Thursday, December 27, 2012

Linux Mint 14 “Nadia” KDE released!


Linux Mint 14 KDE released on 23Dec2012
KDE is a vibrant, innovative, advanced, modern looking and full-featured desktop environment. This edition features all the improvements from the latest Linux Mint release on top of KDE 4.9.
New features:
For a complete overview and to see screenshots of the new features, visit: “What’s new in Linux Mint 14 KDE“.
Important info:
Make sure to read the “Release Notes” to be aware of important info or known issues related to this release:
  • PAE required for 32-bit ISO
  • AMD Radeon HD2xxx-4xxx series card
  • Additional drivers
  • Mouse integration in Virtualbox
  • Moonlight
  • mint4win
  • CD images
  • GnomePPP and local repository
System requirements:
  • x86 processor (Linux Mint 64-bit requires a 64-bit processor. Linux Mint 32-bit works on both 32-bit and 64-bit processors).
  • 512 MB RAM (1GB recommended for a comfortable usage).
  • 5 GB of disk space
  • Graphics card capable of 800×600 resolution
  • CD/DVD drive or USB port
Upgrade instructions:
  • To upgrade from a previous version of Linux Mint follow these instructions.
  • To upgrade from the RC release, simply apply any level 1 and 2 updates (if any) available in the Update Manager.
Download:

Md5 sum:
  • 32-bit: b3e5442a8283f60d1a68417655c0f4aa
  • 64-bit: c98650e0ee446d0570c104dd6e8c5b41
Torrents:
HTTP Mirrors for the 32-bit DVD ISO:
HTTP Mirrors for the 64-bit DVD ISO:
Source-

at No comments:

AjaXplorer - Open source alternative to Dropbox and Box for the enterprise

AjaXplorer - Open source alternative to Dropbox and Box for the enterprise

 Why building your own box?

You need to access your documents across multiple devices, and regularly share documents (weblinks) and folders with your contacts and teams. Still, using a consumer SaaS box or drive service is neither practical nor safe. And enterprise SaaS box or drive services are expensive and come with Disk Storage that you already have on your servers or private cloud.

How to build your own box with ajaXplorer?

Easily install AjaXplorer on your servers or cloud of choice,
Simply share documents and folders with your teams,
Administrate your box with an Entreprise grade console (rights, groups, plug ins),
Access documents with a Web Gui, Smartphones and tablet apps (iOS, Android),
Sync folders on your computer (public beta, PC, Mac, Linux,Web,Tablets).

 Features
  • Standard file system actions, plus metadata
  • Drag'n'drop, right-click for contextual menus, modal windows
  • Users / Roles Management
  • Plugin architecture : interface with other CMS
  • FileSystem, FTP, SQL, LDAP, WebDAV, SMB, and more!
  • HTML5 Upload, PDF preview & Online image edition.
  • Google Analytics integration
  • Dynamic FTP authentication
  • Built-in WebDAV access to the repositories
  • iOS and Android applications available
  • Synchronization client currently available in public beta, for mac & windows.


Source-

Screenshot -

at No comments:

WebInject - Web (HTTP) testing and monitoring tool

WebInject is a free tool for automated testing of web applications and web services. 

It can be used to test individual system components that have HTTP interfaces (JSP, ASP, CGI, PHP, AJAX, Servlets, HTML Forms, XML/SOAP Web Services, REST, etc), and can be used as a test harness to create a suite of [HTTP level] automated functional, acceptance, and regression tests. 

A test harness allows you to run many test cases and collect/report your results.

WebInject offers real-time results display and may also be used for monitoring system response times. WebInject can be used as a complete test framework that is controlled by the Web Inject User Interface (GUI). Optionally, it can be used as a standalone test runner (text/console application) which can be integrated and called from other test frameworks or applications.

Downloads:-
webinject-1.41.win32.zip - MS Windows Executable + Source Code
webinject-1.41.src.tar.gz - Source Code (with UNIX style line endings)
at No comments:

PortableApps platform 11.2 - Portable Software/USB

PortableApps.com makes your software portable
PortableApps.com is the world's most popular portable software solution allowing you to take your favorite software with you. A fully open source and free platform, it works on any portable storage device (USB flash drive, iPod, memory card, portable hard drive, etc). With millions of users all over the world and a full collection of open source software (as well as freeware and commercial software), PortableApps.com is the most complete solution for life on the go.

