[Nessus 5.2] Nessus Vulnerability Scanner

New release of the Nessus vulnerability scanner! This is a major release (moving from 5.0.3 to 5.2.0) and includes several new features and enhancements, including:

• IPv6 is now supported on all platforms (including Windows)
• Nessus server support for Windows 8 and Windows 2012
• Add attachments within scan result reports
• Mac OS X preference pane
• Digitally-signed Nessus RPM packages for supporting distributions
• Smaller memory footprint and reduced disk space usage
• Faster, more responsive web interface (uses less bandwidth)
• No longer need to visit the Tenable website for an activation code!

Several key features are described in detail below, including examples of the new MAC OS X preference pane and the new attachments feature:

Add Attachments to Scan Results

Information collected during the scan can now be included in the results as an attachment. The first iteration of attachments will be screenshots, but any attachment type can be included.

Remote Desktop Protocol (RDP)

If Nessus discovers Remote Desktop Protocol on a target, a screenshot is taken. This can reveal information such as the operating system version and the currently-logged-on user.

VNC

If Nessus discovers a target is running VNC without a password to restrict access, a screenshot is included in the results. The above example shows the system using a web browser to visit the www.tenable.com website.

Websites

For Internet-connected web servers, Nessus will take a screenshot of the website as if you visited the website using a web browser. This feature is useful to identify the applications you are testing, including making sure you are testing the correct virtual host.

Mac OS X Preference Pane

The addition of a Nessus server preference pane in OS X allows the user to stop and start the Nessus server process and configure whether or not Nessus is started at boot time.

Getting Nessus 5.2

New users may download and evaluate Nessus free of charge by visiting the Nessus home page. Current customers can download 5.2 from the Tenable Support Portal. Detailed instructions and notes on upgrading are located in the Nessus 5.2 Installation and Configuration Guide.

Nessus ProfessionalFeed and Perimeter Service customers: Please contact Tenable Support (support -at- tenable.com) with any questions regarding the upgrade to Nessus 5.2.0. Users may also visit the Tenable Discussion Portal for more information.

Download Nessus 5.2

[Vega v1.0] Web Application Security Scanner

Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.

Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. Vega can be extended using a powerful API in the language of the web: Javascript.

Vega was developed by Subgraph in Montreal.

Features

• Automated Crawler and Vulnerability Scanner
• Consistent UI
• Website Crawler
• Intercepting Proxy
• SSL MITM
• Content Analysis
• Extensibility through a Powerful Javascript Module API
• Customizable alerts
• Database and Shared Data Model

Some of the features in the 1.0 release include:

• Active proxy scanner
• Greatly improved detections
• Greatly improved support for authenticated scanning
• API enhancements
• HTTP message viewer enhancements

Modules

• Cross Site Scripting (XSS)
• SQL Injection
• Directory Traversal
• URL Injection
• Error Detection
• File Uploads
• Sensitive Data Discovery

Download Vega v1.0 RC84

[ExploitSearch.net] Exploit / Vulnerability Search Engine

Exploitsearch.net, is an attempt at cross referencing/correlating exploits and vulnerability data from various sources and making the resulting database available to everyone. 

Unlike other exploit search engines which are simply custom google searches, this site actually crawls the source databases/websites and parses the contained data. Once the data is collected and parsed, it is inserted into the www.exploitsearch.net database and becomes available for searching. 

ExploitSearch.net

[6Scan] Búsqueda de Vulnerabilidades y Malware en Páginas Webs

Los servicios que se encargan de buscar vulnerabilidades o malware en las páginas webs.

Una de esas webs que ofrecen ese servicio es 6scan. Esta web posee un servicio gratuíto y otro de pago, que ofrecen distintas alternativas.

Para configurar un escaneo es muy sencillo, solo deberemos de hacer para empezar poner nuestro correo electrónico y la páginas web que escanearemos.

Si el servicio de 6scan encuentra una vulnerabilidad o malware seremos avisados por correo en la versión FREE y por SMS en la versión PREMIUM.

Se lanza el escaneo a la web en cuestión:

El escano como bien dice, nos avisará en el caso de encontrar una vulnerabilidad.

Podemos añadir mas sitios en el servicio:

Como bien decía dependiendo de si escogemos el servicio gratuito o no, tendremos unas caraterísticas u otras.

Buen servicio que nos ayudará a mitigar en gran medida vulnerabilidades que puedan salir en una fase de desarrollo mal echa o incluso también poder mitigar malware que nos salga.

6scan

[Fuente]

Múltiples vulnerabilidades en productos Hitachi

Hitachi ha publicado varios boletines de seguridad que afectan a diferentes productos, y que pueden permitir a un atacante revelar información sensible y causar denegación de servicio.  Varios fallos son heredados de Apache, integrado en algunos de sus productos, y los restantes son ataques cross-site scripting.

Los fallos heredados de Apache son y afectan a los siguientes productos:

• Denegación de servicio a través de la función 'apr_brigade_split_line' con CVE-2010-1623, que afecta a los productos Cosminexus HTTP Server (v7,v8,v9), Hitachi Web Server (v3,v4).
      
• Revelación de información sensible al no restringir la información de la cabecera HTTP en errores 400 con CVE-2012-0053, que afecta a los productos Cosminexus HTTP Server (v5,v6,v7,v8,v9), Hitachi Web Server (v1,v2,v3,v4), Hitachi Web Server - Security Enhancement (v2).
     
• Denegación de servicio a través de la función 'ap_cleanup_scoreboard' con CVE-2012-0031, que afecta a los productos Cosminexus HTTP Server (v7,v8,v9), Hitachi Web Server(v3,v4).

Por otra parte, los productos Groupmax Collaboration Portal v7, uCosminexus Collaboration Portal v6, Groupmax Collaboration Web Client - Forum/File Sharing v7, uCosminexus Collaboration Portal - Forum/File Sharing v6 y Groupmax Collaboration Web Client – Mail/Schedule v7 son susceptibles a ataques XSS (cross-site scripting).

Más información:

Hitachi (HS12-029):

http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-029/index.html

Hitachi (HS12-031):

http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-031/index.html

Hitachi (HS12-032):

http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-032/index.html

Hitachi (HS12-033):

http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-033/index.html

Fernando Castillo

fcastillo@hispasec.com
Fuente: http://unaaldia.hispasec.com/

[ExploitShield Browser Edition] Forget about browser vulnerabilities

 

ExploitShield Browser Edition protects against all known and unknown 0-day day vulnerability exploits, protecting users where traditional antivirus and security products fail. It consists of an innovative patent-pending vulnerability-agnostic application shielding technology that prevents malicious vulnerability exploits from compromising computers.

Includes "shields" for all major browsers (IE, Firefox, Chrome, Opera) and browser all components such as Java, Adobe Reader, Flash, Shockwave. Blocks all exploit kits such as Blackhole, Sakura, Phoenix, Incognito without requiring any signature updates.

 

 

No need to train or configure, ExploitShield is 100% install-and-forget anti-exploit solution. Read more: ExploitShield Browser Edition. The ZeroVulnerabilityLabs website maintains a realtime list of detected threats and their VirusTotal results.

Download

[Burp Suite] Free Edition v1.5

Burp Suite helps you secure your web applications by finding the vulnerabilities they contain.  Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, upstream proxies, logging, alerting and extensibility.

Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, scan, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.

User Interface:

• Burp's UI has been completely overhauled, to improve looks and usability:
• Fonts are now available throughout the UI, with corresponding resizing of all UI elements (tables, dialogs, buttons, etc.).
• There are configurable hotkeys for all common functions.
• Intruder and Repeater now have smart tabs, which you can drag to reorder, and click to create, close or rename.
• Tables are natively sortable everywhere, except where the row ordering is part of the options you are configuring.
• Text fields now have context-aware auto-complete memory.

Burp now implements sslstrip-style functionality, allowing you to use non-SSL-capable tools against HTTPS applications, or to perform active MITM attacks against users who begin browsing using HTTP.

Download Burp Suite Free Edition v1.5

[Scylla] v1 Penetration Testing Tool - Because there's no patch for human stupidity

When there's no technical vulnerability to exploit, you should try to hack what humans left for you, and believe me, this always works.

Scylla provides all the power of what a real audit, intrusion, exclusion and analysis tool needs, giving the possibility of scanning misconfiguration bugs dynamically. Scylla aims to be a better tool for security auditors, extremely fast, designed based on real scenarios, developed by experienced coders and constructed with actual IT work methods.

The words “Configuration Tracer” are the best definition for Scylla, a tool to help on IT audits. Scylla is a tool to audit different online application protocols and configurations, built over a brute-force core.

This tool acts as a tool for unifying auditing techniques, in other words, it does what oscanner, winfingerprint, Hydra, DirBuster, and other tools do, and also what those tools don't do.


Supported Protocols

• Terminal (Telnet, SSH, telnets)
• FTP (FTPS, FTP, SFTP)
• SMB (Also Windows RPC)
• LDAP
• POP3 (POP3S)
• SMTP (SMTPS)
• IMAP
• MySql
• MSSQL
• Oracle (Database and TNS Listener)
• DB2 (Database and DAS)
• HTTP(HTTPS; Basic AUTH Brute Force, Digest AUTH Brute Force, Form Brute Force, Directory and files Brute Force)
• DNS (DNS snooping)
• Postgres SQL

Basic features:

- User, password list based Brute force

- Multiple hosts support

- Multiple session support

- Nmap integration

- Non-synchronized threads (proof to be a bit faster)

- Ability to restore sessions

- Session auto-saving (based on SQL Server CE)

- Easy to use

- Auto configured options

- Hacker oriented

- Free, and always free

- Database browser (who have hacked a DB and don’t have a DB client to connect to it- And worse if you don’t have internet)

- Open source tool

Download Scylla v1

Screen Shots, lots of screen shots

 

  

  

  

  

   

  

  

  

  

 

[ZAP] OWASP Zed Attack Proxy Weekly

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen tester's toolbox.

Team is now releasing weekly updates on every Monday. These are not the full releases , like stable one, but to give more enhancements as soon as possible, ZAP team decide to release weekly updates also.

The following new features are included in weekly releases:

• Completely rewritten 'traditional' Spider (c/o Cosmin Stefan and the GSoC)
• New Ajax Spider (using Crawljax, c/o Guifre Ruiz and the GSoC)
• Web sockets support (c/o Robert Koch and the GSoC)
• Performance improvements (both speed and memory)
• Session awareness
• Authentication handling
• Contexts
• Modes (Safe, Protected and Standard)
• Online links in menu

Download ZAP week update