Nikto is sponsored by Netsparker, a dead accurate and easy to use web application security scanner. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS. Not every check is a security problem, though most are.
IBM - Software - IBM Security AppScanStatic and dynamic application security testing throughout the application lifecycle IBM Security AppScan Trial Try a full-featured version of the software IBM Security AppScan Trial Try a full-featured version of the softwareSecurity Testing your Apache Configuration with NiktoIntroduction By now you've got the perfect setup for your new Ubuntu 6.0.6 (Dapper Drake) box. You may have even followed the excellent Intrusion Detection and Prevention with BASE and Snort tutorial. And as an added precaution you installed DenyHosts to prevent hack attempts via ssh.
Personal Software InspectorPersonal Software Inspector is a security scanner which identifies programs that are insecure and need updates. It automates the updating of the majority of these programs, making it a lot easier to maintain a secure PC. It automatically detects insecure programs, downloads the required patches, and installs them accordingly without further user interaction. Personal Software Inspector also detects and notifies you of programs that cannot be automatically updated with software patches and provides you with detailed instructions for updating the program when available.
Burp Suite Tutorial – The Intruder ToolHi everyone, I have been spending some time this week reviewing some of the old Security Ninja blog posts now that we are getting close to our second birthday. I wanted to create a list of things I’ve promised to write about but never got around to doing.Retina Network Community - BeyondTrustRetina Community gives you powerful vulnerability management across your entire environment. For up to 256 IPs free, Retina Community identifies network vulnerabilities (including zero-day), configuration issues, and missing patches across operating systems, applications, devices, and virtual environments. Manage your network security with Retina Community. Metro styled user interface for streamlined vulnerability assessment, management and content related to database, workstation, server, and virtualized environmentsPerform free vulnerability assessment of missing patches, zero-days and insecure configurationsSimplify security assessment with user profiles that align to your job functionImprove risk management and prioritization with broad exploit identification from Core Impact, Metasploit, and Exploit-db.comFull Support for VMware environments, including online and offline virtual image scanning, virtual application scanning, and integration with vCenter.
Creating a Custom Linux Kernel in Debian GNU/LinuxThe most current version of this document can be found at Contents DisclaimerMaintenance LogIntroductionStep 1: Update Your sources.list FileStep 2: Update the List of Available PackagesStep 3: Apply Pending UpdatesStep 4: Install the Kernel Source PackageStep 5: Unpack the Kernel SourcesStep 6: Install Step 7: Patch the KernelStep 8: Configure the KernelStep 9: Create the Kernel Image PackageStep 10: Customize the Kernel Installation Environment Changing Boot Loaders Customizing the Squeeze (6.0) Environment Customizing the Wheezy (7.1) Environment Customizing the Jessie EnvironmentStep 11: Install the Kernel Image PackageStep 12: Shutdown and RebootStep 13: Clean UpStep 13a: Clean Up (Part Two)Step 14: MaintenanceAlternativesA Specific ExampleAnother Specific ExampleConclusion
John the Ripper password crackerJohn the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance. This version integrates lots of contributed patches adding GPU support (OpenCL and CUDA), support for a hundred of additional hash and cipher types (including popular ones such as NTLM, raw MD5, etc., and even things such as encrypted OpenSSH private keys, ZIP and RAR archives, PDF files, etc.), as well as some optimizations and features. Unfortunately, its overall quality is lower than the official version's. Requires OpenSSL. There are unofficial binary builds (by John the Ripper user community members) for Windows, Linux, Solaris, and Mac OS X.
STEGANOGRAPHY SOFTWARESteganography applications conceal information in other, seemingly innocent media. Steganographic results may masquerade as other file for data types, be concealed within various media, or even hidden in network traffic or disk space. We are only limited by our imagination in the many ways information and data can be exploited to conceal additional information. Over the years I've been asked to add steganography and related application to my website, in the tool matrix, or steganography list.OWASP Zed Attack Proxy ProjectInvolvement in the development of ZAP is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:Transforming your Android Phone into a Network Pentesting DeviceLester: Hey Nash, are you scanning our school’s network with just your smartphone? Nash: Well, yes I am! I’m using a network penetration suite just to check out if the students are aware and practicing what they learned from my network security class, and because I just told them about password sniffing…
Burp SuiteBurp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.