Search This Blog

Showing posts with label Software Release. Show all posts

snuck : Automatic XSS filter bypass Tool


snuck is an automated tool that may definitely help in finding XSS vulnerabilities in web applications. It is based on Selenium and supports Mozilla Firefox, Google Chrome and Internet Explorer.

The approach, it adopts, is based on the inspection of the injection's reflection context and relies on a set of specialized and obfuscated attack vectors for filter evasion.

In addition, XSS testing is performed in-browser, a real web browser is driven for reproducing the attacker's behavior and possibly the victim's.

Description
snuck is quite different from typical web security scanners, it basically tries to break a given XSS filter by specializing the injections in order to increase the success rate.

 The attack vectors are selected on the basis of the reflection context, that is the exact point where the injection falls in the reflection web page's DOM. Having access to the pages' DOM is possible through Selenium Web Driver, which is an automation framework, that allows to replicate operations in web browsers. Since many steps could be involved before an XSS filter is "activated", an XML configuration file should be filled in order to make snuck aware of the steps it needs to perform with respect to the tested web application. Practically speaking, the approach is similar to the iSTAR's one, but it focuses on one particular XSS filter.

Download it from here:
http://code.google.com/p/snuck/downloads/list

Tutorial can be found here:
http://code.google.com/p/snuck/wiki/Tutorial

New features added to Acunetix Web Vulnerability Scanner 8 Build 20120911

vulnerability scanner

New Features and Security checks has been added to the new build 20120911 of Acunetix Web Vulnerability Scanner 8. Also, number of bug has been fixed int his build.

New Features:

  • Ability to import multiple HTTP Sniffer captures to the same crawl.
  • Ability to merge HTTP Sniffer captures to existing website crawls.
  • A new option that allows you to specify a different email address for each configured scan in the scheduler.
  • HTTP Fuzzer number generator now support padding; i.e. you can use a leading zero e.g. from 01 to 10.
  • A new option to specify if the latest cookie from the scanned website should be used rather than the one discovered during the crawling.
  • New option to force scanner not overwrite user specified custom cookies with newer cookies form the scanned website.

New Security Checks:
  • Added a test for .Net Cross Site Scripting (Request Validation Bypassing).
  • New security check for MediaWiki security issues.

The full change log is available here.

How to Upgrade to Build 20120911

On starting Acunetix WVS 8, a pop-up window will automatically notify you that a more recent build is available for download. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.

Browser Password Decryptor v2.5 released



SecurityXploded has released the Browser Password Decryptor version 2.5.
Browser Password Decryptor is the FREE software to instantly recover website login passwords stored by popular web browsers.

Here are the top features of BrowserPasswordDecryptor:
  • Instantly decrypt and recover stored encrypted passwords from popular web browsers.
  • Comes with both GUI interface as well as Command-line version.
  • Right Click Context Menu to quickly copy the password
  • Recover password of any length and complexity.
  • Automatically discovers all supported Applications and recovers all the stored passwords.
  • Sort feature to arrange the recovered passwords in various order to make it easier to search through 100's of entries.
  • Save the recovered password list to HTML/XML/Text file
  • Easier and faster to use with its enhanced user friendly GUI interface.

Download it from here 






Volatility Framework 2.1 Released with x64 arch support



The new version of Volatility  2.1 has been released. While the main goal of this release was to get x64 support into an official release, more interesting features has been included in this release.

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.

* New Address Spaces (AMD64PagedMemory, WindowsCrashDumpSpace64)
    Majority of Existing Plugins Updated with x64 Support
    Merged Malware Plugins into Volatility Core with Preliminary x64 Support (see FeaturesByPlugin21)
    WindowsHiberFileSpace32 Overhaul (also includes x64 Support)
*Expanded Operating System Profiles:
        Windows XP SP1, SP2 and SP3 x86
        Windows XP SP1 and SP2 x64 (there is no SP3 x64)
        Windows Server 2003 SP0, SP1, and SP2 x86
        Windows Server 2003 SP1 and SP2 x64 (there is no SP0 x64)
        Windows Vista SP0, SP1, and SP2 x86
        Windows Vista SP0, SP1, and SP2 x64
        Windows Server 2008 SP1 and SP2 x86 (there is no SP0)
        Windows Server 2008 SP1 and SP2 x64 (there is no SP0)
        Windows Server 2008 R2 SP0 and SP1 x64
        Windows 7 SP0 and SP1 x86
        Windows 7 SP0 and SP1 x64
*Plugin Additions (Now Over 70+ Analysis Plugins!):
        Printing Process Environment Variables (envvars)
        Inspecting the Shim Cache (shimcache)
        Profiling Command History and Console Usage (cmdscan, consoles)
        Converting x86 and x64 Raw Dumps to MS CrashDump (raw2dmp)
* Plugin Enhancements:
        Verbose details for kdbgscan and kpcrscan
        idt/gdt/timers plugins cycle automatically for each CPU
        apihooks detects LSP/winsock procedure tables
        New Output Formatting Support (Table Rendering)
 *New Mechanism for Profile Modifications
 *New Registry API Support
 *New Volshell Commands
 * Updated Documentation and Command Reference

The next version Volatility 2.2 will be released by developers at the Open Memory Forensics Workshop 2012 on October 2.

Download




Microsoft released Attack Surface Analyzer 1.0


Microsoft has released Attack Surface Analyzer 1.0 which determines the security of an application by examining how it affects the computer it is installed on.

The tools was originally released on January 2011 during the Blackhat DC security conference as Beta version.

According to the press release, the new release includes performance enhancements and bug fixes to improve the user experience. Through improvements in the code, Microsoft reduces the number of false positives and improve Graphic User Interface performance. This release also includes in-depth documentation and guidance to improve ease of use.

"The Attack Surface Analyzer tool is designed to assist independent software vendors (ISVs) and other software developers during the verification phase of the Microsoft Security Development Lifecycle (SDL) as they evaluate the changes their software makes to the attack surface of a computer. " Microsoft explains.

"Because Attack Surface Analyzer does not require source code or symbol access, IT professionals and security auditors can also use the tool to gain a better understanding of the aggregate attack surface change that may result from the introduction of line-of-business (LOB) applications to the Windows platform. "


Tools released at Defcon can crack widely used PPTP encryption in under a day

Security researchers released two tools at the Defcon security conference which can be used to crack the encryption of any PPTP (Point-to-Point Tunneling Protocol) as well as WPA2-Enterprise (Wireless Protected Access) sessions which use MS-CHAPv2 for authentication.


MS-CHAPv2 is an authentication protocol created by Microsoft and introduced in Windows NT 4.0 SP4. Despite its age, it is still used as the primary authentication mechanism by most PPTP virtual private network (VPN) clients.

ChapCrack can take captured network traffic that contains a MS-CHAPv2 network handshake (PPTP VPN or WPA2 Enterprise handshake) and reduce the handshake's security to a single DES (Data Encryption Standard) key.


This DES key can then be submitted to CloudCracker.com -- a commercial online password cracking service that runs on a special FPGA cracking box developed by David Hulton of Pico Computing -- where it will be decrypted in under a day.


The CloudCracker output can then be used with ChapCrack to decrypt an entire session captured with WireShark or other similar network sniffing tools.


PPTP is commonly used by small and medium-size businesses -- large corporations use other VPN technologies like those provided by Cisco -- and it's also widely used by personal VPN service providers, Marlinspike said.


The researcher gave the example of IPredator, a VPN service from the creators of The Pirate Bay, which is marketed as a solution to evade ISP tracking, but only supports PPTP.


Marlinspike's advice to businesses and VPN providers was to stop using PPTP and switch to other technologies like IPsec or OpenVPN. Companies with wireless network deployments that use WPA2 Enterprise security with MS-CHAPv2 authentication should also switch to an alternative.

Wireshark released version 1.8.1 and 1.6.9 to close critical vulnerability


Wireshark Team have released versions 1.8.1 and 1.6.9 to close important vulnerabilities in their open source network protocol analyser.

