Seeker

Seeker is a powerful web application vulnerability scanning tool that uses a ground breaking technology, BRITE™ (Behavioral Runtime Intelligent Testing Engine) that enables comprehensive searches for application vulnerabilities.

After identifying vulnerabilities it automatically exploits them and reports the results in a video.

Seeker comprises unmatched innovative technologies that generate zero false positives and enables tests of complex applications within several minutes.

Seeker assimilates seamlessly into the application environment while it learns the application behavior from the inside, Identifying problematic code that no other existing tool can find.

Seeker is intuitive and automated; it does not demand technological or security knowledge more than at the beginner level, thus providing a strong and robust secure solution for QA and development teams at all levels.

Seeker gives its operator visibility regarding the routes followed by the tested application, and is able to track code flow through synchronous and asynchronous tiers and components in distributed architectures.

Seeker homepage

Article on TechCrunch

skipfish

A fully automated, active web application security reconnaissance tool. Key features:

  • High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
  • Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
  • Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

The post announing the tool:

http://googleonlinesecurity.blogspot.com/2010/03/meet-skipfish-our-automated-web.html

The project page at google code:

http://code.google.com/p/skipfish/

Skipfish documentation:

http://code.google.com/p/skipfish/wiki/SkipfishDoc

The tool is written by lcamtuf, who joined google a few years ago. 🙂

Tagged with:
 

SHODAN – the computer search engine

SOHDAN is a computer search engine in the sense that it lets you search for computers/servers/routers by strings in the default banners spitted on the following currently supported ports:

  • HTTP 80
  • SSH 22
  • FTP 21
  • TELNET 23

A couple of basic filters have been implemented:

  • “port:” –  narrow search by port
  • “country:” – narrow searches by country
  • “hostname:” – match for specific strings in hostnames
  • “net:” –  narrow searches to specific ips or subnets
  • “os:” – narrow searches to specific operating systems

Put in basic words it is an immense database of ready scanned hosts for you to … oh well, you know what to do. 😉

The annoying thing is that you have to login to view more then one page of results or to use the net: filter, but i am sure that achillean had strong enough reasons to do that. Nonetheless the SHODAN is a great new type of search engine.

A couple of example searches:

Of course you can expand on those and create more specific searches, that’s where the power of SHODAN relies, actually knowing what you are searching for and being specific about it.

Here is a brief intro from Shmoocon on what you can or cannot do with SHODAN:

Random Key Generator Online

Here you will find a variety of random keys that can be used for passwords, encryption keys, etc. – all randomly generated, just for you! Simply refresh this page for a completly new set of keys.

randomkeygen.com

HTML Playground



Htmlplayground.com is a neat online tool that gives you the ability to test and play with your html/css skills as well as improve them. If you don’t have anything to improve( 🙂 ) then it is a great tool to accompany you in the learning process along with the w3c resources.

Tagged with:
 

The best online compiler

An AIO web tool for angry geeks:

ideone.com

What ideone can do:

  • Online pastebin
  • Syntax highlighting
  • Online compiler with output and debugging
  • Supports most programming languages you might be interested in(40 in numbers)

All in all it is a great tool to have under your belt.

If you are a ferocious hacker then you can give a try at hacking the sandbox that runs the compiled code and own the server. 😆

FreeRapid Downloader

freerapid_logo

A great tool, let me tell ya! It is a download manager for Rapidshare, MegaUpload, DepositFiles, Letibit.net plus another 2 dozens of file sharing services.

It handles your links, waiting times and captcha files. It has a small captcha recognizer algorithm but for most of the “captcha enabled” services it will just pop a small box with the captcha and a textbox for you to input the captcha code. It is coded in Java thus works on Windows, Linux, Mac OSX. So all you have to do is copy your links in the clipboard(if you enable clipboard monitoring, if not the copy and paste in the app) and FreeRapid will handle the rest.

Why do i call it a great tool? Well because it’s free and it works and it is actively supported and maintained and of course because it makes the task of downloading 10+ links of Rapidshare(a tiny ex.) without a paid account a much easier bargain and less of a nightmare if you have the time, because this is no hack tool and it won’t cut you the waiting time or stuff like that(unless you have a list of proxies that works with file sharing services and gracefully provide them to FreeRapid). So if you are patient your files will be downloaded, even faster then you could manually because with this tool you don’t lose even a second of downloading time since the waiting time after your last finished download expired.

To sum it up…A GREAT TOOL! Big Five for the team behind it and keep up the good work. o/

Head on to the homepage for more info: FreeRapid Downloader

Tagged with: