Archive | Tools RSS feed for this section

BackTrack used by the NSA

09. Jun, 2010 • Categories: Tools by admin

As highlighted over on the backtrack site. It appears the NSA are one of the users of the excellent security testing Linux Distribution that is Back Track.
That is almost as cool as Nmap being used in the Matrix.
The National Security Agency and the Central Security Service tested the five U.S. service academies during the 2009 [...]

0 Comments

Metasploit Express Review

02. Jun, 2010 • Categories: Tools by admin

Metasploit Express with Ubuntu
The purchase of Metasploit by Rapid7 last year and the recent release of Metasploit Express has been big news in the security community.
I have finally gotten around to giving it a spin. So what is Metasploit Express? It is a web based front end for Metasploit that provides not only easy access [...]

1 Comment

Metasploit vs Snort as Snorby

02. Jun, 2010 • Categories: Tools by admin

Recently I stumbled acorss Snorby, an excellent easy to use implementation of Snort.
It is a new web interface for Snort that is very pretty, but also simple. An excellent introduction to Intrusion Detection Systems, that is not going to scare anyone away.
Now how to I get hold of this I hear you cry…. head over [...]

0 Comments

Metasploit 3.4.0 on Ubuntu 10.04 a quick introduction

02. Jun, 2010 • Categories: Tools by admin

Perhaps you have heard of metasploit. It is a very powerful exploitation framework developed by HD Moore.
Solid growth has seen an early version that was a few exploits in a perl based wrapper turn into a ruby coded framework that is competing with Core Impact and Canvas in the pen-testing community.
The latest version has recently [...]

1 Comment

SET Social Engineering Toolkit

05. May, 2010 • Categories: Tools by admin

This tool and guide to using the tool is an example of how easy client based exploitation has become. When it comes down to it, attacking the client is fast becoming the easiest method to perform a targeted attack against an organisation or company.
For our readers who are not familiar with Metasploit this maybe a [...]

0 Comments

CMS Explorer

25. Apr, 2010 • Categories: Tools by admin

When it comes to security vulnerability assessments against content management systems, it becomes necessary to discover which plugins are being used within the system. For the most popular open source systems (wordpress, drupal, joomla) there are literally thousands of plugins available and many have lets admit it not the best record when it comes to [...]

0 Comments

New Web Application Security Tool from Google. Skipfish.

08. Apr, 2010 • Categories: Tools by admin

Having done some initial testing this new tool is powerful and comprehensive. It blends a number of other tool features into a neat little package. I did some testing on my local LAN and the web server was getting pounded with thousands of requests per second. Your access and error.log is really going to fill [...]

0 Comments

Sqlmap 0.8 Released and Rolled out to HackerTarget.com servers

08. Apr, 2010 • Categories: Site Updates, Tools by admin

After discovering the new release of the excellent SQL Injection tool sqlmap I have done some testing and rolled it out to the HackerTarget.com scanning servers.
If you are not familiar with the power of sqlmap head over to the sourceforge site for demo videos and some top notch documentation. Our scanning tools are configured to [...]

0 Comments

MD5 to Search or Crack?

09. Feb, 2010 • Categories: Tools by admin

MD5 – while not really crackable, it should be realised that it is just too easy to find simple passwords from the raw hash using Rainbow Tables.
Rainbow tables are massive collections of hashes derived from possible passwords. The rainbow table method simply compares the computed hases against your hash and if you are (un)lucky you [...]

0 Comments

Web Scanner Comparison

09. Feb, 2010 • Categories: Site Updates, Tools by admin

An interesting report has been released that takes a sample of web application security testing applications and puts them up against each other.
The most notably thing is how much the results vary, and how many vulnerabilities most scanners miss. Clearly using more than one scanner is necessary to be able to compare the results, and [...]

0 Comments

Older Entries »