September 28, 2016

Nmap 7 Released!

Nmap project released Nmap 7 after three years and half development. The new version of Nmap had more 100 contributors and 3,200 code commits since Nmap 6. The new version has 171 Nmap Scripting Engine (NSE) and supports fully IPv6 from host discovery to port scanning to OS detection. [Read more…]

First Beta of the Vega Vulnerability Scanner Released

The first beta of Vega, an open source tool to test the security of web applications, has been released. Vega can help find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other types of vulnerabilities. Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection and can be extended using Javascript.

The automated scanner crawls a web application, analyzing pages, looking for interesting content and injection points. Vega runs modules on the web application that test for vulnerabilities or analyze content. These modules are written in Javascript and are entirely customizable. Vega modules can generate alerts to make users aware of the findings.

The intercepting proxy is situated between a browser and the target application, intercepting all requests and responses between them. Users can view the interaction of the client with the website, intercepting and modifying requests and responses to probe and verify possible vulnerabilities. The proxy is also capable of intercepting HTTPS communications with dynamically generated man-in-the-middle certificates.

Written in Java, it runs on Linux, OS X, and Windows and can be downloaded from here.

Nmap 5.50 With Gopher Protocol Support Released‏

It has been a year since the last Nmap stable release and six months since development version (5.3DC1) of this powerful network scanner.

In this release the Nmap Scripting Engine(NSE) has been enhanced to expand up the protocol stack and take network discovery to the next level. Nmap 5.50 can now query all sorts of application protocols, including web servers, databases, DNS servers, FTP, and even Gopher servers!

This version has a brute forcing engine and supports network broadcast script in addition to two new script scanning phases known as prerule and postrule. It supports Nping with an innovative new echo mode and its developers added 636 OS fingerprints and 1,037 version detection signatures to Nmap since 5.21, bringing the totals to 2,982 and 7,319.

Nmap 5.50 source code as well as binary packages for Linux, Mac, and Windows are now available at:

http://nmap.org/download.html

More information about this release is available here.

NetBSD 5.1 Released: Highly Portable Unix-like Open Source operating system

The NetBSD development team has released NetBSD 5.1. According to NetBSD blog, NetBSD 5.1 is the first feature update of the NetBSD 5.0 release branch. It includes security and bug fixes, as well as improved hardware support and new features for this open source highly portable Unix-like operarting system.

Highlights of this version:

  • RAIDframe parity maps, which greatly improve parity rewrite times after unclean shutdown
  • X.Org updates
  • Support for many more network devices
  • Xen PAE dom0 support
  • Xen PCI pass-through support

More details are valaible at http://www.NetBSD.org/releases/formal-5/NetBSD-5.1.html.

NetBSD is a free, fast, secure, and highly portable Unix-like Open Source operating system. It is available for a wide range of platforms, from large-scale servers and powerful desktop systems to handheld and embedded devices. NetBSD is developed and supported by a large and vivid international community. Many applications are readily available through pkgsrc, the NetBSD Packages Collection.

NetBSD 5.1 is available to download here.

Source:[netbsd.org]

Update For ProFTPD FTP server

ProFTPD team released ProFRPD version 1.3.3c.The ProFTPD server is a configurable GPL-licensed FTP server software for Linux and Unix based operating systems. With reference to ProFTPD release note, the following bugs have been addressed in this version:

- Bug 3511 - SQLAuthType Backend not properly rejected by mod_sql_sqlite.
- Bug 3513 - EPERM error logged unnecessarily for SFTP logins on Linux.
- Bug 3517 - mod_quotatab decrements file tally improperly for failed DELE
  commands.
- Bug 3518 - Support SiteMiscEngine directive, for disabling mod_site_misc
  functionality via proftpd.conf.
- Bug 3519 - Inappropriate directory traversal allowed by mod_site_misc.
- Bug 3521 - Telnet IAC processing stack overflow.

This popular and secure FTP server has been used by many high traffic websites such as SourceForge, Linksys, Slackware, ibiblio.org and many more.

Blind Elephant: New Open Source Web Application Fingerprinter Tool

Qualys released a new open source web application fingerprinter tool. The Blind Elephant Web Application Fingerprinter attempts to discover the version information of a range of popular web applications and content management systems.

This tool discovers the version of Drupal, Joomla!, Liferay, Mediawiki, Moodle, MovableType, osCommerce, phpBB, phpMyAdmin, phpNuke, SPIP and WordPress and can also analyze sixteen Drupal and twenty six WordPress plug-ins.

The Blind Elephant is a Python based tool and has been released under an LGPL license.

Sourceforge Project Page: https://sourceforge.net/projects/blindelephant/
Discussion and Forums: http://www.qualys.com/blindelephant

[ad code=2 align=center]