Wappalyzer – Web Technology Identifier (Identify CMS, JavaScript etc.)

Wappalyzer is an add-on for Firefox that uncovers the technologies used on websites. It detects CMS and e-commerce systems, message boards, JavaScript frameworks, hosting panels, analytics tools and several more. The company behind Wappalyzer also collects information about web based software to create publicly available statistics, revealing their growth over time and popularity compared to others. Most of this data is anonymously collected from this Firefox add-on which has been installed by thousands of users. Wappalyzer was founded in 2008 by Elbert F and has been made possible with...

Read More

BodgeIt Store – Vulnerable Web Application For Penetration Testing

There are various vulnerable web applications such as Jarlsberg, WackoPicko, Damn Vulnerable Web Application (DVWA), Vicnum, etc. Now we have another application that is vulnerable and ready to be exploited! The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to penetration testing. Features Easy to install – just requires java and a servlet engine, e.g. Tomcat Self contained (no additional dependencies other than to 2 in the above line) Easy to change on the fly – all the functionality is implemented in JSPs, so no IDE required Cross platform Open...

Read More

OWASP Hatkit Proxy Project – HTTP/TCP Intercepting Proxy Tool

The primary purpose of the Hatkit Proxy is to create a minimal, lightweight proxy which stores traffic into an offline storage where further analysis can be performed, i.e. all kinds of analysis which is currently implemented by the proxies themselves (WebScarab/Burp/Paros etc). Also, since the http traffic is stored in a MongoDB, the traffic is stored at an object-level, retaining the structure of the parsed traffic. Features Swing-based UI, Interception capabilities with manual edit, both for TCP and HTTP traffic, Syntax highlightning (html/form-data/http) based on JFlex, Storage of http...

Read More

Burp Suite Free Edition v1.4 – Web Application Security Testing Tool

We love Burp Suite and we have since wayyyy back, the last update we posted was around 18 months ago back in January 2010 – Burp Suite v1.3 Released – Integrated Platform For Attacking Web Applications. For the two people here who don’t know what this tool does, Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp gives you full control, letting...

Read More

WATOBO – The Web Application Toolbox

WATOBO is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. We are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities. WATOBO has no attack capabilities and is provided for legal vulnerability audit purposes only. How Does It Work? WATOBO works like a local proxy, similar to Webscarab, Paros or BurpSuite. Additionally, WATOBO supports passive and active checks. Passive checks are more like filter functions. They are used to collect useful information,...

Read More

XSSer v1.0 – Cross Site Scripter Framework

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection. New Features Added “final remote injections” option Cross Flash Attack! Cross Frame Scripting Data Control Protocol Injections Base64 (rfc2397) PoC OnMouseMove PoC Browser launcher New options menu Pre-check system Crawler spidering clones More advanced statistics system “Mana” ouput results You can download XSSer v1.0 here: xsser...

Read More

LFIMAP – Scan For Files Vulnerable To LFI (Local File Inclusion)

There are some existing tools that deal with LFI vulnerabilities such as fimap the Remote & Local File Inclusion (RFI/LFI) Scanner and inspathx a Tool For Finding Path Disclosure Vulnerabilities (which can lead to the discovery of LFI). A new simple tool was released recently which focuses purely on LFI attacks. Functions Automatically find the root of the file system Detect default files outside of the web folder Attempts to detect passwords inside the files Supports basic authentication Can use null byte to bypass some controls Writes a report of the scan to a file You can download LFIMAP...

Read More

SQLInject-Finder – Intelligent SQL Injection Detection Script

SQLInject-Finder is a simple python script that parses through a pcap and looks at the GET and POST request data for suspicious and possible SQL injects. Rules to check for SQL injection can be easily added. Output can be printed neatly on the command line or in tab delimited format. The output includes: The suspicious IP address The attacked webpage The parameter and value used The frame number of the packet within the pcap (can be used to find exactly where the packet is in Wireshark) The reason why the request was flagged Requirements This script was tested using Python 2.6.5. Other versions...

Read More

Mantra Security Toolkit – Free & Open Source Browser-Based Security Framework

24 January 2011 | 11,912 views Mantra Security Toolkit – Free & Open Source Browser-Based Security Framework Want to Learn Penetration Testing Mantra is a dream that came true. It is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers, security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. Mantra is a security framework which can be very helpful in performing all the five phases of attacks including reconnaissance,...

Read More

sessionthief – HTTP Session Cloning & Cookie Stealing Tool

sessionthief performs HTTP session cloning by cookie stealing. It can issue basic nmap and nbtscan commands to see which IPs are on the subnet, or just listen for IPs broadcasting packets. It can quickly perform ARP poison routing to get packets given the IP of the client if not on an open network or hub, and should also work with interfaces in monitor mode. It integrates automatically with Firefox, dynamically creating a temporary profile for each attack performed. In this way, in contrast to tools like the middler, it doesn’t require any additional configuration, and makes it easy to simultaneously...

Read More

Havij – Advanced Automated SQL Injection Tool

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and password hashes, dump tables and columns, fetching data from the database, running SQL statements and even accessing the underlying file system and executing commands on the operating system. The power of Havij...

Read More

inspathx – Tool For Finding Path Disclosure Vulnerabilities

inspathx is a tool that uses local source tree to make requests to the URL and searches for path inclusion (Full Path Disclosure) error messages. It’s a very common problem in PHP web applications that crops up a lot. PHP Web application developers sometimes fail to add safety checks against authentications, file inclusion etc and are prone to reveal possible sensitive information when those applications URLs are directly requested. Sometimes, it’s a clue to Local File Inclusion (LFI) vulnerability. For open-source applications, source code can be downloaded and checked to find such information. This...

Read More

OWASP ZAP – Zed Attack Proxy – Web Application Penetration Testing

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Features Intercepting proxy Automated scanner Passive scanner Spider Next Release The next release of OWASP ZAP, planned for later this year, is expected to include: OWASP rebranding Improvements...

Read More

NSDECODER – Automated Website Malware Detection Tool

NSDECODER is a automated website malware detection tool. It can be used to decode and analyze an URL to see if it host to malware. Also, NSDECODER will analyze which vulnerability has been exploited and the original source address of malware. Functions Automated analysis and detection of website malware. Detection for plenty of vulnerabilities. Log export supports HTML and TXT format. Ability to deeply analyze JavaScript. You can download NSDECODER here: nsdecoder_gui_v1.0....

Read More

w3af 1.0-rc3 Available For Download – Web Application Attack & Audit Framework

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. New Features Enhanced GUI, including huge changes in the MITM proxy and the Fuzzy Request Editor Increased speed by rewriting parts of the thread management code Fixed tons of bugs Reduced memory usage Many plugins were rewritten using different techniques that use less HTTP requests to identify the same vulnerabilities Reduced false positives You can download w3af 1.0-rc3 here: Windows – w3af-1.0-rc3.exe Linux/BSD/Mac...

Read More

Andiparos – Open Source Web Application Security Assessment Tool

Andiparos is a fork of the famous Paros Proxy. It is an open source web application security assessment tool that gives penetration testers the ability to spider websites, analyze content, intercept and modify requests, etc. The author did ask for the original authors of Paros Proxy to integrate his changes but was rejected, hence the fork. The advantage of Andiparos is mainly the support of Client Certificates on Smartcards. Moreover it has several small interface enhancements, making the life easier for penetration testers… Features: Smartcard support History Filter (URLs) Tag requests...

Read More

DotDotPwn v1.0 – Directory Traversal Checker/Scanning Tool

A simple PERL tool which detects several Directory Traversal Vulnerabilities on HTTP/FTP Servers. This AttackDB version currently has 871 traversal payloads. This tool was tested against various Kolibri+ WebServer v2.0 and Gefest WebServer v1.0 (HTTP servers) giving good results identifying the right vulnerability strings. Those HTTP servers were vulnerable, and somebody reported those vulns on sites such as exploit-db, but those advisories just reported some (1 or 2) traversal strings with a difference with DotDotPwn which detected between 10 or 20 different attack strings on those vulnerable...

