Software Testing Tools Blog – Testertools

Security expert and author of Live Hacking: The Ultimate Guide to Hacking Techniques & Countermeasures for Ethical Hackers & IT Security Experts, Dr. Ali Jahangiri, has released a Linux distribution designed for ethical computer hacking.

The updated Live CD contains the tools and utilities you need to test and hack your own network in the same way a malicious hacker would. New in this version is the metasploit penetration testing framework and a range of IPv6 foot-printing tools.

After boot up you can use the included utilities to perform penetration tests and ethically hack on your own network to ensure that it is secure from outside intruders. The metasploit framework, one of the new tools included with this release, can be used to test your network using the frameworks internal database of known weaknesses and exploits.

As the number of available IPv4 addresses decreases more and more organizations are deploying IPv6. Also included in this new release of the Live Hacking CD is the THC-IPV6 tool, a tool set to attack the inherent protocol weaknesses of IPv6 and ICMP6.

‘The Live Hacking CD has been an outstanding success’ said Dr. Ali Jahangiri. ‘Now with this new updated version we are putting more tools into the hands of IT professionals so they can defend against the malicious activities of cyber criminals.’

The Live Hacking CD is part of the Live Hacking family which includes the LiveHacking.com website. The website contains information about Dr. Jahangiri’s book “Live Hacking: The Ultimate Guide to Hacking Techniques & Countermeasures for Ethical Hackers & IT Security Experts”, as well as details of the Live Hacking Workshops which Dr Jahangiri runs internationally, to introduce IT professionals to the world of hacking and empower them with the knowledge they require to defend themselves from illegal hackers on the Internet.

The Linux Foundation, the nonprofit organization dedicated to accelerating the growth of Linux, today announced that its Open Accessibility Workgroup is releasing IAccessible2 for Windows under the BSD license. It is also announcing the availability of AccProbe, a new desktop application testing tool that is available under the BSD license.

AccProbe uses IAccessible2 platform services to assist developers in discovering and correcting code problems in their Windows applications. It was developed in Eclipse by IBM and donated to The Linux Foundation’s Open Accessibility Workgroup.

At this year’s CSUN Conference on Disabilities, Adobe Systems Incorporated discussed plans to support IAccessible2 in the next major releases of Adobe(R) Acrobat(R) and Adobe Reader(R). IAccessible2 is already supported in IBM Lotus Symphony, Firefox, and Eclipse. Assistive Technology (AT) vendors supporting the API include JAWS, NVDA, Window-Eyes and ZoomText.

“Adobe applauds The Linux Foundation’s release of IAccessible2 under a BSD license,” said Andrew Kirkpatrick, group product manager for Accessibility at Adobe. “IAccessible2 contains important technological improvements that we plan to incorporate into upcoming versions of Adobe Acrobat, Adobe Reader, Adobe Flash(R) Player, and Adobe AIR(R) in order to continue improving on existing accessibility support in these products.”

The license change to BSD makes it easier to integrate open source AT into proprietary Windows environments, making programs more accessible to computer users with disabilities. Because the BSD license is designed to allow software released under the license to be incorporated into proprietary products, Windows users with disabilities can gain access to more applications while all Windows users will experience more reliable, fully tested applications.

“The Open Accessibility workgroup is working hard to ensure all developers can incorporate the IAccessible2 API into their work for the benefit of all persons with disabilities,” said Jim Zemlin, executive director at The Linux Foundation. “By transitioning to the BSD license and providing important testing tools for developers, the workgroup is demonstrating our commitment to computer access for all.”

IAccessible2 is accessibility API for Windows and facilitates access to applications like Firefox and IBM Lotus Symphony for persons with disabilities. It fills critical accessibility API gaps left by Microsoft’s Active Accessibility API (MSAA). Various governments worldwide are mandating accessibility in electronic and information services. For example, the U.S. government’s $40 billion annual budget for IT procurement complies with the law popularly known as “Section 508,” which is moving towards requiring API-based accessibility services.

ATs enable individuals who are blind or visually impaired to read online text and provide the means for individuals who do not have the use of their arms and hands to write and correspond. ATs also enable individuals who cannot speak or hear to participate on today’s teleconferences. For Windows developers, IAccessible2 implementation may be added to their existing MSAA-enabled applications in order to support richer functionality.

“AccProbe is the only game in town for developers and testers who wish to leverage IAccessible2 in their desktop applications or test rich Internet applications in IA2-enabled browsers,” said Michael Squillace, IBM Human Ability and Accessibility Center Software Engineer. “Extending our commitment to support AccProbe for The Linux Foundation IAccessible2 effort can help developers make applications more accessible for people with disabilities.”

Related Links

– The Linux Foundation’s Open Accessibility Workgroup homepage: http://a11y.org.

