... neuere Einträge
Saturday, 11. February 2012
OWTF - Web Testing Framework - Linux
Am Saturday, 11. Feb 2012 im Topic 'Pentest'
Features
--------
- OWASP Testing Guide-oriented: owtf will try to classify the findings as closely as possible to the OWASP Testing Guide
- Report updated on the fly: As soon as each plugin finishes or sometimes before (i.e. after each vulnerability scanner finishes)
- "Scumbag spidering": Instead of implementing yet another spider (a hard job), owtf will scrub the output of all tools/plugins run to gather as many URLs as possible. This is somewhat "cheating" but tremendously effective since it combines the results of different tools, including several tools that perform brute forcing of files and directories.
- Resilience: If one tool crashes owtf will move on to the next tool/test, saving the partial output of the tool until it crashed
- Easy to configure: config files are easy to read and modify
- Easy to run: No strange parameters, DB setup requirements, libraries, complex dependencies, etc
- Full control of what tests to run, interactivity and hopefully easy to follow examples and help :)
- Easy to review trasaction log and plain text files with URLs, simple for scripting
- Basic Google Hacking without (annoying) API Key requirements via "blanket searches", trying a bunch of operators at once, you can then narrow the search down if you find something interesting.
- Easy to extract data from the database to parse or pass to other tools: They are all text files
Download
https://github.com/7a/owtf/tree/master/releases
General configuration: Tool locations, Icons for review, Default settings, etc
owtf_dir/profiles/general/default.cfg
Defines how tools will be run + external links to useful resources and online tools
owtf_dir/profiles/resources/default.cfg
Defines the order in which web plugins will be run
owtf_dir/profiles/web_plugin_order/default.cfg
Internal framework configuration:
owtf_dir/framework/config/framework_config.cfg
--------
- OWASP Testing Guide-oriented: owtf will try to classify the findings as closely as possible to the OWASP Testing Guide
- Report updated on the fly: As soon as each plugin finishes or sometimes before (i.e. after each vulnerability scanner finishes)
- "Scumbag spidering": Instead of implementing yet another spider (a hard job), owtf will scrub the output of all tools/plugins run to gather as many URLs as possible. This is somewhat "cheating" but tremendously effective since it combines the results of different tools, including several tools that perform brute forcing of files and directories.
- Resilience: If one tool crashes owtf will move on to the next tool/test, saving the partial output of the tool until it crashed
- Easy to configure: config files are easy to read and modify
- Easy to run: No strange parameters, DB setup requirements, libraries, complex dependencies, etc
- Full control of what tests to run, interactivity and hopefully easy to follow examples and help :)
- Easy to review trasaction log and plain text files with URLs, simple for scripting
- Basic Google Hacking without (annoying) API Key requirements via "blanket searches", trying a bunch of operators at once, you can then narrow the search down if you find something interesting.
- Easy to extract data from the database to parse or pass to other tools: They are all text files
Download
https://github.com/7a/owtf/tree/master/releases
General configuration: Tool locations, Icons for review, Default settings, etc
owtf_dir/profiles/general/default.cfg
Defines how tools will be run + external links to useful resources and online tools
owtf_dir/profiles/resources/default.cfg
Defines the order in which web plugins will be run
owtf_dir/profiles/web_plugin_order/default.cfg
Internal framework configuration:
owtf_dir/framework/config/framework_config.cfg
Friday, 3. February 2012
Sandcat Browser - A Penetration Web Browser
Am Friday, 3. Feb 2012 im Topic 'Pentest'
The Sandcat Browser is a freeware, portable, penetration testing oriented, multi-tabbed web browser that supports extensions. It is built on top of the Chromium engine, that powers the Google Chrome browser, and uses the Lua language to provide extensions and scripting support. It practically is the fastest web browser combined with the fastest scripting language in the world packed with features for pen-testers! Lua is a powerful, fast, lightweight, embeddable scripting language that combines simple procedural syntax with powerful data description constructs based on associative arrays and extensible semantics.
