John the Ripper (http://www.openwall.com/john) is a well-known and mature password auditing tool. However, if you are working from a recent OS (e.g., Ubuntu 9.04 or later) that uses SHA-512 hashing John has a problem.
Whois.py is a script that makes it fast and easy to store Arin information about specific IPs. The script was written with no library dependencies or setup steps. It runs on multiple platforms. (continue reading…)
Tamper Data
– A Firefox plug-in that allows inline capture and modification of outgoing HTTP requests.
Instead of relying on Javascript to modify the DOM before a form or query is submitted
you are able to trap the request, edit it (including adding completely new fields)
and forward it to the server. This can allow a tester to bypass all client-side filtering
and verification a web application may have.
The previous
article gave us a base point to begin building our tool chest with two Live CDs
that provide a wide array of security tools. This article is going to cover the first
phase of an assessment: information gathering and reconnaissance. I have put together
a list of the top 10 most useful utilities and websites I use on a daily basis for
security related assessments.
With the seemingly endless number of security products, utilities and information
sites available today the thought of putting together a set of tools to perform routine
security tasks might seem daunting. It can be, but it doesn’t have to be. Over the
next few entries I am going to walk through how someone would put together a security
tool chest that can be used for almost all day to day security needs.
“How many computers do you have?”
< ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
NMAP, developed by Fyodor, is one of those rare tools that can be used by IT
professionals regardless of the specialization that they have chosen (i.e. system
administrator, network engineer, security consultant, etc…)
Ever get to an authentication challenge in a client application and have that feeling of
being rooted? I know I have on several occasions.
Unkowingly allowing Anonymous Zone Transfers can increase your risk profile immensley.
How to test for anonymous zone transfer using nslookup:
If you have any questions about our services, please contact us.
(888) 4-TEVORA
Contact Us Now!
One Spectrum Pointe Drive, Suite 200
Lake Forest, California 92630.
Tel: 949.250.3290
Fax: 949.250.9993
Email: info@tevora.com
Driving directions
7485 Rush River Drive, Suite 710
Sacramento, CA. 95831
Tel: (888) 4-TEVORA
Fax: 925.369.0307
Email: norcal@tevora.com
Driving directions
Tevora South America
Alameda Jaú
1742 / 8 Andar
CJ 81 - São Paulo - Brasil
Tel:+55 11 3063-1853
www.tevora.com.br