JSQL INJECTION V-0.5 Relesed - A JAVA TOOL FOR AUTOMATIC DATABASE INJECTION

jSQL Injection is a lightweight application used to find database information from a distant server.
jSQL is free, open source and cross-platform (Windows, Linux, Mac OS X, Solaris)

Next work:
+ distant table writing [sqli]
+ distant file writing [sqli]
+ reverse tcp shell deposit [sqli]
+ right elevation [sqli]
+ speed increase (non encoding pass): 50% faster [sqli]
+ control all running tasks in a tab [gui]
# speed test comparison with other injection tools [dev]
# automatic code testing (JUnit) [dev]
# wiki pages [site]

Changelog v- 0.5 :
SQL shell
Uploader

Download : jsql-injection-v0.5.jar (1.3 MB)
Download Other Version |
Sources : https://code.google.com/p/jsql-injection/

BackBox Linux 3.09 released!

BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools.

The BackBox Team is pleased to announce the updated release of BackBox Linux, the version 3.09.

This release include features such as Linux Kernel 3.8, EFI mode, Anonymous mode and armhf Debian packages.

The ISO images (32bit & 64bit) can be downloaded from the following location:
http://www.backbox.org/downloads

What's new

• Preinstalled Linux Kernel 3.8
• System improvements
• Upstream components
• Bug corrections
• Performance boost
• Improved Update menu
• Improved Forensic menu
• New Anonymous mode (Tor transparent proxy)
• Removed preinstalled compat-wireless v3.8 with Aircrack-NG patch
• Predisposition to ARM architecture (armhf Debian packages)
• New and updated hacking tools (armitage, beef-project, binwalk, ettercap, hashcat, hydra, kismet, msf, nmap, openvas6, recon-ng, setoolkit, sqlmap, thc-ssl-dos, weevely, wireshark, zaproxy, etc.)

System requirements -

• 32-bit or 64-bit processor
• 512 MB of system memory (RAM)
• 4.5 GB of disk space for installation
• Graphics card capable of 800×600 resolution
• DVD-ROM drive or USB port (1.6 GB)

Source-

http://www.backbox.org/blog/backbox-linux-309-released

Ollydbg-binary-execution-visualizer - New Tool for Visualizing Binaries With Ollydbg and Graphvis

Sometimes crackme’s or something you might be reversing will constantly bug you due to the excessive usage of f7 & f8. It will be quiet neat if you can see how the application is executing visually and set your break points accordingly.

Requirements:

o Ollyscript plugin

o Bunch of your favorite anti-­‐debug plugins (phantom , ollyadvanced, …etc) o Pygraphviz

o Graphviz

o Python 2.7

Approach:

• Create an ollyscript that will do the following
  
  
  o Log all EIP for main application
  o Disregard to log calls to kernel32 , ntdll & addresses which are above
  
  
  7C000000 using step over not step into include more addresses to
  exclude if needed later for other system dll’s 77000000 … etc. o Save EIP Logs to file
• Parse the log file
• Feed it into pygraphviz
• Export to png
• Visualize & note needed breakpoints.
• Re-­‐run the app setting above breakpoints.

Full documentation here

Download ollydbg-binary-execution-visualizer

Source

JBrute v0.9.4 - Open Source Security tool to audit hashed passwords

JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-auditing scenarios.

Java Runtime version 1.7 or higher is required for running JBrute.

Features -

• Muli-platform support (by Java VM)
• Several hashing algorithms supported
• Flexible chained hashes decryption (like MD5(SHA1(MD5())))
• Both brute force and dictionary decryption methods supported
• Build-In rule pre-processor for dictionary decryption
• Multi-threading support for brute force decryption

Supported algorithms:

• MD5
• MD4
• SHA-256
• SHA-512
• MD5CRYPT
• SHA1
• ORACLE-10G
• ORACLE-11G
• NTLM
• LM
• MSSQL-2000
• MSSQL-2005
• MSSQL-2012
• MYSQL-322
• MYSQL-411
• POSTGRESQL
• SYBASE-ASE1502

Download JBrute v0.9.4

Source-
http://sourceforge.net/projects/jbrute/

Screenshot -

 

Arachni v0.4.5.1-0.4.2 has been released - Open Source Web Application Security Scanner Framework

There's a new version of Arachni, an Open Source, modular and high-performance Web Application Security Scanner Framework written in Ruby.

Brief list of changes:

* Optimized pattern matching to use less resources by grouping patterns to only
    be matched against the per-platform payloads. Bottom line, pattern matching
    operations have been greatly reduced overall and vulnerabilities can be used
    to fingerprint the remote platform.

 * Modules
    * Path traversal (path_traversal)
        * Updated to use more generic signatures.
        * Added dot-truncation for MS Windows payloads.
        * Moved non-traversal payloads to the file_inclusion module.
    * File inclusion (file_inclusion) — Extracted from path_traversal.
        * Uses common server-side files and errors to identify issues.
    * SQL Injection (sqli) — Added support for the following databases:
        * Firebird
        * SAP Max DB
        * Sybase
        * Frontbase
        * IngresDB
        * HSQLDB
        * MS Access
    * localstart_asp — Checks if localstart.asp is accessible.
* Plugins — Added:
        * Uncommon headers (uncommon_headers) — Logs uncommon headers.

For more details about the new release please visit:
http://www.arachni-scanner.com/blog/arachni-0-4-5-1-0-4-2-release/

Download page: http://www.arachni-scanner.com/download/

Homepage           - http://www.arachni-scanner.com
Blog               - http://www.arachni-scanner.com/blog
Documentation      - https://github.com/Arachni/arachni/wiki
Support            - http://support.arachni-scanner.com
GitHub page        - http://github.com/Arachni/arachni
Code Documentation - http://rubydoc.info/github/Arachni/arachni
Author             - Tasos "Zapotek" Laskos (http://twitter.com/Zap0tek)
Twitter            - http://twitter.com/ArachniScanner
Copyright          - 2010-2013 Tasos Laskos
License            - Apache License v2

OWASP Zed Attack Proxy (ZAP) project v2.2.1 released - easy to use integrated penetration testing tool for finding vulnerabilities in web applications

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.
ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. 

Changes: ZAP 2.2.*

 adds support for scripts embedded in ZAP components like the active and passive scanners. It adds support for Zest - a new security focused scripting language from the Mozilla security team.It also supports Mozilla Plug-n-Hack, various minor enhancements and lots of bug fixes. 2.2.1 includes a fix for a bug that prevented scripts working properly on Windows.  

Download ZAP -
ZAP_WEEKLY_D-2013-09-16.zip
http://code.google.com/p/zaproxy/downloads/list

Source-
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Screenshot -

 

cvechecker 3.3 released - a local CVE checker tool

The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning the installed software and matching the results with the CVE database. Indeed, this is not a bullet-proof method and you will most likely have many false positives (vulnerability is fixed with a revision-release, but the tool isn't able to detect the revision itself), yet it is still better than nothing, especially if you are running a distribution with little security coverage. 

Still, the tool remains useful. With the proper reporting in place, you are immediately warned when a new CVE has been released that might match your system. You can then take the appropriate steps (acknowledge report, verify incident, fix package or mark as false positive).
The tool however needs your help as well. The most work is to tell cvechecker how to detect which software is installed and what version. For more information, see the cvechecker man-page.

Current Release

The current stable release is 3.3, released on 2013/09/16. 

Source-
http://sourceforge.net/projects/cvechecker/

UPDATE PacketFence v-4.0.6 - Network access control (NAC) system

PacketFence is a fully supported, trusted network access control (NAC) system. It includes a captive portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, and integration with the Snort IDS and the Nessus vulnerability scanner. It can be used to effectively secure networks, from small to very large heterogeneous networks.

