A quick and simple tool to minimize the size and syntax of complex test cases in automated security testing.

The tool is somewhat related to delta, a more featured general-purpose optimizer - but is meant specifically for dealing with unknown or complex data formats (without the need to tokenize and re-serialize testcases), for hands-off detection of security fault conditions, and for easy integration with UI testing harnesses.

It is also capable of reducing the complexity of alphabets used on datasets that cannot be further trimmed down in size.

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications.

Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specific DBMS tables/columns, run his own SQL SELECT statement, read specific files on the file system and much more.

A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.

Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script inclusion issues, content serving problems, insufficient XSRF and XSS defenses, and much more.

Ratproxy is currently believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments

ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.

ntop users can use a a web browser (e.g. netscape) to navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. In the latter case, ntop can be seen as a simple RMON-like agent with an embedded web interface. The use of:

• a web interface
• limited configuration and administration via the web interface
• reduced CPU and memory usage (they vary according to network size and traffic)

WaveStumbler is console based 802.11 network mapper for Linux. It reports the basic AP stuff like channel, WEP, ESSID, MAC etc. It has support for Hermes based cards (Compaq, Lucent/Agere, … ) It still in development but tends to be stable.

It consist of a patch against the kernel driver, orinoco.c which makes it possible to send the scan command to the driver viathe /proc/hermes/ethX/cmds file. The answer is then sent back via a netlink socket. WaveStumbler listens to this socket and displays the output data on the console.

The patch should be applied agains Linux-2.4.17. It patches the whole linux/drivers/wireless to version 2.4.18-pre7 + the apscan code in orinoco.c. This is a 100% experimental patch, but it seems to work quite good with my Orinoco Silver Card, so feel free to try it out.

If you patch other versions of the kernel, or create patches for them. Please send them to me so I can put them on the website.

If you successfully run this with any other hw please report this to me too.

Please report success or failure stories !
Thanks to h1kari for “revealing” the magic behind APScanning.

WMIDump dumps all instances of a given WMIClass and is to be used as an information collector. It can be used to collect information about e.g;

- OS, Accounts, Hotfixes, Scheduled Jobs, Services, Processes, Shares
- Hardware, Modems, Network Interfaces, Serial ports, Logical Disks