PL/SQL port scanner
PL/SQL port scanner is a TCP CONNECT port scanner in PL/SQL code. In order to run these procedures you must have access to the UTL_TCP package. By default the DBSNMP user has access to this package. The tool can be usefull during penetration testing if you want to gain more knowledge about the networks residing behind the actual database. Also, if you can access an Oracle database only through SQL injection or sqlplus use now have a simple functioning port scanner within the database system.
Read the Article
|
Proactive Password Auditor
Proactive Password Auditor™ helps secure networks by executing an audit of account passwords, and exposing insecure account passwords. If it is possible to recover the password within a reasonable time, the password is considered insecure. An administrator can also use it to recover any lost password and access a user's Windows® account. Proactive Password Auditor™ works by analyzing user password hashes and recovering plain-text passwords.
Read the Article
|
Qmail-Scanner
Qmail-Scanner is an add-on that enables a Qmail e-mail server to scan all gateway-ed e-mail for certain characteristics (i.e. a content scanner). It is typically used for its anti-virus protection functions, in which case it is used in conjunction with external virus scanners. but also enables a site (at a server/site level) to react to e-mail that contains specific strings in particular headers, or particular attachment filenames or types (e.g. *.VBS attachments). It also can be used as an archiving tool for auditing or backup purposes.
Read the Article
|
ShowTraf
Show Traffic - monitors network traffic on the chosen network interface and displays it continuously. It could be used for locating suspicious network traffic or to evaluate current utilization of the network interface.
Read the Article
|
SpiderFoot
SpiderFoot is a free, open-source, domain footprinting tool. Given one or multiple domain names (and when I say domains, I'm referring to the DNS kind, not Windows domains), it will scrape the websites on that domain, as well as search Google, Netcraft, Whois and DNS.
Read the Article
|
Spoofaudit
This network auditing tool will help you to determine what basic spoofing filters are pressent between two testpoints on two networks, and what anti spoofing filters are missing. They tools are designed to work between endpoints that would not normaly have any filtering between them exept for anti-spoofing filters.
Read the Article
|
Sysstat
Sysstat is a system accounting program used to collect statistical data on various system components including CPU, Network, Disk, and process related activities.
Read the Article
|
TCP/UDP Protocol Fuzzer
"Fuzzing" is an automated software testing technique that generates and submits random or sequential data to various areas of an application in an attempt to uncover security vulnerabilities. For example, when searching for buffer overflows, a tester can simply generate data of various sizes and send it to one of the application entry points to observe how the application handles it.
Read the Article
|
Themis - Internet Security Scanner
Themis is an advanced Network Scanner that capable scanning hosts for different vulnerabilities and produce a detailed report regarding the security problems the host might have.
Read the Article
|
Traffic Vis
Traffic-vis is a network monitoring/auditing tool. It is a free (GPL) tool which can graphically plot communications between hosts on a TCP/IP network and quickly answer questions such as Who is saturating our Internet link?
Read the Article
|