Changelog v-4.0.6:
Update NEWS file ; NEWS.asciidoc
Clear an object internally when retreiving directly from chi
Removed the localization of lib/pf/authentication.pm in first filter
Fixed issues with services not stopping

Download :-
Debian 7.0 (Wheezy) packages : packetfence_4.0.6-2_all.deb
Ubuntu 12.04 LTS packages : packetfence_4.0.6-2_all.deb
other linux packages : packetfence-4.0.6.tar.gz (12.0 MB)
sources : http://www.packetfence.org

XIAOPAN OS V-0.4.7.2 RELEASED - EASY TO USE PENTESTING DISTRIBUTION FOR WIRELESS SECURITY ENTHUSIASTS

Xiaopan OS is an easy to use software package for beginners and experts that includes a number of advanced hacking tools to penetrate WPA / WPA2 / WPS / WEP wireless networks.

Based on the Tiny Core Linux (TCL) operating system (OS), it has a slick graphical user interface (GUI) requiring no need for typing Linux commands. Xiaopan OS is Windows, Mac and Linux compatible and users can simply install and boot this ~70mb OS through a USB pen drive or in a virtual machine (VM) environment.

Some of the tools included are Inflator, Aircrack-ng, Minidwep GTK, XFE, wifite and feeding bottle. Supported cards include RTL8187L, RT3070, AR9271 and many more.

Features

• Run in Parallels Desktop / VMware / VirtualBox
• Compatible with Yumi Boot / LiLi USB Creator
• Run on Live CD
• Packages include: Minidwep, Aircrack, Inflator, Reaver, Feeding Bottle, Wifite
• 70mb ISO
• Based on TinyCore Linux
• Recommended minimum requirements: Pentium 2 or better, 128mb of ram + some swap
• Recommended: Wireless USB card that supports monitor mode and injection
• Windows / Linux / Mac Compatible

Xiaopan 0.4.7.2 :
- Updated Bully to Bully.2013-09-11
- Updated @cristi_28 BullyWPS Script to v1.7 (translated & modded by me)
- Fixed RTL8187L wlan0 instead mon0 issue (reported by @Remington & @estimacamry)
- Fixed Inflator 0 AP’s detected issue (reported by @Remington)

Download : Xiaopan 0.4.7.2 (72.5 MB)
Downolad Other Version
Discussion Support and sources : http://xiaopan.co/forums/

Bodhi Linux v2.4.0 released!

Bodhi Linux is a Linux Distribution leveraging the fast, customizable, and beautiful Enlightenment Desktop. Enlightenment coupled with a minimal set of utilities such as a browser, text editor, and package management tools form the solid foundation of Bodhi Linux.

Minimalism is one of Bodhi Linux's two core ideals. The combination of Enlightenment and the core utilities included in a default Bodhi Linux install lead to exceptional speed and low system requirements, while providing a beautiful, useable, and customizable desktop experience.

User choice is another important feature embodied in Bodhi Linux. By only including a small set of default utilities, the user is free to make Bodhi Linux their operating system. Users can install applications from our extremely easy to use AppCenter, apt-get, or Synaptic to suit their individual needs. You make the decision!
 
System Requirements

The minimum requirements to run Bodhi Linux are only: 300+MHz CPU, 128MB RAM, and 2.5GB hard drive space!

Download bodhi-2.4.0-32.iso (613.4 MB)
Download other versions from here 

For more info -
http://www.bodhilinux.com/index.php 

VirtualBox 4.2.18 released - Virtual Machine Software

Oracle has updated the virtual machine software package VirtualBox to version 4.2.18. VirtualBox provides desktop virtualization (OS simulation), and is designed for x86 and AMD64/Intel64 processor systems. In runs on all major operating systems and supports numerous guest operating systems.

This maintenance update fixes regression issues and further improves stability. For a complete list of revisions, see the VirtualBox changelog.

A virtualization system such as VirtualBox makes it possible to run one operating system inside another operating system. For example you can use it to run MS Windows from within Linux, or you can run Linux from within MS Windows.

Compared to a dual-boot setup, running another operating system through virtualization allows you to run software in both operating systems at the same time. You don't need to log out and shutdown your computer before restarting it with another system.

On the other hand, running two operating systems simultaneously requires more memory and more CPU time, and there are also limitations as to how accurately the virtualization system can emulate a real computer running the guest operating system.

VirtualBox supports symmetric multiprocessing and can emulate up to 32 virtual CPUs. Support for OpenGL 2.0 and Direct3D 9 games and applications has been implemented as well. It has an open architecture based on extension packs. It supports PCI passthrough for direct access to physical hardware.

The software allows you to clone virtual machines and to move live virtual machine sessions between systems, which is known as teleportation. It supports up to 1TB RAM and can run CPU and video intensive games such as FarCry, Call of Duty, SecondLife, Unreal Tournament and Eve Online.

See the online documentation for a complete description of the software's functionality.

Download -

• VirtualBox platform packages. The binaries are released under the terms of the GPL version 2.
  • VirtualBox 4.2.18 for Windows hosts  x86/amd64
  • VirtualBox 4.2.18 for OS X hosts  x86/amd64
  • VirtualBox 4.2.18 for Linux hosts
  • VirtualBox 4.2.18 for Solaris hosts  x86/amd64

• VirtualBox 4.2.18 Oracle VM VirtualBox Extension Pack  All supported platforms
  Support for USB 2.0 devices, VirtualBox RDP and PXE boot for Intel cards. See this chapter from the User Manual for an introduction to this Extension Pack. The Extension Pack binaries are released under theVirtualBox Personal Use and Evaluation License (PUEL).
  Please install the extension pack with the same version as your installed version of VirtualBox! 
  If you are using VirtualBox 4.1.26, please download the extension pack  here.
  If you are using VirtualBox 4.0.18, please download the extension pack  here.

• VirtualBox 4.2.18 Software Developer Kit (SDK)  All platforms

See the changelog for what has changed.
You might want to compare the

•  SHA256 checksums or the
•  MD5 checksums

Website-

https://www.virtualbox.org/

Source-

http://linux.about.com/b/2013/09/11/virtualbox-4-2-18.htm?nl=1

SpearPhisher – A Simple Phishing Email Generation Tool

While working with clients around the globe encompassing many different lines of business with diverse environments, we frequently have to adapt as needed to conditions to complete the task at hand. Many times this requires us to custom code scripts, programs, and the like to help us automate something or to aid our clients in improving the posture of their security program. One client requested a simple and easy way to perform ad-hoc phishing email tests without requiring an outside service, a special Linux installation, or other technical requirements, with the goal being a program that a manager, director, VP, or even CIO/CSO/CISO would want to use. After reviewing the known options without finding a fitting solution, we developed SpearPhisher.


SpearPhisher is a simple point and click Windows GUI tool designed for (mostly) non-technical people who would like to supplement the education and awareness aspect of their information security program. Not only is it useful to non-technical folks, penetration testers may find it handy for sending quick and easy ad-hoc phishing emails. The tool supports specifying different sending names and email addresses, multiple recipients via TO, CC, BCC, and allows bulk loading with one recipient email address per line in a file. It allows customization of the subject, adding one attachment, and SSL support for SMTP enabled mail servers. One of the popular features with our client is the WYSIWYG HTML editor that allows virtually anyone to use the tool; previewing results as you point and click edit your malicious email body. If you want to add custom XSS exploits, client side attacks, or other payloads such as a Java Applet code generated by the Social Engineer Toolkit (SET), its split screen editor allows more advanced users to edit HTML directly.



An open relay is not necessarily required as many mail servers allow authenticated users to spoof email. This is the beta release of the tool and has been tested in limited environments.

