Crunch – Password Cracking Wordlist Generator

Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations.
Download link.
Features
* Crunch generates wordlists in both combination and permutation ways
* It can breakup output by number of lines or file size
* Now has resume support
* Pattern now supports number and symbols
* Pattern now supports upper and lower case characters separately
* Adds a status report when generating multiple files

Pentbox - cool ruby tool for pentesting

Pentbox is a Security Tool Suite that packs security and stability testing oriented tools for networks and systems. It is programmed in Ruby and oriented to GNU/Linux systems, but compatible with Windows, MacOS and every systems where Ruby works. It is free, licensed under GNU/GPLv3. It can be used for port scanning, hash password cracker, implementing dos attack. 
These are the tools covered in Pentbox:-

- Cryptography tools
Base64 Encoder & Decoder
Multi-Digest (MD5, SHA1, SHA256, SHA384, SHA512, RIPEMD-160)
Hash Password Cracker (MD5, SHA1, SHA256, SHA384, SHA512, RIPEMD-160)
Secure Password Generator

New Windows (working in XP/Vista/7) zero-day flaw bypasses UAC [privilege escalation exploit]

A new privilege escalation exploit has been unraveled. To execute the attack, just download a file & execute the file poc.exe. Your non-administrator user account will be promoted to administrator. See the picture.

Sites providing anonymous email services!

Anonymous email sites are a matter of controversy today. Some people take it as medium of treachery whereas others treat it as a useful utility.
The ethical point in using anonymous email sites is you can re-frame from the use of email sites in a public pc where there is a risk  email/ password theft.
Here are some anonymous email sites, try them & discover what they are capable of.
http://www.anonymailer.net/ ->Is one of the most trusted anonymous email service that send anonymous email every day over hundreds of free anonymous emails are sent from this website,  You can use whatever e-mail address you like as a reply address of from address.Do not require registration.

SHODAN - Vulnerability Scanner search engine.

SHODAN is a search engine that can be used as a vulnerability scanner. It  finds specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners.

Open Source Digital Forensics tools collection.

This site initially started by Brian Carrier is now maintained by a team of volunteers, contains a large repository of open source digital forensics tools, papers, images and procedures on digital forensics. If your favourite open source tool is not listed on this site, you can submit it to get added to the list.

Katana Tool Kit: Portable Applications

 The Katana Tool Kit is the ultimate toolkit as it comes preconfigured with over a hundred portable applications.Install it any flash drive (>4Gb) and you can try your hands on many utility/security software. Portable applications are those which do not require installation on a system to be executed. They can be run directly from an external device allowing you to bring all your favorite applications around with you on one drive.

Learn Ruby & Rail through browser!

 Learn Ruby in a user friendly environment through the TryRuby site which provides browser based interface for Ruby learners. No programming experience is required. Rails for Zombies is a series of browser based Ruby on Rails tutorials for beginners that assumes some knowledge of Ruby. This is a quick way to get started learning either Ruby or Ruby on Rails.

Application Layer DDoS Simulator - ddosim v0.2

ddosim is a tool to simulate a distributed denial of service (DDOS) attack against a target server. The objective is to analyze the  immunity of the server to handle application specific DDOS attacks. It simulates several zombie hosts (having random IP addresses) which create full TCP connections to the target server. After completing the connection, ddosim starts the conversation with the listening application (e.g. HTTP server).

XSSer v1.0 – Cross Site Scripter Framework!

XSSer is another arsenal in your open source penetration testing tool set.  It automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.
 It created for Ubuntu/Debian based systems. XSSer package for Archlinux can be found in the AUR. More info here

Stuxnet - The standard malware, if not unusually sophisticated!

Symantec has issued a dossier on Stuxnet depicting ins-outs of the malware, who were the targets & what was the objective.
According to Symantec, Stuxnet targets specific frequency converter drives ( only frequency drives from two companies that are running at high speeds – between 807Hz and 1210Hz.) — power supplies that are used to control the speed of a device, such as a motor. The malware intercepts commands sent to the drives from the Siemens SCADA software, and replaces them with malicious commands to control the speed of a device, varying it wildly, but intermittently.

Mozilla Firefox 3.6.12 Remote Denial Of Service - Dated 2010-11-12

New vulnerability has been exposed in the  updated version of the Mozilla Firefox browser by the people behind BackTrack Live pentesting operating system. This OS is most preferred among security professionals.

FIRESHEEP - new cookie sniffing hack!

Firefox users now have a new & easier point & click tool to sniff others cookies. It's somewhat easier to implement than sidejacking. Firesheep created a frenzy in social network & email users communities some days ago.

Bugmenot.com -- Bypass registration!

While surfing the net, the inevitable process of registration & the confirming the email might render you bored & jaded. Here is an easy way to avoid it. Enter the url -> http://www.bugmenot.com/ & search the site for used logins for the site you want to surf.

Sending SMS to a mobile no. at a scheduled time (only for India)!

In case you want to send a SMS to a person at a given time (in India) than try this site http://sms7.in. The service is particularly useful when you may be busy at the point of time you want to send the SMS to recipient. Like in case you want to send a "Happy Birthday!" message to a friend at 12'oclock at night but you decided to sleep before 12. At such cases, this site comes at your rescue.

Access internet through email!

At times when your internet connection is slow or you have access to email & no access to the internet from ISP. Still you can access web sites through your email.
The http://www.web2pdfconvert.com/ comes handy. It's a useful site which converts your requested page to pdf & mails back.
So to use the service simple send a mail to submit@web2pdfconvert.com with the body

. The site will send you back the pdf of the page within minutes.