Results for "Author: marc ruef"

The acronym ATK stands for Attack Tool Kit. It was first developed to provide a very small and handy tool for Windows to realize simple security checks. But more and more the utility grows and allows in the meanwhile to do full security audits as like other vulnerability scanners are able to do (e.g. Nessus or ISS Internet Scanner). But this is not the main goal of the tool. The primary task is to allow small and fast checks for dedicated vulnerabilities. The special thing about ATK is that the tool is able to do the work without great interaction. But there is also always the possibility to vary and change the behaviour of the software. This concern the plugins, checking, enumeration and reporting. The user is not dependent of the ideas of the developers - If needed because of the modularity nearly every change can be done within a few seconds. ATK is absolutely free to use and distribute. The software is written in Visual Basic and underlies the General Public License (GPL). The official project web site can be found at http://www.computec.ch/projekte/atk/

The acronym ATK stands for Attack Tool Kit. It was first developed to provide a very small and handy tool for Windows to realize simple security checks. But more and more the utility grows and allows in the meanwhile to do full security audits as like other vulnerability scanners are able to do (e.g. Nessus or ISS Internet Scanner). But this is not the main goal of the tool. The primary task is to allow small and fast checks for dedicated vulnerabilities. The special thing about ATK is that the tool is able to do the work without great interaction. But there is also always the possibility to vary and change the behaviour of the software. This concern the plugins, checking, enumeration and reporting. The user is not dependent of the ideas of the developers - If needed because of the modularity nearly every change can be done within a few seconds. ATK is absolutely free to use and distribute. The software is written in Visual Basic and underlies the General Public License (GPL). The official project web site can be found at http://www.computec.ch/projekte/atk/

The acronym ATK stands for Attack Tool Kit. It was first developed to provide a very small and handy tool for Windows to realize simple security checks. But more and more the utility grows and allows in the meanwhile to do full security audits as like other vulnerability scanners are able to do (e.g. Nessus or ISS Internet Scanner). But this is not the main goal of the tool. The primary task is to allow small and fast checks for dedicated vulnerabilities. The special thing about ATK is that the tool is able to do the work without great interaction. But there is also always the possibility to vary and change the behaviour of the software. This concern the plugins, checking, enumeration and reporting. The user is not dependent of the ideas of the developers - If needed because of the modularity nearly every change can be done within a few seconds. ATK is absolutely free to use and distribute. The software is written in Visual Basic and underlies the General Public License (GPL). The official project web site can be found at http://www.computec.ch/projekte/atk/

The Attack Tool Kit (ATK) is an open-source security scanner and exploiting framework for Microsoft Windows. In ATK 4.the most improvements and enhancements has been invested in the reporting engine. The generation of html, text and Nessus nsr reports is now possible. Furthermore more than 340 ATK plugins are available and the Nessus NASL plugin handling has been re-introduced.

The Attack Tool Kit (ATK) is an open-source utility to realize vulnerability checks and enhance security audits. The most important changes in ATK 3.0 are the introduction of a dedicated exploiting routine and the Plugin AutoUpdate (over HTTP).

The Attack Tool Kit (ATK) is an open-source utility to realize vulnerability checks and enhance security audits. The most important changes in ATK 3.0 are the introduction of a dedicated exploiting routine and the Plugin AutoUpdate (over HTTP).

The Attack Tool Kit (ATK) is an open-source security scanner and exploiting framework for Microsoft Windows. In ATK 4.the most improvements and enhancements has been invested in the reporting engine. The generation of html, text and Nessus nsr reports is now possible. Furthermore more than 340 ATK plugins are available and the Nessus NASL plugin handling has been re-introduced.