The vulnerabilities are a problem in the Point-to-Point Protocol (PPP) dissector that leads to a crash and a bug in the Network File System (NFS) dissector that could result in excessive consumption of CPU resources; to take advantage of the holes, an attacker must inject a malformed packet onto the wire or convince a victim to read a malformed packet trace file.

Versions 1.4.0 to 1.4.13, 1.6.0 to 1.6.8 and 1.8.0 are affected; Users are advised to upgrade to 1.6.9 and 1.8.1 to fix the problem.

Wireshark 1.6.9 and 1.8.1 are available to download

Apple released Safari v6.0 that addresses numerous security vulnerabilities

Alongside the release of OS X 10.8 Mountain Lion earlier today, Apple has published version 6.0 of its Safari web browser for OS X 10.7 Lion, adding a number of new features and closing numerous security holes.

According to the company, the major update addresses more than 120 vulnerabilities found in the previous 5.x branch.

Among the holes closed are problems in the handling of feed:// URLs could have led to cross-site scripting (XSS) attacks or users' files being sent to a remote server. A bug in the autocomplete system used by Safari, which may have resulted in passwords being automatically inserted even when a site specifies that it shouldn't be, has been fixed, as has an XSS issue caused by opening maliciously crafted files on certain pages.

A full list of security fixes can be found in Apple's security advisory. Users running Mac OS X 10.7.4 can upgrade to Safari 6 using the built-in Software update function. All users are advised to upgrade as soon as possible.

Stonesoft released Evader - Free Advanced Evasion Technique Testing software


StoneSoft today released Evader, the first software based testing tool that empowers organizations to test their network security solutions' ability to withstand advanced evasion techniques (AETs), increasingly used in sophisticated cyberattacks.

"Evader is not a hacking tool, and Evader is not a penetration test to see if different exploits can enter your system. Rather, Evader tests if a known exploit can be delivered – using AETs – through your current security devices to a target host."

Evader launches a set of AETs against a tester’s own next generation firewall (NGFW), Intrusion Prevention System (IPS) and Unified Threat Management (UTM). As a result, organizations can understand whether these AETs pose a threat to their own networks and digital assets.

"Network security vendors have ignored the problem posed by AETs for a number of years," said Andrew Blyth, professor at Glamorgan University and an AET expert. "Stonesoft's free Evader test tool makes securing against AETs accessible for organizations of all sizes. Hopefully, this will encourage the whole network security industry to come together and seriously research AETs and their ongoing threat."

To download Evader for free and learn more about the tool, please visit evader.stonesoft.com. For more information about advanced evasion techniques and Stonesoft's new Evasion Prevention System (EPS) please visit aet.stonesoft.com.

Hook Analyser 2.0 released -reversing application and analysing malwares

Hook analyser is a hook tool which could be potentially helpful in reversing application and analysing malwares.

Changelog:

  • Static analysis functionality has got improved significantly.
  • Nice fingerprinting feature (part of the static analysis module).
  • Analysis and logging modules have improved.
  • No more annoying browser pop-ups (previous releases had some).
Download it from here:
http://beenuarora.com/HookAnalyser2.0.zip

NT OBJECTives Releases New NTOEnterprise for Web Application Vulnerability Program Management

NT OBJECTives, a provider of automated, comprehensive and accurate web application security software, services and SaaS, today announced the availability of NTOEnterprise 2.0 which enables organizations to plan, manage, control and measure thousands of web application scans and also assess and prioritize areas of greatest risk across the enterprise.



“With NTOEnterprise, security teams, developers and CSOs can quickly view and easily understand how their organization’s security is improving, or not, and more importantly, what they can do about it. They can prioritize threats and respond more rapidly to their key areas of vulnerability,” says Dan Kuykendall, CTO and co-founder of NT OBJECTives. “With our customers’ input, we were also able to design an incredibly useful customizable report and graphic generation engine in the new version as well.”



NTOEnterprise features a consolidated graphical view of the enterprise security posture across all enterprise applications, allowing security professionals to easily determine vulnerability and application behavior trends, along with the overall status of the application security program. The new version includes data tagging capabilities that enable security teams to view applications by any user-defined criteria such as business unit, business risk, criticality, owner, location or any other grouping that can help security professionals organize applications. Security professionals now also have the ability to quickly navigate scan plans and configurations through flexible search functionality based on domain names, scan times and custom tagging.



NTOEnterprise enables customers to:
  •  Scale application security programs to handle simultaneous scans
  •  Centralize management and control of scan configurations, schedules and permissions
  •  Share information beyond security teams to developers, QA teams and executives
  •  Demonstrate compliance with regulatory and organizational security policies


NTOEnterprise 2.0 enhancements include:


Centralized Management Console
The new centralized dashboard provides a consolidated view of web application scans that includes:

· Active vulnerabilities by vulnerability type

· Six month vulnerability trending chart

· Recent completed scans

· Scans in progress



Enterprise Scan Management
The enhanced user interface improves users’ ability to initiate, schedule and configure application scans through. The consolidated interface enables users to quickly view in-progress, recent and scheduled scans. Scans can be scheduled to run at regular monthly or quarterly intervals to provide ongoing monitoring of application security issues.


Blackout Management
Users have an improved ability to define when scans can't happen and when they can with improved blackout functionality. Only administrators can define blackout periods and the defined blackouts trump scheduled scanning so users can feel confident that business operations won’t be impacted.


Asset Tagging
New asset tags facilitate flexible custom reporting and a graphical view of the security posture across all enterprise applications. Organizations can define (customize) their own tags to view applications and vulnerabilities from different vantage points. Organizations can tag by location, team or business functionality such as which applications store credit card data or Personally Identifiable Information (PII). In addition, organizations can define trending data to show vulnerability trends over time.


Custom & Graphical Report Generation
New custom report generators allow users to define filters to quickly find and analyze vulnerability information from their scans. The custom reports and charts provide fantastic presentation data for management.


Test Management Software Integration
NTOEnterprise is now capable of creating tickets for each discovered vulnerability in popular issue management systems. Supported systems: RSA Archer, HP Quality Center and Atlassian's JIRA.

Infrastructure & Performance
NTOEnterprise’s back-end infrastructure has been enhanced to optimize user experience and performance. The new installation model enables organizations to implement tighter security controls to each component.


For more information visit http://www.ntobjectives.com/security-software/ntoenterprise-centralized-application-security


About NT OBJECTives

NT OBJECTives, Inc. has been dedicated to solving the most difficult application security challenges for over 10 years. NTO’s software, SaaS and services solutions are designed to help organizations build the most comprehensive, efficient, accurate web application security program. NTO’s SaaS offering, NTOSpider On-Demand, can be augmented with enhanced services including false positive validation and business logic testing. NT OBJECTIVES is privately held with headquarters in Irvine, CA.

WebSploit Toolkit Version 1.8 Released


Fardin OxOptimOus have released new version 1.8 of Websploit Toolkit. WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability.

Web Tools Operations Added

  • PHPMyAmin Login Page Finder
  • Directory Scanner
  • Apache User Direcoty Scanner



Fixed Bugs :

  • smal keyboard control bug fixed
  • update bug fixed
  • ettercap path for backbox fixed

Download it from here:
http://sourceforge.net/projects/websploit/files/latest/download

Nmap Security Scanner version v6.0 released


The Nmap Project released Nmap Security Scanner version 6.00. It is the product of almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009.


Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts, better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more! We recommend that all current users upgrade.

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for network inventory, managing service upgrade schedules, monitoring host or service uptime, and many other tasks


Top 6 Improvements in Nmap 6

  • NSE Enhanced
  • Better Web Scanning
  • Full IPv6 Support
  • New Nping Tool
  • Better Zenmap GUI & results viewer
  • Faster scans
More details about the latest version can be found here:
http://nmap.org/6/

HULK - Web Server DoS Tool

Barry Shteiman, a principal security engineer at Imperva, has released a Python-based web server denial-of-service (DOS) tool called HULK (Http Unbearable Load King).

HULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.

Some Techniques
  • Obfuscation of Source Client – this is done by using a list of known User Agents, and for every request that is constructed, the User Agent is a random value out of the known list
  • Reference Forgery – the referer that points at the request is obfuscated and points into either the host itself or some major prelisted websites.
  • Stickiness – using some standard Http command to try and ask the server to maintain open connections by using Keep-Alive with variable time window
  • no-cache – this is a given, but by asking the HTTP server for no-cache , a server that is not behind a dedicated caching service will present a unique page.
  • Unique Transformation of URL – to eliminate caching and other optimization tools, I crafted custom parameter names and values and they are randomized and attached to each request, rendering it to be Unique, causing the server to process the response on each event.
More details can be found here.

Web-Sorrow v1.3.6 : a remote web scanner

A perl based tool used for checking a Web server for misconfiguration, version detection, enumeration, and server information. I will build more Functionality in the future. what is's NOT: Vulnerably scanner, inspection proxy, DDoS tool, exploitation framework. It's entirely focused on Enumeration and collecting Info on the target server.


CURRENT functionality:

-S - stands for standard. a set of Standard tests and includes: indexing of directories testing, banner grabbing, language detection (should be obvious), robots.txt, and 200 response testing (some servers send a 200 ok for every req)

-auth - looks for login pages with a list of some of the most common login files and dirs and admin consoles. don't need to be very big list of URLs because what else are going to name it? notAlogin.php???

-Cp - scan with a huge list of plugins dirs. the list is a bit old (2010)

-I - searches the responses for interesting strings

-Ws - looks for web services such as hosting provider, blogging services, favicon fingerprinting, and cms version info

-Fd - look for generally things people don't want you to see. The list is generated form a TON of robot.txt so whatever it finds should be interesting.

-Fp - FingerPrint server based on behavior (unrefined as of yet)

-ninja - A light weight and undetectable scan that uses bits and peaces from other scans

-Sd - BruteForce Sub Domains

-Db - BruteForce Directories with the big dirbuster Database

-ua - use a custom UserAgent. PUT UA IN QUOTES if theres spaces

-proxy - send all http reqs via a proxy. example: 255.255.255.254:8080

-e - run all the scans in the tool

web-sorrow also has false positives checking on most of it's requests (it pretty accurate but not perfect)

EXAMPLES:

basic: perl Wsorrow.pl -host scanme.nmap.org -S

look for login pages: perl Wsorrow.pl -host 192.168.1.1 -auth

CMS intense scan: perl Wsorrow.pl -host 192.168.1.1 -Ws -Cp all -I

most intense scan possible: perl Wsorrow.pl -host 192.168.1.1 -e -ua "I come in peace"

Download it from here:
http://code.google.com/p/web-sorrow/downloads/list

Orion Browser Dumper v1.0:DarkCoderSc released a new a Forensic tool



The developer of DarkComet RAT ,Jean-Pierre LESUEUR (DarkCoderSc), has released a new Forensic tool called 'Orion Browser Dumper' .

Orion Browser Dumper is an advanced local browser history extractor (dumper), in less than few seconds (like for Browser Forensic Tool) it will extract the whole history content of most famous web browser, Actually Internet Explorer, Mozilla FireFox, Google Chrome, COMODO Dragon, Rockmelt and Opera.

Download the Tool from here:
http://www.darkcomet-rat.com/misctools.dc


OpenVAS version 5 released, vulnerability scanning and management tool



One year after OpenVAS-4 , The OpenVAS project development team has released the fifth version of their vulnerability scanning and management tool.  The new version has several new features , also the number of freely available vulnerability checks has increased to over 25,000.


A very practical extension is the possibility to show the differences between two scan reports and the direct availability of current CPE and CVE information inside the OpenVAS database. This saves time for users who are finding out about changes and security recommendations. The new asset management adds a second view on scan results. It allows the user to review scan results for any selection of IP devices in the network.

All in all 20 new features were added, especially focusing on simplifying daily use. The systemtic improvements underline the position of OpenVAS as the most advanced Open Source solution for vulnerability management. The new version can be downloaded free and is available as Free Software under the GNU GPL license.

