Tag Archives: Security Tools

SQL Ninja Tool

Fancy going from a SQL Injection on Microsoft SQL Server to a full GUI access on the DB? Take a few new SQL Injection tricks, add a couple of remote shots in the registry to disable Data Execution Prevention, mix with a little Perl that automatically generates a debug script, put all this in a shaker with a… Read More »

Httprecon tool

The httprecon project is doing some research in the field of web server fingerprinting, also known as http fingerprinting. The goal is the highly accurate identification of given httpd implementations. This is very important within professional vulnerability analysis. Besides the discussion of different approaches and the documentation of gathered results also an implementation for automated analysis is provided.… Read More »

OpenVAS Vulnerability Scanner

About OpenVAS The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 20,000 in total (as of January 2011). All OpenVAS products are Free Software. Most… Read More »

Capturing Windows 7 Credentials at Logon Using Custom Credential Provider

Source: Tyler Wrightson’s Security Blog If you are interested on how to write a key logger for windows authentication. Code available. In this article “I started testing my rootkit on a windows 7 box and luckily most of it worked.  The only thing that wasn’t working was the ability to log credentials typed in when a user first logs… Read More »

MagicTree

What is MagicTree? And why do I care? Have you ever spent ages trying to find the results of a particular portscan you were sure you did? Or grepping through a bunch of files looking for data for a particular host or service? Or copy-pasting bits of output from a bunch of typescripts into a report? We certainly… Read More »