I have created a new Nmap script that attempts to determine valid Oracle instance names by guessing names from a dictionary against the TNS-listener. It’s available, together with my other scripts, from the nmap scripts page.
I just finished a patch against Romain Raboin’s HTTP Digest authentication patch for John the Ripper. Romain’s patch is also included in the jumbo patch available from the John the Ripper main page. The patch I made is very small and simply checks if the Quality of Protection (qop) parameter was supplied in the input or not. If it’s not it makes the appropriate changes so that the response is computed per the simpler RFC 2069 standard instead.
I have just posted a new tool to the website called krbpwguess. It does exactly what the name suggests, guesses passwords against the Kerberos service. Visit the krbpwguess web page for more information.
I have released a new tool that can be used to verify password quality against several database engines. Make sure to check it out here.