OpenVAS version 5 released, vulnerability scanning and management tool



One year after OpenVAS-4 , The OpenVAS project development team has released the fifth version of their vulnerability scanning and management tool.  The new version has several new features , also the number of freely available vulnerability checks has increased to over 25,000.


A very practical extension is the possibility to show the differences between two scan reports and the direct availability of current CPE and CVE information inside the OpenVAS database. This saves time for users who are finding out about changes and security recommendations. The new asset management adds a second view on scan results. It allows the user to review scan results for any selection of IP devices in the network.

All in all 20 new features were added, especially focusing on simplifying daily use. The systemtic improvements underline the position of OpenVAS as the most advanced Open Source solution for vulnerability management. The new version can be downloaded free and is available as Free Software under the GNU GPL license.

New features:
  • Delta reports to analyse differences between two scans.
  • Security Information Database: Integrated SCAP data (CPE, CVE) including update method via feed service.
  • Integrated Asset Management.
  • Configuration object 'Port Lists' for transparent TCP/UDP port ranges.
  • Prognostic scans based on asset data and current SCAP data.
  • Support for individual time zones for users.
  • Support for obeservers (granting read-only access)
  • Support for notes/overrides lifetimes.
  • Trashcan for collecting removed items before ultimate deletion.
  • Container tasks for importing reports.
  • SSH port for Local Security Checks configurable.
  • Product detections as reported by Scanner are handled to allow detailed cross-referenced detection information.
  • Support for sorting results by CVSS score.
  • Support for importing results sent through the XML escalator.
  • Support for escalating result to a Sourcefire Defense Center.
  • Support for using an SSH key pair for SSH authentication.
  • Individual user settings, starting with time zone.
  • Display single result details.
  • Icon indicators for detected operating systems.
  • LDAP per-user authentication method.

The full announcement can be found here.

Updated Acunetix Web Vulnerability Scanner includes PHP-CGI security Check

Acunetix released update for the Web Vulnerability Scanner 8 (WVS 8) ,includes a number of new scheduler features, a new security check for PHP-CGI, as well as a series of bug fixes.

Acunetix WVS 8 checks if your PHP-CGI installation is vulnerable to remote code execution.

New Features

  • Ability to edit scheduled scans. No need for scheduling new scans every time you wish to change a scan setting.
  • Amend multiple scheduled scans simultaneously by selecting them and applying the required global changes.
  • Save all your scanned results and access them at any time from your scheduler’s scan history. You can also delete your scanned results from the web-based scheduler.
  • A new setting has been introduced to configure the maximum number of pages during a crawl.

Improvements

  • Improved Cross-Site Scripting (XSS) tests.
  • The web-based scheduler has been improved to run better in the latest version of Internet Explorer.
  • Enhanced SQL injection tests to reduce the false positives reporting even more.

Bug Fixes

  • The scheduled scans can be correctly imported after upgrading to a more recent build of Acunetix WVS 8.
  • The false positives settings node can now support changes from multiple instances at the same time.
  • Web Service Definition Language (WSDL) Scanner URL edit box is now able to save history.

How to Upgrade to Build 20120508

On starting Acunetix WVS 8, a pop-up window will automatically notify you that a more recent build is available for download. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.
 

JoomScan 4.4.2012 released , able to find 623 Joomla vulnarbilities


Web-Center has released an updated version of Joomla vulnerability scanner, JoomScan 4.4.2012.  More joomla vulnerabilities has been added to the newest version.

The newest version is able to find 623 Joomla vulnerabilities(The previous version identifies 611 vulnerabilities).

In joomscan you can check for new updates with command: ./joomscan.pl check or ./joomscan.pl update.

IronWASP v0.9.0.3 released -A web application vulnerability Testing Tool


IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing, developed by Lavakumar Kuppan.

It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners.

Features:
  • Automated Scanning
  • Manual Testing
  • Scripting Shell
  • Javascript Static Analysis
  • Active and Passive Plugins
  • Format Plugin
  • Logging
  • Session Plugin
In recent null chennai meeting, Mr.Lavakumar demonstrated how to use this tool to test your web application against Web application vulnerabilities(Sqli and XSS).  Fortunately, i was there and enjoyed the demo. In next null chennai meeting, he is going to present Second part of the Demo. So don't miss it!


You can download the latest version from here:
http://ironwasp.org/download.html


Acunetix Web Vulnerability Scanner version8 Released


Acunetix released the 8th version of its famous Web Vulnerability Scanner. Version 8 echoes years of counter-hacking experience through its new ability to lock hackers out by integrating scan results into Imperva’s Web Application Firewall, and by recognizing a new breed of vulnerabilities through new detection methods.

Additionally, Acunetix WVS 8 takes vulnerability scanning to a new level by integrating smarter and more reliable automated features, making it quicker to launch a scan with less configuration required.


New features:
  • Manipulation of inputs from URLs
  • Automatic custom 404 error page identification
  • Imperva Web Application Firewall integration
  • Multiple instance support
  • Scan settings templates
  • Simplified Scan Wizard
  • Web-based scheduler
  • New HTTP Parameter Pollution vulnerability class
  • Smart memory management
  • Real time Crawler status (number of crawled files, inputs discovered, etc.)
  • Support for custom HTTP headers in automated scans
  • Configurable log file retention
  • Detailed Crawler coverage report
  • Scan status included in report
Download the Trial Version from here:
http://www.acunetix.com/vulnerability-scanner/download.htm

DPScan : Drupal Vulnerability Scanner Released

A Pen tester , Ali Elouafiq and his team have developed a new Penetration testing tool for scanning vulnerabilities in Drupal CMS.

Drupal Security Scanner will enumerate at least the modules used by Drupal so we can simulate a White Box audit on our private machines.

 They released this tool publicly so that it can help for other PenTesters and auditors to do their job faster.

Download the Scanner from here:
https://github.com/insaneisnotfree/Blue-Sky-Information-Security/blob/master/DPScan.py

How to scan?
1.After downloading the tool, Move the downloaded file to pentesting folder or Desktop.
2.Open your terminal.
3.Navigate to the dpscan folder using cd command.
4.Use the command to scan the vulnerability in target website:
python DPScan.py [Target_Drupal_site]

Joomscan Update detects 611 vulnerabilities in Joomla


Security Web center released updated version of Joomscan Security Scanner. The updated version detects 611 Vulnerabilities in Joomla CMS. The previous version released on November with capability of detecting 550 Vulnerabilities.

In joomscan you can check for new updates with command: ./joomscan.pl check or ./joomscan.pl update.

Joomla! is probably the most widely-used CMS out there due to its flexibility, user friendlinesss, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites.

Download for Windows (141 KB)
Download for Linux (150 KB)

NTO SQL Invader : Free Sql Injection Vulnerability scanning & Exploiting Tool

NT Objectives, A security application provider released a new Sql Injection Vulnerability Scanner, it will be very helpful for Penetration Testers to find the Vulnerabilities in Web Application .

"NTO SQL Invader" which scans for Sql injection vulnerability and exploits the Sql Injection vulnerability with few simple clicks. It is free to use..! NTO SQL Invader allows pen testers and developers to quickly and easily leverage a vulnerability to view the list of records, tables and user accounts on the back-end database.

Features:
  • Easy to use - The tool’s GUI interface enables you to simply paste the injectable request found by a DAST tool or feed a detailed request straignt from an application scan report. You can then control how much information is harvested.
  • Clearly presents evidence - Unlike tools that provide all data via command line, NTO SQL Invader provides the data in a organized manner that is useful for both executive meetings as well as technical analysis and remediation.
  • Enables easy transport of logging data - All of the data harvested from NTO SQL Invader can be saved into a CSV file so the reports can be included as penetration evidence as part of a presentation or POC

Here is Video that demonstrates the basics of NTO SQL Invader tool:
http://www.ntobjectives.com/research/sqlinvader-intro

Download it from here(for downloading , you have to register):
http://go.ntobjectives.com/l/8672/2011-12-01/DRMN


WPScan v.1.1 is released, a WordPress Security vulnerability scanner

“WPScan is a WordPress Security vulnerability scanner which checks the security of WordPress installations using a black box approach, written in Ruby.

Details
  • Username enumeration (from author querystring and location header)
  • Weak password cracking (multithreaded)
  • Version enumeration (from generator meta tag and from client side files)
  • Vulnerability enumeration (based on version)
  • Plugin enumeration (2220 most popular by default)
  • Plugin vulnerability enumeration (based on plugin name)
  • Plugin enumeration list generation
  • Other misc WordPress checks (theme name, dir listing, ...)

Changelog for WPScan v.1.1:

  • Detection for 750 more plugins.
  • Detection for 107 new plugin vulnerabilities.
  • Detection for 447 possible timthumb file locations.
  • Advanced version fingerprinting implemented.
  • Full Path Disclosure (FPD) checks.
  • Auto updates.
  • Progress indicators.
  • Improved custom 404 checking.
  • Improved plugin detection.
  • Improved error_log checking.
  • Lots of bugs fixed. Lots of small tweaks.
Download:
http://code.google.com/p/wpscan/

The BodgeIt Store v1.2.0 ~ Web Application Vulnerability Scanner

The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.
Some of its features and characteristics:
  • Easy to install - just requires java and a servlet engine, e.g. Tomcat
  • Self contained (no additional dependencies other than to 2 in the above line)
  • Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required
  • Cross platform
  • Open source
  • No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up 
All you need to do is download and open the zip file, and then extract the war file into the webapps directory of your favorite servlet engine.
Then point your browser at (for example) http://localhost:8080/bodgeit
You may find it easier to find vulnerabilities using a pen test tool.

The Bodge It Store include the following significant vulnerabilities:
  • Cross Site Scripting
  • SQL injection
  • Hidden (but unprotected) content
  • Cross Site Request Forgery
  • Debug code
  • Insecure Object References
  • Application logic vulnerabilities


These are the changes made to BodgeIt v1.2.0:

A page has been added for changing you password, and there have been a few miscellaneous tweaks. But the most significant changes have been enablers for the security regression tests.