I figured this was applicable here :-)
Find these news live from http://www.security-database.com/toolswatch/
[+] Nessus version 4.0 released
Nessus is the world's most popular vulnerability scanner used in over
75,000 organizations world-wide. Many of the world's largest
organizations are realizing significant cost savings by using Nessus to
audit business-critical enterprise devices and applications.
[+] Lynis updated to v1.2.6
Lynis is an auditing tool for Unix (specialists). It scans the system
and available software, to detect security issues. Beside security
related information it will also scan for general system information,
installed packages and configuration mistakes.
[+] Ophcrack updated to v3.2.1
Ophcrack is a Windows password cracker based on rainbow tables. It is a
very efficient implementation of rainbow tables done by the inventors of
the method. It comes with a GTK+ Graphical User Interface and runs on
Windows, Mac OS X (Intel CPU) as well as on Linux.
[+] Autoscan v1.42 now supports OSX
AutoScan-Network is a network discovering and managing application. No
configuration is required to scan your network. The main goal is to
print the list of connected equipments in your network
[+] OAT Office Communication Server Tool Assessment released
OAT is a free VoIP security assessment tool designed to test the
security configuration of Microsoft OCS SIP infrastructures, for
deployment/implementation issues. It's the first OCS SIP validation tool
written in windows. OAT is the first security assessment tool for Office
Communication Server 2007 (Including R2)
[+] winAUTOPWN v1.7.0 released
The aim of creating winAUTOPWN is not to compete with already existing
commercial frameworks like Core Impact (Pro), Immunity Canvas,
Metasploit Framework (freeware), etc. which offer autohacks, but to
create a free, quick, standalone application which is easy to use and
doesn't require a lot of support of other dependencies. Also not
forgetting that winAUTOPWN unlike other frameworks maintains the
original exploit writer's source code intact just as it was and uses it.
This way the exploit writer's credit and originality is maintained. The
source is modified only when required to enable a missing feature or to
remove hard-coded limitations.
Under these circumstances also, the exploit writers credits remain
[+] AutoNessus v1.3.0 supports OpenVAS
AutoNessus automates regular Nessus scans and provides delta reporting.
The goal is to reduce the analysis time for subsequent scans of the same
infrastructure by only reporting delta findings.
[+] VisualRoute v13.1a available
VisualRoute is a free IP tracer analyzes network connectivity,
identifies IP address locations. It analyzes your Internet connection to
determine precisely where and how data traffic is flowing, identifying
where any bottlenecks occur. A trace report details the performance of
each portion of the connection route, including any dropped data packets
and network latency, along with the IP address, node name and network
[+] Scanners and utilities to detect Conficker worm
Conficker, also known as Downup, Downadup and Kido, is a computer worm
that surfaced in October 2008 and targets the Microsoft Windows
operating system. The worm exploits a previously patched vulnerability
in the Windows Server service used by Windows 2000, Windows XP, Windows
Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and
Windows Server 2008 R2 Beta. The worm has been unusually difficult for
network operators and law enforcement to counter because of its combined
use of advanced malware techniques.
[+] Sara vulnerability scanner updated to v7.8.4
The Security Auditor's Research Assistant (SARA) is a third generation
network security analysis tool that is:
- Operates under Unix, Linux, MAC OS/X or Windows (through coLinux) OS'.
- Integrates the National Vulnerability Database (NVD).
- Performs SQL injection tests.
- Performs exhaustive XSS tests
- Can adapt to many firewalled environments.
- Support remote self scan and API facilities.
- Used for CIS benchmark initiatives
- Plug-in facility for third party apps
- CVE standards support
- Enterprise search module
- Standalone or daemon mode
- Free-use open SATAN oriented license
- Updated twice a month (we try)
- User extension support - Based on the SATAN model
(I am not Nabil, I'm just reposting his post to the list)