exploit the possibilities
Showing 1 - 25 of 8,852 RSS Feed

Operating System: UNIX

SQLMAP - Automatic SQL Injection Tool 1.5.3
Posted Mar 4, 2021
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Minor release with no notes in the changelog.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | ce4b0dc1d2ac37013055fba060747e36
OpenSSH 8.5p1
Posted Mar 3, 2021
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: Double-free memory corruption issue fixed in ssh-agent. A mitigation was added to stop an overly long username going to PAM. Future deprecation updates provided and many other updates.
tags | tool, encryption
systems | linux, unix, openbsd
MD5 | 9eb9420cf587edc26f8998ab679ad390
Zeek 4.0.0
Posted Mar 2, 2021
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: Added support for EDNS0 Cookie and Keep-Alive options. Added new Packet Analysis plugin architecture for parsing packet headers at layers below the existing Session analysis plugins. A few other additions as well as improvements to capture-loss.zeek.
tags | tool, intrusion detection
systems | unix
MD5 | 3178eb66e9ac62e8e61707d34c8855f9
Suricata IDPE 6.0.2
Posted Mar 2, 2021
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Fixed crashes, a leak in signature parsing with urilen, a CPU exhaustion issue, and many other bugs.
tags | tool, intrusion detection
systems | unix
MD5 | 4024fd07bed74c22874862a501311241
American Fuzzy Lop plus plus 3.10c
Posted Mar 1, 2021
Authored by van Hauser, thc, Heiko Eissfeldt, Andrea Fioraldi, Dominik Maier | Site thc.org

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

Changes: Mac OS ARM64 support. Android support fixed and updated. Over a dozen other updates and improvements.
tags | tool, fuzzer
systems | unix
MD5 | e135b8d1d4bbdf073be46591e8244f8a
Faraday 3.14.2
Posted Mar 1, 2021
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added three new plugins and fixed some old versions of nessus plugins.
tags | tool, rootkit
systems | unix
MD5 | 7f7b45a110a9067eae5385f79d12e000
Global Socket 1.4.25
Posted Feb 24, 2021
Authored by thc | Site thc.org

Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.

Changes: Terminal/ANSI code fixes.
tags | tool, tcp
systems | unix
MD5 | 678586d46969ea1bbd7e8b77dacafa3e
jSQL Injection 0.84
Posted Feb 24, 2021
Authored by ron190 | Site github.com

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.

Changes: Integrated Nashorn sandbox for Java 15. Fixed Mac glitches. Restored Scan results. Used Java 11 and dropped Java 8, 9, 10.
tags | tool, scanner, sql injection
systems | linux, unix
MD5 | 94ca759744816cccb5adcb61bc26ebf8
Zeek 3.2.4
Posted Feb 23, 2021
Authored by Robin Sommer, Vern Paxson | Site zeek.org

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.

Changes: A denial of service issue has been addressed as well as two bugs.
tags | tool, intrusion detection
systems | unix
MD5 | 12687bbdab008fa1c1f6d55ff97f3c20
OpenDNSSEC 2.1.8
Posted Feb 22, 2021
Site opendnssec.org

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Changes: Upgraded autoconf/automake configuration chain for version 2.69/1.16.2. Fix to crash when using ods-enforcer set-policy command. Fix to crash in case zone file not present while getting a signconf update and state flush command. Modified the purging of keys, to make it automatic to purge keys from the HSM. Fix that caused crash when signer was offline for a prolonged period (but the enforcer wasn't) in the middle of a ZSK roll. Memory leak was addressed when receiving NOTIFY for non-existent zone.
tags | tool
systems | unix
MD5 | 271b08010690b49343adf59627c6bb20
Global Socket 1.4.24
Posted Feb 22, 2021
Authored by thc | Site thc.org

Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.

Changes: EEElite-Console, File Transfer and alerts when admin logs in.
tags | tool, tcp
systems | unix
MD5 | 20d802d5a4db9ffc08379aea052bd26f
Wapiti Web Application Vulnerability Scanner 3.0.4
Posted Feb 22, 2021
Authored by Nicolas Surribas | Site wapiti.sourceforge.net

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.

Changes: Added more payloads for code execution. 5 new module updates. Additions to cross site scripting and SQL injection attacks. Various other updates.
tags | tool, web, scanner, vulnerability
systems | unix
MD5 | 4a1a74b4a8cdcd5b15cbc7292a17fb9c
I2P 0.9.49
Posted Feb 22, 2021
Authored by welterde | Site i2p2.de

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

Changes: Various updates.
tags | tool
systems | unix
MD5 | e73af4977c8caaec92130ddad04cb465
Faraday 3.14.1
Posted Feb 19, 2021
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added forgot password, update services by bulk_create, and FARADAY_DISABLE_LOGS variable to disable logs to filesystem. Various other additions and modifications.
tags | tool, rootkit
systems | unix
MD5 | e7438256b759cf939fd9c1c06d671b67
OpenSSL Toolkit 1.1.1j
Posted Feb 17, 2021
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fixed a NULL pointer deref in the X509_issuer_and_serial_hash() function. Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING padding mode to correctly check for rollback attacks. Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate functions. Fixed SRP_Calc_client_key so that it runs in constant time.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2021-23840, CVE-2021-23841
MD5 | cccaa064ed860a2b4d1303811bf5c682
TOR Virtual Network Tunneling Tool 0.4.5.6
Posted Feb 16, 2021
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This release series introduces significant improvements in relay IPv6 address discovery, a new "MetricsPort" mechanism for relay operators to measure performance, LTTng support, build system improvements to help when using Tor as a static library, and significant bugfixes related to Windows relay performance. It also includes numerous smaller features and bugfixes.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 22a04ef62c714b7d9d8928ebe238e4c4
Recon Informer 1.3
Posted Feb 16, 2021
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.

Changes: Added -t flag to process packets from specific inbound IP address of interest. Added timestamp for detection results in console output window. Couple of bug fixes.
tags | tool
systems | linux, windows, unix
MD5 | 143d9d98889ba812fb5ecda85828e081
AIDE 0.17.3
Posted Feb 11, 2021
Authored by Rami Lehti | Site aide.github.io

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

Changes: Fixed group usage in --after config line.
tags | tool, intrusion detection
systems | unix
MD5 | b642b5da44e827da57ae24b3670e4b33
AIDE 0.17.2
Posted Feb 8, 2021
Authored by Rami Lehti | Site aide.github.io

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

Changes: Fixed null pointer dereference in db_close(). Fixed out-of-bounds read of attributes array.
tags | tool, intrusion detection
systems | unix
MD5 | 7b79cd5cf3fde3d4ca75a9b19ca39de7
TOR Virtual Network Tunneling Tool 0.4.4.7
Posted Feb 4, 2021
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.4.4.7 backports numerous bugfixes from later releases, including one that made v3 onion services more susceptible to denial-of-service attacks, and a feature that makes some kinds of DoS attacks harder to perform.
tags | tool, remote, local, peer2peer
systems | unix
MD5 | 6ea60eb939ab3633a682a81fb46dd37f
Clam AntiVirus Toolkit 0.103.1
Posted Feb 4, 2021
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Patch release with various fixes and improvements. Added CL_TYPE_TIFF, CL_TYPE_JPEG types to match GIF, PNG typing behavior. Added a new scan option to alert on broken media (graphics) file formats.
tags | tool, virus
systems | unix
MD5 | f895e9a261937ed91f5cb3ead4791555
Mandos Encrypted File System Unattended Reboot Utility 1.8.14
Posted Feb 3, 2021
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Created /dev/fd symlink if necessary in plugin-runner and mandos-client.
tags | tool, remote, root
systems | linux, unix
MD5 | c8120978ea9929e12fc3a174e9657162
SQLMAP - Automatic SQL Injection Tool 1.5.2
Posted Feb 2, 2021
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Minor release with no notes in the changelog.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 78c920583fa0ecc1970cdd57b22c5d8c
Wireshark Analyzer 3.4.3
Posted Feb 1, 2021
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Changes: Many bug fixes have been applied including two fixes for vulnerabilities.
tags | tool, sniffer, protocol
systems | windows, unix
advisories | CVE-2021-22173, CVE-2021-22174
MD5 | 7988932a5e3930fa6035b8f8b584f0d8
AIDE 0.17.1
Posted Feb 1, 2021
Authored by Rami Lehti | Site aide.github.io

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

Changes: Fixed typos in log messages and aide.conf man page. Fixed a messaging error and removed a leftover include.
tags | tool, intrusion detection
systems | unix
MD5 | 9b342a313d3b0e7a610868be32becc72
Page 1 of 355
Back12345Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    30 Files
  • 4
    Mar 4th
    13 Files
  • 5
    Mar 5th
    9 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close