Friday, November 20, 2015

Wireshark 2.0.0 Released

What is Wireshark?

Wireshark is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development and education.

Wireshark 2.0.0 Released on November 18, 2015

What’s New

Wireshark 2.0 features a completely new user interface which should provide a smoother, faster user experience. The new interface should be familiar to current users of Wireshark but provide a faster workflow for many tasks.
The Windows installer provides the option of installing either the new interface (“Wirehsark”) or the old interface (“Wireshark Legacy”). Both are installed by default. Note that the legacy interface will be removed in Wireshark 2.2.
The OS X installer only provides the new interface. If you need the old interface you can install it via Homebrew or MacPorts.
Wireshark’s Debian- and RPM-based package definitions provide the new interface in the “wireshark-qt” package and the old interface in the “wireshark-gtk” package. It is hoped that downstream distributions will follow this convention.

Installers for Windows, OS X, and source code are now available.
The following features are new (or have been significantly updated) since version 2.0.0rc3:
  • An RTP player crash has been fixed.
  • Flow graph issues have been fixed. Bug Bug 11710.
  • A Follow Stream dialog crash has been fixed. Bug Bug 11711.
  • An extcap crash has been fixed.
  • A file merge crash has been fixed. Bug Bug 11718.
  • A handle leak crash has been fixed. Bug Bug 11702.
  • Several other crashes and usability issues have been fixed.
The following features are new (or have been significantly updated) since version 2.0.0rc2:
  • “File”→Merge no longer crashes on Windows. Bug Bug 11684.
  • Icons in the main toolbar obey magnification settings on Windows. Bug Bug 11675.
  • The Windows installer does a better job of detecting WinPcap. Bug Bug 10867.
  • The main window no longer appears off-screen on Windows. Bug Bug 11568.
The following features are new (or have been significantly updated) since version 2.0.0rc1:
  • For new installations on UN*X, the directory for user preferences is $HOME/.config/wireshark rather than $HOME/.wireshark. If that directory is absent, preferences will still be found and stored under $HOME/.wireshark.
  • Qt port:
    • The SIP Statistics dialog has been added.
    • You can now create filter expressions from the display filter toolbar.
    • Bugs in the UAT prefererences dialog has been fixed.
  • Several dissector and Qt UI crash bugs have been fixed.
  • Problems with the Mac OS X application bundle have been fixed.
The following features are new (or have been significantly updated) since version 1.99.9:
  • Qt port:
    • The LTE RLC Graph dialog has been added.
    • The LTE MAC Statistics dialog has been added.
    • The LTE RLC Statistics dialog has been added.
    • The IAX2 Analysis dialog has been added.
    • The Conversation Hash Tables dialog has been added.
    • The Dissector Tables dialog has been added.
    • The Supported Protocols dialog has been added.
    • You can now zoom the I/O and TCP Stream graph X and Y axes independently.
    • The RTP Player dialog has been added.
    • Several memory leaks have been fixed.
The following features are new (or have been significantly updated) since version 1.99.8:
  • Qt port:
    • The MTP3 statistics and summary dialogs have been added.
    • The WAP-WSP statistics dialog has been added.
    • The UDP multicast statistics dialog has been added.
    • The WLAN statistics dialog has been added.
    • The display filter macros dialog has been added.
    • The capture file properties dialog now includes packet comments.
    • Many more statistics dialogs can be opened from the command line via -z ....
    • Most dialogs now have a cancellable progress bar.
    • Many packet list and packet detail context menus items have been added.
    • Lua plugins can be reloaded from the Analyze menu.
    • Many bug fixes and improvements.
The following features are new (or have been significantly updated) since version 1.99.7:
  • Qt port:
    • The Enabled Protocols dialog has been added.
    • Many statistics dialogs have been added, including Service response time, DHCP/BOOTP, and ANSI.
    • The RTP Analysis dialog has been added.
    • Lua dialog support has been added.
    • You can now manually resolve addresses.
    • The Resolved Addresses dialog has been added.
    • The packet list scrollbar now has a minimap.
    • The capture interfaces dialog has been updated.
    • You can now colorize conversations.
    • Welcome screen behavior has been improved.
    • Plugin support has been improved.
    • Many dialogs should now more correctly minimize and maximize.
    • The reload button has been added back to the toolbar.
    • The "Decode As" dialog no longer saves decoding behavior.
    • You can now stop loading large capture files.
    • The Bluetooth HCI Summary has been added.
The following features are new (or have been significantly updated) since version 1.99.6:
  • Qt port:
    • The Bluetooth Devices dialog has been added.
    • The wireless toolbar has been added.
    • Opening files via drag and drop is now supported.
    • The Capture Filter and Display Filter dialogs have been added.
    • The Display Filter Expression dialog has been added.
    • Conversation Filter menu items have been added.
    • You can change protocol preferences by right clicking on the packet list and details.
The following features are new (or have been significantly updated) since version 1.99.4 and 1.99.5:
  • Qt port:
    • Capture restarts are now supported.
    • Menu items for plugins are now supported.
    • Extcap interfaces are now supported.
    • The Expert Information dialog has been added.
    • Display filter completion is now supported.
    • Several interface bugs have been fixed.
    • Translations have been updated.
The following features are new (or have been significantly updated) since version 1.99.3:
  • Qt port:
    • Several interface bugs have been fixed.
    • Translations have been updated.
The following features are new (or have been significantly updated) since version 1.99.2:
  • Qt port:
    • Several bugs have been fixed.
    • You can now open a packet in a new window.
    • The Bluetooth ATT Server Attributes dialog has been added.
    • The Coloring Rules dialog has been added.
    • Many translations have been updated. Chinese, Italian and Polish translations are complete.
    • General user interface and usability improvements.
    • Automatic scrolling during capture now works.
    • The related packet indicator has been updated.
The following features are new (or have been significantly updated) since version 1.99.1:
  • Qt port:
    • The welcome screen layout has been updated.
    • The Preferences dialog no longer crashes on Windows.
    • The packet list header menu has been added.
    • Statistics tree plugins are now supported.
    • The window icon is now displayed properly in the Windows taskbar.
    • A packet list an byte view selection bug has been fixed (Bug 10896)
    • The RTP Streams dialog has been added.
    • The Protocol Hierarchy Statistics dialog has been added.
The following features are new (or have been significantly updated) since version 1.99.0:
  • Qt port:
    • You can now show and hide toolbars and major widgets using the View menu.
    • You can now set the time display format and precision.
    • The byte view widget is much faster, particularly when selecting large reassembled packets.
    • The byte view is explorable. Hovering over it highlights the corresponding field and shows a description in the status bar.
    • An Italian translation has been added.
    • The Summary dialog has been updated and renamed to Capture File Properties.
    • The VoIP Calls and SIP Flows dialogs have been added.
The following features are new (or have been significantly updated) since version 1.12.0:
  • The I/O Graph in the Gtk+ UI now supports an unlimited number of data points (up from 100k).
  • TShark now resets its state when changing files in ring-buffer mode.
  • Expert Info severities can now be configured.
  • Wireshark now supports external capture interfaces. External capture interfaces can be anything from a tcpdump-over-ssh pipe to a program that captures from proprietary or non-standard hardware. This functionality is not available in the Qt UI yet.
  • Qt port:
    • The Qt UI is now the default (program name is wireshark).
    • A Polish translation has been added.
    • The Interfaces dialog has been added.
    • The interface list is now updated when interfaces appear or disappear.
    • The Conversations and Endpoints dialogs have been added.
    • A Japanese translation has been added.
    • It is now possible to manage remote capture interfaces.
    • Windows: taskbar progress support has been added.
    • Most toolbar actions are in place and work.
    • More command line options are now supported
Official releases are available right now from the download page.