 Features
  • Carry your favorite software on a USB flash drive
  • Easily install, upgrade and uninstall your apps
  • Be safe from data loss with the built-in backup utility
  • The industry standard portable software format
  • Full set of utilities available for all developers
Portable App Directory

Download The PortableApps.com Platform 11.2

your computer, without the computer™

The PortableApps.com Platform™ is a full-featured portable software menu, backup utility, app store, automatic updater and application management system that ties all your portable apps together and lets you build your own custom portable app suite. Add new apps with the portable app store, organize them by category or folder, choose the look and color you want and automatically update everything, all with one easy-to-use system. Just drop it on your portable device and you're ready to go. Learn more about all the features or see what's new in the platform changelog.

Download PortableApps.com Platform
Version 11.2 for Windows, Multilingual (55 Locales)
3MB download / 6MB installed (Details)
Source-
at No comments:

Java LOIC - Network stress testing application

JavaLOIC is a clone of LOIC written entirely in java.

This project is not related with Praetox.

Download JavaLOIC.exe (1.1 MB)
Download other versions

Platform - Windows,Linux

Source-
http://sourceforge.net/projects/javaloic/
at No comments:

Process Hacker 2.29 - View and manage processes, services and more with this powerful tool.

Process Hacker is a free and open source process viewer. This multi-purpose tool will assist you with debugging, malware detection and system monitoring. It includes powerful process termination, memory viewing/editing and other unique and specialized features.

 Features
  • Clear overview of running processes and resource usage
  • Detailed system information and graphs
  • Views and edits services
  • Powerful process termination
  • Bypasses security software and rootkits
  • Other features useful for debugging and analyzing software

Source-
http://sourceforge.net/projects/processhacker/
at No comments:

Wednesday, December 26, 2012

HoneyDrive Desktop released!


HoneyDrive is a virtual appliance (OVA) with Xubuntu Desktop 12.04 32-bit edition installed. It contains various honeypot software packages such as Kippo SSH honeypot, Dionaea malware honeypot, Honeyd low-interaction honeypot and more. Additionally it includes useful pre-configured scripts and utilities to analyze, visualize and process the data it can capture, such as Kippo-Graph, Honeyd-Viz, and much more. Lastly, many other helpful security, forensics and malware related tools tools are also present in the distribution.
The latest version (0.1) of HoneyDrive Desktop (Santa Claus edition), which was officially released on December 26, 2012 will be hosted at SourceForge.net. I am uploading the appliance (around 2.7GBs) while writing this post and need a couple of hours. Here is the link where you will find it: http://sourceforge.net/projects/honeydrive/
Please take a look at the README.txt file on SourceForge (also included inside the the virtual disk) to learn the specific features and where everything is located.
The installation procedure is pretty straightforward: after downloading the file, you simply have to import the virtual appliance to your virtual machine manager/hypervisor (suggested software: Oracle VM VirtualBox).
Below is a comprehensive list of HoneyDrive's features, ready to be used for promotion purposes :)
  • Virtual appliance based on Xubuntu 12.04 Desktop.
  • Distributed as a single OVA file, ready to be imported.
  • Full LAMP stack installed (Apache 2, MySQL 5), plus tools such as phpMyAdmin.
  • Kippo SSH Honeypot, plus Kippo-Graph, Kippo2MySQL and other helpful scripts.
  • Dionaea malware honeypot, plus phpLiteAdmin and other helpful scripts.
  • Honeyd low-interaction honeypot, plus Honeyd2MySQL, Honeyd-Viz and other helpful scripts.
  • LaBrea sticky honeypot, Tiny Honeypot, IIS Emulator, INetSim and SimH.
  • A full suite of security, forensics and anti-malware tools for network monitoring, malicious shellcode and PDF analysis, such as ntop, p0f, EtherApe, nmap, DFF, Wireshark, ClamAV, ettercap, Automater, UPX, pdftk, Flasm, pdf-parser, Pyew, dex2jar and more.
  • Firefox plugins pre-installed, plus extra helpful software such as GParted, Terminator, VYM, Xpdf and more.
DOWNLOAD:
The latest version (0.1) of HoneyDrive Desktop (Santa Claus edition), released on December 26, 2012 is hosted at SourceForge.net: http://sourceforge.net/projects/honeydrive/
MD5 Checksum: 49e57aab8ca36a02e0114930cb11c09d
SHA-1 Checksum: f644e878527a39f87df515ba7026ae84960b239d
Please take a look at the README.txt file on SourceForge (also included inside the the virtual disk) to see where everything is located.
INSTALLATION:
After downloading the file, you simply have to import the virtual appliance to your virtual machine manager/hypervisor (suggested software: Oracle VM VirtualBox).

