scan & analysing tools

TwitterFacebook
Get flash to fully experience Pearltrees
http://code.google.com/p/yara-project/

yara-project - A malware identification and classification tool

YARA in a nutshell YARA is a tool aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families. Each description consists of a set of strings and a Boolean expression which determines its logic.
http://rips-scanner.sourceforge.net/ RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by userinput (influenced by a malicious user) during the program flow. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis.

RIPS - free PHP security scanner using static code analysis

http://tools.sucuri.net/?page=docs&title=fingerprinting-web-apps#v3

Protect Your Interwebs

Similar to operating system fingerprinting, this technique uses unique fingerprints that are available on each version of a web application to determine which one is being used. What these fingerprints are, depend on the web application, but generally we can use .js (javascript) , .css and a few other files that are available and we can access the source remotely. We can't do the same with .php, because it will not return the source (only the executed output).
BFT - Browser forensic tool is a software that will search in all kind of browser history even that are archived in a few seconds.It will retrieve URLS and Title with the chosen keywords of all matching search.We can use default example profiles or create yours, with thematic search on a single click. This tool come from the Developer of Famous DarkComet RAT Tool. http://www.pentestit.com/bft-browser-forensic-tool/

BFT a Browser forensic tool — PenTestIT

Labs Research: Solving a Little Mystery

http://blog.ioactive.com/2012/02/solving-little-mystery.html Firmware analysis is a fascinating area within the vast world of reverse engineering, although not very extended. Sometimes you end up in an impasse until noticing a minor (or major) detail you initially overlooked. That's why sharing methods and findings is a great way to advance into this field.
http://www.paterva.com/web5/client/overview.php With the continued growth of your organization, the people and hardware deployed to ensure that it remains in working order is essential, yet the threat picture of your “environment” is not always clear or complete. In fact, most often it’s not what we know that is harmful - it’s what we don’t know that causes the most damage. This being stated, how do you develop a clear profile of what the current deployment of your infrastructure resembles? What are the cutting edge tool platforms designed to offer the granularity essential to understand the complexity of your network, both physical and resource based? Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. Maltego’s unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure.

Maltego 3 > Maltego Client

Code Exploration Blog

Today, I'm happy to release CodeSensor, a tool I have been working on for a while: CodeSensor may be useful for you to extract facts from C/C++ code in situations where you do not have a working build-environment. Its goal is to return meta information about source code in a format suitable for further processing using UNIX command line tools and simple scripts. As you can see, the output contains several constructs CodeSensor has recognized, displaying the construct-type as well as start- and end- positions in the first three columns. http://codeexploration.blogspot.com/
http://code.google.com/p/jsunpack-n/

jsunpack-n - A generic JavaScript unpacker - Google Project Hosting

jsunpack-n emulates browser functionality when visiting a URL. It's purpose is to detect exploits that target browser and browser plug-in vulnerabilities. It accepts many different types of input: This project contains the source code which runs at the website http://jsunpack.jeek.org/ .
theHarvester is a tool to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. Searching for user names that works in the company microsoft, we use google as search engine, so we need to specify the limit of results we want to use: http://www.darknet.org.uk/2012/01/theharvester-gather-e-mail-accounts-subdomains-hosts-employee-names-information-gathering-tool/

theHarvester – Gather E-mail Accounts, Subdomains, Hosts, Employee Names – Information Gathering Tool | Darknet - The Darkside

Как расшифровать PHP-скрипт | Raz0r.name — блог о web-безопасности

Тема декодирования зашифрованных PHP-скриптов уже однажды мной затрагивалась в посте PHP и зашифрованный код . В нем я описал способ получения значений всех инициализированных переменных и списка объявленных функций в скрипте, зашифрованным протектором ionCube. Тогда, в 2009 году, расшифровать скрипт под ionCube было проблематично – на тот момент существовали лишь платные сервисы. http://raz0r.name/articles/how-to-decrypt-php-script/
How do I perform a stack trace search ? Clicking the checkbox labeled "Stack Trace Search" on the GrepCode home page provides a text area where you can paste your Java stack trace. Doing a search after that will take you to a page with the results of your stack trace search. Alternatively, if you are not on the main page, you can click on the link in the header labeled "Stack Trace Search", and perform the same search.

FAQ - GrepCode.com - Java Source Code Search 2.0

DEFT Linux 7 RC1! — PenTestIT

“DEFT is a new concept of Computer Forensic live system that uses LXDE as desktop environment and thunar file manager and mount manager as tool for device management. It is a very easy to use system that includes an excellent hardware detection and the best free and open source applications dedicated to incident response and computer forensics .“

List of tools for static code analysis - Wikipedia, the free encyclopedia

Axivion Bauhaus Suite — A tool for Ada, C, C++, C#, and Java code that comprises various analyses such as architecture checking, interface analyses, and clone detection. Black Duck Suite — Analyze the composition of software source code and binary files, search for reusable code, manage open source and third-party code approval, honor the legal obligations associated with mixed-origin code, and monitor related security vulnerabilities. BugScout — Detects security flaws in Java, PHP, ASP and C# web applications.

Cppcheck - A tool for static C/C++ code analysis

Cppcheck is an static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect. The goal is to detect only real errors in the code (i.e. have zero false positives).

FindBugs v.2.0 - Find Bugs in Java Programs

A static analysis tool to find bugs in Java programs. FindBugs is an open source program created by Bill Pugh and David Hovemeyer which looks for bugs in Java code.It uses static analysis to identify hundreds of different potential types of errors in Java programs.FindBugs operates on Java bytecode,rather than source code.The software is distributed as a stand-alone GUI application. There are also plug-ins available for Eclipse,Netbeans,IntelliJ IDEA,and Hudson.