– More information on IAccessibility2: http://a11y.org/ia2

– Getting started with AccProbe: http://accessibility.linuxfoundation.org/a11yweb/util/accprobe/

– About the BSD license: http://en.wikipedia.org/wiki/BSD_licenses

– About “Section 508″: http://www.access-board.gov/508.htm

Proxpy is a TCP proxy and debugging tool.

Proxpy runs on Windows, Linux, Unix and any other system that supports java.

The tool can be used for debugging TCP communications, tunneling over SSL, converting SSL to non-SSL, forwarding traffic.

For more information on this tool visit Testertools.com.

Capedit is an Open Source PCAP Based Network Protocol Testing Tool.

Containing a Wireshark Like GUI Interface the app is Developed In C and GTK+ (Currently Supported on Linux only).

Features include:

* Protocol Field Value Modification.
* Packet Deletion.
* Packet Duplication.
* Packet Reordering.
* TCP and UDP Stream based Field Value Modification.
* IP and MAC Address Find And Replace
* Auto CheckSum for IP, ICMP, IGMP, TCP and UDP Protocols.
* Interface Selection For Sending Packets.
* Option for Sending Single Selected Packet.
* Pcap Replay.

Go to TesterTools for more detail.

Description:

Defect Tracker is a web-based development solution.  It tracks and organizes defect reports throughout the development cycles.  Its flexible customization enables you to adapt to your engineering changes.

Features Overview

* Engineer’s inbox (shows all defects assigned to you)
* Performing searches
* Creating public and personal reports
* Creating simple and easy to use charting in seconds
* Saving your personal and public charts
* Subscribing to defect updates by email notification
* Viewing defect change history
* Time-based escalation of defect priority
* Automatic defect assignment routing
* User management by role
* Finding out all logged on users in the system

Easy Customization Interface

You can customize the Defect Tracker without writing code.  Just use point and click, you can add, remove and modify any attribute of an object to meet your development specifications.

Database Requirement

Defect Tracker 1000 does not require a database and yet with full functional features.  If you choose to use a database later, you can simply migrate to Defect Tracker 2000.  By using the one-click data migration utility, you can migrate all your previous data into your new database.

Install and Run

All in one installation, there is nothing else to install.  You can use the Defect Tracker right away after you installed it.  There is no complicated setup and configuration.  Clients can be connected to server using a browser.  No client installation is required. Client is fully HTML based, therefore no plugins to download.

System Requirements

* HTML client runs on lastest Firefox and Internet Explorer.
* New Fire Server runs on major Java 2 platforms (currently certified on Windows and Linux, also known to run on other major platforms with java support).
* Series 1000 does not require database. Series 2000 supports the following major databases: Oracle, Microsoft SQL Server, Sybase, IBM DB2, MySQL and Informix, PostgreSQL.
* Server memory: 64 MB (Series 1000), 128 MB (Series 2000)
* Diskspace: > 100 MB
* i386 compatable processor speed for server: 500 MHz or above

View TesterTools dedicated page for this tool.

GCT was my third coverage tool.  It instruments C code in a source-to-source translation, then passes the instrumented code to a compiler.  Its first major use was on a Unix kernel, so it is suitable for measuring the coverage of embedded systems.

In addition to branch and multiple-condition coverage, it also has boundary-condition and loop coverage.  I find those useful and inexpensive types of coverage, and I’m disappointed that more coverage tools don’t include them.

It also contains a type of coverage we used for evaluating stress testing of a multiprocessor kernel.

However: GCC was written in 1992 using the GNU C compiler (gcc) as a base.  For reasons too boring to explain, it still has most of the original GCC code in it.   The practical effect of that is that porting GCT is not as trivial as it should be. Although there are Linux and Solaris ports, I do not have appropriate configuration files for them.  (If you do, please send them to me.)  There are no ports to any version of Windows or other non-Unix operating systems.  I would be stunned to see one.

Since GCT is based on gcc 1.x, it does not handle some gcc 2.x constructs.  There has been a mostly-completed port from gcc 1.x to 2.x, but I have not used it myself.

GCC has no GUI for looking at coverage results.  The output is formatted like error messages from a compiler.  It comes with an Emacs mode (based on M-x next-error) that I rather liked.  But non-Emacs users are left out in the cold – as they are in so many things.

View TesterTools dedicated page for this tool.

HATE is a test harness, a program that is intended to take the tedium out of testing and evaluating programs.

Some effort has been taken to ensure that HATE is totally independent of both the program being tested and the series of tests to be applied to the test program.  The intention is to provide a single tool that may be used for both testing and evaluation; to encourage well-designed objective testing; and, by allowing researchers to apply the same sets of tests to their own programs, to make it easy for researchers to compare techniques on an informed basis.