Source-
at No comments:

Tuesday, December 25, 2012

THC-Hydra 7.4.1 released



















THC-Hydra

Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast.

Hydra available for Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, Currently supports AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.





A very fast network logon cracker which support many different services.
 See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa

 Current Version: 7.4.1 Last update 2012-12-24











 [0x00] News and Changelog

 Check out the feature sets and services coverage page - including a speed comparison against ncrack and medusa (yes, we win :-) ) Read below for Linux compilation notes. And there is a new section below for online tutorials.
        

        CHANGELOG for 7.4.1
        ===================
        * Quickfix to compile for people who do not have libssh installed
        
        CHANGELOG for 7.4
        -----------------
        * New module: SSHKEY - for testing for ssh private keys (thanks to deadbyte(at)toucan-system(dot)com!)
        * Added support for win8 and win2012 server to the RDP module
        * Better target distribution if -M is used
        * Added colored output (needs libcurses)
        * Better library detection for current Cygwin and OS X
        * Fixed the -W option
        * Fixed a bug when the -e option was used without -u, -l, -L or -C, only half of the logins were tested
        * Fixed HTTP Form module false positive when no answer was received from the server
        * Fixed SMB module return code for invalid hours logon and LM auth disabled
        * Fixed http-{get|post-form} from xhydra
        * Added OS/390 mainframe 64bit support (thanks to dan(at)danny(dot)cz)
        * Added limits to input files for -L, -P, -C and -M - people were using unhealthy large files! ;-)
        * Added debug mode option to usage (thanks to Anold Black)

 You can also take a look at the full CHANGES file
 
Source and Binaries
 
 1. The source code of state-of-the-art Hydra: hydra-7.4.1.tar.gz
    (compiles on all UNIX based platforms - even MacOS X, Cygwin on Windows, ARM-Linux, etc.)

 2. The source code of the stable tree of Hydra ONLY in case v7 gives you problems on unusual and old platforms:
    hydra-5.9.1-src.tar.gz

 3. The Win32/Cywin binary release: --- not anymore ---
    Install cygwin from http://www.cygwin.com
    and compile it yourself. If you do not have cygwin installed - how
    do you think you will do proper securiy testing? duh ...

        4. ARM and Palm binaries here are old and not longer maintained:
      ARM:  hydra-5.0-arm.tar.gz
             Palm: hydra-4.6-palm.zip

 
Source-
 
at No comments:

Wednesday, December 19, 2012

Gamja : Web vulnerability scanner

Gamja will find XSS(Cross site scripting) & SQL Injection weak point also URL parameter validation error. Who knows that which parameter is weak parameter? Gamja will be helpful for finding vulnerability[ XSS , Validation Error , SQL Injection].

 Download gamja-p4ssion.zip (314.0 kB)

 Supported platform
Windows ,Linux,Mac 

 Screenshot -











Source-
http://sourceforge.net/projects/gamja/
at No comments:

wifisploit - Automated wep wpa cracking and wireless pentesting

A wireless security tools which makes it easy to crack any wep/wpa, or any other wireless pentesting thing in order to test the security of your wireless network.

Features

  • Automated WPA cracking :

    1. Crack with a single or several dico(s), airolib is supported.
    2. Crack with bruteforce using crunch to generate password at runtime.
    3. Pyrit (with cuda if needed) if you want to use it.
    4. Maybe some advanced attacks ( focusing on WPA enterprise ).

  • Automated WEP cracking :

    1. With a client ( basic arp-request attack ).
    2. Without client ( chochop/fragmentation ).
    3. Withtout aps ( attacking clients ).
    4. Attack other than PTW are available if wanted.

  • Automated wifi pentesting ( vulnerabilities ) :

    1. Find a ssid ( wait for it or bruteforce it ).
    2. Find a mac ( wait for it or bruteforce it ).
    3. WPA downgrade.
    4. DDoS ( for example with aireplay ).
    5. beacon flood/ auth flood and several mdk3 attacks ...
    6. Rogue ap creation for WPA. ( in progress )

  • A very nice user interface :

    1. A nice console interface with color which can be used easily without argument ( like a ncurse program ), this interface is already fully functional.
    2. A GUI written in pyqt4 ( not realy functionnal for the moment ).
    3. Commandline arguments can be passed directly to be more quick. ( in progress )
It also detects your wireless devices and can change your mac address if you want ( like in wifite ).
It is written in python and pyqt and use powerfull tools like the aircrack-ng suite, wireless tools or mdk3.

Documentation 

Source-
http://code.google.com/p/wifisploit/
at 1 comment: