AntiDef : Anti defacement command line tool

Defacement Protector v1.0 : AntiDef is developed by Nir Valtman,  in order to handle with defacement attacks. This tool written in Java in a fast-and-dirty manner; However is works.


How AntiDef works?
AntiDef compares two directory paths - the web application and its backup foder. Then, it performs hash (MD5 - we need performance) on each file in the folders and a final hash on all hashed files. The final hashes of the source and the destination are compared. If they are different, then defacement is found. In this case, only the defaced files are moved (by default) to pre-defined "Defaced" folder and then replaced by the backup legitimate files. Then "Defaced" folder includes the malicious files, a timestamp of the defacement and a log.

AntiDef compares the two paths above every 60 seconds, but it can be defined differently.

The full manual is described by running the tool without parameters, i.e.

java -jar AntiDef.jar

Download AntiDef

Hash Code verifier v1.1 released - Generate Hash for multiple files

Hello BTS readers, we have update our File Integrity verifying tool "Hash Code Verifier". The new version 1.1 is available to download.

Changelog:
-----------------------

• recursive directory traversal: Generate hash for all files in the given folder
•  Clear Table Bug fixed
•  Singl File comparing issue Fixed
•  Right-Click copy menu
•  null file creation fixed
•  Hide/Show Columns options
• User interface modified

Download:
http://projects.breakthesecurity.com/Download.html

Download Hash Code Verifier v1.0 : A tool to verify the File Integrity

Hello BTS Readers,
we are happy to announce that we have released our second security tool 'Hash Code Verifier'.  Hash Code Verifier is a Cross-platform application to verify the Integrity of your download files. Hash Code verifier can be very useful if you want to check if a downloaded file is original and not corrupted or modified by hackers.

In order prevent users from such problem, websites often publish MD5 or SHA hash of the file so that users can ensue that a file has not been modified by checking the file's hash value . Hash Code verifier can generate hash for a file and allow user to check with the provided hash value.


Features:

• Verify the Hash of a file
• Calculate hash for multiple files
• Compare Two files
• Simply Drag and drop files from computer into the application for generating hash.
• Supports MD5,SHA1,SHA256,SHA512 and CRC32 hash codes.
• Save the generated hash list in a text/HTML format
• Automatically generate hash when you browse or drop the files.
• Yes, it is Cross-platform(You can use this application in any Operating system)

System Requirements:
Operating System: All OS(windows xp,7, Linux,Mac,....)
Java Runtime Environment: JRE 1.6 or higher version is required.(you can get it from oracle.com)

Download:

http://projects.breakthesecurity.com/Download.html

Screenshots:

Introduction to Web Application Firewall (WAF) ~ Website Security

What is WAF?WAF is expanded as Web Application Firewall. WAF is server side application that controls the input and output(filter the HTTP communication).  It controls network traffic on any OSI Layer up to Application Layer.  The main purpose of WAF is to provide better protection over the top Wep Application vulnerability such as XSS(Cross Site Scripting), SQL Injection,RFI.  Daily lot of websites hacked because of these vulnerability.  Read Our Security News Section to know about the Security Risks in Interent.  Standard firewall blocks Non-HTTP attacks(restriction of ports,access..).  This WAF blocks HTTP attack.

The Most common Web Application Vulnerabilities:

• SQL Injection(SQLi)
• Cross-Site Scripting (XSS)
• Broken Authentication and Session Management
• Insecure Direct Object References
• Cross-Site Request Forgery (CSRF)
• Security Misconfiguration
• Insecure Cryptographic Storage
• Failure to Restrict URL Access
• Insufficient Transport Layer Protection
• Unvalidated Redirects and Forwards

The Wep Application Firewall(WAF) must meat the following features:

• Protection Against Top Vulnerability(XSS,SQLi,..etc)
• Very Few False Positives (i.e., should NEVER disallow an authorized request)
• Strength of Default (Out of the Box) Defenses
• Power and Ease of Learn Mode
• Types of Vulnerabilities it can prevent.
• Detects disclosure and unauthorized content in outbound reply messages, such as credit-card and Social Security numbers.
• Both Positive and Negative Security model support.
• Simplified and Intuitive User Interface.
• Cluster mode support.
• High Performance (milliseconds latency).
• Complete Alerting, Forensics, Reporting capabilities.
• Web Services\XML support.
• Brute Force protection.
• Ability to Active (block and log), Passive (log only) and bypass the web trafic.
• Ability to keep individual users constrained to exactly what they have seen in the current session
• Ability to be configured to prevent ANY specific problem (i.e., Emergency Patches)
• Form Factor: Software vs. Hardware (Hardware generally preferred)

Top 10 Open Source Web Application Firefwall(WAF):

1. ModSecurity (Trustwave SpiderLabs)
2. AQTRONIX WebKnight
3. ESAPI WAF
4. WebCastellum
5. BinarySec
6. Guardian@JUMPERZ.NET
7. OpenWAF
8. Ironbee
9. Profense
10. Smoothwall

How to Disable Social Networks from tracking you ? ~Privacy Tips

I hope you read the Facebook privacy risk news. Did you know that social networking sites like Facebook, Google+, and Twitter can track your visits to any web page that uses the familiar "Like", "Follow", or "+1" buttons, even if you do not actually click these buttons? Here i am going to introduce a new security tool that will take care of your privacy.

The Priv3 Firefox extension lets you remain logged in to the social networking sites you use and still browse the web, knowing that those third-party sites only learn where you go on the web when you want them to. All this happens transparently, without the need to maintain any filters. Priv3 is free to use for anyone.

How Social Networking Sites Can Track You

In order to integrate interactive features—such as buttons, comment forums, activity feeds, or recommendations—from social networking sites, authors of web content integrate HTML snippets or JavaScript code provided by the social networks into their pages.

For example, when you are logged into your Google or Facebook account and visit a movie review page on rottentomatoes.com, your browser automatically pulls in the "+1" button from Google's servers and the "Like" button from Facebook. These downloads include the session cookies your browser uses to inform Google and Facebook that you have previously logged in, and so Google and Facebook automatically learn about your personal interest in the movie page you're looking at, even if you never actually click on either of their buttons.

How Priv3 Works

Blocking simple "web bugs" or "trackers" is fairly straightforward, because doing so does not harm your web surfing experience. By contrast, completely blocking social networking features is counterproductive, because doing prevents you from actually using these features—say to leave a comment, or to "like" something—when you would like to do so.

Therefore, Priv3 does not block third-party interactions completely. Instead, it selectively suppresses the inclusion of third-party web cookies when your browser pulls in content from the social networks, but does provide them if you decide to interact with the social networking features. You still see the number of "likes" the page has accumulated on Facebook or the comments other people left using Facebook's discussion mechanism. Facebook however only learns the IP address of the computer you are using.

Should you decide to interact with the social feature, Priv3 detects any mouseclick or keystroke directed at the feature. It then reloads it with your session cookies and passes on the click or keystroke, thus revealing your identity to the social network and informing it of your desired action.

Priv3's Currently Supported Social Networking Sites

Priv3 currently understands the interactive features of the following social networks:

Facebook
Twitter
Google +1
LinkedIn

Download/Install

TrueCrypt ~ Protect your files/folders with Encrypted Passwords

Do you store your accounts id ,password or any other confidential info in plain text?  If you say yes, You must read this article.

Risks of Storing confidential data in Plain Text:

1.  Your friends or any other who has access to your pc are able to view your confidential data.  Because it is in  simple text.
2. Malwares/spywares are able to send the data file from your pc to Attackers system.  This time your data are really in risk.
3. If you have any confidential files(Eg: important company projects) without passwords , others may get access to your pc and steal the information.

So Here i am going to introduce a new Security Tools known as TrueCrypt(Best and my favorite tool).

What is TrueCrypt?

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc)

More info about TrueCrypt:

Files can be copied to and from a mounted TrueCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations).

Files are automatically being decrypted on the fly (in memory/RAM) while they are being read or copied from an encrypted TrueCrypt volume. Similarly, files that are being written or copied to the TrueCrypt volume are automatically being encrypted on the fly (right before they are written to the disk) in RAM.

Note that this does not mean that the whole file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements for TrueCrypt.

