Category Archives: Reviews

strongSwan

strongSwan is an OpenSource IPsec implementation for the Linux operating system. It is based on the discontinued FreeS/WAN project and the X.509 patch which we developped over the last three years. In order to have a stable IPsec platform to base our future extensions of the X.509 capability on, we decided to lauch the strongSwan… Read More »

Wapiti – Web application vulnerability scanner

Wapiti allows you to audit the security of your web applications. It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer,… Read More »

SQLBrute – Blind SQL Injection

SQLBrute is a tool for brute forcing data out of databases using blind SQL injection vulnerabilities. It supports time based and error based exploit types on Microsoft SQL Server, and error based exploit on Oracle. It is written in Python, uses multi-threading, and doesn´t require non-standard libraries.

fwknop – Single Packet Authorization

fwknop stands for the FireWall KNock OPerator, and implements an authorization scheme called Single Packet Authorization (SPA) that based around Netfilter and libpcap.

Burp – Suite for attacking web applications

Burp suite is an integrated platform for attacking web applications. It contains all of the burp tools (proxy, spider, intruder and repeater) with numerous interfaces between them designed to facilitate and speed up the process of attacking a web application. All plugins share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging,… Read More »

Pirana SMTP Content Exploitation Framework

Email has become an essential service for most people – who doesn´t own an email address today? With time, it seemed obvious that numerous threats would come to light and propagate through this communication channel.

Fiaif

FIAIF is an Intelligent Firewall. It provides a highly customizable script for setting up an iptables-based firewall. Configuration is done through one configuration file for each network to which the firewall is connected. FIAIF supports masquerading, port forwarding, traffic shaping, and more.

HTTP AntiVirus proxy

HTTP AntiVirus proxy is a proxy with an anti-virus filter. It does not cache or filter content. At the moment the complete traffic is scanned. The reason for this is the chance of malicious code in nearly every filetype e.g. HTML (JavaScript) or Jpeg. The anti-virus engine use Clamav (GPL antivirus).

BeEF – Browser Exploitation Framework

BeEF is the browser exploitation framework. Its purposes in life is to provide an easily integratable framework to demonstrate the impact of browser and cross-site scripting issues in real-time. The modular structure has focused on making module development a trivial process with the intelligence existing within BeEF.