Burp Suite v1.2 – Web Application Security Testing & Attack Platform

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, downstream proxies, logging, alerting and extensibility.

Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, scan, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another (The tools are Proxy, Spider, Scanner, Intruder, Repeater, Sequencer, Decoder & Comparer).

Key features unique to Burp Suite include:

• Detailed analysis and rendering of requests and responses.
• One-click transfer of interesting requests between tools.
• Ability to “passively” spider an application in a non-intrusive manner, with all requests originating from the user’s browser.
• FIPS-compliant statistical analysis of session token randomness.
• Utilities for decoding and comparing application data.
• Support for custom client and server SSL certificates.
• Extensibility via the IBurpExtender interface.
• Centrally configured settings for downstream proxies, web and proxy authentication, and logging.
• Tools can run in a single tabbed window, or be detached in individual windows.
• Runs in both Linux and Windows.

New features in version 1.2 include:

• Site map showing information accumulated about target applications in tree and table form.
• Fully fledged web vulnerability scanner. [Pro version only]
• Suite-level target scope configuration, driving numerous individual tool actions.
• Display filters on site map and Proxy request history.
• Ability to save and restore state. [Pro version only]
• Suite-wide search function.
• Support for invisible proxying.

Burp Suite is a Java application, and runs on any platform for which a Java Runtime Environment is available. It requires version 1.5 or later. The JRE can be obtained for free from java.sun.com.

You can download Burp Suite v1.2 here:

burpsuite_v1.2.zip

Or read more here.

MultiInjector v0.3 – Automatic SQL Injection and Defacement Tool

Features

• Receives a list of URLs as input
• Recognizes the parameterized URLs from the list
• Fuzzes all URL parameters to concatenate the desired payload once an injection is successful
• Automatic defacement – you decide on the defacement content, be it a hidden script, or just pure old “cyber graffiti” fun
• OS command execution – remote enabling of XP_CMDSHELL on SQL server, subsequently running any arbitrary operating system command lines entered by the user
• Configurable parallel connections exponentially speed up the attack process – one payload, multiple targets, simultaneous attacks
• Optional use of an HTTP proxy to mask the origin of the attacks

Changes

• Automatic defacement – Try to concatenate a string to all user-defined text fields in DB
• Run any OS command as if you’re running a command console on the DB machine
• Execute SQL commands of your choice
• Enable OS shell procedure on DB – Revive the good old XP_CMDSHELL where it was turned off
• Add administrative user to DB server with password: T0pSeKret
• Enable remote desktop on DB server
• Fixed nvarchar cast to varchar. Verified against MS-SQL 2000
• Added numeric / string parameter type detection
• Improved defacement content handling by escaping quotation marks
• Improved support for Linux systems
• Fixed the “invalid number of concurrent connections” failure due to non-parameterized URLs

You can download MultiInjector v0.3 here

MultiInjectorV0.3.tar.gz

Or read more here.

sqlmap 0.6.3 – Automatic SQL Injection Tool

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more..

Changes

Some of the new features include:

• Major enhancement to get list of targets to test from Burp proxy requests log file path or WebScarab proxy ‘conversations/’ folder path with option -l;
• Major enhancement to support Partial UNION query SQL injection technique;
• Major enhancement to test if the web application technology sup ports stacked queries (multiple statements) by providing option –stacked-test which will be then used someday also by takeover functionality;
• Major enhancement to test if the injectable parameter is affected by a time based blind SQL injection technique by providing option –time-test;
• Major bug fix to correctly enumerate columns on Microsoft SQL Server;
• Major bug fix so that when the user provide a SELECT statement to be processed with an asterisk as columns, now it also work if in the FROM
  there is no database name specified;

Complete ChangeLog

You can download sqlmap 0.6.3 here:

sqlmap-0.6.3.tar.gz (Linux)
sqlmap-0.6.3_exe.zip (Windows)

Or read more here (User Manual).

sapyto v0.98 – SAP Penetration Testing Framework Tool

sapyto is the first SAP Penetration Testing Framework, sapyto provides support to information security professionals in SAP platform discovery, investigation and exploitation activities.

sapyto is periodically updated with the outcome of the deep research on the various security aspects in SAP systems.

Although sapyto is a versatile and powerful tool, it is of major importance for it to be used by consultants who are highly skilled and specialized in its usage, preventing any interference with your organization’s usual SAP operation.

New in This Version

This version is mainly a complete re-design of sapyto’s core and architecture to support future releases. Some of the new features now available are:

• Target configuration is now based on “connectors”, which represent different ways to communicate with SAP services and components. This makes the
  framework extensible to handle new types of connections to SAP platforms.
• Plugins are now divided in three categories: Discovery, Audit & Exploit.
• Exploit plugins now generate shells and/or sapytoAgent objects.
• New plugins!: User account bruteforcing, client enumeration, SAProuter assessment, and more…
• Plugin-developer interface drastically simplified and improved.
• New command switches to allow the configuration of targets/scripts/output independently.
• Installation process and general documentation improved.

You can download sapyto v0.98 here (you may have to fill in a form):

sapyto Public Edition (v0.98)

Or read more here.

BarsWF - md5 cracker

BarsWF is basically an MD5 cracking tool and at the moment, is currently the fastest. Right now on nVidia 9600GT/C2D 3Ghz CUDA version does 350 M keys/sec, SSE2 version does 108 M keys/sec. You may check benchmarks of all known good MD5 bruteforcers here.

Changes in 0.8

• Added checks for errors when calling CUDA kernel.
• Now you can specify custom characters for charset using -X switch.
• You may specify minimal password length using -min_len.
• Save/restore feature added. State is being stored to barswf.save every 5 minutes or on exit. You may continue computation using -r switch. You may manually edit .save file to distribute job on several computers (but this is up to you – it is quite simple and non-documented ). BarsWF will also write found password into barswf.save at the end.
• Improved speed for cards GTX260, GTX280, 8800GT, 9600GSO, 8800GS, 8800GTS – by approximately 10%, all other cards will get just 1-2%.

System Requirements

• CUDA version only:nVidia GeForce 8xxx and up, at least 256mb of video memory.
• LATEST nVidia-driver with CUDA support.Standard drivers might be a bit older (as CUDA 2.0 is still beta)
• CPU with SSE2 support (P4, Core2Duo, Athlon64, Sempron64, Phenom).
• Recommended 64-bit OS (WinXP 64 or Vista64). 32-bit version is also available.

Download BarsWF 0.8 here:

CUDA:
BarsWF CUDA x64
BarsWF CUDA x32

SSE2:
BarsWF SSE x64
BarsWF SSE x32

Or read more here.

Microsoft Baseline Security Analyzer

What is MBSA?

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS), System Center Configuration Manager (SCCM) 2007, and Small Business Server (SBS).

In order to provide support for Windows Vista, Windows Server 2008, 64-bit scan tool and vulnerability assessment check support, new Windows Embedded support, and compatibility with the latest versions of the Windows Update Agent (WUA) Microsoft Baseline Security Analyzer (MBSA) 2.1 is now available.

New Features found in MBSA 2.1:

• Support for Windows Vista and Windows Server 2008
• Updated graphical user interface
• Full support for 64-bit platforms and vulnerability assessment (VA) checks against 64-bit platforms and components
• Improved support for Windows XP Embedded platform
• Improved support for SQL Server 2005 vulnerability assessment (VA) checks
• Automatic Microsoft Update registration and agent update (if selected) using the graphical interface or from the command-line tool using the /ia feature
• New feature to output completed scan reports to a user-selected directory path or network share (command-line /rd feature) Windows Server Update Services 2.0 and 3.0 compatibility

You can download MBSA 2.1 here:

Microsoft Baseline Security Analyzer 2.1

Or read more here.