... neuere Einträge
Saturday, 1. October 2011
PowerFuzzer v1
Am Saturday, 1. Oct 2011 im Topic 'Pentest'
Powerfuzzer is a highly automated web fuzzer based on many other Open Source fuzzers available (incl. cfuzzer, fuzzled, fuzzer.pl, jbrofuzz, webscarab, wapiti, Socket Fuzzer). It can detect XSS, Injections (SQL, LDAP, commands, code, XPATH) and other
Download
http://narod.yandex.ru/disk/22405899001/powerfuzzer_v1_beta_patched_binary_installer_complete.exe
Download
http://narod.yandex.ru/disk/22405899001/powerfuzzer_v1_beta_patched_binary_installer_complete.exe
Squeeza - Linux
Am Saturday, 1. Oct 2011 im Topic 'Pentest'
squeeza is a tool that helps exploit SQL injection vulnerabilities in broken web applications. Its functionality is split into creating data on the database (by executing commands, copying in files, issuing new SQL queries) and extracting that data through various channels (dns, timing, http error messages)
Download
http://www.sensepost.com/cms/resources/labs/tools/pentest/squeeza/squeeza-0.22.tar.gz
Download
http://www.sensepost.com/cms/resources/labs/tools/pentest/squeeza/squeeza-0.22.tar.gz
HP WebInspect
Am Saturday, 1. Oct 2011 im Topic 'Pentest'
The HP application security solution includes tools for automating and managing application security testing, including static testing of source code in development and dynamic testing of applications running in QA or production. These tools enable you to protect your data, systems, and information from attack by building application security into development and then testing continuously for vulnerabilities. They also help you achieve and demonstrate compliance with government and industry regulations. Now part of the HP IT Performance Suite.
Download
https://download.hpsmartupdate.com/webinspect/WebInspectSetupPrereq.exe
Download
https://download.hpsmartupdate.com/webinspect/WebInspectSetupPrereq.exe
Friday, 23. September 2011
PenTBox
Am Friday, 23. Sep 2011 im Topic 'Pentest'
PenTBox is a Security Suite that packs security and stability testing oriented tools for networks and systems.
Programmed in Ruby and oriented to GNU/Linux systems, but compatible with Windows, MacOS and every systems where Ruby works.
Download
http://www.pentbox.net/download-pentbox/
Programmed in Ruby and oriented to GNU/Linux systems, but compatible with Windows, MacOS and every systems where Ruby works.
Download
http://www.pentbox.net/download-pentbox/
Sunday, 18. September 2011
WAVSEP 1.0.3
Am Sunday, 18. Sep 2011 im Topic 'Pentest'
Project WAVSEP currently includes the following test cases:
Vulnerabilities:
Reflected XSS: 66 test cases, implemented in 64 jsp pages (GET & POST)
Error Based SQL Injection: 80 test cases, implemented in 76 jsp pages (GET & POST )
Blind SQL Injection: 46 test cases, implemented in 44 jsp pages (GET & POST )
Time Based SQL Injection: 10 test cases, implemented in 10 jsp pages (GET & POST )
False Positives:
7 different categories of false positive Reflected XSS vulnerabilities (GET & POST )
10 different categories of false positive SQL Injection vulnerabilities (GET & POST)
Download
http://code.google.com/p/wavsep/downloads/list
Vulnerabilities:
Reflected XSS: 66 test cases, implemented in 64 jsp pages (GET & POST)
Error Based SQL Injection: 80 test cases, implemented in 76 jsp pages (GET & POST )
Blind SQL Injection: 46 test cases, implemented in 44 jsp pages (GET & POST )
Time Based SQL Injection: 10 test cases, implemented in 10 jsp pages (GET & POST )
False Positives:
7 different categories of false positive Reflected XSS vulnerabilities (GET & POST )
10 different categories of false positive SQL Injection vulnerabilities (GET & POST)
Download
http://code.google.com/p/wavsep/downloads/list
Thursday, 15. September 2011
Security Onion
Am Thursday, 15. Sep 2011 im Topic 'Pentest'
The Security Onion LiveDVD is a bootable DVD that contains software used for installing, configuring, and testing Intrusion Detection Systems. It is based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, Xplico, nmap, metasploit, Armitage, scapy, hping, netcat, tcpreplay, and many other security tools.
Download
http://sourceforge.net/projects/security-onion/files/20110913/
Download
http://sourceforge.net/projects/security-onion/files/20110913/
Friday, 9. September 2011
XSSS - Scanning - Linux
Am Friday, 9. Sep 2011 im Topic 'Pentest'
Features
Crawl website
Detect forms and URLs with parameters
Fill in forms, alter parameters to include control characters
Scan web server response for our input
Download
http://www.sven.de/xsss/xsss-0.40b.tar.gz
Crawl website
Detect forms and URLs with parameters
Fill in forms, alter parameters to include control characters
Scan web server response for our input
Download
http://www.sven.de/xsss/xsss-0.40b.tar.gz
Monday, 5. September 2011
BackBox Linux 2
Am Monday, 5. Sep 2011 im Topic 'Pentest'
The BackBox team is proud to announce the release of BackBox. Linux 2.BackBox 2 features the following upstream components: Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8. BackBox is an Ubuntu-based distribution developed to perform penetration tests and security assessments. It is designed to be fast and easy to use. It provides a minimal yet complete desktop environment, thanks to its own software repositories, which are always updated to the latest stable versions of the most often used and best-known ethical hacking tools.
Download
http://www.backbox.org/content/download
Download
http://www.backbox.org/content/download
Saturday, 3. September 2011
Vulnerability Master 1.0 - Scanner
Am Saturday, 3. Sep 2011 im Topic 'Pentest'
Thursday, 1. September 2011
XCode Scanning tool
Am Thursday, 1. Sep 2011 im Topic 'Pentest'
XCode SQLi/LFI/XSS and Webshell Scanning tool
XCode Exploit – Vulnurable & webshell Scanner help you to gather the dorks Link from Google. then you may check the results if its Vulnurable to exploit with SQL injection commands, LFI,and XSS. And You may hunt the webshells those uploaded.
Example
in dorks add
* /../../../../../../../../../../../../. . / .. / etc / passwd% 00 “> alert (” XSS Xcode Exploit Scanner detected “)
Output
www.target.com?blabla.php?=1234: SQLi Vulnerable.
Download
http://www.ziddu.com/download/16226093/XCodeExploitScannerSept2011.zip.html
XCode Exploit – Vulnurable & webshell Scanner help you to gather the dorks Link from Google. then you may check the results if its Vulnurable to exploit with SQL injection commands, LFI,and XSS. And You may hunt the webshells those uploaded.
Example
in dorks add
* /../../../../../../../../../../../../. . / .. / etc / passwd% 00 “> alert (” XSS Xcode Exploit Scanner detected “)
Output
www.target.com?blabla.php?=1234: SQLi Vulnerable.
Download
http://www.ziddu.com/download/16226093/XCodeExploitScannerSept2011.zip.html
... ältere Einträge