The major features of HATE are:

HATE is written in a high-level scripting language and may be used unchanged on any platform that the language supports.  This includes all flavours of Unix; Linux; Windows NT, 95, 3. n ; and the Macintosh.

Test scripts may be used unchanged on all platforms.

Test scripts are independent of the software being tested or evaluated.

Programs are interfaced to HATE by means of a short interface procedure ; thereafter, all relevant existing test scripts may be used with them.

The decomposition into test script and interface procedure, and the portablity of HATE, encourage the sharing of scripts between developers or researchers.

HATE is able to generate its output in a range of forms, including HTML and LaTeX tables.

HATE was developed principally to aid the evaluation of computer vision algorithms . There is increasing realization within the vision research community that this type of work is essential in converting computer vision from a “black art“, with algorithms being tested on only a few images, to sound engineering practice. It is hoped that the vision community will develop test scripts that allow comprehensive comparisons of existing algorithms to be performed, and that new algorithms are subsequently compared with the existing body of results.

View TesterTools dedicated page for this tool.

IOzone is a filesystem benchmark tool. The benchmark generates and measures a variety of file operations. Iozone has been ported to many machines and runs under many operating systems.

Iozone is useful for performing a broad filesystem analysis of a vendor’s computer platform. The benchmark tests file I/O performance for the following operations:

Read, write, re-read, re-write, read backwards, read strided, fread, fwrite, random read, pread ,mmap, aio_read, aio_write

While computers are typically purchased with an application in mind it is also likely that over time the application mix will change. Many vendors have enhanced their operating systems to perform well for some frequently used applications. Although this accelerates the I/O for those few applications it is also likely that the system may not perform well for other applications that were not targeted by the operating system. An example of this type of enhancement is: Database.

Many operating systems vendors have tested and tuned the filesystem so it works well with databases. While the database users are happy, the other users may not be so happy as the entire system may be giving all of the system resources to the database users at the expense of all other users. As time rolls on the system administrator may decide that a few more office automation tasks could be shifted to this machine.

The load may now shift from a random reader application (database) to a sequential reader. The users may discover that the machine is very slow when running this new application and become dissatisfied with the decision to purchase this platform. By using Iozone to get a broad filesystem performance coverage the buyer is much more likely to see any hot or cold spots and pick a platform and operating system that is more well balanced.

Benchmark Features:

View TesterTools dedicated page for this tool.

CLOC counts blank lines, comment lines, and physical lines of source code in many programming languages.  It is written entirely in Perl with no dependencies outside the standard distribution of Perl v5.6 and higher (code from some external modules is embedded within cloc) and so is quite portable.   CLOC is known to run on many flavors of Linux, Mac OS X, AIX, Solaris, IRIX, z/OS, and Windows.  (To run the Perl source version of cloc on Windows one needs ActiveState Perl 5.6.1 or higher, or Cygwin installed.  Alternatively one can use the Windows binary of cloc generated with perl2exe to run on Windows computers that have neither Perl nor Cygwin.) cloc contains code from David Wheeler’s SLOCCount, Damian Conway and Abigail’s Perl module Regexp::Common, and Sean M. Burke’s Perl module Win32::Autoglob,

cloc has many features that make it easy to use, thorough, extensible, and portable:

1. Exists as a single, self-contained file that requires minimal installation effort—just download the file and run it.

2. Can read language comment definitions from a file and thus potentially work with computer languages that do not yet exist.

3. Allows results from multiple runs to be summed together by language and y project.

4. Can produce results in a variety of formats: plain text, XML, YAML, comma separated values.

5. Can count code within compressed archives (tar balls, Zip files, Java .ear files).

6. Has numerous troubleshooting options.

7. Handles file and directory names with spaces and other unusual characters.

8. Has no dependencies outside the standard Perl distribution.

9. Runs on Linux, FreeBSD, NetBSD, Mac OS X, AIX, HP-UX, Solaris, IRIX, and z/OS systems that have Perl 5.6 or higher.  The source version runs on Windows with either ActiveState Perl or cygwin.  Alternatively on Windows one can run the Windows binary which has no dependencies.

View TesterTools dedicated page for this tool.

WatirCraft is a testing framework that builds on Watir. It allows tests to be expressed as Rspec or Cucumber tests and provides a library structure to support maintainable testing. It gives you a place to put things.

Features

* Generates a directory structure for your test suite with one command.
* Provides page adapters you can customize for your application.
* Configure environment URLs and browser type (IE, Firefox) in one location.
* Supports multiple environments; specify which to test at run time.
* Uses templates to create tests and libraries.
* Automatically initializes browser for testing.
* Provides the glue to ensure your tests can find your libraries. Don’t write     another “require” statement again.
* Runs on Windows, Mac or Linux.

View TesterTools dedicated page for this tool.