Nikto v.2.1.4 Released

Nikto is an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers.

This release contains a number of important bug fixes, as well as new functionality and improvements, including:

New interactive feature: press N to skip current host and move to next

Updated XML schema

Check for private IP addresses in cookies

Report certificate CN which doesn't match hostname

Allow multiple cookies to be set in the config file

Regular expressions in test database allow more accurate checks

More data in XML and HTML reports

For a full list of updates, see the CHANGELOG.txt


Download: https://cirt.net/nikto

Read more »

Nmap v.5.51 Released

A primary focus of this release is the Nmap Scripting Engine, which has allowed Nmap to expand up the protocol stack and take network discovery to the next level. Nmap can now query all sorts of application protocols, including web servers, databases, DNS servers,FTP, and now even Gopher servers! Remember those? These capabilities are in self-contained libraries and scripts to avoid bloating Nmap's core engine.


Download: http://nmap.org

Read more »

NiX Brute Force – Parallel Log-in Brute Forcing/Password Cracking Tool

NiX Brute Forcer is a tool that uses brute force in parallel to log into a system without having authentication credentials beforehand. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of NiX is to support a variety of services that allow remote authentication such as: MySQL, SSH, FTP, IMAP. It is based on NiX Proxy Checker.

Features

Basic Authorization & FORM support in both standard and HTTPS (SSL) mode
HTTP/SOCKS 4 and 5 proxy support
FORM auto-detection & Manual FORM input configuration.
It is multi-threaded
Wordlist shuffling via macros
Auto-removal of dead or unreliable proxy and when site protection mechanism blocks the proxy
Integrated proxy randomization to defeat certain protection mechanisms
With Success and Failure Keys results are 99% accurate
Advanced coding and timeout settings makes it outperform any other brute forcer

The full changelog including the latest version is here.

You can download NiX Brute Force here: NIX_BruteForce.bz2

Read more »

Blackbuntu CE 0.2 Released

Blackbuntu is distribution for penetration testing which was specially designed for security training students and practitioners of information security.
Blackbuntu is Ubuntu base distro for Penetration Testing with GNOME Desktop Environment. It's currently being built using the Ubuntu 10.10 and work on reference Back|Track.

Changelog
-------------------------
- Remove acroread
- Added Start/Stop Service Menu like <- Added Videosnarf
- Added Xplico
- Added fragrouter.
- Added Nemesis.
- Added Bizploit
- Added weevely
- Added Matahari
- Added Plecost
- Added Pynject
- Added SAP script from phenoelit.de
- Added numlockx (Credit to anidear).
- Recompile Kismet-new core to support Linux Netlink(LibNL/nl80211).
- Kernel modules patched it all up for packet injection/fragmentation/channel hopping, etc for wireless(Credit to Alex Ploiter)
- Upgrade dradis 2.4.1 to 2.6
- Update and integration of all the tools previosly available in Release 0.1
- Fixed 0trace - usleep not found on the system(credit Bruno Criado)
- Fixed Pentbox menu error and directory permission.
- Fixed menu wireshark doesn't run as root.
- Enable "ctrl+alt+backspace" Key Sequence to kill the X server (Credit to anidear).
- Removed unnecessary service on statup

Download
Source : http://www.blackbuntu.com/

Read more »