Download Wireshark


at No comments:

NOWASP (Mutillidae) V 2.6.29 -OWASP Mutillidae II Web Pen-Test Practice Application

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The existing version can be updated on these platforms. 

With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software.

Features
  • Has over 35 vulnerablities and challenges. Contains at least one vulnearbility for each of the OWASP Top Ten 2007 and 2010
  • Actually Vulnerable (User not asked to enter “magic” statement)
  • Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. Mutillidae is confirmed to work on XAMPP, WAMP, and LAMP. XAMPP is the "default" deployment.
  • Installs easily by dropping project files into the "htdocs" folder of XAMPP.
  • Will attempt to detect if the MySQL database is available for the user
  • Preinstalled on Rapid7 Metasploitable 2, Samurai Web Testing Framework (WTF), and OWASP Broken Web Apps (BWA)
  • Contains 2 levels of hints to help users get started
  • Includes bubble-hints to help point out vulnerable locations
  • Bubble-hints automatically give more information as hint level incremented
  • System can be restored to default with single-click of "Setup" button
  • User can switch between secure and insecure modes
  • Secure and insecure source code for each page stored in the same PHP file for easy comparison
  • Provides data capture page and stores captured data in database and file
  • Allows SSL to be enforced in order to practice SSL stripping
  • Used in graduate security courses, in corporate web sec training courses, and as an "assess the assessor" target for vulnerability software
  • Mutillidae has been tested/attacked with Cenzic Hailstorm ARC, W3AF, SQLMAP, Samurai WTF, Backtrack, HP Web Inspect, Burp-Suite, NetSparker Community Edition, and other tools
  • Instructional Videos: http://www.youtube.com/user/webpwnized
  • Updates tweeted to @webpwnized
  • Updated frequently
  • Project Whitepaper: http://www.giac.org/paper/gwapt/3387/introduction-owasp-mutillidae-ii-web-pen-test-training-environment/126917
Instructional videos are available on the "webpwnized" 
Project/video updates tweeted to https://twitter.com/webpwnized .
For more information pls visit - 
NOWASP (Mutillidae) Web Site

 
at No comments:

Thursday, November 19, 2015

Nmap 7 Released

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for network inventory, managing service upgrade schedules, monitoring host or service uptime, and many other tasks. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts.

 Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).

Nmap was named “Security Product of the Year” by Linux Journal, Info World, LinuxQuestions.Org, and Codetalker Digest. It was even featured in nineteen movies and TV series, including The Matrix Reloaded, The Bourne Ultimatum. Girl with the Dragon Tattoo, Dredd, Elysium, and Die Hard 4. Nmap was released to the public in 1997 and has earned the trust of millions of users.

Top 7 Improvements in Nmap 7

Before we get into the detailed changes, here are the top 7 improvements in Nmap 7:
1. Major Nmap Scripting Engine (NSE) Expansion
As the Nmap core has matured, more and more new functionality is developed as part of our NSE subsystem instead. In fact, we've added 171 new scripts and 20 libraries since Nmap 6. Examples include firewall-bypass, supermicro-ipmi-conf, oracle-brute-stealth, and ssl-heartbleed. And NSE is now powerful enough that scripts can take on core functions such as host discovery (dns-ip6-arpa-scan), version scanning (ike-version, snmp-info, etc.), and RPC grinding (rpc-grind). There's even a proposal to implement port scanning in NSE. [More Details]
2. Mature IPv6 support
IPv6 scanning improvements were a big item in the Nmap 6 release, but Nmap 7 outdoes them all with full IPv6 support for CIDR-style address ranges, Idle Scan, parallel reverse-DNS, and more NSE script coverage. [More Details]
3. Infrastructure Upgrades
We may be an 18-year-old project, but that doesn't mean we'll stick with old, crumbling infrastructure! The Nmap Project continues to adopt the latest technologies to enhance the development process and serve a growing user base. For example, we converted all of Nmap.Org to SSL to reduce the risk of trojan binaries and reduce snooping in general. We've also been using the Git version control system as a larger part of our workflow and have an official Github mirror of the Nmap Subversion source repository and we encourage code submissions to be made as Github pull requests. We also created an official bug tracker which is also hosted on Github. Tracking bugs and enhancement requests this way has already reduced the number which fall through the cracks. [More Details]
4. Faster Scans
Nmap has continually pushed the speed boundaries of synchronous network scanning for 18 years, and this release is no exception. New Nsock engines give a performance boost to Windows and BSD systems, target reordering prevents a nasty edge case on multihomed systems, and NSE tweaks lead to much faster -sV scans. [More Details]
5. SSL/TLS scanning solution of choice
Transport Layer Security (TLS) and its predecessor, SSL, are the security underpinning of the web, so when big vulnerabilities like Heartbleed, POODLE, and FREAK come calling, Nmap answers with vulnerability detection NSE scripts. The ssl-enum-ciphers script has been entirely revamped to perform fast analysis of TLS deployment problems, and version scanning probes have been tweaked to quickly detect the newest TLS handshake versions. [More Details]
6. Ncat Enhanced
We are excited and proud to announce that Ncat has been adopted by the Red Hat/Fedora family of distributions as the default package to provide the "netcat" and "nc" commands! This cooperation has resulted in a lot of squashed bugs and enhanced compatibility with Netcat's options. Also very exciting is the addition of an embedded Lua interpreter for creating simple, cross-platform daemons and traffic filters.
7. Extreme Portability
Nmap is proudly cross-platform and runs on all sorts of esoteric and archaic systems. But our binary distributions have to be kept up-to-date with the latest popular operating systems. Nmap 7 runs cleanly on Windows 10 all the way back to Windows Vista. By popular request, we even built it to run on Windows XP, though we suggest those users upgrade their systems. Mac OS X is supported from 10.8 Mountain Lion through 10.11 El Capitan. Plus, we updated support for Solaris and AIX. And Linux users—you have it easy.



For More information pls visit - https://nmap.org/7/
Source - https://nmap.org/7/
at No comments: