Webtunnel 0.0.2 – HTTP Encapsulation and Tunnel Tool

Webtunnel is a network utility that encapsulates arbitrary data in HTTP and transmits it through a web server. In that regard, it is similar to httptunnel, however, it has several key important differences: its server component runs in the context of a web server as a CGI application (with optional FastCGI support) so it does not need its own port, and supports most things that the web server supports, such as authentication, HTTP 1.1, HTTPS, and client certificates; it uses simple requests and responses so it works seamlessly through forward and reverse proxies; it is multi-threaded (actually multi-process using sockets for inter-process communication) to allow multiple parallel connections to multiple destinations simultaneously.

It’s written in Perl and currently supports the tunneling of TCP connections. Future plans include implementations in different languages, mixed tunneling of UDP and pipes (so you can tunnel directly to a shell etc.), configuration features such as access control lists, and transmission options like compression and encryption.

You can download Webtunnel 0.0.2 here:
webtunnel-0.0.2.tgz

Read More

WMAT Released – Web Mail Auth Tool For Testing Web Mail Logins

WMAT is Web Mail Auth Tool that provide some essential functions for testing web mail logins, written in python with support of pyCurl.
How it works?
It is very simple, You give WMAT file with usernames, file with passwords, URL of web mail app and chose pattern for attack. Patterns are XML files that define post/get fields, http method, referer, success tag, etc … for each web mail applications.
There are currently patterns for horde, squirrelmail, kerio and mdaemon web mail.
The XML pattern files look like this:

--- horde.wmat.xml ---
<xml version='1.0' encoding='UTF-8'>
<data>
<username>horde_user</username>
<password>horde_pass</password>
<action_url>login.php</action_url>
<success>sidebar.php</success>
<method>post</method>
<useragent></useragent>
<referer></referer>
<additional_fields></additional_fields>
<author>ivan.markovic@netsec.rs</author>
</data>
-----------------------

The author of WMAT requests for help from the community with the patterns, the author of the pattern will be credited in the author field of the XML file.
There are some more options like setting timeout (time between each request), bell on success and option for writing output in file. More can be seen in the Readme file here.
For future versions the following additions are planned:

• using a proxy
• special addon for generation of usernames/passwords
• automatic recognizer of web app

You can download WMAT here:
wmat.zip
Python source.

Read More

Webshag 1.10 Released – Free Web Server Audit Tool

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.
You may remember back in March 2008 we published about Webshag 1.00 being released. Now Webshag 1.10 has been released! This new version provides several feature enhancements as well as some bug-fixes.
Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication (Basic and Digest). In addition to that it proposes innovative IDS evasion functionalities aimed at making correlation between request more complicated (e.g. use a different random per request HTTP proxy server).
It also provides innovative functionalities like the capability of retrieving the list of domain names hosted on a target machine and file fuzzing using dynamically generated filenames (in addition to common list-based fuzzing).
Webshag URL scanner and file fuzzer are aimed at reducing the number of false positives and thus producing cleaner result sets. For this purpose, webshag implements a web page fingerprinting mechanism resistant to content changes. This fingerprinting mechanism is then used in a false positive removal algorithm specially aimed at dealing with “soft 404″ server responses.
Requirements
To be fully functional, Webshag requires the following elements:

• Python 2.5 or Python 2.6 (NOT compatible with Python 3.0)
• wxPython 2.8.9.0 (or greater) GUI toolkit
• Nmap port scanner (for port scanning module only)
• A valid Live Search AppID (for domain information module only)

Just like the previous version, Webshag 1.10 is freely available (GPL license) for Linux and Windows platforms.
You can download Webshag 1.10 here:
Linux – ws110.tar.gz
Windows – ws110.zip
Windows (installer) – ws110_win32installer.zip
User Manual (EN) – ws110_manual.pdf

Read More

sqlsus 0.2 Released – MySQL Injection & Takeover Tool

sqlsus is an open source MySQL injection and takeover tool, written in perl.
Via a command line interface that mimics a mysql console, you can retrieve the database structure, inject a SQL query, download files from the web server, upload and control a backdoor, and much more…
It is designed to maximize the amount of data gathered per web server hit, making the best use of MySQL functions to optimize the available injection space.
sqlsus is focused on PHP/MySQL installations, and integrates some neat features, some of them being really specific to this DBMS.
It is not and won’t ever be a SQL injection scanner, it starts its job on the next step.
Both quoted and numeric injections are supported.
All quoted texts can be translated as their hex equivalent (eg : “sqlsus” will become 0x73716c737573)
sqlsus also supports these 2 scenarios of injection :

• sighted : the result of the request will be in the HTML returned by the web server
• blind : when you can’t see the result of the request directly

Support for GET and POST parameters injections.
Support for HTTP proxy and HTTP simple authentication.
Full logging support of your queries and the answers, allowing you to recall a command and its cached answer, even in a later re-use of the session.
Key variables can be edited on the fly, saved per session, and can be loaded in a later session on the same target server.
Requirements
On a Debian system, in addition to perl, you will need the following packages :

• libterm-readline-perl-perl
• libipc-shareable-perl
• libwww-mechanize-perl

It also requires previous SQL injection knowledge, and.. well.. a brain helps.
You can download sqlsus 0.2 here:
sqlsus-0.2.tgz

Read More

ProxyStrike v2.1 Released – Active Web Application Proxy Tool

ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so we came with this proxy.
Right now it has available SQL injection and XSS modules. Both modules are designed to catch as many vulnerabilities as we can, it’s that why the SQL Injection module is a Python port of the great DarkRaver “Sqlibf”.
The process is very simple, ProxyStrike runs like a passive proxy listening in port 8008 by default, so you have to browse the desired web site setting your browser to use ProxyStrike as a proxy, and ProxyStrike will analyze all the paremeters in background mode. For the user is a passive proxy because you won’t see any different in the behaviour of the application, but in the background is very active.
Features

• Plugin engine (Create your own plugins!)
• Request interceptor
• Request diffing
• Request repeater
• Automatic crawl process
• Save/restore session
• HTTP request/response history
• Request parameter stats
• Request parameter values stats
• Request URL parameter signing and header field signing
• Use of an alternate proxy (tor for example)
• Attack logs
• Export results to HTML or XML
• SQL attacks (plugin)
• Server Side Includes (plugin)
• XSS attacks (plugin)

You can download ProxyStrike v2.1 here:
ProxyStrike-v2.1.zip (Windows)
proxystrike-2.1.tar.bz2 (Linux)

Read More