SSA 1.5.1

A new version of SSA (Security System Analyzer) has been released – version 1.5.1.

SSA is a scanner based on OVAL, the command line tool provided by MITRE is not very easy to use so the guys at Security Database decided to write a GUI to make it simple to use and understand and then free the security testers community to take advantage of it.

+Based on OVAL 5.2 build 11 (bugs fixed)
– Corrected bug in EntityComparator::ParseVersionStr(). Added error checking to the function to enusre that the input version strings are in a valid format.
-Removed VC7 project from source distributions.

Now SSA relies on CPE (common Platform Enumeration) names to display inventories.

+ SSA now supports VISTA definitions.

+ Added Menu Help
-PDF documentation : link to SSA PDF doc.
-OVAL Concept documentation : link to OVAL FAQS.
-CPE Concept documentation : link to CPE docs.
-[New Security-Database Feature]: Submit a bug about SSA
-Security-Database Vulnerability Search : Search information into our cross linked Vulnerability database

+ Fixed bugs into scan() function
-Handle exception: Error while parsed corrupted XML File
-Handle exception: Error while using unsupported schema

+ Fixed a latency in function “stop/reload”

+ Fixed the PATH bug. Now SSA can be installed in any directory.

You can download the latest version here:

SSA 1.5.1

Labels: ,

ProTech Security Distribution

Techm4sters e-mailed us recently to let us know about their new security distro called ProTech, we haven’t had time to download it and test it yet but it certainly looks promising.

- What is PROTECH? Protech is a very light live security distribution based on Ubuntu Linux.

- Is this like Nubuntu? It is similar, yes! But we wanted something friendlier to the end-user and so we tried a different approach and tested new tools. You’ll see that there are many differences amongst them. Many ideas have been taken from NUbuntu as well as other security distributions to try to make the most complete, reliable and easiest tool for your use. I hope you can appreciate our work.

If you have chance to check it out, do let us know what it’s like and if it’s comparable to BackTrack 2.0, which was released fairly recently.

Protech is based on the latest Ubuntu feisty, it is an beta, the final version should be released later in April or in May.

ProTech is currently using Fluxbox for the GUI because of its light weight. It has a large collection of security software installed and can work both as a LiveCD or a hard disk installation.

There some good info on Getting Started here.

And you can download the latest release of ProTech here:

Protech-x86-beta.iso

Labels: ,

Damn Vulnerable Linux – DVL – IT-Security Attack and Defense

Damn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti-Security and Attack & Defense. It was initiated for training tasks during university lessons by the IITAC (International Institute for Training, Assessment, and Certification) and S²e – Secure Software Engineering in cooperation with the French Reverse Engineering Team.


Damn Vulnerable Linux (DVL) is provided without any fee or charge!

Actually, it is a perverted Linux distribution made to be as insecure as possible. It is collection of IT-Security and IT-Anti-Security tools. Additional it includes a fullscaled lesson based environment for Attack & Defense on/for IT systems for self-study or teaching activities during university lectures.

It’s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer. As well it can be run within virtual machine environments, such as qemu or vmware. There is no need to install a virtual machine if you use the embedded option. Its sole purpose in life is to put as many security tools at your disposal with as much training options as it can.

It contains a huge amount of lessons including lesson description – and solutions if the level has been solved.

Damn Vulnerable Linux (DVL) is meant to be used by both novice and professional security personnel but is not ideal for the Linux uninitiated. Damn Vulnerable Linux (DVL) assumes you know the basics of Linux as most of your work will be done from the command line. If you are completely new to Linux, it’s best you stop playing with this system.

You can find more at the DVL website:

http://www.damnvulnerablelinux.org.

You can download it here:

Damn Vulnerable Linux

Labels: ,

BackTrack v2.0

BackTrack is the result of the merging of the two innovative penetration testing live linux distributions Auditor security collection and Whax. By combining the best features from both distributions and putting continous development energy, the most complete and finest security testing live distro was born: BackTrack


BackTrack v.2.0 is finally released, it’s been a long wait that’s for sure, it does look good though so perhaps it was worth waiting.

You can find some screenshots here.

BackTrack ranked number one in my list 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery).

It’s taken BackTrack almost 5 months to pull themselves out of the beta stage. Many features have been added and many of the persistent bugs have been fixed.

