Penetration Testing

 
Created in an attempt to have an organized directory strictly related to the penetration testing business, here's the project! Always looking for contributions in terms of submitting links and categories, feedback, and anything that may help the project grow into a useful resource. Don't miss our Blog for any particular tips and tricks and feel free to add yours to our Blogs category!
 
  Penetration testing / Latest Links
Search: 
Security-Database IT Watch
Security-Database provides realtimes IT threat watch based upon security standards (CVE, OVAL, CPE, CVSS, CWE, DPE..). In addition, we provide also Auditing and Vulnerability Management services.
http://www.security-database.com
PorkBind Nameserver Security Scanner
PorkBind is a multi-threaded nameserver scanner that can recursively query nameservers of subdomains for version strings. (i.e. sub.host.dom’s nameservers then host.dom’s nameservers) After acquiring the version strings it tests them against version numbers from CERT advisories and reports back to the user. Zone transfer capability is also tested for
http://www.security-database.com/toolswatch/PorkBind-1-2-Yet-another-Cache-DNS.html
IndianZ Webplace
Lots of tools, links and information about security, hacking and penetration testing.
http://www.indianz.ch/
System of Systems
The official blog of Security Objectives Corporation. It includes posts about dynamic binary analysis, exploits, the nature of the security industry, and more..
http://systemofsystems.wordpress.com
EnableSecurity
EnableSecurity is dedicated to providing high quality Information Security Consultancy, Research and Development. EnableSecurity works on developing custom targeted security solutions, as well as working with existing off the shelf security tools to provide the best results for their customers. EnableSecurity does Penetration Test and Application Security Assessment.
http://enablesecurity.com
Firewall leak tester
This website, on one hand, enables you to test your software personal firewall thanks to different test programs ('leaktests'), and on the other hand, shows a global vulnerabilities view of the most common personal firewalls in a summary page. Firewall Leak Tester provides also documentation and advices to improve your security dramatically
http://www.firewallleaktester.com/
Defeating Windows Personal Firewalls
Microsoft Windows provides a variety of methods by which security software can perform network. traffic filtering and other security-related tasks.
http://www.thehackademy.net/madchat/windoz/win32inc/defeating_windows_personal_firewalls.pdf
Bypassing Windows Personal FW’s
Great Phrack article on techniques used to bypass Windows Personal Firewall software, worth reading!
http://www.phrack.org/issues.html?issue=62&id=13
History and Advances in Windows Shellcode
The part for: Uploading file with debug.exe and VBS is interesting for Personal Firewalls.
http://www.phrack.org/issues.html?id=7&issue=62
SIP Forum Test Framework (SFTF)
The SIP Forum Test Framework (SFTF) was created to allow SIP device vendors to test their devices for common errors. And as a result of these tests improve the interoperability of the devices on the market in general. The SFTF was created by the SIP Forum Technical working Group, and is maintained here on the SIP Foundry website because the SIP Foundry has the appropriate development and other infrastructure required to properly distribute this open source project.
http://www.sipfoundry.org/sip-forum-test-framework/sip-forum-test-framework-sftf.html
Sip-Proxy
Acts as a proxy between a VoIP UserAgent and a VoIP PBX. Exchanged SIP messages pass through the application and can be recorded, manipulated, or fuzzed.
http://sourceforge.net/projects/sipproxy
PROTOS SIP Fuzzer
A java tool that sends a set of malformed SIP messages designed by the University of OULU in Finland
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
PROTOS H.323 Fuzzer
A java tool that sends a set of malformed H.323 messages designed by the University of OULU in Finland.
http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/h2250v4/index.html#download
Mu Security VoIP Fuzzing Platform
Fuzzing platform handling SIP, H.323 and MGCP protocols.
http://www.musecurity.com/products/protocol_usecase.html#voip
Interstate Fuzzer
VoIP Fuzzer
http://testlab.ics.uci.edu/interstate/
Fuzzy Packet
Fuzzy packet is a tool to manipulate messages through the injection, capturing, receiving or sending of packets generated over a network. Can fuzz RTP and includes built-in ARP poisoner
http://libresource.inria.fr/projects/VoIP_Security/fuzzypacket
Codenomicon VoIP Fuzzers
Commercial versions of the free PROTOS toolset
http://www.codenomicon.com/products/telecommunications/
Asteroid
This is a set of malformed SIP methods (INVITE, CANCEL, BYE, etc.) that can be crafted to send to any phone or proxy
http://www.infiltrated.net/asteroid/
SIPsak
SIP swiss army knife.
http://sipsak.org/
SIPp
SIPp is a free Open Source test tool / traffic generator for the SIP protocol.
http://sipp.sourceforge.net/


AddThis Social Bookmark Button    Digg!