The acronym ATK stands for Attack Tool Kit. It was first developed to provide a very small and handy tool for Windows to realize simple security checks. But more and more the utility grows and allows in the meanwhile to do full security audits as like other vulnerability scanners are able to do (e.g. Nessus or ISS Internet Scanner). But this is not the main goal of the tool. The primary task is to allow small and fast checks for dedicated vulnerabilities. The special thing about ATK is that the tool is able to do the work without great interaction. But there is also always the possibility to vary and change the behaviour of the software. This concern the plugins, checking, enumeration and reporting. The user is not dependent of the ideas of the developers - If needed because of the modularity nearly every change can be done within a few seconds. ATK is absolutely free to use and distribute. The software is written in Visual Basic and underlies the General Public License (GPL). The official project web site can be found at http://www.computec.ch/projekte/atk/

The acronym ATK stands for Attack Tool Kit. It was first developed to provide a very small and handy tool for Windows to realize simple security checks. But more and more the utility grows and allows in the meanwhile to do full security audits as like other vulnerability scanners are able to do (e.g. Nessus or ISS Internet Scanner). But this is not the main goal of the tool. The primary task is to allow small and fast checks for dedicated vulnerabilities. The special thing about ATK is that the tool is able to do the work without great interaction. But there is also always the possibility to vary and change the behaviour of the software. This concern the plugins, checking, enumeration and reporting. The user is not dependent of the ideas of the developers - If needed because of the modularity nearly every change can be done within a few seconds. ATK is absolutely free to use and distribute. The software is written in Visual Basic and underlies the General Public License (GPL). The official project web site can be found at http://www.computec.ch/projekte/atk/

The acronym ATK stands for Attack Tool Kit. It was first developed to provide a very small and handy tool for Windows to realize simple security checks. But more and more the utility grows and allows in the meanwhile to do full security audits as like other vulnerability scanners are able to do (e.g. Nessus or ISS Internet Scanner). But this is not the main goal of the tool. The primary task is to allow small and fast checks for dedicated vulnerabilities. The special thing about ATK is that the tool is able to do the work without great interaction. But there is also always the possibility to vary and change the behaviour of the software. This concern the plugins, checking, enumeration and reporting. The user is not dependent of the ideas of the developers - If needed because of the modularity nearly every change can be done within a few seconds. ATK is absolutely free to use and distribute. The software is written in Visual Basic and underlies the General Public License (GPL). The official project web site can be found at http://www.computec.ch/projekte/atk/

httprecon provides the possibility of advanced web server fingerprinting: http://www.computec.ch/projekte/httprecon/ Besides the well-known enumeration of http response status codes and header-ordering several other fingerprinting mechanisms were introduced. For example the capitalization of header lines, the use of spaces and the structure of ETag values (e.g. length and quotes). There are nine test cases in which the behavior of the target service is mapped. These are: - legitimate GET request for an existing resource - very long GET request (>1024 bytes in URI) - common GET request for a non-existing resource - common HEAD request for an existing resource - allowed method enumeration with OPTIONS - usually not permitted http method DELETE - not defined http method TEST - non-existing protocol version HTTP/9.8 - GET request including attack patterns (e.g. ../ and %%) This increases the amount of fingerprints to distinguish the given implementation. Thus, the accuracy of the fingerprinting series is very high. Theoretically httprecon 1.x is able to generate approx. 198 fingerprint atoms per full scan run (usually between 80 and 120 are given). More details and a documentation is available on the project web site. New fingerprints can be saved within the local data base. A simple flat file structure is used which introduces the possibility of manual editing and verification. There is also the possibility to suggest new fingerprints for the official repositories. Scans and the results can be exported to an XHTML 1.0 report. Other formats (TXT, CVS, XML, Word) are planned. The current software release is written in VB6 for win32 and provided under the General Public License (GPL). Ports to other platforms (a Linux command line edition is under developement) will come. The fingerprint data base is also available on the project web site which allows the creation of statistical analysis for surveys (e.g. most common is this kind of content-type in default installation of Apache 1.2.34). This implementation is a kind of proof-of-concept within a bigger picture: It shall be the foundation for a framework which is able to identify different services (e.g. smtp, ftp, telnet, ssh, oracle-tns, ...). The long-term goal is the developement of a very fast an reliable vulnerability scanner which combines this approach with the plugin and exploiting technique known by solutions like Nessus or ATK... Feel free to test and use the application. A appriciate new fingerprints of course. Upload them via the built-in save & submit function. Bug reports and feature requests can be sent via email to me directly. Thank you.

httprecon provides the possibility of advanced web server fingerprinting: http://www.computec.ch/projekte/httprecon/ Besides the well-known enumeration of http response status codes and header-ordering several other fingerprinting mechanisms were introduced. For example the capitalization of header lines, the use of spaces and the structure of ETag values (e.g. length and quotes). There are nine test cases in which the behavior of the target service is mapped. These are: - legitimate GET request for an existing resource - very long GET request (>1024 bytes in URI) - common GET request for a non-existing resource - common HEAD request for an existing resource - allowed method enumeration with OPTIONS - usually not permitted http method DELETE - not defined http method TEST - non-existing protocol version HTTP/9.8 - GET request including attack patterns (e.g. ../ and %%) This increases the amount of fingerprints to distinguish the given implementation. Thus, the accuracy of the fingerprinting series is very high. Theoretically httprecon 1.x is able to generate approx. 198 fingerprint atoms per full scan run (usually between 80 and 120 are given). More details and a documentation is available on the project web site. New fingerprints can be saved within the local data base. A simple flat file structure is used which introduces the possibility of manual editing and verification. There is also the possibility to suggest new fingerprints for the official repositories. Scans and the results can be exported to an XHTML 1.0 report. Other formats (TXT, CVS, XML, Word) are planned. The current software release is written in VB6 for win32 and provided under the General Public License (GPL). Ports to other platforms (a Linux command line edition is under developement) will come. The fingerprint data base is also available on the project web site which allows the creation of statistical analysis for surveys (e.g. most common is this kind of content-type in default installation of Apache 1.2.34). This implementation is a kind of proof-of-concept within a bigger picture: It shall be the foundation for a framework which is able to identify different services (e.g. smtp, ftp, telnet, ssh, oracle-tns, ...). The long-term goal is the developement of a very fast an reliable vulnerability scanner which combines this approach with the plugin and exploiting technique known by solutions like Nessus or ATK... Feel free to test and use the application. A appriciate new fingerprints of course. Upload them via the built-in save & submit function. Bug reports and feature requests can be sent via email to me directly. Thank you.

The acronym ATK stands for Attack Tool Kit. It was first developed to provide a very small and handy tool for Windows to realize simple security checks. But more and more the utility grows and allows in the meanwhile to do full security audits as like other vulnerability scanners are able to do (e.g. Nessus or ISS Internet Scanner). But this is not the main goal of the tool. The primary task is to allow small and fast checks for dedicated vulnerabilities. The special thing about ATK is that the tool is able to do the work without great interaction. But there is also always the possibility to vary and change the behaviour of the software. This concern the plugins, checking, enumeration and reporting. The user is not dependent of the ideas of the developers - If needed because of the modularity nearly every change can be done within a few seconds. ATK is absolutely free to use and distribute. The software is written in Visual Basic and underlies the General Public License (GPL). The official project web site can be found at http://www.computec.ch/projekte/atk/

The acronym ATK stands for Attack Tool Kit. It was first developed to provide a very small and handy tool for Windows to realize simple security checks. But more and more the utility grows and allows in the meanwhile to do full security audits as like other vulnerability scanners are able to do (e.g. Nessus or ISS Internet Scanner). But this is not the main goal of the tool. The primary task is to allow small and fast checks for dedicated vulnerabilities. The special thing about ATK is that the tool is able to do the work without great interaction. But there is also always the possibility to vary and change the behaviour of the software. This concern the plugins, checking, enumeration and reporting. The user is not dependent of the ideas of the developers - If needed because of the modularity nearly every change can be done within a few seconds. ATK is absolutely free to use and distribute. The software is written in Visual Basic and underlies the General Public License (GPL). The official project web site can be found at http://www.computec.ch/projekte/atk/