Let's suppose that there is an .avi video file stored on a TrueCrypt volume (therefore, the video file is entirely encrypted). The user provides the correct password (and/or keyfile) and mounts (opens) the TrueCrypt volume. When the user double clicks the icon of the video file, the operating system launches the application associated with the file type – typically a media player. The media player then begins loading a small initial portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, TrueCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading another small portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) and the process repeats. This process is called on-the-fly encryption/decryption and it works for all file types (not only for video files).

Note that TrueCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume will be dismounted and files stored in it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), files stored in the volume are inaccessible (and encrypted). To make them accessible again, you have to mount the volume (and provide the correct password and/or keyfile).

Main Features:

• Creates a virtual encrypted disk within a file and mounts it as a real disk.
• Encrypts an entire partition or storage device such as USB flash drive or hard drive.
• Encrypts a partition or drive where Windows is installed (pre-boot authentication).
• Encryption is automatic, real-time (on-the-fly) and transparent.
• Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
• Encryption can be hardware-accelerated on modern processors.
• Provides plausible deniability, in case an adversary forces you to reveal the password:  Hidden volume (steganography) and hidden operating system. 

INSECT Pro 2.7 ~ Penetration security auditing and testing Tool

INSECT Pro 2.7 - This penetration security auditing and testing software solution is designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities and implement active security policies by performing penetration tests across their infrastructure and applications.

INSECT can help to build a strong security posture that is easy to use so both professional penetration testers and less experienced security pros will have all the tools they need to reduce costs, proactively find vulnerabilities, assess risk, and check the effectiveness of security defenses.

 This is a partial list of the major changes implented in version 2.7

• Available targets now has a submenu under right-click button
• Check update function added in order to verify current version
• Project saved on userland - Application Data special folder
• 50 Remote exploits added
• AgentConnect now use telnetlib

Supported Platforms and Installations
– Windows XP, 2003, Vista, 2008 Server, and Windows 7 (requires Python and .NET)


Download From Here


Video Demo Here:

ERPScan WEBXML Checker- Security Testing for SAP J2EE applications

ERPScan WEBXML checker is a freeware tool that is intended for checking security configuration of SAP J2EE applications by scanning a WEB.XML file . It is intended to checking WEB.XML files for different vulnerabilities and missconfigurations like Verb Tampering, Invoker servlet bypass and other missconfigurations. Detailed information about that vulnerabilities can be found in whitepaper “Architecture and program vulnerabilities in SAP’s J2EE engine” presented at BlackHat conference.

Snort v 2.9.1~Network intrusion prevention and detection system (IDS/IPS)

Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS. 

It is  capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

Download it From Here:
http://www.snort.org/

WebSurgery v6.0 ~security testing for web applications

WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and stable Web Crawler, File/Dir Brute forcer, Fuzzer for advanced exploitation of known and unusual vulnerabilities such as SQL Injections, Cross site scripting (XSS), Brute force for login forms, identification of firewall-filtered rules, DOS Attacks and WEB Proxy to analyze, intercept and manipulate the traffic between your browser and the target web application.

Screenshot fo Tool:

WEB Crawler
WEB Crawler was designed to be fast, accurate, stable, completely parametrable and the use of advanced techniques to extract links from Javascript and HTML Tags. It works with parametrable timing settings (Timeout, Threading, Max Data Size, Retries) and a number of rules parameters to prevent infinitive loops and pointless scanning (Case Sensitive, Dir Depth, Process Above/Below, Submit Forms, Fetch Indexes/Sitemaps, Max Requests per File/Script Parameters). It is also possible to apply custom headers (user agent, cookies etc) and Include/Exclude Filters. WEB Crawler come with an embedded File/Dir Brute Forcer which helps to directly brute force for files/dirs in the directories found from crawling.

WEB Bruteforcer
WEB Bruteforcer is a brute forcer for files and directories within the web application which helps to identify the hidden structure. It is also multi-threaded and completely parametrable for timing settings (Timeout, Threading, Max Data Size, Retries) and rules (Headers, Base Dir, Brute force Dirs/Files, Recursive, File’s Extension, Send GET/HEAD, Follow Redirects, Process Cookies and List generator configuration).
By default, it will brute force from root / base dir recursively for both files and directories. It sends both HEAD and GET requests when it needs it (HEAD to identify if the file/dir exists and then GET to retrieve the full response).