Read More

Arachni – Web Application Vulnerability Scanning Framework

Arachni is a feature-full and modular Ruby framework that allows penetration testers and administrators to evaluate the security of web applications. Arachni is smart, it trains itself with every HTTP response it receives during the audit process. Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can detect changes caused while traveling through each path of a web application’s cyclomatic complexity. This way attack/input vectors that would otherwise be undetectable by non-humans are seamlessly handled by Arachni. The project aims to: Provide...

Read More

Netsparker Community Edition – Web Application Security Scanner

Netsparker is a Web Application Security Scanner that claims to be False-Positive Free. The developers thought that if you need to investigate every single identified issue manually what’s the point of having an automated scanner? So they developed a new technology which can confirm vulnerabilities on demand which allowed us to develop the first false positive free web application security scanner. When Netsparker identifies an SQL Injection, it can identify how to exploit it automatically and...

Read More

DAVTest – WebDAV Vulnerability Scanning (Scanner) Tool

When facing off against a WebDAV enabled server, there are two things to find out quickly: can you upload files, and if so, can you execute code? DAVTest attempts help answer those questions, as well as enable the pentester to quickly gain access to the host. DAVTest tries to upload test files of various extension types (e.g., “.php” or “.txt”), checks if those files were uploaded successfully, and then if they can execute on the server. It also allows for uploading of the files as plain text files and then trying to use the MOVE command to rename them to an executable. Assuming you can...

Read More

iScanner – Detect & Remove Malicious Code/Web Pages Viruses From Your Linux/Unix Server

iScanner is free open source tool lets you detect and remove malicious codes and web pages viruses from your Linux/Unix server easily and automatically. This is a neat tool for those who have to do some clean up operation after a mass-exploitation or defacement on a shared web-host. This tool is programmed by iSecur1ty using Ruby programming language and it’s released under the terms of GNU Affero General Public License 3.0. Features Detect malicious codes in web pages. This include hidden iframe tags, javascript, vbscript, activex objects and PHP codee. Extensive log shows the infected...

Read More

sqlninja v0.2.5 Released – Microsoft SQL Server (MS-SQL) SQL Injection Vulnerability Tool

It’s been 2 years, but a new version of sqlninja is out at Sourceforge, we wrote about the previous release back in 2008 and we’ve actually been following this tool since 2006! Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide an interactive access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered. Features Fingerprint...

Read More

FOCA – Network Infrastructure Mapping Tool

FOCA 2 has a new algorithm which tries to discover as much info related to network infrastructure as possible. In this alpha version FOCA will add to the figured out network-map, all servers than can be found using a recursive algorithm searching in Google, BING, Reverse IP in BING, Well-known servers and DNS records, using an internal PTR-Scaning, etc To configure this algorithm you can use the new DNS Search panel and the info extracted will be showed up in three panels: Domains IP addresses PC/Servers ...

Read More

WhatWeb – Next Gen Web Scanner – Identify CMS (Content Management System)

Identify content management systems (CMS), blogging platforms, stats/analytics packages, javascript libraries, servers and more. When you visit a website in your browser the transaction includes many unseen hints about how the webserver is set up and what software is delivering the webpage. Some of these hints are obvious, eg. “Powered by XYZ” and others are more subtle. WhatWeb recognises these hints and reports what it finds. WhatWeb has over 80 plugins and needs community support to develop more. Plugins can identify systems with obvious signs removed by looking for subtle clues. For...

Read More

Vicnum – Lightweight Vulnerable Web Application

Vicnum is a flexible and vulnerable web application which demonstrates common web security problems such as cross site scripting, sql injections, and session management issues. The program is especially useful to IT auditors honing web security skills and setting up ‘capture the flag’ type exercises. Being a small web application with no complex framework involved, Vicnum can easily be invoked and tailored to meet a specific need. For example if a test vulnerable application is needed in evaluating a web security scanner or a web application firewall, you might want to control a target web application...

Read More

SAHI – Web Automation & Application Security Testing Tool

Sahi is an automation tool to test web applications. Sahi injects javascript into web pages using a proxy and the javascript helps automate web applications. Sahi is a tester friendly tool. It abstracts out most difficulties that testers face while automating web applications. Some salient features include excellent recorder, platform and browser independence, no XPaths, no waits, multi-threaded playback, excellent Java interaction and inbuilt reporting. Features Browser and Operating System independent Powerful recorder which works across browsers Powerful Object Spy Intuitive and simple...

Read More

WebRaider – Automated Web Application Exploitation Tool

WebRaider is a plugin based automated web application exploitation tool which focuses to get a shell from multiple targets or injection point Idea of this attack is very simple. Getting a reverse shell from an SQL Injection with one request without using an extra channel such as TFTP, FTP to upload the initial payload. It’s only one request therefore faster, Simple, you don’t need a tool you can do it manually by using your browser or a simple MITM proxy, Just copy paste the payload, CSRF(able), It’s possible to craft a link and carry out a CSRF attack that will give you a reverse shell, It’s...

Read More

Vicnum – Lightweight Vulnerable Web Application

Vicnum is a flexible and vulnerable web application which demonstrates common web security problems such as cross site scripting, sql injections, and session management issues. The program is especially useful to IT auditors honing web security skills and setting up ‘capture the flag’ type exercises. Being a small web application with no complex framework involved, Vicnum can easily be invoked and tailored to meet a specific need. For example if a test vulnerable application is needed in evaluating a web security scanner or a web application firewall, you might want to control a target web application...

Read More

skipfish – Automated Web Application Security Reconnaissance Tool

The safety of the Internet is of paramount importance to Google, and helping web developers build secure, reliable web applications is an important part of the equation. To advance this goal, Google has released projects such as ratproxy, a passive security assessment tool. The latest is they have announced a new tool called skipfish – a free, open source, fully automated, active web application security reconnaissance tool. Key Features High speed: written in pure C, with highly optimized HTTP handling and a minimal CPU footprint, the tool easily achieves 2000 requests per second with...

Read More

x5s – Automated XSS Security Testing Assistant

x5s is a Fiddler add-on which aims to assist penetration testers in finding cross-site scripting vulnerabilities. It’s main goal is to help you identify the hotspots where XSS might occur by: Detecting where safe encodings were not applied to emitted user-inputs Detecting where Unicode character transformations might bypass security filters Detecting where non-shortest UTF-8 encodings might bypass security filters It injects ASCII to find traditional encoding issues, and it injects special Unicode characters and encodings to help an analyst identify where XSS filters might be bypassed. The...

Read More

fimap – Remote & Local File Inclusion (RFI/LFI) Scanner

fimap is a little python tool which can find, prepare, audit, exploit and even google automatically for local and remote file inclusion bugs in webapps. fimap is similar to sqlmap just for LFI/RFI bugs instead of sql injection. It is currently under heavy development but it’s usable. Features Check a Single URL, List of URLs, or Google results fully automatically. Can identify and exploit file inclusion bugs. Test and exploit multiple bugs Has an interactive exploit mode Add your own payloads and patches to the config.py file. Has a Harvest mode which can collect URLs from a given domain for...

Read More

WAFP – Web Application Finger Printing Tool

WAFP is a Web Application Finger Printer written in ruby using a SQLite3 DB. How it works? WAFP fetches the files given by the Finger Prints from a webserver and checks if the checksums of those files are matching to the given checksums from the Finger Prints. This way it is able to detect the detailed version and even the build number of a Web Application. In detail? A Web Application Finger Print consits of a set of relative file locations in conjunction with their md5sums. It is made based on a production or example installation of a Web Application or just out of an extracted Web Application...

Read More

Groundspeed 1.1 – Web Application Security Add-on For Firefox

Groundspeed is an open-source Firefox extension for web application security testers presented at the OWASP AppSec DC 2009. It allows you to manipulate the web application’s user interface to eliminate annoying limitations and client-side controls that interfere with the web application penetration test. What can I do with Groundspeed? Groundspeed allows you to modify the forms and form elements loaded in the page. Some practical uses include: Changing the types of form fields, for example you can change hidden fields into text fields so you can easily edit their contents. Quickly removing...

Read More

SecuBat – Modular Web Vulnerability Scanner

As the popularity of the web increases and web applications become tools of everyday use, the role of web security has been gaining importance as well. The last years have shown a significant increase in the number of web-based attacks. For example, there has been extensive press coverage of recent security incidences involving the loss of sensitive credit card information belonging to millions of customers. Typical web application security vulnerabilities result from generic input validation problems. Examples of such vulnerabilities are SQL injection and Cross-Site Scripting (XSS). Although...

Read More

SWFScan – Free Flash Application Security Scanner

HP SWFScan is a free tool developed by HP Web Security Research Group, which will automatically find security vulnerabilities in applications built on the Flash platform. HP is offering SWFScan because: Their research shows that developers and increasingly implementing applications built on the Adobe Flash platform without the required security expertise. As a result, they are seeing a proliferation of insecure applications being deployed on the web. A vulnerable application built on the Flash platform widens your website’s attack surface creating more opportunity for malicious hackers. How...

Read More

Websecurify – Web Security Testing Framework

Websecurify is a web and web2.0 security initiative specializing in researching security issues and building the next generation of tools to defeat and protect web technologies. Key Features JavaScript – Websecurify Security Testing Framework is the first tool of its kind to be written entirely in JavaScript using only standard technologies adopted by the leading browsers. Multiple Environments – The core technology can run in normal browsers, xulrunner, xpcshell (command line), inside Java or as part of a custom V8 (Chrome’s JavaScript Engine) build. The core is written with extensibility...

Read More

Nikto 2.1.0 Released – Web Server Security Scanning Tool

For those that don’t know, Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired). Nikto is not designed as an overly stealthy tool. It will test a web server in the shortest timespan possible, and it’s fairly obvious in log files. However, there is support for LibWhisker’s anti-IDS methods in case you...

Read More

Yokoso! – Web Infrastructure Fingerprinting & Delivery Tool

Yokoso! is a project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications. One of the most common questions we hear is “so what can you do with XSS?” and we hope that Yokoso! answers that question. We will creating JavaScript and Flash objects that are able to be delivered via XSS attacks. These code payloads will contain the fingerprinting information used to map out a network and the devices and software it contains. In basic terms Yokoso! is a collection of infrastructure...

Read More

Binging (BETA) – Footprinting & Discovery Tool (Google Hacking)

It’s been a while since I’ve seen a tool of this type, back in the heydays of Google Hacking (which became the generic term for information gathering via search engines) there were multiple tools such as Gooscan and Goolag. Binging is a simple tool to query Bing search engine. It will use your Bing API key and fetch multiple results. This particular tool can be used for cross domain footprinting for Web 2.0 applications, site discovery, reverse lookup, host enumeration etc. One can use various different directives like site, ip etc. and run queries against the engine. On top of it tool provides...

Read More

hostmap 0.2 – Automatic Hostname & Virtual Hosts Discovery Tool

hostmap is a free, automatic, hostnames and virtual hosts discovery tool written in Ruby, licensed under GNU General Public License version 3 (GPLv3). Its goal is to enumerate all hostnames and configured virtual hosts on an IP address. The primary users of hostmap are professionals performing vulnerability assessments and penetration tests. hostmap helps you using several techniques to enumerate all the hostnames associated with an IP address. Features DNS names and virtual hosts enumeration Multiple discovery techniques, to read more see documentation. Results correlation, aggregation and...

Read More

FindDomains v0.1.1 Released – Discover Domains/Sites/Hosts

FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses. Provides a console interface so you can easily integrate this tool to your pentest automation system. It retrieves domain names/web sites which are located on specified ip address/hostname. In order to use FindDomains you need to: Create an appid from “Bing Developers” at this link. It’ll be like that : 32AFB589D1C8B4FEC73D4BCB6EA0AD810E0FA2C7 When you have registered an appid, enter...

Read More

sqlmap 0.7 Released – Automatic SQL Injection Tool

For those not familiar with the tool, sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specified DBMS tables/columns, run his own SQL statement, read or write either text or binary...

Read More

Slowloris – HTTP DoS Tool in PERL

This tool has been hitting the news, including some mentions in the SANS ISC Diary. It’s not actually a new attack (it’s been around since 2005) but this is the first time a packaged tool has been released for the attack. Slowloris holds connections open by sending partial HTTP requests. It continues to send subsequent headers at regular intervals to keep the sockets from closing. In this way webservers can be quickly tied up. In particular, servers that have threading will tend to be vulnerable, by virtue of the fact that they attempt to limit the amount of threading they’ll allow. Slowloris...

Read More

Watcher – Passive Analysis Tool For HTTP Web Applications

Watcher is a run time passive-analysis tool for HTTP-based Web applications. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads, cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more. Major Features: Passive detection of security, privacy, and PCI compliance issues in HTTP, HTML, Javascript, and CSS Works seamlessly with complex Web 2.0 applications while you drive the Web browser Non-intrusive,...

Read More

Durzosploit v0.1 – JavaScript Exploit Generation Framework

Durzosploit is a JavaScript exploit generation framework that works through the console. This goal of that project is to quickly and easily generate working exploits for cross-site scripting vulnerabilities in popular web applications or web sites. Please note that Durzosploit does not find browser vulnerabilities, it only is an framework containing exploits you can use. At present there aren’t many exploits: twitter.com/update_status – Updates a target’s status twitter.com/update_settings – Updates your target’s settings facebook.com/what_is_on_your_mind...

Read More

Pangolin – Automatic SQL Injection Tool

Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more. Database Support Access:...

Read More

BugSpy – Crawls The Web For Open Source Software Bugs

BugSpy is an interesting web site I came across recently, put together using a Python Framework (django) it aggregates bugs from as many open source projects as it can find. Preferably critical bugs. You can search by tag (e.g java, email or php ) or by product name (e.g Ubuntu, Typo3 or Samba). http://bugspy.n...

Read More

Webtunnel 0.0.2 – HTTP Encapsulation and Tunnel Tool

Webtunnel is a network utility that encapsulates arbitrary data in HTTP and transmits it through a web server. In that regard, it is similar to httptunnel, however, it has several key important differences: its server component runs in the context of a web server as a CGI application (with optional FastCGI support) so it does not need its own port, and supports most things that the web server supports, such as authentication, HTTP 1.1, HTTPS, and client certificates; it uses simple requests and responses so it works seamlessly through forward and reverse proxies; it is multi-threaded (actually...

Read More

WMAT Released – Web Mail Auth Tool For Testing Web Mail Logins

WMAT is Web Mail Auth Tool that provide some essential functions for testing web mail logins, written in python with support of pyCurl. How it works? It is very simple, You give WMAT file with usernames, file with passwords, URL of web mail app and chose pattern for attack. Patterns are XML files that define post/get fields, http method, referer, success tag, etc … for each web mail applications. There are currently patterns for horde, squirrelmail, kerio and mdaemon web mail. The XML pattern files look like this: --- horde.wmat.xml --- <xml version='1.0' encoding='UTF-8'> <data> <username>horde_user</username> <password>horde_pass</password> <action_url>login.php</action_url> <success>sidebar.php</success> <method>post</method> <useragent></useragent> <referer></referer> <additional_fields></additional_fields> <author>ivan.markovic@netsec.rs</author> </data> -----------------------The...

Read More

Webshag 1.10 Released – Free Web Server Audit Tool

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing. You may remember back in March 2008 we published about Webshag 1.00 being released. Now Webshag 1.10 has been released! This new version provides several feature enhancements as well as some bug-fixes. Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication (Basic and Digest). In addition to that it proposes innovative IDS evasion functionalities...

Read More

sqlsus 0.2 Released – MySQL Injection & Takeover Tool

sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface that mimics a mysql console, you can retrieve the database structure, inject a SQL query, download files from the web server, upload and control a backdoor, and much more… It is designed to maximize the amount of data gathered per web server hit, making the best use of MySQL functions to optimize the available injection space. sqlsus is focused on PHP/MySQL installations, and integrates some neat features, some of them being really specific to this DBMS. It is not and won’t ever be a SQL...

Read More

ProxyStrike v2.1 Released – Active Web Application Proxy Tool

ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so we came with this proxy. Right now it has available SQL injection and XSS modules. Both modules are designed to catch as many vulnerabilities as we can, it’s that why the SQL Injection module is a Python port of the great DarkRaver “Sqlibf”. The process is very simple, ProxyStrike runs like a passive...

Read More