Friday, July 27, 2012

UNISCAN V-6.1- WEB VULNERABILITY SCANNER

The Uniscan is a Web vulnerability scanner, aimed at information security, which aims at finding vulnerabilities in Web systems and is licensed under the GNU GENERAL PUBLIC LICENSE 3.0 (GPL 3).


Uniscan characteristics -
Identification of system pages through a Web Crawler.
Use of threads in the crawler.
Control the maximum number of requests the crawler.
Control of variation of system pages identified by Web Crawler.
Control of file extensions that are ignored.
Test of pages found via the GET method.
Test the forms found via the POST method.
Support for SSL requests (HTTPS).
Proxy support.
Generate site list using Google.
Generate site list using Bing.
Plug-in support for Crawler.
Plug-in support for dynamic tests.
Plug-in support for static tests.
Plug-in support for stress tests.


The uniscan must be run from the command line. Example: perl uniscan.pl -u http://www.example.com/ -d


Other options:
OPTIONS:
-h help
-u example: https://www.example.com/
-f list of url's
-b Uniscan go to background
-q Enable Directory checks
-w Enable File checks
-e Enable robots.txt check
-d Enable Dynamic checks
-s Enable Static checks
-r Enable Stress checks
-i Bing search
-o Google search


changelog Uniscan V6.1 :
- Added -w 4 on ping command of Server information module.
- Small bugfix on crawler.
- Bugfix on SQL injection plugin.
- Bugfix on Blind SQL injection plugin.
- Added a new test on Blind SQL injecion plugin.
- Added option to show crawling ignored files.
- Removed fews extensions of “find Backup files” plugin.
- Added option to write all requests done by uniscan on requests.txt.
- Improved FCKeditor plugin.
- Improved checkBackup plugin.
- Added new plugin for crawler: timthumb vulnerability.
- Added new plugin for dynamic tests: timthumb vulnerability.
- Removed a bug that crashed the threads.


Platform : Unix/Linux
Download latest version -
Our previous post regarding uniscan -

at 1 comment:

Snorby Security Distribution - an open source IDS (Intrusion Detection System)

Snorby SSD is is an open source IDS (Intrusion Detection System) Linux distribution based on Snort and Snorby. Built on Ubuntu 8.04 LTS . With SSD it is possible to get a complete Intrusion Detection System running within a few minutes.

Download the Ssd Users Manual
Iso Image
Download: spsa.1.5.iso.
Size Compressed: 446 MB
MD5: e72bff5a6f8124407c3bc4fc4e15776e
Download Statistics
Snorby interface: https://ipaddress:8080
Username: Snorby
Password: admin
Ssh login:
Username: root
Password: the password you have chosen during the installation
Snorby official web site: http://snorby.org
Snorby Issues: http://github.com/mephux/Snorby/issuesSnorby GoogleGroups: http://groups.google.com/group/snorby
IRC: #snorby – irc.freenode.net
Credits: 
(SSD) Snorby Security Distribution is developed by Phillip Bailey.
Snorby is developed by Dustin Webber .
Thanks to:
The TurnKey crew www.turnkeylinux.org . The snorby community .
Changelog
30-08-2010 – Spsa 1.5 Released
[*] Improvements and fixes
*Email reporting support enabled (Postfix Gmail relay or Snorby standalone mode)
*New snort start/stop script
*Added snort 2.8.6.1-1
*oinkmaster ssl certificates fixed
*emerging threats rules fixed
Visit Website -
http://sourceforge.net/projects/spsa/
http://bailey.st/blog/snorby-spsa/



at No comments:

Snort - A network intrusion prevention and detection system

Snort is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide.

Snort can perform protocol analysis and content searching/matching. It can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. It uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that utilizes a modular plug-in architecture. Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user specified file, a UNIX socket, or WinPopup messages to Windows clients. Snort has three primary uses: a straight packet sniffer like tcpdump, a packet logger, or a full network intrusion prevention system.

