As every installer the installer will make registry entries to remember the install.

The philosophy
The philosophy behind XAMPP is to build an easy to install distribution for developers to get into the world of Apache. To make it convenient for developers XAMPP is configured with all features turned on.The default configuration is not good from a securtiy point of view and it's not secure enough for a production environment - please don't use XAMPP in such environment.Since LAMPP 0.9.5 you can make your XAMPP installation secure by calling »/opt/lampp/lampp security«.

XAMPP 1.7.7 a PHP , Apache , Mysql development package

XAMPP is my favorite AMP Package  . Latest version of XAMPP is 1.7.7 .It is easy to install Apache distribution.Apache is not easy to install and configure with PHP and Mysql.This AMP package makes easy to installation of Apache ,PHP and Mysql at different platforms like Windows , MAc OS X , Linux , Solaris.It is hosted at SourceForge.

Latest version of XAMPP has following development softwares :

Apache 2.2.21
MySQL 5.5.16
PHP 5.3.8
phpMyAdmin 3.4.5
FileZilla FTP Server 0.9.39
Tomcat 7.0.21 (with mod_proxy_ajp as connector)



at No comments:

Matriux - The Open Source Security Distribution for Ethical Hackers and Penetration Testers

Matriux - The Open Source Security Distribution for Ethical Hackers and Penetration Testers
Matriux is a GNU/Linux, Debian based security distribution designed for penetration testing and cyber forensic investigations. It is a distribution designed for security enthusiasts and professionals, can also be used normally as your default OS.
Features :-
  • Faster interface
  • More than 300 tools powerful for penetration testing and forensics
  • Kernel 2.6.39-krypton

It is a fully featured security distribution consisting of a bunch of powerful, open source and free tools that can be used for various purposes including, but not limited to, penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, and much more. It is a distribution designed for security enthusiasts and professionals, although it can be used normally as your default desktop system.

With Matriux, you can turn any system into a powerful penetration testing toolkit, without having to install any software into your hardisk. Matriux is designed to run from a Live environment like a CD / DVD or USB stick or it can easily be installed to your hard disk in a few steps. Matriux also includes a set of computer forensics and data recovery tools that can be used for forensic analysis and investigations and data retrieval.


Matriux Krypton 
launched on 15th August 2011 on the occasion of India's Independence Day

Asia's first OS for hacking, penetration testing, and cyber forensic investigation


at No comments:

Wednesday, May 30, 2012

IPRangeScanner 3 - Scan IP Address or http-links


IPRangeScanner3 - Scan IP Address or http-links  

Input files can have IP/Mask lines or link lines (http links only).

•Need Microsoft.Net Framework 3.5 SP1
• System.Data.SQLite for 32-bit Windows (.NET Framework 3.5 SP1):
http://system.data.sqlite.org/index.html/doc/trunk/www/downloads.wiki and choose sqlite-netFx35-setup-x86-2008-1.0.79.0.exe (6.02mb)
 



at No comments:

VirtualBoxes - Free VirtualBox(R) Images

VirtualBoxes – Free VirtualBox® Images
Ready-to-use virtual machines sporting open-source operating systems


Provide ready-to-use innoTek VirtualBox images for open-source operating systems that can be used for testing and/or security-related purpose, or for anything you wish. News, HOWTOs and much more is available at the project web site.

This project provides virtual machines for Sun XVM VirtualBox®sporting several free and/or open-source operating systems, such as GNU/Linux or Free/Net/OpenBSD for testing, security and/or entertainment purposes.

In most cases, we’ve done a minimal setup, to let you alter the images to your own needs and learn how to use the operating systems. We will try to provide instructions for key tasks (for example, installing Guest Additions) for each image.

This site will forever be under construction, and new content may be always behind the scene. If you wish not to lose a word about our proceedings, browse our News page. You’re encouraged to subscribe to our newsfeed or follow us by by e-mail, either.
Features
  • VDI images for several open source Operating Systems
  • Default installs come pre-configured to fetch other packages from their repositories


Images
This Project will provide pre-built images for several open-source operating systems.

Please note that:
Every image contains the latest software as of the day the image was built. Performing updates is on your own, and may require looking for documentation to read using your favourite search engine.
Default usernames and passwords, where required, can be found next to the download link of each image. You are warmly invited to create your own user, or at least to change passwords, if you intend to use the images in a public environment.

GNU/Linux (GNU userland tools running on top of the Linux kernel)
Archlinux (website).
CentOS (website): the installation is done from the DVD, with default parameters set
Damn Small Linux (website): the installation is done from the CD, with default parameters set.
Debian (website): the installation has been done from the netinstall ISO image for the x86 architecture.
DeLi Linux (website).
Dreamlinux (website): the installation has been done from the CD, with default parameters set.
Fedora (website).
Fluxbuntu (website): the installation is done from the CD, with default parameters set.
Gentoo (website): the installation is done from the ISO image, then customized .
gNewSense (website): the installation is done from the CD, with default parameters set.
gOS (website).
Kubuntu (website): the installation is done from the CD, with default parameters set.
LinuxMint (website): the installation is done from the CD, with default parameter set.
Mandriva (website): the installation is done from the CD, with default parameters set.
Moblin 2 (website): the installation is done from the .img/.iso file provided by the project.
moonOS (website).
OpenSUSE (website).
PCLinuxOS (website).
Puppy Linux (website).
Sidux (website).
Slackware (website): the installation has been done from the first CD, selecting the bare minimum disk sets.
SliTaz (website)
Tiny Core Linux (website)
TinyMe (website)
Ubuntu (website): the installation is done from the CD, with default parameters set.
Ubuntu Server (website): the installation is done from the CD.
Ubuntu Studio (website): the installation is done from the CD, with default parameters set
Xubuntu (website): the installation is done from the CD, with default parameters set.
VectorLinux (website):the installation is done from the CD, with default parameters set.
Zenwalk (website): the installation is done from the Standard Edition CD, with default parameters set.

GNU/OpenSolaris (GNU userland tools running on top of the OpenSolaris kernel)
OpenSolaris (website).
Nexenta (website): the installation is done from the CD.
MILAX (website): the installation has been done from the official ISO image.

GNU/FreeBSD (GNU userland tools running on top of the FreeBSD kernel)
Debian GNU/kFreeBSD (website): the installation has been done from the daily mini.iso.

BSD
FreeBSD (website):the installation is done from the bootonly iso

Other
AROS (website): the installation has been done from the nightly build ISO image.
FreeDOS (website): the installation has been done from the official ISO image.
Haiku (website): the image has been done from the nightly build HDD raw image.
MINIX (website): the installation has been done from the official ISO image (MINIX 3).
ReactOS (website): the installation has been done from the official ISO image.
SYLLABLE (website): the installation has been done from the official ISO image.
Android-x86 (website): the istallation has been done from the daily ISO image.
Plan 9 (website): the installation has been done from the ISO image.

For More Details Visit Website - 


at No comments: