November 1st, 2014

SEAT Version 0.3 and Backtrack 4

It is with great excitement that we bring you the latest version of SEAT!. SEAT (Search Engine Assessment Tool) is the next generation information digging application geared toward the needs of security professionals. SEAT uses information stored in search engine databases, cache repositories, and other public resources to scan web sites for potential vulnerabilities. Version 0.3 includes the much needed Search Engine XML signature update, several performance enhancements, and the fix for the dreaded GUI “segmentation error”.

You can download the latest version of SEAT here. Detailed documentation is available in documentation.pdf. Also, if you are a big fan of Backtrack like me, you can get SEAT preinstalled with the upcoming final release of Backtrack 4.

SEAT v.0.3

wicrawl at 2600

For those that will be around at the local sf2600 meeting tonight, I’ll be giving a short presentation on wicrawl and giving a demo. I’ll also hand it out compiled into the latest BackTrack Security LiveCD with some of our new stickers. Hope to see you there — bring your wireless gear, :)

Random tools

Here are a couple random security related tools that have been updated in the not-too-distant past:

Nmap 4.0(.1)According to Fyodor, 4.0 is faster, more accurate, more memory efficient, uses raw ethernet frames instead of raw sockets (important for windows), run-time interaction (for progress), and a much larger application version fingerprint database. On a related note, here is a paper from Fyodor on version detection.

John the Ripper 1.7According to Solar Designer, 1.7 offers primarily performance improvements that come in the form of better algorithms, better idle priority scheduling (so that it has limits the impact on running processes), better parallelism, and better optimized code that supports new hardware features. He thinks it’s the first program to cross the 1M crypts per second on a general-purpose CPU. This reminds me, if you’re not using Solar’s pam_passwdqc as a required pam module for your systems, you should, it’s pretty good.

Raw wireless utils — I mentioned these releases from during shmoocon previously, but didn’t get a chance to link them. rfakeap, rglueap, rcovert are tools for creating scads of fake access points, snaring unsuspecting windows users, and creating a covert communication channel over raw 802.11 frames (largely ignored by current IDS systems). Good stuff.

BackTrack Beta

The first beta of BackTrack is finally out. This is the first release of the union of the security LiveCDs Whax and Auditor. It has lots of great features including a kernel that includes all of the latest wireless driver patches, pen-testing tools, exploit databases, etc. It looks like the site is pretty hammered right now — if anyone has a .torrent, post it here.

Update: the site seems to be up again, and downloads can be found here. Still no word on a .torrent though.

Update2: Eliot from the ever-awesome posted a comment with a link to a BackTrack .iso .torrent. Turns out he’s the one crushing the BackTrack site, =). Thanks for the link, =)

Debian Security Packages Project

While I should be working on wicrawl, I instead kicked off the start of a Debian Security Packaging project by creating a few of the packages, and creating an apt repository for them. If you want to use the apt source, you can add the following to your /etc/apt/sources.list file, and do an ‘apt-get update’:

deb etch main contrib non-free

Please feel free to give me feedback on the current list of packages, or if you know of something you think is worth spending the time to package.

irpet sourceforge page

I put up a project page on SourceForge for IRpet. Hopefully it will help drive some google juice, and it’s a good way to manage downloads and bugs, etc. I have a couple hundred downloads so far (before putting it on SF), but only one support request, =). Hopefully there are a few people who find it useful. If not, it was still fun to create.

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS