background preloader

OpenVAS - OpenVAS - Open Vulnerability Assessment System

OpenVAS - OpenVAS - Open Vulnerability Assessment System
OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. Discover OpenVAS Learn what OpenVAS is and read more about the features of our solution! About OpenVAS » Reliable and Sustainable The powerful and comprehensive OpenVAS solution is available as Free Software and maintained on a daily basis.

http://www.openvas.org/

Related:  Penetration Testing Tools and How2sSecurity

Personal Software Inspector Personal Software Inspector is a security scanner which identifies programs that are insecure and need updates. It automates the updating of the majority of these programs, making it a lot easier to maintain a secure PC. It automatically detects insecure programs, downloads the required patches, and installs them accordingly without further user interaction. Personal Software Inspector also detects and notifies you of programs that cannot be automatically updated with software patches and provides you with detailed instructions for updating the program when available. In most cases, you simply need to click the appropriate icon in the Results window and follow the on-screen instructions to install the latest patches. Personal Security Inspector includes the following:

Scanning the Internet with Nmap (Defcon 16) Tutorial Scanning The Internet With Nmap (Defcon 16) Description: How would you like to scan millions of hosts on the Internet and catalog all the interesting insights? This is exactly what Fyodor, the author of Nmap or Network Mapper did last summer. Thankfully, he then went on to share his finding with the community at Defcon 16 in his talk titled "Nmap: Scanning the Internet".

Scientists detect “spoiled onions” trying to sabotage Tor privacy network Computer scientists have identified almost two dozen computers that were actively working to sabotage the Tor privacy network by carrying out attacks that can degrade encrypted connections between end users and the websites or servers they visit. The "spoiled onions," as the researchers from Karlstad University in Sweden dubbed the bad actors, were among the 1,000 or so volunteer computers that typically made up the final nodes that exited the Tor—short for The Onion Router—network at any given time in recent months. Because these exit relays act as a bridge between the encrypted Tor network and the open Internet, the egressing traffic is decrypted as it leaves.

Nikto2 Nikto is sponsored by Netsparker, a false positive free web application security scanner. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. Nikto is not designed as a stealthy tool.

John the Ripper password cracker John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance. This version integrates lots of contributed patches adding GPU support (OpenCL and CUDA), support for a hundred of additional hash and cipher types (including popular ones such as NTLM, raw MD5, etc., and even things such as encrypted OpenSSH private keys, ZIP and RAR archives, PDF files, etc.), as well as some optimizations and features. Unfortunately, its overall quality is lower than the official version's.

Speech recognition hack turns Google Chrome into advanced bugging device Users of Google's Chrome browser are vulnerable to attacks that allow malicious websites to use a computer microphone to surreptitiously eavesdrop on private conversations for extended periods of time, an expert in speech recognition said. The attack requires an end user to click on a button giving the website permission to access the microphone. Most of the time, Chrome will respond by placing a blinking red light in the corresponding browser tab and putting a camera icon in the address bar—both indicating that the website is receiving a live audio feed from the visitor. The privacy risk, according to a blog post published Tuesday, stems from what happens once a user leaves the site.

IBM - Software - IBM Security AppScan Static and dynamic application security testing throughout the application lifecycle IBM Security AppScan Trial Try a full-featured version of the software Nessus Vulnerability Scanner Detect & Assess Nessus is continuously updated with information about advanced threats and zero-day vulnerabilities, and new types of regulatory compliance configuration audits. Report & Take Action Report what matters to responsible parties with exploitability, severity modification, scan scheduling and deliver remediation reports via targeted emails.

Chrome Bugs Lets Sites Listen to Your Private Conversations While we’ve all grown accustomed to chatting with Siri, talking to our cars, and soon maybe even asking our glasses for directions, talking to our computers still feels weird. But now, Google is putting their full weight behind changing this. There’s no clearer evidence to this, than visiting Google.com, and seeing a speech recognition button right there inside Google’s most sacred real estate - the search box. Yet all this effort may now be compromised by a new exploit which lets malicious sites turn Google Chrome into a listening device, one that can record anything said in your office or your home, as long as Chrome is still running. Check out the video, to see the exploit in action

Related:  ExploitsNetwork Assessment ToolsmonitoringSecurity TestingNetwork Layer Pen Tools