Download
http://www.syhunt.com/?n=Sandcat.Browser
Download
http://www.syhunt.com/?n=Sandcat.Browser
IronWASP - Security testing Platform
Am Friday, 3. Feb 2012 im Topic 'Pentest'
IronWASP is a Iron Web application Advanced Security testing Platform an open source system for web application vulnerability testing.
Requirement for using IronWASP
.NET 2.0
Download :
https://ironwasp.org/ironwasp.zip
Requirement for using IronWASP
.NET 2.0
Download :
https://ironwasp.org/ironwasp.zip
Monday, 30. January 2012
SQLi google dorker
Am Monday, 30. Jan 2012 im Topic 'Pentest'
This is a simple google dorker that will scan google for sites, Then test them for SQLi vulns.
Note: The u1103.exe is UltraSurf (Proxy) So that google does not IP ban you for dorking!
Download
http://dl105.herosh.com/7b33663d04370b24f464dd2377308857/Google.Dorkerv.1.1.rar
http://herosh.com/download/10588061/Google.Dorkerv.1.1.rar.html
http://www.sendspace.com/file/rqbwwm
by
Exidous
Note: The u1103.exe is UltraSurf (Proxy) So that google does not IP ban you for dorking!
Download
http://dl105.herosh.com/7b33663d04370b24f464dd2377308857/Google.Dorkerv.1.1.rar
http://herosh.com/download/10588061/Google.Dorkerv.1.1.rar.html
http://www.sendspace.com/file/rqbwwm
by
Exidous
Dark D0rk3r 0.5 - Linux
Am Monday, 30. Jan 2012 im Topic 'Pentest'
Dark D0rk3r is a python script that performs dork searching and searches for local file inclusion and SQL injection errors.
Download
http://packetstormsecurity.org/files/download/109171/darkd0rk3r-0.5.py.txt
Download
http://packetstormsecurity.org/files/download/109171/darkd0rk3r-0.5.py.txt
Sunday, 29. January 2012
Hcon’s Security Testing Framework
Am Sunday, 29. Jan 2012 im Topic 'Pentest'
Hcon respects & salutes to all of the freedom fighters of India, without whom we can never be able get our freedom.A tribute to all of the freedom fighters of all the countries we present HconSTF version 0.4 codename ‘Freedom’.Hope this year brings freedom for everyone on the internet form different governments & companies which are making the internet users their slaves.For this purpose HconSTF 0.4 has integrated many functions for anonymity and OSINT.
What it can do ? :
Most of the part of HconSTF is semi-automated but you still need your brain to work it out.
It can be use in all kind of security testing stages, it has tools for conducting tasks like,
1. Information gathering
2. Enumeration & Reconnaissance
3. Vulnerability assessment
4. Exploitation
5. Privilege escalation
6. Reporting
also can be used for web debugging
Download
http://www.hcon.in/downloads.html
What it can do ? :
Most of the part of HconSTF is semi-automated but you still need your brain to work it out.
It can be use in all kind of security testing stages, it has tools for conducting tasks like,
1. Information gathering
2. Enumeration & Reconnaissance
3. Vulnerability assessment
4. Exploitation
5. Privilege escalation
6. Reporting
also can be used for web debugging
Download
http://www.hcon.in/downloads.html
Wednesday, 18. January 2012
Exploit Next Generation SQL Fingerprint v1.12.120115/RC0
Am Wednesday, 18. Jan 2012 im Topic 'Pentest'
For those that are not familiarized with Exploit Next Generation® SQL
Fingerprint, it is a powerful tool which performs version fingerprinting
for:
1. Microsoft SQL Server 2000;
2. Microsoft SQL Server 2005;
3. Microsoft SQL Server 2008; and
4. Microsoft SQL Server 2012.
The Exploit Next Generation® SQL Fingerprint uses well-known techniques
based on several public tools that are capable to identify the Microsoft
SQL Server version (such as: SQLping and SQLver), but, instead of showing
only the "raw version" (i.e., Microsoft SQL Version 10.00.2746), the
Exploit Next Generation® SQL Fingerprint shows the mapped Microsoft SQL
Server version (i.e., Microsoft SQL 2008 SP1 (CU5)).
Download
http://www.4shared.com/zip/legpj3DI/ESF.html
Key ID: 0x4FFC316C
1983 7E8E D6C9 CAF8 4B4F A8C9 A36D FC5B 4FFC 316C
Info
http://nbrito.4shared.com/
Fingerprint, it is a powerful tool which performs version fingerprinting
for:
1. Microsoft SQL Server 2000;
2. Microsoft SQL Server 2005;
3. Microsoft SQL Server 2008; and
4. Microsoft SQL Server 2012.
The Exploit Next Generation® SQL Fingerprint uses well-known techniques
based on several public tools that are capable to identify the Microsoft
SQL Server version (such as: SQLping and SQLver), but, instead of showing
only the "raw version" (i.e., Microsoft SQL Version 10.00.2746), the
Exploit Next Generation® SQL Fingerprint shows the mapped Microsoft SQL
Server version (i.e., Microsoft SQL 2008 SP1 (CU5)).
Download
http://www.4shared.com/zip/legpj3DI/ESF.html
Key ID: 0x4FFC316C
1983 7E8E D6C9 CAF8 4B4F A8C9 A36D FC5B 4FFC 316C
Info
http://nbrito.4shared.com/
Wednesday, 4. January 2012
Firefox Add-ons List for Penetration Tester
Am Wednesday, 4. Jan 2012 im Topic 'Pentest'
Access Me
FormBug
JavaScript Deobfuscator
SQL Inject ME
Add N Edit Cookies+
FoxyProxy
Key Manager
Selenium IDE
CookieSwap
FoxySpider
Library Detector
Tamper Data
Domain Details
Google Site Indexer
Live HTTP Headers
URL Flipper
FireFTP
Greasemonkey
PassiveRecon
User Agent Switcher
FireFlash
Groundspeed
Poster
Vitzo WHOIS
Firebug
HackBar
RESTClient
Wappalyzer
Firebug
Host Spy
RESTTest
Web Developer
Firecookie
HttpFox
RefControl
XSS Me
Firesheep
JSview
Resurrect Pages
refspoof
No Script
Proxybar
Acunetix Web Scanner
Coockie Watcher
CryptoFox
Toggle Web Developer Toolbar
Torbutton
WOT
View Cookies
FormBug
JavaScript Deobfuscator
SQL Inject ME
Add N Edit Cookies+
FoxyProxy
Key Manager
Selenium IDE
CookieSwap
FoxySpider
Library Detector
Tamper Data
Domain Details
Google Site Indexer
Live HTTP Headers
URL Flipper
FireFTP
Greasemonkey
PassiveRecon
User Agent Switcher
FireFlash
Groundspeed
Poster
Vitzo WHOIS
Firebug
HackBar
RESTClient
Wappalyzer
Firebug
Host Spy
RESTTest
Web Developer
Firecookie
HttpFox
RefControl
XSS Me
Firesheep
JSview
Resurrect Pages
refspoof
No Script
Proxybar
Acunetix Web Scanner
Coockie Watcher
CryptoFox
Toggle Web Developer Toolbar
Torbutton
WOT
View Cookies
Friday, 23. December 2011
Google Hack DB Vulnerability Tool - Linux
Am Friday, 23. Dec 2011 im Topic 'Pentest'
7974 (Including 4203 in SQL Injection)
Generate google vulnerability queries with your site.
Find out if you are litsed in google with vulnerabilities.
Download
http://www.secpoint.com/freetools/google-hack-db-tool-1.5.zip
Generate google vulnerability queries with your site.
Find out if you are litsed in google with vulnerabilities.
Download
http://www.secpoint.com/freetools/google-hack-db-tool-1.5.zip
Monday, 19. December 2011
FindBugs
Am Monday, 19. Dec 2011 im Topic 'Pentest'
FindBugs is an open source program created by Bill Pugh and David Hovemeyer which looks for bugs in Java code.It uses static analysis to identify hundreds of different potential types of errors in Java programs.FindBugs operates on Java bytecode,rather than source code.The software is distributed as a stand-alone GUI application. There are also plug-ins available for Eclipse,Netbeans,IntelliJ IDEA,and Hudson.
Download
http://findbugs.sourceforge.net/index.html
Download
http://findbugs.sourceforge.net/index.html
... ältere Einträge
