lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: visigoth at securitycentric.com (visigoth)
Subject: New Tool: MetaCoretex (DB Security Scanner)

Greetings all!  I am pleased to announce the initial public release of a
toy I have been working on for a little while now...  

MetaCoretex is an OpenSource, JAVA based, database capable security scanner
with a kewl set of features.  We have a bunch of spiffy probes already which
are capable of doing fun things to databases.  Check out the site for a 
list/discription of the currently available probes...

I'll let the README speak for itself:


-------------=============< MetaCoretex >=============-------------

1. About
2. Contents <snip>
3. Using <snip>
4. Building <snip>
5. Greets

===================================================================
1. About

what:
MetaCoretex is an entirely JAVA vulnerability scanning framework which
puts special emphasis on databases.  Probe objects are written in JAVA
by means of an easy to extend AbstractProbe class.  Additionally, probe
generators make the process of writting simple probes almost automagic.

who:
visigoth - <visigoth@...uritycentric.com>

features:

- JDBC - All JDBC type 4 drivers are accessable, making MetaCoretex a
very strong platform for creating database scanning probes.  Many
probes are capable of determining things like version without having
to be aware of the underlying database type.

- KB - Per target knowlege-base which probes can use to share information.
Most importantly, the KB can not only store string types, but is
fully capable of storing references to Objects.  For example, a 
MySQL database probe which forms a connection to a DB can then put
the successful connection object into the KB for other probes to use
the ACTUAL connection later!

- Probe Options - The API includes the ability for each probe to specify
the configuration options available to users.  This means that probes
which require user input do not require updates to the UI to support that
input.

- Threaded - Of course it is.

- XML Configs - All scan configuration options may be saved in XML scan
configuration files to be loaded again later.  This includes all options
specified and set by probes using the addOption() method.

- XML Reports - Reports are saved into XML formats which have simple to
use, publicly available schema for development of custom report tools.
Reports may, of course, be loaded back into the interface for reading.

- Platform Independance - Write once, debug everywhere...

- 0 Install - MetaCoretex requires no installation or other hastles other
than a modern JVM.  For that reason, it can be run from CD, or easily
loaded on any box with JAVA.

- Probe Generator - For many types of commonly developed probes, a
probe creation wizard is capable of generating custom JAVA source
which users can compile into loadable modules.  MetaCoretex uses
the sun javac classes if available to compile user generated probes.

- XML Updates - A fully automated system manages probes in the CVS
repository and publishes them via SSH to the XML update server
for your updating pleasure.  Any new probes checked into the CVS
tree will be compiled and distributed in a matter of hours.
Additionally, updates to the engine can be received by the same means.

- Probe Submission Wizard - If you craft a probe, and would like to
submit it, just use the wizard to post it via HTTPS for consideration!

why: 
Fundamentally it is a result of the combination of my frustration with 
current assessment tools and lack of balancing forces in my life ;).

===================================================================
2. Contents

<snip>

===================================================================
3. Usage

<snip>

===================================================================
4. Building

<snip>

===================================================================
5. Greets

Siitaa - The love of my life
Fhqwagads - gengis et. al.
Phatix - Must.. Ping.. Pong.. 
Sovran Crew - recondo,grynja,disco-stu.. 
Digital Revelation - ALL YOUR BOX ARE BELONG TO US
el8 - love from the enemy

5.1 - Phux0rz

SCO - wtf are you thinking?!?!

===================================================================


Thanks for reading this far ;)

-visigoth

-- 

"Omnis tuus capsa sunt inesse nos"
--------------------------------------------------
Ever wanted to...

read registry entries remotely?..as LocalSystem? ...from linux?
portscan a system?..from itself?..to the loopback?..to another?
bruteforce passwds?..using the target system's CPU?

MetaCoretex - Finally, an open DB Security Scanner!

www.metacoretex.com
--------------------------------------------------
Security Centric Labs
www.securitycentric.com
--------------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