The acronym ATK stands for Attack Tool Kit. It was first developed to provide a very small and handy tool for Windows to realize simple security checks. But more and more the utility grows and allows in the meanwhile to do full security audits as like other vulnerability scanners are able to do (e.g. Nessus or ISS Internet Scanner). But this is not the main goal of the tool. The primary task is to allow small and fast checks for dedicated vulnerabilities. The special thing about ATK is that the tool is able to do the work without great interaction. But there is also always the possibility to vary and change the behaviour of the software. This concern the plugins, checking, enumeration and reporting. The user is not dependent of the ideas of the developers - If needed because of the modularity nearly every change can be done within a few seconds. ATK is absolutely free to use and distribute. The software is written in Visual Basic and underlies the General Public License (GPL). The official project web site can be found at http://www.computec.ch/projekte/atk/

The Attack Tool Kit (ATK) is an open-source security scanner and exploiting framework for Microsoft Windows. In ATK 4.the most improvements and enhancements has been invested in the reporting engine. The generation of html, text and Nessus nsr reports is now possible. Furthermore more than 340 ATK plugins are available and the Nessus NASL plugin handling has been re-introduced.

The Attack Tool Kit (ATK) is an open-source utility to realize vulnerability checks and enhance security audits. The most important changes in ATK 3.0 are the introduction of a dedicated exploiting routine and the Plugin AutoUpdate (over HTTP).

The acronym ATK stands for Attack Tool Kit. It was first developed to provide a very small and handy tool for Windows to realize simple security checks. But more and more the utility grows and allows in the meanwhile to do full security audits as like other vulnerability scanners are able to do (e.g. Nessus or ISS Internet Scanner). But this is not the main goal of the tool. The primary task is to allow small and fast checks for dedicated vulnerabilities. The special thing about ATK is that the tool is able to do the work without great interaction. But there is also always the possibility to vary and change the behaviour of the software. This concern the plugins, checking, enumeration and reporting. The user is not dependent of the ideas of the developers - If needed because of the modularity nearly every change can be done within a few seconds. ATK is absolutely free to use and distribute. The software is written in Visual Basic and underlies the General Public License (GPL). The official project web site can be found at http://www.computec.ch/projekte/atk/

The acronym ATK stands for Attack Tool Kit. It was first developed to provide a very small and handy tool for Windows to realize simple security checks. But more and more the utility grows and allows in the meanwhile to do full security audits as like other vulnerability scanners are able to do (e.g. Nessus or ISS Internet Scanner). But this is not the main goal of the tool. The primary task is to allow small and fast checks for dedicated vulnerabilities. The special thing about ATK is that the tool is able to do the work without great interaction. But there is also always the possibility to vary and change the behaviour of the software. This concern the plugins, checking, enumeration and reporting. The user is not dependent of the ideas of the developers - If needed because of the modularity nearly every change can be done within a few seconds. ATK is absolutely free to use and distribute. The software is written in Visual Basic and underlies the General Public License (GPL). The official project web site can be found at http://www.computec.ch/projekte/atk/

The acronym ATK stands for Attack Tool Kit. It was first developed to provide a very small and handy tool for Windows to realize simple security checks. But more and more the utility grows and allows in the meanwhile to do full security audits as like other vulnerability scanners are able to do (e.g. Nessus or ISS Internet Scanner). But this is not the main goal of the tool. The primary task is to allow small and fast checks for dedicated vulnerabilities. The special thing about ATK is that the tool is able to do the work without great interaction. But there is also always the possibility to vary and change the behaviour of the software. This concern the plugins, checking, enumeration and reporting. The user is not dependent of the ideas of the developers - If needed because of the modularity nearly every change can be done within a few seconds. ATK is absolutely free to use and distribute. The software is written in Visual Basic and underlies the General Public License (GPL). The official project web site can be found at http://www.computec.ch/projekte/atk/