The tool can be downloaded from the TrustedSec Tools page located:
https://www.trustedsec.com/files/SpearPhisherBETA.zip

Enjoy and use the tool responsibly!
source-
https://www.trustedsec.com/september-2013/introducing-spearphisher-simple-phishing-email-generation-tool/

SWAT - Securing Web Application Technologies Checklist from SANS

Securing Web Application Technologies [SWAT] Checklist

The SWAT Checklist provides an easy to reference set of best practices that raise awareness and help development teams create more secure applications. It's a first step toward building a base of security knowledge around web application security. Use this checklist to identify the minimum standard that is required to neutralize vulnerabilities in your critical applications.

  

      

Source-

http://www.securingthehuman.org/developer/swat

SECURECHEQ v1.0 - A FREE CONFIGURATION EVALUATOR FROM TRIPWIRE

SecureCheq is a fast, simple utility for Windows servers and desktops that answers these questions while it tests for common configuration risks. 

This free utility :-

• Tests for a subset of typical (and often dangerous) Windows configuration errors
• Provides detailed remediation and repair advice
• Tests for about two dozen critical but common configuration errors related to OS hardening, Data Protection, Communication Security, User Account Activity and Audit Logging.
• Demonstrates how systems can be continually hardened against attack

SecureCheq uses configuration tests just like the ones defined in CIS, ISO or COBIT standards. Because these tests include helpful links back to comparable tests in governing policies like DISA, HIPAA or NERC, you can easily see how well your target system would fare under these policies.

Security Configuration Management isn't easy – it needs to continually balance risk and productivity - but it is possible. And it can be one of your most cost-effective options for cyber defense.

SecureCheq supports  these Windows versions and platforms:

• Windows Server 2003
• Windows Server 2008
• Windows XP
• Windows 7
• Windows 8
• Windows Server 2012

Register & Download 

Source-

http://www.tripwire.com/securecheq/

Screenshot -

GNS3 v0.8.5 Released - Graphical Network Simulator

GNS3 is an open source software that simulate complex networks while being as close as possible from the way real networks perform, all of this without having dedicated network hardware such as routers and switches.

Our software provides an intuitive graphical user interface to design and configure virtual networks, it runs on traditional PC hardware and may be used on multiple operating systems, including Windows, Linux, and MacOS X.

In order to provide complete and accurate simulations, GNS3 actually uses the following emulators to run the very same operating systems as in real networks:

• Dynamips, the well known Cisco IOS emulator.
• VirtualBox, runs desktop and server operating systems as well as Juniper JunOS.
• Qemu, a generic open source machine emulator, it runs Cisco ASA, PIX and IPS.

GNS3 version 0.8.5 has been released.

This release fixes some problems introduced in version 0.8.4 as well as very old bugs. Improvements are in too.

• Dynamips 0.2.10 is included in our Windows all-in-one package and OSX DMG, this version allows Crypto keys to be saved and it fixes a bug that prevented startup-configs to be loaded by c3745 IOS. Hooray!
• New symbols for ASA, Qemu guest and Vbox guest.
• Fixed a major issue that prevented to use the auto idle-pc calculation feature.
• Implemented the Restore snapshot feature following Rednectar’s suggestions (http://forum.gns3.net/post20664.html#p20664)
• Snapshots are now stored in a separate directory inside project directory.
• Increased lowest and max zoom values.
• Updated Italian translation.
• Added Xshell 4 command lines in terminal settings.
• Fixed issue with the contextual device menu.
• Fixed bug when launching VPCS and there was a space in the project path.
• Option ‘Use hypervisor manager’ changed to ‘Bind to external hypervisor(s)’ (logic is inverted) in IOS images and hypervisors dialog.
• Checks: if VPCS is installed and if Dynamips is marked as executable.
• Added instructions entry to Help menu.
• Automatic opening of instructions file when loading a project.
• Fixed Teraterm, SecureCRT and Konsole terminal command lines.
• Added “-vga none” option to ASA Pre-configuration.
• Updated the SecureCRT script to automatically reconnect if disconnected.
• Fixed a bug with load-balancing on multiple external hypervisors.
• Fixed issue when binding Qemuwrapper to a PC’s real IP address.
• Various other small bug fixes.