WEB Fuzzer
WEB Fuzzer is a more advanced tool to create a number of requests based on one initial request. Fuzzer has no limits and can be used to exploit known vulnerabilities such (blind) SQL Inections and more unsual ways such identifing improper input handling, firewall/filtering rules, DOS Attacks.

WEB Editor
A simple WEB Editor to send individual requests. It also contains a HEX Editor for more advanced requests.

WEB Proxy
WEB Proxy is a proxy server running locally and will allow you to analyze, intercept and manipulate HTTP/HTTPS requests coming from your browser or other application which support proxies.

Download Setup from Here
Download Portable Version from Here

What is Aircrack-ng? WEP and WPA-PSK Cracking Tool

What is Aircrack-ng?
          Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks. 

pyDetective- An Open Source Forensics Software

pyDetective is New Open source Forensics Software tool developed by Mr. Filip Szymanski. It is  used for computer crime investigations. It consists of two tools namely del2info & carver

PDF Unlocker - PDF Password Removal and Unlocker Tool

 

What is PDFUnlocker?

PDFUnlocker is free software that remove the passwords from the password protected PDF.  If you forget the password of your PDF file or you are forensic engineer, this tool will be very useful to remove the protection of the PDF .

ArpON (Arp handler inspectiON) v2.7-Security Softwares

What is ArpOn?
ArpON (Arp handler inspectiON) is a portable handler daemon that make ARP secure in order to avoid the Man In The Middle through ARP Spoofing/Poisoning. Detects/blocks the DNS, WEB Spoofing, Session Hijacking, SSL/TLS Hijacking & co attacks.

This is possible using three kinds of anti ARP Spoofing tecniques: the first is based on SARPI or "Static ARP Inspection" in statically configured networks without DHCP; the second on DARPI or "Dynamic ARP Inspection" in dynamically configured networks having DHCP; the third on HARPI or "Hybrid ARP Inspection" in "hybrid" networks, that is in statically and dynamically (DHCP) configured networks together.

APKinspector: Static Analyser of Android Malware

What is APKinspector?

is an android Security Software. This tool is for analysing the Android malware samples manually. They use PyQT as the framework of the prototype for the APKinspector. Because PyQT provides a complete interface to QT applications and python can interact with androguard easily.

Features

How to detect Firesheep- Blacksheep Mozilla Addon(AntiFiresheep)

I hope you read this article about How to Hack Facebook Using Firesheep in WI-FI?.
This blog is mainly concerned with Computer and Network Security, right?. So Let us see how to detect how to detect the Firesheep usage.

Who is the blacksheep?

meeeh...meeh...Hey don't worry, I am not going to post about that sheep.
What is Blacksheep?
Blacksheep is Mozila addon detects whether intruder is stealing your Session using the firesheep. A Mozilla Add on against the Firesheep, we can call it as AntiFiresheep.

Introducing a new Task Manager for analysing process

Do you know what programs are processing in your pc?  You use Default task manager for seeing the list of Process.  In Default task manage it just show only the list of process and memory usage.   You may not know which one is system process,malware program,application program.  Some advanced users can analyze himself what process are going on.  He can end the process by right clicking on the process.  But this will stop the program at the moment only.  When he restart the system or after sometime,the process may continue.

To analyze the system program, detect the malware and stop the program i am going to introduce a new software "Security Windows Manager".

Become a spy using Sniperspy remote software

Friends, you may eager to know what is lover or spouse or children doing in internet. In this post i will introduce about sniperspy remote spy software. It allows to monitor the remote system. The special about this software is that no physical contact is needed to install the spy software.

How to use the Axcrypt for encryption?

In my last i gave you details about Axcrypt.  In this post i am going to guide you how to encrypt the file using Axcrypt software.

Download the Axcrypt from here:

 http://space.dl.sourceforge.net/project/axcrypt/AxCrypt/1.6.4.4/AxCrypt-Setup.exe

If the above link is not working then try this:

 http://downloads.sourceforge.net/axcrypt/AxCrypt-Setup.exe?Download

Axcrypt Software-an encrypting software tool

Hi friends now you know about encryptions right ? if you don't know about encryption ,please read this article
Introduction to cryptography
Now you know the importance of encryption.  If you like to protect your documents using encryption, then here is the tool for you.  This is open source software.  So no need to worry about the key,it is completely free.

Features of Axcrypt :

The following are features that re