Features
  • Protocol analysis and content searching/matching
  • Uses a flexible rules language to describe traffic that it should collect or pass
  • Detection engine that utilizes a modular plug-in architecture
  • Real-time alerting capability
  • Detects buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and more
Wednesday, July 18, 2012
Snort 2.9.3.0 has been released!
Snort 2.9.3.0 is now available on snort.org, at http://www.snort.org/snort-downloads/in the Latest Release section.

[*] New additions
* Update to flowbit rule option to allow for OR and AND of individual bits within a single rule, and allow flowbits to be used in multiple groups. See README.flowbits and the Snort manual for details.

* Dynamic output plugin architecture to provide an API that developers can write their own output mechanisms to log alert and packet data from Snort.

* Update to dcerpc2 preprocessor for improved accuracy and handling of different OSs for SMB processing. SeeREADME.dcerpc2 and the Snort manual for details.

* Updates to reputation preprocessor for handling of whitlelist and trustlists and zone information. SeeREADME.reputation and the Snort manual for details.

[*] Improvements

* Updates to http_inspect client PAF handling and server flow_depth handling.

* Logging updates to the smtp preprocessor.

* Added detailed documentation of unified2 logging configuration and logging.

* Removed --enable-decoder-preprocessor-rules configure option and hardened preprocessor and decoder rule event code. To enable old behavior such that specific preprocessor and decoder rules don't have to be explicitly added to snort.conf, add "config autogenerate_preprocessor_decoder_rules" to your snort.conf.

* Fixed SMTP mempool allocation for significant memory savings. Also tweaked memory required per stream5 session tracker.

* Force exact versioning match of running dynamic engine and dynamic engine used to build SO rules.

* User can now query reputation pp for routing table and management information.

* Update to return error messages through the control channel.

* Updates to the processing of email attachments for better handling of non-encoded attachments, and improved memory management for attachment processing.

* Improvements in HTTP Inspect for better performance with gzip decompression. Also improvements for handling simple responses, encoded query strings, transfer encoding and chunk encoding processing.

* Updates to the packet decoders to support pflog v4.

* Fix logging of multiple unified2 alerts with reassembled packets.

* Compiler warning cleanup across multiple platforms.

* Added 116:458 and 116:459 to cover fragmentation issues.

[*] Deletions
* Removed all database outputs.

Please see the Release Notes and ChangeLog for more details.
Snort Downloads

If you are using RHEL5, CentOS 5.5, or Fedora Core 11, please click here.

The Snort Engine is distributed both as source code and binaries for popular Linux distributions and Windows. It’s important to note that the The Snort Engine and Snort Rules are distributed separately.
Latest Release
We strongly recommend that you keep pace with the latest production release. Snort is evolving all the time and to stay current with latest detection capabilities you should always have both your Snort engine and ruleset up to date.

Name
Modified
Size
Status
Parent folder
Totals: 9 Items

17.9 MB
snort-2.9.3.tar.gz
2012-07-19
4.9 MB
i8 downloads
daq-1.1.1.tar.gz
2012-07-19
472.2 kB
i1 downloads
snort-2.9.3-1.src.rpm
2012-07-19
4.9 MB
i1 downloads
snort-2.9.3-1.F16.i386.rpm
2012-07-19
2.2 MB
i1 downloads
daq-1.1.1-1.src.rpm
2012-07-19
455.6 kB
i1 downloads
snort-2.9.3-1.RHEL6.i386.rpm
2012-07-19
2.1 MB
i1 downloads
daq-1.1.1-1.RHEL6.i386.rpm
2012-07-19
148.1 kB
i1 downloads
Snort_2_9_3_Installer.exe
2012-07-19
2.5 MB
i38 downloads
daq-1.1.1-1.F16.i386.rpm
2012-07-19
147.3 kB
i1 downloads

PGP Information

Snort releases 2.9.0 and above are signed with this pgp key.
Trust Chain: This new key can be verified with this signature, signed by our previous key.
Snort releases 2.8.3 and above are signed with this pgp key.
Trust Chain: This new key can be verified with this signature, signed by our previous key.
Snort Official Documentation
The official documentation produced by the Snort team at Sourcefire
TitleAuthor
Snort Users ManualSnort Team
Snort FAQSnort Team
The Snort Manual (HTML)Snort Team

Snort Setup Guides

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author. Authors who want comments and feedback may be emailed by clicking on their names below.
If you have a document you’d like to contribute to the Snort community contact at snort-team@sourcefire.com.
TitleAuthor
Snort 2.9.3.0 on Debian 6.0.5PDF SmallJason Weir
Snort 2.9.3.0 on OpenSuSE 12.1PDF SmallWilliam Parker
Snort 2.9.3.0 on FreeBSD 8.2PDF SmallWilliam Parker
Snort 2.9.3.0 on OpenSuSE 11.4PDF SmallWilliam Parker
Snort 2.9.3.0 on Ubuntu 10.04 LTSPDF SmallDavid Gullett, Symmetrix Technologies
Snort 2.9.1.2 on Mac OS XPDF SmallChristoph Murauer
Snort 2.9.0.x with PF_RING Inline deploymentPDF SmallMetaflows Google Group
Snort on Amazon EC2PDF SmallEtay Nir, Sourcefire

Snort Deployment Guides

The following deployment guides have been contributed by members of the Snort Community for your use. If you have a document you’d like to contribute to the Snort community contact us at snort-team@sourcefire.com.
TitleAuthor
Comparison of Popular Snort GUIsPDF SmallJames Lay

Snort Related Whitepapers

The following Whitepapers have been written by Sourcefire employees and may help with your Snort deployment. For further information on these papers, please email snort-team@sourcefire.com
TitleAuthor
VRT Methodology WhitepaperPDF SmallSourcefire Vulnerability Research Team (VRT)
Improving your Custom Snort RulesPDF SmallLeon Ward
Inline Normalization using Snort 2.9.0PDF SmallRuss Combs
Using Perfmon and Performance Profiling to Tune Snort Preprocessors and RulesPDF SmallSteven Sturges
HTTP Evasions RevisitedPDF SmallDaniel Roelker
Target Based Fragmentation ReassemblyPDF SmallJudy Novak
Target Based Stream ReassemblyPDF SmallJudy Novak


Visit website -
http://www.snort.org/
Documentation -
http://www.snort.org/docs
For more information -
http://screenshots.portforward.com/SnapGear/SG565/Intrusion_Detection_Snort.htm
Testing Snort with Windows Sp2The snort2pfsense shell script (snort to pfSense)Making snort a Service in Server 2008Snort Config files
http://www.misdivision.com/blog/snort-a-network-intrusion-detection-system
http://searchsecuritychannel.techtarget.com/feature/Barnyard-processing-logs-for-Snort
http://blog.snort.org/2011/01/guis-for-snort.html
http://blog.snort.org/
at No comments:

Removable Devices Security System - REMSES - v1.0.0.3

REMSES protects your computer from threats hiding on USB devices: flash, hdd and other. 
Resident shield, on-demand protection and passive protection makes your work on PC more safety.

NOW AVALAIBLE RUSSIAN AND ENGLISH LANGUAGES!

REMSES v1.0.0.3 only Russian for few days

*Added: automatic autorun REMSES whyle installs
*Fixed: wrong detection after deleted threat
*Fixed: error whyle detected on drive, no view list was
*Fixed: wrong popup window after connecting device

Current Version - REMSES - v1.0.0.3
Download remses_v1003_ru.exe (1.1 MB) 
Download other versions -
http://sourceforge.net/projects/remses/files/

21/07/2012 - Updated REMSES v1.0.0.2
* Added: map drive letters in the pop-up window
* Added: Support for external USB hard drives
* Fixed: Optimized code (CPU, memory)
Visit website -http://sourceforge.net/projects/remses/
http://remses.narod.ru/
For more information -
http://www.brothersoft.com/remses-498697.html
Screenshot -



at No comments:

WinSync

Backup script for Windows based on robocopy Fast backup, syncs changed files only. Space efficient, all duplicate files are Hardlinked. Easy Overview of destination folder Structure: Computer Name > Date_Time > Drive > Folder > File


Features
  • Space efficient, Hardlinks duplicate Files
  • Fast backup, Syncs changed Files only
  • Very smart, secure and fast with simple overview

Visit website -

at No comments:

360-FAAR Firewall Analysis Audit Repair v0.2.4

360-FAAR Firewall Analysis Audit Repair - 360-FAAR Analyze FW1 Cisco Netscreen Policy Offline Using Config/Logs

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file!

Read Policy and Logs for -

Checkpoint FW1 (in odumper.csv / logexport format),
Netscreen ScreenOS (in get config / syslog format),
Cisco ASA (show run / syslog format),

360-FAAR uses both inclusive and exclusive CIDR and text filters, permitting you to split large policies into smaller ones for virutalisation at the same time as removing unused connectivity.

360-FAAR supports, policy to log association, object translation, rulebase reordering and simplification, rule moves and duplicate matching automatically. Allowing you to seamlessly move rules to where you need them.

TRY: 'print' mode. One command, and spreadsheet for your audit needs!

Features
  • WRITTEN IN SIMPLE Perl - NEEDS ONLY STANDARD MODULES - IS ONE FILE
  • Easy to Edit Menu Driven Text Interface
  • Capable of manipulating tens of thousands of rules, objects and groups
  • Handles infinitely deep groups
  • Capable of CIDR filtering connectivity in/out of policy rulebases.
  • Capable of merging rulebases.
  • Identifies existing connectivity in rulebases and policies
  • Automatically performs cleanup if a log file is provided.
  • Keeps DR connecitvity via any text or IP tag
  • Encryption rules can be added during policy moves to remove the "merge from" rules for traffic that would be encrypted by the time it reached the firewall on which the "merge to" policy is to be installed - sounds complicated but its not in practice - apropriate ike and esp rules should be added manually
  • Runs consistency checks on its own objects and rule definitions
  • Extendable via a simple elsif in the user interaction loop section.
  • EASY TO EXECUTE:
  • ./360-faar.pl <FW CONFIG TYPE> <log> <config> <nats> <FW CONFIG TYPE> <log> <config> <nats> <FW CONFIG TYPE> <log> <config> <nats>
  • CONFIG TYPES: - cisco soon!
  • od = logexported logs, object dumper format config, fwdoc format nat rules csv
  • ns = syslog format logs, screenos6 format config, nats are included in policy but not processed fuly yet, fwdoc format nats can be used though
  • cs = cisco asa syslog file, cisco ASA format config, - not ready yet
  • OUTPUT TYPES:
  • od = output an odumper/ofiller format config to file, and print the dbedit for the rulebase creation to screen
  • ns = outputs netscreen screenos6 objects and policies (requires a netscreen config or zone info)
  • cs = cisco asa format config - not ready yet
  • By default 360-FAAR accepts exactly 3 configs on the command line.
  • Make an empty file called "fake" and and use this as the file name, for log config and nats if you want to process less than 3 configs at once.
  • Log file headders in fw1 logexported logs are found automatically so many files can be cated together
  • FUTHER PROCESSING AND MANUAL EDITING:
  • Output odumper/ofiller format files and make them more readable (watchout for spaces in names) using the numberrules helper script
  • Edit these csv's in Openoffice or Excell using any of the object or group definitions from the three loaded configs.
  • You can then use this file as a template to translate to many different firewalls using the 'bldobjs' mode
Download other version files -

Visit website -
For more information -
Screenshot -


at No comments: