Tag: vulnerability scanner

OPEN SECURITY TRAINING .INFO

In the spirit of OpenCourseWare and the Khan Academy, OpenSecurityTraining.info is dedicated to sharing training material for computer security classes, on any topic, that are at least one day long. All material is licensed with an open license like CreativeCommons, allowing anyone to use the material however they see fit, so long as they share …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2016/10/19/open-security-training-info/

Wfuzz

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforce Forms parameters (User/Password), Fuzzing,etc. Some features: * Multiple Injection points capability with multiple dictionaries * Recursion (When doing …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2015/02/26/wfuzz/

Medusa Parallel Network Login Auditor

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application: Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently. …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2015/02/24/medusa-parallel-network-login-auditor/

Crowbar

Crowbar (crowbar) is brute forcing tool that can be used during penetration tests. It is developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example, while most brute forcing tools use username and password for SSH brute force, Crowbar uses SSH key. So SSH keys, …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2015/02/23/crowbar/

Aircrack-ng

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2015/02/12/aircrack-ng-3/

The web-application vulnerability scanner

Wapiti allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2015/02/12/web-application-vulnerability-scanner/

Total Network Monitor

Total Network Monitor is a free network monitoring software for the continuous monitoring of the local network, individual computers, and services that require careful attention and thorough control. TNM will alert you of any problem in advance and generate a detailed report on the circumstances of the failure. How it works Monitor is a special …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2015/02/03/total-network-monitor-2/

BackBox Linux

BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2014/11/17/backbox-linux/

Justniffer

Justniffer is a network protocol analyzer that captures network traffic and produces logs in a customized way, can emulate Apache web server log files, track response times and extract all “intercepted” files from the HTTP traffic. It lets you interactively trace tcp traffic from a live network or from a previously saved capture file. Justniffer’s …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2014/11/07/justniffer/

nogotofail

Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2014/11/07/nogotofail/

CS 695 Host Forensics

Host Forensics involves the identification, preservation, and analysis of evidence of attacks in order to identify attackers and document their activity with sufficient reliability to justify appropriate technological, business, and legal responses. This course focuses on the technological and not on the legal components of the topic. The emphasis is on the host aspect. The …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2013/03/15/cs-695-host-forensics/