New features:
  • Delta reports to analyse differences between two scans.
  • Security Information Database: Integrated SCAP data (CPE, CVE) including update method via feed service.
  • Integrated Asset Management.
  • Configuration object 'Port Lists' for transparent TCP/UDP port ranges.
  • Prognostic scans based on asset data and current SCAP data.
  • Support for individual time zones for users.
  • Support for obeservers (granting read-only access)
  • Support for notes/overrides lifetimes.
  • Trashcan for collecting removed items before ultimate deletion.
  • Container tasks for importing reports.
  • SSH port for Local Security Checks configurable.
  • Product detections as reported by Scanner are handled to allow detailed cross-referenced detection information.
  • Support for sorting results by CVSS score.
  • Support for importing results sent through the XML escalator.
  • Support for escalating result to a Sourcefire Defense Center.
  • Support for using an SSH key pair for SSH authentication.
  • Individual user settings, starting with time zone.
  • Display single result details.
  • Icon indicators for detected operating systems.
  • LDAP per-user authentication method.

The full announcement can be found here.

Updated Acunetix Web Vulnerability Scanner includes PHP-CGI security Check

Acunetix released update for the Web Vulnerability Scanner 8 (WVS 8) ,includes a number of new scheduler features, a new security check for PHP-CGI, as well as a series of bug fixes.

Acunetix WVS 8 checks if your PHP-CGI installation is vulnerable to remote code execution.

New Features

  • Ability to edit scheduled scans. No need for scheduling new scans every time you wish to change a scan setting.
  • Amend multiple scheduled scans simultaneously by selecting them and applying the required global changes.
  • Save all your scanned results and access them at any time from your scheduler’s scan history. You can also delete your scanned results from the web-based scheduler.
  • A new setting has been introduced to configure the maximum number of pages during a crawl.

Improvements

  • Improved Cross-Site Scripting (XSS) tests.
  • The web-based scheduler has been improved to run better in the latest version of Internet Explorer.
  • Enhanced SQL injection tests to reduce the false positives reporting even more.

Bug Fixes

  • The scheduled scans can be correctly imported after upgrading to a more recent build of Acunetix WVS 8.
  • The false positives settings node can now support changes from multiple instances at the same time.
  • Web Service Definition Language (WSDL) Scanner URL edit box is now able to save history.

How to Upgrade to Build 20120508

On starting Acunetix WVS 8, a pop-up window will automatically notify you that a more recent build is available for download. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.
 

MJP Security Plugin for WordPress Released

MJP Security Tools is a plugin designed to fix a lot of WordPress security issues, as well as providing extra support.

Features:

* Scan the database for possible XSS issues.
* Limit login attempts to one per ten seconds per user.
* Check all file permissions.
* Check for presence of index.html files in all directories.
* Check if WordPress is up-to-date.
* Remove the version number from HTML source.
* Log all POST requests.
* Log all failed login attempts.
* Change the admin username.
* Randomize the database table prefix.
* Require stronger passwords.
* Detect SSH.

You can get it from here:
http://wordpress.org/extend/plugins/mjp-security-plugin/

Joomla updated version 2.5.4 is available with two vulnerabilities fix





The Joomla Team has updated the Joomla CMS.  The new version Joomla 2.5.4 comes with fixes for two low priority vulnerabilities , 3 new features and 157 tracker issues.

New Features:

  • Add option to show full CMS version number in generator tag (Mark Dexter)
  • Implementing Access levels for Content Languages (JM Simonet, Dennis Hermatski, Christophe Demko)
  • Make the auto-update process more reliable across different hosts (Nicholas Dionysopoulos)

XSS vulnerability(Inadequate filtering in update manager) and Information Disclosure vulnerability(Inadequate permission checking allows unauthorised viewing of some administrative back end information) has been fixed in the updated version.
Download:
New Installations: Joomla 2.5.4
Update Package: update package


If you are using Joomla ,then immediately upgrade to the latest version so that you can stay away from the publicly available vulnerabilities. The new Joomscan(jooml vulnerability scanner) can identify 623 vulnerabilities, scan your site with this scanner to identify vulnerabilities.