New exciting features in BackTrack 2, to mention a few:

  • Updated Kernel-Running 2.6.20, with several patches.
  • Broadcom based wireless card support
  • Most wireless drivers are built to support raw packet injection
  • Metasploit2 and Metasploit3 framework integration
  • Alignment to open standards and frameworks like ISSAF and OSSTMM
  • Redesigned menu structure to assist the novice as well as the pro
  • Japanese input support-reading and writing in Hiragana / Katakana / Kanji.

As usual, Nessus is not included into BackTrack as Tenable forbid redistribution.

The public wiki project is available at http://backtrack.offensive-security.com. Please help us by providing entries in HCL (Hardware compatibility list).

Read more about BackTrack here.

You can download BackTrack here:

BackTrack 2 Stable release Mar 06 2007

Labels: ,

Slavasoft FSUM and Hashcalc md5 & File Integrity

FSUM is a fast and handy command line utility for file integrity verification. It offers a choice of 13 of the most popular hash and checksum functions for file message digest and checksum calculation.

You can easily use FSUM with a batch wrapper to do automated file integrity monitoring, and use something like blat to email you any differences.

The most common use for FSUM is checking data files for corruption. A message digest or checksum calculation might be performed on data before transferring it from one location to another. Making the same calculation after the transfer and comparing the before and after results, you can determine if the received data is corrupted or not. If the results match, then the received data is likely accurate.

You can download FSUM here:

FSUM 2.52

Or read more here.

Hashcalc is a GUI version basically, a fast and easy-to-use calculator that allows to compute message digests, checksums and HMACs for files, as well as for text and hex strings. It offers a choice of 13 of the most popular hash and checksum algorithms for calculations such as:

MD2, MD4, MD5, SHA-1, SHA-2( 256, 384, 512), RIPEMD-160, PANAMA, TIGER, ADLER32 and CRC32.

You can download it here:

HashCalc 2.02

And read more here.

Labels:

DNS Brute Force eXtract – WS-DNS-BFX

There is another option for DNS Brute Forcing which uses threads, so may be faster than TXDNS 2.0 which we posted about recently.

What does it do?

This program was written to extract valid hosts of a domain that deny zone transfers.

The program supports:

  • IPv4 => IP Address of 32 bits.
  • IPv6 => IP Address of 128 bits.
  • Multi Thread => Make several resolutions at “the same time”.
  • EMA => Extract more than 1 IP in servers with HA, Network Load Balance, etc, (like: www.yahoo.com, www.microsoft.com).

Where do I use it?

This program must be used against DNS Servers that deny zone transfers.

Example of DNS Servers that deny transfer zones:

root@Debian:/tmp/WS-DNS# host -l frontthescene.com.br
;; connection timed out; no servers could be reached

root@Debian:/tmp/WS-DNS# dig @200.242.154.2 frontthescene.com.br axfr

; <<>> DiG 9.2.1 <<>> @200.242.154.2 frontthescene.com.br axfr
;; global options:  printcmd
; Transfer failed.

How do I compile it?

To compile it, do:

gcc -o WS-DNS-BFX WS-DNS-BFX.c -lpthread -D_REENTRANT -D_THREAD_SAFE

To best performance do:

gcc -o WS-DNS-BFX WS-DNS-BFX.c -lpthread -D_REENTRANT -D_THREAD_SAFE -O3

If u don’t have a compiler (gcc), libs, etc, i added at the .tgz file this program compiled static, called “WS-DNS-BFX-Static”.

How do I use it?

Is easy use this program. Supose that you want extract valid hosts from “yahoo.com”, using dict-file.txt (Brute Force File) and open 4 threads, to do it the command is:

root@Debian:/tmp/WS-DNS# ./WS-DNS-BFX yahoo.com dict-file.txt 4
   Progress ..............................

When it finish, will be generated a file called “hosts-yahoo.com.txt” with the extracted hosts.

You can download it here:

DNS Brute Force eXtract

Labels: ,

SSA 1.5.1 – Security System Analyzer

Open Vulnerability and Assessment Language (OVAL) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community.

The language standardizes the three main steps of the assessment process: representing configuration information of systems for testing; analyzing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.); and reporting the results of this assessment.

SSA is a scanner based on OVAL, the command line tool provided by MITRE is not very easy to use so the guys at Security Database decided to write a GUI to make it simple to use and understand and then free the security testers community to take advantage of it.

The latest final release 1.5.1 of SSA is available. You can download it either in “exe” or “zip” format. SSA comes with a PDF documentation.

You can read more here and download both SSA and the PDF documentation.

SSA 1.5.1

Labels: , ,
Subscribe to: Posts (Atom)