In the spirit of OpenCourseWare and the Khan Academy, OpenSecurityTraining.info is dedicated to sharing training material for computer security classes, on any topic, that are at least one day long. All material is licensed with an open license like CreativeCommons, allowing anyone to use the material however they see fit, so long as they share …
Tag: vulnerability scanner
Permanent link to this article: https://www.darknessgate.com/2016/10/19/open-security-training-info/
Wfuzz
Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc. Some features: * Multiple Injection points capability with multiple dictionaries * Recursion (When doing …
Permanent link to this article: https://www.darknessgate.com/2015/02/26/wfuzz/
Medusa Parallel Network Login Auditor
Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application: Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently. …
Permanent link to this article: https://www.darknessgate.com/2015/02/24/medusa-parallel-network-login-auditor/
Crowbar
Crowbar (crowbar) is brute forcing tool that can be used during penetration tests. It is developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example, while most brute forcing tools use username and password for SSH brute force, Crowbar uses SSH key. So SSH keys, …
Permanent link to this article: https://www.darknessgate.com/2015/02/23/crowbar/
Aircrack-ng
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng …
Permanent link to this article: https://www.darknessgate.com/2015/02/12/aircrack-ng-3/
The web-application vulnerability scanner
Wapiti allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, …
Permanent link to this article: https://www.darknessgate.com/2015/02/12/web-application-vulnerability-scanner/
Total Network Monitor
Total Network Monitor is a free network monitoring software for the continuous monitoring of the local network, individual computers, and services that require careful attention and thorough control. TNM will alert you of any problem in advance and generate a detailed report on the circumstances of the failure. How it works Monitor is a special …
Permanent link to this article: https://www.darknessgate.com/2015/02/03/total-network-monitor-2/
BackBox Linux
BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known …
Permanent link to this article: https://www.darknessgate.com/2014/11/17/backbox-linux/
Justniffer
Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all “intercepted” files from the HTTP traffic. It lets you interactively trace tcp traffic from a live network or from a previously saved capture file. Justniffer’s …
Permanent link to this article: https://www.darknessgate.com/2014/11/07/justniffer/
nogotofail
Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, …
Permanent link to this article: https://www.darknessgate.com/2014/11/07/nogotofail/
CS 695 Host Forensics
Host Forensics involves the identification, preservation, and analysis of evidence of attacks in order to identify attackers and document their activity with sufficient reliability to justify appropriate technological, business, and legal responses. This course focuses on the technological and not on the legal components of the topic. The emphasis is on the host aspect. The …
Permanent link to this article: https://www.darknessgate.com/2013/03/15/cs-695-host-forensics/