SSLsplit v 0.4.5 - Man-in-the-middle attacks against SSL/TLS

SLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Change Log:

• Add support for 2048 and 4096 bit Diffie-Hellman
• Fix syslog error messages 
• Fix threading issues in daemon mode .
• Fix address family check in netfilter NAT lookup 
• Fix build on recent glibc systems 
• Minor code and build process improvements

Download Here

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Joomscan updated - now can identify 673 joomla vulnerabilities

Security Team Web-Center just released an updated for Joomscan Security Scanner. The new database Have 673 joomla vulnerabilities

Joomla! is probably the most widely-used CMS out there due to its flexibility, user friendlinesss, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites.

Check for new updates with command: ./joomscan.pl or check ./joomscan.pl update 

Download Joomscan

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Burp Suite Free Edition v1.5 released

Burp Suite helps you secure your web applications by finding the vulnerabilities they contain.  Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, upstream proxies, logging, alerting and extensibility.

Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, scan, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.

User Interface:

• Burp's UI has been completely overhauled, to improve looks and usability:
• Fonts are now available throughout the UI, with corresponding resizing of all UI elements (tables, dialogs, buttons, etc.).
• There are configurable hotkeys for all common functions.
• Intruder and Repeater now have smart tabs, which you can drag to reorder, and click to create, close or rename.
• Tables are natively sortable everywhere, except where the row ordering is part of the options you are configuring.
• Text fields now have context-aware auto-complete memory.

Burp now implements sslstrip-style functionality, allowing you to use non-SSL-capable tools against HTTPS applications, or to perform active MITM attacks against users who begin browsing using HTTP.

Download Burp Suite Free Edition v1.5

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

WebSploit Framework 2.0.3 with Wifi Jammer

WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability.

WebSploit Is An Open Source Project For :
[>]Social Engineering Works
[>]Scan,Crawler & Analysis Web
[>]Automatic Exploiter
[>]Support Network Attacks
----
[+]Autopwn - Used From Metasploit For Scan and Exploit Target Service
[+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin
[+]format infector - inject reverse & bind payload into file format
[+]phpmyadmin Scanner
[+]LFI Bypasser
[+]Apache Users Scanner
[+]Dir Bruter
[+]admin finder
[+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks
[+]MITM - Man In The Middle Attack
[+]Java Applet Attack
[+]MFOD Attack Vector
[+]USB Infection Attack
[+]ARP Dos Attack
[+]Web Killer Attack
[+]Fake Update Attack
[+]Fake Access point Attack

Download WebSploit Framework 2.0.3

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Burp Suite v1.5rc2 released

Burp Suite Is a very powerful tool for web application security testing. This tool is great for Penetration Testers, Security Researcher. It contains a variety of tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application.

New in Burp Suite v1.5rc2 : The Burp Repeater UI has been modified to conserve screen space. The previous fields for host / port / protocol have been removed, since these details are automatically populated when a request is sent to Repeater, and typically do not need to be modified. The details of the target server for the current request are still displayed, and you can change these details by clicking on the target server label, to open a dialog. Burp's memory handling has been further refined, particularly when actively scanning, to reduce the overall memory footprint and improve Burp's resilience in low memory conditions.

All of the tools share the same robust framework for handling and displaying HTTP messages, persistence, authentication, proxies, logging, alerting and extensibility.

Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Burp Suite contains the following key components:

• An intercepting proxy, which lets you inspect and modify traffic between your browser and the target application.
• An application-aware spider, for crawling content and functionality.
• An advanced web application scanner, for automating the detection of numerous types of vulnerability.
• An intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.
• A repeater tool, for manipulating and resending individual requests.
• A sequencer tool, for testing the randomness of session tokens.
• The ability to save your work and resume working later.
• Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.

Burp is easy to use and intuitive, allowing new users to begin working right away. Burp is also highly configurable, and contains numerous powerful features to assist the most experienced testers with their work.

Download Burp Suite

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Ra.2 - Blackbox DOM XSS Scanner Released

Ra.2 - Blackbox DOM-based XSS Scanner is a approach towards finding a solution to the problem of detecting DOM-based Cross-Site Scripting vulnerabilities in Web-Application automatically, effectively and fast.

