WebScarab-NG is a complete rewrite of the old WebScarab application, with a special focus on making the application more user-friendly. To this end, WebScarab-NG makes use of the Spring Rich Client Platform to provide the user interface features. By using the Spring Rich Client Platform, WebScarab-NG automatically gains things like default buttons, keyboard shortcuts, support for internationalisation, etc.

Another new feature is that session information is now written into a database, rather than into hundreds or thousands of individual files. This makes disk space utilisation and things like archiving of sessions a lot easier.

Ultimately, WebScarab-NG will have all the significant functionality that the old WebScarab had, although it will be reorganised quite significantly, in order to make the application more user friendly.

Download: https://code.google.com/p/webscarab-ng/downloads/list

Cain & Abel v4.9.37 released

- Added TCP/UDP Large Send Offloading status detection on Windows Vista/Seven.
- Better handling of APR-SSL MitM threads.
- Fixed a problem with APR in Windows7 causing attacker's machine to be isolated from poisoned hosts.
- Speed improvement in Credential Manager Password Decoder for x64 operating systems.

Get it here: http://www.oxid.it/cain.html

With this tip you will be able to work from home using VPN and that too from Linux / FreeBSD system for the proprietary Microsoft Point-to-Point vpn server.

Different organization uses different VPN connection options such as SSL, PPTP or IPSEC. When you need to access corporate network and its services, you need to login using VPN.

The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. It works on Data link layer (#2 layer) on TCP/IP model. Personally I prefer IPSEC. PPTP Client is a Linux, FreeBSD, NetBSD and OpenBSD client for the proprietary Microsoft Point-to-Point Tunneling Protocol, PPTP. Allows connection to a PPTP based Virtual Private Network (VPN) as used by employers and some cable and ADSL internet service providers.

But many originations use PPTP because it is easy to use and works with Windows, Mac OS X, Linux/*BSD and other handled devices......

Link >>>

http://www.cyberciti.biz/tips/howto-configure-ubuntu-fedora-linux-pptp-client.html

This is CPython, the standard Python implementation, compiled from C to JavaScript using Emscripten, running in your browser (without any plugins).

* Most core language stuff should work, except for importing non-static modules (in other words, import sys will work, but other modules won't).
* Please report bugs if you find them!
* Tested on Firefox 4 and Chrome 10.
* The editor is Skywriter.

LINK: http://syntensity.com/static/python.html

Comparison & Assessment of 43 Free & Open Source Black Box Web Application Vulnerability Scanners

Introduction
I’ve been collecting them for years, trying to get my hands on anything that was released within the genre. It started as a necessity, transformed into a hobby, and eventually turned into a relatively huge collection… But that’s when the problems started.
While back in 2005 I could barely find freeware web application scanners, by 2008 I had SO MANY of them that I couldn’t decide which ones to use. By 2010 the collection became so big that I came to the realization that I HAVE to choose.
I started searching for benchmarks in the field, but at the time, only located benchmarks the focused on comparing commercial web application scanners (with the exception of one benchmark that also covered 3 open source web application scanners), leaving the freeware & open source scanners in an uncharted territory

The benchmark information and various reports: http://sectooladdict.blogspot.com/

The framework for assessing vulnerability scanners was implanted in JEE, and is hosted in the following address: http://code.google.com/p/wavsep/

Bruter is a parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication.It currently (1.1) supports following services:FTP, HTTP, IMAP, MSSQL, MySQL, POP3, PgSQL, SIP, SMB, SMTP, SNMP, SSH2, Telnet, VNC, Web-Form

Changelog (since 1.0):
- Added protocols: PgSQL, SIP
- Auto detect "Max Attempt/Connection" when set it to -1
- Add "Password First" option (see documentation for more detail)
- Load/Save Setting also load/save service options
- Load/Save Setting also load/save state if program is testing (Save state)
- Added "wait for each try" option (to be able to slow down brute forcing)
- Display "found valid credential" message in message tab
- Fixed application sometimes crashs when using "Stop"
- Fixed maximum text length of message tab to unlimited
- Fixed HTTP library does not handle response code 100 correctly
- Fixed miscellaneous bugs
- Updated libssh2 binary to 1.2.6
- Updated openssl library to 1.0.0c
- Documentaion updates

Download: http://sourceforge.net/projects/worawita/files/

Search engines index a huge number of web pages and other resources. Hackers can use these engines to make anonymous attacks, find easy victims, and gain the knowledge necessary to mount a powerful attack against a network. Search engines are dangerous largely because users are careless. Further, search engines can help hackers avoid identification. Search engines make discovering candidate machines almost effortless. Listed here are a few common hacks performed with http://www.google.com (which is our favorite search engine, but you can use one of your own choosing if you'd like, assuming it supports all the same features as Google).

To find unprotected /admin, /password, /mail directories and their content, search for the following keywords in http://www.google.com:

"Index of /admin"

"Index of /password"

"Index of /mail"

"Index of /" +banques +filetype:xls (for France)

"Index of /" +passwd

"Index of /" password.txt

To find password hint applications that are set up poorly, type the following in http://www.google.com (many of these enumerate users, give hints for passwords, or mail account passwords to an e-mail address you specify!):

password hint

password hint -email

show password hint -email

filetype:htaccess user

To find IIS/Apache web servers with FrontPage installed, type the following in http://www.google.com (run the encrypted password files through a password cracker and get access in minutes!):

administrators.pwd index

authors.pwd index

service.pwd index

allinurl:_vti_bin shtml.exe

To find the MRTG traffic analysis page for websites, type the following in http://www.google.com:

inurl:mrtg

To get access to unprotected global.asa(x) files or to get juicy .NET information, type the following in http://www.google.com:

filetype:config web (finds web.config)

global.asax index (finds global.asax or global.asa)

To find improperly configured Outlook Web Access (OWA) servers, type the following in http://www.google.com:

inurl:exchange inurl:finduser inurl:root

Be creative, the possibilities are endless.

Tip For hundreds of (categorized!) examples like these, check out the Google Hacking Database (GHDB) at http://johnny.ihackstuff.com/index.php?module=prodreviews.