SecurityGuy.org » Tools

CMS Explorer

admin — Mon, 05 Apr 2010 22:52:36 +0000

http://code.google.com/p/cms-explorer/ – pretty decent information gathering tool for your pentesting needs.

The Interceptor

admin — Thu, 09 Apr 2009 11:20:42 +0000

The Interceptor is a wireless wired network tap. Basically, a network tap is a way to listen in to network traffic as it flows past. I haven’t done extensive research but all the ones I found when looking passed the copy of the traffic onto a specified wired interface which was then plugged into a machine to allow a user to monitor the traffic. The problem with this is that you have to be able to route the data from that wired port to your monitoring machine either through a direct cable or through an existing network. The direct cable method means your monitor has to be near by the location you want to tap, the network routing means you have to somehow encapsulate the data to get it across the network without it being affected on route.

The Interceptor does away with the wired monitor port and instead spits out the traffic over wireless meaning the listener can be anywhere they can make a wireless connection to the device. As the data is encrypted (actually, double encrypted, see how it works) the person placing the tap doesn’t have to worry about unauthorized users seeing the traffic.

pcapr – your web 2.0 packet repository

admin — Wed, 11 Feb 2009 08:42:35 +0000

If you’ve been using Google Docs for a while, probably gmail, probably other web 2.0 services.. and you say to yourself “hey, it would be nice to have the same for pcaps!”
Well, maybe you haven’t even thought of it, but pcapr is actually a pretty good resource I am encouraging you to go ahead and try for yourself. You can upload/download pcaps, edit them, etc.
http://www.pcapr.net/home

BackTrack4 beta irc release released 10 seconds ago!!!!

admin — Tue, 10 Feb 2009 22:29:54 +0000

(12:25:54 AM) muts has changed the topic to: http://backtrack4.blogspot.com/ | http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-beta-iso | http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-beta-vm

that would be enough for whoever knows what it is

Scrawlr – check your website for SQL injections

admin — Tue, 22 Jul 2008 09:58:09 +0000

This is a nice tool by Hewlett-Packard you could use on .your. website to see if it’s vulnerable to SQL injection. It does not check forms so be aware – only URL input is checked.

DOWNLOAD

You can find more in-depth information on the HP Security Labs site.

BackTrack

admin — Tue, 22 Jul 2008 09:09:41 +0000

Well this is not a tool. This is THE Tool set, the only thing you will ever need during a penetration test (you dirty minds, you thought *that* penetration? nooo it’s just a security penetration, sorry).

I am using this distro all the time, and it continues to surprise me with new and new possibilities. If you decide to give it a try, don’t forget to FIRST check the forums, the wiki, or our IRC channel at freenode – #remote-exploit. I will never forget a new user, asking in the channel “Is this the BlackTrack support channel?” – and the reply – “This is not the african detective agency support channel, no” so… just listen for a while, before starting asking questions there, please. It’s for your own good.

I will be using this distro for a lot of the posts in the blog, so make sure you have it ready on a CD, DVD, or USB drive. I personally prefer the USB drive with changes (more on that on the forums) – if you mess up, delete the changes folder, and your USB live distro is virgin again! Don’t you wish it was that easy in real life, huh?

Pentest Project Management – Leo

admin — Mon, 21 Jul 2008 13:56:05 +0000

Penetration testing can get tedious. Especially when you need to organize all this useful info bits you collect during your exploration – where would you put them? In a spreadsheet? Pretty ASCII text document?

Well, I personally prefer Leo.

It’s main difference from most text editors I’ve seen, is the tree structure of the information. Of course, it has LOADS of other features, and needs probably as much reading and learning as MS Project, but it’s worth it. Behind the ugly interface a great power is hidden, so explore it!

Try go get used with the keyboard shortcuts, like Ctrl+I, Ctrl+R etc.

From the Leo home page: