The PacketFence development team has published version 3.2.0 of its open source network access control (NAC) system. PacketFence allows organisations to increase control over their network by enforcing authentication and registration for newly connected devices. It also enables abnormal network activity detection and the isolation of troublesome devices.


New features in 3.2.0
OpenVAS Vulnerability Assessment integration for client-side policy compliance
Bandwidth violations based on RADIUS accounting information
Billing engine integration for allowing the use of a payment gateway to gain network access.
PacketFence 3.2.0 fix Reflected Cross-site scripting (XSS) in Web Admin printing system. Further information about the update, including a full list of changes, can be found 


Download Here

Hardanger is an open source web application penetration testing platform. The project aims to bridge the gap between the current open source web application testing tools commonly used in Linux environments and bring a similar open source state of the art tool to native Microsoft Windows based platforms. Hardanger aims to deliver a user-friendly experience for web application penetration testing by building these tools on top of the excellent Fiddler2 web debugger.




Features:

• Native Windows feel via Windows Presentation Foundation
• Can run as a Fiddler2 add-on or standalone
• ClickOnce installer with automatic updates (standalone version)
• Context tab allowing inspection of full HTTP requests
• Server fuzzer tab to configure and launch the server fuzzer
• Basic random fuzzer generates random strings of UTF8 characters of random lengths
• Non HTTP 200 detection engine
• Results window keeping track of successful detections
• Ability to review requests/responses in the results details window

xSQL scanner is nice SQL security audit tool which allows users to check the weak passwords and vulnerabilities on MS-SQL and MySQL database servers. This tool aims to provide a powerful security audit for MS SQL servers and MySQL servers.
Features

1. Test for weak password fast;
2. Test for wear/user passwords;
3. Wordlist option;
4. Userlist option;
5. Portscanner
6. Range IP Address audit and more.

Download for Linux


READ MORE

The Social Engineering Toolkit is a python based tool kit which focuses on attacking the human element of pentesting. It’s main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. Currently SET has two main methods of attack, one is utilizing Metasploit payloads and Java-based attacks by setting up a malicious website (which you can clone whatever one you want) that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. The goal of SET is to bring awareness to the often forgotten attack vector of social-engineering.


This release has been one of the most challenging ones thus far with the largest changelog, code rehaul, and features!  


1. Support for Windows – Tested on XP, Windows 7, and Windows Vista. Note that the Metasploit-based payloads to not work yet – when SET detects Windows they will not be shown only RATTE and SET Shell 
2. New attack vector added – QRCode Attack – Generates QRCodes that you can direct to SET and perform attacks like the credential harvester and Java Applet attacks 
3. Improved A/V avoidance on the SETShell and better performance. I’ve also fixed the non-encrypted communications when AES was not installed 
4. Added a number of improvements and enhancements to all aspects of SET including major rehauls of the coding population and moved from things like subprocess.Popen(“mv etc.”) to shutil.copyfile(“etc”) 
5. Rehauled SET Interactive Shell and RATTE to support Windows 
6. New Metasploit exploits added to SET 

Tenable network security has announced the latest verison of nessus 5.0. This latest build has introduced many new features and improvements.

Installation and management (for enhanced usability) - Nessus 5.0 simplifies the installation and configuration for non-technical users. Configuration and management: Nessus v5.0 configuration and management is now done 100% through the GUI
Scan policy creation and design (for improved effectiveness) - Users now enjoy improved effectiveness when creating scan policies. Over two dozen new pre-built plugin filters make it easy for security and compliance professionals to simplify policy creation for laser-focused scans on the areas that matter most. Users can quickly select multiple filter criteria, such as, Vulnerability Publication Date, public vulnerability database ID (OSVDB, Bugtraq, CERT Advisory, and Secunia), Plugin type (local or remote), information assurance vulnerability alert (IAVA), and more, to quickly identify easily-exploitable vulnerabilities.Scan for all easily remotely-exploitable vulnerabilities for which there is an exploit published in your favorite exploit framework.
Scan execution (for improved efficiency) - Users can take advantage of real-time scan results, on-the-fly filtering and sorting, and streamlined results navigation. A new vulnerability summary and redesigned host summary make it easy to see risk level without even running a report. As the scan is being run, not only can you see the results as they are being gathered, but navigate and filter on them as well. This allows you to easily act upon the vulnerability data while the scan is happening.
Report customization and creation (for improved communication with all parts of the organization) - New reporting features allow for improved communication of vulnerability results with all parts of the organization:Results filtering and report creation: Results filtering and report creation is more flexible than ever before. Users can apply multiple result filtering criteria, and targeted reports can be generated against the filtered results. Reports can be generated in native Nessus formats, HTML, and now PDF formats, Multiple report templates can be combined into one report.

installation guide

Download Here:

A new SQL injection tool SQLI Hunter has been released which is simpe tool to scan SQL Injection vulnerabilities in web applications. This tool use Google Dorks to search for the websites that are vulnerable to the SQL injection. This tool is also able to find admin page but the power is limited. Because tool uses a list of admin pages to search.


Download Here (Requires .NET Framework 3.5) OR
Download Portable


SOURCE


Some other SQL Injection tools:
Havij
Pangolin
bsqlhacker
SQL ninja

Arachni is a nice Web Vulnerability Scanning tool see the Video Tutorial and learn how to use this tool to know the vulnerability of a web application

Bangladeshi hackers hacked more than 20,000 Indian websites including many government websites. This mass defacement is the revenge of the Indian hacker attack in which indian hackers had hacked some Bangladeshi government websites. 


The Bangladeshi hacker group calling itself ‘Bangladesh Black HAT Hackers’ wrote on its Facebook fan page: “India hacked our 400 sites in total, we hacked 20,000 sites in total since the war started.”
Now there is a cyber war between Indian hackers and Bangladeshi hackers. But Bangladeshi hackers are seems to be more aggressive.
They have attacked on the stock exchange server which remained unaccessible for more tha 6 hours. These are some government websites

• http://apdes.ap.gov.in/BCA.html
• http://www.bsnl.co.in/
• http://www.dot.gov.in/
• http://www.incometaxindia.gov.in/
• http://indiastockexchange.org/

hackers have also leaked the data of INCOME-TAX INDIA. 

Philips Electronics website has been hacked by hackers. Hackers have posted a deface page in the website which claims the name of hackers  as - Hacked by bch195 and HaxOr . These hackers belongs to the hacker group Team INTRA. 


They have also posted a note on pastebin about this hack. They have also managed to upload the shell on the server thus took control on various philips domains.