Vulnerability Analysis

Vulnerability Analysis (19)

A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. Some of the solutions alsp provide the ability to exploit the vulnerability once identified, e.g. Metasploit. See also Web Vulnerability Scanners, which are designed to scan web applications.

sql server injection and takeover tool

Sunday, 16 August 2015 11:37 Written by in Vulnerability Analysis

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Sunday, 16 August 2015 11:36 Written by in Vulnerability Analysis

SamuraiSTFU takes the best in bread security tools for traditional network and web penetration testing, adds specialized tools for embedded and RF testing, and mixes in a healthy dose of energy sector context, documentation, and sample files.  Oh, and I shouldn't forget the inclusion of emulators for SCADA, Smart Meters, and other types of energy sector systems to provide leverage a full test lab.

Sunday, 16 August 2015 11:29 Written by in Vulnerability Analysis

Not opensource anymore - SAINT is a Vulnerability Assessment Tool, an updated and enhanced version of Wietse Venema's SATAN. SAINT gathers information about remote hosts and networks by examining such network services as finger, NFS, NIS, ftp and tftp, rexd, statd, and other services. It features a graphical user interface. Previously free software, now a commercial product.

Sunday, 16 August 2015 11:28 Written by in Vulnerability Analysis

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.

Sunday, 16 August 2015 11:15 Written by in Vulnerability Analysis

ThreadFix is a software vulnerability aggregation and vulnerability management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems.

ThreadFix aggregates vulnerability test results from disparate static and dynamic scanning tools as well as the results of manual penetration testing, code review and threat modeling to create a single comprehensive view of the security status of all applications within an organization.

The reporting, prioritization and remediation of an organization's application security vulnerabilities are centralized in a single tool, significantly easing communications between the application development and security teams.

Sunday, 28 June 2015 21:49 Written by in Vulnerability Analysis

Post-exploitation tool written by Benjamin Delpy (gentilkiwi). A lot of times after the initial exploitation phase attackers may want to get a firmer foothold on the computer/network. Doing so often requires a set of complementary tools. Mimikatz is an attempt to bundle together some of the most useful tasks that attackers, and assessors trying to emulate them, will want to perform.

Friday, 26 June 2015 14:16 Written by in Vulnerability Analysis

It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their list of modules. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality. One free extra is Metasploitable, an intentionally insecure Linux virtual machine you can use for testing Metasploit and other exploitation tools without hitting live servers.

Friday, 26 June 2015 14:14 Written by in Vulnerability Analysis

Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. Maltego's unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure.

Friday, 26 June 2015 13:46 Written by in Vulnerability Analysis

Kali Linux is the new generation of the industry-leading BackTrack Linux penetration testing and security auditing Linux distribution. Kali Linux is a complete re-build of BackTrack from the ground up, adhering completely to Debian development standards.

Friday, 26 June 2015 13:07 Written by in Vulnerability Analysis
Page 1 of 2

Warranty Disclaimer

Warranty Disclaimer: The FBI, InfraGard, and its affiliates provide information, including but not limited to software, documentation, training, and other guidance to be known as “materials”. The materials are provided as-is and we expressly disclaim any and all warranties, express or implied, including, and without limitation, the implied warranties of merchantability, fitness for a particular purpose, non-infringement, quiet enjoyment, and integration, and warranties arising out of course of dealing or usage of trade. You agree that, as between you and the FBI, InfraGard, and its affiliates, you are responsible for the outcome of the use of materials made available, including but not limited to adherence to licensing requirements, and taking legal and regulatory considerations into account. There is no guarantee of accuracy, completeness, timeliness, or correct sequencing of the information provided.