Oct 032008
 

VoIP Hopper is a free opensource security tool for Linux/Unix that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches. VoIP Hopper mimicks the behavior of an IP Phone, in both Cisco and Avaya IP Phone environments to hope into the Voice VLAN.  VoIP Hopper is both a VLAN Hop test tool and a tool to test VoIP infrastructure security.

Continue reading »

Sep 082008
 

Sudo which is su “do” allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments.sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. The real and effective uid and gid are set to match those of the target user as specified in the passwd file and the group vector is initialized based on the group file.

Continue reading »

Jul 162008
 


iwlist command in Linux is used to extract more detailed information from a Wireless Network interface which may not be available from running the iwconfig command. This includes detailed information on available Wireless networks, Frequencies supported, power management support, Encryption key sizes supported, WPA keys configured on the device etc.

The general syntax is

Continue reading »

Jul 102008
 


Ratproxy is an opensource semi-automated, largely passive web application security audit tool from the search giant Google. It is meant to complement active crawlers and manual proxies more commonly used for this task, and is optimized specifically for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.

Continue reading »

Jul 102008
 


OWASP WebScarab is a framework for analysing HTTP and HTTPS applications. Written in Java, WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.

Continue reading »