Free Security Tools by iSEC Partners

Free Security Tools by iSEC Partners Today I discovered an impressive collection of security tools developed and offered for free by iSEC Partners and because I really appreciate any open source effort, I thought at least I could present them.

There are four categories :

Since the topic of this blog is more application security, I will detail the Application Tools:

  • Forensic Fuzzing Tools
    This is a collection of scripts that can be used to generate fuzzed files, fuzzed file systems, and file systems containing fuzzed files. These can be used to test the robustness of forensics tools and examination systems.
  • SAMLPummel
    SAML Pummel is a BeanShell plug-in for WebScarab. It automates eight different injection attacks to assist in auditing the implementation of SAML 2.0 single sign-on systems.
  • Jailbreak
    Jailbreak is a tool for exporting certificates marked as non-exportable from the Windows certificate store. This can help when you need to extract certificates for backup or testing. You must have full access to the private key on the filesystem in order for jailbreak to work.
  • ProxMon
    ProxMon is an extensible Python based framework that reduces testing effort, improves consistency and reduces errors. Its use requires limited additional effort as it processes the proxy logs that you’re already generating and reports discovered issues. In addition to penetration testing, ProxMon is useful in QA, developer testing and regression testing scenarios.
  • CyberVillainsCA
    The CyberVillainsCA is a small Java library for on-the-fly generation, duplication and substitution of X.509 certificates. It is intended for use in building or extending security testing tools, for example, WebScarab (example included).
  • File Fuzzers
    These tools are useful for testing any program which processes binary file inputs such as archivers and image file viewers.
  • Windows IPC Fuzzing Tools
    This is a collection of tools used to attack applications that use Windows Interprocess Communication mechanisms. This package includes tools to intercept and fuzz named pipes, as well as a shared memory section fuzzer.
  • WSMap
    WSMap is a Python-based tool that helps penetration testers find web service endpoints and discovery files.

    • Parses WebScarab logs to find testing targets
    • Tests URLs and implies URLs found in log
    • Tests for WSDL and DISCO web service discovery formats

  • WSBang
    WSBang is a Python-based tool used to perform automated security testing of SOAP based web services.

    • Takes URL of WSDL as input
    • Fuzzes all methods and parameters in the service
    • Identifies all methods and parameters, including complex parameters
    • Fuzzes parameters based on type specified in WSDL
    • Reports SOAP responses and faults
  •  SecureCookies
    SecureCookies is a tool to evaluate whether a given URL is utilizing the security options in the cookie.
  • Event Log Zap (Elzap)
    Event Log Zap (Elzap) is a tool that deletes individual events in the Windows Event Log. It can list records of the three default logs, including the Security, System, and Application logs, and then remove records without any interruption to the system. 
  •  

      As said, these tools are released for free and I’m sure that iSEC Partners will more than happy for any feedback you could provide.

    BONUS : I’m very eager to test the "soon to be released" SecurityQA Toolbar, a great testing product for web application security presented as a browser toolbar !



    Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback. Print This Post Print This Post


    Subscribe without commenting


    Leave a Reply

    Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

    CommentLuv badge