Dynamips 0.2.10

A new version of Dynamips has been released. Major enhancements are:

• The NVRAM configuration file private-config is fully supported, meaning crypto keys are correctly saved!
• The c3745 platform correctly loads startup-configs.
• The standalone tool nvram_export supports all known formats.
• Extend hypervisor commands push_config, extract_config, and set_config (to be implemented in GNS3).

Details and download links can be found here.

Download -

Windows

New users to GNS3, it is recommended to download the all-in-one package below.
GNS3 v0.8.5 all-in-one (installer which includes Dynamips, Qemu/Pemu, Putty, VPCS, WinPCAP and Wireshark)
GNS3 v0.8.5 standalone 32-bit (archive that includes Dynamips, Qemu/Pemu, Putty, VPCS)
GNS3 v0.8.5 standalone 64-bit (Windows 64-bit only, archive that includes Dynamips, Qemu/Pemu, Putty, VPCS)

Mac OS X
GNS3 v0.8.5 Lion DMG package (OSX 10.7 Lion only, includes Dynamips, Qemu and VPCS).
GNS3 v0.8.2 Snow Leopard DMG package (OSX 10.6 Snow Leopard only, includes Dynamips).

Linux
Updated Debian/Ubuntu packages for Dynamips and GNS3 are available but still considered under testing. Please use a source package if unsure.
Also available is our PPA (Personal Package Archive) for Ubuntu.

Sources
GNS3 v0.8.5 zip archive
GNS3 v0.8.5 tgz archive
GNS3 v0.8.5 bz2 archive

For more information -

http://www.gns3.net/download/

Source-

http://www.gns3.net/

Mutillidae 2.6.0 released - Web Pentesting Application

New feature: Video tutorials embedded in Hints; Additional exploit examples; Git & Zip;

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP for users who do not want to administrate a webserver. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The existing version can be updated on pre-installed platforms. With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an “assess the assessor” target for vulnerability assessment software.

Features

• Has over 35 vulnerablities and challenges. Contains at least one vulnearbility for each of the OWASP Top Ten 2007 and 2010
• Actually Vulnerable (User not asked to enter “magic” statement)
• Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. Mutillidae is confirmed to work on XAMPP, WAMP, and LAMP. XAMPP is the “default” deployment.
• Installs easily by dropping project files into the “htdocs” folder of XAMPP.
• Will attempt to detect if the MySQL database is available for the user
• Preinstalled on Rapid7 Metasploitable 2, Samurai Web Testing Framework (WTF), and OWASP Broken Web Apps (BWA)
• Contains 2 levels of hints to help users get started
• Includes bubble-hints to help point out vulnerable locations
• Bubble-hints automatically give more information as hint level incremented
• System can be restored to default with single-click of “Setup” button
• User can switch between secure and insecure modes
• Secure and insecure source code for each page stored in the same PHP file for easy comparison
• Provides data capture page and stores captured data in database and file
• Allows SSL to be enforced in order to practice SSL stripping
• Used in graduate security courses, in corporate web sec training courses, and as an “assess the assessor” target for vulnerability software
• Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools 

Download : LATEST-mutillidae-2.6.0.zip (29.2 MB)
Find Other Version |
sources : NOWASP (Mutillidae)

OWASP_Broken_Web_Apps_VM_1.1 released - collection of vulnerable web applications on Virtual Machine

Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost and commercial VMware products.

Features

• OWASP
• Virtual Machine
• Vulnerable Web Apps

More information about the project can be found at http://www.owaspbwa.org/ The VM can be downloaded as a .zip file or as a much smaller .7z 7-zip Archive. BOTH FILES CONTAIN THE EXACT SAME VM! We recommend that you download the .7z archive if possible to save bandwidth (and time). 7-zip is available for Windows, Mac, Linux, and other Operating Systems. !!! This VM has many serious security issues. We strongly recommend that you run it only on the "host only" or "NAT" network in the virtual machine settings !!!

Download OWASP_Broken_Web_Apps_VM_1.1.7z (1.3 GB)

Download other versions

Version 1.1 - 2013-07-30 - Updated Mutillidae, Cyclone, and WAVSEP - Updated OWASP Bricks and configured it to pull from SVN - Fixed ModSecurity CRS blocking and rebuilt ModSecurity to include Lua support - Increased VM's RAM allocation to 1Gb - Set Tomcat to run as root (to allow some traversal issues tested by WAVSEP) - Updated landing page for OWASP 1-Liner to reflect that the application is not fully functional

Source-

http://sourceforge.net/projects/owaspbwa

Kali Linux - 1.0.5 Released

They are pleased to announce the immediate availability of Kali Linux 1.0.5 with a rollup of various tool additions, fixes, and upgrades, including our fix for the encrypted encrypted LVM installation issue that we documented last week. As usual, users with Kali already installed just need to run a simple update to get the latest goodness:

root@kali:~# apt-get update
root@kali:~# apt-get dist-upgrade

We’ve also received updated ARM images from Offensive Security, which bring several fixes to issues found in the 1.0.4 releases. Kali Linux has specific ARM images for 9 separate hardware devices/families, including the Raspberry Pi, Galaxy Note 10.1, BeagleBone Black, Odroid U2, Odroid XU (!) and more. While Kali Linux works on all the hardware above natively, don’t forget you can get Kali Linux installed on almost any Android phone or tablet.

Software Defined Radio (SDR) researchers will be especially pleased to know that we have made some significant tool additions in this growing field. With some great input and suggestions from @NowSec, we placed a great deal of focus in the past few weeks on adding numerous SDR tools and drivers to our arsenal:

• kalibrate-rtl
• gr-air-modes
• RTLSDR Scanner
• gr-scan
• rtl-sdr
• Gqrx
• GR Extras
• gr-baz
• gr-osmosdr
• gr-iqbal
• gr-fcdproplus
• UHD support
• HackRF support
• RTL2832U support
• Funcube Dongle Pro+ support

We also forked GNU Radio from the Debian repositories and upgraded it to version 3.6.5.1, a task that sounds much simpler than it really is since its dependencies have dependencies.

Kali Linux - 1.0.5 (Released 2013-09-05)
Detailed Changelog 

Download -

Source-
http://www.kali.org/news/kali-linux-software-defined-radio-support/

SQLi Dorking v1.2

Changelog:

• Optimization of code.
• Now detects when the search fails to give results
• Now you should run on any OS.

Features

• Google Dorking
• Bing Dorking
• Domain name list

Download version 1.2

Download other versions

Source-

http://sourceforge.net/projects/sqlidorking/

JBRUTE V-0.92 Released - Open Source Security tool to audit hashed passwords

JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It is focused to provide multi-platform support and flexible parameters to cover most of the possible password-auditing scenarios.
Java Runtime version 1.7 or higher is required for running JBrute.

Supported algorithms:
MD5
MD4
SHA-256
SHA-512
MD5CRYPT
SHA1
ORACLE-10G
ORACLE-11G
NTLM
LM
MSSQL-2000
MSSQL-2005
MSSQL-2012
MYSQL-322
MYSQL-411
POSTGRESQL
SYSBASE-1502

Features

• Muli-platform support (by Java VM)
• Several hashing algorithms supported
• Flexible chained hashes decryption (like MD5(SHA1(MD5())))
• Both brute force and dictionary decryption methods supported
• Build-In rule pre-processor for dictionary decryption
• Multi-threading support for brute force decryption

Download JBrute_v0-92.zip (110.5 kB)

Screenshot -

Source-
http://sourceforge.net/projects/jbrute/