Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on
a web application that uses Microsoft SQL Server as its back-end.
Its main goal is to provide a remote shell on the vulnerable DB server,
even in a very hostile environment. It should be used by penetration
testers to help and automate the process of taking over a DB Server when
a SQL Injection vulnerability has been discovered.
Steghide is a steganography tool which is able to hide data in "container
files" and to extract this data again. If you do not know what steganography is
take a look at Neil F. Johnson's paper about steganography at
http://www.jjtc.com/Steganography/
Steghide is designed to be portable and configurable and features hiding data
in bmp, wav and au files, blowfish encryption, MD5 hashing of passphrases to
blowfish keys and pseudo-random distribution of hidden bits ("stego bits") in
the container data.
Stoken is an open source tokencode generator compatible with RSA SecurID 128-bit
(AES) tokens. It is a hobbyist project, not affiliated with or endorsed by RSA
Security.
SWATCH - The Simple WATCHer and filter
Swatch is designed to monitor system activity. Swatch
requires a configuration file which contains pattern(s) to
look for and action(s) to do when each pattern is found.
tpm-tools package provides a basic TPM management suite.
Provide a fast way to delete entries from OpenSSH's known_hosts
file. This is a simple automation of the things normally done by
the user when having an "offending key" in his/her known_hosts file
caused by a changing host key of the destination.
Vinetto extracts the thumbnails and associated metadata from the Thumbs.db
files.
The Windows systems (98, ME, 2000, XP and 2003 Server) can store thumbnails
and metadata of the picture files contained in the directories of its FAT32
or NTFS filesystems.
The thumbnails and associated metadata are stored in Thumbs.db files.
The Thumbs.db files are undocumented OLE structured files.
Once a picture file has been deleted from the filesystem, the related thumbnail
and associated metada remain stored in the Thumbs.db file. So, the data
contained in those Thumbs.db files are an helpful source of information
for the forensics investigator.
Wapiti allows you to audit the security of your web applications.
It performs "black-box" scans, i.e. it does not study the source code of
the application but will scans the webpages of the deployed webapp,
looking for scripts and forms where it can inject data.
Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to
see if a script is vulnerable.
Wipe is a file and block device wiping utility.
Yersinia is a layer 2 vulnerability scanner with support for the
following protocols:
Cisco Discovery Protocol (CDP)
Dynamic Host Configuration Protocol (DHCP)
Dynamic Trunking Protocol (DTP)
Hot Standby Router Protocol (HSRP)
IEEE 802.1q
Spanning Tree Protocol (STP, RSTP)
Virtual Trunking Protocol (VTP)