SecurityFocus BUGTRAQ Mailing List: BugTraqLink Number One Link Number One Link Number Two Link Number Two Link Number One Link Number One Link Number Two Link Number Two Entire Site Advisories Calendar Columnists Elsewhere Guest Feature Infocus Library Links Mailing Lists (all) -- BUGTRAQ -- FOCUS-IDS -- FOCUS-IH -- FOCUS-LINUX -- FOCUS-MS -- FOCUS-SUN -- FOCUS-VIRUS -- FORENSICS -- INCIDENTS -- PEN-TEST -- SEC JOBS -- SF NEWS -- VULN-DEV News Products Services Tools Vulns BUGTRAQ ARCHIVE [ Message Index ] [ Thread Index ][ Reply ] [ prev Msg by Date ][ next Msg by Date ] To: BugTraq Subject: New Tool: MetaCoretex (DB Security Scanner) Date: Oct 2 2003 1:46PM Author: visigoth Message-ID: <20031002064651.A23539@niobi.securitycentric.com> Greetings all! I am pleased to announce the initial public release of a toy I have been working on for a little while now... MetaCoretex is an OpenSource, JAVA based, database capable security scanner with a kewl set of features. We have a bunch of spiffy probes already which are capable of doing fun things to databases. Check out the site for a list/discription of the currently available probes... I'll let the README speak for itself: -------------=============< MetaCoretex >=============------------- 1. About 2. Contents 3. Using 4. Building 5. Greets =================================================================== 1. About what: MetaCoretex is an entirely JAVA vulnerability scanning framework which puts special emphasis on databases. Probe objects are written in JAVA by means of an easy to extend AbstractProbe class. Additionally, probe generators make the process of writting simple probes almost automagic. who: visigoth - features: - JDBC - All JDBC type 4 drivers are accessable, making MetaCoretex a very strong platform for creating database scanning probes. Many probes are capable of determining things like version without having to be aware of the underlying database type. - KB - Per target knowlege-base which probes can use to share information. Most importantly, the KB can not only store string types, but is fully capable of storing references to Objects. For example, a MySQL database probe which forms a connection to a DB can then put the successful connection object into the KB for other probes to use the ACTUAL connection later! - Probe Options - The API includes the ability for each probe to specify the configuration options available to users. This means that probes which require user input do not require updates to the UI to support that input. - Threaded - Of course it is. - XML Configs - All scan configuration options may be saved in XML scan configuration files to be loaded again later. This includes all options specified and set by probes using the addOption() method. - XML Reports - Reports are saved into XML formats which have simple to use, publicly available schema for development of custom report tools. Reports may, of course, be loaded back into the interface for reading. - Platform Independance - Write once, debug everywhere... - 0 Install - MetaCoretex requires no installation or other hastles other than a modern JVM. For that reason, it can be run from CD, or easily loaded on any box with JAVA. - Probe Generator - For many types of commonly developed probes, a probe creation wizard is capable of generating custom JAVA source which users can compile into loadable modules. MetaCoretex uses the sun javac classes if available to compile user generated probes. - XML Updates - A fully automated system manages probes in the CVS repository and publishes them via SSH to the XML update server for your updating pleasure. Any new probes checked into the CVS tree will be compiled and distributed in a matter of hours. Additionally, updates to the engine can be received by the same means. - Probe Submission Wizard - If you craft a probe, and would like to submit it, just use the wizard to post it via HTTPS for consideration! why: Fundamentally it is a result of the combination of my frustration with current assessment tools and lack of balancing forces in my life ;). =================================================================== 2. Contents =================================================================== 3. Usage =================================================================== 4. Building =================================================================== 5. Greets Siitaa - The love of my life Fhqwagads - gengis et. al. Phatix - Must.. Ping.. Pong.. Sovran Crew - recondo,grynja,disco-stu.. Digital Revelation - ALL YOUR BOX ARE BELONG TO US el8 - love from the enemy 5.1 - Phux0rz SCO - wtf are you thinking?!?! =================================================================== Thanks for reading this far ;) -visigoth -- "Omnis tuus capsa sunt inesse nos" -------------------------------------------------- Ever wanted to... read registry entries remotely?..as LocalSystem? ...from linux? portscan a system?..from itself?..to the loopback?..to another? bruteforce passwds?..using the target system's CPU? MetaCoretex - Finally, an open DB Security Scanner! www.metacoretex.com -------------------------------------------------- Security Centric Labs www.securitycentric.com -------------------------------------------------- Want to link to this message? Use this URL: Disclaimer, Terms & Conditions About this List Featured Lists: ARIS Users bugtraq bugtraq-es bugtraq-french NEW bugtraq-jp firewalls focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics forensics-es honeypots incidents libnet pen-test secevents secpapers secprog sectools secureshell security-basics security-management NEW securityjobs vpn vuln-dev webappsec Newsletters: sf-news ms-secnews linux-secnews [ more . . . ] Privacy Statement Copyright © 1999-2003 SecurityFocus