Ra.2 is basically a lighweight Mozilla Firefox Add-on that uses a very simple yet effective and unique approach to detect most DOM-based XSS vulnerabilities, if not all.

Being a browser-add on it is a session-aware tool which can scan a web-application that requires authentication. Ra.2 uses custom collected list of XSS vectors which has been heavily modified to be compatible with its scanning technology. The add-on also implements basic browser intrumentation to simulate a human interaction to trigger some hard to detect DOM-based XSS conditions.

Features

• False positive free by design: Vulnerable URLs are saved in DB, if and only if, our payload is executed successfully by the browser. Hence marked exploitable. If isn't false-positive, it's a bug! Report us :-)
• Large collection of injection vectors, includes “modified” R’Snake’s vectors as well.
• Supports transforming Unicode characters for testing content aware application.
• Automatically handles JavaScript obfuscation/compression, as it relies on native interpreter.
• Fast and light-weight.
• Pretty easy learning curve. Point-n-Click.

DOWNLOAD Ra.2 - Blackbox DOM XSS Scanner

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Social Engineer Toolkit 4.0 Released

Social Engineer Toolkit or SET updated to V4.0 . The latest version code named is “Balls of Steel.” The Social Engineering Toolkit (SET) is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing.

It was designed in order to arm penetration testers and security researchers with the ability to effectively test heavily advanced social-engineering attacks armed with logical methods. The Social Engineer Toolkit leverages multiple attack vectors that take advantage of the human element of security in an effort to target attackers.

In New version the Java Applet attack has been completely rewritten and obfuscated with added evasion techniques. Additionally, all of the payloads have been heavily encrypted with a number of heavy anti-debugging tools.

The powershell attack vectors now support customized payload selection through the config/set_config. A new attack vector has been added called the Dell DRAC Attack Vector (default credential finder).

.

Download Social Engineer Toolkit 4.0:
svn co http://svn.trustedsec.com/social_engineering_toolkit set/

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Covert VPN - VPN pivoting technology added to Cobalt Strike / Armitage

Covert VPN is a VPN pivoting technology recently added to CobaltStrike (the commercial Armitage). Once deployed, you have a layer 2 tunnel into your target's network. This allows you to sniff packets,use external tools, host rogue services, and inject spoofed packets.

To activate Covert VPN, right-click a compromised host, go to Meterpreter -> Pivoting -> Deploy VPN. Select the remote interface you would like Covert VPN to bind to. If no local interface is present, press Add to create one.


Check Clone host MAC address to make your local interface have the same MAC address as the remote interface. It’s safest to leave this option checked.Select Inject VPN client into memory to deploy Covert VPN directly into memory. If this box is not checked, Cobalt Strike will upload and execute the Covert VPN client for you. The inject into memory option does not work reliably on Windows Vista, Windows 7, or 64-bit Windows XP.Press Deploy to start the Covert VPN client on the target. Covert VPN requires SYSTEM access to deploy.

A 21-day trial of Cobalt Strike is available to try it out.

Download Cobalt Strike

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Sptoolkit - A Simple Phishing Toolkit

The spt project ( sptoolkit ) is an open source phishing education toolkit that aims to help in securing the mind as opposed to securing computers. A simple, targeted link is all it takes to bypass the most advanced security protections. The link is clicked, the deed is done.

spt ( sptoolkit )was developed from the ground up to provide a simple and easy to use framework to identify your weakest links so that you can patch the human vulnerability. If the spt project sounds interesting to you, please consider downloading it for evaluation in your own organization. Feedback is welcomed and always appreciated.

Basic reuirements for sptoolkit

• Apache,
• PHP
• MySQL

Feature list of sptoolkit 

• Vast improvements in the editing functionality for templates and education packages. Major changes include: two different editors to choose from (the oroginal spt text editor and TinyMCE), copy templates or education to new version and then customize them.
• Added education completion tracking, now you can determine if your targets completed the assigned education in a campaign.
• Support for the Google and TinyURL URL shortener services. Now your phishing emails can have shortened URLs, making them harder to detect.
• Support for sending SMTP using SSL secured connections.
• Enhancements to the viewing of campiang information including SMTP relay used and destination URL used.
• Initial support for using spt in SSL/TLS secured installations, code updates to prevent insecure content warnings.
• All forms now generate inline errors with entered value retention, allowing easy correction of incorrect or missing items without requiring all information to be entered again.
• Email tracking times are now more accurate when viewing campaign information.
• Most items in the Quick Start module now feature links allowing you to quickly access the desired location in the spt UI.
• Enhancements to the browser detection script for more information on what you need vs. what you have.
• Many security and usability issues fixed.
• Additional improvements in authentication and session management security.

Download sptoolkit

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

OWASP Security Shepherd 1.2 Released

Security Shepherd is a computer based training application for web application security vulnerabilities. This project strives to hurde the lost sheep of the technological world back to the safe and sound ways of secure practises. Security Shepherd can be deployed as a CTF (Capture the Flag) game or as an open floor educational server.

Easy configuration to suit every use

Security Shepherd has been designed and implemented with the aim of fostering and improving security awareness among a varied skill-set demographic. This project enables users to learn or to improve upon existing manual penetration testing skills. This is accomplished through lesson and challenge techniques. A lesson provides a user with a lot of help in completing that module, where a challenge puts what the user learned in the lesson to use. Utilizing the OWASP top ten as a challenge test bed, common security vulnerabilities can be explored and their impact on a system understood. The bi-product of this challenge game is the acquired skill to harden a players own environment from OWASP top ten security risks The modules have been crafted to provide not only a challenge for a security novice, but security professionals as well.

Security Shepherds vulnerabilities are not simulated, and are instead delievered through hardened real security vulnerabilities that can not be abused to compromise the application or it's environment. Many of these levels include insufficient protections to these vulnerabilities, such as black list filteres and poor security configuration. Security Shepherd includes everything you need to complete all of it's levels including the OWASP Zed Attack Proxy Project and portable browsers already configured for proxy use.

The Security Shepherd project covers the following web application security topics;

• SQL Injection
• Cross Site Scripting
• Broken Authetication and Session Management
• Cross Site Rrequest Forgery
• Insecure Direct Object Reference
• Insecure Cryptographic Storage
• Failure to Restrict URL Access
• Unvalidated Redirects and Forwards
• Insufficient Transport Layer Security

Download OWASP Security Shepherd 1.2

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Anehta V-0.6 - Web Application Security Audit Tool

Anehta is Web Application tool for Security Audit, written in PHP/JavaScript designed to make Cross site scripting and other web attacks easier and automated.

Install & Configure:

1. Decompress all the files in a directory on your server

2. Make sure your directory has the write permission.

3. Modify $U as username and $P as password in “server/class/auth_Class.php” file.

Default username is “admin” and default password is “123456″.

4. If you want to send mail, modify “server/mail.php” file to your own mail server or mailbox.

Quick Start:

1. Login and turn to the Configure tab.

2. Input the “anehtaurl” as the url where your anehta is.

For example: “http://www.a.com/anehta”.

3. You should also input the boomerang src and boomerang target.

boomerang src is usually the same page where you put your feed.js is.

For example: boomerang src maybe: “http://www.b.com/xssed.html?param=”.

boomerang target must be the page where you want to steal cross domain cookie.

For example: boomerang target maybe: “http://www.alimafia.com/xssDemo.html#’><’”.

You can modify feed.js to cancel the xcookie module if you do not want to use boomerang. But you must always set boomerang src and target values when you modify in the configure tab.

4. After modified configure, simply load feed.js as a external script to where your xss page is. There is also a demo page in the directory which is “demo.html”

5. Refresh the admin.php, and you may see some changes if your xss slave coming.

Download Anehta V-0.6

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Mutillidae 2.1.20 - Test your Hacking skills

Mutillidae is a free, open source web application provided to allow security enthusiast to pen-test and hack a web application. Mutillidae can be installed on Linux, Windows XP, and Windows 7 using XAMMP making it easy for users who do not want to install or administrate their own webserver. Mutillidae contains dozens of vulnerabilities and hints to help the user exploit them; providing an easy-to-use web hacking environment deliberately designed to be used as a hack-lab for security enthusiast, classroom labs, and vulnerability assessment tool targets.

Change log : Mutillidae 2.1.20:

• Changed some color schemes
• Bug fix: The html5 key validation on the on the html5 page was too restrictive. The validator was throwing errors even when the input was ok. This validation checks for any non-alphanumeric characters and prints an error if non-alphanumeric characters are found. This error message contains the bad key the user input. Since the site fails to output encode this error message, it is possible to perform DOM injection.
• Add the html5-storage.php to the vulnerabilities listing.

Download Mutillidae 2.1.20

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Secunia PSI 3.0 Released - Free program updater

Version 3 of Personal Software Inspector (PSI), Secunia's free program updater, has been released with a much simplified user interface, enabling less technically astute users to keep their Windows applications up to date as well.

Secunia PSI 3.0 is a free computer security solution that identifies vulnerabilities in non-Microsoft (third-party) programs which can expose PCs to attacks. Simply put, it is scanning software which identifies programs in need of security updates to safeguard the data on your PC against cybercriminals.

It then supplies your computer with the necessary software security updates to keep it safe. The Secunia Personal Software Inspector (PSI) even automates the updates for your insecure programs, making it a lot easier for you to maintain a secure PC. Using a scanner like Secunia PSI 3.0 is complementary to antivirus software, and as a free computer security program, is essential for every home computer.

PSI is now able to keep programs from more than 3,000 companies up to date, though, as before, PSI only cares about updates which fix security vulnerabilities. Version 3 also includes additional translations, including German.

Download Secunia PSI 3.0

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

The GUI Version of SQLMAP - SQL injection exploitation Tool

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

To use it, First install python 2.7 and download the last version of sqlmap-dev:
svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sqlmap-dev

Then Download the file and unzip to sqlmap directory. For more help visit Official site.

Download The GUI Version of SQLMAP

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Bash Script to Automate browser-in-the-middle attack

Browser-in-the-middle is a bashscript that uses ettercap, metasploit and the beEF framework to make attacks that injects code in pages users visited on the internet from the local network.

• - uses ettercap to launch a man in the middle attack
• - ettercap modifies traffic so evil javascript or iframes are added
• - victim's browser will be redirect to the attackers webserver
• - the webserver will be running the msf autopwn module or the beEF framework to launch browser exploits are other browser related attacks.

Download Bash Script

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Project GameOver - OS for Practicing Web Security

Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work.  

GameOver has been broken down into two sections

Section 1 consists of special web applications that are designed especially to teach the basics of Web Security. This seciton will cover  

XSS

CSRF 

RFI & LFI 

BruteForce Authentication 

Directory/Path traversal 

Command execution 

SQL injection 

Section 2  is a collection of dileberately insecure Web applications. This section provides a legal platform to test your skills and to try and exploit the vulnerabilities and sharpen your skills before you pentest live sites. 

We would advice newbies to try and exploit these web applications. These applications provide real life environments and  will boost their confidence.

System Requirements :

In order to run the VM image, you need to have a VM Player 4.0.2 or higher.(We have not tested it in lower versions of VM Player). You may allocate 256MB or higher RAM to this instance. In case you do not have a VM Player installed or for some reason you prefer another virtualization software, you may download the .iso and run it in a 'Live' mode.

Getting Started :

In case you have chosen the Live CD, select 'Live' from the grub menu and Enter. Login with the following credentials.

username: root 

password: gameover 

Once you login, type 'ifconfig' in your GameOver machine command prompt and hit Enter.  This will give you the ip address of the GameOver machine (Server). Now in your client browser enter this IP address and hit Enter. You should be able to access GameOver now. 

Web Applications (section 1):

1. Damn Vulneable Web Application:  (http://www.dvwa.co.uk/)

2. OWASP  WebGoat:(https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project)

3. Ghost (http://www.gh0s7.net/)

4. Mutillidae (http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10)

5. Zap-Wave: (http://code.google.com/p/zaproxy/)

Web Applications (section 2):

1. Owasp Hacademic Challenges : (https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project)

2. Owasp Vicnum: (https://www.owasp.org/index.php/Category:OWASP_Vicnum_Project)

3. WackoPicko: (http://www.aldeid.com/wiki/WackoPicko)

4. Owasp Insecure Web App: (https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project)

5. BodgeIT: (http://code.google.com/p/bodgeit/)

6. PuzzleMall: (https://code.google.com/p/puzzlemall/)

7. WAVSEP: (https://code.google.com/p/wavsep/)

Known Bugs : The .iso cannot be installed on a Virtual machine, but works perfectly in the 'Live mode'.

Download Gameover os

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Metasploitable 2 Released - Vulnerable machine for Penetration testing Practice

The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. Version 2 of this virtual machine is available for download from Sourceforge.net and ships with even more vulnerabilities than the original image.

This virtual machine is compatible with VMWare, VirtualBox, and other common virtualization platforms. By default, Metasploitable's network interfaces are bound to the NAT and Host-only network adapters, and the image should never be exposed to a hostile network.

A beginner's guide to setting up and using Metasploitable as a practice target machine. Read this guide to find out where you can download Metasploitable and how you can get it up and running: Get Setup Guide

Download Metasploitable 2

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

CVE-2012-2122 : Mysql Authentication Bypass Exploit

A serious security bug in MariaDB and MySQL Disclosed, According to Advisory All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable. This issue got assigned an id CVE-2012-2122. You can Read More Details Here.

Mysql_hashdump module from Metasploit uses a known username and password to access the master user table of a MySQL server and dump it into a locally-stored "loot" file. This can be easily cracked using a tool like John the Ripper, providing clear-text passwords that may provide further access.

Jonathan Cran (CTO of Pwnie Express and Metasploit contributor) committed a threaded brute-force module that abuses the authentication bypass flaw to automatically dump the password database. This ensures that even if the authentication bypass vulnerability is fixed, you should still be able to access the database using the cracked password hashes. A quick demonstration of this module is shown below using the latest Metasploit Framework GIT/SVN snapshot.

Download Exploit

Another Easy python script to gain root access to MySQL released by Dave (ReL1K) Kennedy's on his blog.

#!/usr/bin/python

import subprocess

while 1:

subprocess.Popen("mysql -u root mysql --password=blah", shell=True).wait()

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

SMB checker and Remote Code Execution Vulnerability Exploiter Script

The vulnerability 'MS08-067' is a flaw in the Windows Server Service that when a specially crafted RPC request was sent could allow remote code executions.This vulnerability affected Windows 2000, XP, Server 2003, Vista, and server 2008 and has been assigned CVE-2008-4250.

There is a Python Script developed by Ahmed shawky aka lnxg33k, which will automatically scan for SMB Port and Will also Exploit 'MS08-067' Flaw using Metasploit. The Script will Exploit the target for you. You can download the code :

Download Script

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Nessus 5.0.1 - Vulnerability scanner

The Nessus vulnerability scanner is the world-leader in active scanners, featuring high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus is the world’s most widely-deployed vulnerability and configuration assessment product

Official change log for Nessus 5.0.1:

• Resolved an issue whereas packet forgery was not working on some Windows setups
• Improved the Windows installer which would fail on some setups
• Fixed several thread synchronization issues leading to a crash in certain situations
• Imported v1 reports are more legible
• Nessus can now read a 64-bit database on a 32-bit system and vice-versa
• Identified and resolved a minor memory leak issue occurring on all platforms
• Scanning with a SSL certificate defined in the policy would sometimes cause a scanner crash
• Workaround for CVE-2011-3389
• Worked around a possible incompatibility with the Fedora 16 / Debian 6 memory allocator
• Restored the ability to log in via certificate authentication on port 1241 when “force_pubkey_auth = no“
• This version of Nessus now includes OpenSSL version 1.0.0h

Download Nessus 5.0.1

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email