... neuere Einträge
Tuesday, 22. November 2011
WAFP - Finger Printer Tool -Linux
Am Tuesday, 22. Nov 2011 im Topic 'Tools'
WAFP is a Web Application Finger Printer written in ruby using a SQLite3 DB. WAFP fetches the files given by the Finger Prints from a webserver andchecks if the checksums of those files are matching to the given checksums from theFinger Prints. This way it is able to detect the detailed version andeven the build number of a Web Application.
Download
http://mytty.org/wafp/wafp-0.01-26c3.tar.lzma
Download
http://mytty.org/wafp/wafp-0.01-26c3.tar.lzma
Vulnscan-password-crack - Linux
Am Tuesday, 22. Nov 2011 im Topic 'Tools'
Password crackers for popular vulnerability scanners.
NSE scripts are released under Nmap Public License.
Find the password for your favourite vulnerability scanner:
- OpenVAS
- Nessus
- NeXpose
and exploitation frameworks:
- Metasploit XMLRPC
Regarding NSE scripts:
- You have to run version checking (-sV)
- You have to force Nmap to use SSL for XMLRPC guessing in
Nessus
Download
https://github.com/kost/vulnscan-pwcrack
NSE scripts are released under Nmap Public License.
Find the password for your favourite vulnerability scanner:
- OpenVAS
- Nessus
- NeXpose
and exploitation frameworks:
- Metasploit XMLRPC
Regarding NSE scripts:
- You have to run version checking (-sV)
- You have to force Nmap to use SSL for XMLRPC guessing in
Nessus
Download
https://github.com/kost/vulnscan-pwcrack
Monday, 21. November 2011
PHP Vulnerability Hunter
Am Monday, 21. Nov 2011 im Topic 'Pentest'
This is the application that detected almost all of the web application vulnerabilities listed on the advisories page. PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range of exploitable faults in PHP web applications. Minimal configuration is necessary to begin a scan; PHP Vulnerability Hunter doesn’t even need a user specified starting URI.
Download
http://code.google.com/p/php-vulnerability-hunter/downloads/list
Download
http://code.google.com/p/php-vulnerability-hunter/downloads/list
Sunday, 20. November 2011
PDF Stream Dumper
Am Sunday, 20. Nov 2011 im Topic 'Malware Search'
This is a free tool for the analysis of malicious PDF documents. It also has some features that can make it useful for pdf vulnerability development.
Has specialized tools for dealing with obsfuscated javascript, low level pdf headers and objects, and shellcode. In terms of shellcode analysis, it has an integrated interface for libemu sctest, an updated build of iDefense sclog, and a shellcode_2_exe feature.
Javascript tools include integration with JS Beautifier for code formatting, the ability to run portions of the script live for live deobsfuscation, toolbox classes to handle extra canned functionality, as well as a pretty stable refactoring engine that will parse a script and replace all the screwy random function and variable names with logical sanitized versions for readability.
Tool also supports unescaping/formatting manipulated pdf headers, as well as being able to decode filter chains (multiple filters applied to the same stream object.)
Download incl. full vb6 source
http://sandsprite.com/CodeStuff/PDFStreamDumper_Setup.exe
Has specialized tools for dealing with obsfuscated javascript, low level pdf headers and objects, and shellcode. In terms of shellcode analysis, it has an integrated interface for libemu sctest, an updated build of iDefense sclog, and a shellcode_2_exe feature.
Javascript tools include integration with JS Beautifier for code formatting, the ability to run portions of the script live for live deobsfuscation, toolbox classes to handle extra canned functionality, as well as a pretty stable refactoring engine that will parse a script and replace all the screwy random function and variable names with logical sanitized versions for readability.
Tool also supports unescaping/formatting manipulated pdf headers, as well as being able to decode filter chains (multiple filters applied to the same stream object.)
Download incl. full vb6 source
http://sandsprite.com/CodeStuff/PDFStreamDumper_Setup.exe
Wednesday, 16. November 2011
GoLISMERO -Linux
Am Wednesday, 16. Nov 2011 im Topic 'Pentest'
GoLISMERO is a web spider is able to detect vulnerabilities and format results a very useful when starting a web audit. Every time we face a new URL, would not it be great to have easily and quick all the links, forms with parameters, to detect possible URL vulnerable and in addition to being presented so that gives us an idea of ??all points of entry where we could launch attacks? GoLISMERO lets us do all this.
Download
http://code.google.com/p/golismero/downloads/list
./GoLISMERO.py –t google.com
Download
http://code.google.com/p/golismero/downloads/list
./GoLISMERO.py –t google.com
Tuesday, 15. November 2011
Pentest - free, safe and legal training
Am Tuesday, 15. Nov 2011 im Topic 'Pentest'
Vulnerability Assessment
http://www.vulnerabilityassessment.co.uk/
Net-Force
http://net-force.nl/
Hack Quest
http://hackquest.com/
HackThisSite
http://www.hackthissite.org/
EnigmaGroup
http://www.enigmagroup.org/pages/basics/
Smash The Stack
http://www.smashthestack.org/
Wechall
https://www.wechall.net/
by
WarGames
http://www.vulnerabilityassessment.co.uk/
Net-Force
http://net-force.nl/
Hack Quest
http://hackquest.com/
HackThisSite
http://www.hackthissite.org/
EnigmaGroup
http://www.enigmagroup.org/pages/basics/
Smash The Stack
http://www.smashthestack.org/
Wechall
https://www.wechall.net/
by
WarGames
... ältere Einträge
